Post on 12-May-2015
Cisco Confidential 1© 2012 Cisco and/or its affiliates. All rights reserved.
Cisco Virtual Network Management Center (VNMC)Device and Policy Management of Cisco Network Virtual Services
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 2
Agenda
• Problem Statement and Vision
• N1K, VSG, ASA1000V Overview
• VNMC Benefits and Differentiators
• Resources
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 3
Virtualization Challenges - Network Implications
PortGrou
p
Hypervisor
Hypervisor
Server Administration
Network Administration
SecurityAdministration
1. VMware vMotion moves virtual machines across physical ports, and the network policy must follow this migration (across racks, pods, and data centers)
2. Administrators must view or apply network and security policy to locally switched traffic
3. Administrators need to maintain segregation of duties while helping ensure nondisruptive operations
4. Organizations need a VLAN-agnostic solution to decrease complexity and enhance scalability
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 4
Business Applications and IT Services
On-Demand Provisioning Lifecycle Management
Integration and Automation Pay-Per-Use
Service Governance
Service Catalog
Infrastructure Resource Mgmt
Self-Service Portal and Orchestration
Cisco Unified ManagementIT-as-a-Service Requires a New Management Approach
Seamless Physical-VirtualPooled Resources
Policy-Based Compute
Physical-Virtual, Multi-Hypervisor
Policy-Based Network
Dynamic Network Provisioning
Network ContainersService Profiles
Compute
Storage Network
Operations Support
Ecosystem
Service Assurance, Compliance, Configuration
Management, …
Business Support Ecosystem
Billing, Customer Management,
Financial Management, …
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 5
Cisco Virtual Network Manager (VNMC)
Common model to enable federated development
Common UX and operational flows
API-accessible abstraction layer simplifies cloud infrastructure management for customer and partners
Part of the N1K architecture, manages the VSG and ASA1000V security products
Addressing Enterprise and Provider needs in a self contained multi-tenant environment
Lower TCO by having a single integrated access to Cisco network virtual services in the cloud
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 6
Cisco Nexus 1000V
• Accelerate virtualization and multi-tenant cloud deployments
• Integrated into Vmware vSphere hypervisor
• Provides advanced virtual machine switching using .1Q switching technology
• vPath and VXLAN technologies
• Built on Cisco NX-OS
• Provides: policy based VM connection, mobile virtual machine security and network policy, and a non-disruptive operational model
vSphere
1000VVEM
1000V VSM
VM VM VM VM
Server
Physical Switches
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 7
Virtual NetworkManagement Center
(VNMC)
Virtual Security GatewayVirtual Firewall for Nexus 1000V
VM context aware rulesContext aware Security
Establish zones of trustZone based Controls
Policies follow vMotionDynamic, Agile
Efficient, Fast, Scale-out SWBest-in-class Architecture
Security team manages securityNon-Disruptive Operations
Central mgmt, scalable deployment, multi-tenancy
Policy Based Administration
Virtual SecurityGateway
(VSG)
XML API, security profilesDesigned for Automation
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 8
Cisco ASA 1000V: Solution Features and Capabilities
Built using Cisco® ASA infrastructure
Interoperability with Cisco VSG through service chaining
VXLAN gateway
Multi-tenant management Through Cisco VNMC
IPsec VPN (site to site)
NAT
DHCP
Default gateway
Static routing
Stateful inspection
IP audit
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 9
Securing the Tenant Intra domain and Edge
• Proven Cisco® security: virtualized physical and virtual consistency
• Collaborative security model
I̶ Cisco Virtual Secure Gateway (VSG) for intra-tenant secure zones
I̶ Cisco ASA 1000V for tenant edge controls
• Transparent integration
I̶ With Cisco Nexus® 1000V Switch and Cisco vPath
• Scale flexibility to meet cloud demand
I̶ Multi-instance deployment for scale-out deployment across the data center
Tenant BTenant AVDC
vApp
vApp
Hypervisor
Cisco Nexus® 1000V
Cisco vPath
VDC
Cisco® Virtual Network Management Center (VNMC)
Cisco VSGCisco VSG
Cisco VSG
Cisco ASA1000V
Cisco ASA 1000V
Cisco VSG
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 10
Virtual Network Management Center
Custom created to manage virtualization-specific workflows
Scalable
Stateless
Expandable
Partitionable
Integrated
Automated
Multi-TenantDifferent customers and different needs
Security ProfilesSimple, policy-based security configuration
XML APIReady for third-party integration
Role-Based Access ControlsDifferent users and different privileges
Cisco Nexus® 1000V and VMware vCenterPort profiles refer to security profiles
Dynamic ProvisioningOne-stop configuration of network and security
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 11
Cisco VNMC: Multi-Tenant Organizational Structure
• Single tenant can have up to three organizational sublevels
• Each sublevel can have multiple organizations
• Overlapping network addresses across tenants are supported
RootTenant A
Tenant B DC 3
DC 2
DC 1
App 1
App 2
Tier 2
Tier 3
Tier 1
Tenant Level
vDCLevel
vApp Level
Tier Level
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 12
Cisco® VNMC Administrator Roles Tenant-Level Access
Cisco VNMC: Administrative RolesTenant-Level RBAC Access for Security Administrators
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 13
VNMC Demo
OutsideClient
Outside: 192.168.200.15
Inside: 192.168.100.15
TenantA
.10
192.168.200.20
Win 7 ClientWeb
Server Db ServerVSG
ASA 1000V Static NAT
NAT IP: 192.168.200.11
.11 .12192.168.100.0
.20
.86 .75
172.25.108.0
TradeshowSYN Floods
.87
Cisco Confidential© 2010 Cisco and/or its affiliates. All rights reserved. 14
Resources
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 15
Resources
Cisco.com Cisco Support Community
• Cisco VNMC: www.cisco.com/go/vnmc
• Cisco® ASA 1000V: www.cisco.com/go/asa
• Cisco Nexus® 1000V: www.cisco.com/go/1000v
• Cisco VSG: www.cisco.com/go/vsg
• Extensive training materials and VODs on various VNMC topics are available at the Cisco Support Community: https://supportforums.cisco.com
Thank you.