project cirrus for sps -- strategy and overvie · ccie data center / service provider / security...
TRANSCRIPT
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 1 Cisco Confidential © 2013 Cisco and/or its affiliates. All rights reserved. 1
思科混合云安全解决方案-Intercloud引领云计算新时代
Presented by:
Tim Xu, Partner System Engineer
Jun 2014
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 2
Full bleed image placeholder
2000.10
2001.6
2002.6
2004.10
2008.11
2011.3
2013.11
2009.10
4 Years 2.5 Years 2.5 Years 2.5 Years 1 Years
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 3
• 思科中国20年,CCIE认证20年,追逐思科认证13年,个人CCIE
10年
• 自见到第一个准CCIE之日起,立志25岁前成为CCIE
• 时间轴,知识更新的频率平均3年左右
• 6次考场:2次东方广场、3次银泰、1次日本
• 成本约10万RMB(含考试费、资料、Rack、差旅费等),全自
学,没有参加过培训
• 考官(Vincent、Frank、Andy Wu、James)
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 4
• 个中辛酸(设备、刷座位、找资料、Money、精力)
R&S兰大校园
2次R&S飞机到北京、火车无座回
SP小女出生
DC攒设备找资料等记忆犹新
• CCIE SunHui
• 兰州->北京,地区SI->全国SI->Cisco->Global SEVT 今生不再考CCIE Lab,下一个10年计划ing
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 5
• 目标是学习知识
• 所学、所做、行业发展趋势,尽可能balance
• 尽可能自学,多练习,尽可能拒绝paper、以最少的代价实现学习的目的
• 技术不是全部,人脉也很重要,考试的同时结交些志同道合的朋友,人际7法则,
CCIE 3法则,7次过R&S的台湾兄弟,神交已久,刚加入思科的XuHao
• 要想走得快,一个人走,要想走得远,一群人走
• 学习技术,系统地学习技术,而不是功利:加薪&升职,至少和CCIE没有直接关系,
找工作有用 只要坚持,付出总会有回报!!!
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 8 Cisco Confidential 8 © 2013 Cisco and/or its affiliates. All rights reserved.
Cloud Monetization with Hybrid Services
Cisco Confidential
许玉善 Tim Xu
思科合作伙伴事业部工程师
CCIE Data Center / Service Provider / Security / R&S
[email protected] WeiChat:41251035
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 9
• Launch at Cisco Live in Milan on January 28th, 2014
• GA at the end of Q2 CY2014
• GTM plans being developed
• Cisco Powered Program
• Monetizaiton approach
• RTM
• Channel program
• Technology partners
• System integrators
• Sales compensation being developed
• Will be part of the Cloud compensation program
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 10
Global Intercloud (with a small “c”) – a global network of clouds built
with partners that represents the next phase in cloud computing; it will be
a platform for the "Internet of Everything"
Cisco Cloud Services – the set of specific cloud services, consisting of
Cisco Unique IP and Partner IP, that Cisco will deliver with and through
partners, including PaaS/IaaS, Collaboration as a Service, Virtualized
Managed Services, Remote Management Services, etc.
Cisco InterCloud (with a capital “C”) – Cisco's hybrid cloud strategy
and solution announced in January 2014 at Cisco Live! Milan; it consists
of the InterCloud Fabric and the InterCloud Provider Enablement Platform
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 11
DC or Private
Fixed workloads
Control and compliance
Hybrid
Choice of to build & rent
across providers
Workload portability
Consistent security
Public
Elastic workloads
Quick ramp
WORKLOAD TYPE
?
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 12
Siloed Infrastructure Loss of Security Slow and Complex
Unsecure Connection
Limited Workload Protection
Require app re-configuration
Slow and manual process of discovering enterprise application dependencies
No Visibility or Control
Inconsistent cloud architectures
Fragmented solutions solving networking, security, application and management challenges
Different Management Tools
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 13
Dev/Test Disaster Recovery* Shadow IT
Dev/Test Application across vDC, private and
virtual private cloud
DR as a service in a multi-tenant virtual private cloud or public cloud for
Enterprises to reduce DR complexity and cost
Capacity Augmentation
Production
Dev/Test
Bursting from vDC, private cloud to virtual private or
public cloud for peak workloads
Workload migration
Application On-boarding
Common Peak Workloads
Providing rapid access to hybrid cloud capacity
IT in control of what and where their applications
can be deployed
WAN
Private
Cloud
VPC/Publi
c Cloud
What is the most important use case for Hybrid Cloud?
• Automated on-demand capacity (cloud bursting): 47%
• Split application architectures: 22%
• Disaster recovery: 22%
• Backup and archive: 5%
• Data center migration: 4%
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 14
Public Cloud
Private Cloud
InterCloud Director
Cisco
Powered
InterCloud Provider Enablement
Platform (Optional)
Secure Network Extension
Workload Mobility
End User and IT Admin Portal
Workload and Fabric Management Cloud APIs
VM VM
快速高效 访问业务
无感知 一致的管理 运维策略
安全
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 15
Public Cloud
Private Cloud
VM
InterCloud
Director
InterCloud
Switch
InterCloud Provider
Enablement
Platform VM Manager
Cloud Providers
IT Admins End Users
VM VM
InterCloud
Extender
VM
InterCloud Secure Fabric
InterCloud Services
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 16
Public
Cloud
VM
InterCloud
Switch
InterCloud
Extender
InterCloud Services
VM
InterCloud Secure Fabric
Secure Layer 2 Extension to Cloud
Extend VLAN/VXLAN with TLS Tunnel
Network & Security Services
Inter-VM firewalling and routing
Flexible Application Reachability
Enterprise IP Address or
Public IP Address
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 17
Private
Cloud
VM
Manager
IT Admins End Users
VM VM
Self-service
End User Portal
Choice of workload
placement
IT as Cloud Broker
Admin Portal
Policy based Cloud Management
API
InterCloud
Director
Open
Open API for integration with
other cloud management
platforms
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 18
Cloud API
Interface with InterCloud
Controller and Fabric South Bound API
API Translation Logic
vCenter
Adapter
vCloud
Adapter
Others CloudStack
Adapter
Open API
Rapid Deployment
Enable Cloud Provider to Quickly
Offer Hybrid Cloud Services
Provider Enablement
Platform
Open API
For Integration with Cloud
Provider Infrastructure
Flexible
Abstraction over Cloud Provider
Infrastructure
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 19
Cloud Provider InterCloud
Provider
Enablement
Platform
Customer vDC or Private Cloud Provider Clouds
Hyper-V
based Cloud
vSphere based
Cloud (w or w/o
vCD/vCAC)
OpenStack/KVM
based Cloud
GUI APIs
InterCloud
Director
InterCloud
Secure Fabric
InterCloud
EC2
APIs
Azure
APIs
CloudStack
based Cloud
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 20
• VSM (Virtual Supervisor Module) : Manages Standard VEMs (Nexus 1000v Virtual
Ethernet Modules, per Nexus 1000v Architecture) • InterCloud Switch (ICS) – Deployed as a VEM in Public Cloud • InterCloud Extender (ICX) – Deployed as a VEM in Private Cloud • InterCloud Link (ICL) – Extends (Tunnel) the L2 domain across clouds • cVSM (Cloud VSM) – Manages ICS, ICX and ICL creations • VM Manager – Manages VM lifecycle at Private Cloud • Public Provider – Manages VM lifecycle at Public Cloud Prime Network Services Controller: The Overlay Orchestrator of the InterCloud Solution
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 21
Enterprise Datacenter Prime Network Services
Controller
VM VM
VM
Manager
VSM
VEM
Enterprise Virtual Distributed Switch
Cloud
Datacenter
I
n
t
e
r
n
e
t Cloud VMs
ICS
cVSM
ICX
Cloud API
Interface
Secure Tunnel
(L2 trunk over DTLS)
ICL
Migrate …
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 22
Enterprise Datacenter Prime Network
Services Controller
VM VM
VM Manager
VSM
VEM
Cloud
Datacenter1
I
n
t
e
r
n
e
t
Cloud VMs
ICS1
cVSM
ICX
Cloud API
Interface
ICL1
Choose where to migrate
Cloud
Datacenter2
Cloud VMs
ICS2
Cloud API
Interface
ICL2
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 23
• AWS, (Azure, Terremark are targeted)
• AWS now , Azure in 3.2.1 (Feb) , Terramark next..
• Cisco Nexus1000v ICS is agnostic to the cloud
• Nexus 1000v is not mandatory on private side
• ICS interface directly with the VM (an overlay)
• Prime Network Services Controller interacts with provider’s API
• Prime Network Services Controller tracks the VM interconnect status
• Full lifecycle management of InterCloud secure links
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 24
High-level Architecture
InterCloud
Provider
Enablemen
t Platform
Scripts
Openstack
vC/ vCD, SCVMM
Virtual Private Cloud
VM
1
VSG
VM
2
CSR
Customer vDC or Cloud Provider Cloud
InterCloud
Extender (ICX)
InterCloud
Director
(End-User and
Admin Portal)
InterCloud
Switch(ICS)
Cisco Cloud API
InterCloud Secure Fabric – L2/L3, L4-L7
InterCloud
Director
InterCloud
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 25
Conceptual perspective
Customer Proprietary + Custom = Sticky Proprietary Open
Cisco InterCloud
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 26
Conceptual perspective
Customer Proprietary + Custom = Sticky Proprietary Open
No vendor lock-in
Any Hypervisor to any Provider
Heterogeneous infrastructure
Cisco InterCloud
End to end Security
Unified workload Management
Workload Mobility and Placement
across a world of Clouds
Consistent Policy enforcement & Governance
… Our Partners
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 27
Cloud Provider
Enterprise Managed Provider Managed
S
w
it
c
hi
n
g
R
o
ut
in
g
S
e
c
ur
it
y
a
n
d
L
4-
7
S
er
vi
c
e
s
Nexus
1000V CSR
1000V
N
e
t
w
o
r
k
C
o
m
p
ut
e
S
t
o
r
a
g
e
K
V
M
H
y
p
er
-
V
v
S
p
h
er
e
IFC PNSC
Infra
Provisioning
APIs G
U
I
A
P
I
s
InterCl
oud
Direct
or
N
ex
us
10
00
v
Int
er
Cl
ou
d
UCS
Director
Enterprise Data Center/ Private Cloud
InterCloud Business
Edition
InterCloud
Provider
Enablement
Platform
Enterprise procures and deploys software on-premise
Choice of InterCloud enabled provider clouds
No extra provider charge for InterCloud
S
w
i
t
c
h
i
n
g
R
o
u
t
i
n
g
S
e
c
u
r
i
t
y
a
n
d
L
4
-
7
S
e
r
v
i
c
e
s
Nexus
1000V CSR
1000V
N
e
t
w
o
r
k
C
o
m
p
u
t
e
S
t
o
r
a
g
e
K
V
M
H
y
p
e
r
-
V
v
S
p
h
e
r
e
IFC PNSC
I
n
f
r
a
P
r
o
v
i
s
i
o
n
i
n
g
A
P
I
s
G
U
I
A
P
I
s I
n
t
e
r
C
l
o
u
d
D
i
r
e
c
t
o
r
N
e
x
u
s
1
0
0
0
v
I
n
t
e
r
C
l
o
u
d
UCS
Director
Enterprise A—Data Center/Private Cloud
S
w
i
t
c
h
i
n
g
R
o
u
t
i
n
g
S
e
c
u
r
i
t
y
a
n
d
L
4
-
7
S
e
r
v
i
c
e
s
Nexus
1000V CSR
1000V
N
e
t
w
o
r
k
C
o
m
p
u
t
e
S
t
o
r
a
g
e
K
V
M
H
y
p
e
r
-
V
v
S
p
h
e
r
e
IFC PNSC
I
n
f
r
a
P
r
o
v
i
s
i
o
n
i
n
g
A
P
I
s
G
U
I
A
P
I
s I
n
t
e
r
C
l
o
u
d
D
i
r
e
c
t
o
r
N
e
x
u
s
1
0
0
0
v
I
n
t
e
r
C
l
o
u
d
UCS
Director
Enterprise B—Data Center/Private Cloud
S
w
i
t
c
h
i
n
g
R
o
u
t
i
n
g
S
e
c
u
r
i
t
y
a
n
d
L
4
-
7
S
e
r
v
i
c
e
s
Nexus
1000V CSR
1000V
N
e
t
w
o
r
k
C
o
m
p
u
t
e
S
t
o
r
a
g
e
K
V
M
H
y
p
e
r
-
V
v
S
p
h
e
r
e
IFC PNSC
I
n
f
r
a
P
r
o
v
i
s
i
o
n
i
n
g
A
P
I
s
G
U
I
A
P
I
s I
n
t
e
r
C
l
o
u
d
D
i
r
e
c
t
o
r
N
e
x
u
s
1
0
0
0
v
I
n
t
e
r
C
l
o
u
d
UCS
Director
Enterprise B—Data Center/Private Cloud
InterCloud Provider
Edition
Provider procures and deploys software at enterprise
Enterprise controls workload placement
Enterprise pays provider for InterCloud service
Cloud Provider
B
Cloud Provider
A
Shared or Dedicated
Clouds
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 28
• Cirrus extends and secures L2 VLANs into public clouds
• CSR provides access into the secure Cirrus networks
• VPN for branch and remote users
• Inbound and outbound direct access for cloud applications
• Routing and services within Kumo networks
Enterprise DC
Nexus
HW Switches
Physical Services
Virtual Services
ASR 1K/9K
vPath
Cloud Manager
UCS/Servers
vPath Kumo cVEM vPath
Nexus
1000V
VM VM VM
VM VM CSR
1000V
VM
VM Outside
Kumo Network
Remote/Branch Office
ISR Mobile
Worker
VPN VPN
Outside access to
apps inside Kumo
network
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 29
Flexibility and choice to customer Multi-Cloud Multi-Hytpervisor