Shape Your Business For the Future: Powering ... · Security Management Tools Operational Readiness...

© 2012 Cisco and/or its affiliates. All rights reserved. 1 © 2012 Cisco and/or its affiliates. All rights reserved. 1

Shape Your Business For the Future:

Powering Transformation With Cisco Building a Secure Virtualized Cloud Infrastructure

Amy Chan, Systems Development Unit, Cisco Systems 15 May 2012


Agenda

Building a Secure Virtualized Cloud Infrastructure

Case Study: Cisco CITEIS Data Center Virtualization Transformation


Cisco Validate Design Process Innovation and Quality Through System Level Design and Validation

System

Development

Fundamentals

System Development Guidelines

Planning Design End-To-End Validation Documentation

Un

it

Feat

ure

Inte

grat

ion

Syst

em

Cu

sto

mer

www.cisco.com/go/designzone


VMDC – Cloud Blueprint for the Unified Data Center Foundation for Cloud Applications and Services

IaaS PaaS SaaS And

More…

VMDC the Unified Data Center

Reference Architecture Private

Public Hybrid

Community

Simplify Operations Maximize ROI Accelerate Time to

Deployment

vPrivate


Building a Secure Virtualized Cloud Infrastructure Key Considerations

Service Orchestration Dynamic application and reuse of resources

Automated service orchestration and fulfillment Integration with Network Containers

Rapid Self Service IT

High Availability Carrier Class Availability

Platform/Network/Hardware/Software Resiliency Minimize the probability and duration of incidents

Focus on your business, not fighting fires

Differentiated Service Support Design logical models around use cases

Services-oriented framework Combines compute/storage/network

Resources are applied and tuned to meet needs

Modularity Pod based design

Scalability framework for manageable increments Predictable physical and cost characteristics

Streamline Turn-up of New Services

Secure Multi-tenancy

Shared Physical Infrastructure Tenant Specific Resources

Use Cases Comply with business policies


Internet

Partners

Subscriber “A” Application 1

Subscriber “B” Application 1

Subscriber “A” Application 2


App 1

App 1

App 2

App 2

7600 CRS ASR9k ASR1k

Nexus 7000 Cat 6500 VSS (as Services Chassis) ASA appliance FW and VPN

Nexus 5000 N2k

Rack Servers UCS B-Series, C-Series

Nexus 1000v VSG

SAN Switches MDS ( VMDC 1.X) Consolidated Storage Arrays (EMC, NetApp etc.)

Application Software

Virtual Machine

Virtual Access

Access Services Core/Agg.

Peering Backbone

VMWare Vsphere 4 ESXi 4

Storage & SAN

Compute

Cisco and Third-Party Applications

10G Ethernet 10G FCoE 4G FC 1G Ethernet VM to vSwitch vSwitch to HW App to HW / VM Int. Compute Stack

ACE

FW

App

OS

App

OS

App

OS

App

OS

App

OS

App

OS

App

OS

App

OS

App

OS

App

OS

App

OS

App

OS

App

OS

App

OS

App

OS

App

OS

App

OS

App

OS

App

OS

App

OS

App

OS

App

OS

App

OS

App

OS

App

OS

App

OS

App

OS

App

OS

App

OS

App

OS

WAN/ IP-NGN


App 3

L2, L3 MPLS Internet

FW & Remote VPN

Example: IaaS Cloud Services Solution Architecture An End-End Systems Approach


Journey to IT Delivered As a Service Technology Adoption

Consolidate Assets

Virtualize the Environment

Automate Service Delivery

Standardize Operations

Increased Agility, Efficiency and Simplicity

Increased Cloud Readiness

High Availability Networking

Optimize the WAN

Unify Networks

VM to Network Link

Deploy Multi-Tenancy

Deploy Integrated Compute and

Storage

Business Continuance, VM

Mobility

Self-Service Provisioning

Deploy Unified Computing

Automated Provisioning

Secure the Data Center

Cloud Bursting


The Challenge: Predictably grow my Data Center

The Solution • Point of Delivery

(POD)

Integrated Compute Stack

Compute Storage Network



Service Appliances

Data Center Services Node

PoD

Point of Delivery (PoD) Architectural consistency

through a modular approach

• Modular, tiered construct consisting of groupings of integrated compute stacks plus storage and networking infrastructure

• A single Pod can be deployed and operated by itself or connected together to other Pods to achieve scale

• VMDC validates 2 styles of Pods: Compact and Large

Benefits • Simplified capacity planning • Ease of new technology adoption • Consistent and efficient operation


The Challenge: Predictably scale my Data Center

The Solution • PoD replication

Benefits • Optimize CAPEX savings while maintaining SLAs • Predicable performance and scale based on building blocks • Effective way to add separate application environments





Service Appliances


PoD





Service Appliances


PoD

Key Factors to Consider

• L2 Scale - Virtual Machine Density, VMNics per VM, MAC Address Capacity,

• Cluster Scale, ARP Table Size, VLAN scale, Port Capacity, Logical Failure Domains L2 Control Plane

• L3 Scale – BGP Peering, HRSP Interfaces, VRF Instances, Routing Tables and Convergence, Services

• Resource Oversubscription – Network Compute, and Storage Oversubscription, Bandwidth per VM


The Challenge: Securely separate my tenants

The Solution • Tenant container

service abstraction

and right sizing

Benefits • End to end secure separation across the data center • Overlapping IP addresses are allowed • Automation tools to simplify deployment

WAN

L2

L3

L3

L3

Layer 2 Trunks

Layer 2 Trunks

HSRP/L3 Gateway

Web

Data base

App

Web

Data base

App

Web

Data base

App

Core

Aggregation

WAN Edge SiSiSiSi

• Built upon tradition infrastructure security

• Defense in Depth per Tenant (front end ASA, back end VSG)

• VRF-lite implemented at core and aggregation layers provides per tenant isolation at L3

• Separate dedicated per-tenant routing and forwarding tables insuring that no inter-tenant (server to server) traffic within the data center will be allowed, unless explicitly configured

• VLAN IDs and the 802.1q tag provide isolation and identification of tenant traffic across the L2 domain

• Compute Separation (vNICs, VLANs, Port Profiles)

• Storage Separation (Cluster File System Mgmt, VSAN and FC Zoning, LUN Masking, vFilers)

• Application Tier (Network Centric, Logical and Physical segmentation with L2/L3 firewalling and security zoning)


The Challenge: Ensure high availability

The Solution • End to end HA

architecture

Benefits • Maximize infrastructure uptime • Comprehensive end to end architecture • Focus on your business, not fighting fires

• Redundant links, nodes and paths, end to end plus:

• L2 Redundancy – ❶vPCs, ❷ MEC, and ❸MAC-pinning

• L3 Redundancy - ❹HSRP, Non-stop forwarding, non-stop routing, LDP sync, MPLS graceful restart

• Compute Redundancy - ❺ UCS end host mode, others (N1KV and MAC-pinning, Active/Standby Redundancy, Intra-Cluster HA)

• Storage Redundancy –❻FC port channeling, multi-pathing software from VMware or SAN vendor

• Services Redundancy – ❼ ASA, ACE redundancy

• Routing Protocol Redundancy - BGP, OSPF

Compute NAS SAN

Data Center

Access

Services

Aggregation

Core

❸

❷

❶

❹

❺ ❻

❼


The Challenge: Service Levels and Multimedia Apps

The Solution • Quality of Service

Benefits • Supports applications with differing latency requirements • Provides end to end QoS • Supports QoS across hybrid public/private domains

• Define low latency traffic classes in this new multimedia service tier (i.e., VoIP bearer and video conference) are characterized by three metrics - bandwidth, delay, and availability.

• Support QoS across hybrid public/private domains

• Traffic Classification and Marking - ❶It is a general best practice to mark traffic at the source-end system or as close to the traffic source as possible in order to simplify the network design.

• Hierarchical QoS for Multi-Tenancy

• Queuing, Scheduling, and Dropping – accounts for differences in queuing structures

• Shaping and Policing

Compute NAS SAN

Data Center

Access

Services

Aggregation

Core

❶

❶


The Challenge: Where do I start? Example of Tenancy Models

The Solution • Sample tenant

containers

Benefits • Quickly and securely onboard similar tenants • Covers different levels of network services for a variety of needs • Addresses varying security, QoS, and other requirements • Solutions available to automate the process

Silver Gold Palladium Expanded Bronze

L2

L3

FW

LB

LB

Public Zone

Private Zone

L2

L3

FW

LB

LB

vFW

vFW

FW

Protected Back-End

Protected Front-End

L2

L3

L3

vFW

LB

L2

L3

L3

vFW

FW

L2

L3

L3

vFW

LB


• Elastic Capacity that grows and shrinks based on workload demand

• Maintain App SLA’s with high performance L2 Extensions and Storage data availability

The Challenge: Elastic Capacity

The Solution • Layer 2

Extensions, Path

Optimization, DWS

Benefits • Migrate workloads within the enterprise private cloud or in a

hybrid cloud solution between enterprise and service provider during both planned and unplanned outages.

• Dynamic Workload Scaling (DWS), integrates the Cisco Application Control Engine (ACE) session load balancers with Cisco’s Dynamic MAC-in-IP encapsulation technology, Overlay Transport Virtualization (OTV).

DC-west

LISP IP mobility

DC-east

IP Network

POD POD

App

OS OTV (Inter-DC x-L3)

POD POD

App

OS

App

OS

App

OS

http://www.cisco.com/en/US/docs/solutions/Enterprise/Data_Center/Virtualization/DCI_Use_Cases_for_Business_Resilience.pdf


Cisco Virtualized Multi-Tenant Data Center Comprehensive, Modular, and Flexible Approach

Enhanced Data Center Interconnect

Unified Data Center Networking

Integrated Compute Stacks

Compute NAS SAN

VM

DC

V

MD

C

VM

DC

Data Center

Access

Services

Aggregation

Core

Server and Application

Virtualization

DCI and Hybrid

Network and Services

Virtualization

VM

DC

Cloud Service Management

Business

Support

Provisioning

Configuration

VMDC

Portability/

Interoperability


Cisco Virtualized Multi-Tenant Data Center Comprehensive, Modular, and Flexible Approach

Enhanced Data Center Interconnect

Unified Data Center Networking

Integrated Compute Stacks

Compute NAS SAN

VM

DC

V

MD

C

VM

DC

Data Center

Access

Services

Aggregation

Core

Server and Application

Virtualization

DCI and Hybrid

Network and Services

Virtualization

VM

DC

Cloud Service Management

Business

Support

Provisioning

Configuration

VMDC

Portability/

Interoperability

Cisco Nexus 7000 Cisco Nexus 5000 Cisco Data Center Service Node Service Appliances

NetApp FlexPod VCE Vblocks Cisco Unified Computing System Cisco MDS Cisco Nexus 1000v Hypervisors

Cisco ASR 9000 and 1000 Cisco Nexus 7000

Cisco CIAC BMC CLM

www.cisco.com/go/vmdc

© 2012 Cisco and/or its affiliates. All rights reserved. 17

Build Run Plan

Cloud Optimization

Service

Delivering Unique Cisco Insight

Proven Delivery Capability

Cloud Implementation

Service

Worldwide Expertise Worldwide Presence

Assess Strategy Technology and

Security

Management Tools

Operational Readiness

Business Case

Chargeback Approach

Security/Compliance

Program & Architecture

Management Offices

Accelerate Time to Value

Cloud Strategy Services

Implement Technology, Security, Tools,

Facilities

Orchestration Integration

Workload Migration

Staging and Validation


Management Offices

Optimize Architectural Reviews

Security Audits

Cost Reduction Exercises

Process Improvements

Tool Customization

Day-2 Support

Cloud Planning and

Design Service

IaaS Design Technology and Security

Tools Architecture

SLA Design

Chargeback Design


Management Offices


Cisco on Cisco ITaaS – The Benefits of Data Center Transformation

http://www.cisco.com/web/about/ciscoitatwork/data_center/it_as_a_service_web.html


Quick Cisco Facts

$40B Company

70,000+ Employees

300 Locations in 90 countries

400 Buildings

56 Data Centers and server rooms

19,000 Remote workers

43,000 Mobile devices

Deploying virtual servers for business application hosting environment

More than 230K sq ft and 21MW of power in Cisco Data Centers

Technology and People…


Cisco on Cisco Success Story Data Center Virtualization Transformation

CHALLENGE

• Reduce costs

• Use resources more effectively

• Integrate legacy data centers

• Foster new business models

SOLUTION • Unified Computing System

• Nexus Series routers

• Infrastructure-as-a-Service (IaaS)

• Cloud Services

RESULTS

• 67% reduced TCO

• 33% reduced power used per application

• 40% saved on wiring and cabling infrastructure

• Reduced service provisioning to less than 1 hour

• Zero down-time

• More productive and satisfied workforce


CITEIS Cost and Productivity Benefits Cisco IT Elastic Infrastructure Services

$4000

$3000

$2000

$1000

0

2

4

6

8

Co

mp

ute

TC

O

($/Q

tr/O

S i

nst

an

ce)

De

liv

ery

Tim

e

(we

ek

s)

(100% physical)

(50% virtualized)

(75% virtualized)

(80% virtualized)

Virtualization Unified Computing Cloud

TCO down 37% TCO

down 27% TCO

down 27%


CITEIS Express Example of Self Service IT

Self-service, self-managed personal infrastructure on-demand.

http://www.brighttalk.com/webcast/286/35257


For more information


For more information

www.cisco.com/go/vmdc www.cisco.com/go/cloudverse

www.cisco.com/go/unifieddatacenter

Thank you.

Shape Your Business For the Future: Powering ... · Security Management Tools Operational Readiness...

Documents

Transcript of Shape Your Business For the Future: Powering ... · Security Management Tools Operational Readiness...