architecture & service orchestration for multi-tenant...
TRANSCRIPT
© 2012 Cisco and/or its affiliates. All rights reserved. Presentation_ID Cisco Public
Architecture & Service Orchestration for Multi-Tenant Cloud Services BRKSPG-2305
1
© 2012 Cisco and/or its affiliates. All rights reserved. Presentation_ID Cisco Public
Session Overview
The Goal of This Session Is to Help Participants
Understand Data Center/Cloud virtualization, multi-tenancy, service tiering concepts.
Learn about various components of the Cisco VMDC solution for IaaS Cloud Infrastructure and Orchestration
Understand the need for and benefits of Service Orchestration in the Cloud, with BMC CLM and Cisco CIAC
© 2012 Cisco and/or its affiliates. All rights reserved. Presentation_ID Cisco Public
Agenda Cloud Overview
VMDC IaaS Cloud Solution ‒ Scalability
‒ Multi-tenancy
‒ Security/Isolation
‒ Service Tiers
Service Orchestration ‒ Overview, Framework
‒ BMC Cloud Lifecycle Management
‒ Cisco Intelligent Automation for Cloud
‒ Service Assurance
© 2012 Cisco and/or its affiliates. All rights reserved. Presentation_ID Cisco Public
Glossary VMDC: Cisco Virtualized Multi-Tenant Data Center IaaS: Infrastructure as a Service SaaS: Software as a Service DC: Data Center FCoE: Fibre Channel over Ethernet SAN: Storage Attached network NAS: Network Attached Storage UCS: Unified Computing System VM: Virtual Machine VRF: Virtual Routing & Forwarding DR: Disaster Recovery CMDB: Configuration Management Database BBNA: BMC BladeLogic Network Automation BBSA: BMC BladeLogic Server Automation CLM: BMC Cloud Lifecycle Management VDC: Virtual Data Center CIAC: Cisco Intelligent Automation for Cloud
© 2012 Cisco and/or its affiliates. All rights reserved. Presentation_ID Cisco Public
Why CloudPotential Benefits
Organizational flexibility
Reduced cost of infrastructure
Agility and rapid deployment
Relocation of IT resources
Support new business models
Private
Public Hybrid
Community
vPrivate
Private Government to Cloud Centralized Services
Reduce hardware, improved security & application control
Public Enterprise to Cloud
HR Processing Reduced hardware, elastic and
efficient
© 2012 Cisco and/or its affiliates. All rights reserved. Presentation_ID Cisco Public
Cisco Converged Infrastructure
Foundation: Cisco Converged Infrastructure Service Portal/ Service Catalog
Service Application Programming Interface
Service Orchestration
OSS
BSS
NMS
Compute
Network Storage
Data Center + Next Generation Networks
Virtualized Resources
© 2012 Cisco and/or its affiliates. All rights reserved. Presentation_ID Cisco Public
Scalability Add Capacity For System, Not Single Service
Capa
city
Con
sum
ed
Time
Service 1
Service 2
Service 4
Service 3
+
Available Capacity
Added infrastructure is dynamically discovered, and comes online to meet any required demand.
© 2012 Cisco and/or its affiliates. All rights reserved. Presentation_ID Cisco Public
Built for On-Demand Service Orchestration
A multi-domain configuration abstraction layer that sits on top of the data center infrastructure.
Enables a portal based configuration model in which the subscriber can
Pick from a limited number of customized service options
Host applications as virtual machines.
Based upon these picks, configuration actions are executed to the device(s) that make up the service as represented within the customer facing portal.
Storage Compute Network & Security
Resource Management & CMDB
Portal
Orchestrator
© 2012 Cisco and/or its affiliates. All rights reserved. Presentation_ID Cisco Public
Integrated Compute Stack – Vblock,
FlexPod, etc.
Infrastructure Abstraction / Management Software
Infrastructure Orchestration Software
Assurance S
oftware
Cloud Services / Applications / Whole Offers
Scalable, Multi-Tenant L2/3 DC Networking
Security Features L4-7 Services
Scalable, Multi-Tenant L2/3 DC Networking
Security Features L4-7 Services
Data Center Interconnect
Integrated Compute Stack – Vblock,
FlexPod, etc.
Integrated Compute Stack – Vblock,
FlexPod, etc.
Integrated Compute Stack – Vblock,
FlexPod, etc.
Integrated Compute Stack – Vblock,
FlexPod, etc. Integrated Compute
Stack – Vblock, FlexPod, etc.
Integrated Compute Stack – Vblock,
FlexPod, etc.
Integrated Compute Stack – Vblock,
FlexPod, etc.
VMDC Infrastructure
VMDC Orchestration / Management
Cisco VMDC – IaaS Cloud Solution
© 2012 Cisco and/or its affiliates. All rights reserved. Presentation_ID Cisco Public
Cisco Virtualized Multi-tenant Data Center Solution
A validated reference architecture for IaaS Public and Private Clouds – Cisco and Partner platforms
A blueprint enabling customer to readily deploy services or applications
An architecture that combines integrated compute stacks, unified data center and data center interconnect into an end-to-end architecture
A prescriptive package available to customers as a whole offer
Multiple phases, evolving with new Platforms and Technologies
© 2012 Cisco and/or its affiliates. All rights reserved. Presentation_ID Cisco Public
Cisco VMDC Solution Phases Validated and Published:
- VMDC 1.0 DIG - VMDC 2.0 Large Pod DIG - VMDC 2.0 Compact Pod DIG - BMC CLM 1.01 DIG - VMDC Hybrid Cloud with VMware vCloud Director - VMDC 2.2 DIG - VMDC Data Center Interconnect with VPLS (White Paper) - BMC CLM 2.1 DIG
Currently being validated: - Fabric Path (Proof of Concepts) - VMDC 2.2 Security additions (IPS, vApp based Firewalls) - New L3 designs/form factors (vApp based routing)
© 2012 Cisco and/or its affiliates. All rights reserved. Presentation_ID Cisco Public
Management Cisco UCS Manager
VMware vCenter 4.1 BMC CLM 2.1 (BBNA, BBSA, Atrium, Remedy)
Compute Cisco UCS 6140 Fabric Interconnect
Cisco UCS 5100 chassis + B200-M1/M2 blades * Cisco Nexus 1000v VMware vSphere 4.1, ESXi, Virtual Security Gateway (VSG)
Network Cisco CRS-1, ASR9000
Catalyst 6500 VSS Cisco Nexus 7000 Cisco Nexus 5000 Cisco Catalyst 6500 DSN Cisco ACE30, FWSM (or ASA-SM) Cisco ASA 5585X-60
Cisco IPS-SM (VMDC 2.2+)
SAN Cisco MDS 9513, 9228
Storage EMC Symmetric VMAX (SAN)
Netapp FAS 6080 (NAS)
* B200, B230 M2 blades recommended
Storage
SAN
Management
Compute / Virtual
Network
Network
VMDC 2.2 Platforms
© 2012 Cisco and/or its affiliates. All rights reserved. Presentation_ID Cisco Public
Agg/Access
IP/MPLS
Aggregation/Access
10GE
FCoE
FC
Services
Core
Virtual Access /
Compute
Nexus 7010
SAN
Nexus 7018
Nexus 1000
DSN Cat 6500 FWSM/ASA-SM, ACE, ASA5580
MDS 9500
Nexus 7018
UCS blade chassis
Wan/Edge ASR9k
EMC VMAX
UCS 6140
ESXi
Outside VRF
Inside VRF
20G 20G
40G 40G
VMDC 2.2 Topology
© 2012 Cisco and/or its affiliates. All rights reserved. Presentation_ID Cisco Public
Service Orchestration Dynamic application and reuse of resources
Automated service orchestration and fulfillment Integration with Network Containers
Rapid Self Service IT
High Availability Carrier Class Availability
Platform/Network/Hardware/Software Resiliency Minimize the probability and duration of incidents
Focus on your business, not fighting fires
Differentiated Service Support Design logical models around use cases
Services-oriented framework Combines compute/storage/network
Resources are applied and tuned to meet needs
Modularity Pod based design
Scalability framework for manageable increments Predictable physical and cost characteristics
Streamline Turn-up of New Services
Secure Multi-tenancy Shared Physical Infrastructure
Tenant Specific Resources Use Cases
Comply with business policies
Building an IaaS Infrastructure Architectural Pillars
© 2012 Cisco and/or its affiliates. All rights reserved. Presentation_ID Cisco Public
POD Concept: DC System Scale Through Modularity
Access Pod: Collection of compute nodes and network ports behind a pair of access switches
Management Pod: Access Pod dedicated to housing of back-end management compute nodes
Pod: Repeatable storage, compute and network infrastructure including L2/L3 boundary equipment. The pod is the L2 work-load domain.
4x10GE
4x10GE
4x10GE
4x10GE
Compute Cisco UCS 6100 Fabric Interconnect
UCS 5100 Blade Server VMware
vSphere
Nexus 1010
VMware vCenter
Compute Pod: Collection of compute nodes behind a single management domain or HA domain
Simplified capacity planning Ease of new technology adoption Ease of Fault isolation Consistent and efficient operation
© 2012 Cisco and/or its affiliates. All rights reserved. Presentation_ID Cisco Public
Pod Subsystem: ICS Concept
ICS: Collection of pre-integrated storage, compute nodes and network ports behind a pair of access switches. Storage may be 10GE or FC attached (i.e., below).
Risk Mitigation Support for Vblocks and Flexpods Support for future ICS options ICS’s not mandated: flexibility to support alternative storage solutions
© 2012 Cisco and/or its affiliates. All rights reserved. Presentation_ID Cisco Public
POD Scalability
. . . . . . . .
NAS
SAN
POD 6
UCS 6140
NAS
SAN
POD 1
UCS 6140
Block = 64 servers. POD = 6 Blocks = 512 servers. 6 PODS in DataCenter Minimum 1 POD of 512 servers = 16,384 VMs Maximum 6 POD of 3,672 servers = 98,304 VMs
512 server, 16,384 VMs 512 server, 16,384 VMs
Core Nexus 7010
Access/Aggregation Nexus 7018
Access/Aggregation
Nexus 7018
Maximum scalability is a function of Core port density: 7018 would allow for further L2 scale.
© 2012 Cisco and/or its affiliates. All rights reserved. Presentation_ID Cisco Public
POD Sizing Considerations
Network Traffic throughput Number of Tenants (VRFs), VLANs Oversubscription factors High Availability (redundant links) Port and Line-card/Chassis density Platform scalability (VRFs, VLANs, Interfaces) Ratio of Service Tiers (Gold:Silver:Bronze)
Security & L4-7 Services Service Modules or Appliances Type and Number of Services Number of Virtual Contexts (Modules) Number of VLANs tied to service modules Application throughput
Storage SAN/NAS ports/links Storage throughput, oversubscription, IOPS Number of VSAN, Zones Storage Array Density (disks, ports) Distributed or Centralized Storage
Compute Number of VMs per tenant, per VLAN VM to Core ratio, Memory size per VM Number of links, oversubscription factors Ratio of Service Tiers (Gold:Silver:Bronze) Number of blades in a UCS cluster Number of blades in a ESX cluster Number of VMs per blade, per cluster, per Pod VCenter limits on VM’s, Servers, DataStores, Ports
© 2012 Cisco and/or its affiliates. All rights reserved. Presentation_ID Cisco Public
System Budgetary Considerations Nexus 1010 Scope
‒ 64 VEMs per VSM
‒ 2048 Active VLANs per VSM
‒ 2048 vEths per VSM
‒ 2048 Port-Profiles per VSM
‒ 4K Mac Addresses per VLAN
‒ 16K Mac Address Table per VEM
N1kV ‒ 64 ESX/ESXi hostrs per VSM
‒ 2048 virtual Ethernet ports per VMware vDS, with 216 virtual Ethernet ports per physical host
‒ 2048 active VLANs
‒ 2048 Port Profiles
‒ 32 physical NICs per physical host
‒ 256 PortChannels per VMware vDS, with 8 PortChannels per physical host
VMware 4.1 Scope ‒ # Hosts in VMware Cluster
‒ # Other Network dependencies based on DVS or Nexus 1010
‒ http://www.vmware.com/pdf/vsphere4/r41/vsp_41_config_max.pdf
Nexus 5K Scope ‒ 4K VLANs
‒ 16 K or 32 K MAC
Nexus N7K Scope ‒ 4K VLANs
‒ 128K MAC
‒ vPC bounded scope
UCS Scope ‒ 1000 VLANs
‒ 14k (Gen1) or 32k (Gen2) Logical STP Ports (Release 2.0)
‒ VIC JMTU Limits for Uplinks – 10 with ESXi 4.0 U1
‒ VM-FEX vNICS: 56/112
NAS Scope
‒ Vendor Specifics
© 2012 Cisco and/or its affiliates. All rights reserved. Presentation_ID Cisco Public
Architecture Fundamental: Multi-tiered Redundancy PE/WAN Edge
Aggregation/ Virtualized Access
Core
Virtual Access Edge
Link Redundancy without STP
Single Logical Links to
aggregation
Supervisor Module
Redundancy
Fabric Redundancy
VEM MCEC Uplink Redundancy
VM #4
VM #3
VM #2
Nexus VSM
NAS SAN
Virtualized Node Redundancy
Data and Control Plane
Redundancy at L2 and L3
Data and Control Plane
Redundancy at L3
Storage Controller
Redundancy
NAS SAN
Virtualized Aggregation
Fabric Redundancy
Collapsed Aggregation/Access Model* Collapsed Core/Aggregation Variant* *Services Core not shown. Partial view of collapsed core/agg.
© 2012 Cisco and/or its affiliates. All rights reserved. Presentation_ID Cisco Public
VMDC Architecture Fundamental – Tenancy Containers for Cloud Consumers
Premium
Palladium
“Raw” (DCI); other/future
Evolving flexibility to support more complex
service models
© 2012 Cisco and/or its affiliates. All rights reserved. Presentation_ID Cisco Public
VMDC Consumer Model Security Functional Review Baseline: Use logical segmentation (VLAN, ACLs,
PVLANs, VRFs) to map security domains to each consumer, separating compliant from non-compliant systems.
For Public Cloud, separate front-end Private and Public VRFs
Protected VRF for Layer 3 services ‒ Default gateway for virtual machines
Dedicated ASA virtual firewall context to enforce stateful security services on ingress and egress data center tenant traffic ‒ Allows for zoning
VSG security services applied across the virtual compute layer to enforce VM security policies
Interface configurations are not mandated
Front End Zone
VRF
Cloud Consumer “X” Zone 3
Zone 2 Zone 1
vPath
Protected VRF (control point)
Nexus 1000v
Shared Zone
VSG
ASA Context
Zone 3 Zone 2
Zone1
vPath Nexus 1000v
Shared Zone
VSG
Non-virtualized Servers
ACE Context
ACE Context
© 2012 Cisco and/or its affiliates. All rights reserved. Presentation_ID Cisco Public
WAN Edge
Secured Access MPLS L2/L3 VPNs SSL & IPSec VPNs Infrastructure security to protect device, traffic plane, and control plane.
Aggregation/Core NAS Storage
Device virtualization for control, data, management plane segmentation VSD + NetApp vFilers (NAS)
Services
Server Load Balancing masks servers and applications Application Firewall mitigates XSS, HTTP, SQL, XML attacks
Access
Enhanced Layer 2 Security Access List, Dynamic ARP Inspection, DHCP Snooping, IP Source Guard, Port Security, Private VLANs
Compute/ SAN storage/
MDS Fabric
Cisco VSG/N1K Application security
SiSi SiSi
NEXUS 1000v
NAS
Secure Multi-tenancy
© 2012 Cisco and/or its affiliates. All rights reserved. Presentation_ID Cisco Public
Public/Shared
VRF
vPath
Protected VRF (control point)
Nexus 1000v VSG
ASA Context (per tenant)
Public Zone (DMZ) Protected FE Zone 1 Zone 2
Sub-Zone W Sub-Zone X
Sub-Zone Y Sub-Zone Z
Private (Tenant VRF)
Less Trusted Zones
Front-end Zones Back-end Zones
Front-end Tenant Perimeter
Back-end Tenant Perimeter
Back-end Management Perimeter
VMDC Consumer Model Logical Security Perimeters and Zones
Note: RA VPN Concentrators not shown
© 2012 Cisco and/or its affiliates. All rights reserved. Presentation_ID Cisco Public
Model of differentiated service “tiers” in VMDC (Simplified)
Bronze
No Services Best Effort
Silver
LB Medium Bandwidth
Gold
LB/FW/Other High Bandwidth
Premium
Multimedia SLA VoIP/Video Low Latency Traffic
Tenants can mix and match to build a complete “data center” and support multiple application types
© 2012 Cisco and/or its affiliates. All rights reserved. Presentation_ID Cisco Public
QoS is a Fundamental Requirement for Differentiated Service Support QoS provides the means for fine-tuning network performance to
meet application requirements
QOS enables delay and bandwidth commitments to be met without gross over-provisioning
QOS is prerequisite for admission control
Being able to guarantee SLAs is a primary differentiator for SP vs. public Cloud offerings ‒ QOS enables differential SLAs to be supported efficiently
© 2012 Cisco and/or its affiliates. All rights reserved. Presentation_ID Cisco Public
Use Case Example: Tenant type mapping to Traffic Service Class
Tenant types mapped to Traffic service classes as shown in table.
Premise is that a “Gold” tenant is running business critical data traffic + multimedia traffic from his virtual machines within the cloud.
Low Latency class is used for VoIP application for example.
Call Control class for supporting VoIP/signalling.
Business Data classes have bandwidth guaranteed per tenant. Each tenant is policed at agreed BW, and extra traffic is marked down. Gold has higher BW guarantee than Silver. Provisioning rules to ensure that commitments can be met.
Standard Data class is shared between all bronze class tenants. Besides a small amount reserved across all tenants, any unused bw is available for this class.
Tenant Type Traffic Service Classes SLAs
Gold
Low Latency (VoIP) Low Latency
Call Control BW Guarantee
Business Critical Data BW Guarantee
Silver Business to Business
Data BW
Guarantee
Bronze Standard Data Available/Share
d BW
© 2012 Cisco and/or its affiliates. All rights reserved. Presentation_ID Cisco Public
VMDC Service Level Agreements Within the Provider DC Qos Domain
PE Southbound SLA SLA per tenant per class
i.e. aligns with NGN commitment
HQoS to perform egress shaping to tenant aggregate
Nexus 1000v Northbound SLA
SLA per VNIC per VM
Or per class per VNIC per VM
Ingress policing + CBWFQ on egress (uplinks)
Aggregation/ Access
Compute (includes Nexus 1000v)
vPC
vPC
4x10GE 4x10GE
vPC
Services MEC MEC
Core Data Center Edge
WAN Edge / DCI
Per tenant per class
(per class) per VNIC per VM
© 2012 Cisco and/or its affiliates. All rights reserved. Presentation_ID Cisco Public
Standardized POD design, baseline set of services in POD – homogenous, repeatable
Repeatable Physical and Logical constructs that can be abstracted (Service Tiers/bundles, Network containers, OS versions) – Services Catalogue
Leads to simpler Orchestration – container, service tiers/bundles, OS versions
Minimize Orchestration touch points in the network –consistent workflows
Identify scale limits within each layer of the POD – for Resource Pools, and Capacity/Resource Management
Standardize across multiple Data Centers – DC Interconnect, Workload Mobility, Disaster Recovery.
Standardized Services Models
© 2012 Cisco and/or its affiliates. All rights reserved. Presentation_ID Cisco Public
SVIs SVIs
Fabric Path Validation Examples: Typical Data Center Design
Two Spine Design Details
L3
SVIs/routed ports provided by M1 or F2 modules
Active Standby
HSRP
HSRP between agg switches for FHRP
Run VPC+ for active/active HSRP
VPC+
Nexus 7000 F1 or F2 modules for EoR/MoR access
Nexus 5548/5596 for ToR access
Direct-path forwarding option
Easily provision parallel bandwidth
FabricPath core ports provided by F1 or F2 modules
FEX
L2/L3 boundary
© 2012 Cisco and/or its affiliates. All rights reserved. Presentation_ID Cisco Public
SVIs SVIs
Fabric Path Validation Examples: Switched Fabric Data Center Design Single Router Pair (FabricPath-Connected Leaf)
L3
Layer 3 Link Layer 2 CE Layer 2 FabricPath
FabricPath
VPC+
VPC+ Active Standby
HSRP
VPC+
…
FabricPath spine with F1 or F2 modules provides transit fabric (no routing, no MAC learning)
FabricPath core ports provided by F1 or F2 modules
HSRP between L3 services switches for FHRP
Run VPC+ for active/active HSRP
SVIs for all VLANs on leaf L3 services switch pair (provided by M1 or F2 modules)
All VLANs available at all access switches
L2/L3 boundar
© 2012 Cisco and/or its affiliates. All rights reserved. Presentation_ID Cisco Public
Cloud Unified Reference Framework
Service Orchestration
CMDB
Infrastructure Architecture Abstraction (Includes EMS and Domain Managers) Service Catalogue Asset Inventory
Mappings / Relationships Human Resources
Infrastructure Management Service Delivery Service Management
Optimization Selection (SDLC/BCP) Quality Cost SLA
Capacity Planning Allocate/Entitlement Performance Compute, Network, Storage Usage RTO/RPO
HW/SW Management Commission/ Decommission Problem Detection-RCA Facilities Usage Maintenance/Avail.Window
Audits Enablement (On/Off) Security and Governance CapEx/OpEx (Time Unit Hrs) Penalties
Operations Fulfillment Assurance Metering and Billing Commitment
Technology Architecture Network Compute Storage
End-to-End Security
End User Customer Portal Scheduling Ordering Price Management Dashboard Financial Quality SLA
© 2012 Cisco and/or its affiliates. All rights reserved. Presentation_ID Cisco Public
Cloud Management Interface Layers
Business Service Mgmt
CMDB Service Catalog Accounting & Chargeback
SLA Mgmt
Server Infra Mgmt
Orchestration Virtual Machine Services
Domain Tools Network Infra Mgmt
Storage Infra Mgmt
ITSM Tools
Order Fullfilment
SLA Reporting
Customer Care
ITSM Mgmt
Domain Admins
Subscriber
Resource Mgmt
© 2012 Cisco and/or its affiliates. All rights reserved. Presentation_ID Cisco Public
Service Catalog
Cloud Service Abstractions Network Options Tenant segmentation Service Tiers IP address mgmt Perimeter security Application port security QOS Web service offloading SLB Services
Multi-site Burst capacity Change mgmt DR
Storage Options IOPS Capacity mgmt Service classes RAID
Snapshots Replication
VM Size Options CPU, memory, Disk Placement Multi-tier?
Packaging Options Linux, Windows, Apache My SQL vApps
© 2012 Cisco and/or its affiliates. All rights reserved. Presentation_ID Cisco Public
Service Model Abstraction: Network Containers
Enables abstraction of the physical infrastructure & network services as a set of virtual network resources. ‒Includes port, interface labeling with service node descriptions for rich XML table abstractions
‒Resource management and placement algorithms of combined services (VLANs, VRF’s, Virtual Context’s)
‒Mapping of the VM’s to Network Containers via the Nexus 1K DVS
‒Custom macro’s for ACE, FWSM, ASA, Nexus, Catalyst 6K
Benefits: ‒Simplified yet rich differentiated service definitions at the portal layer
‒Scalable pod designs with VLAN, VRF conservation
© 2012 Cisco and/or its affiliates. All rights reserved. Presentation_ID Cisco Public
Web DB App
Web DB App
Customer Red
Customer Green
IP/NGN Backbone
Core
Aggregation
WAN Edge
Services
Compute
Physical Infrastructure
(shared)
Virtual Networks (per tenant)
Tenant Containers
© 2012 Cisco and/or its affiliates. All rights reserved. Presentation_ID Cisco Public
VMDC 2.0 VMDC 2.1 VMDC 2.2 Silver Gold Palladium Expanded Bronze
L2
L3
FW
LB
LB
Public Zone
Private Zone
L2
L3
FW
LB
LB
vFW
vFW
FW
Protected Back-End
Protected Front-End
L2
L3
L3
vFW
LB
L2
L3
L3
vFW
FW
L2
L3
L3
vFW
VMDC Validated Tenant Containers
© 2012 Cisco and/or its affiliates. All rights reserved. Presentation_ID Cisco Public
BMC Cloud Lifecycle Management Simplifies and Automates Hybrid IT Management
Customers, Suppliers, Partners, and
Employees
• Orchestrates provisioning of network, compute and storage for delivery of services and applications on demand
• Dynamic allocation of internal and external shared resources based on policy
• Support Multi-Sourcing for infrastructure, software, and IT services
• Optimize resource utilization based on business requirements
Physical Hybrid Public Private Virtual
Provision & Configure
Monitor & Operate
Plan & Govern
Request & Support
Integrate & Orchestrate
© 2012 Cisco and/or its affiliates. All rights reserved. Presentation_ID Cisco Public
Virtual Multi-Tenant Data Center Architecture
Integrated Compute Stack
Servers Storage
Secure Network
Containers
Networks
• Provides an end-to-end automated lifecycle management solution for cloud based IT hosting environments
• BMC has released the 2nd Generation Cloud Lifecycle Management Platform
• Integrated full-stack cloud services – from the network to applications
• Integrated policy definitions to govern multi-tenancy, security, and make intelligent decisions on placement of provisioned services
• Provides a complete Self-Service, Service-Catalog driven platform for Automation, Orchestration and Management
• “Day 2 management” – performance, compliance, security
Operational Repository
Map to CMDB
User Request Option 1
Option 2 Option 3
Service Catalog
Service Blueprint
Design Services & Options
Translate to Business Offerings
VXI, HCS, IaaS
Completes a Service Request
FlexPod Vblock
Network Services
Resource Management
Service Governor
Service Catalog Service
Blueprint Network Blueprint
Storage
BMC Cloud Lifecycle Management
© 2012 Cisco and/or its affiliates. All rights reserved. Presentation_ID Cisco Public
Virtualized Multi-Tenant Data Center CLOUD LIFECYCLE MANAGEMENT PARTNERS
Virtualization
Resource Manager
Server Automation
CLOUD / APP SERVICE MANAGEMENT
Cloud Intelligent Network
Unified Data Center
Compliance
Assurance
BMC A
trium (Integration &
O
rchestration)
Service Catalog
Self-Service Portal Network
Automation
Unified Fabric
Unified Computing
Data Center Interconnect
Network Intelligence
Secure Network Container Architecture
Pre-integrated HW
Storage
Service Governor
Orchestration Engine
BMC CLM on Cisco VMDC
© 2012 Cisco and/or its affiliates. All rights reserved. Presentation_ID Cisco Public
Not in Current Test
BMC CLM 2.5 Components
Cloud Portals Service Catalog Service Governor
MoM
BSA (CLM component)
Compute
BNA (CLM component)
Network Atrium Orch.
(CLM component)
Storage
VMware vSphere
Virtual Compute
UCS B & C Series/UCSM
Compute
Nexus/DSN/ASA/ACE/ASR/CRS
Network
NetApp FAS
Storage
VMDC
NetApp/EMC Storage
© 2012 Cisco and/or its affiliates. All rights reserved. Presentation_ID Cisco Public
BMC Cloud Lifecycle Management End-to-end Cloud Management Platform
Service Catalog
Cloud Service Delivery
Resource Management
Management & pooling of infrastructure resources
Policy based placement and mapping of service to cloud
resources
Modeling of multi-tier services
Service Catalog
Service Blueprints
Service Governor DML
Resource Manager
Mon
itorin
g
Orc
hest
ratio
n
cDB
Policy
Cloud Self Service
© 2012 Cisco and/or its affiliates. All rights reserved. Presentation_ID Cisco Public
CLM User Roles Support for Key Users of the Cloud
Cloud End User •Developers & Testers •Application Owners
Org & Tenant Administrators •System administrator responsible for their “slice” of the cloud
Cloud Administrators
•Administrators of cloud environment
Requires: Fast and easy way to provision and manage services to support business projects
Require: Easy way to manage infrastructure networks and services for their organization
Require: Managing all cloud related capabilities including on-boarding resources, setting placement policies, on-boarding customers, and defining cloud offerings
My Cloud Services Portal
Cloud Admin Portal
© 2012 Cisco and/or its affiliates. All rights reserved. Presentation_ID Cisco Public
Network Resource Details Onboard Pods & Configure Network Containers
Pods ‒ Represent a portion of the cloud bound
by a set of physical network equipment – routers, firewalls, load balancers
Network Containers ‒ Represent per-tenant network segments
of the cloud used to isolate workloads or tenants based on specific policies/rules
‒ Can be thought of as a “virtual data center”
Network Zones ‒ Represent workload execution
environments used to isolate workloads based on specific policies/rules
‒ Typically driven by security and performance requirements
Network BMC Network Automation
3rd Party External Resource Providers
Cloud Provider API
© 2012 Cisco and/or its affiliates. All rights reserved. Presentation_ID Cisco Public
Service Catalog Business definition of service offerings - seen by End-Users
• Define pre-packaged offerings or allow users to select from a-la-carte menu • Entitlements of service offerings based on tenant, user, or service type • Integrated service pricing; continuous metering; change approval • Post Deployment actions allow define actions that can be taken on service instances
once provisioned (add backup, monitoring, compliance, etc)
Service Offering •Sharepoint – Small/Medium/Large ($$$) •Exchange – Bronze/Silver/Gold ($$$$) •LAMP/WAMP Stack ($$) •Windows/Linux Server, etc ($)
Service Options 2
Post Deploy Actions
Anti-virus software ($20 per month) OS patching ($15 per month) Application monitoring ($10 per month) Monthly Backup ($50 per month)
3
1
Add Software ($$$) Modify Memory ($$) Modify CPU ($$$)
© 2012 Cisco and/or its affiliates. All rights reserved. Presentation_ID Cisco Public
Service Blueprint Technical Definition of Service Offerings – Cloud Admin
• Service Definition • Define functional definition of service: single server to multi-tier applications • Select OS, software packages, and network connections for service • Integrated Definitive Media Library for centralized software package repository
• Service Deployment Definitions
• Define one or more ways to deploy a service (virtual, physical or public cloud) • Represents resources required for operation of a given Service • Composed of compute, storage, & network (load balancers/firewall rules)
Deployment Definition 1 “All-in-one” Configuration
Deployment Definition 2 “Tiered” Configuration
© 2012 Cisco and/or its affiliates. All rights reserved. Presentation_ID Cisco Public
Service Blueprints My Services Portal
Tying Service Offerings to Blueprints
End User Cloud Admin
DML
Create Sharepoint
Small
Medium
Large
Sharepoint provisioned on single VM 1 CPU, 1GB Memory, 20GB Disk
Sharepoint provisioned on single VM 2 CPU, 4GB Memory, 50GB Disk
Sharepoint provisioned on 3 VMs Web Tier – 1 CPU, 2GB Memory, 20GB Disk App Server – 2 CPU, 4GB Memory, 100GB Disk DB Server – 4 CPU, 8GB Memory, 500GB Disk
Request Sharepoint
Select Large Deployment $100 to deploy, $50 a month
Optionally Select Monitoring $50 a month - additional
Submit Request $100 to deploy $100 a month
Service Catalog
© 2012 Cisco and/or its affiliates. All rights reserved. Presentation_ID Cisco Public
Service Governor Rules for intelligent placement across distributed cloud resources
• Intelligent placement decisions based on admin defined policies, examples include:
• Service Levels • User Role • Compliance • Location • QoS attributes • Tenant
• Advanced tagging capabilities to match services to
the right underlying cloud resources
• Support for secure multi-tenancy and multiple network zones, placing multi-tier applications in the appropriate security zone and network container
Service Governor
End User (ABC, Inc)
Exchange Service • SLA: Gold • PCI Compliance
Tag: SLA=Gold Tag: Compliance=PCI
Tag: SLA=Gold Tag: Tenant=ABC
Network Container
Compute Pool
© 2012 Cisco and/or its affiliates. All rights reserved. Presentation_ID Cisco Public
Service Governor Details Ensure proper usage of cloud resources
Gold Silver Gold Silver
Cluster 1 Cluster 2 vRP 2 vRP 1
Policy: Capacity Based
Policy: First Fill
Filer 2 SSD
Filer 1 SATA
Pod
Network Container 1
Network Container 2
Compute Network Storage
Service Blueprint
End User request data
Service Governor
Define policies that determine how end user requests get mapped to
underlying resources
• Auto-selection of compute, network & storage pools as defined by policy
• Tenants, service quality, performance, etc (customer defined attributes)
© 2012 Cisco and/or its affiliates. All rights reserved. Presentation_ID Cisco Public
CLM Workflow End-to-End Flow of New Request
Service Catalog
Service Offering Self-service Portal
Service Governor
Makes Placement Decision
Maps to Service Blueprint
Deployment Definition 3
Deployment Definition 2
Deployment Definition 1
DML
Compute & App Network
Resource Manager
Public Cloud Storage
Provisioning of Compute, Storage & Network
Resources available in Portal
Enterprise CMS/CMDB
Cloud DB Updates
Integration with Change, Asset Mgmt
BMC Server Automation BMC Network Automation BMC Atrium Orchestrator 3rd Party
External Resource Providers
Service Blueprint
© 2012 Cisco and/or its affiliates. All rights reserved. Presentation_ID Cisco Public
VMDC + BMC CLM VMDC is a Cisco reference architecture for building Private or
Public IaaS Clouds. ‒CVD Design and Implementation Guides available for VMDC 1.0 (Jan2011), VMDC 2.0 (Jan2011), and for VMDC 2.2 (Nov2011)
‒Reference design with a set of Platforms, Service tiers etc.
‒Can be used as basis for more specific customer designs, platforms, service tiers.
BMC CLM validated as part of VMDC solution ‒CLM 1.0.1 validated as part of VMDC 2.0, CLM 2.1 validated as part of VMDC 2.2.
‒CLM 1.0.1 Design & Validation Guides
‒VMDC Network containers, Blueprints and Workflows, available “Out-of-box” in CLM.
‒Modified customer Cloud designs, will need customization of BMC CLM (with BMC and Cisco Advances Services)
© 2012 Cisco and/or its affiliates. All rights reserved. Presentation_ID Cisco Public
Use VMDC as-is, or with modifications
Standardized POD design, baseline set of services in POD – homogenous, repeatable
Simplify designs for topologies, service tiers etc – simpler workflows Simple Design: 1-2 Zones, 2-5 VLANs, 1 VRF, 1VFW, 1 vSLB etc. Complex Design: 5-6 Zones, 5-10 VLANs, 3-5 VRFs, 2-4 vFWs, 2-4 vSLB etc – complex routing between tiers/zones.
Minimize number of Service Tiers, Network Containers/Zones, Service Offerings – service catalog
Simpler design leads to fewer touchpoints - efficient orchestration
Faster customization and deployment of CLM
Identify scale limits within each layer of the POD – Resource Pools, and Capacity/Resource Management
Easier to maintain, troubleshoot, identify faults, provide service assurance.
Cloud Data Center Design: Deploying VMDC + BMC CLM
© 2012 Cisco and/or its affiliates. All rights reserved. Presentation_ID Cisco Public
• Dynamic resource re-allocation
• Capacity Management and Dynamic Placement
• Build Once, but Flexibility to Add/Modify and Define New Services
• Add additional Firewalls, Additional Interfaces/VLANs etc.
• New Flexible Container Model that defines 5 Zones in Out-of-Box CLM Network Container • Use 1 or more Zones as per your Cloud deployment needs
• Resources only assigned/created for Zones that will be needed
• Once a Network Container has been created with 1 or more Zones, additional Zones can be added or deleted as needed
• Within a Zone, Flexibility to Add/Delete additional VLAN, vFW, vSLB
• Zones inter-connected through VRFs and vFWs
Future-proofing Tenant Service Definitions Zone Based Flexibility
© 2012 Cisco and/or its affiliates. All rights reserved. Presentation_ID Cisco Public
CLM 2.5 Flexible Container
Internet MPLS Core
CUST NW
PVT
PVT-Protected
PVT-Custom
PUB-Protected
PUB-Custom
© 2012 Cisco and/or its affiliates. All rights reserved. Presentation_ID Cisco Public
Cisco Cloud Management Solutions High Scale & Multi-tenant Apps Significant Complexity Established Market Position Complex Cloud Target/SP
Others like OpenStack Leveraging partner
company assets
Automation of IT processes Integration of apps to the
business process Private Cloud/ Large
Enterprises
CISCO COMMON TECHNOLOGY Network Hypervisor
CCN, etc.
OpenStack
© 2012 Cisco and/or its affiliates. All rights reserved. Presentation_ID Cisco Public
Cisco Intelligent Automation for Cloud
Customized workflows to promote consistent implementation of best practices and business processes
Self-service portal to order and manage services through service catalogs
Provides interfaces into the resource managers to integrate resource management into operational processes.
CMDB
IT Service Management
Tools
Cis
co In
telli
gen
t Au
tom
atio
n f
or
Clo
ud
Service Catalog and Self-Service Portal Cisco Cloud Portal
Global Orchestration and Reporting Cisco Process Orchestrator
Adapter Framework
OS/SW Provisioning
Cisco Server Provisioner
Virtualization Managers
e.g. ,VMWare vCenter
Clo
ud
Au
tom
atio
n P
ack
Hardware Managers
e.g., UCS Manager, Cisco NSM
Compute Resources
Virtual Infrastructure
Network Resources
Storage Resources
Billing/ Chargeback
Monitoring and Governance
© 2012 Cisco and/or its affiliates. All rights reserved. Presentation_ID Cisco Public
Network Automation Pre-provisioned Storage Compute Automation
CIAC 3.0 + Adv. Networking on VMDC
IT Service Catalog and Portal
Global Orchestration
Domain Managers
Orchestration
Catalog, Order, Offer, Metering, Billing,
Chargeback
UCS Manager
VCenter
Ticketing
Monitoring
CMDB
Cisco Cloud Portal
Tidal Server Provisioner
Cisco Process
Chargeback
AD (LDAP)
Governance
Netapp FAS EMC VMax UCS B-series Blades
ESX 5, VMs
Win2008 R2 OS
DSN (Cat6500, ACE-SM, ACE30)
Nexus 5K, 7K
Cisco software OEM software Domain managers within infra. Infrastructure elements/devices
Cisco Network Services Manager
© 2012 Cisco and/or its affiliates. All rights reserved. Presentation_ID Cisco Public
How Cisco Network Services Manager Works Automates and virtualizes infrastructure services using abstracted models and policies that define and control the characteristics and behavior of the cloud
Cisco® Network Services Manager
Consumers Users and Groups
Consumables
Data Center (Computing and Storage Resources)
Network Access and Security Services
Abstracted Business Model
Abstracted Cloud Operational Model
Abstracted Service and Topology Model
Increases efficiency and reduces the cost of delivering virtualized computing and storage
Provides dynamic policies for more Specific Control across operational Domains and vendor devices
Scales well in highly fluid cloud environments
© 2012 Cisco and/or its affiliates. All rights reserved. Presentation_ID Cisco Public
Cisco Network Services Manager Operational Model
Cisco® Network Services Manager Engine
Abstracted Business Model
Abstracted Services and Topology Model
Abstracted Cloud Operational Model
Cisco Network Services Manager Controller
Cisco Network Services Manager Controller
Cisco Network Services Manager Controller
Pod/Block
Pod/Block
Pod/Block
Com
pute
Net
wo
rk
Sto
rage
Com
pute
Net
wo
rk
Sto
rage
Com
pute
Net
wo
rk
Sto
rage
NB API
JMS Transport
Network Services Manager allows administrators the ability to define the logical constructs of their cloud (access/security, tiers of service, resources and constraints).
Tenant Container
Tenant Container
Enterprise Network
Network Container
Tenant Network Container
Tenant Network Container
Network Container
Tenant Network Container
Network Container (Application)
Internet
Network
Container (Web)
FW
FW
MPLS Network
© 2012 Cisco and/or its affiliates. All rights reserved. Presentation_ID Cisco Public
Common abstraction layer
Standardized API
Flexible, easily consumable interface
Ensures that network remains viable part of cloud framework
Fastest deployment and lowest operating costs for cloud
Why Cisco Network Services Manager
Orchestration Module
Automation Module
Service Catalog Service Portal
Cisco® Network Services Manager
SP VMDC Pod Enterprise VMDC
Pod
Open REST API Abstraction Layer
VNMC
© 2012 Cisco and/or its affiliates. All rights reserved. Presentation_ID Cisco Public
Cisco Network Services Manager Northbound API
Designed specifically for cloud solutions where Cisco Network Services Manager is used to provision the network into which VMs are deployed.
Implemented as a REST style API, with XML representations.
Fully asynchronous operation, allowing for requesting long-running provisioning tasks.
To be used for integration, not direct end-user access. Most operations are intended to be executed as a single authenticated superuser.
All objects are tied to a specific tenant for traceability and future integration with metering, billing, and service assurance functions.
Described in detail in “Cisco Network Services Manager API Specification and Reference”.
© 2012 Cisco and/or its affiliates. All rights reserved. Presentation_ID Cisco Public
• The ability to assure SLAs is a key barrier to entry to cloud services for enterprises
• The ability to assure SLAs is a key differentiator for SPs over public cloud services, enabling SP to realise the virtual private cloud opportunity
• The challenge for SPs is how to assure the delivery of SLAs:
• That are easy for customers to understand
• Across network infrastructure, compute, storage, services and applications
• In a dynamically changing environment with high churn
• Whilst remaining cost effective
From Day-1 to Day-2 Operations
© 2012 Cisco and/or its affiliates. All rights reserved. Presentation_ID Cisco Public
Cloud SLA Assurance Framework
Service Level Definition
Service Design
Service Management & Operations
Service optimisation
Define the service levels you are going to deliver
• Topology design • High Availability • Convergence • Quality of Service • Security
• Fault Management • Performance Monitoring • Capacity planning • Incident / problem mgmt • Remediation
• Traffic Engineering Service Provision •Admission Control •Demand Engineering
Service Definition
Service Engineering
Service Assurance
© 2012 Cisco and/or its affiliates. All rights reserved. Presentation_ID Cisco Public
Tenant-based service-impact analysis Example: Service topology modeling integrated Service Impact & Root cause
Zenoss Cloud Service Assurance for VMDC
Service Impact Events
Ranked probable root-cause events
Service Topology
3
4
3
4
© 2012 Cisco and/or its affiliates. All rights reserved. Presentation_ID Cisco Public
Answers: what’s really broken ?
Reduces MTTR by classifying events in probable root-cause vs. symptomatic events
Common techniques used for root-cause analysis
• Event-correlation rules
• Service topology modeling (CLSA-VMDC 2.2)
• Emerging analytics based technologies
Answers: who & how is impacted ?
Reduces MTTR by prioritizing events by business relevance and urgency
Prevents future failures by identifying service impacting technical risk
Provides data for service availability SLA reporting
Identifies whether redundancy protected the service availability
Root-cause Analysis Service-impact Analysis
Two distinct functions – but can be implemented in integrated way to answer “What really caused impact on the services?”
Root-cause & Service Impact Analysis
© 2012 Cisco and/or its affiliates. All rights reserved. Presentation_ID Cisco Public
Orchestrated Tenant & VM On-boarding Zenoss + CIAC
73
CIAC sends the mapping of VM to Tenant to Zenoss
vPC – po50
vPC – po60
Zenoss Discovers Existing Infrastructure Before tenant is added
CIAC A tenant user requests a VM
Tenant User TEO
CIAC provisions the VM
CCP
Zenoss auto-discovers newly provisioned VM and updates the graph after tenant VM is added
The updated dependency graph
1 2
4 0 3
Zenoss API: Tenant, Service,VM
© 2012 Cisco and/or its affiliates. All rights reserved. Presentation_ID Cisco Public
Single Normalized & Service Abstracted NBI
Nexus 7k
Nexus 1kv
Nexus 5k Cat6k – VSS ACE, ASA MDS
DC Access DC WAN Edge DC Agg/Core Virtualization
SP OSS systems (MoM, Ticketing,etc.)
VMDC Infrastructure
UCS
Storage Compute
ASR9k, ASR1k
Network Services
VMDC Cloud Service Assurance Service Assurance Manager Dozens of
VMDC device interfaces
Abstracts multiple device interfaces with single interface
Abstracts devices with services
Application based Assurance Systems (e.g. HCS Assurance)
Thousands of device events
1
1
2
2
© 2012 Cisco and/or its affiliates. All rights reserved. Presentation_ID Cisco Public
Agenda Cloud Overview
VMDC IaaS Cloud Solution ‒ Scalability
‒ Multi-tenancy
‒ Security/Isolation
‒ Service Tiers
Service Orchestration ‒ Overview, Framework
‒ BMC Cloud Lifecycle Management
‒ Cisco Intelligent Automation for Cloud
‒ Service Assurance
© 2012 Cisco and/or its affiliates. All rights reserved. Presentation_ID Cisco Public
Choose a Cloud/DC design that is flexible and scalable
IaaS, Application specific POD’s are key for repeatable and scalable Cloud design
Design (network, service tiers etc) should be relatively simple (not too many variations) to simplify Orchestration
Service Orchestration and self-service portals are key for elastic and on-demand Cloud deployments
Hybrid Cloud possible with offline migration into VMDC, using Data Center Interconnect and vCloud Director
Service Assurance is key for migrating to Cloud services
Cisco has validated and has CVD/DIGs for VMDC Infrastructure, BMC CLM and CIAC Orchestration. Use these as reference architecture.
Key Takeaways
© 2012 Cisco and/or its affiliates. All rights reserved. Presentation_ID Cisco Public
Complete Your Online Session Evaluation Give us your feedback and you
could win fabulous prizes. Winners announced daily.
Receive 20 Passport points for each session evaluation you complete.
Complete your session evaluation online now (open a browser through our wireless network to access our portal) or visit one of the Internet stations throughout the Convention Center.
Don’t forget to activate your Cisco Live Virtual account for access to all session material, communities, and on-demand and live activities throughout the year. Activate your account at the Cisco booth in the World of Solutions or visit www.ciscolive.com.
77