• Cisco Multi/Hybrid Cloud Strategy
• Multicloud Services Integration
• Infrastructure
• Security
• Analytics
• Management
Agenda
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
Customer Challenges with Multicloud
FRAGMENTED
COMPLEX
NO DATA CONTROL
SaaS
SaaS
SaaS
SaaS
SaaS
SaaSSaaS
OtherPublicClouds
Azure
AWS
GCP
SaaS
PrivatePrivate
BRKCLD-2604 3
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 4
Customer Initiatives: Evolve, Add / Develop, Manage
Automate Private & Hybrid Clouds
Deploy Containers Infra
Manage from Cloud
Performance Visibility
(App and Infra)
Secure Extension to Public Clouds
Consistent Security Policies
Optimize Workloads
(Cloud and DC)
Leverage SaaS Solutions
Build New Cloud Applications
Customer
Initiatives
BRKCLD-2604
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
Cloud Technologies and Applications Platforms
Infra
CI/HCI
On Premises
Private Cloud
Choice ?
BRKCLD-2604 6
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
Cloud Technologies and Applications Platforms
Bringing Choice at Private Cloud
Infra
VIM
Infra
CI/HCI
Infra
CVD
Infra
POD
Public Cloud Options
Private Cloud Co-Lo
Choice of Private and Hybrid Cloud Stacks
On Premises or Co-Lo / Hosted
Infra
POD
H1CY18
BRKCLD-2604 7
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
Cloud Technologies and Applications Platforms
Infra
VIM
Infra
CI/HCI
Infra
CVD
Infra
POD
Public Cloud Options
Private Cloud Co-Lo
On Premises or Co-Lo / Hosted
Infra
POD
NETWORKING MANAGEMENTANALYTICSSECURITY
Bringing Consistency and Services with Public Clouds
BRKCLD-2604 8
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
Campus BranchPrivate clouds Public clouds
Multicloud Requirements
NETWORKING MANAGEMENTANALYTICSSECURITYMulticloud
Software
…to connect, protect, and consume cloud services
Data centers Colocation Devices Internet of Things
Helping customers optimize their multicloud strategy
BRKCLD-2604 9
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
Tactic Solution
10BRKCLD-2604
Microsoft View with Azure and Cisco Integrated Solution for Azure Stack
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
• Develop in the cloud – deploy anywhere
• Access information and break down boundaries between
public and private cloud
• Enforce network and security policy without losing agility
• Bridge existing investments with new capabilities
BRKCLD-2604 11
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
Cisco and Google Open Hybrid Cloud Solution: consistent and policy driven environment across clouds
On Prem/Colo Data Center Google Cloud
Google Cloud
Platform
Google Kubernetes
Engine
Existing
ServicesApps | Data
Private Cloud infrastructurecontainer platform on
hyperconverged infrastructure
Cloud
Apps
Istio: Hybrid Cloud
Service Management
Consistent
Environment
Networking | Security | Private Cloud Infrastructure | Consumption Management
CSR 1000v, ACI, Stealthwatch Cloud, HyperFlex, Contiv, CloudCenter, AppDynamics
BRKCLD-2604 12
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
Cisco and Google First Cover Three MajorHybrid Cloud Use Cases
Cloud apps consuming on-prem services
(ERP, CRM,…)On-premise applications leveraging
GCP’s services
Consistent CI/CD experience across
environments
Unified Management and Networking
Big Query DataflowCloud
functions
Unified Management and NetworkingUnified Management and Networking
BRKCLD-2604 13
• Cisco Multi/Hybrid Cloud Strategy
• Multicloud Services Integration
• Infrastructure
• Security
• Analytics
• Management
Agenda
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
ACI Anywhere - VisionAny Workload, Any Location, Any Cloud
BRKCLD-2604 15
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
ACI 1.1 - Geographically
Stretch a single Pod
DC1 DC2
ACI Stretched Fabric
APIC Cluster
ACI Single Pod Fabric
ACI 1.0 -
Leaf/Spine Single
Pod Fabric
ACI 2.0 - Multiple Networks
(Pods) in a single Availability
Zone (Fabric)
Pod ‘A’
MP-BGP - EVPN
…
IPNPod ‘n’
ACI Multi-Pod Fabric
APIC Cluster
ACI 3.0 – Multiple Availability
Zones (Fabrics) in a Single
Region ’and’ Multi-Region
Policy Management
Fabric ‘A’
MP-BGP - EVPN
…
IPFabric ‘n’
ACI Multi-Site
ISE
ISE 2.1 & ACI 1.2
Federation of Identity
and Interconnect
TrustSec and ACI using
IP based EPG/SGT
ACI 3.1/3.2 - Remote Leaf
and vPod extends an
Availability Zone (Fabric) to
remote locations
Application Centric InfrastructureFabric and Policy Domain Evolution
BRKCLD-2604 16
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
Security Group
Virtual Private Network
Security Group Rule
Outbound rule
Inbound rule
User Account
Source/Destination: Subnet or IP or Any or ‘Internet’ProtocolPort
Network Adapter
Tenant
VRF
BD Subnet
EPG
EPG Contracts
Consumed contracts
Provided contracts
EC2 Instance
VPC subnet
Why use Cloud Constructs?Policy Mapping - AWS
BRKCLD-2604
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
Application Security Group (ASG)
Virtual Network
Subnet
Network Security Group (NSG)
Outbound rule
Inbound rule
Resource Group
Source/Destination: ASG or Subnet or IP or Any or ‘Internet’ProtocolPort
Network Adapter
Tenant
VRF
BD Subnet
EPG
EPG Contracts
Consumed contracts
Provided contracts
Virtual Machine
Why use Cloud Constructs? Policy Mapping - Azure
BRKCLD-2604
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
Fabric ‘A’ (AZ 1)
Fabric ‘B’ (AZ 2)
Application
workloads
deployed across
availability zones
Typical RequirementCreation of Two Independent Fabrics / Availability Zones (AZs)
BRKCLD-2604 19
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
Pod ‘1.A’ Pod ‘2.A’
Pod ‘1.B’ Pod ‘2.B’
‘Classic’ Active/Active
Fabric ‘A’ (AZ 1)
Fabric ‘B’ (AZ 2)
‘Classic’ Active/Active
Application
workloads
deployed across
availability zones
Typical RequirementCreation of Two Independent Fabrics / Availability Zones (AZs)
BRKCLD-2604 20
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 21BRKCLD-2604
ACI Multi-SiteOverview
Separate ACI Fabrics with independent APIC clusters
ACI Multi-Site pushes cross-fabric configuration to
multiple APIC clusters providing scoping of all
configuration changes
MP-BGP EVPN control plane between sites
Data Plane VXLAN encapsulation across sites
End-to-end policy definition and enforcement
MP-BGP - EVPN
Availability Zone ‘A’ Availability Zone ‘B’
IP Network
REST
API GUI
Region ‘C’
VXLAN Data-Plane
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
IP Network
ACI Extension Beyond On-Premise Data Center(s)
Hypervisor
AVE
Hypervisor
vSwitch
Hypervisor
vSwitch
ACI Policies
vSpine + vLeaf
On-Premise Data Center Remote Virtual POD
Web App
Hypervisor
AVE
Hypervisor
AVE
Hypervisor
AVE
Virtual POD
App DBDB Web
Co-Lo / Remote DCs /
Bare-Metal Clouds /
Brownfield Deployments
AVE = ACI Virtual Edge
BRKCLD-2604 22
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
Cisco Intersight
SaaS
Simplicity
Actionable
Intelligence
SaaS DeliveredIntuitive Experience Enhanced Support Proactive Guidance Secure and Extensible
Intersight
BRKCLD-2604
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
Notice: Actual cost will depend on negotiated terms and discounts
Cloud Connect - CSR 1000V?
• CSR is so far offered on Amazon AWS and Microsoft Azure. CSR1000v on GCP coming in 2018
• CSR1000V pricing based on technology package, throughput, license term PLUS platform cost
• How do I choose the platform for CSR on AWS or Azure?
24BRKCLD-2604
• Cisco Multi/Hybrid Cloud Strategy
• Multicloud Services Integration
• Infrastructure
• Security
• Analytics
• Management
Agenda
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
Cisco Multicloud Security
Secure Internet Gateway
(SIG)
Umbrella Cloudlock &
Email Security
Cloud access security
brokers (CASB) & Email
Public Cloud Threat
Detection and Visibility
Stealthwatch Cloud
Security when
Accessing the CloudSecurity for
SaaS Apps
Security for
Public Cloud
Cloud Security Assessment Services
BRKCLD-2604 26
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
Holistic Approach to Server Protection
Dynamic and heterogeneous
environment
Traffic visibility, server process
baseline, and analytics
Policy that enables
application segmentation
Segmentation
Application control
using whitelists
Advanced
behavior analysis
Break organizational siloes
BRKCLD-2604 27
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
Cisco TetrationArchitecture overview
BRKCLD-2604 28
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 29BRKCLD-2604
Segmentation Policy: Express Policies in Human Language
Development can’t talk to production
• Cisco Tetration™ knows who is production
• Cisco Tetration knows who is development
• Policies are continuously updated as applications
change
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 30BRKCLD-2604
How Does it Work?Cisco Tetration™ automatically converts your intent into blacklist and whitelist rules
Intent Rules
Block nonproduction applications from
talking to production applications
SOURCE 10.0.0.0/8
DEST 128.0.0.0/8
Allow HR applications to use the
employee database
SOURCE 128.0.10.0/24
DEST 128.0.11.0/24
Block all HTTP connections that are
not destined for web servers
SOURCE * DEST
128.0.100.0/24 PORT = 80
SOURCE * DEST * PORT = 80
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 31BRKCLD-2604
Mobility
Intent stays with the endpoint, no matter the infrastructure it resides on
Endpoint Endpoint
VLANs
ACLs
Cisco Nexus™ 7000,
5000, and 2000 Series
(Gen 1.0)
Subnets
Interfaces
Security rules
Cloud
Security groupsCisco Tetration™ calculates all necessary rule
changes and automatically applies them
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 32BRKCLD-2604
Cisco Tetration: Deployment options
Cisco Tetration™ Cloud
• Software deployed in public
cloud
• Suitable for deployments of
less than 1000 workloads
• Cloud instance owned
by customer
Cisco Tetration™ Platform
(large form factor)
• Suitable for deployments of more
than 5,000 workloads
• Built-in redundancy
• Scales to up to 25,000 workloads
Includes:
• 36 x Cisco UCS® C220 servers
• 3 x Cisco Nexus® 9300
platform switches
Cisco Tetration-M (small form factor)
• Suitable for deployments of less
than 5,000 workloads
Includes:
• 6 x Cisco UCS C220 servers
• 2 x Cisco Nexus 9300
platform switches
AmazonWeb Services
On-premises options Public cloud
Microsoft
Azure
• Cisco Multi/Hybrid Cloud Strategy
• Multicloud Services Integration
• Infrastructure
• Security
• Analytics
• Management
Agenda
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 34BRKCLD-2604
What’s AppDynamics ? End-to-end visibility and actions for business transactions
Tag Learn
Instrument every user transaction Collect application and business dataBaseline behavior and performance
Trace
NoSQL
Java Heap Usage: 76%
/<SearchFlight>/: 32ms
From: LON
To: LAS
Out: Thursday 10th
Network Errors: 1.3%
</GetCustLevel/>: 12ms
Platinum Customer
Lives: CA, USA
Using: Chrome
CPU Usage: 36%
</GetPrice/>: 56ms
Class: Business
Price: $3,269
Special Meals: No
Database Time: 156ms
</WPProcess/>: 340ms
Payment: Mastercard
Merchant: WorldPay
Confirmed: True
Business Transaction:
Book A FlightResponse Time: 2.1s
Follow
Follow through complex systems
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public35
BRKCLD-2604
TOMCAT DOCKER ORACLE
ESB/MQ
ASYNC
APACHE
1| Application Mapping“When we first saw the graph of the architectural
components of the application that came up, we had a much
clearer understanding of how to maximize the application
design as we moved to run on the AWS Cloud” – Roy Early, Production Support Manager, Allconnect
Cloud Migration
Confidence to migrate applications at speed
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 36BRKCLD-2604
TOMCAT DOCKER ORACLE
ESB/MQ
ASYNC
APACHE
CPU
NETWORK
MEMORYCPU
NETWORK“The ability to trace a transaction visually and
intuitively through the interface was a major
benefit. This visibility was especially valuable
when Nasdaq was migrating a platform from its
internal infrastructure to the AWS Cloud.”
Heather Abbott, SVP Corporate Solutions
Technology, Nasdaq
Cloud Migration
2| Visualize User
Journeys1| Application Mapping
Confidence to migrate applications at speed
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco PublicBRKCLD-2604 37
TOMCAT DOCKER ORACLE
ESB/MQ
ASYNC
APACHE
CPU
NETWORK
MEMORYCPU
NETWORK
Cloud Migration
3| Prove the business
value
TOMCAT
APACHE
NETWORK“Using AppDynamics helps us to accurately rightsize
which Amazon EC2 instances we need based on
resource consumption in order to avoid overspend”
Eric Poon, Head of Global Technical Operations and IT
Analytics, Nasdaq
1| Application Mapping 2| Visualize User
Journeys
Confidence to migrate applications at speed
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 38BRKCLD-2604
Clarity of app and business performance in hybrid architectures
“With AppDynamics, we gain better
visibility into how microservices
interface with the rest of the components
of our application, and the increased
velocity to resolve issues faster than
ever.” Nuno Pereira, CTO, iJET
International
Cloud Monitoring
1| Unified Monitoring
Instant, end-to-end
monitoring of apps
in any environment
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
1| Unified Monitoring
Instant, end-to-end
monitoring of apps
in any environment
Cloud Monitoring
2| Machine Learning
Accurate and
granular alerting
based on real-time
usage
Clarity of app and business performance in hybrid architectures
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
Cloud Monitoring
3| Business context
Correlate and analyze
app performance with
engagement and
business outcomes
1| Unified Monitoring
Instant, end-to-end
monitoring of apps
in any environment
2| Machine Learning
Accurate and
granular alerting
based on real-time
usage
Clarity of app and business performance in hybrid architectures
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 41BRKCLD-2604
TOMCAT DOCKER ORACLE
ESB/MQ
APACHE
NETWORK
MEMORYCPU
NETWORK
Cloud Elasticity
Control to instantly increase scale when required
1| Cloud Autoscaling based on
technical or business metrics
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 42BRKCLD-2604
TOMCAT DOCKER ORACLE
ESB/MQ
APACHE
NETWORK
MEMORYCPU
NETWORK
Cloud Elasticity
1| Cloud Autoscaling based on
technical or business metrics
2| Prebuilt extensions make
scaling easy
Control to instantly increase scale when required
• Cisco Multi/Hybrid Cloud Strategy
• Multicloud Services Integration
• Infrastructure
• Security
• Analytics
• Management
Agenda
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
Cisco CloudCenterModel Once. Deploy and Manage Anywhere.
Data
Center
DEPLOY
MANAGE
MODEL
Public
Cloud
Private
Cloud
One Integrated
Platform
Lifecycle
Management
New and Existing
Applications
BRKCLD-2604 44
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
Cloud Agnostic Cloud API-Specific
45BRKCLD-2604
Cisco CloudCenter: Hybrid Cloud ManagementOne Platform
Orchestrator
Extendable
Multi-tenant
Secure
Scalable
Orchestrator
Orchestrator
ManagerApplication
Profile
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
HooksScripts
Events
SecuritySSO
HSM
InfrastructureIPAM
DNS
Docker
Puppet, Chef
Components
User Content
Vendor Content
Content Integration
Tool Integration
Extendable
Secure
Scalable
Cisco CloudCenter: API Extendable and Brokerage
Cloud APIsDatacenter Private and Public Cloud
Platform IntegrationITSM | Build Automation (Jenkins)
Model
Multi-Tenant
DEPLOY
MANAGE
MODEL
BRKCLD-2604
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 47BRKCLD-2604
Relationship Between CloudCenter, VIM, Cisco Container Platform, and Intersight
Other private
and public clouds
Cisco CloudCenterCloud-Hosted or On-Premises
UCS Non
UCS
UCS UCS HX HX HX
Other Distributions
Bare Metal
Non
UCS
Non
UCS
Network – ACI, Nexus
StorageVMs and Bare Metal VMs and Bare Metal
Cisco
IntersightCloud-Hosted
• Manage HW
• Provision infrastructure SW
• Provision applications on any infrastructure
Cisco VIM
Deployed & Managed by
Cisco Cloud Platform
Top Related