Inside Cisco IT: Zero Touch Deployment Using Cisco Prime Infrastructure

Similar documents
Intelligent WAN Sumanth Kakaraparthi Principal Product Manager PSOCRS-2010

Introduction to Cisco IoT Tools for Developers IoT 101

PnP Deep Dive Hands-on with APIC-EM and Prime Infrastructure

Bridging the IT to OT Technology Gap Paul Didier, IoE Verticals Solution Architect Matt Tweedie, DP World PSOIOT-2005

Routing Underlay and NFV Automation with DNA Center

Distributed Branch Deployment Costs

Borderless Networks. Tom Schepers, Director Systems Engineering

Multi-Cloud and Application Centric Modeling, Deployment and Management with Cisco CloudCenter (CliQr)

Cisco ONE Enterprise Cloud Suite

Cisco ONE Software Overview. October 2017

Use Plug and Play to Deploy New Devices

NetApp s Global Engineering Cloud: The Journey to Nexus 9k and ACI

DNA Automation Services Offerings

CloudCenter for Developers

Več kot SDN - SDA arhitektura v uporabniških omrežjih

THE NETWORK. INTUITIVE. Powered by intent, informed by context. Rajinder Singh Product Sales Specialist - ASEAN August 2017

APIC-EM / EasyQoS - End to End Orchestration of QoS in Enterprise Networks

Cisco Cloud Architecture with Microsoft Cloud Platform Peter Lackey Technical Solutions Architect PSOSPG-1002

Scope and Sequence: CCNA Discovery

Resilient WAN and Security for Distributed Networks with Cisco Meraki MX

Scope and Sequence: CCNA Exploration v4.0

CCIE Collaboration Lab

Introducing Cisco Cloud Administration CLDADM v1.0; 5 Days; Instructor-led

Cisco ONE Software BRKRST Dan Lohmeyer Senior Director, Software Strategy and Operations

Cisco SD-Access Hands-on Lab

Cisco Prime for Enterprise Innovative Network Management

Cisco UCS Director and ACI Advanced Deployment Lab

Cisco Software Defined Access (SDA)

CCNA Routing and Switching Courses. Scope and Sequence. Target Audience. Curriculum Overview. Last updated August 22, 2018

Internet of Things Field Network Director

Scope and Sequence: CCNA Discovery

Scope and Sequence: CCNA Discovery v4.0

Cisco Deploying Basic Wireless LANs

CCNA Routing and Switching Course Overview

Cisco SD-Access Building the Routed Underlay

One Management Realized, with Cisco Prime Infrastructure Manage Complexity. Manage Effectively. Manage Intelligently. Closing

SWITCH Implementing Cisco IP Switched Networks

Multi-Cloud and Application Centric Modeling, Deployment and Management with Cisco CloudCenter (CliQr)

Cisco Configuration Engine 3.5

Intelligent WAN (IWAN) Design and Deployment

Building Applications with IOx

IWAN APIC-EM Application Cisco Intelligent WAN

CCNA (Routing & Switching) Program Overview

OpenStack Enabling DevOps Shannon McFarland CCIE #5245 Distinguished DEVNET-1104

Enterprise Network Compute System (ENCS)

Cisco Exam Questions & Answers

Network Infrastructures & Service Provisioning

CCNA Routing and Switching Scope and Sequence

Intuit Application Centric ACI Deployment Case Study

Migrating Applications with CloudCenter

Community College LAN Design Considerations

Readme for Device Pack 16 for Cisco Prime Infrastructure 3.1

CCNA Routing and Switching Courses. Scope and Sequence. Target Audience. Curriculum Overview. Last updated November 2, 2016

Cisco Tetration Analytics

Cisco Enterprise Cloud Suite Overview Cisco and/or its affiliates. All rights reserved.

Cisco.Realtests v by.TAMMY.29q. Exam Code: Exam Name: CXFF - Cisco Express Foundation for Field Engineers

Instant Access - Virtual Switching System Hands on Lab

ISR G2 and Service Ready Engine Smart Branch Vision

Next generation branch with SD-WAN and NFV

Transforming the Network for the Digital Business

CCNA Routing and Switching Courses. Scope and Sequence. Target Audience. Curriculum Overview. Last updated August 22, 2018

Diploma in Network (LAN/WAN) Administration

Introduction to 802.1X Operations for Cisco Security Professionals (802.1X)

Fast IT - Policy Driven Infrastructure for the Intercloud World

Simplify and automate your network with Cisco DNA

Data Center/Virtualization and the Cloud: Impact on the Evolution of Training and Certification

"Charting the Course... Interconnecting Cisco Networking Devices Accelerated 3.0 (CCNAX) Course Summary

CONFIGURATION OF CISCO 2610 ROUTER PRODUCT CATALOG EBOOK

DevNet Workshop-Hands-on with CloudCenter and Jenkins

CCNA Security ( ) and CCNP ( , , )

Modelos de Negócio na Era das Clouds. André Rodrigues, Cloud Systems Engineer

Supported Platforms for Cisco Path Trace, Release x. This document describes the supported platforms for the Cisco Path Trace, Release x.

Configure Devices Using Converged Access Deployment Templates for Campus and Branch Networks

Interconnecting Cisco Networking Devices Part 1 ICND1

Data Center and Cloud Automation

Automation of Application Centric Infrastructure (ACI) with Cisco UCS Director

5 Days Course on LAN Switching & Wireless and Accessing the WAN (CCNA 3 & 4)

CCNA Exploration Network Fundamentals

Next Gen Enterprise Management and Operations with Cisco DNA

Cisco CCNA (ICND1, ICND2) Bootcamp

Cisco.Network.Intuitive FastLane IT Forum. Andreas Korn Systems Engineer

Advanced CSR Lab with High Availability and Transit VPC

Schedule of Maine is IT Offerings: 01/20/ /16/2015 Three Core IT Offerings:

From PoC to Production A Case Study of How a Global Customer Adopted VMware's Virtual SAN on UCS

Delivering Enterprise SDN. Now. Simplify and Automate Your Network for Digital Transformation

Serviceability of SD-WAN

Hybrid Clouds: Integrating the Enterprise Data Center and the Public Cloud

Exam Code: Exam Code: Exam Name: Advanced Borderless Network Architecture Systems Engineer test.

Computer Information Systems (CIS) CIS 105 Current Operating Systems/Security CIS 101 Introduction to Computers

Hybrid Cloud Solutions

Cisco APIC-EM Components and Architecture, page 3. About the Cisco Application Policy Infrastructure Controller Enterprise Module (APIC-EM), page 1

P ART 3. Configuring the Infrastructure

Chapter 10: Review and Preparation for Troubleshooting Complex Enterprise Networks

Wireless LAN Solutions

Cisco SD-WAN (Viptela) Migration, QoS and Advanced Policies Hands-on Lab

CCNA Boot Camp. Course Description

Networking in the Digital Era

Cisco Unified Computing System

Pradeep Kathail Chief Software Architect Network Operating Systems Technology Group, Cisco Systems Inc.

DevOps CICD for VNF a NetOps Approach

Transcription:

Inside Cisco IT: Zero Touch Deployment Using Cisco Prime Infrastructure Stephen Hoover - Member of Technical Staff David Iacobacci - Member of Technical Staff Mary Kadomoto - Director BRKCOC-2001

Agenda Introduction The Zero Touch Deployment process Cisco IT Deployment Strategy IT Extensions Lessons Learned Demo Conclusion

What is Zero Touch Deployment? Capability to securely automate the following activities associated with a device: Provisioning Deployment Upgrades Rack, Stack, Cable Provision Deploy Upgrade Operate

Reasons to pursue ZTD Save money : Cut incident rates due to inconsistent configurations Reduce skills level necessary to deploy production network devices Shorten time to deploy

Inside Cisco IT Network of 100,000+ devices Prime Infrastructure as part of Cisco IT network management strategy 6 instances across the globe Close collaboration with PI BU (CVG) EFTs Enhancement requests Cisco IT extensions

Existing Cisco ZTD Solutions Autoinstall IOS device obtains configuration via DHCP and TFTP during boot-up sequence Smart Install Switches Configuration Engine Large number of devices with similar configurations, pushed via cns protocol Tcl Scripts

Cisco IT ZTD experience with CVO CVO - Cisco Virtual Office Teleworker Solution SDP: Secure Device Provisioning Registrar (IOS with templates) Configuration Engine: push configurations and images to routers Cisco Security Manager: Repository for templates and policies Encrypted Tunnel Internet Corporate Network

The Zero Touch Deployment process

Components to implement ZTD using PI Prime Infrastructure v2.2 Plug and Play Gateway v2.2 Target router or switch Cisco Plug and Play Application (ios/windows based) or DHCP/TFTP servers

Deployment of PI and PnP GW Option to collapse PnP GW and PI server - PI and the PnP GW could be installed and operated on the same host Target Device PnP GW Prime Infrastructure

Maintain PnP GW independent of PI server By maintaining PI and the PnP GW on independent devices, PI could remain in the DC while the PnP GW could be installed in the DMZ for access across the Internet Target Device PnP GW Prime Infrastructure

PI Based ZTD Overview Three phases, referred to as Days are used to deploy a configuration : Day0: Basic IP connectivity, CNS configuration, basic routing, Day1: Common configuration (AAA, routing protocols, ) Day2: Device specific configuration (interfaces configuration, VLANs, )

PI Based ZTD Overview Cisco IT Deployment PnP Gateway Target Device Internal network Prime Infrastructure Step 0: Provision target device Create day0 (bootstrap) and day1 configurations Create Plug and Play profile that consists of day0, day1 and image

PI Based ZTD Overview Cisco IT Deployment PnP Gateway Target Device Internal network Prime Infrastructure Step 0: Provision target device Step 1: Install device Rack, stack and cable

PI Based ZTD Overview Cisco IT Deployment PnP Gateway Target Device Internal network Prime Infrastructure Step 0: Provision target device Step 1: Install device Step 2: Apply day0 (bootstrap) configuration to device Plug and Play application

PI Based ZTD Overview Cisco IT Deployment PnP Gateway Target Device Internal network Prime Infrastructure Step 0: Provision target device Step 1: Install device Step 3: Device requests configuration via cns Step 2: Apply day0 (bootstrap) configuration to device

PI Based ZTD Overview Cisco IT Deployment PnP Gateway Target Device Internal network Prime Infrastructure Step 0: Provision target device Step 1: Install device Step 2: Apply day0 (bootstrap) configuration to device Step 3: Device requests configuration via cns Step 4: Day1 configuration & image provided

PI Based ZTD Overview Cisco IT Deployment PnP Gateway Target Device Internal network Prime Infrastructure Step 0: Provision target device Step 1: Install device Step 2: Apply day0 (bootstrap) configuration to device Step 3: Device requests configuration via cns Step 4: Day1 configuration & image provided Step 5: Day2 configuration provisioned and applied to device

Device Provisioning: Plug and Play Profiles Defines features and configurations for new deployments. Easy to reuse Required for communication with PI Organizes provisioning components by Device type Deployment Scenario (topology)

High Level Overview Plug and Play Profile Day0 Day1 IOS Image AAA ACLs Global Templates

Device Provisioning User Input (Variables) Plug and Play Profile

Day0 template considerations Day0 template is one-size-fits-all Apache VTL for flexible scripting logic Users populate variables during pre-provisioning to generate the device specific Day0 configuration Configuration built for the Day0 template Hostname Management interface IP address/mask IP routing PnP GW certificate (if using CNS over HTTPS) CNS commands

Day0 (bootstrap) template

Bootstrap template variables

Day0 template form view

Day1 template

Plug and Play profile

Device provisioning profile

Device provisioning profiles

PnP App provisioning profile download

PnP App provisioning profile deployment

Verifying successful deployment

Day2 Finalizing the device configuration Device specific configurations: Interfaces QoS TrustSec ION (Internet Only Network Guest) CNS negation Deployed remotely to devices managed by PI Runs as configuration job in PI console Communicates over SSH with target device

Day2 - Finishing the ZTD deployments User Input (Variables) Day2 Composite Template

Cisco IT Deployment Strategy

Focus first on the Remote Office Why? Opportunity to reduce deployment resources and travel costs Devices such as desktop switches (4510) share similar configuration with Campus Target next generation of network devices and RO topologies Small Medium Large

Remote Office HW Target State Function Current Hardware Next Generation Hardware WAN GW >= OC3/155 Mbps - ASR 1K < OC3/155 Mbps - ISR G2 3945, 2951, 891 > GE - ASR 1K <= GE - ISR 4451-X LAN GW 6500/Sup720 > 40 ports - 6500/Sup2T <= 40 ports - 4500-X LAN SW Modular Chassis - 4500/Sup7E Fixed/Stackable - 3750-X Modular Chassis - 4500/Sup8E Fixed/Stackable - 3850 WLC Appliance 5508 Integrated into LAN SW WAAS Appliance 8541,7571, 694 Virtualized on 4451-X & UCS APs 3500 3700 LAB GW 3945, 2951 ISR 4451-X Console Server 2901 ISR 4451-X

Small Office (1 24 users) Equipment installed in noise damping portable rack Wiring closet not required ISR 4451-X WAN - 4 GE ports Voice - SRST, TDM voice module ISR-WAAS w/app-nav-xe Catalyst 3850 Up to 48 GE/PoE+ ports Built-in WLC 3700 Series APs Target of 15 users per AP WAN Wired LAN Wireless LAN LAB GW 802.11ac

Medium Office (25 299 users) ASR1004 WAN > GE Cat 4510/Sup8 Up to 384 GE/UPoE Built-in WLC 3700 Series APs Target of 15 users per AP ISR 4451-X WAN Voice Catalyst 3850 Up to 48 GE /PoE+ Built-in WLC WAN Wired LAN Wireless LAN 40 802.11ac 802.11ac WAAS Console Srv LAB GW Voice GW

Large Office (300+ users) ASR1004 WAN > GE Catalyst 6500/2T Up to 2TB capacity VSS Catalyst 4510/8E Up to 384 GE/UPoE Built-in WLC 3700 Series APs Target of 15 users per AP ISR 4451-X WAN Voice Catalyst 4500-X 800G switching capacity VSS Catalyst 3850 Up to 48 GE/PoE+ Built-in WLC WAN Core Wired LAN Wireless LAN 3700 Series APs 802.11ac 802.11ac WAAS Console Srv LAB GW Voice GW

IT Extensions: Configuration Lifecycle Management

Configuration Lifecycle Management Cisco IT Prime Infrastructure extensions CLM is a centralized configuration solution Content control Revision control (interfacing PI with SVN) Change tracking and approval (interfacing PI with Cisco Process Orchestrator) Optimization of configuration creation Reusable blocks of sub-configurations (templates) Object-oriented configuration structure (recursive composite templates) CLM generates standard PI templates that can be used by devices (manual push, ZTD, )

Configuration Lifecycle Management New Device New Service Configuration Update Development Config Prime Infrastructure API s Production Golden Config Cisco Process Orchestrator Approval System Subversion Version Control

Opportunity to simplify documentation A cookbook is a Word document created per Place In the Network (PIN), detailing how to deploy new or existing networks Generic PIN Configuration (cutsheets) is embedded in the cookbook A cutsheet comprise over half of the 2,000 page Remote Office cookbook Cutsheets require most frequent updates Compared to rest of cookbook Cutsheets are labor intensive, require review/updates to multiple sections

Lessons Learned

Lessons learned Simplify the network Many standards are difficult to automate! Plan hierarchical template structure Repeatable content for composite templates Simplify and minimize variables Work with users to: Create intuitive labels Organize variables for easier data input Focus on manipulating data in programmatic manner CIDR for subnet mask conversion Poll DB variables for Day2 template

Demo

Complete Your Online Session Evaluation Give us your feedback to be entered into a Daily Survey Drawing. A daily winner will receive a $750 Amazon gift card. Complete your session surveys though the Cisco Live mobile app or your computer on Cisco Live Connect. Don t forget: Cisco Live sessions will be available for viewing on-demand after the event at CiscoLive.com/Online

Continue Your Education Demos in the Cisco campus Walk-in Self-Paced Labs Table Topics Meet the Engineer 1:1 meetings Related sessions

Thank you

Internet of Things (IoT) Cisco Education Offerings Course Description Cisco Certification NEW! CCNA Industrial An associate level instructor led training course designed to prepare you for the CCNA Industrial certification CCNA Industrial Managing Industrial Networks with Cisco Networking Technologies (IMINS) Control Systems Fundamentals for Industrial Networking (ICINS) Networking Fundamentals for Industrial Control Systems (INICS) This curriculum addresses foundational skills needed to manage and administer networked industrial control systems. It provides plant administrators, control system engineers and traditional network engineers with an understanding of the networking technologies needed in today's connected plants and enterprises For IT and Network Engineers, covers basic concepts in Industrial Control systems including an introduction to automation industry verticals, automation environment and an overview of industrial control networks For Industrial Engineers and Control System Technicians, covers basic IP and networking concepts, and introductory overview of Automation industry Protocols. Cisco Industrial Networking Specialist For more details, please visit: http://learningnetwork.cisco.com Questions? Visit the Learning@Cisco Booth or contact ask-edu-pm-dcv@cisco.com

Network Programmability Cisco Education Offerings Course Description Cisco Certification Integrating Business Applications with Network Programmability (NIPBA); Integrating Business Applications with Network Programmability for Cisco ACI (NPIBAACI) Developing with Cisco Network Programmability (NPDEV); Developing with Cisco Network Programmability for Cisco ACI (NPDEVACI) Designing with Cisco Network Programmability (NPDES); Designing with Cisco Network Programmability for Cisco ACI (NPDESACI) Implementing Cisco Network Programmability (NPENG); Implementing Cisco Network Programmability for Cisco ACI (NPENGACI) Learn networking concepts, and how to deploy and troubleshoot programmable network architectures with these self-paced courses. Learn how to build applications for network environments and effectively bridge the gap between IT professionals and software developers. Learn how to expand your skill set from traditional IT infrastructure to application integration through programmability. Learn how to implement and troubleshoot open IT infrastructure technologies. Cisco Business Application Engineer Specialist Certification Cisco Network Programmability Developer Specialist Certification Cisco Network Programmability Design Specialist Certification Cisco Network Programmability Engineer Specialist Certification For more details, please visit: http://learningnetwork.cisco.com Questions? Visit the Learning@Cisco Booth or contact ask-edu-pm-dcv@cisco.com

Cloud Cisco Education Offerings Course Description Cisco Certification Designing the FlexPod Solution (FPDESIGN); Implementing and Administering the FlexPod Solution (FPIMPADM) UCS Director (UCSDF) Learn how to design, implement and administer FlexPod solutions Learn how to manage physical and virtual infrastructure using orchestration and automation functions of UCS Director. FlexPod Design Specialist; FlexPod Implementation & Administration Specialist Cisco Prime Service Catalog Learn how to deliver data center, workplace, and application services in an on-demand, automated, and repeatable method. Cisco Intercloud Fabric Learn how to implement end-to-end hybrid clouds with Intercloud Fabric for Business and Intercloud Fabric for Providers. Cisco Intelligent Automation for Cloud Learn how to implement and manage cloud deployments with Cisco Intelligent Automation for Cloud For more details, please visit: http://learningnetwork.cisco.com Questions? Visit the Learning@Cisco Booth or contact ask-edu-pm-dcv@cisco.com

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback