Cisco Application Centric Infrastructure Roadshow
Wednesday, 2. April 14
Cisco Confidential 2 © 2013-2014 Cisco and/or its affiliates. All rights reserved.
§ Business and IT trends § Cisco Open Network Environment (ONE)
§ Lunch
§ Cisco Application Centric Infrastructure (Data Center)
§ Cisco APIC Enterprise Module (WAN & Access)
Cisco ACI Roadshow - Agenda
Cisco Open Networking Environment
Wednesday, 2. April 14
Cisco Confidential 4 © 2013-2014 Cisco and/or its affiliates. All rights reserved.
§ Understand Cisco ONE vision § Comprehensive answer to SDN § New licensing scheme to simplify consumption
§ Understand the main Cisco ONE characteristics: § Complete solution (as opposed to fragmented approaches) § Open ecosystem § Open for customers (no architecture is forced upon them)
Session objectives
Cisco Confidential 5 © 2013-2014 Cisco and/or its affiliates. All rights reserved.
Cisco O
NE
Ser
vice
s
UNIFIED PLATFORM
APPLICATIONS
INFRASTRUCTURE
Data Center WAN Access
Element Management
Provisioning Infrastructure
Security & Policy
Orchestration
Service Management Application
Security, Policy &
Compliance
DC WAN ACCESS
Simplify Application Delivery
Cisco Confidential 6 © 2013-2014 Cisco and/or its affiliates. All rights reserved.
Controllers Data
Sovereignty Virtual Services
APIs
Hybrid Cloud
Fragmented Approaches Creating Increased Complexity
Element Management
Provisioning Infrastructure Security & Policy
DC WAN ACCESS
Cisco Confidential 7 © 2013-2014 Cisco and/or its affiliates. All rights reserved.
Announcing the Cisco ONE Platform Enabling Application Centric Infrastructure
Element Management
Provisioning Infrastructure Security & Policy
DC WAN ACCESS
Faster application deployments
Consistency and agility across the Enterprise
Improved application availability with faster remediation
Increased security and productivity with automation
Cisco ONE PLATFORM
APIs
APIs
Cisco Confidential 8 © 2013-2014 Cisco and/or its affiliates. All rights reserved.
WAN Data Center Access Infrastructure Domains
Controller, Virtual Switch, Northbound/Southbound APIs Cisco ONE Essentials
ACI Fabric, L2/L3 Services, Infrastructure Management Cisco ONE Foundation
Policy-Based, Optimized End-to-End Application Delivery Cisco ONE Advanced Application Services
Comprehensive Network Security and Threat Defense Cisco ONE Advanced Security Services
Cisco ONE Software Platform
Cisco Confidential 9 © 2013-2014 Cisco and/or its affiliates. All rights reserved.
Infrastructure Domains Data Center WAN Access
Cisco ONE Platform in the Data Center
Cisco ONE Advanced Application Services InterCloud
Cisco ONE Advanced Security Services ASA Web/Email Sourcefire
Cisco ONE Foundation
Prime ACI Fabric UCS Director
Cisco ONE Essentials
ONE PK N1KV DevKit
Cisco Confidential 10 © 2013-2014 Cisco and/or its affiliates. All rights reserved.
Infrastructure Domains Data Center WAN Access
InterCloud
ASA Web/Email Sourcefire
Prime ACI Fabric UCS Director
N1KV DevKit ONE PK
Cisco ONE Across WAN and Access
Cisco ONE Advanced Application Services UC Gateway WAAS AVC CMX AVC
Cisco ONE Advanced Security Services Firewall AnyConnect ISE/TrustSec Cloud
Web Security VPN
Cisco ONE Foundation
CSR AP License, L2/L3 Switching Prime Prime
Cisco ONE Essentials
DevKit ONE PK DevKit ONE PK
Cisco Confidential 11 © 2013-2014 Cisco and/or its affiliates. All rights reserved.
Infrastructure Domains Data Center WAN Access
Simplified Licensing with Logical Suites
Cisco ONE Advanced Application Services
Cisco ONE Advanced Security Services
Cisco ONE Foundation
Cisco ONE Essentials
Enterprise Security Suite
Data Center Foundation WAN Foundation Access Foundation
Cisco ONE Suite for DC
Cisco ONE Suite for WAN
Cisco ONE Suite for Access
Included with SmartNet and Collaborative Services
Cisco Confidential 12 © 2013-2014 Cisco and/or its affiliates. All rights reserved.
Infrastructure Domains Data Center WAN Access
Simplified Licensing with Logical Suites
Cisco ONE Advanced Application Services
Cisco ONE Advanced Security Services
Cisco ONE Foundation
Cisco ONE Essentials
Enterprise Security Suite
Data Center Foundation WAN Foundation Access Foundation
Cisco ONE Suite for DC
Cisco ONE Suite for WAN
Cisco ONE Suite for Access
Included with SmartNet and Collaborative Services
Cisco Confidential 13 © 2013-2014 Cisco and/or its affiliates. All rights reserved.
Spring/Summer 2014
Pricing & Offer Details
APIC Controller Availability
Enterprise Module Availability
InterCloud Availability
Fall/Winter 2014
Cisco ONE Platform Availability
ELA & Subscription Licensing Models
Announced in February
Cisco ONE Platform
Cisco InterCloud
Cisco APIC Enterprise Module
When is this Available?
Cisco Confidential 14 © 2013-2014 Cisco and/or its affiliates. All rights reserved.
Cisco ONE partner community Introducing Cisco DevNet
Innovative Apps | Compelling Apps
ONE DevKit Common Northbound APIs
API Development
Engineering SDKs Strategic and Tactical Marketing Cross Platform Support
Access to Testing Lab
Developer Support Community Management
DevNet Portal Live
Jan Feb Mar Apr Dec
Cisco Community &
DevNet Integration
ONE PK Developer Support
APIC Enterprise
Module Sandbox
DevNet Portal
DevNet APIs and SDKs
DevNet Sandbox Platform
DevNet Hackathon
(May)
To Create a Community of Software Developers who Leverage Cisco Technology in Their Work Innovative & Compelling Apps
Cisco Confidential 15 © 2013-2014 Cisco and/or its affiliates. All rights reserved.
Cisco Confidential 16 © 2013-2014 Cisco and/or its affiliates. All rights reserved.
“Cisco is late to the SDN game” Really?
http://www.openserversummit.com/English/Collaterals/Press_Releases/2013/20131021_ITBrandPulse_InnovationLeaderAwards.pdf
Cisco Confidential 17 © 2013-2014 Cisco and/or its affiliates. All rights reserved.
Cisco ONE: Infrastructure Programmability If you want you can program, but you don’t need to
SNMP (v1, v2, v3), Syslog, NETCONF, RMON, CLI
Programmable
• NX-API • JSON-RPC • XML/JSON
• Python scripting • Customizable CLIs • BASH access • Broadcom shell access • Linux containers • OpenFlow support • Cisco onePK™
Automation and Orchestration
• Puppet
• Chef
• OpenStack network plugin
• XMPP support
• OpenDaylight integration
Visibility
• Dynamic buffer monitoring
• Enhanced Ethanalyzer
• SMTP email “pipe” output
• Embedded Event Manager (EEM)
• Flow monitoring
• vTracker
Cisco Confidential 18 © 2013-2014 Cisco and/or its affiliates. All rights reserved.
Did you know?
“Managing Cisco Devices using Puppet”: http://www.youtube.com/watch?v=ai_93hUlmt0
Cisco Confidential 19 © 2013-2014 Cisco and/or its affiliates. All rights reserved.
Quiz:
When did Cisco include into IOS programmability with “Embedded Event Manager” (TCL scripts) ?
• 2000
Cisco Confidential 20 © 2013-2014 Cisco and/or its affiliates. All rights reserved.
§ Open-source controller
§ Main industry players support the initiative
§ Multiple northbound and southbound APIs
§ Base controller code provided by Cisco
§ Cisco will provide commercial versions of Open Daylight
Open Daylight Cisco’s reference for controller architecture
Cisco Confidential 21 © 2013-2014 Cisco and/or its affiliates. All rights reserved.
Traditional traffic visibility in the DC Lacking flexibility and scalability
Analysis appliances / modules (like Cisco NAM)
Challenges:
• Some people need more analysis appliances (like IDS, Web site analytics, ad hoc Wireshark for troubleshooting, etc)
• In many DCs the bandwidth to analyze exceeds the capacity of a single appliance: a scale-out approach is required
Cisco Confidential 22 © 2013-2014 Cisco and/or its affiliates. All rights reserved.
Solution: create a monitoring network All production traffic is sent via SPAN or TAPs to the monitoring network
“SPAN aggregator
switch”
NAM appliances
Challenges:
• The configuration of the SPAN aggregator switch becomes “interesting”
• What if you need two SPAN aggregator switches?
Other analysis appliances (IDS, Wireshark, etc)
General purpose switch (unflexible) Or
Purpose-built switch (expensive)
Cisco Confidential 23 © 2013-2014 Cisco and/or its affiliates. All rights reserved.
SPAN aggregator switch: life can be hard… Using a standard Ethernet switch as SPAN aggregator has limitations
• N ingress ports (as many as switches in the production network)
• M egress ports (as many as analysis appliances)
• Forwarding rules examples:
• Send all traffic to appliances 1 and 2
• Send HTTP traffic to appliance 3
• Send Applications X and Y to appliance 4
• Have you tried to do the above with VLANs/VACLs?
• What if you need 2 SPAN aggregator switches?
“SPAN aggregator switch”
Analysis appliances (Troubleshooting, IDS,
Performance, Wireshark, etc)
Production network devices
Traffic coming from TAPs or SPAN sessions
Traffic selectively forwarded to specific appliances
Cisco Confidential 24 © 2013-2014 Cisco and/or its affiliates. All rights reserved.
§ Introduce OpenFlow non-intrusively in your organization
§ Cost-effective, flexible solution to gain more intelligence out of your network traffic: gain visibility into what is going one in your network!
Example with Cisco commercial version of Open Daylight Controller Application: TAP aggregator using OpenFlow
Cisco OpenDayligh
t
Cisco Network Analysis Modules (NAMs)
Other analysis appliances (IDS, Wireshark, etc)
Nexus 3000
Openflow
Monitoring Network Production
Network
Mirrored Traffic
Cisco Confidential 25 © 2013-2014 Cisco and/or its affiliates. All rights reserved.
Cisco Confidential 26 © 2013-2014 Cisco and/or its affiliates. All rights reserved.
26 26
Network architectures in the DC
Virtual Networking
Network Fabrics Application Centric Infrastructure
Cisco Open Network Environment
Federated Clouds
Supported infrastructure
Full Cisco Nexus portfolio Anything Cisco Nexus 9000
Cisco Confidential 27 © 2013-2014 Cisco and/or its affiliates. All rights reserved.
§ Scalable, flexible networks § Technology examples:
§ Virtual Port Channels enable non-blocking redundant architectures § Fabric Extenders enable management simplification § FabricPath enables flexible L2 topologies like spine/leaf or large domains § Unified Ports and FCoE enable consolidation of storage and data fabrics § BiDi optics enable low-cost transition to 40GbE
§ With a rich switching portfolio to meet every need
§ Dynamic Fabric Automation takes a DC network to the next level
Data Center Network Fabrics Network Fabrics
Cisco Confidential 28 © 2013-2014 Cisco and/or its affiliates. All rights reserved.
Data Center Network Fabrics Dynamic Fabric Automation: the next level
Fabric Management
DFA consists of four modules, that can be deployed individually or together for a comprehensive solution
Workload Automation
Virtual Fabrics Optimized Networking
Centralized Management XMPP
Zero-touch provisioning Cable consistency checks
Orchestration integration Workload-aware fabric Automated provisioning
Any subnet anywhere Reduced failure domains Scalable Multitenancy
Network Fabrics
Cisco Confidential 29 © 2013-2014 Cisco and/or its affiliates. All rights reserved.
Cisco Virtual Networking Virtual
Networking
Tenant A
Nexus 1000V
Nexus 1000V
• Distributed switch • NX-OS
consistency
Security
• Zone-based FW • Edge FW
Application
• Application visibility
• Application performance
• WAN optimization
InterCloud
• Flexible Hybrid Cloud
Routing
• Virtual router • WAN L3 gateway
• Routing and VPN
ASA 1000V Cloud
Firewall
Cisco Virtual
Security Gateway
(VSG) vWAAS
Citrix NetScaler
VPX
Imperva SecureSphere
WAF Cloud Services Router 1000V
Zone A
Zone B
vPath VXLAN
Multi-Hypervisor (VMware, Microsoft*, RedHat*, Citrix*)
Ecosystem Services
• Citrix NetScaler VPX virtual ADC
• Imperva Web App. Firewall
Any Physical Infrastructure (Compute, Network, Storage)
Ciisco vNAM
Cisco Confidential 30 © 2013-2014 Cisco and/or its affiliates. All rights reserved.
Innovation Example: Cisco VXLAN Gateways Connecting physical workloads to a virtual overlay
L3 VXLAN gateway: L3 services VM (CSR 1Kv / ASAv)
L2 VXLAN gateway on Nexus 1110
L2 VXLAN gateway on physical switch
L3 VXLAN gateway on physical switch
Virtual Networking
Cisco Confidential 31 © 2013-2014 Cisco and/or its affiliates. All rights reserved.
Example: Cisco Intercloud
Public Cloud
Cloud Services
Hybrid Cloud: The Best of Both Worlds
Dev/Test: Quickly develop in cloud and run production in data center
Capacity Augmentation: Build the base and rent the peak
Disaster Recovery: Deliver as a service, reduce complexity and cost
Data Center
Private Cloud
Virtual Networking
Cisco Confidential 32 © 2013-2014 Cisco and/or its affiliates. All rights reserved.
Current Approaches
Cisco InterCloud
Customer
Choice Open
vCloud Hybrid Services™
Homogeneous + Custom
Providers
Open Workload Mobility
Virtual Networking
Cisco Confidential 33 © 2013-2014 Cisco and/or its affiliates. All rights reserved.
Cisco InterCloud
Customer Cloud Providers
& Cisco Powered
Services Choice Open
Cisco’s Hybrid Cloud Differentiation
Open Ecosystem
No Cloud Vendor Lock-In Any Hypervisor to Any Provider Heterogeneous Infrastructure
End-to-End Security Data Sovereignty Workload Mobility Across Clouds
Virtual Networking
Cisco Confidential 34 © 2013-2014 Cisco and/or its affiliates. All rights reserved.
Cisco InterCloud Solution Overview
Enterprise DC / Private Cloud Provider Clouds
vSphere
Hyper-V
OpenStack/KVM
CloudStack/Xen
InterCloud Business Edition
End User & IT Admin Portals
Secure Fabric, Network,
Compute & Storage
Azure APIs
EC2 APIs
InterCloud Provider Enablement Platform
Cloud Providers Cisco Powered
Services
Brokered Services
Virtual Networking
Cisco Confidential 35 © 2013-2014 Cisco and/or its affiliates. All rights reserved.
Cisco InterCloud: Secure Workload Mobility Hybrid Cloud for burst capacity or dev/test machines
Private Public
Choice: Freedom to place workloads across heterogeneous Private and Public Clouds
Consistency: End-to-end workload security with consistent extension of Private Cloud policies to Public Cloud environments
Cisco InterCloud
Control: Unified management and networking to move workloads across clouds
Compliance: Assurance that all employees adhere to IT policies when using Public Cloud services
Sustained Workloads Variable Workloads
Virtual Networking
Cisco Confidential 36 © 2013-2014 Cisco and/or its affiliates. All rights reserved.
Cisco Confidential 37 © 2013-2014 Cisco and/or its affiliates. All rights reserved.
§ Simplifying IT, increasing agility § Delivering on the promise of SDN § Providing customer choice and flexibility § Open ecosystem, driving innovation § Only Cisco: breadth, depth, leadership
Cisco ONE Platform
Cisco Confidential 38 © 2013-2014 Cisco and/or its affiliates. All rights reserved.
After lunch we will see Cisco’s Application Centric Infrastructure
Thank you.