cisco at v mworld 2015 ravi_vmworldtheater2015
TRANSCRIPT
Ravi Balakrishnan Senior Marketing Manager, Cisco Systems August, 2015
Secure and Accelerate Your Applications with Policy Defined L4-L7 Services
2 C97-735662-00 © 2015 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Business Demand Transition to Modern Cloud Operations
Model based, reducing OpEx
and CapEx
Rapid adoption and DevOps
No-compromise support for multivendor
innovation
Automation, management, and
operations
From traditional to cloud models
Objective
Enable faster IT delivery and more efficient business
processes
TCO Software Ecosystem Open Customer Choice
Transformation Simplification
3 C97-735662-00 © 2015 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
ACI and Nexus 9000 Breaking Away
4,100+ Nexus 9K and ACI Customers Globally
915+ APIC Customers
APPLICATION
COMPUTE NETWORK
CLOUD
STORAGE SECURITY
36+ Ecosystem Partners
Microsoft
4 C97-735662-00 © 2015 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Data Center Transformation Response Become Application Centric
Application-Centric Policy Model
• Operationally simple
• Lower TCO
• Zero-touch provisioning
1Physical and Virtual
• Performance and scale
• Health metrics
• Visibility and telemetry
2Open and Secure
• Open APIs and open source
• Secure multitenancy
• Extensive ecosystem
3
5 C97-735662-00 © 2015 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Build on Existing Infrastructure Investments with Cisco ACI
Multiple Data Center
WAN and Cloud
Integrated WAN Edge
Systems Management Hypervisor Management Orchestration Frameworks
Automation
Enterprise Monitoring
Storage
EMC2
NetApp
Nutanix
Layer 4-7 Services
Citrix
Sourcefire®
Embrane
Symantec
A10 Networks
Check Point
Cisco
F5
Catbird
AVI Radware
Computing
Cisco UCS®
Cisco VCE
Hypervisors and Virtual Networking
Microsoft Citrix Xen
Red Hat VMware
Cisco
Physical Networking
Cisco Nexus 2000 Series
Cisco Nexus® 7000 Series
Cisco
Microsoft
Citrix Xen
Red Hat
VMware
CFEngine
Puppet Labs Opscode
Python CA Technologies
Zenoss
NIKSUN
NetQoS Splunk
Emulex NetScout
IBM
Canonical Cisco
CloudStack Red Hat Microsoft VMware
IBM Tivoli Software
BMC HP CA
6 C97-735662-00 © 2015 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
F5 and Cisco ACI Integration: Latest Addition Announcing Cisco APIC and F5 BIG-IQ Integration Early Availability
Virtual Edition Appliance Chassis
BIG-IQ
Cisco® APIC to BIG-IP Integration Model Phase 1 (shipping)
APIC to BIG-IQ Integration Model Phase 2 (early availability now, FCS Q2CY15)
BIG-IP
Customers have choice to use APIC through BIG-IP or BIG-IQ integration models
Cisco ACI™ Fabric F5
Syn
thes
is F
abric
F5
Cisco
7 C97-735662-00 © 2015 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Citrix NetScaler TriScale Technology
Sca
le U
p
Scale Out
Buy only what you need
Elasticity with pay-as-you-grow model
End appliance sprawl
Start small - grow forever
5x
Simplicity with many-in-one model
80:1 Expandability with add-and-go model
32x
8 C97-735662-00 © 2015 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Cisco ACI Plus Citrix NetScaler: Service Automation
APIC - Policy Manager
Configuration Model (XML File)
Script Engine APIC - Script Interface
Python Scripts
Cisco® Application Policy Infrastructure Controller (APIC) provides extensible policy model through device package
APIC administrator can import Citrix NetScaler device package
Device package is an XML file defining device configuration model and parameters required for Layer 4-7 use cases
After it has been imported, APIC can configure NetScaler functions and parameters
Device scripts translate APIC and Cisco API™ callouts to device-specific callouts
NetScaler Device Package
9 C97-735662-00 © 2015 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Simplified ACL and Firewall Policy Management
Reduce security risk by eliminating configuration errors
Policy lifecycle management, including decommissioning upon application removal, enables compliance
Retain existing policies and rules, reducing disruptions to current operations
Deploy centralized Layer 4-7 policy automation with device package (for example, Cisco ASA and ASAv)
Policy supports workload mobility
Cisco® ASA and ASAv (now) Check Point (roadmap)
Palo Alto (now) Fortinet (2HCY15)
Intel Security (roadmap)
Device Package
Application Security Policy
10 C97-735662-00 © 2015 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Cisco ACI Security Integration with Cisco ASA Firewalls
Virtual Physical
Cisco ASA 5585-X
16-way clustering with state synchronization*
Cisco ASAv
Full ASA feature set Hypervisor independent Virtual switch independent Dynamic scalability
Cisco® ASA
* Up to 640 Gbps of distributed firewall capacity
Centralized Security Policy Automation
VMware
Citrix Xen
KVM
Microsoft Hyper-V
11 C97-735662-00 © 2015 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Adaptive Threat Protection with Cisco FirePOWER and Cisco ACI Challenge • Advanced threats that are not detected by
conventional security products
Cisco ACI™ Solution • Automated provisioning of Cisco® Next Generation IPS
(NGIPS) and Advanced Malware Protection (AMP) • Visibility and awareness with Cisco FireSIGHT®
• Continuous analysis and remediation • Physical and virtual appliances
Benefits • Industry-leading security efficacy • Automation and correlation for reduced TCO • Retrospective security that helps scope,
contain, and remediate
Cisco FireSIGHT
Management Center Alerts
Network visibility
Policy Management
Analytics
Remediation
Automated feedback loop for intelligent threat response
Web
WEB
DB
DB DB DB
App
APP AMP NGIPS
AMP NGIPS
fire
fire fire
WEB WEB APP APP
12 C97-735662-00 © 2015 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Cisco ACI Integration: Layer 4-7 Device Package
Cisco® APIC A10 Networks Device Package
APIC Policy Manager
APIC Script Interface
13 C97-735662-00 © 2015 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Cisco ACI: Radware Integration
Application Network Profile
Firewall Web ADC App DB
Cisco ACI™ Fabric
Apply Policy
Cisco APIC Administrator
Traditional 3-Tier Application
Radware Service Engines
Defense Messaging V-Direct
WWW. Microsoft SharePoint
Microsoft Lync
Oracle Siebel
Oracle PeopleSoft
SAP
Oracle E-Business Suite
Microsoft Exchange
Typical Applications
14 C97-735662-00 © 2015 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Cisco ACI: Radware Integration
Application Network Profile
Firewall Web ADC App DB
Cisco ACI Fabric
Apply Policy
Cisco® APIC Administrator
Traditional 3-Tier Application
DoS and DDoS
Protection
Typical applications: • Per-tenant attack protection • Infrastructure protection • Value-added security services
Radware Attack Mitigation Platforms
V-Direct
15 C97-735662-00 © 2015 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
TCO: Achieving CapEx and OpEx Benefits
Network Access Access Control Lists Local Server ADC Global Server ADC
Where to Start
1. Connectivity
2. Security and services
3. Application profiles
Application Network Profiles
Web App DB
WEB WEB WEB APP APP APP DB DB DB
Open Device
Packages Security Policies
Application Layer 4-7 Services
FW ADC
FW ADC
Connectivity Policy
QoS Bandwidth
Reservation Availability
Hypervisor
Hypervisor
Hypervisor
Hypervisor
80% of OpEx value of Cisco ACI™ comes from these features: • Automate network connectivity • Offload ACLs to policy • Redirect traffic to appliances • Turn on EPG visibility
CapEx • Merchant plus: Remove the risk of white-box economics • BiDi eliminates cost to transition to 40 or 100 Gbps SAP ADP
Microsoft Red Hat
VMware Citrix
80% 14%
19%
Minor Medium Complex
80%
21%
29%
Minor Medium Complex
80% 14%
24%
Minor Medium Complex
80% NA%
7%
Minor Medium Complex
16 C97-735662-00 © 2015 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
For More Information Cisco® Application Centric Infrastructure (Cisco ACI™) https://www.cisco.com/go/aci
Cisco ACI plus Citrix NetScaler http://www.cisco.com/go/acicitrix
Cisco ACI plus A10 http://www.cisco.com/go/acia10
Cisco ACI plus Radware http://www.cisco.com/go/aciradware
Cisco ACI plus F5 http://www.cisco.com/go/acif5