Detailed technical case study of SDN implementation in one of the world's largest private cloud environment. This is a multi-vendor, best-of-breed implementation based on FlexPod (Cisco UCS Compute and NetApp Storage), VMware Server Virtualization, and Cisco SDN. Microsegmentation, extensive automation, and multi-tenancy are the key use cases.

1. Detailed Technical Case Study On
Software-defined Networking (SDN)
Prepared by: Feng Meng, Technologist, Cisco Systems
Source: Symantec Cloud Services Team, VMware, NetApp, Cisco

2. About This Case Study
Based on technical details provided by Symantec, NetApp, and Cisco.
Focuses on describing the value of SDN provided by Cisco ACI.
For a more complete description of the entire case study beyond Cisco ACI,
including FlexPod and VMware vCloud Suite, please refer to this case study
here, written by Symantec and NetApp.

3. “It is complex. It is heterogeneous. It’s
modern in some areas.
We have a number of cloud deployments,
most significantly, our ‘Granite Labs’ cloud,
which we have built over the last 2 ½ years.
‘Granite Labs’ has been a great learning
experience in what automation brings to IT
operations.
Now we need to bring the success of
“Granite Labs” to our the rest of our IT
infrastructure, our lines of business apps.”
“Our IT environment is like
that of any other
customers who’ve been
building things out for the
last 25 years.”
– Sean Doherty, Vice President,
Alliances, Symantec
Symantec IT Environment

4. Background on “Granite Labs”
Symantec maintains the world’s largest civilian security
threat analysis database.
Customers rely on Symantec security solutions.
They expect Symantec to support & enhance these
solutions 24x7.
To meet these expectations, Symantec has traditionally
maintained:
• Hundreds of lab environments dedicated to customer
support, R&D, and education services
• Labs hosted at 25 locations around the world.
“Traditional methods to
duplicate customer
environments for tech
support, R&D, or services
were too costly and time-
consuming.”
– Jason Puig, Senior Manager,
Cloud Services, Symantec

5. “Symantec internal and external customers had to wait
weeks for lab infrastructure.
Many similar or identical lab environments were created:
• For multiple teams & technical support engineers
• For different projects supporting the same Symantec
products.
Because labs could not be efficiently reused, they often
had to be re-deployed all over again on different
hardware.
• When new projects or support issues arose
This means additional delays and redundant work.”
“Each new lab took
approximately two weeks
to create.”
– Jason Puig, Senior Manager,
Cloud Services, Symantec
$
Challenges

6. “In the past, these labs existed in silos that were built and
maintained by separate product groups.
As Symantec grew, this approach was no longer effective
or efficient.
Symantec had to reduce global data center footprint.
And streamline product support and undertake R&D
capacity improvement initiatives.”
“At the same time, we
received a directive from
our CEO to reduce our
global data center
footprint.”
– Jason Puig, Senior Manager,
Cloud Services, Symantec
$
Directive from the CEO
Cost Governance Agility

7. “We recognized that the scale, speed, and challenges
that we had to meet also applied to many of our global
enterprise customers.
We would prove the validity of our ‘Agile Data Center’
customer initiative.
Combine elastic infrastructures, trusted clouds, and IT
intelligence.
Deliver the right resources, in the right way, to the right
users.
Accomplish through our own internal IT practice.”
Started with a lighthouse project - “Granite Labs”
“We saw an opportunity to
build a best-practice
virtual private cloud on a
converged infrastructure.”
– Jason Puig, Senior Manager,
Cloud Services, Symantec
Vision: Virtual Private Cloud

8. Embrace next-generation data center software and
architecture.
Combine elastic infrastructure with an as-a-service model.
Allow end users to deploy virtual labs quickly with a few
clicks and contribute lab templates for others to reuse.
Scale this architecture to spark a company-wide IT
transformation.
“Granite Labs could have
been viewed as shadow IT,
but executive management
trusted our ability to
innovate.”
– Jason Puig, Senior Manager,
Cloud Services, Symantec
Architecture

9. Design Blueprint: FlexPod + Cisco ACI

10. Virtualized Apps
A lot of
Unix servers
Future:
Business apps
Symantec Apps:
NetBackup, Backup
Exec, Enterprise
Vault, and security
products such as
Data Loss
Prevention and Data
Center Security
Physical Apps and Endpoints
Storage Foundation High
Availability for Microsoft®
Windows® and Linux®
Physical
storage
clusters
(NetApp NFS)
Future: A lot of
other bare metal
servers
In minutes, allow any IP endpoint, to be connected, moved and de-commissioned
Via a consistent policy controller, with zero downtimeSeamlessly integrate
virtual and physical world
Cisco Nexus 9000 ACI Enabled Switches
Requirements for the SDN Layer

11. App Types
vSphere
Unix
Physical
Business
Apps
VM-to-VM MicrosegmentationVM-to-Physical
The Scope and Consistency of
Cisco ACI Policy
Physical-to-Physical
East-West and North-South
What app types, and what communication paths
between them can be secured consistently,
automatically and granularly?
Symantec
Apps
Scope of Competing
Microsegmentation
Solution
Defend All Cyber Attack Surfaces

12. “Operating in Cisco NX-OS or in ACI™ mode, the Nexus
9000 switches are ideal for traditional or fully automated
data center deployments.
When coupled with Cisco ACI, NetApp clustered Data
ONTAP provides rapid application provisioning, reducing
the time required to deploy applications while meeting
application-specific service levels.
To support zero-downtime, we deployed a 12-node
NetApp storage cluster and a separate 4-node NetApp
cluster with Cisco ACI, which we plan to scale out as
demand for services increases.
A Cisco APIC™ cluster provides a single point of control,
a centralized API framework, and a central application
policy repository for Cisco ACI and the whole data center.”
“NetApp and Cisco have
demonstrated a shared
commitment to FlexPod, and
their common vision of a
unified data center is aligned
with Symantec’s goal of
maximizing business agility
with Agile Data Centers. One
example of this commitment
is FlexPod integration with
Cisco ACI.”
– Jason Puig, Senior Manager,
Cloud Services, Symantec
The Value of SDN Integration with FlexPod

13. “We saved 700 years of
valuable time – and that’s
only the beginning. ”
– Jason Puig, Senior Manager,
Cloud Services, Symantec
Time reduction to deploy test lab environments.
Users can provision in minutes, selecting from a
library of virtual machine templates.
Freed up 70% of staff time for customer service,
satisfaction and time to resolution
• vs. working on infrastructure issues
We have eliminated 37,000 weeks of efforts – more
than 700 years of valuable time
Outcomes: Speed of the Business

14. “It’s very gratifying
when a large
enterprise customer
flies hundreds of its
IT employees to our
facility to learn best
practices from our
29-person team.”
– Jason Puig, Senior
Manager, Cloud
Services, Symantec
Capacity Scalability
Growth in Usage
(# of active users)
Outcomes: Do More with Less

15. More about
Granite Labs
More About
Symantec IT
More
Technical Details
Click here to watch a
video produced by
Symantec TV
Click here to watch
a video featuring
Symantec VP
of Alliances
Click here to read a
detailed technical
case study