shape your business for the future: powering ... · security management tools operational readiness...
TRANSCRIPT
© 2012 Cisco and/or its affiliates. All rights reserved. 1 © 2012 Cisco and/or its affiliates. All rights reserved. 1
Shape Your Business For the Future:
Powering Transformation With Cisco Building a Secure Virtualized Cloud Infrastructure
Amy Chan, Systems Development Unit, Cisco Systems 15 May 2012
© 2012 Cisco and/or its affiliates. All rights reserved. 2 © 2012 Cisco and/or its affiliates. All rights reserved. 2
Agenda
Building a Secure Virtualized Cloud Infrastructure
Case Study: Cisco CITEIS Data Center Virtualization Transformation
© 2012 Cisco and/or its affiliates. All rights reserved. 3 © 2012 Cisco and/or its affiliates. All rights reserved. 3
Cisco Validate Design Process Innovation and Quality Through System Level Design and Validation
System
Development
Fundamentals
System Development Guidelines
Planning Design End-To-End Validation Documentation
Un
it
Feat
ure
Inte
grat
ion
Syst
em
Cu
sto
mer
www.cisco.com/go/designzone
© 2012 Cisco and/or its affiliates. All rights reserved. 4 © 2012 Cisco and/or its affiliates. All rights reserved. 4
VMDC – Cloud Blueprint for the Unified Data Center Foundation for Cloud Applications and Services
IaaS PaaS SaaS And
More…
VMDC the Unified Data Center
Reference Architecture Private
Public Hybrid
Community
Simplify Operations Maximize ROI Accelerate Time to
Deployment
vPrivate
© 2012 Cisco and/or its affiliates. All rights reserved. 5 © 2012 Cisco and/or its affiliates. All rights reserved. 5
Building a Secure Virtualized Cloud Infrastructure Key Considerations
Service Orchestration Dynamic application and reuse of resources
Automated service orchestration and fulfillment Integration with Network Containers
Rapid Self Service IT
High Availability Carrier Class Availability
Platform/Network/Hardware/Software Resiliency Minimize the probability and duration of incidents
Focus on your business, not fighting fires
Differentiated Service Support Design logical models around use cases
Services-oriented framework Combines compute/storage/network
Resources are applied and tuned to meet needs
Modularity Pod based design
Scalability framework for manageable increments Predictable physical and cost characteristics
Streamline Turn-up of New Services
Secure Multi-tenancy
Shared Physical Infrastructure Tenant Specific Resources
Use Cases Comply with business policies
© 2012 Cisco and/or its affiliates. All rights reserved. 6 © 2012 Cisco and/or its affiliates. All rights reserved. 6
Internet
Partners
Subscriber “A” Application 1
Subscriber “B” Application 1
Subscriber “A” Application 2
Subscriber “B” Application 2
App 1
App 1
App 2
App 2
7600 CRS ASR9k ASR1k
Nexus 7000 Cat 6500 VSS (as Services Chassis) ASA appliance FW and VPN
Nexus 5000 N2k
Rack Servers UCS B-Series, C-Series
Nexus 1000v VSG
SAN Switches MDS ( VMDC 1.X) Consolidated Storage Arrays (EMC, NetApp etc.)
Application Software
Virtual Machine
Virtual Access
Access Services Core/Agg.
Peering Backbone
VMWare Vsphere 4 ESXi 4
Storage & SAN
Compute
Cisco and Third-Party Applications
10G Ethernet 10G FCoE 4G FC 1G Ethernet VM to vSwitch vSwitch to HW App to HW / VM Int. Compute Stack
ACE
FW
App
OS
App
OS
App
OS
App
OS
App
OS
App
OS
App
OS
App
OS
App
OS
App
OS
App
OS
App
OS
App
OS
App
OS
App
OS
App
OS
App
OS
App
OS
App
OS
App
OS
App
OS
App
OS
App
OS
App
OS
App
OS
App
OS
App
OS
App
OS
App
OS
App
OS
WAN/ IP-NGN
Subscriber “B” Application 3
App 3
L2, L3 MPLS Internet
FW & Remote VPN
Example: IaaS Cloud Services Solution Architecture An End-End Systems Approach
© 2012 Cisco and/or its affiliates. All rights reserved. 7 © 2012 Cisco and/or its affiliates. All rights reserved. 7
Journey to IT Delivered As a Service Technology Adoption
Consolidate Assets
Virtualize the Environment
Automate Service Delivery
Standardize Operations
Increased Agility, Efficiency and Simplicity
Increased Cloud Readiness
High Availability Networking
Optimize the WAN
Unify Networks
VM to Network Link
Deploy Multi-Tenancy
Deploy Integrated Compute and
Storage
Business Continuance, VM
Mobility
Self-Service Provisioning
Deploy Unified Computing
Automated Provisioning
Secure the Data Center
Cloud Bursting
© 2012 Cisco and/or its affiliates. All rights reserved. 8 © 2012 Cisco and/or its affiliates. All rights reserved. 8
The Challenge: Predictably grow my Data Center
The Solution • Point of Delivery
(POD)
Integrated Compute Stack
Compute Storage Network
Integrated Compute Stack
Compute Storage Network
Service Appliances
Data Center Services Node
PoD
Point of Delivery (PoD) Architectural consistency
through a modular approach
• Modular, tiered construct consisting of groupings of integrated compute stacks plus storage and networking infrastructure
• A single Pod can be deployed and operated by itself or connected together to other Pods to achieve scale
• VMDC validates 2 styles of Pods: Compact and Large
Benefits • Simplified capacity planning • Ease of new technology adoption • Consistent and efficient operation
© 2012 Cisco and/or its affiliates. All rights reserved. 9 © 2012 Cisco and/or its affiliates. All rights reserved. 9
The Challenge: Predictably scale my Data Center
The Solution • PoD replication
Benefits • Optimize CAPEX savings while maintaining SLAs • Predicable performance and scale based on building blocks • Effective way to add separate application environments
Integrated Compute Stack
Compute Storage Network
Integrated Compute Stack
Compute Storage Network
Service Appliances
Data Center Services Node
PoD
Integrated Compute Stack
Compute Storage Network
Integrated Compute Stack
Compute Storage Network
Service Appliances
Data Center Services Node
PoD
Key Factors to Consider
• L2 Scale - Virtual Machine Density, VMNics per VM, MAC Address Capacity,
• Cluster Scale, ARP Table Size, VLAN scale, Port Capacity, Logical Failure Domains L2 Control Plane
• L3 Scale – BGP Peering, HRSP Interfaces, VRF Instances, Routing Tables and Convergence, Services
• Resource Oversubscription – Network Compute, and Storage Oversubscription, Bandwidth per VM
© 2012 Cisco and/or its affiliates. All rights reserved. 10 © 2012 Cisco and/or its affiliates. All rights reserved. 10
The Challenge: Securely separate my tenants
The Solution • Tenant container
service abstraction
and right sizing
Benefits • End to end secure separation across the data center • Overlapping IP addresses are allowed • Automation tools to simplify deployment
WAN
L2
L3
L3
L3
Layer 2 Trunks
Layer 2 Trunks
HSRP/L3 Gateway
Web
Data base
App
Web
Data base
App
Web
Data base
App
Core
Aggregation
WAN Edge SiSiSiSi
• Built upon tradition infrastructure security
• Defense in Depth per Tenant (front end ASA, back end VSG)
• VRF-lite implemented at core and aggregation layers provides per tenant isolation at L3
• Separate dedicated per-tenant routing and forwarding tables insuring that no inter-tenant (server to server) traffic within the data center will be allowed, unless explicitly configured
• VLAN IDs and the 802.1q tag provide isolation and identification of tenant traffic across the L2 domain
• Compute Separation (vNICs, VLANs, Port Profiles)
• Storage Separation (Cluster File System Mgmt, VSAN and FC Zoning, LUN Masking, vFilers)
• Application Tier (Network Centric, Logical and Physical segmentation with L2/L3 firewalling and security zoning)
© 2012 Cisco and/or its affiliates. All rights reserved. 11 © 2012 Cisco and/or its affiliates. All rights reserved. 11
The Challenge: Ensure high availability
The Solution • End to end HA
architecture
Benefits • Maximize infrastructure uptime • Comprehensive end to end architecture • Focus on your business, not fighting fires
• Redundant links, nodes and paths, end to end plus:
• L2 Redundancy – ❶vPCs, ❷ MEC, and ❸MAC-pinning
• L3 Redundancy - ❹HSRP, Non-stop forwarding, non-stop routing, LDP sync, MPLS graceful restart
• Compute Redundancy - ❺ UCS end host mode, others (N1KV and MAC-pinning, Active/Standby Redundancy, Intra-Cluster HA)
• Storage Redundancy –❻FC port channeling, multi-pathing software from VMware or SAN vendor
• Services Redundancy – ❼ ASA, ACE redundancy
• Routing Protocol Redundancy - BGP, OSPF
Compute NAS SAN
Data Center
Access
Services
Aggregation
Core
❸
❷
❶
❹
❺ ❻
❼
© 2012 Cisco and/or its affiliates. All rights reserved. 12 © 2012 Cisco and/or its affiliates. All rights reserved. 12
The Challenge: Service Levels and Multimedia Apps
The Solution • Quality of Service
Benefits • Supports applications with differing latency requirements • Provides end to end QoS • Supports QoS across hybrid public/private domains
• Define low latency traffic classes in this new multimedia service tier (i.e., VoIP bearer and video conference) are characterized by three metrics - bandwidth, delay, and availability.
• Support QoS across hybrid public/private domains
• Traffic Classification and Marking - ❶It is a general best practice to mark traffic at the source-end system or as close to the traffic source as possible in order to simplify the network design.
• Hierarchical QoS for Multi-Tenancy
• Queuing, Scheduling, and Dropping – accounts for differences in queuing structures
• Shaping and Policing
Compute NAS SAN
Data Center
Access
Services
Aggregation
Core
❶
❶
© 2012 Cisco and/or its affiliates. All rights reserved. 13 © 2012 Cisco and/or its affiliates. All rights reserved. 13
The Challenge: Where do I start? Example of Tenancy Models
The Solution • Sample tenant
containers
Benefits • Quickly and securely onboard similar tenants • Covers different levels of network services for a variety of needs • Addresses varying security, QoS, and other requirements • Solutions available to automate the process
Silver Gold Palladium Expanded Bronze
L2
L3
FW
LB
LB
Public Zone
Private Zone
L2
L3
FW
LB
LB
vFW
vFW
FW
Protected Back-End
Protected Front-End
L2
L3
L3
vFW
LB
L2
L3
L3
vFW
FW
L2
L3
L3
vFW
LB
© 2012 Cisco and/or its affiliates. All rights reserved. 14 © 2012 Cisco and/or its affiliates. All rights reserved. 14
• Elastic Capacity that grows and shrinks based on workload demand
• Maintain App SLA’s with high performance L2 Extensions and Storage data availability
The Challenge: Elastic Capacity
The Solution • Layer 2
Extensions, Path
Optimization, DWS
Benefits • Migrate workloads within the enterprise private cloud or in a
hybrid cloud solution between enterprise and service provider during both planned and unplanned outages.
• Dynamic Workload Scaling (DWS), integrates the Cisco Application Control Engine (ACE) session load balancers with Cisco’s Dynamic MAC-in-IP encapsulation technology, Overlay Transport Virtualization (OTV).
DC-west
LISP IP mobility
DC-east
IP Network
POD POD
App
OS OTV (Inter-DC x-L3)
POD POD
App
OS
App
OS
App
OS
http://www.cisco.com/en/US/docs/solutions/Enterprise/Data_Center/Virtualization/DCI_Use_Cases_for_Business_Resilience.pdf
© 2012 Cisco and/or its affiliates. All rights reserved. 15 © 2012 Cisco and/or its affiliates. All rights reserved. 15
Cisco Virtualized Multi-Tenant Data Center Comprehensive, Modular, and Flexible Approach
Enhanced Data Center Interconnect
Unified Data Center Networking
Integrated Compute Stacks
Compute NAS SAN
VM
DC
V
MD
C
VM
DC
Data Center
Access
Services
Aggregation
Core
Server and Application
Virtualization
DCI and Hybrid
Network and Services
Virtualization
VM
DC
Cloud Service Management
Business
Support
Provisioning
Configuration
VMDC
Portability/
Interoperability
© 2012 Cisco and/or its affiliates. All rights reserved. 16 © 2012 Cisco and/or its affiliates. All rights reserved. 16
Cisco Virtualized Multi-Tenant Data Center Comprehensive, Modular, and Flexible Approach
Enhanced Data Center Interconnect
Unified Data Center Networking
Integrated Compute Stacks
Compute NAS SAN
VM
DC
V
MD
C
VM
DC
Data Center
Access
Services
Aggregation
Core
Server and Application
Virtualization
DCI and Hybrid
Network and Services
Virtualization
VM
DC
Cloud Service Management
Business
Support
Provisioning
Configuration
VMDC
Portability/
Interoperability
Cisco Nexus 7000 Cisco Nexus 5000 Cisco Data Center Service Node Service Appliances
NetApp FlexPod VCE Vblocks Cisco Unified Computing System Cisco MDS Cisco Nexus 1000v Hypervisors
Cisco ASR 9000 and 1000 Cisco Nexus 7000
Cisco CIAC BMC CLM
www.cisco.com/go/vmdc
© 2012 Cisco and/or its affiliates. All rights reserved. 17
Build Run Plan
Cloud Optimization
Service
Delivering Unique Cisco Insight
Proven Delivery Capability
Cloud Implementation
Service
Worldwide Expertise Worldwide Presence
Assess Strategy Technology and
Security
Management Tools
Operational Readiness
Business Case
Chargeback Approach
Security/Compliance
Program & Architecture
Management Offices
Accelerate Time to Value
Cloud Strategy Services
Implement Technology, Security, Tools,
Facilities
Orchestration Integration
Workload Migration
Staging and Validation
Program & Architecture
Management Offices
Optimize Architectural Reviews
Security Audits
Cost Reduction Exercises
Process Improvements
Tool Customization
Day-2 Support
Cloud Planning and
Design Service
IaaS Design Technology and Security
Tools Architecture
SLA Design
Chargeback Design
Program & Architecture
Management Offices
© 2012 Cisco and/or its affiliates. All rights reserved. 18 © 2012 Cisco and/or its affiliates. All rights reserved. 18
Cisco on Cisco ITaaS – The Benefits of Data Center Transformation
http://www.cisco.com/web/about/ciscoitatwork/data_center/it_as_a_service_web.html
© 2012 Cisco and/or its affiliates. All rights reserved. 19 © 2012 Cisco and/or its affiliates. All rights reserved. 19
Quick Cisco Facts
$40B Company
70,000+ Employees
300 Locations in 90 countries
400 Buildings
56 Data Centers and server rooms
19,000 Remote workers
43,000 Mobile devices
Deploying virtual servers for business application hosting environment
More than 230K sq ft and 21MW of power in Cisco Data Centers
Technology and People…
© 2012 Cisco and/or its affiliates. All rights reserved. 20 © 2012 Cisco and/or its affiliates. All rights reserved. 20
Cisco on Cisco Success Story Data Center Virtualization Transformation
CHALLENGE
• Reduce costs
• Use resources more effectively
• Integrate legacy data centers
• Foster new business models
SOLUTION • Unified Computing System
• Nexus Series routers
• Infrastructure-as-a-Service (IaaS)
• Cloud Services
RESULTS
• 67% reduced TCO
• 33% reduced power used per application
• 40% saved on wiring and cabling infrastructure
• Reduced service provisioning to less than 1 hour
• Zero down-time
• More productive and satisfied workforce
© 2012 Cisco and/or its affiliates. All rights reserved. 21 © 2012 Cisco and/or its affiliates. All rights reserved. 21
CITEIS Cost and Productivity Benefits Cisco IT Elastic Infrastructure Services
$4000
$3000
$2000
$1000
0
2
4
6
8
Co
mp
ute
TC
O
($/Q
tr/O
S i
nst
an
ce)
De
liv
ery
Tim
e
(we
ek
s)
(100% physical)
(50% virtualized)
(75% virtualized)
(80% virtualized)
Virtualization Unified Computing Cloud
TCO down 37% TCO
down 27% TCO
down 27%
© 2012 Cisco and/or its affiliates. All rights reserved. 22 © 2012 Cisco and/or its affiliates. All rights reserved. 22
CITEIS Express Example of Self Service IT
Self-service, self-managed personal infrastructure on-demand.
http://www.brighttalk.com/webcast/286/35257
© 2012 Cisco and/or its affiliates. All rights reserved. 23 © 2012 Cisco and/or its affiliates. All rights reserved. 23
For more information
© 2012 Cisco and/or its affiliates. All rights reserved. 24 © 2012 Cisco and/or its affiliates. All rights reserved. 24
For more information
www.cisco.com/go/vmdc www.cisco.com/go/cloudverse
www.cisco.com/go/unifieddatacenter
Thank you.