primend praktiline konverents - rakenduse keskne it infrastruktuur / cisco application centric...

Cisco Confidential 2 © 2013-2014 Cisco and/or its affiliates. All rights reserved.

Why ACI?

Cisco Confidential © 2013-2014 Cisco and/or its affiliates. All rights reserved.

Data Center Network: Trends and Challenges

“Can you look into my application Performance ..NOW?”

“..I need to move workloads to the cloud…NOW!.”

“…I need to roll out new security policies NOW…”

45% Multi-Hypervisor3 75% Bare Metal2 25% Annual Growth —Big Data1

1 Cisco Global Cloud Index *2 IDC Worldwide Virtual Machine 2013-2017 Forecast *3 InformationWeek 2013 Virtualization Management Survey

Cisco Confidential 4 ©2014 Cisco and/or its affiliates. All rights reserved.

Application Centric Infrastructure

Customer Business Benefits

•  Deploy applications faster •  Workload mobility •  Higher application availability •  Compliant and secure •  CapEx reduction

Application Centric Infrastructure East-West optimized for all workloads

HYPERVISOR HYPERVISOR HYPERVISOR

X86-Virtual Machines & Virtual Appliances

X86 Servers Unix Systems P and Z systems

Network Service Appliances X86 Multi-Hypervisor

Single open API for entire system

IP Storage

Customer Operational Benefits •  Risk mitigation •  Better utilization of resources •  Operational efficient / zero touch

deployment and de-commissioning •  Self documenting network •  Simplified day-2 troubleshooting •  OpEx reduction


ACI: Business Outcome and Benefits for Cisco IT “Cisco’s open standards approach makes ACI even stronger. We conducted testing on ACI … it fully delivered everything we expected, and proved to be quite stable and mature.”

Nik Weidenbacher Principal Engineer, SunGard

“Cisco ACI is an open, future-proofed data center architecture that can continue to grow as we enhance client services.”

Chuck Crane Network and Security Architect, Axciom

(Transitioning from AWS to Private Cloud)

“This will enable Telstra to deliver service agility, security and performance that our customers expect from an enterprise grade cloud.”

Erez Yarkoni Executive Director, Telstra

10-20% Compute and

Storage Optimization

58% Reduce Network

Provisioning

21% Reduce

Management Costs

45% Reduce Power

and Cooling Costs

25% CAPEX

Reduction

Greater Business Agility

Lower Capital Expenses

Reduced Costs/ Complexity

Lower Operating Cost

Resource Optimization

Source: Cisco IT


What is ACI?


Application Centric Infrastructure Building Blocks

Rapid Deployment of Applications onto Networks with Scale, Security and Full Visibility

ACI

APPLICATION CENTRIC POLICY CONTROLLER NEXUS 9500 AND 9300


Nexus 9000 1/10/40/100G*

Performance, Scale: Fastest 40G Platform

$ Multi-million Savings 40/100G on Existing Cables

2.8X Better Reliability

15% Better Power and Cooling

Open Source / APIs / Standards Python, Power Shell, Puppet, Chef …

1011 0010

Programmable DC Networking for The Next Decade

*100G Ready Standalone / ACI Ready


Application Policy Infrastructure Controller Embracing SDN and Going Beyond

POLICY: Centralized Application-Level Policy

SECURE: Security and Performance @ Scale

VISIBILITY: System-Wide Visibility, Telemetry, Health

OPENESS: Open Source / APIs / Standards

EXTENSIBLE: Hypervisors, L4-7, Storage, Compute

Centralized Point of Management


Application Centric Policy is Business Relevant

•  Application Centric Infrastructure (ACI) allows the entire infrastructure to take commands in a business-relevant language.

“Let my app servers talk

to my web servers.”

1.  “Figure out where app lives in physical net”

2.  “Trunk VLAN 112 to switch 22.”

3.  “Add route….”

4.  “Plumb ports 7-12…”

5.  “Configure ACL…”

6.  “Apply QoS…”

7.  Repeat every time app moves or needs more capacity

ACI Policy Aligned with Applications Traditional Policy Aligned with ….?


Applications and The Network

Application Requirements

WAN

Firewall

LB to App

Connect to DB

Connect to App

High Priority

WEB APP DB

Map existing Networks into Groups

WEB APP DB

VLAN 100 QOS ACLs Layer 3

DIRECTLY MAP TO ACI APPLICATION PROFILES

Map Groups and Policies into Application Profile

WEB APP DB F/W ADC ADC

APP APP APP WEB WEB WEB DB DB DB


An Innovative Approach to Policy= Application Profile

Provided Contract WEB

OUTSIDE EPG

DB EPG

APP EPG

WEB EPG ADC FW

ADC

What is an Application Profile?

1)  End Point Group (EPG): A set of virtual or physical workloads with the same policy 2)  Contracts: A set of rules governing communication between groups 3)  Service Chains. A set of network services between groups

Consumed Contract WEB

Consumed Contract APP

Provided Contract APP

Consumed Contract DB

Provided Contract DB

Service Chain FW Service Chain APP Service Chain WEB


Application Policy Model and Instantiation

All forwarding in the fabric is managed through the application network profile IP addresses are fully portable anywhere within the fabric Security and forwarding are fully decoupled from any physical or virtual network attributes Devices autonomously update the state of the network based on configured policy requirements

DB Tier

Storage Storage

Application Client

Web Tier

App Tier

Application policy model: Defines the application requirements (application network profile)

Policy instantiation: Each device dynamically instantiates the required changes based on the policies

VM VM VM

10.2.4.7

VM

10.9.3.37

VM

10.32.3.7

VM VM

APIC


Data Center Automation – Manual versus Policy Driven

Design it

Procure it

Install it

Configure it

Secure it

Is it ready?

Architect it Design it

Is QA’d

Is procured Is installed

Is configured Is secured

It is ready

Architect it

ACI Policy Driven

ARCHITECT DESIGN COMPUTE Service Request SERVICES SECURITY NETWORK Application

Available ARCHITECT DESIGN Service Request

Application Available

QA it


Data Center Automation and IT Collaboration Today: Serialized Configuration and Management

MANUAL PROCESS LEADS TO INCREASED DEPLOYMENT TIMES

NETWORK COMPUTE SERVICES SECURITY Application

Requirements

Policy Violation Configuration Mismatch

Successful Deployment

ARCHITECT DESIGN COMPUTE Service Request SERVICES SECURITY NETWORK Application

Available

Deployment Trigger


Data Center Automation and IT Collaboration ACI: Common Policy Framework and Operational Model

Application Policy

CLOUD APPLICATION

COMPUTE NETWORK

STORAGE SECURITY

POLICY-BASED AUTOMATION

Application Requirements

Defined set of application requirements

Team builds application policy and template

Operations team deploys with minimal

risk and maximum speed

ARCHITECT DESIGN Service Request

Application Available

Deployment Trigger


Application Awareness ACI: Application-Level Visibility

Actions: No new hosts or VMs Evacuate hypervisors Re-balance clusters

CiscoLive Event

PetStore Dev •  Leaf 1 and 2 •  Spine 1 – 3 •  Atomic counters

PetStore Prod •  Leaf 2 and 3 •  Spine 1 – 2 •  Atomic counters

PetStore QA •  Leaf 3 and 4 •  Spine 2 – 3 •  Atomic counters

VXLAN Per-Hop Visibility

Physical and Virtual as One

ACI Fabric provides the next generation of analytic capabilities

Per application, tenants, and infrastructure: •  Health scores •  Latency •  Atomic counters •  Resource consumption

Integrate with workload placement or migration

Triggered Events or Queries

APIC


ACI Addresses the Security Challenge in the DC

Automate Compliance,

Centralized Audit

Visibility, Analytics, Forensics

Simplified Policy-based

Segmentation

Network Services

Automation, Open Eco-

System

Security Expressed in Application Language

Centralized Security Across Physical and Virtual


Open Open Source, Open Standards, Open Interfaces


OPERATIONAL MODELS

RESTful APIs, Python etc.

OpFlex

1.  Scripting/Languages

2.  IT Automation

3.  OpenSource

4.  Integrated ACI Approach

Open: Choice and Investment Protection

RICH ECOSYSTEM

Hypervisors

L4-L7 Services

Management

Security

Storage

Operational Choice—Service Provider, Enterprise, Commercial

CLOUD

SECURITY NETWORK

APPLICATION

Automate


How ACI fits into Private and Public Clouds?


ACI is Multi-Hypervisor-Ready

!  Integrated gateway for VLAN, VxLAN, and NVGRE networks from virtual to physical

!  Normalization for NVGRE, VXLAN, and VLAN networks

!  Customer not restricted by a choice of hypervisor

!  Fabric is ready for multi-hypervisor

Virtual Integration Network Admin

Application Admin

BARE METAL SERVER

VLAN VXLAN

VLAN NVGRE

VLAN VXLAN

VLAN

Hyper-V KVM

Hypervisor Management

APIC

APIC

VMware Microsoft

Red Hat XenServer

Microsoft Red Hat

Any to Any

C240 M3 with OmniStack

VMware


Consistency Security/Networking as an extension of

Private Cloud

Control Unified workload

management across clouds

Choice Freedom to place workloads across

heterogeneous Clouds

Compliance Policy-based

deployment with ACI/governance in cloud

ACI is Part of Cisco Intercloud Fabric Value Proposition: Secure Workload Mobility

DC/Private Cloud Cisco Intercloud Fabric

Fixed Workloads Variable Workloads

Provider Cloud


ACI is Part of Data Center Automation

UCS Director Openstack

UCS Manager

Application Policy

Infrastructure Controller

Converged Infrastructure

Managers OpenDaylight

Virtual Machine Manager

Process Orchestrator 3rd Party Orchestrator

IaaS PaaS SaaS ITaaS Intercloud

Prime Services Catalogue

ORCHESTRATION

SERVICES

AUTOMATION

PORTAL

INFRASTRUCTURE MANAGEMENT

Ope

n In

tegr

atio

n

Stack Designer

MANAGEMENT AUTOMATION POLICY SECURITY

ECOSYSTEM PARTNERS

Intercloud Fabric


Summary


Summary: Our Direction Data centers and cloud network infrastructures, both physical and virtual, will no longer be configured, will not be software defined (or programmed), but instead will be Policy Driven and Application Centric.

Thank you.

primend praktiline konverents - rakenduse keskne it infrastruktuur / cisco application centric...

Technology

cisco andor

sungard cisco aci

cisco global cloud index

application performance

better power

network provisioning

data center network

management costs