Cisco UCS Director and ACI Advanced Deployment Lab Michael Zimmerman, TME Vishal Mehta, TME
Agenda Introduction Cisco UCS Director ACI Integration and Key Concepts Cisco UCS Director Application Container Framework Lab Information Hands-On Time!!
Cisco UCS Director ACI Integration and Key Concepts
Cisco UCS Director - At A Glance Infrastructure Management and Orchestration Management of physical compute, network, storage and virtual hypervisor components and operations Orchestration end-to-end across entire infrastructure from a single software platform Foundation for Enterprise Private Cloud Provides infrastructure orchestration as the foundation for Private Cloud Multi-tenancy enabled, self-service application infrastructure provisioning and life-cycle management Northbound APIs and Extensibility Like music there s an appropriate timing and order of operations when provisioning infrastructure Virtualization Physical Servers Network Storage UCS Director 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 5
Importance of UCS Director for ACI #1: Automation and orchestration of native ACI operations through APIC Tenants Private Networks Application Profiles End Point Groups Contracts Service Graphs & L4L7 Devices VLAN Pools Physical/VMM Domains and more REST API UCS UCS Director 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 6
Importance of UCS Director for ACI #2: Automation and orchestration across ACI and connected endpoints UCS Director Storage Arrays L4L7 Services Non-ACI Network Physical Servers Virtual Servers Automation & Orchestration 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 7
ACI Fabric Inventory and Visibility Physical Domains VMM Domains VLAN Pools Interface Policies and Policy Groups Attachable Access Entity Profiles Tenants Private Networks External Routed Networks External Bridged Networks Bridge Domains Application Profiles Endpoint Groups L4L7 Devices L4L7 Service Graphs Contracts Subnets Rules and more 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 8
Comprehensive Task Library for ACI Operations Native ACI operations automated and available as out-of-box tasks Extensible custom task feature allows UCS Director to support ANY native ACI operation through API Complete task library enables orchestration for the entire ACI-base infrastructure, including endpoints Includes automated tasks for variety of device across the entire data center 220+ 2000+ Tasks for ACI Out-of-the-Box (UCSD 5.5) Overall Infrastructure Tasks Out-of-the-Box (UCSD 5.5) 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 9
Orchestration Workflows Collection of automated workflow tasks executed together in a specified order to full-full a specific use-case Drag and drop workflow tasks into workflow Provides flexibility to adjust product capabilities to meet customer requirements, not force customers to adjust requirements to meet product capabilities 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 10
Orchestration Workflow Example #1 Provision ACI Application Network Profile (ANP) Creates two tier application network profile including the following operations Private Network per ANP Bridge Domain per Tier EPG per Tier Contract between Tiers Association of VMM Domain to EPGs 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 11
Orchestration Workflow Example #2 Configure New Physical Domain in ACI Fabric Creates new VPC attached ACI Physical Domain including the following VLAN Pool Physical Domain Attachable Access Entity Profile VPC Interface Policy Group Interface Profile Switch Profile 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 12
Cisco UCS Director Application Container Framework
UCS Director Application Container An object that represents an application instance and all it s underlying resources Provides application owners visibility, correlation and management capabilities of application resources across the infrastructure Application Container Application Container Application Container Application Container UCS Director Virtual Server Resources Physical Server Resources Netw ork Resources Private Cloud Infrastructure Storage Resources 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 14
UCS Director Application Container Framework Front-end framework built around Application Containers Includes out-of-box workflows for specific use-cases Two high-level prerequisites required to leverage application containers 1. Tenant Onboarding 2. Application Profile 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 15
Component 1: Tenant Onboarding First prerequisite required to leverage Application Containers Tenant : a grouping of resources and the users that have access to those resources Not to be confused with an APIC Tenant Tenant Onboarding : process of creating the tenant object in UCS Director, assigning user groups and provisioning/allocating resources 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 16
Tenant Onboarding Flowchart Start Resource Tags Required? No Create Resource Group Define Service Classes Build Tenant Onboarding Workflow Yes Create Pod Create Resource Tags Add Devices To Resource Group Define Tenant Profile Execute Onboarding Workflow Add Devices To UCS Director/Pod Tag Appropriate Resources Define Environment Specific Inputs Finish Create Service Offering 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 17
Resource Group Framework Resource management framework built-in to UCS Director Enables the dynamic selection of available resources chosen based on criteria in the form of User Defined Tags Capabilities Capacities Four main components of Resource Group framework Resource Group Tag Library Service Offering Tenant Profile 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 18
Represents available resources and their characteristics Resource Groups: How They Work Resource Group Virtual Compute Physical Compute Virtual Network Physical Network Virtual Storage Physical Storage 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 19
vcenter Account Resource Groups: How They Work Resource Group Virtual Compute Physical Compute Virtual Network Physical Network Virtual Storage Physical Storage 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 20
vcenter Account Resource Groups: How They Work Resource Group Virtual Compute Physical Compute Virtual Network Physical Network Virtual Storage Physical Storage 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 21
vcenter Account Resource Groups: How They Work Resource Group Virtual Compute Physical Compute Capabilities Capacities Virtual Network Physical Network Capabilities Capacities Virtual Storage Physical Storage Capabilities Capacities 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 22
Cluster 3 vcenter Account Cluster 2 Cluster 1 Resource Groups: How They Work Resource Group Virtual Compute Capabilities DRS Enabled: True HA Enabled: True Capabilities DRS Enabled: True HA Enabled: False Capabilities DRS Enabled: False HA Enabled: False 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 23
Cluster 3 vcenter Account Cluster 2 Cluster 1 Represents what resource characteristics are required Resource Groups: How They Work Resource Group Service Offering Virtual Compute Virtual Compute Physical Compute Capabilities DRS Enabled: True HA Enabled: True Capabilities Capacities Tags Virtual Network Capabilities Capacities Tags Physical Network Capabilities DRS Enabled: True HA Enabled: False Capabilities Capacities Tags Capabilities Capacities Tags Virtual Storage Physical Storage Capabilities DRS Enabled: False HA Enabled: False Capabilities Capacities Tags Capabilities Capacities Tags 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 24
Cluster 3 vcenter Account Cluster 2 Cluster 1 Resource Groups: How They Work Resource Group Virtual Compute Service Offering Virtual Compute Capabilities DRS Enabled: True HA Enabled: True Capabilities: DRS Enabled: True HA Enabled: True Capabilities DRS Enabled: True HA Enabled: False Capacities: None Required Capabilities DRS Enabled: False HA Enabled: False Tags: None Required 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 25
Cluster 3 vcenter Account Cluster 2 Cluster 1 Resource Groups: How they Work Resource Group Virtual Compute Service Offering Virtual Compute Capabilities DRS Enabled: True HA Enabled: True Capabilities: DRS Enabled: True HA Enabled: True Capabilities DRS Enabled: True HA Enabled: False Capacities: None Required Capabilities DRS Enabled: False HA Enabled: False Tags: None Required 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 26
What are Tenant Profiles? Resource Group 1 Tenant Profile: Development Resource Group 2 Resource Group 3 Service Offering 1 Service Offering 2 Service Offering 1 Service Offering 2 Service Offering 3 Resource Group 2 Service Offering 3 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 27
What are Tenant Profiles? Resource Group 1 Tenant Profile: Marketing Resource Group 2 Resource Group 3 Service Offering 1 Service Offering 2 Service Offering 1 Service Offering 2 Service Offering 3 Resource Group 1 Resource Group 2 Resource Group 3 Service Offering 3 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 28
What are Tenant Profiles? Resource Group 1 Tenant Profile: Sales Resource Group 2 Resource Group 3 Service Offering 1 Service Offering 1 Resource Group 3 Service Offering 2 Service Offering 3 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 29
Component 2: Application Profile Second prerequisite required to leverage Application Containers Application Profile : serves as an application infrastructure blueprint for ACIbased application containers Application Container instances are deployed from an Application Profile App App UCS Director App App 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 30
Application Container Flowchart Start APIC Netw ork Policies No L4-L7 Services? Application Profile Virtual Infrastructure Policy Add Service Container Catalog Item Yes Include Firew all? No L4-L7 Service Policy Application Container Template Finish Yes Yes Self-Service? ASAv VM Deployment Policy APIC Firew all Policy No Finish 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 31
Lab Information
Physical Lab Topology Catalyst 4948 (L3 Out Switch) Nexus 9336 (Spine) Cisco APIC (ACI Controller) Nexus 9396-1 (Leaf) Nexus 9396-2 (Leaf) Cisco C220s (ESXi Hosts) Nexus 5548 (Storage Switch) VNXe 3200 (IP Storage) 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 33
VMware ESXi Host Clusters Catalyst 4948 (L3 Out Switch) Nexus 9336 (Spine) Cisco APIC (ACI Controller) Nexus 9396-1 (Leaf) Infrastructure Cluster Prod Cluster Nexus 9396-2 (Leaf) Cisco C220s (ESXi Hosts) Nexus 5548 (Storage Switch) VNXe 3200 (IP Storage) Dev Cluster No Esxi Hosts 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 34
Lab Virtual Machines Catalyst 4948 (L3 Out Switch) Nexus 9336 (Spine) Cisco APIC (ACI Controller) Nexus 9396-1 (Leaf) Infrastructure Cluster Prod Cluster Nexus 9396-2 (Leaf) Cisco C220s (ESXi Hosts) Cisco UCS Director UCSD VMware vcenter CentOS Public VM Nexus 5548 (Storage Switch) Dev Cluster No Esxi Hosts [Dedicated] [Shared] [Shared] VNXe 3200 (IP Storage) 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 35
UCS Director Managed Components Catalyst 4948 (L3 Out Switch) Nexus 9336 (Spine) Multi-Domain Manager Account Cisco APIC (ACI Controller) Nexus 9396-1 (Leaf) Infrastructure Cluster Prod Cluster Nexus 9396-2 (Leaf) Cisco C220s (ESXi Hosts) Cisco UCS Director UCSD [Dedicated] VMware vcenter [Shared] Virtual Account CentOS External VM [Shared] Nexus 5548 (Storage Switch) VNXe 3200 (IP Storage) Dev Cluster No Esxi Hosts 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 36
Use-Case 1: Application Container w/ Shared L3Out Common ACI Tenant Dedicated ACI Tenant Tier1 Tier2 Tier3 C C C Shared-L3Out Shared Routed Network T1-VM1 CentOS VM T2-VM1 CentOS VM T3-VM1 CentOS VM C = ACI Contract 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 37
Use-Case 1: Application Container w/ Shared L3Out Common ACI Tenant ACI Tenant_A Tier1 Tier2 Tier3 C C C Shared-L3Out Shared Routed Netw ork Tier1 Tier2 Tier3 C C ACI Tenant_B C = ACI Contract 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 38
Use-Case 2: Application Container w/ L4-L7 Services Tier1 Tier2 C T1-VM1 CentOS VM T2-VM1 CentOS VM ASAv Firewall VM C = ACI Contract 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 39
Housekeeping Items
Cisco Spark Ask Questions, Get Answers, Continue the Experience Use Cisco Spark to communicate with the Speaker and fellow participants after the session Download the Cisco Spark app from itunes or Google Play 1. Go to the Cisco Live Berlin 2017 Mobile app 2. Find this session 3. Click the Spark button under Speakers in the session description 4. Enter the room, room name = Session ID (speaker to change) 5. Join the conversation! The Spark Room will be open for 2 weeks after Cisco Live 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 41
Complete Your Online Session Evaluation Please complete your Online Session Evaluations after each session Complete 4 Session Evaluations & the Overall Conference Evaluation (available from Thursday) to receive your Cisco Live T-shirt All surveys can be completed via the Cisco Live Mobile App or the Communication Stations Don t forget: Cisco Live sessions will be available for viewing on-demand after the event at CiscoLive.com/Online 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 42
Continue Your Education Demos in the Cisco campus Walk-in Self-Paced Labs Lunch & Learn Meet the Engineer 1:1 meetings Related sessions 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 43
Hands-On Time!!
Thank You