Primend Praktiline Konverents - Rakenduse keskne IT infrastruktuur / Cisco Application Centric...
-
Upload
primend -
Category
Technology
-
view
152 -
download
2
Transcript of Primend Praktiline Konverents - Rakenduse keskne IT infrastruktuur / Cisco Application Centric...
Cisco Confidential 2 © 2013-2014 Cisco and/or its affiliates. All rights reserved.
Why ACI?
Cisco Confidential © 2013-2014 Cisco and/or its affiliates. All rights reserved.
Data Center Network: Trends and Challenges
“Can you look into my application Performance ..NOW?”
“..I need to move workloads to the cloud…NOW!.”
“…I need to roll out new security policies NOW…”
45% Multi-Hypervisor3 75% Bare Metal2 25% Annual Growth —Big Data1
1 Cisco Global Cloud Index *2 IDC Worldwide Virtual Machine 2013-2017 Forecast *3 InformationWeek 2013 Virtualization Management Survey
Cisco Confidential 4 ©2014 Cisco and/or its affiliates. All rights reserved.
Application Centric Infrastructure
Customer Business Benefits
• Deploy applications faster • Workload mobility • Higher application availability • Compliant and secure • CapEx reduction
Application Centric Infrastructure East-West optimized for all workloads
HYPERVISOR HYPERVISOR HYPERVISOR
X86-Virtual Machines & Virtual Appliances
X86 Servers Unix Systems P and Z systems
Network Service Appliances X86 Multi-Hypervisor
Single open API for entire system
IP Storage
Customer Operational Benefits • Risk mitigation • Better utilization of resources • Operational efficient / zero touch
deployment and de-commissioning • Self documenting network • Simplified day-2 troubleshooting • OpEx reduction
Cisco Confidential 5 © 2013-2014 Cisco and/or its affiliates. All rights reserved.
ACI: Business Outcome and Benefits for Cisco IT “Cisco’s open standards approach makes ACI even stronger. We conducted testing on ACI … it fully delivered everything we expected, and proved to be quite stable and mature.”
Nik Weidenbacher Principal Engineer, SunGard
“Cisco ACI is an open, future-proofed data center architecture that can continue to grow as we enhance client services.”
Chuck Crane Network and Security Architect, Axciom
(Transitioning from AWS to Private Cloud)
“This will enable Telstra to deliver service agility, security and performance that our customers expect from an enterprise grade cloud.”
Erez Yarkoni Executive Director, Telstra
10-20% Compute and
Storage Optimization
58% Reduce Network
Provisioning
21% Reduce
Management Costs
45% Reduce Power
and Cooling Costs
25% CAPEX
Reduction
Greater Business Agility
Lower Capital Expenses
Reduced Costs/ Complexity
Lower Operating Cost
Resource Optimization
Source: Cisco IT
Cisco Confidential 6 © 2013-2014 Cisco and/or its affiliates. All rights reserved.
What is ACI?
Cisco Confidential © 2013-2014 Cisco and/or its affiliates. All rights reserved.
Application Centric Infrastructure Building Blocks
Rapid Deployment of Applications onto Networks with Scale, Security and Full Visibility
ACI
APPLICATION CENTRIC POLICY CONTROLLER NEXUS 9500 AND 9300
Cisco Confidential © 2013-2014 Cisco and/or its affiliates. All rights reserved.
Nexus 9000 1/10/40/100G*
Performance, Scale: Fastest 40G Platform
$ Multi-million Savings 40/100G on Existing Cables
2.8X Better Reliability
15% Better Power and Cooling
Open Source / APIs / Standards Python, Power Shell, Puppet, Chef …
1011 0010
Programmable DC Networking for The Next Decade
*100G Ready Standalone / ACI Ready
Cisco Confidential 9 © 2013-2014 Cisco and/or its affiliates. All rights reserved.
Application Policy Infrastructure Controller Embracing SDN and Going Beyond
POLICY: Centralized Application-Level Policy
SECURE: Security and Performance @ Scale
VISIBILITY: System-Wide Visibility, Telemetry, Health
OPENESS: Open Source / APIs / Standards
EXTENSIBLE: Hypervisors, L4-7, Storage, Compute
Centralized Point of Management
Cisco Confidential 10 © 2013-2014 Cisco and/or its affiliates. All rights reserved.
Application Centric Policy is Business Relevant
• Application Centric Infrastructure (ACI) allows the entire infrastructure to take commands in a business-relevant language.
“Let my app servers talk
to my web servers.”
1. “Figure out where app lives in physical net”
2. “Trunk VLAN 112 to switch 22.”
3. “Add route….”
4. “Plumb ports 7-12…”
5. “Configure ACL…”
6. “Apply QoS…”
7. Repeat every time app moves or needs more capacity
ACI Policy Aligned with Applications Traditional Policy Aligned with ….?
Cisco Confidential © 2013-2014 Cisco and/or its affiliates. All rights reserved.
Applications and The Network
Application Requirements
WAN
Firewall
LB to App
Connect to DB
Connect to App
High Priority
WEB APP DB
Map existing Networks into Groups
WEB APP DB
VLAN 100 QOS ACLs Layer 3
DIRECTLY MAP TO ACI APPLICATION PROFILES
Map Groups and Policies into Application Profile
WEB APP DB F/W ADC ADC
APP APP APP WEB WEB WEB DB DB DB
Cisco Confidential 12 © 2013-2014 Cisco and/or its affiliates. All rights reserved.
An Innovative Approach to Policy= Application Profile
Provided Contract WEB
OUTSIDE EPG
DB EPG
APP EPG
WEB EPG ADC FW
ADC
What is an Application Profile?
1) End Point Group (EPG): A set of virtual or physical workloads with the same policy 2) Contracts: A set of rules governing communication between groups 3) Service Chains. A set of network services between groups
Consumed Contract WEB
Consumed Contract APP
Provided Contract APP
Consumed Contract DB
Provided Contract DB
Service Chain FW Service Chain APP Service Chain WEB
Cisco Confidential © 2013-2014 Cisco and/or its affiliates. All rights reserved.
Application Policy Model and Instantiation
All forwarding in the fabric is managed through the application network profile IP addresses are fully portable anywhere within the fabric Security and forwarding are fully decoupled from any physical or virtual network attributes Devices autonomously update the state of the network based on configured policy requirements
DB Tier
Storage Storage
Application Client
Web Tier
App Tier
Application policy model: Defines the application requirements (application network profile)
Policy instantiation: Each device dynamically instantiates the required changes based on the policies
VM VM VM
10.2.4.7
VM
10.9.3.37
VM
10.32.3.7
VM VM
APIC
Cisco Confidential 14 ©2014 Cisco and/or its affiliates. All rights reserved.
Data Center Automation – Manual versus Policy Driven
Design it
Procure it
Install it
Configure it
Secure it
Is it ready?
Architect it Design it
Is QA’d
Is procured Is installed
Is configured Is secured
It is ready
Architect it
ACI Policy Driven
ARCHITECT DESIGN COMPUTE Service Request SERVICES SECURITY NETWORK Application
Available ARCHITECT DESIGN Service Request
Application Available
QA it
Cisco Confidential 15 ©2014 Cisco and/or its affiliates. All rights reserved.
Data Center Automation and IT Collaboration Today: Serialized Configuration and Management
MANUAL PROCESS LEADS TO INCREASED DEPLOYMENT TIMES
NETWORK COMPUTE SERVICES SECURITY Application
Requirements
Policy Violation Configuration Mismatch
Successful Deployment
ARCHITECT DESIGN COMPUTE Service Request SERVICES SECURITY NETWORK Application
Available
Deployment Trigger
Cisco Confidential 16 ©2014 Cisco and/or its affiliates. All rights reserved.
Data Center Automation and IT Collaboration ACI: Common Policy Framework and Operational Model
Application Policy
CLOUD APPLICATION
COMPUTE NETWORK
STORAGE SECURITY
POLICY-BASED AUTOMATION
Application Requirements
Defined set of application requirements
Team builds application policy and template
Operations team deploys with minimal
risk and maximum speed
ARCHITECT DESIGN Service Request
Application Available
Deployment Trigger
Cisco Confidential © 2013-2014 Cisco and/or its affiliates. All rights reserved.
Application Awareness ACI: Application-Level Visibility
Actions: No new hosts or VMs Evacuate hypervisors Re-balance clusters
CiscoLive Event
PetStore Dev • Leaf 1 and 2 • Spine 1 – 3 • Atomic counters
PetStore Prod • Leaf 2 and 3 • Spine 1 – 2 • Atomic counters
PetStore QA • Leaf 3 and 4 • Spine 2 – 3 • Atomic counters
VXLAN Per-Hop Visibility
Physical and Virtual as One
ACI Fabric provides the next generation of analytic capabilities
Per application, tenants, and infrastructure: • Health scores • Latency • Atomic counters • Resource consumption
Integrate with workload placement or migration
Triggered Events or Queries
APIC
Cisco Confidential 18 © 2013-2014 Cisco and/or its affiliates. All rights reserved.
ACI Addresses the Security Challenge in the DC
Automate Compliance,
Centralized Audit
Visibility, Analytics, Forensics
Simplified Policy-based
Segmentation
Network Services
Automation, Open Eco-
System
Security Expressed in Application Language
Centralized Security Across Physical and Virtual
Cisco Confidential 19 ©2014 Cisco and/or its affiliates. All rights reserved.
Open Open Source, Open Standards, Open Interfaces
Cisco Confidential © 2013-2014 Cisco and/or its affiliates. All rights reserved.
OPERATIONAL MODELS
RESTful APIs, Python etc.
OpFlex
1. Scripting/Languages
2. IT Automation
3. OpenSource
4. Integrated ACI Approach
Open: Choice and Investment Protection
RICH ECOSYSTEM
Hypervisors
L4-L7 Services
Management
Security
Storage
Operational Choice—Service Provider, Enterprise, Commercial
CLOUD
SECURITY NETWORK
APPLICATION
Automate
Cisco Confidential 21 © 2013-2014 Cisco and/or its affiliates. All rights reserved.
How ACI fits into Private and Public Clouds?
Cisco Confidential © 2013-2014 Cisco and/or its affiliates. All rights reserved.
ACI is Multi-Hypervisor-Ready
! Integrated gateway for VLAN, VxLAN, and NVGRE networks from virtual to physical
! Normalization for NVGRE, VXLAN, and VLAN networks
! Customer not restricted by a choice of hypervisor
! Fabric is ready for multi-hypervisor
Virtual Integration Network Admin
Application Admin
BARE METAL SERVER
VLAN VXLAN
VLAN NVGRE
VLAN VXLAN
VLAN
Hyper-V KVM
Hypervisor Management
APIC
APIC
VMware Microsoft
Red Hat XenServer
Microsoft Red Hat
Any to Any
C240 M3 with OmniStack
VMware
Cisco Confidential © 2013-2014 Cisco and/or its affiliates. All rights reserved.
Consistency Security/Networking as an extension of
Private Cloud
Control Unified workload
management across clouds
Choice Freedom to place workloads across
heterogeneous Clouds
Compliance Policy-based
deployment with ACI/governance in cloud
ACI is Part of Cisco Intercloud Fabric Value Proposition: Secure Workload Mobility
DC/Private Cloud Cisco Intercloud Fabric
Fixed Workloads Variable Workloads
Provider Cloud
Cisco Confidential © 2013-2014 Cisco and/or its affiliates. All rights reserved.
ACI is Part of Data Center Automation
UCS Director Openstack
UCS Manager
Application Policy
Infrastructure Controller
Converged Infrastructure
Managers OpenDaylight
Virtual Machine Manager
Process Orchestrator 3rd Party Orchestrator
IaaS PaaS SaaS ITaaS Intercloud
Prime Services Catalogue
ORCHESTRATION
SERVICES
AUTOMATION
PORTAL
INFRASTRUCTURE MANAGEMENT
Ope
n In
tegr
atio
n
Stack Designer
MANAGEMENT AUTOMATION POLICY SECURITY
ECOSYSTEM PARTNERS
Intercloud Fabric
Cisco Confidential 25 © 2013-2014 Cisco and/or its affiliates. All rights reserved.
Summary
Cisco Confidential 26 © 2013-2014 Cisco and/or its affiliates. All rights reserved.
Summary: Our Direction Data centers and cloud network infrastructures, both physical and virtual, will no longer be configured, will not be software defined (or programmed), but instead will be Policy Driven and Application Centric.
Thank you.