NetApp Data Fabric with Cisco Intercloud...
Transcript of NetApp Data Fabric with Cisco Intercloud...
NetApp Data Fabric with Cisco Intercloud Fabric
Nabil Fares, Technical Marketing Engineer, NetApp
Tim Waldron, Technical Marketing Manager, NetApp
Ganesh Kamath, Technical Marketing Engineer, NetApp
© 2015 NetApp, Inc. All rights reserved. NetApp Confidential – Limited Use 1
Agenda
Setting the stage: Hybrid Cloud
NetApp Data Fabric
NetApp Private Storage (NPS) for AWS
Cloud ONTAP
Cisco Intercloud Fabric
Cisco Intercloud Validation with NPS on AWS
Use Cases
Proof of Concept Breakdown
Technical Steps (Cool Stuff)
Additional Resources
Meet us at NetApp booth #P3
Online References
© 2015 NetApp, Inc. All rights reserved. NetApp Confidential – Limited Use 2
The Need for Seamless Cloud Services
© 2015 NetApp, Inc. All rights reserved. NetApp Confidential – Limited Use 3
Private Public
Hyperscale Cloud Providers
Cloud Service Providers
Private Cloud
Hybrid Cloud is Difficult
© 2015 NetApp, Inc. All rights reserved. NetApp Confidential – Limited Use 4
Integrate public resources while retaining control
Hyperscale Cloud Providers
Cloud Service Providers
Private Cloud
Connect the Clouds with NetApp
© 2015 NetApp, Inc. All rights reserved. NetApp Confidential – Limited Use 5
Extensive Customer Choice
Universal Data Platform
Dynamic Data Portability
Hyperscale Cloud Providers
Cloud Service Providers
Private Cloud
Dynamic Data Portability
© 2015 NetApp, Inc. All rights reserved. NetApp Confidential – Limited Use 6
Efficiently move data between clouds
#1 storage replication software
Multiprotocol: connect with any environment
Clustered Data ONTAP®
SVM SVM SVM
SVM
VM VM
Connecting to Hyperscaler Cloud Providers
© 2015 NetApp, Inc. All rights reserved. NetApp Confidential – Limited Use 7
Hyperscale Cloud Providers
Cloud Service Providers
Private Cloud Private Cloud
Hyperscale Cloud Providers
Expanding Options with NetApp Private Storage for the Cloud
© 2015 NetApp, Inc. All rights reserved. NetApp Confidential – Limited Use 8
Extend NPS to any cloud provider (not just hyperscale)
Quickly, easily switch clouds with Equinix Cloud Exchange: semiautomated cloud connection on demand
Seamless data mobility between premises and NPS for cloud with NetApp® clustered Data ONTAP® operating system
Secure, high-performance integration between NetApp, industry-leading clouds
NetApp Storage
Equinix Data Center
NetApp® Storage
On Premises
Direct Connect
and ExpressRoute
NPS for Cloud
…
Expanding Options with Cloud ONTAP
© 2015 NetApp, Inc. All rights reserved. NetApp Confidential – Limited Use 9
Deploy clustered Data ONTAP® operating system as software in the cloud
Further enable a common set of data services in the cloud
Expand options to own and now lease or rent on demand
Explore and test the full power of cDOT in the cloud with very little risk
NetApp OnCommand® Cloud Manager and OnCommand Insight simplify monitoring, provisioning, and data movement of all cDOT instances across clouds
On Premises
Data Center
SnapMirror®
NetApp Data Fabric
© 2015 NetApp, Inc. All rights reserved. NetApp Confidential – Limited Use 10
Seamless connectivity among clouds
© 2015 NetApp, Inc. All rights reserved. NetApp Confidential – Limited Use 11
Intercloud Fabric interconnects private, and public clouds to deliver a hybrid IT environment – any Hypervisor to any Provider Cisco Intercloud Fabric
Data virtualization is critical to realize the benefits of cloud, and is a key enabler for the ‘Internet of Everything’
What is Cisco Doing in the Cloud? Delivering Cisco Intercloud Fabric
Choice Consistency Control Compliance
Freedom to place
workloads across heterogeneous
clouds – providing workload mobility
Security & networking as
an extension of a private
cloud
Unified workload
management
& governance across
clouds
Policy-based
deployment in the
cloud
Cisco Intercloud Fabric (ICF) Architecture Components
© 2015 NetApp, Inc. All rights reserved. NetApp Confidential – Limited Use 12
© 2015 NetApp, Inc. All rights reserved. NetApp Confidential – Limited Use 13
NPS with ICF Case Validation
Peak Workload Shadow IT Disaster Recovery Dev / Test
Burst VMs seamlessly from Private Clouds
for capacity augmentation
Provide rapid access to hybrid capacity.
Maintain data security, access and locality
requirements
Consume provisioning for
Dev / Test on demand
Use public cloud for Disaster and Backup
Recovery
© 2015 NetApp, Inc. All rights reserved. NetApp Confidential – Limited Use 14
POC NPS Base Architecture
U.S. West (AWS SV5)
Amazon
Direct Connect 1G
(10G Option Available)
AWS
On-Premise
U.S. East (RTP)
BG
P
NPS with FlexPod Express
Default VPC
Corp DMZ IPsec w/ Static Routes
FlexPod Datacenter
3 ESX Hosts with ESXi 5.1.0
vCenter 5.1
Nexus 5510 with Enterprise License
Static routing between FlexPod & DMZ
IPsec is restricted to ICMP & SnapMirror
Static routes over IPSec
DMZ advertises RTP and NPS subnets to Corp Network via BGP
10.XX.161.0/24
10.XX.162.0/24
172.31.0.0/16
Corp
Network Internet
All validations use Default VPC (NPS supports all VPC flavors)
Single 1G Direct Connect Link (Dual 1G or Dual 10G are available as options)
BGP is required between AWS and NPS
Sub-interfaces are required on NPS switch (Multi-tenancy support)
Modify Default Security Group allowing all traffic from NPS
VPC
VPC
Direct Connect DC
© 2015 NetApp, Inc. All rights reserved. NetApp Confidential – Limited Use 15
NPS Baseline Validation
U.S. West (AWS SV5)
AWS
On-Premise
U.S. East (RTP)
BG
P
NPS with FlexPod Express
Default VPC
Corp DMZ
FlexPod Datacenter
10.XX.161.0/24
10.XX.162.0/24
172.31.0.0/16
Corp
Network Internet
SnapMirror®
NF
S
NF
S
Direct Connect DC
1. Create an NFS Volume in RTP
2. Mount NFS volume for verification
3. SnapMirror volume to NPS
4. Spin EC2
5. Mount NFS volume to colo destination
Amazon
Direct Connect 1G
(10G Option Available)
© 2015 NetApp, Inc. All rights reserved. NetApp Confidential – Limited Use 16
ICF Base Components
U.S. West (AWS SV5)
On-Premise
U.S. East (RTP)
BG
P
NPS with FlexPod Express
Corp DMZ
FlexPod Datacenter
10.XX.161.0/24
10.XX.162.0/24 Corp
Network
Internet
SnapMirror®
Direct Connect DC
VSM
Default VPC is only supported option with this current ICF release
We used vDS, N1K is also an option
Ports 22, 80, 443,389 and 6644 are needed, however we found ports 53 and 123 are a must for successful validation
Minimum ICF components are: VSM, ICFD, and PNSC
ICX VM is built during the Intercloud Link creation steps
ICS is instantiated from ICFD, nothing is needed in AWS with the exception of Access Keys
ICFD PNSC ICX
Default VPC 172.31.0.0/16
ICS
L2 TLS Tunnel (Intercloud Link)
Amazon
Direct Connect 1G
(10G Option Available)
ICF Build Phases
© 2015 NetApp, Inc. All rights reserved. NetApp Confidential – Limited Use 17
We spent a lot of time with our Enterprise Security Team.
ICF VM templates are time consuming when initially moved to AWS , your Internet links are important.
We used NetApp’s Enterprise Standards for On-Prem and NPS FlexPods including IP block assignments (NFS, Data, MGMT and ICF Tunnel).
AWS Default VPC is only supported at the time of the validation, plan accordingly.
Assign separate subnets for NetApp Storage and servers, this simplifies the environment and provides granular control.
Phase 4 ICF/NPS Integration
Phase 3 Deployment
Phase 2 Staging
Phase 1 Plan It
We started with stable ESX environment.
Verified all ports are open on the firewalls.
Created AWS Access Keys (limit the scope of these keys with policies)
Understand and limit the Security Groups to your Enterprise subnet blocks. ICX adds the proper ports to the default SG.
Ensure ICF Services (VSG and CSR) are selected during the ICL tunnel creation to access NPS.
All deployment steps are completed from ICFD.
IFCD, PNSC and VSM are installed during the initial steps.
ICFD gives you control over which AWS region to deploy ICS, ensure you’re selecting the right one.
Create VM templates from vCenter and import them into ICF, OVA templates are preferred over cold VMs.
Create templates in the cloud based on your enterprise standards. Instantiate templates for Load Augmentation and DEV/TEST
Instantiate CSR in AWS and extend only Data (Two Data VLANs are needed), Tunnel and MGMT. Without CSR ICF VMs are isolated and only accessible from the Enterprise.
We use GRE tunnels between ICF VMs in AWS and NPS, other options are also available.
Validate ICF VMs visibility to
NPS via NFS mounts.
Validation of NPS availability for both ICF and non-ICF EC2 Instances.
We use NAT to access Cloud ONTAP
© 2015 NetApp, Inc. All rights reserved. NetApp Confidential – Limited Use 18
ICF Baseline Validation
U.S. West (AWS SV5)
On-Premise
U.S. East (RTP)
BG
P
NPS with FlexPod Express
Corp DMZ
FlexPod Datacenter
10.XX.161.0/24
10.XX.162.0/24 Corp
Network
Direct Connect DC
VSM ICFD PNSC ICX
Default VPC 172.31.0.0/16
ICS
ICF Bubble
App Servers consume IPs from 10.XX.161.128/27
VSM, ICFD and PNSC reside on MGMT VLAN
ICX uses MGMT VLAN and separate Tunnel VLAN, it’s possible to use MGMT VLAN for both interfaces
Once a VM is migrated or instantiated in AWS, it will have two interfaces: eth1* and csc0
eth1 maps to Enterprise VLAN
csc0 maps to AWS eth0 and consumes an IP from the Default VPC
* If possible always use eth1 on Linux servers to eleminate confusion with AWS eth0
csc0 supports ONLY icmp and ssh from devices outside the ICF Bubble, otherwise it’s completely locked down
Instantiating an ICF template in AWS consumes an IP address from the Enterprise pool and also from AWS
eth1
csc0
Amazon
Direct Connect 1G
(10G Option Available)
© 2015 NetApp, Inc. All rights reserved. NetApp Confidential – Limited Use 19
ICF and NPS Validation
U.S. West (AWS SV5)
On-Premise
U.S. East (RTP)
BG
P
NPS with FlexPod Express
Corp DMZ
FlexPod Datacenter
10.XX.161.0/24
10.XX.162.0/24 Corp
Network
Direct Connect DC
VSM ICFD PNSC ICX
Default VPC 172.31.0.0/16
ICS
ICF Bubble
CSR router is required to allow access into the ICF Bubble
CSR is instantiated from PNSC
Must accept user agreement before instantiation
CSR serves as an Edge Router with huge spectrum of services
Accessing NPS storage was simplified by creating a GRE Tunnel from the CSR to the Nexus 3K in NPS
App subnet 10.XX.161.128/27 advertised over the tunnel to NPS, and Storage subnet 10.XX.162.64/27 to ICF Bubble
Any VM moving from the Enterprise or Instantiated in AWS has complete visibility into NPS and the data previously SnapMirrored.
eth1
csc0
NF
S
GRE
CSR
© 2015 NetApp, Inc. All rights reserved. NetApp Confidential – Limited Use 20
ICF and Cloud ONTAP Validation
U.S. West (AWS SV5)
On-Premise
U.S. East (RTP)
Corp DMZ
FlexPod Datacenter
10.XX.161.0/24
Corp
Network
VSM ICFD PNSC ICX
Default VPC 172.31.0.0/16
ICS
ICF Bubble
Cloud ONTAP instance is assigned multiple IPs from the Availability Zone it resides in, we’re using 172.31.23.177 in AZ 1C
CSR’s default route uses interface attached to AWS.
CSR can leverage EIP and multiple IP address on AWS interface
Cloud ONTOP should reside in the opposite AZ of CSR, this ensures traffic from ICF VMs are defaulting to CSR and not csc0 interface.
NAT overload is used for outbound traffic from CSR
ICF VMs use their Enterprise VLAN to send traffic to CSR
eth1
csc0
IPsec w/ Static Routes
NF
S
NF
S
CSR
NAT AZ 1B 172.31.0.0/20
AZ 1C 172.31.16.0/20
NetApp NetApp Private Storage
http://www.netapp.com/us/solutions/cloud/private-storage-cloud/index.aspx
Cloud ONTAP http://www.netapp.com/us/products/platform-os/cloud-ontap.aspx
FlexPod http://www.netapp.com/us/solutions/flexpod/
Cisco FlexPod
http://www.cisco.com/c/en/us/solutions/data-center-virtualization/flexpod/index.html
Intercloud Fabric http://www.cisco.com/c/en/us/products/cloud-systems-management/intercloud-fabric/index.html
Solution References
© 2015 NetApp, Inc. All rights reserved. NetApp Confidential – Limited Use 23