cloud network automation and orchestration in the data center - session from wednesday - 5

© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public

Cloud Network Automation and Automation In the Data CenterMichel Gaillard


On-Demand, Self-Service Provisioning of IT Resources

Easiest to Use and Deploy, Delivers Faster Time to Value

Optimized for Cisco Architectures, Complements Existing IT Systems and Management Tools

Policy-Based, Model-Driven Approach Reduces TCO

Automation

Intelligence

Flexibility

Policy-BasedNetwork

Infrastructure Resource Mgmt

UCS Manager

Cisco Cloud Portal

Cisco Process Orchestrator

Cisco Intelligent Automation for CloudIT as a Service Requires a New Management Approach

Network

Compute

Storage

Cisco Network Services Manager/VNMC

© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 33

NSM - Customer Problems Solved

1. Automates and virtualizes E-2-E IaaS network infrastructure provisioning

2. API accessible abstraction layer simplifies platform configuration

3. Provides policies that define and control behavior of the Cloud

4. Enables administrators to define the logical constructs of the Cloud (access/security, tiers of service, resources and constraints)

5. Faster cloud setup time and dynamic, fluid network service evolution


Virtual Network Management Center

Virtual Appliance

VSM

VEM-1vPath

VEM-2vPath

Hypervisor Hypervisor

vWAAS VSG

ASA 1000v Cloud Services RouterVNMC

• Single integrated access to manage Cisco virtual services

• VM lifecycle and service feature configuration

• Common UX and operational flows

• Tenant and provider views

• Integral part of the N1K architecture

• Common model to enable federated development

• XML APIs to enable third-party management and orchestration tool integration

VNMC


Tenant with VSG & ASA 1000v

Tenant A HQ

VSG ASA 1000v

Internet

VNMC

Webserver192.168.100.11

DB server192.168.100.12

App server192.168.100.10

192.168.100.20

172.25.108.86

192.168.200.15

192.168.100.15

172.25.108.87

© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 66

Direct Access Two Tiered with FWThis use case describes a tenant of an Enterprise or Service provider that has Internet routable space with:

• Virtual machines may be deployed on one or more VLANs in public address space

• Virtual machines may be deployed on one or more VLANs behind a firewall with internal addresses


Securing the Tenant Intra Domain and Edge

• Proven Cisco® security: virtualized physical and virtual consistency

• Collaborative security model

E Cisco Virtual Secure Gateway (VSG) for intra-tenant secure zones

E Cisco ASA 1000V for tenant edge controls

• Transparent integration

E With Cisco Nexus® 1000V Switch and Cisco vPath

• Scale flexibility to meet cloud demand

E Multi-instance deployment for scale-out deployment across the data center

Tenant BTenant AVDC

vApp

vApp

HypervisorCisco Nexus® 1000V

Cisco vPath

VDC

Cisco® Virtual Network Management Center (VNMC)

Cisco VSG Cisco

VSGCisco VSG

Cisco ASA1000V

Cisco ASA 1000V

Cisco VSG


Pod

ComputeStorage

Network

Pod

ComputeStorage

Network

Controller

Pod

ComputeStorage

Network

Controller

JMS Transport

Cloud Operational Model Services and Topology Model

Business Model

Tenant Network ContainerTenant Network Container

Network Container (Zone)

Network Container

EnterpriseNetwork

MPLSNetwork

Network Container

(App-Zone)

Network Container (DB-

Zone)

Internet

Network Container

(Web-Zone)

FW/LB

FW FW

Cisco Network Services Manager Container Model

Engine

APIREST

Network Container

Tenant Network Container

Network Container (Zone)

Network Container

Network Container

Controller

Tenant BTenant A


Typical Supported Use Cases

Tenant Remote Access – Direct Connect

Internet – Public Unprotected Zone

MPLS – Private Unprotected Zone

Direct Access – Two tiered FW

MPLS Access – Two tiered FW

L3 Routed, L3 NATed, L2 Unrouted VLAN

Four Zone Model

Zone with one armed LB


Common abstraction layer

Standardized API (contribution to OpenStack)

Flexible, easily consumable interface (partnering with subscriber manager

vendors)

Helps ensure that network remains viable part of cloud solution framework

Fastest deployment and lowest operating costs for cloud

Why NSM and VNMC are mandatory

OrchestrationModule

Automation Module

Service Catalog Service Portal

Cisco® Network Services Manager

SP VMDC PodEnterprise VMDC

Pod

Open REST APIAbstraction Layer

VNMC

cloud network automation and orchestration in the data center - session from wednesday - 5

Technology

cisco andor

cisco architectures

proven cisco security

zone model zone

vflows router vnmc tenant

vsg asa

operational cloud servicesasa

n1karchitecture common