agile networks - cisco · agile networks automation, security & flexibility with aci soni...

Agile NetworksAutomation, Security & Flexibility with ACI

Soni Jiandani, SVP Marketing

Trevor Moore CIO Qatar University

March 5, 2015

Duncan Mitchell, SVP Emerging Markets

© 2015 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 2

Data Center Transitions – Road to ACI/Nexus 9K

VM Density& Server I/0

10G LAN on

motherboard2

Big Data

IP traffic

25% CAGR4

Multi-Cloud

~45% of data center

Multi-hypervisor3

1. Morgan Stanley CIO Survey, 2013 2. HP 3. Information Week 2013 Virtualization Mgmt Survey, 2013 4. Cisco Global Cloud Index Forecast (2013-2017)

Lower TCO -●- Workload Flexibility -●- Agility -●- Compliance/Security

“Bare Metal”

75% physical servers1

© 2015 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 3

Business Demand: Transition to Modern Cloud Operations

Fast IT =

Efficient

Business

Processes

Model Driven

Software Ecosystem

Open Choice

Simplification

Transformation

OpEx and CapEx

Rapid Adoption

Multi-vendor Innovation

Automation and Operations

Cloud Models

4© 2015 Cisco and/or its affiliates. All rights reserved. Cisco Confidential

We want to know from you…

© 2015 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 5

We Give You Freedom of Choice With a Broad & Deep Ecosystem

Modernize operating system /

Merchant / Open APIs

Programmable Network

Embedded overlay / VXLAN/BGP /Third-party controllers

Network Virtualization

Physical, virtual & containers / Open / Embedded security

Cisco ACI

Common

Portfolio

© 2015 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 6

Enabling Automation and DevOps:Open NX-OS and NXAPI

POAP ONIE NXAPI

Linux/Python

Daemon

BootStrap and Provisioning

PXE

Package and Application Management

Standard Open Interfaces

Acceptable NXOS

Automation and Visibility

Server Management Tools

Ease of

OperationsModular Open 3rd Party Apps Programmable

Ready for

DevOps

© 2015 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 7

Multi-Tenancy and Seamless Host Mobility at Cloud Scale Next Gen VXLAN Fabric with BGP-EVPN Control Plane

VTEP VTEP VTEP VTEP

BGP-EVPN VXLAN Overlay

Expanding VXLAN Fabric Choices

InteroperableIncreased

Scale

Optimized

Mobility

Operational

Flexibility

© 2015 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 8

ACI is at the CenterThe Most Comprehensive SDN Solution

Open, Standards, and Embedded

Security

Physical, Virtual, and Containers

Automation: Application-Centric

Policy Model

APIC

9© 2015 Cisco and/or its affiliates. All rights reserved. Cisco Confidential

We want to know from you…

© 2015 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 10

ACI + OpenStack - VXLAN-GBP has been accepted into the Linux Kernel and Open vSwitch project

NEUTRON

ROUTER

SECURITY

GROUP

W

ebW

eb

W

eb

W

eb

A

pp

A

pp

D

BD

B

HYPERVISOR HYPERVISOR HYPERVISOR

NEUTRON

NETWORK

APIC

Contrac

t

Contrac

tContrac

tDBAPPWEB

ADCF/W

ADC

APIC

APIC

Driver OVS Driver

Neutron

NetworkingGroup Policy

OVS Driver

Neutron

Networking

APIC PLUGIN GROUP POLICY PLUGIN

APIC Group Driver

W

ebW

eb

W

eb

W

eb

A

pp

A

pp

D

BD

B

HYPERVISOR HYPERVISOR HYPERVISOR

© 2015 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 11

Cisco Data Center and Cloud Management

UCS CENTRAL

UCS MANAGER

APIC

UCS DIRECTOR Orchestration for Compute, Storage & Network

Converged

Infrastructure

Prime Service Catalog - Portal

© 2015 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 12

InterCloud: 40+ Partners

DBAPPADC

WEB

F/W

ADC

Cisco InterCloud and ACI: Just Decide Where to Put Your App

13© 2015 Cisco and/or its affiliates. All rights reserved. Cisco Confidential

We want to know from you…

14© 2015 Cisco and/or its affiliates. All rights reserved. Cisco Confidential

Security, Security, Security

© 2015 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 15

• Is our data secure?

• Do our policies really work, and are they measurable?

• Do our policies meet compliance?

• How are our applications structured in our data center?

• How can I minimize downtime of our network?

Security: What You Care About

© 2015 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 16

ACI Offers Open Security Framework with a Broad Security Ecosystem

Security Applications(Compliance, SIEM, Security Analytics etc.)

End-to-End Layered Security EnforcementACI

FabricHostFirewall IDS / IPS DDoS

Open Standard

OPFLEX

Open Device

Interface

Open REST APIs

APIC

© 2015 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 17

ACI Key benefitsCustomer Profile

Qatar University is a

rapidly growing university

in Qatar with over 16,000

students from fifty-two

nationalities.

Speed of Services

Deployment

Open architecture providing

integration with F5 & ASA

Embedded Security

18© 2015 Cisco and/or its affiliates. All rights reserved. Cisco Confidential

We want to know from you…

19© 2015 Cisco and/or its affiliates. All rights reserved. Cisco Confidential

Cisco as a Partner: Services & Solutions

© 2015 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 20

Delivering Cisco Services for ACI Deployment Success

Smart

Service

Capabilities

© 2015 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 21

SDN Solutions: Partner Innovation & DifferentiationChris Paggen

Consulting

Architect

and Design

Integration

w/ Existing

Day 1

Day 2

Connectivity and Visibility Security and Services Application Network Profiles

Traditional to Policy-based

Automate Connectivity

Extend into Existing Use-case

API to Orchestration

Counters,

Logging, Export

Traditional ACL’s to Policy

Policy and Device

Packages

L4 – L7 Service Stitching

Align Profiles

to Services

Centralized Security,

Visibility, Compliance,

and Logging

Evolve Basic VLAN

to Application

Construct

Application Profiles

Map Existing Network Policy

to Application Model

Enable Service Catalog

Based on Profiles

Audit and Monitor

Applications, Tenants,

and Services

22© 2015 Cisco and/or its affiliates. All rights reserved. Cisco Confidential

Solutions & The Road Ahead

© 2015 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 23

Key Initiatives & Roadmap

Open NXOS

Nexus 9000 & 3000

1G / 10G / 25G / 40G / 100G

ASICs : High Density 100G – Merchant and

Merchant Plus

NXOS: Object Model, API’s, Automation,

and 3rd Party Tools

ACI: IPv6, Multi-Site, ISV Integration,

AVS/OVS & Scale

OPEN Initiatives: VXLAN / IETF,

OpenStack, Linux

EcoSystem : VMware / MSFT integration,

L4-L7 – Palo Alto

© 2015 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 24

Microsoft System Center / Azure Pack

ACI FABRIC

Microsoft System Center | R2 w/ Service Provider Foundation

Azure Pack GUI

Websites, Apps, Database, VMs, ACI

Provider PortalConsumer

Self-Service Portal

Websites VMs SQL Service BusFuture

Services

ACI PROVIDER

SERVICE

OpFlex Driver

Policy Management: APIC / Azure Pack

VM Discovery:OpFlex

Encapsulation:VLAN, NVGRE

Zero TouchProvisioning

Service Insertion(Physical / Virtual)

© 2015 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 25

Immediate Security Benefits with ACI & Tetration Analytics

Proactive Maintenance Lower TCO

Risk Mitigation “Facebook” for machines

Time Series Queries Analyze traffic

Compute Visibility Publish policies

Fast IT No network downtime

26© 2015 Cisco and/or its affiliates. All rights reserved. Cisco Confidential

We want to know from you…

© 2015 Cisco and/or its affiliates. All rights reserved. Cisco Confidential

Thank you