2. Housekeeping
• We value your feedback
• Please don't forget to complete session evaluation
• Please remember this is a 'non-smoking' venue!
• Please switch off your mobile phones
3. Abstract
• Attendees should have a basic knowledge of Data Center, Network
Management and Automation
• Knowing VMware, UCS and SAN concepts is good for this session
• 90 min session
• Will not be able to cover configuration and troubleshooting details
Q/A Policy
• Questions may be asked during the session
• But due to time limit, flow and respecting every one‟s interest, some
questions might be deferred towards the end
4.
5. Agenda
• Cloud Automation?
• Cisco Cloud Automation Stack
• Cloud In a Box
• Case-Study
#CiscoPlusCA
8. Let‟s Start with a Definition of Cloud
IT Resources and Services that
Are Abstracted from the Underlying
Infrastructure and Provided
“On Demand” and “At Scale” in a
Multitenant and Elastic Environment
A Style of Computing Where
Massively Scalable IT-Enabled
Capabilities Are Delivered “As
a Service” to Multiple External
Customers Using Internet Technologies
Source: Gartner “Defining and Describing an
Emerging Phenomenon”
June 2008
Anywhere, Anyone, Any Service
9. Cloud Architecture
Cloud Foundation Blocks
Visual Model of NIST’s Working Definition of Cloud Computing
Measured Service Rapid Elasticity
Essential
Characteristics On-Demand Broad Network Resource
Self Service Access Pooling
Service Software as a Platform as a Infrastucture as a
Models Service (SaaS) Service (PaaS) Service (IaaS)
Deployment
Public Private Hybrid Community
Models
http://www.nist.gov/itl/cloud.cfm
10. Cloud Architecture
Elements of Cloud Computing
• Self-Service Interface: Provides ability Automated
for users to order and Very fast fulfillment
provisioning/ Standardized
track metered services Web-based
de-provisioning
Metered
front end usage offerings
of resources
• Service Delivery Automation:
Broad
Automates provisioning and meters Rapid Measured On-Demand
Network
Elasticity Service Self-Service
usage of services Access
• Resource Management: Resource Pooling
Resources are provisioned and
managed as per service needs
• Dynamic resource allocation
• Operational Process Automation:
• Capacity management
Automates operational processes such
• Resource utilization
as user management, capacity
management, service level • Performance management
management, service desk integration, • Maintenance
alerting…
Lifecycle Management of Cloud Services
• Lifecycle Management
12. Cloud Architecture
Delivering a (complex) service – faster with end-to-end automation
Architect it Architect it
Design it Design it
Where can we put it?
Where can we put it?
Procure it
Procure it
Install it Cloud Install it
Configure it
Configure it
Secure it
Automated
Secure it
Manual Self-service
Is it ready? On-demand Is it ready?
Before After
• Machine-oriented • Service-oriented
• Manual provisioning • Self-service; automated provisioning
• Hard to control utilization • Elasticity (capacity-on-demand)
• High provisioning & ops cost • Optimized provisioning & ops cost
• Extended provisioning time • Rapid provisioning
• Configuration risk • Increased Resiliency and Availability
13. What is Cloud Computing From An End-User Perspective
Take an example of electricity, where every household easily
accesses the electric grid and consumes power for various applications
(e.g., lightbulb, refrigerator, dishwasher) without having to build and
maintain a personal power generator.
14. Use Case: Application Dev/Test
Complex, Time-Consuming, Expensive Provisioning Process
Application Development IT Infrastructure/Ops
Call or email IT One-Off
Operations Custom Server
Builds
$
Architecture Incomplete
Reviews Requirements
?
Approval Add Security,
Process Back-UP, etc.
?
?
Track Down Exception
Status Management
?
?
15. End User Self-Service Governance Service Orchestration
Compare Element Managers
Service Tiers
and Options UCS Manager
Guided
Shopping Cisco Tidal Enterprise
„Wizard‟ Orchestrator
newScale VMWare vCenter
Catalog Policy-Based Global
Controls Orchestration
Service
Rich Requests
Interactive EMC/ NetApp
Forms Storage
Provisioning
Ordering and
Approvals
Cisco Server
Provisioner
Status
Updates
17. About CIAC
• Pre-packaged cloud content and orchestration workflows
– Self-service portal build on Cisco Cloud Portal (CCP) aka newScale
– Orchestration built using Cisco Process Orchestrator (CPO) aka Tidal/TEO
• Designed to accelerate
– Implementation of the self-service portal
– Automation of common infrastructure/platform provisioning tasks
• Features
–Lifecycle activities, i.e., provision, power off, power on, reboot, add resources, de-
provision virtual machines
– Physical machine provisioning
– Comprehensive view of service items, i.e., virtual machines, storage, etc.
– Capability to integrate other content (not preconfigured)
#CiscoPlusCA
18. Cisco Intelligent Automation for Cloud
Off-the-shelf IaaS Cloud Solution with Integration Capability
Service Catalog and Self-Service Portal
Intelligent Automation for Cloud
Cloud Automation Pack
Cisco Cloud Portal
CMDB
Global Orchestration
Cisco Process Orchestrator IT Service
Management Tools
Adapter Framework
Billing/
Chargeback
Infrastructure Virtualization
OS/Software
Provisioning
Management Management Cisco Server Monitoring
e.g. UCS Manager Provisioner
Compute Virtual Network Storage
Resources Machines Resources Resources
19. Cisco Intelligent Automation for Cloud
Self-Service Portal and Service Catalog
Define and Publish
Track and Manage Standard Options
Chargeback Architecture & IT
or Showback
Management
Management
Policies &
Self-Service Request Approvals & Controls Governance
Developers Orchestrate Report
Delivery Consumption
Lifecycle Management
Security
Operations
Process Orchestration and DR
Automated Provisioning
22. • User-facing modules:
– MyServices™ enables customers to find services, create requisitions, and track
service requests.
– ServiceManager™ enables service teams and their outsource providers to
manage and track service requests and service level agreements.
– Reporting provides a set of reports, metrics and Key Performance Indicators
(KPIs) for monitoring service delivery operations.
– Advanced Reporting provides ad hoc reporting and report authoring to enable
root cause analysis and customized reporting for monitoring and managing
service delivery operations. Uses IBM Cognos reporting and data management
tools.
– ServicePortal™ provides a customizable portal for RequestCenter that can
replace or supplement the MyServices home page.
23. • Service: A service “product” that can be requested by a customer
• Requisition: A “shopping cart” that can contain one or more requested
services
• Category: (Display Category) A heading that exists within the MyServices
catalog to help customers find a service that meets their needs
• Keywords: Words associated with a service that are used to support
searching for a service within MyServices
• Initiator: The person who initiates a request for a service
• Customer: The designated recipient of a requested service
• Order on Behalf: Request a service for someone else
24. Cisco Cloud Portal (CCP)
An Online Catalog of IT Services
The catalog should promote
your standard offers and options
– it‟s your brochure, menu, and
storefront for IT consumers.
Include your branding, images,
service tiers, SLAs, pricing, etc.
Source: newScale product screenshots.
30. Cisco Tidal Intelligent Cisco Intelligent Automation Cisco Intelligent Cisco BI Go to Market
Automation for SAP for Cloud, for Compute Automation for Networks Appliance
in Domains
Automation Packs Delivery via CPO
Business
App (ex. SAP) Cloud
Intelligence Engine
Cisco UCS Cisco Network Storage
• Role-based access
Delivery IT Processes Automation • Task Delegation
Day 0 Service Assessment • Process Execution
• Web Based Portal Day 1 Day 2 Day 3 • Scheduling
• Client Console Service Service Service
• Event triggering
Delivery Operations Optimization
• Reporting • Human Approvals
• Ticketing Integration Automation Core Platform • Assignments &
• Operations Managers Set of Core Processes, Activities, Events & Tasks Notifications
• Auditing & Reporting
• CLI Adapters
Network & Servers Applications Storage
Data Center – Physical and Virtual Infrastructure
31. Automation Platform
Documented, Repeatable, and Auditable Processes
Configure (Processes, Activities)
• Drag-n-drop Studio
• Out-of-the-box flow activities,
processes re-use
• Out-of-the-box integration adapters
Value Points
Rich workflows that go beyond
modeling just alert notifications
Ability to perform corrective actions
Ability to incorporate human and
assigned tasks (i.e. approvals)
Ability to enable improved process
re-use, less dependable on
scripting and coding
Enables operational process
modeling (i.e. system refresh)
32. CPO System Architecture
Service Desk CMDB
Adapters
Web UI Remedy Central Event Manager
Reports Expert UI Web CLI Microsoft SCOM
Global IT Infrastructure
Server SNMP
AD / LDAP
Web Service Interface Change & Configuration
AD-integrated
Role-Based Security Email (SMTP, POP, IMAP) Applications
CPO Server Web Services
(Process Engine) Software Infrastructure
SAP ABAP, CCMS App Server
Reporting
Database SAP JMX / Telnet Database(s)
Data Holding Bin
OLAP (SAP BI)
OSes
Oracle, DB2, MS SQL
Reporting Editor
Generic DB (OleDB) Virtualization
Support
Windows
Servers
VMWare
Process DB Network
(configuration, audit) Cisco UCS
Automation Pack
Terminal (SSH, Telnet) Storage
33. CPO Key Concepts
• Process
• Targets
• Triggers
• Process Inputs
• Process Outputs
• Global Variables
• Process Variables
• Activities
• Logic
• Approvals
• Assignments
34. Intelligent Process Editor
No Code Setup
Adapter Toolbox
Drag and Drop
Activities Automation Summary
Approvals, Human Interface,
Alert, Incident, Change Request
Drag and Drop
Logic
35. Execution (Run-Time Model)
• Visually-guided mode
Value Points
Provides visibility across functional
teams
Easier to troubleshoot processes
37. • Commission a New Application Server on Linux • Decommission a Physical Server
• Commission a New Application Server on Windows • Decommission a Virtual Server
• Commission a New Database Server on the Linux • Modify Virtual Server Configuration - CPU Count
• Commission a New Database Server on the Windows • Modify Virtual Server Configuration - Memory Size
• Commission a New Physical Server with Linux • Power off a Virtual Server
• Commission a New Physical Server with Windows • Power recycle a Virtual Server
• Commission a New Virtual Server with Linux • Snapshot - Take a Snapshot of a Virtual Server
• Commission a New Web Server on the Linux • Snapshot - Revert to a Snapshot of a Virtual Server
• Commission a New Web Server on the Windows
• Commission a VMware ESX Host
38. • OS
– Windows 2008 64-bit
– Linux (CentOS)
• “T-Shirt” Sizing
– Small
– Medium
– Large
• Service Levels
– Gold
– Silver
– Bronze
42. • Administrative Login/Password Policy
– Set to default to Administrator/Root Login
– Generic password from template
• Approvals
– None configured
• Catalog Views Configurable
– Use role-based access controls to filter catalog views
– Set service item management controls
• Service Item Ownership Configurable
– “Owned” by individual
– “Owned” by organization
43. • Single-tiered Organization Structure
– Configured and maintained using OrganizationDesigner
• Every user must be assigned to a business unit as their “Home Organization Unit” (Home OU)
• Organizational Unit ID registered in CPO (manual process)
• Need to create service teams and associated work queues
• Organization authorization structure would have to be created
• Authentication
– CCP login page
– LDAP and single sign-on possible but not configured out-of-the-box
• Role-based Access Control
– Common portal administrator/user roles
• Customer Administrator
• Portal User
• Organization Administrator
• Cloud Administrator
• Site Administration
44. • Resources assigned in Cloud Governor Database at “onboarding” time
One per organization
Required Data*
Organization ID Organizational Unit ID from CCP organization creation
Organization Name Organization Name from CCP organization
CPO Owner CPO web service target name
Server Domain Domain that will house customer VMs.
Public Network Path From vCenter inventory. The network assigned for VMs. For example “DatacenterName/Network
Name
VMware vCenter Owner The name of from vCenter Target that was defined. Maps to the vCenter Target in CPO.
VMware Default ESX Host The host that will be assigned to the customer for them to use to provision VMs
VMware Resource Pool Path vCenter Resource Pools. Compute resources, i.e., vCPU, Memory, assigned to the customer
VMware Datastore Path The assigned storage resource for the customer.
VM Inventory Path vCenter folder for customer VMs. All folders have to be preconfigured in vCenter. CPO does not
create.
* Additional required data for Physical Server provisioning
45. • IP Addresses Defined in CPO at Required Data*
“onboarding” time for eventual assignment Starting IP Address
to VMs.
Ending IP Address
• One or more public IP address pools for Subnet Mask
each defined organization.
Default Gateway
• CPO expands the IP Address range in DNS
Governor database to use to assign to
customer VMs during provisioning and then
to reclaim during deprovisioning.
* Additional required data for Physical Server provisioning-Management IP
Allocation.
• No firewall or network management.
• No static IP assignment.
• If two network interfaces required, could
use public IP and management IP.
46. • One or more VMware templates must be pre-built and configured
within VMware vCenter to use for cloning new virtual servers.
• Templates attributes must be added to the CCP standards table
according to the type of template
– Application server
– DB server
– Web server
• Templates must also be registered in the Cloud Governor
database.
49. IaaS Software Orchestration
LDAP Authentication
Cisco Cloud Microsoft
Portal
Active
Directory
Cisco Process
Orchestrator (CPO)
Adapters
Cisco UCS vCenter CA
Microsoft Billing Networking Manager MRTG
Monitoring Ticketing
MS AD SQL
Exchange
ESXi Hosts
50. Key Design Points – Portal
• Content/Orchestration built in Cisco lab designed to simulate
customer architecture
– Small-scale network
– Stub-outs in Orchestrator (CPO) for some next phase network and
billing requirements
• Portal and Orchestration is custom built
– Portal organization structure designed to meet hierarchical
requirements
– Eliminated integration/message chatter in portal Comments section
– Created parameter-driven agents for bi-directional communications
between orchestrator/portal
51. Key Design Points - Orchestrator
• Orchestrator (CPO) using Change Request based workflow
triggers
• Multiple workflows can subscribe to events and react
• Parent workflow creates change request object and assigns parameters
to it
• Change request creation triggers other workflows that listen to object
• Using Orchestrator (CPO) Target as Data Model Object
• Allows a way to access, create and update cloud data model
• Targets have strings or integers (IP address, name, ID, etc)
• Targets can have reference pointers targets to other targets which can
transverse and walk down the object graph.
• Orchestrator (CPO) automated workflow for regression testing
• Orchestrator custom built unit test workflows running daily testing code
differences
52. Extensible POD Design
SQL Server
CCP
SQL Server
Process-M DB
Process-S DB CPO-Master
Cloud Governor DB
SQL Server SQL Server
CPO-POD1 CPO-POD2
UCS VMware UCS VMware
SAN Storage SAN Storage
Manager vCenter Manager vCenter#CiscoPlusCA
53. Error Handling
• Extensive error handling implemented
• Error handling task for all orchestration tasks. Activated when error
message is returned to portal
• Resource rollback on failed tasks: VMs deleted in vCenter, IP Address
released to IP Pool, Service Targets deleted
• “Take-2” tasks available for Virtual Machine and Storage Services if support
team can fix the source of the error
• Organizational maintenance tasks allow support team to update form data in
the event work must be manually processed
#CiscoPlusCA
54. Integrations – Adapters/Agents Implemented
• REX - Used for Portal automation to create Organizational Units and hierarchy
• HTTP/WS - Standard Product adapter for communicating with Orchestrator
• Agent and workflow to interact with CA Help Desk
• Agent and workflow to interact with MRTG Monitoring tool (open source)
• Agent and workflow to interact with Active Directory
• Agent and workflow to collect data for billing in a mediation server (Comptel)
55.
56. Onboard a New Customer
Establishes the Multi-tiered
Business Unit OU Structure
Defines the Commit Levels
that control billing
Creates a Customer
Administrator in
• RC
• AD
• CA
• MRTG
Establishes the service
items/governor DB items for
• Customer
• Contracts
• Network
• Accessibility Options
57. Customer Onboarding Process
• Onboard Tenant
– OU and Admin
– For Billing
– For Monitoring
– For CA Help Desk
– vCenter Properties
• Onboard Admin/User
– Tenant MRTG Admin
– AD Cloud User
– CA Admin #CiscoPlusCA
58. Provision a Virtual Machine Work Plan
Manual Error Handling
Task for each
automation task
Error message posting
in service form for
service teams
Service target and
resource allocation (VM,
IP) rollback per
automation task if
failure
Take 2 opportunity to
restart failed workflows
59. Provision a Virtual Machine Orchestration - Success
Different types of VM
actions are handled
Each of these steps in the
workflow check for errors
This trigger “newScale
Complete Service
Request” work to provide
on SUCCESS of VM
related workflows
Creates multiple
parameters and
sends to Cloud
Portal
60. Provision a Virtual Machine Orchestration - Failure
Different types of VM
actions are handled
Each of these steps in the
workflow check for errors
This workflow “newScale
Complete Service Request
Failed” runs if VM related
worfklow fails
61. Provision a Virtual Machine Orchestration –
Targets as Data Model Objects Reference pointers other targets. Creates an
object graph to walk down the object path
and access other related objects
String/integer type properties
62. Deprovision a Virtual Machine Work Plan
• Shameless borrowing
from C&W project
• Disable access to VM
and stop billing when
request submitted,
delayed removal
• Timed warning before
actual deprovision/
deletion provides
opportunity for
reinstatement
• Service targets and
resource allocation
release moved to final
steps to eliminate
duplications
64. Customer Change Management Process
• Disable CA Admin
• Disable MRTG Admin
• Change MRTG Password
• Disable AD Cloud User
• Change AD User Department
• Change AD User Password
#CiscoPlusCA
66. We value your feedback.
Please be sure to complete the Evaluation Form for this session.
Access today‟s presentations at cisco.com/ca/plus
Follow @CiscoCanada and join the #CiscoPlusCA conversation