cisco connect toronto 2017 - simplifying cloud adoption

© 2016 Cisco and/or its affiliates. All rights reserved. 1

CiscoConnect

Simplifying Cloud Adoption with CiscoRonnie ScottTechnical Solutions Architect

12-Oct-2017

2© 2016 Cisco and/or its affiliates. All rights reserved.

The World of Many Clouds


The World of Many Clouds

Private Cloud

SDN Controller

Automation / Orchestration

Data Center 1

Leaf Leaf Leaf

Spine Spine Spine Spine

Border Border

Data Center 2Spine Spine Spine Spine

Leaf Leaf Leaf Border Border

Data Center Interconnect

© 2016 Cisco and/or its affiliates. All rights reserved. 4Presentation ID

Defining the Hybrid Cloud

Cloud Management Platform

Public Cloud

Community Cloud

Private Cloud

Policy


Cloud computing is a model for enabling ubiquitous,

convenient, on-demand network access to a shared pool of

configurable computing resources (e.g., networks, servers,

storage, applications, and services) that can be rapidly

provisioned and released with minimal management effort or

service provider interaction.

NIST Cloud Computing Definition



convenient, on-demand network access to a (e.g., networks,

servers, storage, applications, anshared pool of configurable

computing resourcesd services) that can be rapidly





The Cost Benefits

HW/SW Costs Licencing Costs

Maintenance Costs

Environmental Costs Support Costs


Low Utilization Costs Money

0

2

4

6

8

10

12

5 10 15 20 25 30 35 40 45 50

Public

Private

Legacy


So Do Value-Added Cloud Services

0

2

4

6

8

10

12

14

16

5 10 15 20 25 30 35 40 45 50

Public

Private

Legacy

Redundant

Gauranteed


Reduced Complexity = Increased ReturnSaaS

• No Infrastructure

• No Management

• No Helpdesk

• Universal Access


Reduced Complexity = Reduced ControlSaaS

• Who Owns Your Data?

• What Customization Is Available?

• How Much Help Is Their Helpdesk?

• What Security Do They Offer?

• Can You Repatriate Data?

• What Is Their SLA?


Account Sprawl

ITFinance

HR

ProcurementSales

Manufacturing


Utilise Existing Resources

• Idle Resources Are Cheaper Than Any Cloud


Building the Private Cloud


IT as a Service IaaS | PaaS | SaaS | XaaS

Flexible Consumption Models

CONSOLIDATIONVIRTUALIZATION

HYBRID CLOUDS

POLICY DRIVENAUTOMATION

TRADITIONAL DATA CENTER

We are here

CLOUD-READY DATA CENTER


Build The Foundation

Private Cloud

Element ManagerData Center 1

Leaf Leaf Leaf


Border Border





“How do I automate and orchestrate the network?”


Automation


Orchestration


Two approaches to Control Systems

Air traffic control tells where to take off from, but not how to fly the plane

Baggage handlers follow sequences of simple, basic instructions

IMPERATIVE CONTROL DECLARATIVE CONTROL


“Cisco UCS provides a true single point of management, simplifying orchestration”


Subject Matter ExpertsDefine Policies

1

UCS: Embedded AutomationIntegrated, Policy-Based Infrastructure Management

Policies CreateService Profile Templates

Clone Templates toCreate Service Profiles

Associate Service Profiles to Configure Hardware

Uplink port configuration, VLAN, VSAN, QoS, and EtherChannels

Server port configuration including LAN and SAN settings

Network interface card (NIC) configuration: MAC address,VLAN, and QoS settings;host bus adapter HBA configuration: worldwide names (WWNs), VSANs, and bandwidth constraints;and firmware revisions

Unique user ID (UUID), firmware revisions,and RAID controller settings

Service profile assigned to server, chassis slot, or pool





















2 3 4

NetworkSME

ServerSME

StorageSME


Leaf / Spine Forwarding

Leaf

Spine Spine SpineSpine

Leaf

PacketSent

Lookup NextHop

Encapsulate &forward

Decapsulate &Deliver

ServiceLeaf

BorderLeaf

Campus Network

Controller


APIC

Software Defined Networks – ACI

ADC APP DBF/WADC

WEB

HYPERVISORHYPERVISOR HYPERVISOR


Automate and Orchestrate - UCS Director

Policy-Driven Provisioning

VMsComputeNetwork Storage

Tenant

BTenant

CTenant

A

Virtualized and Bare-Metal

Physical Compute

B CANetwork and Services

VM VM BareMetal

BRKPCA-2020


Private Cloud

Element ManagerSDN Controller


Deliver a Cloud Experience

Data Center 1

Leaf Leaf Leaf


Border Border





TCP: *,443 C

C

C

Provisioning Automation

Self-Service Catalog

Application-Centric Infrastructure

Self-Describing Packaging Manageability Fault-Tolerant Self-Optimizing

Application Developers Cloud Orchestration DC Resources

AutomationPacks

C

C

C

C

C

DEPLOYCLICKMODEL

WEB APP


Consuming the "Right" Cloud


Cost Security DRAvailabilityTimeliness

Scalability Performance RepatriationComplianceSupport

Defining Application Priorities


Cisco's Cloud Tools


Defining Application Linkages

• Application Team Knowledge

• Network AnalysisTetration

• Cloud Management ToolsCisco Cloud Center


Define Network Relationships


Security

Dependencies

Application

Service Offering

Service

Service Category

(Service Owner)

Create Application Dependency Map – Tetration

Use CiscoTetration Analytics™outcome to generate

white-list policies


Infrastructure-CentricCloud-Specific workflows and ScriptsLabor /Services Intensive

UniqueScript /

Workflow

Application-Centric

Cloud-Agnostic

Low TCOUniqueScript /

Workflow

UniqueScript /

Workflow

Script-Based Application Profile-Based

Create Application Profiles – CloudCenter


Create Application Profiles – CloudCenter

DataCenter

DEPLOY

MANAGE

MODEL

Public Cloud

PrivateCloud

One Integrated Platform

Lifecycle Management

New and ExistingApplications


Reduce to to valueto provision VM or Application

Enable governance on policies and sharing across business units

Control application development costs across SDLC

Cisco Services for CloudCenter

CloudCenter Deployment

Configure CloudCenter

Model Application Profile

Analyze Environment Readiness

Configure Governance

& Policy

Deploy and Validate


Cloud Based Network Function Virtualization

• CSR 1000v

• ASAv

• NGFWv

• Meraki vMX100

• ACI Anywhere


Performance Validation


www

User Applications Code Infrastructure

AppDynamics: End-to-End Application Intelligence

AppDynamics

Fast Time To ValueAutomated map and correlation

Unified VisibilityEUM, APM, Infrastructure

Contextual & ActionableBusiness Transactions


AppDynamics: Highly Correlated Data ModelThe Business Transaction Enables Unifying and Strategic Context

“Before AppDynamics, we were paramedics, but with AppDynamics we are brain surgeons.”

Server UserSession

Network

Database AppCode

Business Transaction BusinessMetrics

INFRAInfrastructure

Visibility

EUMEnd User Monitoring

APMApplication

Performance Management


Cisco Workload Optimization Manager Automated Decision Engine determines workload placement and scaling by matching resource demands to available supply.

• Deploys in <20 minutes

• Performance analysis in 1 hour

• Full demand profile in 72 hours


Automatable Upsizing

Continuous VM resource monitor

Add CPU or Memory to running VM – no reboot or downtime required

Targeted Rightsizing

Track historical VM resource utilization

Reduce CPU or Memory allocated to a VM – during maintenance downtime

Fundamental Capabilities: Scaling


Data Center

Moves workloads, assures performance, increases density

Placements abide by business or license constraints.

Cloud

Placement in public cloud based on best cost, while assuring performance.

Placements abide by business, license, or data sovereignty constraints.

Fundamental Capabilities: Placement

✔

$

Use Cases

Data Center Modernization

Data Center Optimization

Hybrid Cloud Optimization


Cloud Security


Cisco Cloud Security

UmbrellaSecure Internet GatewaySecure access to the internet

wherever users go, even off VPN

CloudlockCloud Access Security Broker

Secure users, data, and apps across SaaS, PaaS, and IaaS

Users Data Apps

SAAS / PAAS / IAAS

Umbrella InvestigateThreat intelligence

View relationships between malware, domains, and IPs across the internet


UmbrellaStart blocking in minutes

Easiest security product you’ll ever deploy

Signup1

2 Point your DNS

3 Done


Investigate: the most powerful way to uncover threats

Console

API

SIEM, TIP

Key points

Intelligence about domains, IPs, and malware across the internet

Live graph of DNS requests and other contextual data

Correlated against statistical models

Discover and predict malicious domains and IPs

Enrich security data with global intelligence

domains, IPs, ASNs, file hashes


Cisco Cloudlock addresses customers’ most critical cloud security use cases

Discover and Control

User and EntityBehavior Analytics

Cloud Data Loss Prevention (DLP) Apps Firewall

Cloud Malware

Shadow IT/OAuth Discovery and Control

Data Exposures and Leakages

Privacy and Compliance Violations

Compromised Accounts

Insider Threats


CASB – API Access (cloud to cloud)

ADMINOAUTH

ACCESS

Public APIsADMINOAUTH

ACCESSAuthorized

Cisco NGFW / Umbrella

ManagedUsers

ManagedDevices

ManagedNetwork

UnmanagedUsers

UnmanagedDevices

UnmanagedNetwork


Conclusion


Understand Your Customer Expectations

• Simplified User Portals

• Rapid Delivery Times

• Cost Effective Infrastructure

• Strong Security

• Flexible Access Models


Private Cloud

Element ManagerSDN Controller


Become More Cloudy

Data Center 1

Leaf Leaf Leaf


Border Border





Leverage All Available Resources

Private Cloud

SDN Controller


Data Center 1

Leaf Leaf Leaf


Border Border




Private Cloud

SDN Controller


Data Center 1

Leaf Leaf Leaf


Border Border




Private Cloud

SDN Controller


Data Center 1

Leaf Leaf Leaf


Border Border





Put Security Everywhere

Thank you.

cisco connect toronto 2017 - simplifying cloud adoption

Technology