Intuit Application Centric ACI Deployment Case Study

Similar documents
Cisco UCS Director and ACI Advanced Deployment Lab

Cisco Cloud Architecture with Microsoft Cloud Platform Peter Lackey Technical Solutions Architect PSOSPG-1002

Cisco Tetration Analytics

Cisco CloudCenter Solution with Cisco ACI: Common Use Cases

Cisco ACI Multi-Site Fundamentals Guide

Real World ACI Deployment and Migration Kannan Ponnuswamy, Solutions Architect BRKACI-2601

CloudCenter for Developers

ACI Multi-Site Architecture and Deployment. Max Ardica Principal Engineer - INSBU

Deploying Cloud-Agnostic Applications with Cisco CloudCenter

Multi-Site Use Cases. Cisco ACI Multi-Site Service Integration. Supported Use Cases. East-West Intra-VRF/Non-Shared Service

Design Guide for Cisco ACI with Avi Vantage

ACI Terminology. This chapter contains the following sections: ACI Terminology, on page 1. Cisco ACI Term. (Approximation)

Cisco Application Centric Infrastructure and Microsoft SCVMM and Azure Pack

PSOACI Why ACI: An overview and a customer (BBVA) perspective. Technology Officer DC EMEAR Cisco

2018 Cisco and/or its affiliates. All rights reserved.

MP-BGP VxLAN, ACI & Demo. Brian Kvisgaard System Engineer, CCIE SP #41039 November 2017

Trends and challenges Managing the performance of a large-scale network was challenging enough when the infrastructure was fairly static. Now, with Ci

Cisco ACI vpod. One intent: Any workload, Any location, Any cloud. Introduction

Automation of Application Centric Infrastructure (ACI) with Cisco UCS Director

Customer s journey into the private cloud with Cisco Enterprise Cloud Suite

Data Center and Cloud Automation

DELL EMC VSCALE FABRIC

Cisco ACI Terminology ACI Terminology 2

Deploy Microsoft SQL Server 2014 on a Cisco Application Centric Infrastructure Policy Framework

Layer 4 to Layer 7 Design

PSOACI Tetration Overview. Mike Herbert

Verified Scalability Guide for Cisco APIC, Release 3.0(1k) and Cisco Nexus 9000 Series ACI-Mode Switches, Release 13.0(1k)

Benefits of SDN Modeling and Analytics tool for complex Service Provider Network

Disclaimer This presentation may contain product features that are currently under development. This overview of new technology represents no commitme

Evolution of Data Center Security Automated Security for Today s Dynamic Data Centers

Running RHV integrated with Cisco ACI. JuanLage Principal Engineer - Cisco May 2018

Schema Management. Schema Management

NetBrain Technologies: Achieving Agile Network Operations: How Automation Can Improve Visibility Across Hybrid Infrastructures

Cisco SDN 解决方案 ACI 的基本概念

Verified Scalability Guide for Cisco APIC, Release 3.0(1k) and Cisco Nexus 9000 Series ACI-Mode Switches, Release 13.0(1k)

Cisco HyperFlex Systems

Segmentation. Threat Defense. Visibility

Migrating Applications with CloudCenter

Cisco Application Policy Infrastructure Controller Data Center Policy Model

Service Graph Design with Cisco Application Centric Infrastructure

Cisco ACI - Application Policy Enforcement Using APIC

Cisco Tetration Analytics Demo. Ing. Guenter Herold Area Manager Datacenter Cisco Austria GmbH

with ACI Any workload anywhere.

Hybrid Cloud Solutions

Service Insertion with ACI using F5 iworkflow

Cisco Application Centric Infrastructure (ACI) - Endpoint Groups (EPG) Usage and Design

Tetration Hands-on Lab from Deployment to Operations Support

Multi-Cloud and Application Centric Modeling, Deployment and Management with Cisco CloudCenter (CliQr)

Deploying Cloud Network Services Prime Network Services Controller (formerly VNMC)

Cisco UCS Director Tech Module Cisco Application Centric Infrastructure (ACI)

Title DC Automation: It s a MARVEL!

Evolution of the Data Center

Modeling an Application with Cisco ACI Multi-Site Policy Manager

Contiv installation and integration with ACI

Migration from Classic DC Network to Application Centric Infrastructure

Microsegmentation with Cisco ACI

The Next Opportunity in the Data Centre

Quick Start Guide (SDN)

5 days lecture course and hands-on lab $3,295 USD 33 Digital Version

Virtualized Video Processing: Video Infrastructure Transformation Yoav Schreiber, Product Marketing Manager, Service Provider Video BRKSPV-1112

Cisco Hosted Collaboration Solution (HCS) and Cisco Collaboration Cloud

Introducing Cisco Network Assurance Engine

ACI Transit Routing, Route Peering, and EIGRP Support

Fast IT - Policy Driven Infrastructure for the Intercloud World

SDN Security BRKSEC Alok Mittal Security Business Group, Cisco

Real World ACI Deployment and Migration

Use Case: Three-Tier Application with Transit Topology

Question No: 3 Which configuration is needed to extend the EPG out of the Cisco ACI fabric?

Virtual Machine Manager Domains

DNA Automation Services Offerings

Cisco ACI Multi-Pod/Multi-Site Deployment Options Max Ardica Principal Engineer BRKACI-2003

Policy Driven Data Centre with ACI

Automating Cloud Networking with RedHat OpenStack

Integrating NetScaler ADCs with Cisco ACI

Cisco ACI App Center. One Platform, Many Applications. Overview

DevNet Technical Breakout: Introduction to ACI Programming and APIs.

Modelos de Negócio na Era das Clouds. André Rodrigues, Cloud Systems Engineer

Cisco Tetration Analytics + Demo. Ing. Guenter Herold Area Manager Datacenter Cisco Austria GmbH

2018 Cisco and/or its affiliates. All rights reserved. Cisco Public

LTRDCT-2781 Building and operating VXLAN BGP EVPN Fabrics with Data Center Network Manager

APIC-EM / EasyQoS - End to End Orchestration of QoS in Enterprise Networks

Building NFV Solutions with OpenStack and Cisco ACI

Manage Hybrid Clouds with a Cisco CloudCenter, Cisco Application Centric Infrastructure, and Cisco UCS Director Solution

Configuring Policy-Based Redirect

Cisco ACI vcenter Plugin

Contiv installation and integration with ACI. LTRCLD-2003

Cisco ACI Multi-Pod and Service Node Integration

Cisco Application Centric Infrastructure

Hybrid Cloud Automation using Cisco CloudCenter API

MAKING THE CLOUD A SECURE EXTENSION OF YOUR DATACENTER

DevNet Workshop-Hands-on with CloudCenter and Jenkins

Multi-Cloud and Application Centric Modeling, Deployment and Management with Cisco CloudCenter (CliQr)

Get Your Datacenter SDN Ready. Ahmad Chehime Cisco ACI Strategic Product Sales Specialist SPSS Emerging Region

OpenStack Enabling DevOps Shannon McFarland CCIE #5245 Distinguished DEVNET-1104

Introduction to Cisco Virtual Topology System DP Ayyadevara, Product Manager, Cloud Virtualization Cisco PSOSDN-1050

Presenting the VMware NSX ECO System May Geert Bussé Westcon Group Solutions Sales Specialist, Northern Europe

CHARTING THE FUTURE OF SOFTWARE DEFINED NETWORKING

Networking Domains. Physical domain profiles (physdomp) are typically used for bare metal server attachment and management access.

Quick Start Guide (SDN)

Cisco IT Compute at Scale on Cisco ACI

Transcription:

Intuit Application Centric ACI Deployment Case Study Joon Cho, Principal Network Engineer, Intuit Lawrence Zhu, Solutions Architect, Cisco

Agenda Introduction Architecture / Principle Design Rollout Key Highlights Outlook Conclusion

Introduction

Who We Are Maker of small business software 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public 5

Who We Are Company and Business Strategy Customer driven innovation Heavily focused on cloud and mobile Multiple application suites Application / developer centric 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public 6

Who We Are IT / Network Strategy Critical to offer following features and functions Agility Expose API to end user Allow end user control Infrastructure abstraction Enable East-West traffic growth 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public 7

Architecture / Principles

Legacy Data Center Design North South traffic pattern application Layer 2 segmentation 3-Tier design Security classification by trust and execution level 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public 9

Data Center Network Design Principles Application Aware Integrate application and network to interact with event or pattern-driven changes Simplified Security Security policies centrally managed and logged Security zones flattened (compliance treated separately) Abstracting the security policies from infrastructure Hybrid Cloud capable Ability to leverage the private/public cloud; not tied to a datacenter dependency Location agnostic policy-driven configurations Visibility Single dashboard that provides end-to-end visibility around health and performance Simplified Migration, ease of operation, associating metadata and associating the policy with the application vs the infrastructure Predictable Performance Consistent, predictable performance Flexible Purpose-built modular environments with smaller layer 3 domains allowing for expansion (spine leaf) Availability Network resiliency appropriate to the tier and aligned with app resiliency Programmable Common workflows via APIs for self-service consumption 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public 10

Intuit Data Center Architecture - Fabric SP1 SP2 MPLS MPLS P2P P2P P-Cloud P-Cloud BR BR BR BR BR BR BR BR C C Fabric Backbone BL BL BL BL BL BL BL x N BL S S S S S S S S SL SL L L L L L L SL SL L L L L L L Service Compute Storage Compliance Service Compute Storage Compliance 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public 11

Selection of ACI Interviewing multiple SDN platforms in the market focusing on principles Abstraction of underlying infrastructure Management and visibility of physical infrastructure Compute agnostic (BM / VM) Supporting incumbent hypervisor (vcenter/esx 5.5 at the time of deployment) Fully supported restful API 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public 12

Design

ACI Fabric Design Overview Tenant: Common Storage VRF Management Storage Secure multi-tenancy App, Compute and Network Visibility DC Operations, DC Automation Network Capacity and Bandwidth Any Workload, Any VLAN, Any Where App: Prod Default VRF Web EPG App EPG DB EPG External Connectivity App: Pre-Prod Web EPG App EPG DB EPG App: Compliance Compliance VRF Web EPG App EPG DB EPG 100+ Tenants with RBAC 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public 14

ACI Fabric Design Highlights Tenants / Contexts Application centric multi-tenant approach Tenants, application profiles and EPGs are created based on execution /functional segments Context/VRFs and bridge domains(bd) are created in tenant common for shared external access and BD subnets can be advertised out through BGP Three (3) major context/vrfs one for compliance zone, one for non-compliance zone, and one for storage network All accesses in and out of the compliance zone pass through ASA firewall for stateful access control. Access between EPGs within compliance zone is controlled by regular contracts/filters 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public 15

ACI Fabric Design Highlights Cont d Bridge Domain / Storage / Contracts Fewer bridge domains with larger subnet shared by EPGs from multiple user tenants Decouple BD/IP from application Endpoints can be moved from EPG to EPG without changing their IP addresses Allow ease of application deployment through the app env lifecycle Leveraging unidirectional TCP contract/filers and vzany contract/filters for optimized policy TCAM resource use IP storage vnic/endpoints and IP storage filers are contained in their isolated context and fully utilize benefit of vzany contracts 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public 16

Network Service Design Firewall Service Insertion ASA with two logical interfaces, one to compliance context and one to default context, acts as a router between the two contexts Centralized access policy control/configuration through APIC Restful API, same automation tool for configuring fabric contracts and ASA ACEs Leveraging dynamic EPG feature in device package, ACEs can be configured based on EPG name L4-L7 service parameters are configured under application profile level, one centralized place per tenant for configuring and updating service policies One main ASA service graph template for all tenants 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public 17

Inter-Site Access Policy Consistency ACI Toolkit Application Preserving ACI group based policy model between sites EPGs stretched for policy extension across fabric/dcs L3out ExtEPG in site2 for EPG in site 1 and vise versa Dynamically sync endpoints for stretched EPGs between sites Using existing L4-L7 service graphs between the DCs DC#1 DC#2 DB Web Extension using Layer3 Out IP Network App 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public 18

Rollout

How We Did This Project plan and logistics More time allocated for POC than traditional deployment Four months in POC lab, one and a half months for two data center production deployment Management support Resources from cross functional teams for POC and post-deployment WAR Room Platform team for vcenter / vmm integration Storage team for storage build out Application teams for EPG, contract build out Security team for compliance requirements review Network operations team for monitoring and general operational support Automation team for scripting and integration portal 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public 20

Production Fabric Deployment Project plan Complete replica of the production in the lab Multiple iteration of POC rebuild until dual data center build Full integration testing of applications during POC Leverage SVS lab for design / scaling verification Unenforced mode for initial application on-boarding and validation Script to build out production Discovery / registering of switches Deployment of BD, EPG, contracts Reduce deployment schedule Leveraged scripts 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public 21

Key Highlights

Automation Tools Dashboard Leverage Graphite tool Python based polling script Trend data as well as status 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public 23

Automation Tools Rango Python based Subscribing to classes of configuration over websocket ex: fvaepg for application end point group Leverage separate DB Contract End point profile search 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public 24

Automation Tools Loom Python based Standard tool to deploy contract (ACL), EPG, and static binding No direct access to APIC GUI Network team only for exception Series of Validation Service chained to CMDB and change request 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public 25

Network Changes - Legacy vs Fabric Change rate 3500 3000 2500 2000 1500 1000 500 0 Oct-15 Nov-15 Dec-15 Jan-16 Feb-16 Mar-16 Apr-16 Legacy Fabric 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public 26

Network Changes Manual vs Automated Automation rate Automated Network Changes - ACI Fabric vs Legacy 120.00% 100.00% 80.00% 60.00% 40.00% 20.00% 0.00% Jan-16 Feb-16 Mar-16 Apr-16 May-16 Jun-16 Non-Fabric Automated Fabric Automated 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public 27

Customer Testimony From BU Leaders The most important gain for us is in the Contract vs ACL difference. Though it requires some initial setup that is comparable to our legacy environments, all subsequent deployments into an application automatically have the necessary network access. This means a savings of anywhere from 1 to 7 days or more on every deployment, depending on size and complexity. We can provision a server in a matter of minutes, execute post-provisioning via Chef, and hand it off to the requesting business unit in a matter of hours instead of days. On top of that, many network tasks that are required can now be automated or executed directly from my team leading to even more efficiency. This again saves us days waiting for a central network team to complete our requests. 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public 28

Outlook

Future Plan Plans and projection Expansion of existing fabric 196 more leafs within next 18 months More BU / applications Upgrade of APIC for leveraging new features ingress only policy SGT (security tag) based policy on ASA Distributed / software based load balancing Micro-segmentation of fabric 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public 30

Challenges

ACI Network Design Technical challenges Understanding of ACI as programmatic approach vs legacy network device Multi-Fabric and contract enforcement Inter-site tool Compatibility to legacy How to handle contract to legacy ACL mapping IP group, security Tag Operational learning curve Engage Cisco services as early as possible TCAM Scale test revealed the potential resource constraint in border leaf Added new pairs of border leafs and policy based routing 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public 32

Conclusion

Conclusion Key Takeaways Leverage programmability and automation Team members who knows REST and scripting Planning is the key Application team and platform team integration and input from beginning design stage Must fully understand the application traffic flow Spend enough time to lab, POC to understand ACI Joint project planning with Cisco team is must work closely with Cisco AS team, leverage Cisco Solution Validation Services(SVS) 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public 34

Complete Your Online Session Evaluation Give us your feedback to be entered into a Daily Survey Drawing. A daily winner will receive a $750 Amazon gift card. Complete your session surveys through the Cisco Live mobile app or from the Session Catalog on CiscoLive.com/us. Don t forget: Cisco Live sessions will be available for viewing on-demand after the event at CiscoLive.com/Online 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public 35

Continue Your Education Demos in the Cisco campus Walk-in Self-Paced Labs Lunch & Learn Meet the Engineer 1:1 meetings Related sessions 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public 36

Thank you

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback