Cisco ACI for the Microsoft Cloud Platform
Shashi Kiran, Senior Director, DC & Cloud Networking
Harry Petty, Director, DC & Cloud Networking
Vimala Veerappan, Engineer, Technical Marketing
We Are at the Beginning of a Major Shift
Consolidation
Virtualization
IT as a
Service
Hybrid
Cloud
Traditional
Data Center
2000 2008 2015
Automation
Adoption Curve
Efficiency
Connected Experiences
The Next 5+ years
Simplicity
Agility
Standardization
Distributed Cloud
Data Center
The IoE Era
IaaS | PaaS | SaaS | XaaS
We are here
Cisco and Microsoft Partnership Thrives
Executive Sponsorship Multi-year investments and commitment in
Microsoft and Cisco technology integration
focused on compute, network, management
Research and Development
• Unified Computing System (UCS)
• Application Centric Infrastructure (ACI)
• CSR 1000V
• Nexus 1000V & Windows Server 2012
• InterCloud Fabric
• CVDs for Microsoft Fast Track Solutions
Build Your Own As a service
On-Prem or Intercloud
On-Demand Private Cloud
IT Operated Private Cloud
Optimize Your Cloud Business Model
Ownership
Management
Location
Customer
Hosted Private Cloud
Customer
On-Prem
Partner
Cisco / Partner
Partner
Partner
Build Buy
Expanding Cloud Provider Ecosystem
Cisco Intercloud Fabric Seamless Workload Mobility Across Any Cloud
No Vendor Lock-In: Open Architecture
Any Hypervisor Across Any Provider
• Heterogeneous Infrastructure
End-to-End Security and Governance
Unified Workload Management
Cisco’s Hybrid Cloud Approach
On-Premise
DATA CENTER
Enterprise Private Clouds
Intercloud Partners
Public Clouds
Cloud Services And Applications
CISCO INTERCLOUD FABRIC
Cisco’s Hybrid Cloud Approach
Open
Choice
Traditional Data Center
Enterprise
Private Cloud • Cisco ACI
• Integrated Infrastructure
• Cisco ONE Enterprise
Cloud Suite
No Vendor Lock-In: Open Architecture
Any Hypervisor Across Any Provider
Unified Workload Management
Microsoft Cloud Platform creating the compute, network, and storage for cloud consumption
Windows Server 2012 R2 with Hyper-V
Microsoft System Center
Windows Azure Pack
• Windows Azure Pack 2.0 for Windows Server
• SPOG definition, creation, management of
Microsoft Cloud service
• Defines tenant portals
• Deploy apps and virtual networks
• System Center 2012 R2 Virtual Machine
Manager (VMM)
• Central management of the virtual networks
• Hyper-V Network Virtualization
• The infrastructure to virtualize network traffic
• Gateways connect virtual and physical
networks
VMM
“We need self-service with new services for apps that scale. And my tenants want it fast.”
Cloud Administrator
“Our customer experience has to be great... I want to run my apps now… We simply can’t wait for infrastructure.”
Line of Business Leader
Preparing for every application security situation is nearly impossible. And we have to move fast.”
Chief Info. Security Officer
“
Infrastructure Manager
“We manage them box-by-box. It takes time to set up and check for manual errors.”
A Day in the Life - Typical Challenges
Tear Down Modify Manage
“A Day in the Life” of a Microsoft Cloud Admin
Creating and managing tenants
Enabling Shared Services
Automating security policies
Across thousands of virtual nodes
Deploy Create
Governance
Tenants
Features
IT Organization Performance
Security
Availability
Scale
Match the Pace of Application Changes
Application Changes Create Infrastructure Demands
“A Day in the Life” of the Infrastructure Team
DB Tier Web App Tier
Performance Security Availability Scale
Physical
Servers
Physical, Virtual
Servers
Physical, Virtual Servers
Firewall
Firewall
Application Delivery Controller
Intrusion Detection
Application Delivery Controller
Firewall
Web Security Appliance
Firewall
Firewall
Application Delivery Controller
Intrusion Detection
Storage
Web
cache Storage
IT Organization
Compute
Team
Network
Team
Security
Team
Storage
Team
Application
Team
VIRTUALIZED
SERVICES
VLAN
IP
QoS
ACLs
ADC
Services
Rules
SWITCH
VLAN
IP
QoS
ACLs
FIREWALL
Security
Policy
VIRTUALIZED
SERVICES
VLAN
IP
QoS
ACLs
FIREWALL
Security
Policy
VIRTUALIZED
SERVICES
VLAN
IP
QoS
ACLs
Compute
Team
Network
Team
Security
Team
Storage
Team
• Increased Agility For Virtual Devices –
Faster configuration and provisioning of virtual
devices
• Partial Solution– Embedded support only for
virtual devices
• Operational Complexity – Two networks
• No Traffic Visibility – Limited troubleshooting
• Limited Scale – Centralized gateways,
sub-optimal traffic flow Physical and Virtual Resources
Overlay - Virtual Devices
Physical Resources
Two Networks
Advantage
Disadvantage
Would a Software Only Overlay Suffice?
Gateway
Introducing a Better Approach: Cisco Application Centric Infrastructure (ACI) – Better Together with Microsoft Cloud Platform
ACI Vision: Scale, Security and Full Visibility
Physical Networking
Compute L4–L7 Services
Storage Hypervisors and Virtual Networking
Multi DC WAN and Cloud
Enabled by physical and virtual integration
Tenant Application HEALTH SCORE
LATENCY
DROP COUNT
VISIBILITY
VMs
Physical
Application Delivery Controller
Firewall
96%
Microsecond(s)
Packets Dropped
5
25
16
8
HEALTH SCORE
LATENCY
DROP COUNT
VISIBILITY
VMs
Physical
Application Delivery Controller
Firewall
78%
Microsecond(s)
Packets Dropped
5
25
16
8
2
0
Industry Leading
Partnerships
Application Centric Policy Open Ecosystem ACI Fabric/Nexus 9000
Pillars of ACI
Application Centric Infrastructure
Rapid Deployment of Applications onto Open Networks with Scale, Security and Full Visibility
Programmable Network Enabling DevOps
Optimized
Mobility
POAP
DevOps Tooling
Interoperable
Development
Operations
NETWORK
SECURITY STORAGE
COMPUTE
DEV OPS
ARCHITECT
DEVELOPER
QA
Open APIs
Foundation:
Nexus or ACI
PXE ONIE Linux/Python
Daemon NXAPI
Automation through Common
Policy
Cisco ACI
Physical, Virtual & Containers
Open, Standards-Based & Secure Application Centric
Infrastructure
The Most Complete Solution For Our Customers
Cisco ACI Complements, Enhances and/or Replaces Any Other SDN Offering
Bare Metal Applications
Virtualized Applications
Optional Software Overlay
Foundation:
Nexus or ACI
Consistent Across virtual and
physical infrastructures
Open Interoperable, API
Secure Automated, compliant
Agile Faster, application
centric
Cisco and Microsoft together deliver:
New cloud services for tenants and their enterprise applications
A new operational model
Policy-driven infrastructure
A clear evolutionary path
One Integrated Network for
Physical and Virtual Resources
Overlay - Virtual Devices
Physical Resources
Two Networks Gateway
Advantage
• Highest Agility – Consistent policy across
physical and virtual
• Open – Multi-hypervisor/vendor support
• Operational Efficiency – Single network
• Deep Traffic Visibility – Simplified
analysis and troubleshooting
• Highly Scalable – Integrated gateways,
optimized traffic flow
Subject Matter Experts Define Policies
1
Application Centric Policy
Network SME
Security SME
Application SME
2
Policies Used To Create Application Network Profile Templates
3 Automated policy configuration across the infrastructure
Life cycle management for day 1, day 2 operations
4
Multi DC WAN and Cloud
Storage L4–L7 Services
Compute Physical Networking
Hypervisors and Virtual Networking
Hypervisors and Virtual Networking
Physical Networking
Compute L4–L7 Services
Storage Multi DC WAN and Cloud
Cisco ACI and Microsoft HyperV workflow
7
2 3
5
Azure Pack
Tenant/
Admin
APIC Admin
(Basic
Infrastructure) 6
4
ACI
Fabric
1
Application Network Profile
Web App DB Firewall Load
Balancer App Profile
Xxxxxxxxxx
Xxxxxxx
xxxxxxxxxxxxxxx
Push Policy On Leaf Where EP
Attaches 7
Push Network Profiles To The
Cisco® APIC 2
Get VLANS Allocated
For Each EPG 3
Create VM Networks 4
Create Application Policy 1
Instantiate VMs 5
Indicate EP Attach To Attached
Leaf When VM Starts 6
ACI
1
APIC Plugin SCVMM Plugin
Azure Pack\SPF
Hypervisor
OpFlex Agent
Web App
Web App DB
Web Web DB
Server 1
Server 2
Server 3
Simplify Operations with Visibility: Fabric Topology
• View full fabric topology.
• Displays all spine / leaf and APIC connectivity details
Simplify Operations: System Health Score
Aggregation of system-wide health, including pod health scores, tenant health scores, system fault counts domain and type and the APIC cluster health state.
Simplify Operations: Application Health Score
Aggregation of end point group health, including:
• end points,
• contexts,
• bridge domains,
• Ports
• VLAN / VXLAN
that are relevant to that particular application health state.
Troubleshooting Scenario’s – Viewing the Application from EP to EP with Services
• Application behind firewall and Load balancer is having performance issues.
• Firewall and Load balancers are virtual.
• Wizard quickly draws a logical topology as well as pinpoint virtual port channel (VPC) issue.
Troubleshooting Scenario’s – Viewing the Application from EP to External IP
• Application running in datacenter needs to access outside and having issues.
• Used the tool to see a logical topology and identify the issue i.e. packet drops at the interface
Faster App Availability
ARCHITECT DESIGN COMPUTE Service
Request STORAGE SECURITY NETWORK
Application
Available
TIME
APP F/W L/B
WE
B L/B DB APP
F/W ADC
WEB ADC DB
Policy Automation Application Policy Language Common Policy Framework and
Platform for All It Teams
APPLICATION
COMPUTE NETWORK
CLOUD
STORAGE SECURITY
Data Centers Built on Open Architectures
Open Source
UCS ACI Inter-
cloud
OpFlex NSH VXLAN
RESTful APIs ( XML)
(JSON)
Open Standards
Open Ecosystem Open Interfaces
Unified Compute Nexus Data Center Switching
Application Centric Infrastructure
Integrated Solutions
Hyper-Agility
Security &
Governance
Biz. Insights
Security &
Services
Open Infra.
Northbound Partners
APIC
Systems Management
DevOps
Analytics
Southbound Partners
Enterprise Monitoring
Orchestration Frameworks
L4-L7 Services
Fabric Attached Devices
ACI Delivers Secure Multi-Tenancy at Scale
CENTRALIZED
AUTOMATION
Audit, Detect, Mitigate
EMBEDDED IN ACI INVESTMENT PROTECTION
FirePOWER Now Integrated with ACI
Validated for Deployment in PCI Compliant Networks
POLICY DRIVEN
Physical & Virtual
Automated Protection to Cover the Attack Continuum
© 2014 Cisco and/or its affiliates. All rights reserved.
Compliance
Driven
Threat
Focused
White-List Policy
Secure Multi-Tenancy—Business Units and Applications
• Ideal for the company split
• Policy automation follows applications, not physical location
• Re-useable but separate IP address space
Sheila Jordan, CIO
Case Study:
Level of Segmentation/Isolation/Visibility
ACI Enables Segmentation Based on Business Needs
VLAN 1 VXLAN 2
VLAN 3
Network centric
Segmentation by
VLAN
DEV
TEST
PROD
Segment by
Application
Lifecycle
PRODUCTION
POD DMZ
SHARED
SERVICES
Basic DC Network
Segmentation
Per Application-tier /
Service Level
Micro-Segmentation
WEB
APP
DB
Cisco ACI Network Provider Service Offerings
Features Shared Network Tenant Private Network
Isolated Networks ✓ ✓
Firewall ✓ ✓
Shared DHCP ✓ ✓
Shared Load Balancer ✓ ✓
Shared Services ✓ ✓
Public Internet Access ✓ ✓
Private Address Space ✓
Private DHCP Server ✓
Use Cases Shared Network and Virtual Private Network
WEB
WEB
APP
APP
Finance Tenant
DB
MONGO
DB
Shared Services
Tenant
DHCP
DNS
ACI Common
services
LB
FW
Tenant Private Network Shared Network
WEB
WEB
APP
APP
DevTest Tenant
192.168.0.0/16
APP APP
Finance Tenant
DHCP
DNS
ACI Common
services
LB
FW
WEB WEB
APP APP
DevTest Tenant
192.168.0.0/16
WEB WEB WEB WEB DB
MONGO
DB
Shared Services
Tenant 10.0.10.0/24 10.0.10.0/24
Roll the Demo – Windows Azure Pack with ACI
© 2014 Cisco and/or its affiliates. All rights reserved.
Broad Customer Base Adopting Cisco ACI and Nexus 9K
ACI Solves Real Customer Challenges
Reduce Network Provisioning
58% Reduce
Management Costs
21% Reduce Power
and Cooling Costs
45% CAPEX
Reduction
25% Compute and
Storage Optimization
10 – 20%
Greater
Business
Agility
Lower
Capital
Expenses
Reduced
Costs /
Complexity
Lower
Operating
Cost
Resource
Optimization
OPEX
CAPEX
OPEX
CAPEX
OPEX
CAPEX
Infrastructure TCO Savings
4
6
2011 2014 2015
Existing
Infrastructure (Optimized)
Cisco ACI Existing
Infrastructure (Un-optimized)
32% Savings
41% Savings
Cisco ACI integrated with Microsoft Cloud Platform
Get Consistent Control of your Infrastructure.
Build Microsoft Cloud Data Centers on Open
Architectures.
Achieve a New Level of Infrastructure agility.
Bring a Powerful Application-Centric Approach to
Security.
1 View the resources available
2 Contact your Account Rep
3 Establish a pilot
Resources:
• Solution Brief - Cisco Application Centric
Infrastructure Integration with Microsoft
• White Paper - Cisco Application Centric
Infrastructure and Microsoft SCVMM
and Azure Pack
• Video Demo – Solution Integration with
Cisco ACI and Microsoft Windows Azure
Pack
• Video – Microsoft SVP Brad Anderson
talks about Cisco ACI and Microsoft
Cloud OS
• www.cisco.com/go/aci
http://www.ciscolive.com/us/
Top Related