Policy Architected Data Center - Cisco...• A ‘MetaModel’ used to define IT Services ... Cisco...
Transcript of Policy Architected Data Center - Cisco...• A ‘MetaModel’ used to define IT Services ... Cisco...
Policy Architected Data Center Defined by Applications. Driven by Policy. Delivered as a Service.
Marty Ma Technical Solution Architect, Data Center and Cloud Cisco Greater China xArchitecture Team
Cisco and/or its affiliates. All rights reserved. Cisco Public
Data Center and Cloud – Top Challenges Business Expectations in the Digital Era
Disruptive
Business Models
Less than 1% have
Optimized Cloud
Strategy
Promise of Cloud
Opportunities
Mobile Social
Cloud
Economics.
Faster Services
Rollout
Address Pace of
Change
60% of data stolen
within first few hours
of attack
Increased Security
Threats
Protect Privacy and
Reputation
2X Data growth /18
mos., Application
growth / 2 years
Data and
Application
Explosion!
10101
Better and Faster
Decisions
Shadow IT
Cloud
DevOps
Flat IT budgets
Manage IT
Change
Big Data / Analytics
Cloud-Scale Apps
New Application
Architectures
10101
Mobile Social
Cloud
Securing Data
Within DC and
Across Clouds
Security and
Compliance
Deliver IT-as-a-
Service Consistently
Across Public and
Private Clouds
Cloud Strategy
“Bi-Modal IT” Hybrid Clouds Pervasive Security Data Insights
Cisco and/or its affiliates. All rights reserved. Cisco Public
What Is “Bi-Modal IT”?
Think
Sprinter
Think
Marathon
Runner
Cisco and/or its affiliates. All rights reserved. Cisco Public
“Mode 1” Apps @ “Mode 2” DC Infra = Availability Challenge
“Mode 2” Apps @ “Mode 1” DC Infra = Resource optimization & Scale Challenge
Bi-Modal
IT
Cisco and/or its affiliates. All rights reserved. Cisco Public
We Are at the Beginning of a Major Shift
Consolidation
Virtualization
IT as a
Service
Hybrid
Cloud
Traditional
Data Center
Automation
Adoption Curve
Efficiency
Connected Experiences
Simplicity
Agility
Standardization
Distributed Cloud
Data Center
The IoE Era
IaaS | PaaS | SaaS | XaaS
We are here
2000
2000 2008 2015 The Next 5+ years
Cisco and/or its affiliates. All rights reserved. Cisco Public
Automation != MicroManagement
Netw
ork
Ad
m
Update
Trunks
Create
VLANs
Configure
SAN Zoning
Create UCS
Service Profiles
Create
Network Policies
Serv
er
Ad
min
s
Configure
Servers
Bare metal
Provisioning
Setup
Servers
Add VLAN to
Service Profile
Create
VLAN
Create Storage
Resources
(LUNs
and Volumes)
Sto
rag
e Add vFilers
to Group
Create
vFilers
Create
IP space
UCS Blade
Power On
Create
Storage Policy
Map
NetApp LUN
Add Users
and Groups
IT
Planning
Approvals Define
Cost Models
Bu
sin
es
s
Ap
plic
atio
n
Re
qu
irem
en
ts
1
2
3
4
5
6 Challenges:
Manual processes
Complex handoffs between
teams and domains
Static resource allocation
Business Outcome:
Days/weeks/months to
deploy IT services
High operational cost
Rigid silos
Infrastructure inefficiency and under utilization
Cisco and/or its affiliates. All rights reserved. Cisco Public
Would a Software Only Overlay Suffice?
• Increased Agility For Virtual Devices –
Faster configuration and provisioning of virtual
devices
• Partial Solution – Embedded support only for
virtual devices
• Operational Complexity – Two networks
• No Traffic Visibility – Limited troubleshooting
• Limited Scale – Centralized gateways,
sub-optimal traffic flow Physical and Virtual Resources
Overlay - Virtual Devices
Physical Resources
Two Networks
Advantage
Disadvantage
Gateway
Cisco and/or its affiliates. All rights reserved. Cisco Public
Abstraction, the Real Objective of “SDN” How to Avoid “Death by MicroManagement” ?
Cisco and/or its affiliates. All rights reserved. Cisco Public
Infrastructure Layer with Domain Controllers
Complexity
Summary
Network Language
Business Language Domain Controller
Cisco and/or its affiliates. All rights reserved. Cisco Public
Orchestrate the Abstraction, rather than Implementation
11
Physical Infrastructure Physical Infrastructure
Compute Storage Network
Infrastructure Abstraction Layer
Domain Controller (Management and Orchestration)
Policy Template
Application
Logical Architecture
Cisco and/or its affiliates. All rights reserved. Cisco Public
Automation via Policy
On-Demand
Automated Delivery
Policy-Driven
Provisioning
Secure Cloud
Container
VMs Compute Network Storage
Infrastructure
Automation and
Management
Domain Managers
OS and
Virtual
Machines
Storage
Network
Compute
Tenant
B Tenant
C Tenant
A
Virtualized and Bare-Metal
Compute and Hypervisor
B C A
Network and Services
VM VM Bare Metal
Single Pane of Glass
End-to-End
Infrastructure
Automation and
Lifecycle Management
Cisco and/or its affiliates. All rights reserved. Cisco Public 13
Policy – what do we mean?
Compute Cloud Network
Policy Policy Policy
Cisco and/or its affiliates. All rights reserved. Cisco Public
Topology and Orchestration Spec for Cloud Applications
14
• A ‘MetaModel’ used to define IT Services
• Use template to represent a service as a directed graph
• XML/JSON based description for each components/capabilities in the template provide consistent view from application level all the way down to infrastructure orchestration
Cisco and/or its affiliates. All rights reserved. Cisco Public
Policy – Empowers Cohesiveness as DC Infrastructure Evolves
15
2009 2014 2008
Consolidation Virtualization Automation Enabling
the Intercloud
LAN SAN
Network
Compute Storage Access
Network
Apps Policy
Today
Policy
Policy
RAPID APPLICATION EVOLUTION
Policy
UCS
ACI
Nexus
Hybrid Cloud
Policy
Policy
Policy
Cisco and/or its affiliates. All rights reserved. Cisco Public
Policy – Linking the Application Language to Infrastructure
16
Network Language
Compute Language
Security Language
Application Language
• Multi-Tier / DevOps
• Security & Compliance
• SLA
• Performance
• Compliance
• High-Availability
Decouple
Application AND
Policy from underlying infrastructure
Infrastructure
Common
Policy
App
Network
Profile
UCS
Service
Profile
Cisco and/or its affiliates. All rights reserved. Cisco Public
Cisco ACI The Most Complete Solution for Our Customers
17
Automation through Common Policy
Physical, Virtual & Containers
Open, Standards-Based & Secure Application Centric
Infrastructure
Cisco and/or its affiliates. All rights reserved. Cisco Public
Cisco ACI Complements, Enhances, and/or Replaces Any SDN Offering
18
Bare Metal Applications
Virtualized Applications
Optional Software Overlay
Foundation:
Nexus or ACI
Cisco and/or its affiliates. All rights reserved. Cisco Public
Pillars of ACI Rapid Deployment of Application onto Open Networks with Scale, Security, and Full Visibility
19
Industry Leading
Partnerships
Application Centric Policy Open Ecosystem ACI Fabric/Nexus 9000
Application Centric Infrastructure
Cisco and/or its affiliates. All rights reserved. Cisco Public
Application Centric Infrastructure Fabric
20
“Users” “Files”
ACI Fabric
Logical Endpoint Groups by
Role
Heterogeneous clients, servers,
external clouds; fabric controls
communication
Every device is one hop away, microsecond
latency, no power or port availability
constraints, ease of scaling
Flexible Insertion
ACI Controller manages all
participating devices, change control
and audit capabilities
Unified Management and Visibility
Fabric Port Services
Hardware filtering and bridging; default
gateway; seamless service insertion,
“service farm” aggregation
Flat Hardware Accelerated
Network
Full abstraction, de-coupled from
VLANs and Dynamic Routing, low
latency, built-in QoS
Cisco and/or its affiliates. All rights reserved. Cisco Public
Application Centric Policy
Subject Matter Experts Define Policies
1
Network SME
Security SME
Application SME
2
Policies Used To Create Application Network Profile Templates
3 Automated policy configuration across the infrastructure
Life cycle management for day 1, day 2 operations
4
Multi DC WAN and Cloud
Storage L4–L7 Services
Compute Physical Networking
Hypervisors and Virtual Networking
Hypervisors and Virtual Networking
Physical Networking
Compute L4–L7 Services
Storage Multi DC WAN and Cloud
Cisco and/or its affiliates. All rights reserved. Cisco Public
ACI Vision: Scale, Security, and Full Visibility
Physical Networking
Compute L4–L7 Services
Storage Hypervisors and Virtual Networking
Multi DC WAN and Cloud
Enabled by physical and virtual integration
Tenant Application
2
0
Cisco and/or its affiliates. All rights reserved. Cisco Public
Open Enables Choices and Investment Protection
Hyper-Agility
Security &
Governance
Biz. Insights
Security &
Services
Open Infra.
Northbound Partners
APIC
Systems Management
DevOps
Analytics
Southbound Partners
Enterprise Monitoring
Orchestration Frameworks
L4-L7 Services
Fabric Attached Devices
Cisco and/or its affiliates. All rights reserved. Cisco Public
Data Centers Built on Open Architectures
Open Source
UCS ACI Inter-
cloud
OpFlex NSH VXLAN
RESTful APIs ( XML)
(JSON)
Open Standards
Open Ecosystem Open Interfaces
Cisco and/or its affiliates. All rights reserved. Cisco Public
An Open Ecosystem Approach
25
Cisco and/or its affiliates. All rights reserved. Cisco Public
ACI Delivers Secure Multi-Tenancy at Scale Automated Protection to Cover the Attack Continuum
CENTRALIZED
AUTOMATION
Audit, Detect, Mitigate
EMBEDDED IN ACI INVESTMENT PROTECTION
FirePOWER Now Integrated with ACI
Validated for Deployment in PCI Compliant Networks
POLICY DRIVEN
Physical & Virtual
Cisco and/or its affiliates. All rights reserved. Cisco Public
ACI Enables Segmentation Based on Business Needs
27
Level of Segmentation/Isolation/Visibility
VLAN 1 VXLAN 2
VLAN 3
Network centric
Segmentation by
VLAN
DEV
TEST
PROD
Segment by
Application
Lifecycle
PRODUCTIO
N POD DMZ
SHARED
SERVICES
Basic DC
Network
Segmentation
Per Application-tier
/
Service Level
Micro-
Segmentation
WEB
APP
DB
Cisco and/or its affiliates. All rights reserved. Cisco Public
Cisco Policy Architected Data Center
28
Cisco and/or its affiliates. All rights reserved. Cisco Public
Cisco Data Center: Accelerate Digital Transformation
29
POLICY-Architected
DATA CENTER
Intercloud Ready Get Secure Workload Mobility
with Any Cloud
APP
APP
APP
APP
APP
Edge Ready Bring Your Data Center Closer to
IoE/IoT, Remote Branches with
Distributed Analytics
Optimized for Bi-Modal IT Automated | Simple | Secure
Network and Policy Drive the End-to-End Digital Experience