puppetconf 2016: application centric automation with puppet & cisco – farid jiandani & joe...

Automating the things and Beyond Joe Onisick, Director Cisco INSBU [email protected] October, 2016 @jonisick

2 © 2015 Cisco and/or its affiliates. All rights reserved. Cisco Confidential @jonisick

Automating All of the Things

Network / L4-7 Compute Storage Security

Data Center

Plan

Code

Build

Test

Release

Deploy

Operate

Evaluate

Software


When Automation Goes Wrong

“To err is human. To apply that error to 1000 servers at

once, is automation.” - Unknown


Cisco’s Journey Into Automation

Service Profile

Network Policy

Storage Policy

Compute Policy

Service Profile Identity for Compute

SIM Card Identity for a Phone

Application Profile Identity for the Network


It’s a Multi-Step Process

Infrastructure

Automation Framework(S)

SW Processes

SW Automation


The Foundation is Automatable Infrastructure

Native API w / SW agent support

Automation Engines such as:


The Framework is Infrastructure Automation


Automation and Programmability

Centralized Provisioning and Visibility

Simplification / Abstraction

App Agility

ACI


Security Everywhere 9

Analytics Everywhere 10

8 Policy Everywhere

Policy-Driven Integrated Infrastructure Answers Customers’ Request

1

Modernize Infrastructure: Open and Programmable

Network / L4-7 Compute Storage Security

Data Center

5

Move Data and Workloads Securely

6

Self-Service Portal (IT as a Service)

7

Extend Policy Model

2

Automate and Simplify

POLICY

3

Build Your Hybrid Cloud

Private Cloud Stack

Integrated Infrastructure

4

Choose any Other Cloud

Managed

Public

Private


Foundation of ACI or Nexus 9000

SW Overlay Apps

Hypervisor and/or Container

Bare Metal

Orchestration/Automation

ACI


Automation with a Focus on Security

Automated Audit, Detect,

Mitigate

Policy– Physical and Multi-Cloud

Stateless Firewall and Micro

Segmentation*

* State-full with Cisco AVS

Integrated in ACI Investment Protection


Enhancing Bi-Modal IT with ACI and UCS Tenant 1 = Mode 1 Tenant 2 = Mode 2

Common Infrastructure, and Management With Secure, Stable Separation

Manufacturing IT Department

Recently Acquired Company

Marketing Department


Enhancing Bi-Modal IT with ACI and CliQr ACI, UCS, UCSD = Mode 1 Public Cloud = Mode 2

Stability With on Premises Model 1. Agility with Public Model 2.

Manufacturing IT Department Recent Acquired Company

Marketing Department


Cisco’s Vision

1

2

3


Our Vision for ACI: Scale, Security and Full Visibility

Physical Networking

Compute L4–L7 Services

Storage Hypervisors and Virtual Networking

Multi DC WAN and Cloud

Enabled By Physical and Virtual Integration

Tenant Application Health Score

Latency

Drop Count

Visibility

78%

5 Microsecond(s)

25 Packets Dropped

16 VMs

8 Physical

Application Delivery Controller

Firewall

Health Score

Latency

Drop Count

Visibility

96%

2 Microsecond(s)

0 Packets Dropped

16 VMs

8 Physical

Application Delivery Controller

Firewall


Tetration: Real-Time Analytics

Long-term Forensics and Auditing Application

Dependency Mapping

Automated Whitelist Policy Generation

Policy Compliance and Auditability

Policy Simulation and Impact Assessment

Forensics (example: flow search and flow anomaly)

Real-time analytics: <= 10 Minute Actionable Insight

Pervasive Sensors: Network and Host

NX-OS


Automate the Migration to ACI or CliQr

App Level Policy Enforcement / Visibility

Self-documenting Network

Real-time Change Notification

Real Time

Data Network Policy

App Policy Tetration

puppetconf 2016: application centric automation with puppet & cisco – farid jiandani & joe...

Technology