Cisco ACI for the Microsoft Cloud Platform
- 1. Cisco ACI for the Microsoft Cloud Platform
Shashi Kiran, Senior Director, DC & Cloud Networking
Harry Petty, Director, DC & Cloud Networking
Vimala Veerappan, Engineer, Technical Marketing
- 2. We Are at the Beginning of a Major Shift
Consolidation
Virtualization
IT as a
Service
Hybrid
Cloud
Traditional
Data Center
2000 2008 2015
Automation
Adoption Curve
Efficiency
Connected Experiences
The Next 5+ years
Simplicity
Agility
Standardization
Distributed Cloud
Data Center
The IoE Era
IaaS | PaaS | SaaS | XaaS
We are here
- 3. Cisco and Microsoft Partnership Thrives
Executive Sponsorship Multi-year investments and commitment in
Microsoft and Cisco technology integration
focused on compute, network, management
Research and Development
• Unified Computing System (UCS)
• Application Centric Infrastructure (ACI)
• CSR 1000V
• Nexus 1000V & Windows Server 2012
• InterCloud Fabric
• CVDs for Microsoft Fast Track Solutions
- 4. Build Your Own
As a service
On-Prem or Intercloud
On-Demand
Private Cloud
IT Operated
Private Cloud
Optimize Your Cloud Business Model
Ownership
Management
Location
Customer
Hosted
Private Cloud
Customer
On-Prem
Partner
Cisco / Partner
Partner
Partner
Build Buy
- 5. Expanding Cloud
Provider Ecosystem
Cisco Intercloud Fabric
Seamless Workload Mobility Across Any Cloud
On-Premise
DATA CENTER
Enterprise
Private
Clouds
Intercloud
Partners
Public
Clouds
Cloud Services
And Applications
CISCO INTERCLOUD FABRIC
Cisco’s Hybrid Cloud Approach
Open
Choice
Traditional
Data Center
Enterprise
Private Cloud
• Cisco ACI
• Integrated Infrastructure
• Cisco ONE Enterprise
Cloud Suite
No Vendor Lock-In:
Open Architecture
Any Hypervisor
Across Any Provider
Unified Workload
Management
- 6. Microsoft Cloud Platform
creating the compute, network, and storage for cloud consumption
Windows Server 2012 R2 with Hyper-V
Microsoft System Center
Windows Azure Pack
• Windows Azure Pack 2.0 for Windows Server
• SPOG definition, creation, management of
Microsoft Cloud service
• Defines tenant portals
• Deploy apps and virtual networks
• System Center 2012 R2 Virtual Machine
Manager (VMM)
• Central management of the virtual networks
• Hyper-V Network Virtualization
• The infrastructure to virtualize network traffic
• Gateways connect virtual and physical
networks
VMM
- 7. “We need self-
service with new
services for apps that
scale. And my
tenants want it fast.”
Cloud Administrator
“Our customer
experience has to be
great... I want to run
my apps now… We
simply can’t wait for
infrastructure.”
Line of Business Leader
Preparing for every
application security
situation is nearly
impossible. And we
have to move fast.”
Chief Info. Security Officer
“
Infrastructure Manager
“We manage them
box-by-box. It
takes time to set
up and check for
manual errors.”
A Day in the Life - Typical Challenges
- 8. Tear DownModifyManage
“A Day in the Life” of a Microsoft Cloud Admin
Creating and managing
tenants
Enabling Shared
Services
Automating security
policies
Across thousands of virtual nodes
DeployCreate
- 10. “A Day in the Life” of the Infrastructure Team
DB TierWeb App Tier
Performance Security Availability Scale
Physical
Servers
Physical, Virtual
Servers
Physical, Virtual Servers
Firewall
Firewall
Application
Delivery
Controller
Intrusion
Detection
Application
Delivery
Controller
Firewall
Web Security
Appliance
Firewall
Firewall
Application
Delivery
Controller
Intrusion
Detection
Storage
Web
cache
Storage
IT Organization
Compute
Team
Network
Team
Security
Team
Storage
Team
Application
Team
VIRTUALIZED
SERVICES
VLAN
IP
QoS
ACLs
ADC
Services
Rules
SWITCH
VLAN
IP
QoS
ACLs
FIREWALL
Security
Policy
VIRTUALIZED
SERVICES
VLAN
IP
QoS
ACLs
FIREWALL
Security
Policy
VIRTUALIZED
SERVICES
VLAN
IP
QoS
ACLs
Compute
Team
Network
Team
Security
Team
Storage
Team
- 11. • Increased Agility For Virtual Devices –
Faster configuration and provisioning of virtual
devices
• Partial Solution– Embedded support only for
virtual devices
• Operational Complexity – Two networks
• No Traffic Visibility – Limited troubleshooting
• Limited Scale – Centralized gateways,
sub-optimal traffic flow Physical and Virtual Resources
Overlay - Virtual Devices
Physical Resources
Two Networks
Advantage
Disadvantage
Would a Software Only Overlay Suffice?
Gateway
- 12. Introducing a Better Approach:
Cisco Application Centric
Infrastructure (ACI) –
Better Together with Microsoft Cloud Platform
- 13. ACI Vision: Scale, Security and Full Visibility
Physical
Networking
Compute L4–L7
Services
StorageHypervisors
and Virtual
Networking
Multi DC
WAN and Cloud
Enabled by physical and virtual integration
Tenant Application
2
0
- 17. Cisco ACI Complements, Enhances and/or
Replaces Any Other SDN Offering
Bare Metal Applications
Virtualized Applications
Optional Software Overlay
Foundation:
Nexus or ACI
- 19. One Integrated Network for
Physical and Virtual Resources
Overlay - Virtual Devices
Physical Resources
Two Networks Gateway
Advantage
• Highest Agility – Consistent policy across
physical and virtual
• Open – Multi-hypervisor/vendor support
• Operational Efficiency – Single network
• Deep Traffic Visibility – Simplified
analysis and troubleshooting
• Highly Scalable – Integrated gateways,
optimized traffic flow
- 20. Subject Matter
Experts Define
Policies
1
Application Centric Policy
Network
SME
Security
SME
Application
SME
2
Policies Used To
Create Application
Network Profile
Templates
3
Automated policy
configuration across
the infrastructure
Life cycle
management for day
1, day 2 operations
4
Multi DC
WAN and
Cloud
StorageL4–L7
Services
ComputePhysical
Networkin
g
Hypervisor
s
and Virtual
Networking
Hypervisors
and Virtual
Networking
Physical
Networking
Compute L4–L7
Services
Storage Multi DC
WANand
Cloud
- 21. Cisco ACI and Microsoft HyperV workflow
7
23
5
Azure Pack
Tenant/
Admin
APIC Admin
(Basic
Infrastructure)
6
4
ACI
Fabric
1
Application Network Profile
Web App DBFirewall
Load
Balancer
App Profile
Xxxxxxxxxx
Xxxxxxx
xxxxxxxxxxxxxxx
Push Policy On Leaf Where EP
Attaches7
Push Network Profiles To The
Cisco® APIC2
Get VLANS Allocated
For Each EPG3
Create VM Networks4
Create Application Policy1
Instantiate VMs5
Indicate EP Attach To Attached
Leaf When VM Starts6
ACI
1
APIC Plugin SCVMM Plugin
Azure PackSPF
Hypervisor
OpFlex Agent
Web App
Web App DB
Web Web DB
Server 1
Server 2
Server 3
- 22. Simplify Operations with Visibility: Fabric Topology
• View full fabric topology.
• Displays all spine / leaf
and APIC connectivity
details
- 23. Simplify Operations: System Health Score
Aggregation of system-wide health, including pod health scores, tenant health scores, system fault
counts domain and type and the APIC cluster health state.
- 24. Simplify Operations:
Application Health Score
Aggregation of end point group health, including:
• end points,
• contexts,
• bridge domains,
• Ports
• VLAN / VXLAN
that are relevant to that particular application
health state.
- 25. Troubleshooting Scenario’s –
Viewing the Application from EP to EP with Services
• Application behind firewall
and Load balancer is having
performance issues.
• Firewall and Load balancers
are virtual.
• Wizard quickly draws a
logical topology as well as
pinpoint virtual port channel
(VPC) issue.
- 26. Troubleshooting Scenario’s –
Viewing the Application from EP to External IP
• Application running in
datacenter needs to access
outside and having issues.
• Used the tool to see a
logical topology and identify
the issue i.e. packet drops
at the interface
- 27. Faster App Availability
ARCHITECT DESIGN COMPUTE
Service
Request
STORAGE SECURITY NETWORK
Application
Available
TIME
APP
F/W
L/B
WE
B
L/B DBAPP
F/W
ADC WEB ADC DB
Policy Automation Application Policy Language Common Policy Framework and
Platform for All It Teams
APPLICATION
COMPUTE NETWORK
CLOUD
STORAGE SECURITY
- 28. Data Centers Built on Open Architectures
Open Source
UCS ACI
Inter-
cloud
OpFlexNSHVXLAN
RESTful APIs
( XML)
(JSON)
Open Standards
Open EcosystemOpen Interfaces
- 30. ACI Delivers Secure Multi-Tenancy at Scale
CENTRALIZED
AUTOMATION
Audit, Detect, Mitigate
EMBEDDED IN ACI INVESTMENT PROTECTION
FirePOWER Now Integrated with ACI
Validated for Deployment in PCI Compliant Networks
POLICY DRIVEN
Physical & Virtual
Automated Protection to Cover the Attack Continuum
- 31. © 2014 Cisco and/or its affiliates. All rights reserved.
Compliance
Driven
Threat
Focused
White-List Policy
Secure Multi-Tenancy—
Business Units and
Applications
• Ideal for the company split
• Policy automation follows
applications, not physical
location
• Re-useable but separate IP
address space
Sheila Jordan, CIO
Case Study:
- 32. Level of Segmentation/Isolation/Visibility
ACI Enables Segmentation Based
on Business Needs
VLAN 1 VXLAN 2
VLAN 3
Network centric
Segmentation by
VLAN
DEV
TEST
PROD
Segment by
Application
Lifecycle
PRODUCTION
POD
DMZ
SHARED
SERVICES
Basic DC Network
Segmentation
Per Application-tier /
Service Level
Micro-Segmentation
WEB
APP
DB
- 34. Cisco ACI Network Provider Service Offerings
Features Shared Network Tenant Private Network
Isolated Networks ✓ ✓
Firewall ✓ ✓
Shared DHCP ✓ ✓
Shared Load Balancer ✓ ✓
Shared Services ✓ ✓
Public Internet Access ✓ ✓
Private Address Space ✓
Private DHCP Server ✓
- 35. Use Cases
Shared Network and Virtual Private Network
WEB
WEB
APP
APP
Finance Tenant
DB
MONGO
DB
Shared Services
Tenant
DHCP
DNS
ACI Common
services
LB
FW
Tenant Private NetworkShared Network
WEB
WEB
APP
APP
DevTest Tenant
192.168.0.0/16
APPAPP
Finance Tenant
DHCP
DNS
ACI Common
services
LB
FW
WEB WEB
APPAPP
DevTest Tenant
192.168.0.0/16
WEB WEB WEB WEBDB
MONGO
DB
Shared Services
Tenant
10.0.10.0/24 10.0.10.0/24
- 37. © 2014 Cisco and/or its affiliates. All rights reserved.
Broad Customer Base Adopting Cisco ACI and
Nexus 9K
- 38. ACI Solves Real Customer Challenges
Reduce Network
Provisioning
58%
Reduce
Management
Costs
21%
Reduce Power
and Cooling
Costs
45%
CAPEX
Reduction
25%
Compute and
Storage
Optimization
10–20%
Greater
Business
Agility
Lower
Capital
Expenses
Reduced
Costs /
Complexity
Lower
Operating
Cost
Resource
Optimization
- 40. Cisco ACI integrated with Microsoft Cloud Platform
Get Consistent Control of your Infrastructure.
Build Microsoft Cloud Data Centers on Open
Architectures.
Achieve a New Level of Infrastructure agility.
Bring a Powerful Application-Centric Approach to
Security.
- 41. 1 View the resources available
2 Contact your Account Rep
3 Establish a pilot
Resources:
• Solution Brief - Cisco Application Centric
Infrastructure Integration with Microsoft
• White Paper - Cisco Application Centric
Infrastructure and Microsoft SCVMM
and Azure Pack
• Video Demo – Solution Integration with
Cisco ACI and Microsoft Windows Azure
Pack
• Video – Microsoft SVP Brad Anderson
talks about Cisco ACI and Microsoft
Cloud OS
• www.cisco.com/go/aci