cisco innovation highlights microsoft ignite
TRANSCRIPT
Cisco DC& Cloud Technologies Being Introduced @ Ignite
Cisco Microsoft Global Marketing Team
Released: May 5th, 2015
Overview1. Application Centric Infrastructure
(ACI)
2. Cisco Services Router (CSR)1000V
3. Cisco Intercloud Fabric (ICF)
Cisco ACI for the Microsoft Cloud PlatformDelivering next generation cloud services with application centric infrastructure
Microsoft Cloud Platform
• Windows Azure Pack 2.0 (WAP)
• Provides a tenant facing portal to create
virtual networks.
• System Center 2012 R2 Virtual Machine
Manager (SCVMM)
• Provides centralized management of the
virtual networks.
• Hyper-V
• Virtualizes network traffic.
• Gateways provide connections between
virtual and physical networks.Windows Server 2012 R2 with Hyper-V
Microsoft System Center
Windows Azure Pack
Windows Azure Pack (WAP)/ SCVMM
• WAP Admin sets up the services and resource clouds that are made available to tenants.
• Works with server, network, security, and storage teams to provide the physical resources
• Tenant has self-service provisioning and management for compute, network, and storage.
Using Microsoft Cloud Platform today
Web sites VMs Service
bus
Virtual
Networks
Database
• Increased Agility For Virtual Devices –Faster configuration and provisioning of virtual
devices
• Partial Solution – Embedded support only for
virtual devices
• Operational Complexity – Two networks
• No Traffic Visibility – Limited troubleshooting
• Limited Scale – Centralized gateways,
sub-optimal traffic flow Physical and Virtual Resources
Overlay - Virtual Devices
Physical Resources
Two Networks
Advantage
Disadvantage
Industry Solutions: Software Only Overlay Supports Virtual Resources Over Traditional Networks
Gateway
One Integrated Network for
Physical and Virtual Resources
Overlay - Virtual Devices
Physical Resources
Two Networks Gateway
Advantage
• Highest Agility – Consistent policy across
physical and virtual
• Open – Multi-hypervisor/vendor support
• Operational Efficiency – Single network
• Deep Traffic Visibility – Simplified
analysis and troubleshooting
• Highly Scalable – Integrated gateways,
optimized traffic flow
Industry Solutions: Integrated Hardware and Software Overlay Supports Virtual and Physical Resources Over Optimized Network
Flexible SecureConsistent
Introducing Cisco ACI for the Microsoft Cloud Platform
• A next-generation solution, designed to meet today’s rapidly changing
business needs
• Cisco and Microsoft together deliver:
• New cloud services for tenants and their enterprise applications
• A new operational model
• Policy-driven infrastructure
A clear evolutionary path
Open
Application-centric
Control
Control/ Visibility
Across P & V Interoperability
APIsAutomated
Compliant
ACI FABRIC
Microsoft System Center | R2 w/ Service Provider Foundation
Azure Pack GUI
Cisco ACI: Microsoft System Center / Azure Pack 2.0
Websites, Apps, Database, VMs, ACI
Provider PortalConsumer
Self-Service Portal
Websites VMs SQL Service BusFuture
Services
Policy Management: APIC / Azure Pack
VM Discovery: OpFlex
Encapsulation: VLAN, NVGRE
Zero touch network provisioning
Service Insertion (Physical/ Virtual)
ACI PROVIDER
SERVICE
OpFlex Driver
Business
Requirements
Application Centric Infrastructure Automating IT by Making Applications the Focal Point
STORAGE
POLICY POLICY
SECURITYCOMPUTEL4-7 SERVICES
Applications Policy Integrated Physical and Virtual
Agile, Open and Secure
Open
App Requirements Drive
Network Deployment/Operation
Secure
• Speed through Automation
• Physical and Virtual Endpoints with
Consistent Policy
• Application Health Monitoring
• H/W Based VXLAN Gateway
Agile
• Whitelist Approach
• Multitenant Aware
• Simplified Compliance
• Open APIs, Open Source and Open
Standards
• Customer Choice And Interoperability
• Drives Innovation
Policy
Automation
Visibility Scale and
Performance
Open
API’s
Partner
Ecosystem
Multi-Tenant
Security
Compliance
ACI Solution: Agile, Open, and Secure
Application Centric Policy Open EcosystemACI Fabric/Nexus 9000
Industry Leading
Technology
Partnerships
Pillars of ACI
Application Centric Infrastructure
Rapid Deployment of Applications onto Open Networks with Scale, Security and Full Visibility
ACI FABRIC
Example Use CaseShared Service Plan
Common Address Space L4-L7 Network Services
Database Network File Server
APPLICATION NETWORK PROFILE
WEB APP DBF/W
ADCADC
APP APP APPWEB WEB WEB DB DB DB
Shared Services
192.168.1.0/24
APPLICATION NETWORK PROFILE
WEB APP DBF/W
ADCADC
APP APP APPWEB WEB WEB DB DB DB
New Application New Application
Without ACI With ACI
0101010
Application
Requirements
IT Administrators
work in silosWeeks
There is no shared
architectural model
Simple
Application
Policy
0101010
APIC
APIC
IT Admins work at the
application level
Fast
Hours
Shared model for
policy automation
EfficientInefficient
Slow
Complex
Scenario: Deploying an app in minutes not weeks
Open Ecosystem
UCS ACIInter
cloud
Open Interfaces
RESTful APIs ( XML)
PowerShell Python(JSON)
Open Standards
OpFlexNSHVXLAN
Build Data Centers on Open Architectures
Open StandardsEnsure interoperability and choice
Open interfacesExtend, enhance, and customize your solution
Open EcosystemIntegrate your whole solution across the cloud management stack
across layers of infrastructure
Scenario: Open Enables Choice and Investment Protection
Hyper-Agility
Security &
Governance
Biz. Insights
Security &
Services
Open Infra.
Northbound Partners
APIC
SystemsManagement
DevOps
Analytics
Southbound Partners
Enterprise Monitoring
OrchestrationFrameworks
L4-L7 Services
Fabric Attached Devices
Automate
Compliance,
Centralized Audit
Visibility,
Analytics,
Forensics
Policies Track
Workloads
Lifecycle
Management
Security
Expressed in
Application
Language
Distributed Security Across Physical and Virtual
Centrally Managed & Fully Automated
Scenario: Advanced Security At Scale
DBAPPADC
WEBF/W
ADC
ESX
MGMT LIVE
MIGRATION
Bare
Metal
Linux
Container
ACI Integrated Security - Open, Flexible, Policy Driven
Consistent Audit, Logging, & Visibility – FIPS / CC / PCI / RBAC
ACI Policy Model – Security & Micro-Segmentation
Level of Segmentation/Isolation/Visibility
ACI Enables Segmentation Based on Business Needs
VLAN 1 VXLAN 2
VLAN 3
Network centric
Segmentation by
VLAN
DEV
TEST
PROD
Segment by
Application
Lifecycle
PRODUCTION
PODDMZ
SHARED
SERVICES
Basic DC
Network
Segmentation
Per Application-tier
/
Service Level
Micro-
Segmentation
WEB
APP
DB
Get started today
1View the resources
available
2 Contact your Account Rep
3 Establish a pilot
Resources:
• www.cisco.com/aci
• (list other resources here)
• Solution Brief - Cisco Application Centric
Infrastructure Integration with Microsoft
• White Paper - Cisco Application Centric
Infrastructure and Microsoft SCVMM and
Azure Pack
• Video Demo – Solution Integration with
Cisco ACI and Microsoft Windows Azure
Pack
• Video – Microsoft SVP Brad Anderson
talks about Cisco ACI and Microsoft
Cloud OS
Extending Enterprise Networks to Microsoft Azure
James Schultz – CSR 1000V Product Manager
May 5, 2015
Important!
Many of the products and features described herein remain in
varying stages of development and will be offered on a when-and-if-
available basis.
Roadmaps are subject to change at the sole discretion of Cisco, and Cisco will have no liability for delay in the delivery or failure to deliver any of the products or features set forth in this document.
A Common Services Platform for Physical, Virtual, and Cloud Environments
Latest IOS-XE software available on all platforms (including CSR)
IT engineers already know how to use IOS based products
Seamlessly extend IOS VPN and IOS Security policies from the enterprise
Use existing monitoring and troubleshooting tools
Extend your familiar Cisco network into any 3rd-party clouds*
*List of supported public clouds is constantly growing
ISR SeriesIOS Classic
ISR G2 SeriesIOS Classic
ISR 4400 Series (Hardware)IOS XE
ASR 1000 Series (Hardware)IOS XE
CSR 1000V (Virtual Appliance)IOS XE
CSR 1000V Virtualization Overview
Software
• Familiar IOS XE software
Infrastructure Agnostic
• No dependency on specific Server or vSwitch
• Runs on VMWare ESXi, KVM, Xen, Microsoft Hyper-V, Amazon AWS, and Microsoft Azure!
Throughput Elasticity
• Licensable throughput from 10 Mbps to 10 Gbps**
• Footprint options from 1 to 8 virtual CPUs
Multiple Licensing Models
• Term (1 or 3 Year), Perpetual, Hourly Usage*
Programmability
• REST API for automated provisioning, management, and monitoring
*Available on Amazon AWS. Other platforms: 1H CY 2015
**Performance dependent on cloud environment
Enterprise-class Networking with Rapid Deployment and Flexibility
Server
Hypervisor
Virtual Switch
OS
App
CSR 1000V
OS
App
OS
App
CSR 1000V High Level Feature Overview
Routing Protocols
VPN AccessStateful Firewall
Application Visibility
Performance & Security Monitoring
Workload Mobility
Layer-2 Extension
And More…
Seamlessly Extend Enterprise Networks into Azure:Site-to-Site VPN Using the CSR 1000V
• Connect one or many physical locations into an Azure Virtual Network (VNet)
• Full suite of enterprise VPN compatibility: IPSec, DMVPN, FlexVPN, EZVPN
• Up to 1,000 concurrent VPN tunnels per CSR instance (Scalable Retail, Hospitality, etc.)
• Extend existing enterprise VPN architectures into Microsoft Azure (DMVPN, full-mesh)
• Standard IOS based VPN configuration, monitoring, and troubleshooting
Deployment A Network
Virtual Network corporate office/branch
Securely Connect Remote Users to the Azure Cloud:Remote Access VPN Using the CSR 1000V
• SSLVPN access using Cisco AnyConnect for teleworkers and remote users
• Flexible AAA server options for remote user authentication
• Replicate or scale your applications in Azure regions near your users
• Seamless transition for existing AnyConnect deployments (no new client, reuse existing configuration)
Deployment A Network
Virtual Network
A Worldwide Hybrid-Cloud Network:Interconnect Azure VNets Alongside Enterprise Locations
• Interconnect multiple Azure regions seamlessly alongside physical locations
• Direct accessibility between any enterprise location and any Azure region
• Overcomes VPN tunnel limitation on Azure VPN Gateways
• Extend existing enterprise routing architecture into Azure regions
• NAT and LISP provide options for overlapping IP space on Azure VNets
VNet 1
West US Region
VNet 2
East US Region
Deployment A Network
Virtual Network corporate office/branch
Monitor and Analyze Azure Cloud Security and Performance:Using the CSR 1000V ZBFW and AVC Features
Security
• Stateful firewall between Azure VNets and enterprise locations
• Extend existing enterprise security policies using IOS Zone Based Firewall
• Export flow records using NetFlow for forensic analysis
Performance
• Fingerprint over 1,000 different applications using Cisco AVC, then report, block, and shape them individually
• Export application flows and latency information to pinpoint trouble points inside and outside of the Azure cloud
Monitoring and Analysis
Software
Flexible NetFlow
Export
Usha Ramachandran
Overview of Cisco Intercloud Fabric
Product Management
[email protected] | April 28, 2015
Agenda
Why Hybrid IT
Cisco Intercloud Fabric
How to Get Started with Hybrid IT – common use cases
Intercloud Fabric Architecture Overview
Summary
DC/PrivateClouds
ProviderClouds
Why Hybrid IaaS?
Striking the Perfect Balance
Fixed workloads Elastic workloadsChoice to build / rent across providers
Workload portability
Consistent security
Economics
Speed
Scale
Data
Sovereignty
Control
Hybrid
Security
Reality of Hybrid IaaS and Key Challenges
• Require App Re-configuration
• Apps break due to Infrastructure Dependencies
Siloed Applications
• Inconsistent Cloud Architectures
• Different Networking and Security Models
• Different Management Tools
Operational Complexity
• No Visibility or Control
• Limited Workload Protection
• Unsecure Connection
Loss of Security
…
Secure Data Center Extension for Flexible Hybrid IT
CISCOINTERCLOUD
FABRIC
Expanding Cloud Provider Ecosystem
Customer
Choice
End-to-End Security
Unified Workload Management and Governance
Workload Mobility Across Clouds
Open
Any Hypervisor to Any Provider
Heterogeneous Infrastructure
Get started with hybrid IT – Common Use Cases
IT Facilitated Use of Public Clouds
• Secure use of public clouds
• Control costs with consolidation
• Public clouds as extension of enterprise IT
Shadow IT Control
Secure Enterprise Dev/Test Environment in Public Cloud
• Access to Enterprise Tools and Data
• Bring Back Workload for Production
Dev/Test
Burst or Extend Apps in Public Cloud
• Managed peaks with no changes to application
• Keep data local while extending web or app
Capacity Augmentation
IT
Capacity Augmentation
Problem
• Need to leverage cloud rather than build capacity for seasonal peaks
ICF
Shell
Continue to use existing
enterprise services
Extend Web and/or App Tier into
Public cloud to augment
on-prem capacity demands
ADDNS
Enterprise DC
Public Cloud
Business Outcomes
• Use all existing enterprise services to manage cloud workloads
• Save cost and time to build additional capacity
Intercloud Fabric Secure Extender
(Secure Network Extension)
DC/Private Cloud
Provider Cloud
Cisco Intercloud Fabric Architectural Details
Intercloud
Switch
VM Manager
Intercloud
Fabric Services
Intercloud
Extender
Intercloud
Fabric Director
End User and IT Admin PortalWorkload and Fabric ManagementIT AdminsEnd Users
VM VM
VM VMIntercloud Fabric
for Business
ICF Core ServicesFundamental Service Functions and Capabilities Integrated Natively to ICF and Its Operation
Security
Management
and Visibility
Automation
and APIs
Networking
VM Portability
Switching, routing and other advanced network-based capabilities
VM to VM traffic and tunnel encryption
VM format conversion and mobility
Private and hybrid cloud monitoring capabilities
VM lifecycle capabilities, automated operations and Programmatic APIs
Compliance
Policy-based deployment/governance
in cloud
Choice
Freedom to place workloads across
heterogeneous Clouds
Consistency
Security/Networking as an extension of
Private Cloud
Control
Unified workload management across clouds
Cisco Intercloud FabricCustomer Benefits
DC/Private Cloud Provider Cloud
CISCOINTERCLOUD
FABRIC