More Related Content Similar to Primend Praktiline Konverents - Rakenduse keskne IT infrastruktuur / Cisco Application Centric Infrastructure, Delivering Software Flexibility with Hardware Performance and Scalability (20) Primend Praktiline Konverents - Rakenduse keskne IT infrastruktuur / Cisco Application Centric Infrastructure, Delivering Software Flexibility with Hardware Performance and Scalability2. Why ACI?
© 2013-2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 2
3. Data Center Network: Trends and Challenges
25% Annual Growth —Big Data1 75% Bare Metal2 45% Multi-Hypervisor3
“Can you look
into my application
Performance ..NOW?”
“..I need to move
workloads to the
cloud…NOW!.”
“…I need to roll
out new security
policies NOW…”
1 Cisco Global Cloud Index
*2 IDC Worldwide Virtual Machine 2013-2017 Forecast
*3 InformationWeek 2013 Virtualization Management Survey
© 2013-2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
4. Application Centric Infrastructure
Customer Business Benefits
• Deploy applications faster
• Workload mobility
• Higher application availability
• Compliant and secure
• CapEx reduction
Network Service Appliances X86 Multi-Hypervisor
HYPERVISOR HYPERVISOR HYPERVISOR
Application Centric Infrastructure
East-West optimized for all workloads
Single open API
for entire system
X86-Virtual Machines
& Virtual Appliances
X86 Servers Unix Systems P and Z systems
IP Storage
Customer Operational Benefits
• Risk mitigation
• Better utilization of resources
• Operational efficient / zero touch
deployment and de-commissioning
• Self documenting network
• Simplified day-2 troubleshooting
• OpEx reduction
©2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 4
5. ACI: Business Outcome and Benefits for Cisco IT
“Cisco’s open standards approach
makes ACI even stronger. We conducted
testing on ACI … it fully delivered
everything we expected, and proved to
be quite stable and mature.”
Nik Weidenbacher
Principal Engineer, SunGard
“Cisco ACI is an open, future-proofed
data center architecture that can continue
to grow as we enhance client services.”
Chuck Crane
Network and Security Architect, Axciom
(Transitioning from AWS to Private Cloud)
“This will enable Telstra to deliver
service agility, security and performance
that our customers expect from an
enterprise grade cloud.”
Erez Yarkoni
Executive Director, Telstra
Resource
Optimization
10-20%
Compute and
Storage
Optimization
Greater
Business Agility
58%
Reduce
Network
Provisioning
Reduced Costs/
Complexity
21%
Reduce
Management
Costs
Lower Operating
Cost
45%
Reduce Power
and Cooling
Costs
Lower Capital
Expenses
25%
CAPEX
Reduction
Source: Cisco IT
© 2013-2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 5
6. What is ACI?
© 2013-2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 6
7. Application Centric Infrastructure Building Blocks
Rapid Deployment of Applications onto
Networks with Scale, Security and Full Visibility
APPLICATION CENTRIC
NEXUS 9500 AND 9300 POLICY CONTROLLER
ACI
© 2013-2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
8. Programmable DC Networking for The Next Decade
Nexus 9000
1/10/40/100G*
Performance, Scale: Fastest 40G Platform
Open Source / APIs / Standards
Python, Power Shell, Puppet, Chef … 1011
15% Better Power and Cooling
2.8X Better Reliability
$ Multi-million Savings 40/100G on Existing Cables
0010
Standalone / ACI Ready
*100G Ready
© 2013-2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
9. Application Policy Infrastructure Controller
Embracing SDN and Going Beyond
POLICY: Centralized Application-Level Policy
VISIBILITY: System-Wide Visibility, Telemetry, Health
OPENESS: Open Source / APIs / Standards
SECURE: Security and Performance @ Scale
EXTENSIBLE: Hypervisors, L4-7, Storage, Compute
Centralized Point of
Management
© 2013-2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 9
10. Application Centric Policy is Business Relevant
• Application Centric Infrastructure (ACI) allows the entire infrastructure to
take commands in a business-relevant language.
ACI Policy Aligned with Applications Traditional Policy Aligned with ….?
“Let my app servers talk
to my web servers.”
1. “Figure out where app lives in physical net”
2. “Trunk VLAN 112 to switch 22.”
3. “Add route….”
4. “Plumb ports 7-12…”
5. “Configure ACL…”
6. “Apply QoS…”
7. Repeat every time app moves or needs more capacity
© 2013-2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 10
11. Applications and The Network
Application
Requirements
WEB APP DB
WAN
Firewall
LB to App
Connect to DB
Connect to App
High Priority
Map existing
Networks into
Groups
WEB APP DB
VLAN 100 QOS ACLs Layer 3
F/W WEB APP DB
ADC ADC
WEB WEB WEB APP APP APP DB DB DB
DIRECTLY MAP TO ACI APPLICATION PROFILES
Map Groups and
Policies into
Application Profile
© 2013-2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
12. An Innovative Approach to Policy= Application Profile
Provided Contract
WEB
Consumed
Contract WEB
OUTSIDE
EPG
Provided Contract
DB
DB
EPG
Consumed
Contract DB
APP
EPG
Consumed
Contract APP
WEB
Provided Contract
APP
FW EPG ADC
ADC
Service Chain FW Service Chain APP
Service Chain WEB
What is an Application Profile?
1) End Point Group (EPG): A set of virtual or physical workloads with the same policy
2) Contracts: A set of rules governing communication between groups
3) Service Chains. A set of network services between groups
© 2013-2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 12
13. Application Policy Model and Instantiation
Storage Storage
DB Tier
Application
Client
Web
Tier
App Tier
Application policy model: Defines the
application requirements (application
network profile)
Policy instantiation: Each device
dynamically instantiates the required
changes based on the policies
VM VM
VM VM VM
10.2.4.7
VM
10.9.3.37
VM
10.32.3.7
All forwarding in the fabric is managed through the application network profile
IP addresses are fully portable anywhere within the fabric
Security and forwarding are fully decoupled from any physical or virtual network attributes
Devices autonomously update the state of the network based on configured policy requirements
APIC
© 2013-2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
14. Data Center Automation – Manual versus Policy Driven
Architect it
Design it
Procure it
Install it
Configure it
Secure it
QA it
Is it ready?
Architect it
Design it
Is installed
Is configured
Is secured
Is QA’d
Is procured
It is ready
ACI Policy Driven
Service
ARCHITECT DESIGN COMPUTE
Request
SERVICES SECURITY NETWORK Application
Available Application
Available
©2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 14
15. Data Center Automation and IT Collaboration
Today: Serialized Configuration and Management
MANUAL PROCESS LEADS TO INCREASED DEPLOYMENT TIMES
COMPUTE SERVICES NETWORK SECURITY
Application
Requirements
Configuration Mismatch Policy Violation
Successful
Deployment
Deployment Trigger
Service ARCHITECT DESIGN COMPUTE
Request SERVICES SECURITY NETWORK Application
Available
©2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 15
16. Data Center Automation and IT Collaboration
ACI: Common Policy Framework and Operational Model
POLICY-BASED AUTOMATION
STORAGE SECURITY
Application
Policy
COMPUTE NETWORK
APPLICATION CLOUD
Application
Requirements
Defined set of application
requirements
Team builds application
policy and template
Deployment Trigger
Operations team
deploys with minimal
risk and maximum
speed
Service ARCHITECT DESIGN
Request
Application
Available
©2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 16
17. Application Awareness
ACI: Application-Level Visibility
Actions:
No new hosts or VMs
Evacuate hypervisors
Re-balance clusters
CiscoLive Event
PetStore Dev
• Leaf 1 and 2
• Spine 1 – 3
• Atomic counters
Triggered Events
or Queries
PetStore Prod
• Leaf 2 and 3
• Spine 1 – 2
• Atomic counters
PetStore QA
• Leaf 3 and 4
• Spine 2 – 3
• Atomic counters
APIC
VXLAN
Per-Hop Visibility
Physical and
Virtual as One
ACI Fabric provides the next generation
of analytic capabilities
Per application, tenants, and
infrastructure:
• Health scores
• Latency
• Atomic counters
• Resource consumption
Integrate with workload placement or
migration
© 2013-2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
18. ACI Addresses the Security Challenge in the DC
Automate
Compliance,
Centralized Audit
Visibility,
Analytics,
Forensics
Simplified Policy-based
Segmentation
Network
Services
Automation,
Open Eco-
System
Security
Expressed in
Application
Language
Centralized Security Across Physical and Virtual
© 2013-2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 18
19. Open
Open Source, Open S tandards, Open Interfaces
©2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 19
20. Open: Choice and Investment Protection
OPERATIONAL MODELS
1. Scripting/Languages
RESTful APIs, Python etc.
2. IT Automation
3. OpenSource
OpFlex
APPLICATION
NETWORK SECURITY
4. Integrated ACI Approach
RICH ECOSYSTEM
Hypervisors
L4-L7 Services
Management
Security
Storage
Automate
CLOUD
Operational Choice—Service Provider, Enterprise, Commercial
© 2013-2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
21. How ACI fits into Private and
Public Clouds?
© 2013-2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 21
22. ACI is Multi-Hypervisor-Ready
Virtual Integration
! Integrated gateway for VLAN,
VxLAN, and NVGRE networks
from virtual to physical
! Normalization for NVGRE,
VXLAN, and VLAN networks
! Customer not restricted by a
choice of hypervisor
! Fabric is ready for multi-hypervisor
Network
Admin
Application
Admin
VLAN
VXLAN
BARE METAL
SERVER
VLAN
VXLAN
Any to Any
VLAN
NVGRE
VMware
© 2013-2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
VLAN
Hyper-V KVM
Hypervisor
Management
APIC
APIC
VMware
Microsoft
Red Hat
XenServer
Microsoft Red Hat
C240 M3 with OmniStack
23. ACI is Part of Cisco Intercloud Fabric Value Proposition:
Secure Workload Mobility
Cisco Intercloud Fabric
Provider Cloud
Fixed Workloads Variable Workloads
Consistency
Security/Networking
as an extension of
Private Cloud
Control
Unified workload
management
across clouds
DC/Private Cloud
Choice
Freedom to place
workloads across
heterogeneous Clouds
Compliance
Policy-based
deployment with ACI/
governance in cloud
© 2013-2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
24. ACI is Part of Data Center Automation
Prime Services Catalogue
Stack Designer
IaaS PaaS SaaS ITaaS Intercloud
Process Orchestrator 3rd Party
Orchestrator
Intercloud
Fabric
UCS Director Openstack
UCS Manager
Application
Policy
Infrastructure
Controller
Converged
Infrastructure
Managers
OpenDaylight
Virtual Machine
Manager
PORTAL
SERVICES
ORCHESTRATION
AUTOMATION
INFRASTRUCTURE
MANAGEMENT
Open Integration
MANAGEMENT AUTOMATION POLICY SECURITY
ECOSYSTEM
PARTNERS
© 2013-2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
25. Summary
© 2013-2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 25
26. Summary: Our Direction
Data centers and cloud network infrastructures, both
physical and virtual, will no longer be configured, will not
be software defined (or programmed), but instead will
be Policy Driven and Application Centric.
© 2013-2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 26