cisco connect toronto 2017 - simplifying cloud adoption
TRANSCRIPT
© 2016 Cisco and/or its affiliates. All rights reserved. 1
CiscoConnect
Simplifying Cloud Adoption with CiscoRonnie ScottTechnical Solutions Architect
12-Oct-2017
2© 2016 Cisco and/or its affiliates. All rights reserved.
The World of Many Clouds
© 2016 Cisco and/or its affiliates. All rights reserved. 3
The World of Many Clouds
Private Cloud
SDN Controller
Automation / Orchestration
Data Center 1
Leaf Leaf Leaf
Spine Spine Spine Spine
Border Border
Data Center 2Spine Spine Spine Spine
Leaf Leaf Leaf Border Border
Data Center Interconnect
© 2016 Cisco and/or its affiliates. All rights reserved. 4Presentation ID
Defining the Hybrid Cloud
Cloud Management Platform
Public Cloud
Community Cloud
Private Cloud
Policy
© 2016 Cisco and/or its affiliates. All rights reserved. 5Presentation ID
Cloud computing is a model for enabling ubiquitous,
convenient, on-demand network access to a shared pool of
configurable computing resources (e.g., networks, servers,
storage, applications, and services) that can be rapidly
provisioned and released with minimal management effort or
service provider interaction.
NIST Cloud Computing Definition
© 2016 Cisco and/or its affiliates. All rights reserved. 6Presentation ID
Cloud computing is a model for enabling ubiquitous,
convenient, on-demand network access to a shared pool of
configurable computing resources (e.g., networks, servers,
storage, applications, and services) that can be rapidly
provisioned and released with minimal management effort or
service provider interaction.
NIST Cloud Computing Definition
© 2016 Cisco and/or its affiliates. All rights reserved. 7Presentation ID
Cloud computing is a model for enabling ubiquitous,
convenient, on-demand network access to a shared pool of
configurable computing resources (e.g., networks, servers,
storage, applications, and services) that can be rapidly
provisioned and released with minimal management effort or
service provider interaction.
NIST Cloud Computing Definition
© 2016 Cisco and/or its affiliates. All rights reserved. 8Presentation ID
Cloud computing is a model for enabling ubiquitous,
convenient, on-demand network access to a shared pool of
configurable computing resources (e.g., networks, servers,
storage, applications, and services) that can be rapidly
provisioned and released with minimal management effort or
service provider interaction.
NIST Cloud Computing Definition
© 2016 Cisco and/or its affiliates. All rights reserved. 9Presentation ID
Cloud computing is a model for enabling ubiquitous,
convenient, on-demand network access to a (e.g., networks,
servers, storage, applications, anshared pool of configurable
computing resourcesd services) that can be rapidly
provisioned and released with minimal management effort or
service provider interaction.
NIST Cloud Computing Definition
© 2016 Cisco and/or its affiliates. All rights reserved. 10Presentation ID
Cloud computing is a model for enabling ubiquitous,
convenient, on-demand network access to a shared pool of
configurable computing resources (e.g., networks, servers,
storage, applications, and services) that can be rapidly
provisioned and released with minimal management effort or
service provider interaction.
NIST Cloud Computing Definition
© 2016 Cisco and/or its affiliates. All rights reserved. 11Presentation ID
Cloud computing is a model for enabling ubiquitous,
convenient, on-demand network access to a shared pool of
configurable computing resources (e.g., networks, servers,
storage, applications, and services) that can be rapidly
provisioned and released with minimal management effort or
service provider interaction.
NIST Cloud Computing Definition
© 2016 Cisco and/or its affiliates. All rights reserved. 12
The Cost Benefits
HW/SW Costs Licencing Costs
Maintenance Costs
Environmental Costs Support Costs
© 2016 Cisco and/or its affiliates. All rights reserved. 1313Presentation ID
Low Utilization Costs Money
0
2
4
6
8
10
12
5 10 15 20 25 30 35 40 45 50
Public
Private
Legacy
© 2016 Cisco and/or its affiliates. All rights reserved. 1414Presentation ID
So Do Value-Added Cloud Services
0
2
4
6
8
10
12
14
16
5 10 15 20 25 30 35 40 45 50
Public
Private
Legacy
Redundant
Gauranteed
© 2016 Cisco and/or its affiliates. All rights reserved. 1515Presentation ID
Reduced Complexity = Increased ReturnSaaS
• No Infrastructure
• No Management
• No Helpdesk
• Universal Access
© 2016 Cisco and/or its affiliates. All rights reserved. 1616Presentation ID
Reduced Complexity = Reduced ControlSaaS
• Who Owns Your Data?
• What Customization Is Available?
• How Much Help Is Their Helpdesk?
• What Security Do They Offer?
• Can You Repatriate Data?
• What Is Their SLA?
© 2016 Cisco and/or its affiliates. All rights reserved. 1717Presentation ID
Account Sprawl
ITFinance
HR
ProcurementSales
Manufacturing
© 2016 Cisco and/or its affiliates. All rights reserved. 1818Presentation ID
Utilise Existing Resources
• Idle Resources Are Cheaper Than Any Cloud
19© 2016 Cisco and/or its affiliates. All rights reserved.
Building the Private Cloud
© 2016 Cisco and/or its affiliates. All rights reserved. 20
IT as a Service IaaS | PaaS | SaaS | XaaS
Flexible Consumption Models
CONSOLIDATIONVIRTUALIZATION
HYBRID CLOUDS
POLICY DRIVENAUTOMATION
TRADITIONAL DATA CENTER
We are here
CLOUD-READY DATA CENTER
© 2016 Cisco and/or its affiliates. All rights reserved. 21Presentation ID
Build The Foundation
Private Cloud
Element ManagerData Center 1
Leaf Leaf Leaf
Spine Spine Spine Spine
Border Border
Data Center 2Spine Spine Spine Spine
Leaf Leaf Leaf Border Border
Data Center Interconnect
© 2016 Cisco and/or its affiliates. All rights reserved. 22
“How do I automate and orchestrate the network?”
© 2016 Cisco and/or its affiliates. All rights reserved. 23
Automation
© 2016 Cisco and/or its affiliates. All rights reserved. 24
Orchestration
© 2016 Cisco and/or its affiliates. All rights reserved. 25
Two approaches to Control Systems
Air traffic control tells where to take off from, but not how to fly the plane
Baggage handlers follow sequences of simple, basic instructions
IMPERATIVE CONTROL DECLARATIVE CONTROL
© 2016 Cisco and/or its affiliates. All rights reserved. 26
“Cisco UCS provides a true single point of management, simplifying orchestration”
© 2016 Cisco and/or its affiliates. All rights reserved. 27
Subject Matter ExpertsDefine Policies
1
UCS: Embedded AutomationIntegrated, Policy-Based Infrastructure Management
Policies CreateService Profile Templates
Clone Templates toCreate Service Profiles
Associate Service Profiles to Configure Hardware
Uplink port configuration, VLAN, VSAN, QoS, and EtherChannels
Server port configuration including LAN and SAN settings
Network interface card (NIC) configuration: MAC address,VLAN, and QoS settings;host bus adapter HBA configuration: worldwide names (WWNs), VSANs, and bandwidth constraints;and firmware revisions
Unique user ID (UUID), firmware revisions,and RAID controller settings
Service profile assigned to server, chassis slot, or pool
Uplink port configuration, VLAN, VSAN, QoS, and EtherChannels
Server port configuration including LAN and SAN settings
Network interface card (NIC) configuration: MAC address,VLAN, and QoS settings;host bus adapter HBA configuration: worldwide names (WWNs), VSANs, and bandwidth constraints;and firmware revisions
Unique user ID (UUID), firmware revisions,and RAID controller settings
Service profile assigned to server, chassis slot, or pool
Uplink port configuration, VLAN, VSAN, QoS, and EtherChannels
Server port configuration including LAN and SAN settings
Network interface card (NIC) configuration: MAC address,VLAN, and QoS settings;host bus adapter HBA configuration: worldwide names (WWNs), VSANs, and bandwidth constraints;and firmware revisions
Unique user ID (UUID), firmware revisions,and RAID controller settings
Service profile assigned to server, chassis slot, or pool
Uplink port configuration, VLAN, VSAN, QoS, and EtherChannels
Server port configuration including LAN and SAN settings
Network interface card (NIC) configuration: MAC address,VLAN, and QoS settings;host bus adapter HBA configuration: worldwide names (WWNs), VSANs, and bandwidth constraints;and firmware revisions
Unique user ID (UUID), firmware revisions,and RAID controller settings
Service profile assigned to server, chassis slot, or pool
Uplink port configuration, VLAN, VSAN, QoS, and EtherChannels
Server port configuration including LAN and SAN settings
Network interface card (NIC) configuration: MAC address,VLAN, and QoS settings;host bus adapter HBA configuration: worldwide names (WWNs), VSANs, and bandwidth constraints;and firmware revisions
Unique user ID (UUID), firmware revisions,and RAID controller settings
Service profile assigned to server, chassis slot, or pool
2 3 4
NetworkSME
ServerSME
StorageSME
© 2016 Cisco and/or its affiliates. All rights reserved. 28
Leaf / Spine Forwarding
Leaf
Spine Spine SpineSpine
Leaf
PacketSent
Lookup NextHop
Encapsulate &forward
Decapsulate &Deliver
ServiceLeaf
BorderLeaf
Campus Network
Controller
© 2016 Cisco and/or its affiliates. All rights reserved. 29
APIC
Software Defined Networks – ACI
ADC APP DBF/WADC
WEB
HYPERVISORHYPERVISOR HYPERVISOR
© 2016 Cisco and/or its affiliates. All rights reserved. 3030
Automate and Orchestrate - UCS Director
Policy-Driven Provisioning
VMsComputeNetwork Storage
Tenant
BTenant
CTenant
A
Virtualized and Bare-Metal
Physical Compute
B CANetwork and Services
VM VM BareMetal
BRKPCA-2020
© 2016 Cisco and/or its affiliates. All rights reserved. 31
Private Cloud
Element ManagerSDN Controller
Automation / Orchestration
Deliver a Cloud Experience
Data Center 1
Leaf Leaf Leaf
Spine Spine Spine Spine
Border Border
Data Center 2Spine Spine Spine Spine
Leaf Leaf Leaf Border Border
Data Center Interconnect
© 2016 Cisco and/or its affiliates. All rights reserved. 32
TCP: *,443 C
C
C
Provisioning Automation
Self-Service Catalog
Application-Centric Infrastructure
Self-Describing Packaging Manageability Fault-Tolerant Self-Optimizing
Application Developers Cloud Orchestration DC Resources
AutomationPacks
C
C
C
C
C
DEPLOYCLICKMODEL
WEB APP
33© 2016 Cisco and/or its affiliates. All rights reserved.
Consuming the "Right" Cloud
© 2016 Cisco and/or its affiliates. All rights reserved. 34
Cost Security DRAvailabilityTimeliness
Scalability Performance RepatriationComplianceSupport
Defining Application Priorities
35© 2016 Cisco and/or its affiliates. All rights reserved.
Cisco's Cloud Tools
© 2016 Cisco and/or its affiliates. All rights reserved. 3636Presentation ID
Defining Application Linkages
• Application Team Knowledge
• Network AnalysisTetration
• Cloud Management ToolsCisco Cloud Center
© 2016 Cisco and/or its affiliates. All rights reserved. 3737Presentation ID
Define Network Relationships
© 2016 Cisco and/or its affiliates. All rights reserved. 38
Security
Dependencies
Application
Service Offering
Service
Service Category
(Service Owner)
Create Application Dependency Map – Tetration
Use CiscoTetration Analytics™outcome to generate
white-list policies
© 2016 Cisco and/or its affiliates. All rights reserved. 39
Infrastructure-CentricCloud-Specific workflows and ScriptsLabor /Services Intensive
UniqueScript /
Workflow
Application-Centric
Cloud-Agnostic
Low TCOUniqueScript /
Workflow
UniqueScript /
Workflow
Script-Based Application Profile-Based
Create Application Profiles – CloudCenter
© 2016 Cisco and/or its affiliates. All rights reserved. 40
Create Application Profiles – CloudCenter
DataCenter
DEPLOY
MANAGE
MODEL
Public Cloud
PrivateCloud
One Integrated Platform
Lifecycle Management
New and ExistingApplications
© 2016 Cisco and/or its affiliates. All rights reserved. 41
Reduce to to valueto provision VM or Application
Enable governance on policies and sharing across business units
Control application development costs across SDLC
Cisco Services for CloudCenter
CloudCenter Deployment
Configure CloudCenter
Model Application Profile
Analyze Environment Readiness
Configure Governance
& Policy
Deploy and Validate
© 2016 Cisco and/or its affiliates. All rights reserved. 42
Cloud Based Network Function Virtualization
• CSR 1000v
• ASAv
• NGFWv
• Meraki vMX100
• ACI Anywhere
43© 2016 Cisco and/or its affiliates. All rights reserved.
Performance Validation
© 2016 Cisco and/or its affiliates. All rights reserved. 44
www
User Applications Code Infrastructure
AppDynamics: End-to-End Application Intelligence
AppDynamics
Fast Time To ValueAutomated map and correlation
Unified VisibilityEUM, APM, Infrastructure
Contextual & ActionableBusiness Transactions
© 2016 Cisco and/or its affiliates. All rights reserved. 45
AppDynamics: Highly Correlated Data ModelThe Business Transaction Enables Unifying and Strategic Context
“Before AppDynamics, we were paramedics, but with AppDynamics we are brain surgeons.”
Server UserSession
Network
Database AppCode
Business Transaction BusinessMetrics
INFRAInfrastructure
Visibility
EUMEnd User Monitoring
APMApplication
Performance Management
© 2016 Cisco and/or its affiliates. All rights reserved. 46
Cisco Workload Optimization Manager Automated Decision Engine determines workload placement and scaling by matching resource demands to available supply.
• Deploys in <20 minutes
• Performance analysis in 1 hour
• Full demand profile in 72 hours
© 2016 Cisco and/or its affiliates. All rights reserved. 47
Automatable Upsizing
Continuous VM resource monitor
Add CPU or Memory to running VM – no reboot or downtime required
Targeted Rightsizing
Track historical VM resource utilization
Reduce CPU or Memory allocated to a VM – during maintenance downtime
Fundamental Capabilities: Scaling
© 2016 Cisco and/or its affiliates. All rights reserved. 48
Data Center
Moves workloads, assures performance, increases density
Placements abide by business or license constraints.
Cloud
Placement in public cloud based on best cost, while assuring performance.
Placements abide by business, license, or data sovereignty constraints.
Fundamental Capabilities: Placement
✔
$
Use Cases
Data Center Modernization
Data Center Optimization
Hybrid Cloud Optimization
50© 2016 Cisco and/or its affiliates. All rights reserved.
Cloud Security
© 2016 Cisco and/or its affiliates. All rights reserved. 51
Cisco Cloud Security
UmbrellaSecure Internet GatewaySecure access to the internet
wherever users go, even off VPN
CloudlockCloud Access Security Broker
Secure users, data, and apps across SaaS, PaaS, and IaaS
Users Data Apps
SAAS / PAAS / IAAS
Umbrella InvestigateThreat intelligence
View relationships between malware, domains, and IPs across the internet
© 2016 Cisco and/or its affiliates. All rights reserved. 52
UmbrellaStart blocking in minutes
Easiest security product you’ll ever deploy
Signup1
2 Point your DNS
3 Done
© 2016 Cisco and/or its affiliates. All rights reserved. 53
Investigate: the most powerful way to uncover threats
Console
API
SIEM, TIP
Key points
Intelligence about domains, IPs, and malware across the internet
Live graph of DNS requests and other contextual data
Correlated against statistical models
Discover and predict malicious domains and IPs
Enrich security data with global intelligence
domains, IPs, ASNs, file hashes
© 2016 Cisco and/or its affiliates. All rights reserved. 54
Cisco Cloudlock addresses customers’ most critical cloud security use cases
Discover and Control
User and EntityBehavior Analytics
Cloud Data Loss Prevention (DLP) Apps Firewall
Cloud Malware
Shadow IT/OAuth Discovery and Control
Data Exposures and Leakages
Privacy and Compliance Violations
Compromised Accounts
Insider Threats
© 2016 Cisco and/or its affiliates. All rights reserved. 55
CASB – API Access (cloud to cloud)
ADMINOAUTH
ACCESS
Public APIsADMINOAUTH
ACCESSAuthorized
Cisco NGFW / Umbrella
ManagedUsers
ManagedDevices
ManagedNetwork
UnmanagedUsers
UnmanagedDevices
UnmanagedNetwork
56© 2016 Cisco and/or its affiliates. All rights reserved.
Conclusion
© 2016 Cisco and/or its affiliates. All rights reserved. 5757Presentation ID
Understand Your Customer Expectations
• Simplified User Portals
• Rapid Delivery Times
• Cost Effective Infrastructure
• Strong Security
• Flexible Access Models
© 2016 Cisco and/or its affiliates. All rights reserved. 58
Private Cloud
Element ManagerSDN Controller
Automation / Orchestration
Become More Cloudy
Data Center 1
Leaf Leaf Leaf
Spine Spine Spine Spine
Border Border
Data Center 2Spine Spine Spine Spine
Leaf Leaf Leaf Border Border
Data Center Interconnect
© 2016 Cisco and/or its affiliates. All rights reserved. 59
Leverage All Available Resources
Private Cloud
SDN Controller
Automation / Orchestration
Data Center 1
Leaf Leaf Leaf
Spine Spine Spine Spine
Border Border
Data Center 2Spine Spine Spine Spine
Leaf Leaf Leaf Border Border
Data Center Interconnect
Private Cloud
SDN Controller
Automation / Orchestration
Data Center 1
Leaf Leaf Leaf
Spine Spine Spine Spine
Border Border
Data Center 2Spine Spine Spine Spine
Leaf Leaf Leaf Border Border
Data Center Interconnect
Private Cloud
SDN Controller
Automation / Orchestration
Data Center 1
Leaf Leaf Leaf
Spine Spine Spine Spine
Border Border
Data Center 2Spine Spine Spine Spine
Leaf Leaf Leaf Border Border
Data Center Interconnect
© 2016 Cisco and/or its affiliates. All rights reserved. 60
Put Security Everywhere
Thank you.