NetApp Data Fabric with Cisco Intercloud...

NetApp Data Fabric with Cisco Intercloud Fabric

Nabil Fares, Technical Marketing Engineer, NetApp

Tim Waldron, Technical Marketing Manager, NetApp

Ganesh Kamath, Technical Marketing Engineer, NetApp

© 2015 NetApp, Inc. All rights reserved. NetApp Confidential – Limited Use 1

Agenda

Setting the stage: Hybrid Cloud

NetApp Data Fabric

NetApp Private Storage (NPS) for AWS

Cloud ONTAP

Cisco Intercloud Fabric

Cisco Intercloud Validation with NPS on AWS

Use Cases

Proof of Concept Breakdown

Technical Steps (Cool Stuff)

Additional Resources

Meet us at NetApp booth #P3

Online References


The Need for Seamless Cloud Services


Private Public

Hyperscale Cloud Providers

Cloud Service Providers

Private Cloud

Hybrid Cloud is Difficult


Integrate public resources while retaining control



Private Cloud

Connect the Clouds with NetApp


Extensive Customer Choice

Universal Data Platform

Dynamic Data Portability



Private Cloud

Dynamic Data Portability


Efficiently move data between clouds

#1 storage replication software

Multiprotocol: connect with any environment

Clustered Data ONTAP®

SVM SVM SVM

SVM

VM VM

Connecting to Hyperscaler Cloud Providers




Private Cloud Private Cloud


Expanding Options with NetApp Private Storage for the Cloud


Extend NPS to any cloud provider (not just hyperscale)

Quickly, easily switch clouds with Equinix Cloud Exchange: semiautomated cloud connection on demand

Seamless data mobility between premises and NPS for cloud with NetApp® clustered Data ONTAP® operating system

Secure, high-performance integration between NetApp, industry-leading clouds

NetApp Storage

Equinix Data Center

NetApp® Storage

On Premises

Direct Connect

and ExpressRoute

NPS for Cloud

…

Expanding Options with Cloud ONTAP


Deploy clustered Data ONTAP® operating system as software in the cloud

Further enable a common set of data services in the cloud

Expand options to own and now lease or rent on demand

Explore and test the full power of cDOT in the cloud with very little risk

NetApp OnCommand® Cloud Manager and OnCommand Insight simplify monitoring, provisioning, and data movement of all cDOT instances across clouds

On Premises

Data Center

SnapMirror®

NetApp Data Fabric


Seamless connectivity among clouds


Intercloud Fabric interconnects private, and public clouds to deliver a hybrid IT environment – any Hypervisor to any Provider Cisco Intercloud Fabric

Data virtualization is critical to realize the benefits of cloud, and is a key enabler for the ‘Internet of Everything’

What is Cisco Doing in the Cloud? Delivering Cisco Intercloud Fabric

Choice Consistency Control Compliance

Freedom to place

workloads across heterogeneous

clouds – providing workload mobility

Security & networking as

an extension of a private

cloud

Unified workload

management

& governance across

clouds

Policy-based

deployment in the

cloud

Cisco Intercloud Fabric (ICF) Architecture Components



NPS with ICF Case Validation

Peak Workload Shadow IT Disaster Recovery Dev / Test

Burst VMs seamlessly from Private Clouds

for capacity augmentation

Provide rapid access to hybrid capacity.

Maintain data security, access and locality

requirements

Consume provisioning for

Dev / Test on demand

Use public cloud for Disaster and Backup

Recovery


POC NPS Base Architecture

U.S. West (AWS SV5)

Amazon

Direct Connect 1G

(10G Option Available)

AWS

On-Premise

U.S. East (RTP)

BG

P

NPS with FlexPod Express

Default VPC

Corp DMZ IPsec w/ Static Routes

FlexPod Datacenter

3 ESX Hosts with ESXi 5.1.0

vCenter 5.1

Nexus 5510 with Enterprise License

Static routing between FlexPod & DMZ

IPsec is restricted to ICMP & SnapMirror

Static routes over IPSec

DMZ advertises RTP and NPS subnets to Corp Network via BGP

10.XX.161.0/24

10.XX.162.0/24

172.31.0.0/16

Corp

Network Internet

All validations use Default VPC (NPS supports all VPC flavors)

Single 1G Direct Connect Link (Dual 1G or Dual 10G are available as options)

BGP is required between AWS and NPS

Sub-interfaces are required on NPS switch (Multi-tenancy support)

Modify Default Security Group allowing all traffic from NPS

VPC

VPC

Direct Connect DC


NPS Baseline Validation

U.S. West (AWS SV5)

AWS

On-Premise

U.S. East (RTP)

BG

P


Default VPC

Corp DMZ

FlexPod Datacenter

10.XX.161.0/24

10.XX.162.0/24

172.31.0.0/16

Corp

Network Internet

SnapMirror®

NF

S

NF

S

Direct Connect DC

1. Create an NFS Volume in RTP

2. Mount NFS volume for verification

3. SnapMirror volume to NPS

4. Spin EC2

5. Mount NFS volume to colo destination

Amazon

Direct Connect 1G



ICF Base Components

U.S. West (AWS SV5)

On-Premise

U.S. East (RTP)

BG

P


Corp DMZ

FlexPod Datacenter

10.XX.161.0/24

10.XX.162.0/24 Corp

Network

Internet

SnapMirror®

Direct Connect DC

VSM

Default VPC is only supported option with this current ICF release

We used vDS, N1K is also an option

Ports 22, 80, 443,389 and 6644 are needed, however we found ports 53 and 123 are a must for successful validation

Minimum ICF components are: VSM, ICFD, and PNSC

ICX VM is built during the Intercloud Link creation steps

ICS is instantiated from ICFD, nothing is needed in AWS with the exception of Access Keys

ICFD PNSC ICX

Default VPC 172.31.0.0/16

ICS

L2 TLS Tunnel (Intercloud Link)

Amazon

Direct Connect 1G


ICF Build Phases


We spent a lot of time with our Enterprise Security Team.

ICF VM templates are time consuming when initially moved to AWS , your Internet links are important.

We used NetApp’s Enterprise Standards for On-Prem and NPS FlexPods including IP block assignments (NFS, Data, MGMT and ICF Tunnel).

AWS Default VPC is only supported at the time of the validation, plan accordingly.

Assign separate subnets for NetApp Storage and servers, this simplifies the environment and provides granular control.

Phase 4 ICF/NPS Integration

Phase 3 Deployment

Phase 2 Staging

Phase 1 Plan It

We started with stable ESX environment.

Verified all ports are open on the firewalls.

Created AWS Access Keys (limit the scope of these keys with policies)

Understand and limit the Security Groups to your Enterprise subnet blocks. ICX adds the proper ports to the default SG.

Ensure ICF Services (VSG and CSR) are selected during the ICL tunnel creation to access NPS.

All deployment steps are completed from ICFD.

IFCD, PNSC and VSM are installed during the initial steps.

ICFD gives you control over which AWS region to deploy ICS, ensure you’re selecting the right one.

Create VM templates from vCenter and import them into ICF, OVA templates are preferred over cold VMs.

Create templates in the cloud based on your enterprise standards. Instantiate templates for Load Augmentation and DEV/TEST

Instantiate CSR in AWS and extend only Data (Two Data VLANs are needed), Tunnel and MGMT. Without CSR ICF VMs are isolated and only accessible from the Enterprise.

We use GRE tunnels between ICF VMs in AWS and NPS, other options are also available.

Validate ICF VMs visibility to

NPS via NFS mounts.

Validation of NPS availability for both ICF and non-ICF EC2 Instances.

We use NAT to access Cloud ONTAP


ICF Baseline Validation

U.S. West (AWS SV5)

On-Premise

U.S. East (RTP)

BG

P


Corp DMZ

FlexPod Datacenter

10.XX.161.0/24

10.XX.162.0/24 Corp

Network

Direct Connect DC

VSM ICFD PNSC ICX


ICS

ICF Bubble

App Servers consume IPs from 10.XX.161.128/27

VSM, ICFD and PNSC reside on MGMT VLAN

ICX uses MGMT VLAN and separate Tunnel VLAN, it’s possible to use MGMT VLAN for both interfaces

Once a VM is migrated or instantiated in AWS, it will have two interfaces: eth1* and csc0

eth1 maps to Enterprise VLAN

csc0 maps to AWS eth0 and consumes an IP from the Default VPC

* If possible always use eth1 on Linux servers to eleminate confusion with AWS eth0

csc0 supports ONLY icmp and ssh from devices outside the ICF Bubble, otherwise it’s completely locked down

Instantiating an ICF template in AWS consumes an IP address from the Enterprise pool and also from AWS

eth1

csc0

Amazon

Direct Connect 1G



ICF and NPS Validation

U.S. West (AWS SV5)

On-Premise

U.S. East (RTP)

BG

P


Corp DMZ

FlexPod Datacenter

10.XX.161.0/24

10.XX.162.0/24 Corp

Network

Direct Connect DC

VSM ICFD PNSC ICX


ICS

ICF Bubble

CSR router is required to allow access into the ICF Bubble

CSR is instantiated from PNSC

Must accept user agreement before instantiation

CSR serves as an Edge Router with huge spectrum of services

Accessing NPS storage was simplified by creating a GRE Tunnel from the CSR to the Nexus 3K in NPS

App subnet 10.XX.161.128/27 advertised over the tunnel to NPS, and Storage subnet 10.XX.162.64/27 to ICF Bubble

Any VM moving from the Enterprise or Instantiated in AWS has complete visibility into NPS and the data previously SnapMirrored.

eth1

csc0

NF

S

GRE

CSR


ICF and Cloud ONTAP Validation

U.S. West (AWS SV5)

On-Premise

U.S. East (RTP)

Corp DMZ

FlexPod Datacenter

10.XX.161.0/24

Corp

Network

VSM ICFD PNSC ICX


ICS

ICF Bubble

Cloud ONTAP instance is assigned multiple IPs from the Availability Zone it resides in, we’re using 172.31.23.177 in AZ 1C

CSR’s default route uses interface attached to AWS.

CSR can leverage EIP and multiple IP address on AWS interface

Cloud ONTOP should reside in the opposite AZ of CSR, this ensures traffic from ICF VMs are defaulting to CSR and not csc0 interface.

NAT overload is used for outbound traffic from CSR

ICF VMs use their Enterprise VLAN to send traffic to CSR

eth1

csc0

IPsec w/ Static Routes

NF

S

NF

S

CSR

NAT AZ 1B 172.31.0.0/20

AZ 1C 172.31.16.0/20

Thank you


NetApp NetApp Private Storage

http://www.netapp.com/us/solutions/cloud/private-storage-cloud/index.aspx

Cloud ONTAP http://www.netapp.com/us/products/platform-os/cloud-ontap.aspx

FlexPod http://www.netapp.com/us/solutions/flexpod/

Cisco FlexPod

http://www.cisco.com/c/en/us/solutions/data-center-virtualization/flexpod/index.html

Intercloud Fabric http://www.cisco.com/c/en/us/products/cloud-systems-management/intercloud-fabric/index.html

Solution References









http://www.netapp.com/us/products/platform-os/cloud-ontap.aspx








http://www.netapp.com/us/solutions/flexpod/











http://www.cisco.com/c/en/us/products/cloud-systems-management/intercloud-fabric/index.html









NetApp Data Fabric with Cisco Intercloud...

Documents

Transcript of NetApp Data Fabric with Cisco Intercloud...