Cisco CloudCenter Solution with Cisco ACI: Common Use Cases

Similar documents
Cisco CloudCenter Solution with VMware

Cisco CloudCenter Solution Use Case: Application Migration and Management

DevOps and Continuous Delivery USE CASE

Cisco CloudCenter Use Case Summary

Cisco Cloud Application Centric Infrastructure

Transform Your Business with Hybrid Cloud

Cisco Application Centric Infrastructure

Configuring Cisco Nexus 9000 Series Switches in ACI Mode (DCAC9K) v3.0

The Need In today s fast-paced world, the growing demand to support a variety of applications across the data center and help ensure the compliance an

Build application-centric data centers to meet modern business user needs

Cisco Application Centric Infrastructure and Microsoft SCVMM and Azure Pack

Cisco HyperFlex Systems

The Cisco HyperFlex Dynamic Data Fabric Advantage

DEFINING SECURITY FOR TODAY S CLOUD ENVIRONMENTS. Security Without Compromise

Cisco ACI vpod. One intent: Any workload, Any location, Any cloud. Introduction

Deploy Microsoft SQL Server 2014 on a Cisco Application Centric Infrastructure Policy Framework

Automate Application Deployment with F5 Local Traffic Manager and Cisco Application Centric Infrastructure

Deploying Cloud-Agnostic Applications with Cisco CloudCenter

Architectural overview Turbonomic accesses Cisco Tetration Analytics data through Representational State Transfer (REST) APIs. It uses telemetry data

Cisco UCS Director and ACI Advanced Deployment Lab

Copyright 2015 EMC Corporation. All rights reserved. Published in the USA.

Title DC Automation: It s a MARVEL!

VMWARE CLOUD FOUNDATION: INTEGRATED HYBRID CLOUD PLATFORM WHITE PAPER NOVEMBER 2017

DELL EMC VSCALE FABRIC

Integrating NetScaler ADCs with Cisco ACI

Layer 4 to Layer 7 Design

Intuit Application Centric ACI Deployment Case Study

Cisco Application Centric Infrastructure (ACI) - Endpoint Groups (EPG) Usage and Design

Increase Efficiency with VMware Software and Cisco UCS

Taming the Multi-Cloud With Simplicity and Openness. Minh Dang Cisco Systems Vietnam 2018 January

Pasiruoškite ateičiai: modernus duomenų centras. Laurynas Dovydaitis Microsoft Azure MVP

EBOOK: VMware Cloud on AWS: Optimized for the Next-Generation Hybrid Cloud

Cisco Unified Data Center Strategy

Tenant Onboarding. Tenant Onboarding Overview. Tenant Onboarding with Virtual Data Centers

Trends and challenges Managing the performance of a large-scale network was challenging enough when the infrastructure was fairly static. Now, with Ci

Manage Hybrid Clouds with a Cisco CloudCenter, Cisco Application Centric Infrastructure, and Cisco UCS Director Solution

Evolution of Data Center Security Automated Security for Today s Dynamic Data Centers

Introducing VMware Validated Design Use Cases. Modified on 21 DEC 2017 VMware Validated Design 4.1

VMWARE CLOUD FOUNDATION: THE SIMPLEST PATH TO THE HYBRID CLOUD WHITE PAPER AUGUST 2018

Cisco Application Policy Infrastructure Controller Data Center Policy Model

PSOACI Why ACI: An overview and a customer (BBVA) perspective. Technology Officer DC EMEAR Cisco

Hybrid Cloud Solutions

ACI Terminology. This chapter contains the following sections: ACI Terminology, on page 1. Cisco ACI Term. (Approximation)

Enabling Long Distance Live Migration with F5 and VMware vmotion

CloudCenter for Developers

Solution Overview Cisco Tetration Analytics and AlgoSec: Business Application Connectivity Visibility, Policy Enforcement, and Business-Based Risk and

Accelerate Your Enterprise Private Cloud Initiative

Service Graph Design with Cisco Application Centric Infrastructure

Cisco Enterprise Cloud Suite Overview Cisco and/or its affiliates. All rights reserved.

Multi-Cloud and Application Centric Modeling, Deployment and Management with Cisco CloudCenter (CliQr)

Cisco Unified Computing System Delivering on Cisco's Unified Computing Vision

SDN Security BRKSEC Alok Mittal Security Business Group, Cisco

Why Converged Infrastructure?

Introducing VMware Validated Designs for Software-Defined Data Center

Deploying Cloud Network Services Prime Network Services Controller (formerly VNMC)

CloudVision Macro-Segmentation Service

Introducing VMware Validated Designs for Software-Defined Data Center

F5 and Nuage Networks Partnership Overview for Enterprises

STRATEGIC WHITE PAPER. Securing cloud environments with Nuage Networks VSP: Policy-based security automation and microsegmentation overview

Solution Overview Gigamon Visibility Platform for AWS

Cisco ACI Virtual Machine Networking

Introducing VMware Validated Design Use Cases

Solution Brief: VMware vcloud Director and Cisco Nexus 1000V

Cisco ACI Simulator Release Notes, Release 1.1(1j)

Disclaimer This presentation may contain product features that are currently under development. This overview of new technology represents no commitme

Virtual Machine Manager Domains

Video-Aware Networking: Automating Networks and Applications to Simplify the Future of Video

The intelligence of hyper-converged infrastructure. Your Right Mix Solution

Cisco ACI Terminology ACI Terminology 2

Data Sheet Gigamon Visibility Platform for AWS

Cisco ACI Virtual Machine Networking

Matrix IT work Copyright Do not remove source or Attribution from any graphic or portion of graphic

Data Center and Cloud Automation

Introducing VMware Validated Designs for Software-Defined Data Center

Design Guide for Cisco ACI with Avi Vantage

Software Defined Storage for the Evolving Data Center

Cisco Cloud Architecture with Microsoft Cloud Platform Peter Lackey Technical Solutions Architect PSOSPG-1002

F5 Reference Architecture for Cisco ACI

Cisco HyperFlex and the F5 BIG-IP Platform Accelerate Infrastructure and Application Deployments

Tech Talk Nutanix Calm. Greg Smith, VP Product Marketing Gil Haberman, Director of Product Marketing

2018 Cisco and/or its affiliates. All rights reserved.

VMware vsphere 4 and Cisco Nexus 1000V Series: Accelerate Data Center Virtualization

The Evolution of Data Center Security, Risk and Compliance

Modeling an Application with Cisco ACI Multi-Site Policy Manager

Transform to Your Cloud

Actual Agility with SDN: Weaving SDN into Data Center Automation May 6, John Burke Principal Research Analyst & CIO

Modelos de Negócio na Era das Clouds. André Rodrigues, Cloud Systems Engineer

The Next Opportunity in the Data Centre

Use Case Brief BUILDING A PRIVATE CLOUD PROVIDING PUBLIC CLOUD FUNCTIONALITY WITHIN THE SAFETY OF YOUR ORGANIZATION

Multi-Cloud and Application Centric Modeling, Deployment and Management with Cisco CloudCenter (CliQr)

Cisco ACI App Center. One Platform, Many Applications. Overview

Quick Start Guide (SDN)

The McAfee MOVE Platform and Virtual Desktop Infrastructure

Automating the Software-Defined Data Center with vcloud Automation Center

DEPLOY MODERN APPS WITH KUBERNETES AS A SERVICE

Cisco Software-Defined Access

DEPLOY MODERN APPS WITH KUBERNETES AS A SERVICE

Hitachi Unified Compute Platform Pro for VMware vsphere

Data safety for digital business. Veritas Backup Exec WHITE PAPER. One solution for hybrid, physical, and virtual environments.

VMWARE ENTERPRISE PKS

Transcription:

Cisco CloudCenter Solution with Cisco ACI: Common Use Cases Cisco ACI increases network security, automates communication policies based on business-relevant application requirements, and decreases developer wait time, accelerating application deployment in the next-generation data center. At the core, Cisco ACI application policies are white lists within a zero-trust model. It helps ensure that no communication is allowed between application tiers unless a policy specifies that an object can be on the network, the other objects to which the object can talk, and what the object can talk about. Cisco ACI translates and applies the logical business-based policy definitions into concrete infrastructure configuration. Cisco CloudCenter is an application-centric hybrid cloud management platform that provisions infrastructure resources and securely deploys application components to more than 19 data center, private cloud, and public cloud environments. Users can easily model, deploy using a self-service system, and then manage both new and existing without detailed knowledge of the underlying environment, cloud services, or APIs. Users work in the Cisco CloudCenter solution s drag-and-drop modeler, shown in Figure 1, to create cloud-independent and portable application profiles that can be deployed to any environment. Users can choose from a flexible mix of easily customized OS images, application and cloud services, containers, and configuration management tools to model new or existing and simple or complex. Each application profile combines infrastructure automation and application automation layers into a single deployable blueprint. With a Cisco CloudCenter application profile, one Cisco CloudCenter platform can be used to deploy and manage any modeled application in any data center or cloud environment in a consistent and predictable way.

Use Case 3: Migrate to The Cisco CloudCenter solution is an application-centric hybrid cloud management platform that securely provisions infrastructure resources and deploys application components to more than 19 data center, private cloud, and public cloud environments. Cisco CloudCenter application-centric and policy-based hybrid cloud management is an excellent fit with Cisco Application Centric Infrastructure (Cisco ACI ) and policy-based network management. IT organizations pursuing a hybrid IT strategy need flexibility in how and where are deployed in data center, private cloud, and public cloud environments. Cisco CloudCenter users can deploy on demand to any environment using a self-service system. But when they choose to deploy an entire application or just a single tier to an environment with a Cisco ACI managed network, they get public cloud agility with greater network security and more cost-effective deployment options than with a public cloud deployment alone. Cisco CloudCenter and Cisco ACI together provide a single solution that gives IT organizations exceptional flexibility to choose the best deployment option for a wide variety of enterprise IT workloads. Cisco CloudCenter with Cisco ACI provisions infrastructure and securely deploys based on the desired end state and needs of the application. Cisco CloudCenter automates the entire application deployment process and communicates directly with Cisco ACI APIs to automate creation of Cisco ACI policy objects, including Application Network Profiles (ANPs), Endpoint Groups (EPGs), contracts, filters, and any other objects required for microsegmented secure communication. IT gets optimal network security and operational efficiency without the need to manually create and maintain policies or learn new programming languages. Users get self-service on-demand flexibility without the need for any network skills or knowledge of cloud environment details. Scaling and end-of life actions are automated as well, resulting in automatic updating and termination of network policies. This document summarizes three powerful uses cases enabled by Cisco CloudCenter and Cisco ACI deployments.

Use Case 3: Migrate to Figure 1. Application profile topology modeler The solution s cloud-independent application profile coupled with its cloud-specific orchestrator abstracts the application from the cloud by interpreting the needs of the application and translating those needs into cloud-specific API calls. As a result, Cisco CloudCenter eliminates the cloud-specific scripting and cloud lock-in that often reduce both developer and IT operational efficiency. Working with Cisco ACI Cisco CloudCenter integrates transparently with Cisco ACI. If a user chooses to deploy the application profile to an environment managed by Cisco ACI, nothing additional is required by the user or network administrator. Cisco CloudCenter interprets the needs of the application and calls the Cisco ACI northbound API to automate network policy objects that deliver the full power of Software-Defined Networking (SDN). Cisco CloudCenter and Cisco ACI are often deployed in an environment that uses VMware or OpenStack APIs, as shown in Figure 2.

Figure 2. Cisco CloudCenter with Cisco ACI and VMware vcenter Cisco CloudCenter Use Case 3: Migrate to Northbound API Cisco ACI Endpoint Endpoint group Contract group Contract Tier1 VM Application Network Profile Tier2 VM Endpoint group Tier3 VM Cisco CloudCenter and Cisco ACI work together without the need to install plug-ins, create environment-specific scripts, or modify any application code. Network administrators don t need to learn programming languages to get the most out of the Cisco ACI programmatic interface. The flow of orchestration managed by Cisco CloudCenter includes: Model an application profile: A service manager can use the Cisco CloudCenter GUI to create a cloud-independent application profile and then share it with specific users or publish it to a marketplace. Use self-service deployment: Role- and user-based access controls, paired with tag-based governance, help users choose an appropriate deployment environment that optionally includes Cisco ACI. Create and deploy Cisco Application Policy Infrastructure Controller (APIC) policy objects: If a user chooses an environment that is part of a Cisco ACI fabric, Cisco CloudCenter automates creation of the appropriate policy objects and calls the APIC northbound REST API to create networks specifically for the application. Provision infrastructure: Cisco CloudCenter calls infrastructure APIs (for example, OpenStack and vcenter) to provision computing, memory, and storage resources in the appropriate network segment. Deploy application tiers: Cisco CloudCenter deploys and orchestrates all application components based on the topology and dependencies modeled in the application profile. Perform ongoing management: Both users and administrators can review the deployment progress and take action to help ensure proper configuration.

Use Case 3: Migrate to Block east-west traffic: if a tier is manually or automatically scaled, Cisco CloudCenter updates Cisco ACI policies to block east-west traffic and confine breaches to a single device if a device is compromised. Perform end-of-life actions: Infrastructure and network policy objects are automatically deleted, preserving the integrity of the network and conserving infrastructure resources. With Cisco CloudCenter and Cisco ACI, IT gets a powerful solution that improves security, simplifies application deployment, and increases DevOps and network administrator efficiency. The remainder of this document describes three primary use cases for Cisco CloudCenter with Cisco ACI. Cisco CloudCenter simplifies and expedites the deployment of an application by programming governance rules, which dictate policies such as infrastructure placement and security profiles. These rules help obscure the complexity of increasingly diverse infrastructure environments. Users get the flexibility of self-service on-demand deployment, and network administrators can control port settings and other security configuration parameters. Security and network directives are included in each Cisco CloudCenter application profile that is published or shared with users (Figure 3). Figure 3. Cisco CloudCenter application profiles determine Cisco ACI Application Network Profile objects Application Network Profile Endpoint Endpoint group Contract group Contract Tier1 VM Tier2 VM Endpoint group Tier3 VM When a user initiates deployment through Cisco CloudCenter Manager as shown in Figure 3, Cisco CloudCenter Orchestrator uses topology and network settings information in the application profile to automate creation of policy objects for Cisco ACI. The orchestrator calls the local APIC API to instantiate the Cisco ACI ANP, the EPGs, and the consumer and provider contracts based on the topology and security requirements of the application profile. Each application tier is placed in a unique and isolated application-tier network. The connectivity between the application-tier networks is automatically guided by the application topology.

In Figure 4, the Cisco ACI user interface displays a deployed three-tier application, and the Cisco CloudCenter interface shows the same application deployment. The side-by-side diagrams show three EPGs and the contracts that manage network traffic between them. Figure 4. Cisco CloudCenter orchestration and Cisco ACI segmentation Use Case 3: Migrate to Cisco CloudCenter automatically generates contracts and filters that restrict the protocol and port access on the application-tier network based on the application stack service requirements contained in the Cisco CloudCenter application profile. Combining Cisco CloudCenter and Cisco ACI couples the application topology, application stack services, network configurations, and end-to-end network isolation for both application deployment and individual application tiers. The combined solution provides an intuitive interface to allow both users and administrators to review the progress of the deployment. It also helps ensure that naming conventions are consistent across both platforms. After the application is terminated, the autoprovisioned infrastructure objects that are associated with the application are deleted, thereby preserving the integrity of the application lifecycle, reducing remnant policies that can cause security threats, and saving valuable memory resources.

Use Case 3: Migrate to Cisco CloudCenter supports deployment of with different tiers in different environments. When users deploy an application, they normally choose a single deployment target data center, private cloud, or public cloud location that is available to them based on the role, governance rules, and other controls. But they also have the option to choose a stretched deployment, which enables users to select specific target sites for each tier in the application. Several factors justify a stretched application deployment: Cost: Cloud pay-per-use and scalability is well suited for transitory workloads. But renting infrastructure may not be the best choice for long-running workloads. Therefore, the user-interface tier of web or mobile may be well suited for a pay-per-use environment such as a public cloud, but more stable and long-running tiers such as application servers and database servers may be more cost-effectively deployed in a Cisco ACI managed network in a private cloud or data center. Security and compliance: Even if the application-server or load-balancer tiers can be deployed in various other environments, the database tier is well suited for a Cisco ACI managed network environment in a private cloud or data center, to address security and compliance requirements. High-availability and disaster-recovery master-slave configuration: Users can model an application profile that contains both master and slave components that are deployed in different cloud availability zones or different data centers and clouds. If users can use one click to deploy the full application stack with a high-availability and disaster-recovery setup in different availability zones or even different data centers and clouds, they can easily and cost-effectively test various failover scenarios and delete the whole setup when they are done. And they can have the same fully tested configuration automatically deployed for production workloads as well. With Cisco CloudCenter, a stretched application topology is easy to deploy when multiple deployment environments are available. At deployment time, the user just selects Hybrid as the target cloud, as shown in Figure 5. Then the user interface exposes a separate cloud deployment drop-down menu for each tier modeled in the application profile.

Use Case 3: Migrate to Figure 5. User selects Hybrid to activate the stretched application deployment feature Placement decisions for the entire stack or for individual tiers can be guided by the Cisco CloudCenter tagging and rules engine. For example, a Health Insurance Portability and Accountability Act (HIPPA) compliant application can be tagged so that users can choose only a Cisco ACI managed data center for the database tier, regardless of where other tiers are deployed. Cisco CloudCenter with Cisco ACI supports three stretched application deployment topologies. In each case, the user can select the appropriate deployment environment for each application tier without the need to change the application s architecture or attributes or have any domain knowledge about Cisco ACI or SDN. There are no environment-specific scripts or workflows that lock any tier to any particular environment. Multiple pods: Cisco CloudCenter can deploy N-tiered in a data center with multiple Cisco ACI pods. In this scenario, the application can be distributed across different pods in a single data center. Different tiers of an enterprise web application can be placed in different networks with different VLANs. The unique Cisco ACI label-based, dynamic directional routing helps ensure that the consumer virtual machines connect only to the provider virtual machines with matching labels. This approach provides a truly isolated network for each tier in the application.

Use Case 3: Migrate to Stretched fabric: Cisco CloudCenter can deploy N-tiered in a Cisco ACI fabric that is stretched across geographically dispersed sites and over long distances. In this scenario, the application can be distributed to different pods in separate data centers while taking advantage of the network services provided by the single stretched network fabric. For example, the load balancer and the application server can be in data center A, and the database can be in data center B. The stretched fabric topology extends the capabilities of Cisco ACI integration with Layer 4 through Layer 7 (L4-L7) services. Multiple clouds: Cisco CloudCenter can deploy N-tiered across a Cisco ACI pod and a public cloud. Part of the application can be deployed in a data center or private cloud with a Cisco ACI managed network, and part of the application can be deployed in a public cloud. This scenario works well for web that have edge caches in multiple distributed cloud locations and for mobile apps for which the application tier or database tier is in a secure data center. Cisco CloudCenter and Cisco ACI together offer a truly unique and flexible solution to address the cost, security, and agility requirements for increasingly complex enterprise workloads. The profile once, deploy anywhere capabilities of Cisco CloudCenter extend to stretched deployment topologies. In all these stretched application deployment topologies, the Cisco CloudCenter application profile doesn t need to be changed, no environment- or topology-specific scripts need to be written or maintained, and the application remains portable. Use Case 3: Migrate to a Cisco ACI environment Users can take that were previously deployed in data centers not enabled for Cisco ACI and in public cloud environments and migrate them to a more secure Cisco ACI managed data center. The joint solution fully automates migration as well as creation of relevant Cisco ACI policy objects. Application workloads that are deployed managed by Cisco CloudCenter are made portable across different clouds through the Migrate feature. Cisco CloudCenter application profiles are cloud independent and portable they are not hard-wired to a single environment. As a result, Cisco CloudCenter and Cisco ACI support a hybrid IT strategy that allows users to optimize workload placement based on business need. And users can easily choose to migrate to, from, or between different data centers, private clouds, and public clouds based on use, governance rules, cost and performance requirements, and the application lifecycle phase. The solution supports three main migration scenarios: migration back from the cloud, cross-cloud Software Development Lifecycle (SDLC) migration, and data center migration.

Use Case 3: Migrate to Migration back from the cloud Many IT organizations have deployed as part of a cloud strategy and are now reconsidering their strategy as monthly public cloud costs add up. Or they are concerned about whether the public cloud meets their security and compliance requirements. With Cisco CloudCenter, users can migrate an application from a public cloud back to a data center or private cloud with a Cisco ACI managed network. As shown in Figure 6, users can select an existing deployment and choose a range of management actions, including Migrate. If is selected as the migration target, Cisco CloudCenter automates the creation of policy objects and instantiates the network configuration through the APIC API. Figure 6. User selects Migrate for an existing deployment

Use Case 3: Migrate to Cross-cloud software development lifecycle migration Using a public cloud for development and testing activities and using the data center or private cloud for the production environment is the most common hybrid cloud use case. Cisco CloudCenter supports that scenario with a powerful and integrated CliQr Continuous Integration and Continuous Delivery (CI/CD) project board feature that manages the complete software development lifecycle. Managers create projects in Cisco CloudCenter that mirror their software development lifecycle. They can allocate resources or budget for the overall project or for specific phases. User access controls and policies define who can promote code along stages of the lifecycle and which cloud is suitable for each phase. Figure 7 shows the CI/CD project board with different stages, each with different owners and project budget allocations. Figure 7. CI/CD Project board with Cisco ACI environment for production For a DevOps scenario that includes an environment that does not use Cisco ACI for development and testing but does use for production, the CI/CD project board can be set up with a cross-environment workflow that gives developers some choices in preproduction environments, but that limits choices in the more secure Cisco ACI managed network environment for the final production phase.

Use Case 3: Migrate to Cisco CloudCenter also includes a powerful tagging and governance engine that can modify security settings based on the phase. So the deployment in a development phase might be configured to leave open certain ports. But when the application is migrated to the production phase, it benefits from microsegmentation applied based on Cisco ACI policy, and the cloud also automatically closes those ports. Conversely, promotion to the production phase might open certain ports for network or security monitoring agents in the production network. Cisco CloudCenter and Cisco ACI together provide exceptional flexibility and security control not possible with deployments in public cloud environments. Data center migration Many IT organizations continue to modify their data center footprints as they evolve their hybrid IT strategy, pursue mergers and acquisitions, and for many other business reasons. Cisco CloudCenter can simplify the process and bring workloads into to gain the benefit of SDN. In a migration scenario, IT organizations typically scope the move and then bring existing workloads into the Cisco ACI environment in phases through a rolling upgrade. By profiling each application, Cisco CloudCenter can help convert VLAN ports to Cisco ACI managed ports and provide the Cisco ACI benefits of traffic monitoring and visibility into packet loss, latency, and network loops. Cisco CloudCenter is an application-centric hybrid cloud management platform that makes it easy to deploy and manage application data center, private cloud, and public cloud environments. Cisco CloudCenter and Cisco ACI together provide a single solution that gives IT organizations exceptional flexibility so that they can choose the best deployment option for a wide variety of enterprise IT workloads. This combined solution also delivers agility, security, and efficiency that is unmatched by public cloud alone. Cisco CloudCenter and Cisco ACI together offer unique capabilities to securely provision multitier ; automate stretched application deployments without the need to modify, blueprints, or deployment scripts; and efficiently migrate to Cisco ACI environments. Cisco and the Cisco logo are trademarks or registered trademarks of Cisco and/or its affiliates in the U.S. and other countries. To view a list of Cisco trademarks, go to this URL: https://www.cisco.com/go/trademarks. Third-party trademarks mentioned are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company. (1110R) C07-737054-01 07/17

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback