automated network services provisioning for multi-tenant data centers
TRANSCRIPT
Cisco Confidential© 2012 Cisco and/or its affiliates. All rights reserved. 1
Automating Network Services Provisioning in Multi-Service Data CentersMichael DohertyCloud Manageability Architect
EMEAR DataCenter Team
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 2
Fully isolated tenant environment (integrated security)
Abstraction of complexities (enables speed)
Automated processes and controls (ensures scale)
Streamlined, holistic coordination of resources and services (maximizes capacity)
Customizable service definitions and implementation (shortens time to market)
Proven, tested solutions – infrastructure and automation/orchestration (reduces risk)
Customer 2Customer 1
Virtualized Multi-Service Data Center
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 3
Bronze
Load Balancing 1 VLAN
Virtual Firewall and Private VLANs
Shared VMFS and No Data Protection
Silver
Multiple VLANs
System Configuration
Virtual Firewall and Private VLANs
Dedicated VMFS and DP Through Snapshots
SLB and SSL Offload
Platinum
Multiple VLANs
System Configuration
Virtual Firewall and Private VLANs
Dedicated VMFS ,100% DP, and Cloning
VPN Offload Firewall
SLB and SSL Offload
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 4
Tenant Creation
Basic Network Container
Enhanced Network Container
Large Network Container
Multi-Tiered Network Containers Behind Firewalls
Security and Load Balancing Services
TNC
(DB)(App)
Mgmt. VLAN
EnterpriseVPN
(Web)
Internet
FW FW
FW/LB
Designed to Your Requirements Using Flexible Models
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 5
Sample Customer Use Case• Computing and storage resources attached to a routable VLANComputing and storage resources attached to a routable VLAN
• Capability to partition and zone virtual machines and access within their containersCapability to partition and zone virtual machines and access within their containers
• Accessible from a VPN connection (hybrid cloud)Accessible from a VPN connection (hybrid cloud)
This use case supports creation of a protected private zone. The customer requires that the only way to reach this zone is through a private VPN (MPLS, SSL, and IPsec). To build this solution, Cisco® Network Services Manager will build both the private zone and the network container within it.
Router and PE
Distribution
Layer 2 Aggregation
Layer 2 Aggregation
Access
Services
Device Roles
Virtual machine is deployed outside Cisco Network Services Manager
NC Topology: VPN with Network Container
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 6
CiscoCisco®® Network Services Network Services Manager EngineManager Engine
Abstracted Business Model
Abstracted Services and Topology Model
Abstracted Operational Model
Cisco Network Services Manager Cisco Network Services Manager ControllerController
Cisco Network Services Manager Cisco Network Services Manager ControllerController
Cisco Network Services Manager Cisco Network Services Manager ControllerController
Cisco Network Services Manager Cisco Network Services Manager ControllerController
Cisco Network Services Manager Cisco Network Services Manager ControllerController
Cisco Network Services Manager Cisco Network Services Manager ControllerController
Pod/BlockPod/Block Pod/BlockPod/Block Pod/BlockPod/Block
NB API
JMS Transport
Network Services Manager allows administrators the ability to define the logical constructs of their cloud (access/security, tiers of service, resources and constraints).
Tenant Container Tenant Container
EnterpriseNetwork
NetworkContainer
Tenant Network Container Tenant Network Tenant Network
ContainerContainerNetwork
Container
Tenant Network Tenant Network ContainerContainer
Network Container(Application)
Internet
Network Container
(Web)
FW
FW
MPLS Network
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 777
This use case shows a combination of a set of the 4 possible zones in Network Services Manager
Note that the models will allow each combination in every zone - all possible combinations are shown but in this case distributed across the 4 zones - they could all be built in any zone
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 8
Virtual ApplianceVirtual Appliance
VSM
VEM-1
vPath
VEM-2
vPath
Hypervisor Hypervisor
vWAAS VSG
ASA1000vCloud
Services Router vACE
Virtual Network Management
Center(VNMC)
• Single integrated access to manage Cisco virtual services
• VM lifecycle and service feature configuration
• Common UX and operational flows
• Tenant and provider views
• Integral part of the N1K architecture
• Common model to enable federated development
• XML APIs to enable third-party management and orchestration tool integration
VNMC
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 9
Common abstraction layer
Standardized API
Flexible, easily consumable interface
Cisco and 3rd party physical and virtual platforms
Fastest deployment and lowest operating costs for cloud
OrchestrationOrchestrationModuleModule
Automation Automation ModuleModule Service CatalogService Catalog Service PortalService Portal
CiscoCisco®® Network Network Services ManagerServices Manager
SP VMDC PodSP VMDC Pod Enterprise VMDC PodEnterprise VMDC Pod
Open REST APIOpen REST APIAbstraction LayerAbstraction Layer
VNMCVNMC
Thank you.