cisco intercloud fabric: technical overview

Intercloud Fabric: Technical Overview

Ryan Kido Systems Engineer

CCIE #8558

Cisco Confidential 2 © 2014 Cisco and/or its affiliates. All rights reserved.

Agenda

Overview

Architecture

Intercloud Fabric Services

Deployment Considerations

Summary


Why Hybrid?

Striking the perfect balance

Fixed workloads Elastic workloads Choice to build / rent across providers

Workload portability Consistent security

DC/Private Clouds Provider Clouds Economics Speed

Scale

Data Sovereignty

Security Control

Hybrid


Reality of Hybrid Cloud and Key Challenges

Loss of Security Siloed Infrastructure Slow and Complex

•  Unsecure Connection

•  Limited Workload Protection

•  Inconsistent Cloud Architectures

•  Fragmented Solutions Solving Networking and Security Challenges

•  Different Management Tools

•  Require App Re-configuration

•  Slow and Manual Process of Discovering Infrastructure Dependencies

•  No Visibility or Control


DC/Private Cloud

End User and IT Admin Portals

Secure Fabric Extender Network,

Compute, and Storage

vSphere

Hyper-V*

KVM*

Xen*

Intercloud Fabric for Business

EC2 APIs

Azure APIs

Intercloud Fabric for Providers

Provider Clouds

Intercloud Ecosystem

Intercloud Fabric for Providers

Cisco Powered Services and Cloud

Providers

Cisco Intercloud Fabric: Solution Overview

* Available in subsequent releases



Cisco Intercloud Fabric: Software-based Solution

DC or Private Hybrid Public

Intercloud Fabric for Provider

GUI APIs

Cloud APIs


Cloud A

Cloud B

Cloud C

Making a private cloud application instance transportable to public cloud conserving its associated policies

Private

ICF Bubble


ICF Bubble

Cloud A Cloud B

Cloud C

v  ICF Bubble: a group of VMs and associated cloud profiles

VM

VM VM VM

VM VM VM

VM VM

VM

VM VM

App Policy Statements Policy 1… Policy 2… AppCatStatements

Policy 1… Policy 2…

v  ICF Bubble Features: secure and portable across public clouds

v Cloud Profiles : system, security, network and service policies


Intercloud Fabric Secure Extender (Secure Network Extension)

DC/Private Cloud

Provider Cloud

Cisco Intercloud Fabric Architectural Details

Intercloud Switch

Intercloud Fabric Provider Platform

VM Manager Intercloud Fabric

for Providers


Intercloud Extender

Intercloud Fabric Director

End User and IT Admin Portal Workload and Fabric Management IT Admins End Users

VM VM

VM VM Intercloud Fabric

for Business




DC/Private Cloud

VM Manager Intercloud

Fabric Director

IT Admins End Users

VM VM

Cisco Intercloud Fabric Director Features

Self-service •  End User Portal •  Choice of workload

placement

IT as Cloud Broker •  Admin Portal •  Policy-based

Cloud Management

Open •  Open API for integration

with other cloud management platforms



Intercloud Secure Extender

Provider Cloud

Intercloud Switch

Intercloud Extender


VM VM

Cisco Intercloud Fabric Secure Extender Features

Secure Layer 2 Extension to Cloud Extend VLAN/VXLAN

with TLS Tunnel

Network & Security Services Inter-VM firewalling and routing

Flexible Application Reachability Enterprise IP Address or Provider IP Address



Intercloud Fabric Provider Platform Features

Cloud API

API Translation Logic

South Bound API

VCD Adapter

Open stack

Adapter

Cloud Stack

Adapter Custom Adapter

Intercloud Fabric Cloud API

Provider Platform

Intercloud Fabric Provider API

Rapid Deployment Enable Cloud Provider to Quickly

Offer Hybrid Cloud Services

Open API For Integration with Cloud

Provider Infrastructure

Flexible Abstraction over Cloud Provider Infrastructure

Core Logic Tenant DB

Intercloud Fabric Provider Southbound API

To Provider OS / BSS

To Provider Infrastructure

To Intercloud Fabric for Business

Tenant Database Securely stores tenant records and templates

Custom Adapter


Intercloud Fabric Structure

Cross-clouds app portability and mobility

Any App on Any Cloud

Hybrid, Public and Private ICF: A Platform for Cloud Services

Cisco and/or 3rd party service offerings supporting applications in cloud environments ICF Extended Services

Fundamental service functions and capabilities integrated natively ICF Core Services

Fundamental technologies and components that support ICF aaS functions

ICF Core Infrastructure


Intercloud Fabric Structure

Cisco Intercloud Fabric Architecture is Modularized to Achieve the Elasticity Needed to Support Evolving Cloud Environments

ICF Extended Services + External Partners (storage, load balancing, etc.)

ICF Core Services Security Management

and Visibility Automation Networking VM Portability

ICF Core Infrastructure ICFD PNSC ICFPP Secure Communications

Private Cloud: Enterprise Public Cloud: Provider




PNSC

ICFPP

Secure Communications

Enterprise tool to manage and orchestrate hybrid clouds

Enterprise Service orchestration function for private and public services

Site-to-site and VM-to-VM communication technology

Cloud Provider Public Cloud management tool

Fundamental Technologies and Components That Support Intercloud Fabric Functions



ICF Core Services

ICF Core Services Fundamental Service Functions and Capabilities Integrated Natively to ICF and its Operation

Security

Management and Visibility

Automation and APIs

Networking

VM Portability

Switching, routing and other advanced network-based capabilities

VM to VM and App-to-App security controls

VM format conversion and mobility

Private and hybrid cloud monitoring capabilities

VM lifecycle capabilities, automated operations and Programmatic APIs


Core Services: VM Portability

VM portability is the process or converting an existing image from the source cloud format to the destination cloud format, and placing it on the destination cloud with its associated policy Value: VMs can be placed on any cloud independently from the origin cloud and hypervisor flavor, yet conserving the application related policies

Key VM Portability Functions:

Format Conversion

Policy Portability

and Control

Driver (Agent)

Application Instantiation



VM is powered up on public cloud and management continues through Intercloud Fabric Director 4

VM Portability: Migration Across Hybrid Cloud

Intercloud Fabric Secure Extender

DC/Private Cloud

Provider Cloud

Intercloud Switch

Intercloud Fabric Provider Platform

Cloud Providers

Intercloud Extender

IT Admins End Users

VM

VM VM

Image is converted to public cloud format (e.g., AMI) and migrated to public cloud

3

End user triggers VM migration to cloud 1 VM is shut down and Intercloud Fabric driver added 2

VM Manager Intercloud

Fabric Director



ICF VM Image Conversion

Install Driver and Normalize to Raw

Convert Normalized Image to Provider Format

Provider Image

Storage

Image

Install Driver and Keys

Import Source Image

ISO RAW

VMDK OVA VM

Manager

Convert Raw Image to Provider Format

Converted Raw

Image

RAW

Upload VM Image to Datastore

Private Cloud

Public Cloud

Converted Image

AMI VDH

VMDK OVA

Uninstall Driver and Normalize to Private Format

Convert Cloud Image to RAW Format

Remove Driver and

Keys

Download Source Image

ISO RAW

VMDK OVA VM

Manager Convert Image to

RAW Format

Converted Raw

Image

RAW

Download VM Image

from Datastore

Downloaded Image

AMI VDH

VMDK OVA

Provider Image

Storage

Image



Intercloud Secure Extender


DC/Private Cloud

Provider Cloud

Core Services: Network Extension

Enterprise Virtual Switch

Application

VM

Provider Network Switch

Enterprise VM access port

Tunnel Port

Trunk Port

Enterprise Ports

Outer MAC/ IP/UDP Tunnel L2X

Application

VM IC Driver

Data

Data

Data

1

2 3 Intercloud

Switch Intercloud Extender

Outer MAC/ IP/UDP Tunnel L2X Data



DC/Private Cloud

Provider Cloud

Intercloud Switch

Intercloud Extender



Core Services: Firewalling/Zoning

IT Admins Intercloud Fabric

Intercloud Fabric VSG: Protects VMs in Provider Cloud

Test VM

Test VM

Enterprise VSG: Protects VMs in Private Cloud

Single Security Policy for Private and

Provider Clouds

Web VM




Enterprise VPN Access to Public cloud VMs

Core Services: Routing Across Hybrid Cloud

Direct access to public cloud VMs through NAT

Intercloud Fabric Secure Extender

DC/Private Cloud

Provider Cloud

Intercloud Extender

VM VM

VM VM

VLAN App

19.2.168.x.x Default Gateway for VLAN A &B

VLAN Web

VM VM

VM VM

Provider Gateway

10.x..x.x

54.x..x.x

VLAN A Intercloud

Fabric CSR

Inter-VLAN communication through ICF Routing

VLAN B

192.168.x.x

Remote/ Branch Office ISR

VPN VPN

Mobile Worker

Mobile Worker

Intercloud Switch



DC/Private Cloud

Provider Cloud

Intercloud Switch

Intercloud Extender



Core Services: Establishing Trust

Web VM

IT Admins

IT Admin configures an icfCloud 1

Generate SSH key pair 2

SSH public key passed as part of creating VM along with SSH username

3 Cloud Provider

API

SSH public key downloaded as part of VM startup and made as authorized key for SSH user

4

HTTP/HTTPS



DC/Private Cloud

Provider Cloud

Intercloud Switch

Intercloud Extender



Core Services: Establishing Secure Communications

Web VM

IT Admins

Select encryption algorithm and hash for an icfCloud

1

S2S Tunnel Profile: Control Channel PSK

2

S2S and Access Tunnel Profile: Control Channel PSK Data Tunnel Encryption Key Data Tunnel Hash Key

3 Control Channel PSK 4

Encryption algorithm – AES-128-GCM, AES-128-CBC, AES-256-GCM (Suite B), AES-256-CBC

Hashing algorithm – SHA-1, SHA-256, SHA-384

HTTPS/XML API

SCP


Cisco Intercloud Fabric Management Options Flexibility to integrate cloud and on-premise infrastructure operations

On-Premise Infrastructure Off-Premise / Cloud

Included

Optional


UCS Director (On-Premise Converged Infrastructure

Mgmt. & Automation)

Off-premise Hybrid Cloud Infrastructure Management

Prime Services Catalog (Unified application centric consumption for end users)

Cisco & 3rd Party Management Systems (CIAC, custom, etc.)

IaaS

A

pplic

atio

n

Unit of Operations – VM, VPC, Service Nodes, and Infrastructure policy

End User and IT Admin portals for IaaS consumption

Unit of operation – application blueprint/deployment profile

Business policy , Governance and Regulatory compliance


§  Enterprise Virtual Machine Manager: §  VMware vCenter version 5.0/5.1/5.5 (VMware Enterprise Plus License is *NOT* required)

§  Providers: Amazon Web Services, Azure, British Telecom, Dimension Data, Virtustream*

§  OS Versions: §  Red Hat Enterprise Linux (RHEL) 6.0, 6.1, 6.2, 6.3 and 6.4 (64-bit and 32-bit versions) §  CentOS 6.3 (64-bit and 32-bit versions) §  Microsoft Windows 2008 R2 (Service Pack 1 [SP1]) with AMI and VMware Virtual Machine Disk (VMDK)

templates

Cisco Intercloud Fabric Support Matrix

* Additional providers will be added in a phased manner


ICFD

icfCloud

VSG and CSR

Cloud VM

Scale Tree: Tested Capacity

Total System Capacity—Not to Exceed 1000 VM per ICFD instance

VM VM VM VM VM VM VM VM

ICFD

16 icfCloud

100 VMs per VSG, 100 VMs per CSR

1000 VMs


Cloud A

Cloud B

Current Phase: Direct Private !" Public §  From Private cloud to supported cloud providers

Private

ICF Bubble Current Phase: Indirect Public !" Public

§  From public cloud through private to public cloud

Future Phase: Additional Private Options !" Public & Direct Public !" Public


Learn

•  Learn more about Intercloud Fabric at: http://www.cisco.com/go/intercloudfabric

•  Questions: Reach out to Cisco Account Team

Cisco Intercloud Fabric Call to Action

Engage

•  Cisco Intercloud Fabric for Business is available through an Early Customer Success Program

•  Cisco Intercloud Fabric for Provider is now available for Provider integration

•  Contact your cisco team to learn how you can be part of the Cisco Intercloud Fabric ecosystem


Consistency Security/Networking as an extension of

Private Cloud

Control Unified workload

management across clouds

Choice Freedom to place workloads across

heterogeneous Clouds

Compliance Policy-based

deployment/governance in cloud

Cisco Intercloud Fabric Value Proposition: Secure Workload Mobility

DC/Private Cloud Cisco Intercloud Fabric

Fixed Workloads Variable Workloads

Provider Cloud

Thank you.

cisco intercloud fabric: technical overview

Technology

cisco andor

business cisco confidential

control cisco confidential

fabric management

icf bubble cloud

reality of hybrid cloud

cloud b cloud c v icf

dcprivate cloud end