cloud = application enablement and innovation ≠ iaas (cloud foundry summit 2014)
DESCRIPTION
Keynote delivered by Ken Owens, CTO, Cloud Services at Cisco. This presentation dives into the integration specification of IaaS Platforms with PaaS Platforms by discussing the architecture of: Multi-tenant Services; HA service architecture that is interoperable across multiple cloud solutions; Middleware Stack including message bus; Data Storage and Access; Data Analytics; Deployment Management (multi-vendor); Asynchronous processing capabilities; Flexible Security framework ie integration into SecSDLC; Data Protection; SOA Support; and a Common Management Architecture (console, log, metering, monitoring, performance).TRANSCRIPT
Cloud = Application Enablement + Innovation ≠ IaaS
Ken Owens, CTO, Cisco Cloud Services
© 2014 Cisco and/or its affiliates. All rights reserved. Cisco Public
Cloud ≠ IaaS
•Complexity•Commodity•Focus
© 2014 Cisco and/or its affiliates. All rights reserved. Cisco Public
Why Compromise?
•Would you fly in this?
• Scale• Reliability• Security
© 2014 Cisco and/or its affiliates. All rights reserved. Cisco Public
Platform for Enablement & Agility
•Leverage ready built components
•Applications are not VM Templates
• Configuration Management tools are Complex & Brittle
© 2014 Cisco and/or its affiliates. All rights reserved. Cisco Public
Cloud = Application Enablement + Innovation
• Service-oriented architectures and APIs aren’t new ideasArt to building platforms comprised of loosely coupled services
• Its all about the Data, Data Virtualization, & Data MobilityBuilding multi-tiered data architectures that assume scale and unstructured data
• Data Centers and cloud providers become an interconnected and federated platform of deployable services and containers that are distributed and loosely coupled
• Open-Source is mainstream, driving innovation, and now is its 4th generation of tools to tackle scalability, performance, and diagnostics
• Devops is no longer shadow IT, it is the way for application development, integration, and deployment - Period
Cisco Use Cases
© 2014 Cisco and/or its affiliates. All rights reserved. Cisco Public
Guiding Principles
• Open standard foundational cloud platform
• Services building blocks at all layers of the stack to enable developers
• Everything available “as a Service” through both APIs and UI
• Single platform across all Data Centers– Continuous deployment model– Any app deployable to any DC globally
© 2014 Cisco and/or its affiliates. All rights reserved. Cisco Public
Collaboration
• All Development on Openstack, Cloud Foundry, and Openshift
• Model– Application Independent– Application Integrated– Application Containerized
• Cloud Foundry– Abstracting application deployment,
health checking, application routing, and monitoring
– Partnerships and Ecosystem are key to enabling innovation
– Flexibility• Test, try, fail, pivot
• BOSH– Does not work in all providers– CF is just another app
9
ACI - GROUP-BASED POLICY ACROSS OPENSTACK
Any existing network plugin
ACI Fabric
Compute Networking Storage
Dashboard Automation
Group-Based Policy Model Extensions
Neutron Subgroup Members
GROUP POLICY MODEL
© 2014 Cisco - Cisco INTERNAL only – All Rights Reserved 10
Controller
Datastore
Deny 10.0.0.0/8
Network .Element 2
Datastore
Inter-Object Consistency RulesVerifying the Domain in Real Time
• Small consistency applications to verify status and values of specific objects
• Built on OpenDaylight MD-SAL• Object change invoked → NOT polling based
• Can cover multiple types of misconfiguration• CLI/programmatic errors• Multiple controllers thrashing on a shared
object
RulesEngine
Deny 10.0.0.0/8
Datastore ACL
Allow 10.1.0.0/16
Node
Deny 10.0.0.0/8
Change made here
Datastore
Allow 10.1.0.0/16
Deny 10.0.0.0/8
NE 2
Running Config
Domain Policy
No Private Subnets
Network
ACL
NE 1
Running Config ACL
Deny 10.0.0.0/8(Mounted)
Mount Client
Mount Server
• Can support customer specific consistency rules
© 2014 Cisco - Cisco INTERNAL only – All Rights Reserved 11
Controller
DatastoreDatastore
Network .Element 2
Datastore
Inter-Object Consistency RulesAutomated Domain Reconciliation in Real Time
• Which rule has precedence?
RulesEngine
ACL Allow 10.1.0.0/16
Node
Deny 10.0.0.0/8
Deny 10.0.0.0/8
NE 2
Running Config
Domain Policy
No Private Subnets
Network
ACL
NE 1
Running Config ACL
Deny 10.0.0.0/8 Allow 10.1.0.0/16(Mounted)
Mount Client
Mount Server
With a Rules Engine, the self repair is possible.
• Open Source Rules Engines & Tools can be applied for Domain or Device
Existing DevOps Applicable from Web 3.0
© 2014 Cisco - Cisco INTERNAL only – All Rights Reserved 12
Inter-Object Consistency RulesVerifying & Reconciling Network Elements in Real Time
• Auto-discovery of link, group, or area misconfigurations. No controller necessary.
Network .Element 2
Network .Element 1
RulesEngine
Datastore
1500
Datastore
1500
Datastore
CLI Change made
DatastoreNE 1
Running Config Ethernet 1
Frame Size 1500 Frame Size
NE 2
Running Config Ethernet 2
Frame Size
NE 2
Running Config Ethernet 2
Ethernet 1 Ethernet 2
JumboJumbo
• Options• Automated error correction• Automated change propagation• Custom resolution
© 2014 Cisco - Cisco INTERNAL only – All Rights Reserved 13
Data CenterController
Datastore
Deny 210.51.109.0/24
Domain Rules
Engine
Datastore
Network Wide RulesNetwork
NE (South Korea)
Allow from China Netcom
Asserted ConfigAllow 210.51.0.0/16
SP WANController
DatastoreNetworkElement(South Korea)
Deny 210.51.109.0/24
Datastore
Datastore
Deny 210.51.109.0/24
Network Wide RulesNetwork
NE (South Korea)
Drop any North Korean traffic in South Korea
Asserted ConfigDeny 210.51.109.0/24
Domain Rules
Engine
Datastore
Communicating Rules SystemInterplay of Centralized and Distributed Conflict Resolution Logic
Data CenterPolicy Domain
SP WANPolicy Domain
Allow 210.51.0.0/16
Allow 210.52.0.0/16
Deny 210.52.190.0/24
Asserted Config
Running Config
Device Rules
Engine
Running ConfigAllow 210.51.0.0/16
Running ConfigAllow 210.51.0.0/16
• Device logic can mediate between controllers with conflicting Intent
• Pushing the reconciliation to the right place
• Overlapping controller domains will need reconciliation logic
Click to see above implemented with Web 3.0 tools
© 2014 Cisco - Cisco INTERNAL only – All Rights Reserved 14
NetworkElement
(USA)
Device Rules
Engine
Communicating Rules SystemInterplay of Centralized and Distributed Conflict Resolution Logic
Data CenterPolicy Domain
SP WANPolicy Domain
• All Intents may be met automatically even when some config fails
• Domain logic can react to Device logic, finding alternative ways to meet intent
Data CenterController
Datastore
Domain Rules
Engine
Network
NE (South Korea)
Allow from China Netcom
AssertedAllow 210.51.0.0/16
SP WANController
DatastoreNetworkElement(South Korea)
Deny 210.51.109.0/24
Datastore
Deny 210.51.109.0/24
Network Wide RulesNetwork
NE (South Korea)
Drop any North Korean traffic in South Korea
Asserted ConfigDeny 210.51.109.0/24
Domain Rules
Engine
Deny 210.52.190.0/24
Asserted Config
Running Config
Device Rules
Engine
Running
Running Config
Deny 210.51.0.0/16
Click to see above implemented with Web 3.0 tools
Datastore
Allow 210.51.0.0/16
Allow 210.52.0.0/16
Asserted Config
Running ConfigAsserted
Allow 210.51.0.0/16 Running
Allow 210.51.0.0/16
Allow 210.52.0.0/16NE (USA)
• Zero Touch Reconciliation
Thank you.
