Virtual Tech Update Intercloud Fabric Michael Petersen Systems Engineer, Cisco Denmark michaep2@cisco.com
Agenda Introduction Intercloud and Intercloud Fabric Intercloud Fabric - New Features Intercloud Fabric Deployment & Best Practices Tour of the Intercloud Fabric Q&A 2
Intercloud and Cisco Intercloud Fabric Collaboration and Video WebEx Big Data and Analytics Native Cloud Applications Enterprise Private Clouds Meraki Security Enterprise Workloads HCS INTERCLOUD Analytics HANA aas IaaS Intercloud Providers Intercloud Services Intercloud Alliance vdesktop aas PaaS Public Clouds IOE aas Microsoft Suite aas DRaaS 3
Cisco Intercloud Fabric: Solution Overview Private Data Center End User Portal CISCO INTERCLOUD FABRIC Cloud VM catalogs and Templates Rest APIs IT Admin vsphere HyperV Cloud Configuration and Security OpenStack KVM Intercloud Ecosystem 4
Secure Data Center Extension for Flexible Hybrid IT No Vendor Lock-In Any Hypervisor to Any Provider Expanding Cloud Provider Ecosystem Heterogeneous Infrastructure Customer Open CISCO INTERCLOUD FABRIC Choice End-to-End Security Unified Workload Management and Governance Workload Mobility Across Clouds 5
Intercloud Fabric 6
Cisco Intercloud Fabric Architectural Details End Users IT Admins VM Manager VM VM Intercloud Fabric Director Intercloud Fabric for Business End User and IT Admin Portal Workload and Fabric Management VM Intercloud Fabric Provider Platform Intercloud Fabric for Providers VM Intercloud Fabric Services DC/Private Cloud Intercloud Extender Intercloud Fabric Secure Extender (Secure Network Extension) Intercloud Switch Provider Cloud 7
Intercloud Fabric Structure Cisco Intercloud Fabric Architecture is Modularized to Achieve the Elasticity Needed to Support Evolving Cloud Environments ICF Extended Services + External Partners (storage, load balancing, etc.) ICF Core Services Networking Security VM Portability Management and Visibility Automation Secure ICF Core Infrastructure ICFD PNSC Communications ICFPP Private Cloud: Enterprise Public Cloud: Provider 8
Intercloud Fabric - New Features 9
New Features Platform Features Seamless Upgrade support, AWS VPC support, limited support for Hyper- V and KVM/Openstack platforms Networking Intercloud Fabric Router (Integrated) support on Azure Security Cloud Security Groups, Intercloud Fabric Firewall on Azure and Cisco Intercloud Services Storage Support for Multiple Disks within Guest VMs Management and Visibility ERSPAN, Netflow for Traffic Visibility, Cloud VM on-boarding into ICF management Automation and APIs End User Single Pane of Glass through Integration with PSC version 11.0 10
Intercloud Fabric Features Platform & Networking Platform AWS VPC VM Onboarding Networking Intercloud Fabric Router Inter-VLAN routing Default Gateway / Extended Gateway NAT 11
Intercloud Fabric Features VM Onboarding Why is this important? VM onboarding allows existing cloud workloads to be brought into the secure ICF shell Can be utilized to control shadow IT Candidate VMs VM on provider cloud before or after installing ICF VM is not secured by the secure IcfCloud shell VM would needs to make use of enterprise resources 12
Intercloud Fabric Deployment & Best Practices 13
Intercloud Fabric Deployment & Best Practices Planning Intercloud Fabric Consumption Provider Account Credentials and Region IcfCloud Secure Layer 2 Network Extension to Provider Cloud Virtual Data Center Logical Groupings Consumer of Policies Compute, Network, System Instance Deployment Options and Limits User and Group Affiliations Policies Compute Enterprise Compute Resources Network Enterprise and Cloud Networks System Cloud InstanceNaming Templates Catalogs & Templates 14
Intercloud Fabric Deployment & Best Practices Provider Account & IcfCloud Provider Account ICF Stores the provider credentials and selected provider region as a Provider Account Best Practice Name the Provider Account for the Provider and Region, this provides a visual cue to where the cloud connects to as well as a rapid way in way to deploy another cloud connection to the same region. E.G. AWS us-west-1 provider account could be named AWS-US-WEST-1 IcfCloud connections belong to a Provider Account Best Practice Name the IcfCloud after the group or function that it is supporting in the provider cloud or a sequence -16 character limit E.G. Web-Tier-External OR AWS-US-WEST-1-01 15
Intercloud Fabric Deployment & Best Practices Provider Account & IcfCloud 16
Intercloud Fabric Deployment & Best Practices Virtual Data Centers Virtual Data Center Connects users and groups to a specific IcfCloud Contains a default Network and System Policy Contains Applications Categories to associate Applications to specific Network and System Policies Instance Limits and Modifications Best Practice Name the Virtual Data Center with a convention that indicates which Provider and IcfCloud it is related to as well as the group or function of the Virtual Data Center E.G. IcfCloud for Engineering in AWS us-east-1 Engineering-AWS-US-EAST-1 17
Intercloud Fabric Deployment & Best Practices Virtual Data Centers 18
Intercloud Fabric tour 19
ICF Object Relationships Taxonomy Private Cloud Provider Account Stores the credentials and region for a provider. Many IcfClouds can be under a single Provider Account IcfCloud connects enterprise network (ICX) to cloud network (ICS) Public Cloud Enterprise VDC Virtual Data Center IcfCloud connects enterprise network (ICX) to cloud network (ICS) IcfCloud connects enterprise network (ICX) to cloud network (ICS) Network Policy Provider Acct NIC(s) Cloud VDC Virtual Data Center Compute Policy Host Selection Network Policy Provider Acct NIC(s) NIC Name Port IP Source NIC Name Port IP Source System Policy Name Template DNS domain NIC Name Port IP Source NIC Name Port IP Source DNS Server DHCP IP POOL DHCP IP POOL 20
ICF Object Relationships Taxonomy Private Cloud Provider Account Stores the credentials and region for a provider. Many IcfClouds can be under a single Provider Account IcfCloud connects enterprise network (ICX) to cloud network (ICS) Public Cloud Enterprise VDC Virtual Data Center IcfCloud connects enterprise network (ICX) to cloud network (ICS) IcfCloud connects enterprise network (ICX) to cloud network (ICS) Network Policy Provider Acct NIC(s) Cloud VDC Virtual Data Center Compute Policy Host Selection Network Policy Provider Acct NIC(s) NIC Name Port IP Source NIC Name Port IP Source System Policy Name Template DNS domain NIC Name Port IP Source NIC Name Port IP Source DNS Server DHCP IP POOL DHCP IP POOL 21
ICF Object Relationships Taxonomy Private Cloud Provider Account Stores the credentials and region for a provider. Many IcfClouds can be under a single Provider Account IcfCloud connects enterprise network (ICX) to cloud network (ICS) Public Cloud Enterprise VDC Virtual Data Center IcfCloud connects enterprise network (ICX) to cloud network (ICS) IcfCloud connects enterprise network (ICX) to cloud network (ICS) Network Policy Provider Acct NIC(s) Cloud VDC Virtual Data Center Compute Policy Host Selection Network Policy Provider Acct NIC(s) NIC Name Port IP Source NIC Name Port IP Source System Policy Name Template DNS domain NIC Name Port IP Source NIC Name Port IP Source DNS Server DHCP IP POOL DHCP IP POOL 22
Applications with Intercloud Fabric -what use cases makes sense? 23
Secure Application Development and Test Fast deployment of DEV Fail fast ICF Shell 3. Workload mobility from Private to Public and back Public Cloud Problem Developers using public cloud natively without enterprise security Developers cannot use or test against enterprise services and databases Enterprise Portal DNS AD 1. Developers accessing public cloud through Enterprise portal 2. Extend multiple networks from Private DC to cloud with enterprise security policies Usergroup1 Portal Usergroup2 Portal Business Outcomes DC still compliant with workloads in AWS Reduce cost for IT - leverage public cloud for temp workloads Enterprise DC 24
Cisco Intercloud Fabric Customer Benefits DC/Private Cloud CISCO INTERCLOUD FABRIC Provider Cloud Choice Consistency Control Compliance Freedom to place workloads across heterogeneous Clouds Security/Networking as an extension of Private Cloud Unified workload management across clouds Policy-based deployment/governance in cloud 25
Cisco Enterprise Cloud Suite Hybrid-Ready Private Cloud Infrastructure assurance, 3 rd party billing, resource management Modern Self-Service Portal and Catalog Out-of-box application templates Stack Designer Integrated Infrastructure Management Virtual Network Services Hybrid Cloud Connectivity UCS-based Integrated Infrastructure Multi-Vendor Compute, Network, Storage, and Virtualization Cloud Services Ecosystem of Service Providers 26
Try it out! 27
Hands On (remember DNS and NTP!) 60 Day License for 10 VMs (20 HCUs) included in Intercloud Fabric Install and run with your Amazon AWS or Microsoft Azure provider accounts Azure 30 day $200 credit works with Intercloud Fabric DevNet Sandbox Test out the ICF APIs in DevNet sandbox http://develper.cisco.com/cloud Cisco dcloud Self-Paced lab covering all aspects of Intercloud Fabric Running the latest release, offering the greatest flexibility http://dcloud.cisco.com Soon supporting ICF Release 2.2.1 28
Q&A 29
Intercloud Fabric Resources Official Site: cisco.com/go/intercloudfabric White Paper: http://www.cisco.com/c/en/us/td/docs/solutions/hybrid_cloud/intercloud/intercloud_fabric.html Documentation: http://www.cisco.com/c/en/us/support/cloud-systems-management/intercloud-fabric/tsd-productssupport-series-home.html Developer Community: https://communities.cisco.com/community/developer/networking/cloud-and-systems-management/intercloudfabric DevNet YouTube Videos 30
Thank you 31