cisco intelligent automation for cloud
DESCRIPTION
This presentation will discuss cloud automation, cisco cloud automation stack, and cloud in a box.TRANSCRIPT
Cisco Intelligent
Automation For Cloud
Housekeeping
• We value your feedback
• Please don't forget to complete session evaluation
• Please remember this is a 'non-smoking' venue!
• Please switch off your mobile phones
Abstract
• Attendees should have a basic knowledge of Data Center, Network
Management and Automation
• Knowing VMware, UCS and SAN concepts is good for this session
• 90 min session
• Will not be able to cover configuration and troubleshooting details
Q/A Policy
• Questions may be asked during the session
• But due to time limit, flow and respecting every one‟s interest, some questions might be deferred towards the end
Agenda
• Cloud Automation?
• Cisco Cloud Automation Stack
• Cloud In a Box
• Case-Study
#CiscoPlusCA
Cloud Automation?
#CiscoPlusCA
And what about – The Cloud?
Let‟s Start with a Definition of Cloud IT Resources and Services that
Are Abstracted from the Underlying
Infrastructure and Provided
“On Demand” and “At Scale” in a
Multitenant and Elastic Environment
A Style of Computing Where Massively Scalable IT-Enabled Capabilities Are Delivered “As a Service” to Multiple External Customers Using Internet Technologies
Source: Gartner “Defining and Describing an Emerging Phenomenon” June 2008
Anywhere, Anyone, Any Service
Cloud Architecture Cloud Foundation Blocks
Public Private Hybrid Community Deployment
Models
Service
Models
Software as a
Service (SaaS)
Platform as a
Service (PaaS)
Infrastucture as a
Service (IaaS)
Essential
Characteristics On-Demand
Self Service
Broad Network
Access
Resource
Pooling
Rapid Elasticity Measured Service
Visual Model of NIST’s Working Definition of Cloud Computing
http://www.nist.gov/itl/cloud.cfm
Cloud Architecture Elements of Cloud Computing
• Self-Service Interface: Provides ability
for users to order and
track metered services
• Service Delivery Automation:
Automates provisioning and meters
usage of services
• Resource Management:
Resources are provisioned and
managed as per service needs
• Operational Process Automation:
Automates operational processes such
as user management, capacity
management, service level
management, service desk integration,
alerting…
• Lifecycle Management
Lifecycle Management of Cloud Services
• Dynamic resource allocation
• Capacity management
• Resource utilization
• Performance management
• Maintenance
Standardized
offerings
Very fast
provisioning/
de-provisioning of resources
Metered
usage
Web-based
front end
Automated
fulfillment
Broad Network Access
Rapid Elasticity
Measured Service
On-Demand Self-Service
Resource Pooling
Cloud Architecture What a Cloud Should Deliver
Cloud Architecture Delivering a (complex) service – faster with end-to-end automation
Design it
Where can we put it?
Procure it
Install it
Configure it
Secure it
Is it ready?
Architect it
Design it
Where can we put it?
Procure it Install it
Configure it
Secure it
Is it ready?
Architect it
Before After
• Machine-oriented
• Manual provisioning
• Hard to control utilization
• Service-oriented
• Self-service; automated provisioning
• Elasticity (capacity-on-demand)
• High provisioning & ops cost
• Extended provisioning time
• Configuration risk
• Optimized provisioning & ops cost
• Rapid provisioning
• Increased Resiliency and Availability
Manual
Automated
Self-service
On-demand
Cloud
What is Cloud Computing From An End-User Perspective
Take an example of electricity, where every household easily
accesses the electric grid and consumes power for various applications
(e.g., lightbulb, refrigerator, dishwasher) without having to build and
maintain a personal power generator.
Application Development IT Infrastructure/Ops
Use Case: Application Dev/Test Complex, Time-Consuming, Expensive Provisioning Process
Call or email IT Operations
Architecture Reviews
Approval Process
Track Down Status
? ?
One-Off Custom Server
Builds
Incomplete Requirements
Add Security, Back-UP, etc.
Exception Management
$
?
? ?
Service Orchestration End User Self-Service Governance
Service Requests
Compare Service Tiers and Options
Guided Shopping „Wizard‟
Policy-Based Controls
Rich Interactive
Forms
Ordering and Approvals
Status Updates
Cisco Tidal Enterprise Orchestrator
Element Managers
newScale Catalog Global
Orchestration
UCS Manager
VMWare vCenter
EMC/ NetApp Storage
Provisioning
Cisco Server Provisioner
Cisco Cloud Automation Stack
#CiscoPlusCA
About CIAC
#CiscoPlusCA
• Pre-packaged cloud content and orchestration workflows
– Self-service portal build on Cisco Cloud Portal (CCP) aka newScale
– Orchestration built using Cisco Process Orchestrator (CPO) aka Tidal/TEO
• Designed to accelerate
– Implementation of the self-service portal
– Automation of common infrastructure/platform provisioning tasks
• Features
–Lifecycle activities, i.e., provision, power off, power on, reboot, add resources, de-
provision virtual machines
– Physical machine provisioning
– Comprehensive view of service items, i.e., virtual machines, storage, etc.
– Capability to integrate other content (not preconfigured)
Cisco Intelligent Automation for Cloud Off-the-shelf IaaS Cloud Solution with Integration Capability
CMDB
IT Service Management Tools
Inte
llig
en
t A
uto
mati
on
fo
r C
lou
d Service Catalog and Self-Service Portal
Cisco Cloud Portal
Global Orchestration Cisco Process Orchestrator
Adapter Framework
OS/Software Provisioning Cisco Server Provisioner
Clo
ud
Au
tom
atio
n P
ack
Compute Resources
Virtual Machines
Network Resources
Storage Resources
Billing/ Chargeback
Monitoring
Virtualization Management
Infrastructure Management
e.g. UCS Manager
Cisco Intelligent Automation for Cloud
Lifecycle Management
Policies &
Governance Approvals & Controls
Management
Security
Operations
DR
Orchestrate
Delivery
Process Orchestration and
Automated Provisioning
Developers
Track and Manage
Management
Self-Service Portal and Service Catalog
Define and Publish
Standard Options
Architecture & IT
Report
Consumption
Chargeback
or Showback
Self-Service Request
Cisco Cloud Portal
#CiscoPlusCA
Source: Cisco Cloud Portal product screenshot
• User-facing modules:
– MyServices™ enables customers to find services, create requisitions, and track service requests.
– ServiceManager™ enables service teams and their outsource providers to manage and track service requests and service level agreements.
– Reporting provides a set of reports, metrics and Key Performance Indicators (KPIs) for monitoring service delivery operations.
– Advanced Reporting provides ad hoc reporting and report authoring to enable root cause analysis and customized reporting for monitoring and managing service delivery operations. Uses IBM Cognos reporting and data management tools.
– ServicePortal™ provides a customizable portal for RequestCenter that can replace or supplement the MyServices home page.
• Service: A service “product” that can be requested by a customer
• Requisition: A “shopping cart” that can contain one or more requested services
• Category: (Display Category) A heading that exists within the MyServices catalog to help customers find a service that meets their needs
• Keywords: Words associated with a service that are used to support searching for a service within MyServices
• Initiator: The person who initiates a request for a service
• Customer: The designated recipient of a requested service
• Order on Behalf: Request a service for someone else
The catalog should promote
your standard offers and options
– it‟s your brochure, menu, and
storefront for IT consumers.
Include your branding, images,
service tiers, SLAs, pricing, etc.
Cisco Cloud Portal (CCP) An Online Catalog of IT Services
Source: newScale product screenshots.
CCP Architecture Tenant User
CCP Architecture Tenant Administrator
CCP Architecture Service Portal for Cloud Administrators
CCP Architecture Manage Cloud Page for Cloud Administrator
Cisco Process Orchestrator
#CiscoPlusCA
Engine
Day 1
Service
Delivery
• Role-based access
• Task Delegation
• Process Execution
• Scheduling
• Event triggering
• Human Approvals
• Assignments &
Notifications • Auditing & Reporting
Day 2
Service
Operations
Day 3
Service
Optimization
Set of Core Processes, Activities, Events & Tasks Automation Core Platform
Delivery
• Web Based Portal
• Client Console
• Reporting
• Ticketing Integration
• Operations Managers
• CLI
Day 0 Service Assessment
Cisco UCS Cisco Network Storage
Automation Packs
App (ex. SAP) Cloud Business
Intelligence
Data Center – Physical and Virtual Infrastructure
Network & Servers Applications Storage
Adapters
Cisco Tidal Intelligent
Automation for SAP
Cisco Intelligent Automation
for Cloud, for Compute
Cisco Intelligent
Automation for Networks
Cisco BI
Appliance Go to Market
in Domains
IT Processes Automation
Delivery via CPO
Automation Platform Documented, Repeatable, and Auditable Processes
Rich workflows that go beyond modeling just alert notifications
Ability to perform corrective actions
Ability to incorporate human and assigned tasks (i.e. approvals)
Ability to enable improved process re-use, less dependable on scripting and coding
Enables operational process modeling (i.e. system refresh)
Value Points
Configure (Processes, Activities)
• Drag-n-drop Studio
• Out-of-the-box flow activities,
processes re-use
• Out-of-the-box integration adapters
CPO System Architecture
CPO Server
(Process Engine)
AD-integrated Role-Based Security
Expert UI
Process DB (configuration, audit)
Web Service Interface
Adapters
Reports
Reporting Database
Automation Pack
Reporting Support
Data Holding Bin
Editor
Service Desk CMDB
Central Event Manager
Applications
OSes
Change & Configuration
Servers
Software Infrastructure
Database(s)
App Server
Virtualization
Network
Global IT Infrastructure
Web UI
Web
Server
CLI
SAP JMX / Telnet
VMWare
Remedy
SNMP
AD / LDAP
Web Services
Microsoft SCOM
Generic DB (OleDB)
SAP ABAP, CCMS
Oracle, DB2, MS SQL
Windows
Terminal (SSH, Telnet)
OLAP (SAP BI)
Email (SMTP, POP, IMAP)
Cisco UCS
Storage
CPO Key Concepts • Process
• Targets
• Triggers
• Process Inputs
• Process Outputs
• Global Variables
• Process Variables
• Activities
• Logic
• Approvals
• Assignments
Intelligent Process Editor
Adapter Toolbox
Drag and Drop
Activities
No Code Setup
Automation Summary
Approvals, Human Interface,
Alert, Incident, Change Request
Drag and Drop
Logic
Provides visibility across functional teams
Easier to troubleshoot processes
Execution (Run-Time Model)
• Visually-guided mode
Value Points
CIAC 2.0 Packaged Content
#CiscoPlusCA
• Commission a New Application Server on Linux
• Commission a New Application Server on Windows
• Commission a New Database Server on the Linux
• Commission a New Database Server on the Windows
• Commission a New Physical Server with Linux
• Commission a New Physical Server with Windows
• Commission a New Virtual Server with Linux
• Commission a New Web Server on the Linux
• Commission a New Web Server on the Windows
• Commission a VMware ESX Host
• Decommission a Physical Server
• Decommission a Virtual Server
• Modify Virtual Server Configuration - CPU Count
• Modify Virtual Server Configuration - Memory Size
• Power off a Virtual Server
• Power recycle a Virtual Server
• Snapshot - Take a Snapshot of a Virtual Server
• Snapshot - Revert to a Snapshot of a Virtual Server
• OS
– Windows 2008 64-bit
– Linux (CentOS)
• “T-Shirt” Sizing
– Small
– Medium
– Large
• Service Levels
– Gold
– Silver
– Bronze
*Partial table view
Cisco Confidential 42 © 2010 Cisco and/or its affiliates. All rights reserved.
• Administrative Login/Password Policy
– Set to default to Administrator/Root Login
– Generic password from template
• Approvals
– None configured
• Catalog Views Configurable
– Use role-based access controls to filter catalog views
– Set service item management controls
• Service Item Ownership Configurable
– “Owned” by individual
– “Owned” by organization
• Single-tiered Organization Structure
– Configured and maintained using OrganizationDesigner
• Every user must be assigned to a business unit as their “Home Organization Unit” (Home OU)
• Organizational Unit ID registered in CPO (manual process)
• Need to create service teams and associated work queues
• Organization authorization structure would have to be created
• Authentication
– CCP login page
– LDAP and single sign-on possible but not configured out-of-the-box
• Role-based Access Control
– Common portal administrator/user roles
• Customer Administrator
• Portal User
• Organization Administrator
• Cloud Administrator
• Site Administration
• Resources assigned in Cloud Governor Database at “onboarding” time One per organization
Required Data*
Organization ID Organizational Unit ID from CCP organization creation
Organization Name Organization Name from CCP organization
CPO Owner CPO web service target name
Server Domain Domain that will house customer VMs.
Public Network Path From vCenter inventory. The network assigned for VMs. For example “DatacenterName/Network
Name
VMware vCenter Owner The name of from vCenter Target that was defined. Maps to the vCenter Target in CPO.
VMware Default ESX Host The host that will be assigned to the customer for them to use to provision VMs
VMware Resource Pool Path vCenter Resource Pools. Compute resources, i.e., vCPU, Memory, assigned to the customer
VMware Datastore Path The assigned storage resource for the customer.
VM Inventory Path vCenter folder for customer VMs. All folders have to be preconfigured in vCenter. CPO does not
create.
* Additional required data for Physical Server provisioning
• IP Addresses Defined in CPO at “onboarding” time for eventual assignment to VMs.
• One or more public IP address pools for each defined organization.
• CPO expands the IP Address range in Governor database to use to assign to customer VMs during provisioning and then to reclaim during deprovisioning.
• No firewall or network management.
• No static IP assignment.
• If two network interfaces required, could use public IP and management IP.
Required Data*
Starting IP Address
Ending IP Address
Subnet Mask
Default Gateway
DNS
* Additional required data for Physical Server provisioning-Management IP
Allocation.
• One or more VMware templates must be pre-built and configured within VMware vCenter to use for cloning new virtual servers.
• Templates attributes must be added to the CCP standards table according to the type of template
– Application server
– DB server
– Web server
• Templates must also be registered in the Cloud Governor database.
Case Study
#CiscoPlusCA
Requirements • IaaS Public Cloud Design
• Network Virtualization
– Core/Distribution Nexus 7000
– Access Layer - Nexus 1000v
– Load Balancing - ACE
– Firewall – ASA
• Server Virtualization – Vmware vCenter
• Compute – Cisco UCS
• Storage - EMC
#CiscoPlusCA
Cisco Cloud Portal
Cisco Process Orchestrator (CPO)
Cisco UCS Manager
vCenter
ESXi Hosts
Billing
Microsoft
MS AD
Exchange
IaaS Software Orchestration
Microsoft
Active
Directory
LDAP Authentication
CA
Ticketing MRTG
Monitoring
Networking
SQL
Adapters
Key Design Points – Portal
• Content/Orchestration built in Cisco lab designed to simulate
customer architecture
– Small-scale network
– Stub-outs in Orchestrator (CPO) for some next phase network and
billing requirements
• Portal and Orchestration is custom built
– Portal organization structure designed to meet hierarchical
requirements
– Eliminated integration/message chatter in portal Comments section
– Created parameter-driven agents for bi-directional communications
between orchestrator/portal
Key Design Points - Orchestrator • Orchestrator (CPO) using Change Request based workflow
triggers
• Multiple workflows can subscribe to events and react • Parent workflow creates change request object and assigns parameters
to it
• Change request creation triggers other workflows that listen to object
• Using Orchestrator (CPO) Target as Data Model Object • Allows a way to access, create and update cloud data model
• Targets have strings or integers (IP address, name, ID, etc) • Targets can have reference pointers targets to other targets which can
transverse and walk down the object graph.
• Orchestrator (CPO) automated workflow for regression testing • Orchestrator custom built unit test workflows running daily testing code
differences
Extensible POD Design
#CiscoPlusCA
CPO-POD1
CPO-POD2
SAN Storage
CPO-Master
CCP
VMware
vCenter
UCS
Manager
SQL Server
Process-M DB
Process-S DB
Cloud Governor DB
SQL Server
SQL Server
SAN Storage VMware
vCenter
UCS
Manager
SQL Server
Error Handling
#CiscoPlusCA
• Extensive error handling implemented
• Error handling task for all orchestration tasks. Activated when error
message is returned to portal
• Resource rollback on failed tasks: VMs deleted in vCenter, IP Address
released to IP Pool, Service Targets deleted
• “Take-2” tasks available for Virtual Machine and Storage Services if support
team can fix the source of the error
• Organizational maintenance tasks allow support team to update form data in
the event work must be manually processed
Integrations – Adapters/Agents Implemented
• REX - Used for Portal automation to create Organizational Units and hierarchy
• HTTP/WS - Standard Product adapter for communicating with Orchestrator
• Agent and workflow to interact with CA Help Desk
• Agent and workflow to interact with MRTG Monitoring tool (open source)
• Agent and workflow to interact with Active Directory
• Agent and workflow to collect data for billing in a mediation server (Comptel)
Establishes the Multi-tiered Business Unit OU Structure
Defines the Commit Levels that control billing
Creates a Customer Administrator in
• RC
• AD
• CA
• MRTG
Establishes the service items/governor DB items for
• Customer
• Contracts
• Network
• Accessibility Options
Onboard a New Customer
Customer Onboarding Process
• Onboard Tenant
– OU and Admin
– For Billing
– For Monitoring
– For CA Help Desk
– vCenter Properties
#CiscoPlusCA
• Onboard Admin/User
– Tenant MRTG Admin
– AD Cloud User
– CA Admin
Manual Error Handling Task for each automation task
Error message posting in service form for service teams
Service target and resource allocation (VM, IP) rollback per automation task if failure
Take 2 opportunity to restart failed workflows
Provision a Virtual Machine Work Plan
Provision a Virtual Machine Orchestration - Success
Each of these steps in the
workflow check for errors
This trigger “newScale
Complete Service
Request” work to provide
on SUCCESS of VM
related workflows Creates multiple
parameters and
sends to Cloud
Portal
Different types of VM
actions are handled
Provision a Virtual Machine Orchestration - Failure
Each of these steps in the
workflow check for errors
This workflow “newScale
Complete Service Request
Failed” runs if VM related
worfklow fails
Different types of VM
actions are handled
Provision a Virtual Machine Orchestration –
Targets as Data Model Objects Reference pointers other targets. Creates an
object graph to walk down the object path
and access other related objects
String/integer type properties
• Shameless borrowing from C&W project
• Disable access to VM and stop billing when request submitted, delayed removal
• Timed warning before actual deprovision/ deletion provides opportunity for reinstatement
• Service targets and resource allocation release moved to final steps to eliminate duplications
Deprovision a Virtual Machine Work Plan
Decommission a Virtual Server
Customer Change Management Process
#CiscoPlusCA
• Disable CA Admin
• Disable MRTG Admin
• Change MRTG Password
• Disable AD Cloud User
• Change AD User Department
• Change AD User Password
Q&A
#CiscoPlusCA
Follow @CiscoCanada and join the #CiscoPlusCA conversation
Access today‟s presentations at cisco.com/ca/plus
We value your feedback. Please be sure to complete the Evaluation Form for this session.
ACME Customer Design C
isco
Inte
llig
ent A
uto
ma
tion f
or
Clo
ud
Cisco Cloud Portal CCP
Cisco Process Orchestrator CPO (Master-Slave Model)
Adapter
Billing Monitoring Ticketing
VMware vCenter
Clo
ud A
uto
mation
Pack
UCS Manager
Compute Resources
Virtual Infrastructure
Network Resources
Storage Resources