Cisco Application Centric Infrastructure Roadshow Wednesday, 2. April 14
Cisco ACI Roadshow - Agenda Business and IT trends Cisco Open Network Environment (ONE) Lunch Cisco Application Centric Infrastructure (Data Center) Cisco APIC Enterprise Module (WAN & Access) Cisco Confidential 2
Cisco Open Networking Environment Wednesday, 2. April 14
Session objectives Understand vision Comprehensive answer to SDN New licensing scheme to simplify consumption Understand the main characteristics: Complete solution (as opposed to fragmented approaches) Open ecosystem Open for customers (no architecture is forced upon them) Cisco Confidential 4
Simplify Application Delivery APPLICATIONS Service Management Orchestration Application Security, Policy & Compliance Services UNIFIED PLATFORM Provisioning Element Management Infrastructure Security & Policy Data Center WAN Access INFRASTRUCTURE DC WAN ACCESS Cisco Confidential 5
Fragmented Approaches Creating Increased Complexity Controllers Provisioning Element Management Infrastructure Security & Policy Virtual Services APIs Data Sovereignty DC WAN ACCESS Hybrid Cloud Cisco Confidential 6
Announcing the Platform Enabling Application Centric Infrastructure APIs Provisioning Infrastructure PLATFORM Security Element & Policy Management APIs Faster application deployments Consistency and agility across the Enterprise Improved application availability with faster remediation Increased security and productivity with automation DC WAN ACCESS Cisco Confidential 7
Software Platform Advanced Security Services Advanced Application Services Foundation Comprehensive Network Security and Threat Defense Policy-Based, Optimized End-to-End Application Delivery ACI Fabric, L2/L3 Services, Infrastructure Management Essentials Controller, Virtual Switch, Northbound/Southbound APIs Infrastructure Domains Data Center WAN Access Cisco Confidential 8
Platform in the Data Center Advanced Security Services ASA Web/Email Sourcefire Advanced Application Services InterCloud Foundation ACI Fabric UCS Director Prime Essentials ONE PK DevKit N1KV Infrastructure Domains Data Center WAN Access Cisco Confidential 9
Across WAN and Access Advanced Security Services ASA Web/Email Sourcefire Cloud Firewall ISE/TrustSec AnyConnect VPN Web Security Advanced Application Services InterCloud AVC WAAS UC Gateway AVC CMX Foundation ACI Fabric UCS Director Prime CSR Prime AP License, L2/L3 Switching Prime Essentials ONE PK DevKit N1KV ONE PK DevKit ONE PK DevKit Infrastructure Domains Data Center WAN Access Cisco Confidential 10
Simplified Licensing with Logical Suites Advanced Security Services Enterprise Security Suite Advanced Application Services Suite for DC Suite for WAN Suite for Access Foundation Data Center Foundation WAN Foundation Access Foundation Essentials Included with SmartNet and Collaborative Services Infrastructure Domains Data Center WAN Access Cisco Confidential 11
Simplified Licensing with Logical Suites Advanced Security Services Enterprise Security Suite Advanced Application Services Suite for DC Suite for WAN Suite for Access Foundation Data Center Foundation WAN Foundation Access Foundation Essentials Included with SmartNet and Collaborative Services Infrastructure Domains Data Center WAN Access Cisco Confidential 12
When is this Available? Announced in February Platform Cisco InterCloud Cisco APIC Enterprise Module Spring/Summer 2014 Pricing & Offer Details APIC Controller Availability Enterprise Module Availability InterCloud Availability Fall/Winter 2014 Platform Availability ELA & Subscription Licensing Models Cisco Confidential 13
partner community Introducing Cisco DevNet To Create a Community of Software Developers who Leverage Cisco Technology in Their Work Innovative Apps Compelling Apps Innovative & Compelling Apps Engineering SDKs Developer Support Community Management API Development ONE DevKit Common Northbound APIs Cross Platform Support Access to Testing Lab Strategic and Tactical Marketing DevNet Portal Live Cisco Community & DevNet Integration ONE PK Developer Support APIC Enterprise Module Sandbox DevNet Hackathon (May) DevNet Portal DevNet APIs and SDKs Dec Jan Feb Mar Apr DevNet Sandbox Platform Cisco Confidential 14
Cisco Confidential 15
Cisco is late to the SDN game Really? http://www.openserversummit.com/english/collaterals/press_releases/ 2013/20131021_ITBrandPulse_InnovationLeaderAwards.pdf Cisco Confidential 16
: Infrastructure Programmability If you want you can program, but you don t need to Programmable NX-API JSON-RPC XML/JSON Python scripting Customizable CLIs BASH access Broadcom shell access Linux containers OpenFlow support Cisco onepk Automation and Orchestration Puppet Chef OpenStack network plugin XMPP support OpenDaylight integration Visibility Dynamic buffer monitoring Enhanced Ethanalyzer SMTP email pipe output Embedded Event Manager (EEM) Flow monitoring vtracker SNMP (v1, v2, v3), Syslog, NETCONF, RMON, CLI Cisco Confidential 17
Did you know? Managing Cisco Devices using Puppet : http://www.youtube.com/watch?v=ai_93hulmt0 Cisco Confidential 18
Quiz: When did Cisco include into IOS programmability with Embedded Event Manager (TCL scripts)? 2000 Cisco Confidential 19
Open Daylight Cisco s reference for controller architecture Open-source controller Main industry players support the initiative Multiple northbound and southbound APIs Base controller code provided by Cisco Cisco will provide commercial versions of Open Daylight Cisco Confidential 20
Traditional traffic visibility in the DC Lacking flexibility and scalability Analysis appliances / modules (like Cisco NAM) Challenges: Some people need more analysis appliances (like IDS, Web site analytics, ad hoc Wireshark for troubleshooting, etc) In many DCs the bandwidth to analyze exceeds the capacity of a single appliance: a scale-out approach is required Cisco Confidential 21
Solution: create a monitoring network All production traffic is sent via SPAN or TAPs to the monitoring network NAM appliances SPAN aggregator switch Other analysis appliances (IDS, Wireshark, etc) General purpose switch (unflexible) Or Purpose-built switch (expensive) Challenges: The configuration of the SPAN aggregator switch becomes interesting What if you need two SPAN aggregator switches? Cisco Confidential 22
SPAN aggregator switch: life can be hard Using a standard Ethernet switch as SPAN aggregator has limitations SPAN aggregator switch Production network devices Analysis appliances (Troubleshooting, IDS, Performance, Wireshark, etc) Traffic selectively forwarded to specific appliances Traffic coming from TAPs or SPAN sessions N ingress ports (as many as switches in the production network) M egress ports (as many as analysis appliances) Forwarding rules examples: Send all traffic to appliances 1 and 2 Send HTTP traffic to appliance 3 Send Applications X and Y to appliance 4 Have you tried to do the above with VLANs/VACLs? What if you need 2 SPAN aggregator switches? Cisco Confidential 23
Example with Cisco commercial version of Open Daylight Controller Application: TAP aggregator using OpenFlow Cisco Network Analysis Modules (NAMs) Cisco OpenDayligh t Openflow Mirrored Traffic Nexus 3000 Other analysis appliances (IDS, Wireshark, etc) Monitoring Network Production Network Introduce OpenFlow non-intrusively in your organization Cost-effective, flexible solution to gain more intelligence out of your network traffic: gain visibility into what is going one in your network! Cisco Confidential 24
Cisco Confidential 25
Network architectures in the DC Federated Clouds Network Fabrics Application Centric Infrastructure Virtual Networking Cisco Open Network Environment Supported infrastructur e Full Cisco Nexus portfolio Anything Cisco Nexus 9000 Cisco Confidential 26 26
Data Center Network Fabrics Network Fabrics Scalable, flexible networks Technology examples: Virtual Port Channels enable non-blocking redundant architectures Fabric Extenders enable management simplification FabricPath enables flexible L2 topologies like spine/leaf or large domains Unified Ports and FCoE enable consolidation of storage and data fabrics BiDi optics enable low-cost transition to 40GbE With a rich switching portfolio to meet every need Dynamic Fabric Automation takes a DC network to the next level Cisco Confidential 27
Data Center Network Fabrics Dynamic Fabric Automation: the next level Network Fabrics Fabric Management Workload Automation Optimized Networking Virtual Fabrics DFA consists of four modules, that can be deployed individually or together for a comprehensive solution Centralized Management XMPP Zero-touch provisioning Cable consistency checks Orchestration integration Workload-aware fabric Automated provisioning Any subnet anywhere Reduced failure domains Scalable Multitenancy Cisco Confidential 28
Cisco Virtual Networking Virtual Networking Zone A Cisco Virtual Security Gateway (VSG) ASA 1000V Cloud Firewall Tenant A vwaas Cloud Services Router 1000V Ciisco vnam Imperva SecureSphere Citrix WAF NetScaler VPX Zone B vpath VXLAN Nexus 1000V Multi-Hypervisor (VMware, Microsoft*, RedHat*, Citrix*) Any Physical Infrastructure (Compute, Network, Storage) Nexus 1000V Security Application Routing Ecosystem Services InterCloud Distributed switch NX-OS consistency Zone-based FW Edge FW Application visibility Application performance WAN optimization Virtual router WAN L3 gateway Routing and VPN Citrix NetScaler VPX virtual ADC Imperva Web App. Firewall Flexible Hybrid Cloud Cisco Confidential 29
Innovation Example: Cisco VXLAN Gateways Connecting physical workloads to a virtual overlay Virtual Networking L3 VXLAN gateway: L3 services VM (CSR 1Kv / ASAv) L2 VXLAN gateway on Nexus 1110 L2 VXLAN gateway on physical switch L3 VXLAN gateway on physical switch Cisco Confidential 30
Example: Cisco Intercloud Virtual Networking Data Center Cloud Services Private Cloud Public Cloud Hybrid Cloud: The Best of Both Worlds Dev/Test: Quickly develop in cloud and run production in data center Capacity Augmentation: Build the base and rent the peak Disaster Recovery: Deliver as a service, reduce complexity and cost Cisco Confidential 31
Current Approaches Open Workload Mobility Virtual Networking Providers Customer Open Homogeneous + Custom Choice Cisco InterCloud vcloud Hybrid Services Cisco Confidential 32
Cisco s Hybrid Cloud Differentiation Virtual Networking No Cloud Vendor Lock-In Any Hypervisor to Any Provider Heterogeneous Infrastructure Open Ecosystem Customer Open Choice Cloud Providers & Cisco Powered Services End-to-End Security Data Sovereignty Workload Mobility Across Clouds Cisco InterCloud Cisco Confidential 33
Cisco InterCloud Solution Overview Virtual Networking Enterprise DC / Private Cloud Provider Clouds vsphere InterCloud Business Edition InterCloud Provider Enablement Platform Cloud Providers Cisco Powered Services Brokered Services Hyper-V End User & IT Admin Portals OpenStack/KVM Secure Fabric, Network, Compute & Storage Azure APIs CloudStack/Xen EC2 APIs Cisco Confidential 34
Cisco InterCloud: Secure Workload Mobility Hybrid Cloud for burst capacity or dev/test machines Virtual Networking Private Cisco InterCloud Public Sustained Workloads Variable Workloads Choice: Freedom to place workloads across heterogeneous Private and Public Clouds Consistency: End-to-end workload security with consistent extension of Private Cloud policies to Public Cloud environments Control: Unified management and networking to move workloads across clouds Compliance: Assurance that all employees adhere to IT policies when using Public Cloud services Cisco Confidential 35
Cisco Confidential 36
Platform Simplifying IT, increasing agility Delivering on the promise of SDN Providing customer choice and flexibility Open ecosystem, driving innovation Only Cisco: breadth, depth, leadership Cisco Confidential 37
After lunch we will see Cisco s Application Centric Infrastructure Cisco Confidential 38
Thank you.