puppetconf 2016: application centric automation with puppet & cisco – farid jiandani & joe...
TRANSCRIPT
Automating the things and Beyond Joe Onisick, Director Cisco INSBU [email protected] October, 2016 @jonisick
2 © 2015 Cisco and/or its affiliates. All rights reserved. Cisco Confidential @jonisick
Automating All of the Things
Network / L4-7 Compute Storage Security
Data Center
Plan
Code
Build
Test
Release
Deploy
Operate
Evaluate
Software
3 © 2015 Cisco and/or its affiliates. All rights reserved. Cisco Confidential @jonisick
When Automation Goes Wrong
“To err is human. To apply that error to 1000 servers at
once, is automation.” - Unknown
4 © 2015 Cisco and/or its affiliates. All rights reserved. Cisco Confidential @jonisick
Cisco’s Journey Into Automation
Service Profile
Network Policy
Storage Policy
Compute Policy
Service Profile Identity for Compute
SIM Card Identity for a Phone
Application Profile Identity for the Network
5 © 2015 Cisco and/or its affiliates. All rights reserved. Cisco Confidential @jonisick
It’s a Multi-Step Process
Infrastructure
Automation Framework(S)
SW Processes
SW Automation
7 © 2015 Cisco and/or its affiliates. All rights reserved. Cisco Confidential @jonisick
The Foundation is Automatable Infrastructure
Native API w / SW agent support
Automation Engines such as:
9 © 2015 Cisco and/or its affiliates. All rights reserved. Cisco Confidential @jonisick
The Framework is Infrastructure Automation
11 © 2015 Cisco and/or its affiliates. All rights reserved. Cisco Confidential @jonisick
Automation and Programmability
Centralized Provisioning and Visibility
Simplification / Abstraction
App Agility
ACI
12 © 2015 Cisco and/or its affiliates. All rights reserved. Cisco Confidential @jonisick
Security Everywhere 9
Analytics Everywhere 10
8 Policy Everywhere
Policy-Driven Integrated Infrastructure Answers Customers’ Request
1
Modernize Infrastructure: Open and Programmable
Network / L4-7 Compute Storage Security
Data Center
5
Move Data and Workloads Securely
6
Self-Service Portal (IT as a Service)
7
Extend Policy Model
2
Automate and Simplify
POLICY
3
Build Your Hybrid Cloud
Private Cloud Stack
Integrated Infrastructure
4
Choose any Other Cloud
Managed
Public
Private
13 © 2015 Cisco and/or its affiliates. All rights reserved. Cisco Confidential @jonisick
Foundation of ACI or Nexus 9000
SW Overlay Apps
Hypervisor and/or Container
Bare Metal
Orchestration/Automation
ACI
14 © 2015 Cisco and/or its affiliates. All rights reserved. Cisco Confidential @jonisick
Automation with a Focus on Security
Automated Audit, Detect,
Mitigate
Policy– Physical and Multi-Cloud
Stateless Firewall and Micro
Segmentation*
* State-full with Cisco AVS
Integrated in ACI Investment Protection
15 © 2015 Cisco and/or its affiliates. All rights reserved. Cisco Confidential @jonisick
Enhancing Bi-Modal IT with ACI and UCS Tenant 1 = Mode 1 Tenant 2 = Mode 2
Common Infrastructure, and Management With Secure, Stable Separation
Manufacturing IT Department
Recently Acquired Company
Marketing Department
16 © 2015 Cisco and/or its affiliates. All rights reserved. Cisco Confidential @jonisick
Enhancing Bi-Modal IT with ACI and CliQr ACI, UCS, UCSD = Mode 1 Public Cloud = Mode 2
Stability With on Premises Model 1. Agility with Public Model 2.
Manufacturing IT Department Recent Acquired Company
Marketing Department
17 © 2015 Cisco and/or its affiliates. All rights reserved. Cisco Confidential @jonisick
Cisco’s Vision
1
2
3
18 © 2015 Cisco and/or its affiliates. All rights reserved. Cisco Confidential @jonisick
Our Vision for ACI: Scale, Security and Full Visibility
Physical Networking
Compute L4–L7 Services
Storage Hypervisors and Virtual Networking
Multi DC WAN and Cloud
Enabled By Physical and Virtual Integration
Tenant Application Health Score
Latency
Drop Count
Visibility
78%
5 Microsecond(s)
25 Packets Dropped
16 VMs
8 Physical
Application Delivery Controller
Firewall
Health Score
Latency
Drop Count
Visibility
96%
2 Microsecond(s)
0 Packets Dropped
16 VMs
8 Physical
Application Delivery Controller
Firewall
19 © 2015 Cisco and/or its affiliates. All rights reserved. Cisco Confidential @jonisick
Tetration: Real-Time Analytics
Long-term Forensics and Auditing Application
Dependency Mapping
Automated Whitelist Policy Generation
Policy Compliance and Auditability
Policy Simulation and Impact Assessment
Forensics (example: flow search and flow anomaly)
Real-time analytics: <= 10 Minute Actionable Insight
Pervasive Sensors: Network and Host
NX-OS
20 © 2015 Cisco and/or its affiliates. All rights reserved. Cisco Confidential @jonisick
Automate the Migration to ACI or CliQr
App Level Policy Enforcement / Visibility
Self-documenting Network
Real-time Change Notification
Real Time
Data Network Policy
App Policy Tetration