cisco at v mworld 2015 ravi_vmworldtheater2015

Ravi Balakrishnan Senior Marketing Manager, Cisco Systems August, 2015

Secure and Accelerate Your Applications with Policy Defined L4-L7 Services

2 C97-735662-00 © 2015 Cisco and/or its affiliates. All rights reserved. Cisco Confidential

Business Demand Transition to Modern Cloud Operations

Model based, reducing OpEx

and CapEx

Rapid adoption and DevOps

No-compromise support for multivendor

innovation

Automation, management, and

operations

From traditional to cloud models

Objective

Enable faster IT delivery and more efficient business

processes

TCO Software Ecosystem Open Customer Choice

Transformation Simplification


ACI and Nexus 9000 Breaking Away

4,100+ Nexus 9K and ACI Customers Globally

915+ APIC Customers

APPLICATION

COMPUTE NETWORK

CLOUD

STORAGE SECURITY

36+ Ecosystem Partners

Microsoft


Data Center Transformation Response Become Application Centric

Application-Centric Policy Model

•  Operationally simple

•  Lower TCO

•  Zero-touch provisioning

1Physical and Virtual

•  Performance and scale

•  Health metrics

•  Visibility and telemetry

2Open and Secure

•  Open APIs and open source

•  Secure multitenancy

•  Extensive ecosystem

3


Build on Existing Infrastructure Investments with Cisco ACI

Multiple Data Center

WAN and Cloud

Integrated WAN Edge

Systems Management Hypervisor Management Orchestration Frameworks

Automation

Enterprise Monitoring

Storage

EMC2

NetApp

Nutanix

Layer 4-7 Services

Citrix

Sourcefire®

Embrane

Symantec

A10 Networks

Check Point

Cisco

F5

Catbird

AVI Radware

Computing

Cisco UCS®

Cisco VCE

Hypervisors and Virtual Networking

Microsoft Citrix Xen

Red Hat VMware

Cisco

Physical Networking

Cisco Nexus 2000 Series

Cisco Nexus® 7000 Series

Cisco

Microsoft

Citrix Xen

Red Hat

VMware

CFEngine

Puppet Labs Opscode

Python CA Technologies

Zenoss

NIKSUN

NetQoS Splunk

Emulex NetScout

IBM

Canonical Cisco

CloudStack Red Hat Microsoft VMware

IBM Tivoli Software

BMC HP CA


F5 and Cisco ACI Integration: Latest Addition Announcing Cisco APIC and F5 BIG-IQ Integration Early Availability

Virtual Edition Appliance Chassis

BIG-IQ

Cisco® APIC to BIG-IP Integration Model Phase 1 (shipping)

APIC to BIG-IQ Integration Model Phase 2 (early availability now, FCS Q2CY15)

BIG-IP

Customers have choice to use APIC through BIG-IP or BIG-IQ integration models

Cisco ACI™ Fabric F5

Syn

thes

is F

abric

F5

Cisco


Citrix NetScaler TriScale Technology

Sca

le U

p

Scale Out

Buy only what you need

Elasticity with pay-as-you-grow model

End appliance sprawl

Start small - grow forever

5x

Simplicity with many-in-one model

80:1 Expandability with add-and-go model

32x


Cisco ACI Plus Citrix NetScaler: Service Automation

APIC - Policy Manager

Configuration Model (XML File)

Script Engine APIC - Script Interface

Python Scripts

Cisco® Application Policy Infrastructure Controller (APIC) provides extensible policy model through device package

APIC administrator can import Citrix NetScaler device package

Device package is an XML file defining device configuration model and parameters required for Layer 4-7 use cases

After it has been imported, APIC can configure NetScaler functions and parameters

Device scripts translate APIC and Cisco API™ callouts to device-specific callouts

NetScaler Device Package


Simplified ACL and Firewall Policy Management

Reduce security risk by eliminating configuration errors

Policy lifecycle management, including decommissioning upon application removal, enables compliance

Retain existing policies and rules, reducing disruptions to current operations

Deploy centralized Layer 4-7 policy automation with device package (for example, Cisco ASA and ASAv)

Policy supports workload mobility

Cisco® ASA and ASAv (now) Check Point (roadmap)

Palo Alto (now) Fortinet (2HCY15)

Intel Security (roadmap)

Device Package

Application Security Policy


Cisco ACI Security Integration with Cisco ASA Firewalls

Virtual Physical

Cisco ASA 5585-X

16-way clustering with state synchronization*

Cisco ASAv

Full ASA feature set Hypervisor independent Virtual switch independent Dynamic scalability

Cisco® ASA

* Up to 640 Gbps of distributed firewall capacity

Centralized Security Policy Automation

VMware

Citrix Xen

KVM

Microsoft Hyper-V


Adaptive Threat Protection with Cisco FirePOWER and Cisco ACI Challenge •  Advanced threats that are not detected by

conventional security products

Cisco ACI™ Solution •  Automated provisioning of Cisco® Next Generation IPS

(NGIPS) and Advanced Malware Protection (AMP) •  Visibility and awareness with Cisco FireSIGHT®

•  Continuous analysis and remediation •  Physical and virtual appliances

Benefits •  Industry-leading security efficacy •  Automation and correlation for reduced TCO •  Retrospective security that helps scope,

contain, and remediate

Cisco FireSIGHT

Management Center Alerts

Network visibility

Policy Management

Analytics

Remediation

Automated feedback loop for intelligent threat response

Web

WEB

DB

DB DB DB

App

APP AMP NGIPS

AMP NGIPS

fire

fire fire

WEB WEB APP APP


Cisco ACI Integration: Layer 4-7 Device Package

Cisco® APIC A10 Networks Device Package

APIC Policy Manager

APIC Script Interface


Cisco ACI: Radware Integration

Application Network Profile

Firewall Web ADC App DB

Cisco ACI™ Fabric

Apply Policy

Cisco APIC Administrator

Traditional 3-Tier Application

Radware Service Engines

Defense Messaging V-Direct

WWW. Microsoft SharePoint

Microsoft Lync

Oracle Siebel

Oracle PeopleSoft

SAP

Oracle E-Business Suite

Microsoft Exchange

Typical Applications


Cisco ACI: Radware Integration

Application Network Profile

Firewall Web ADC App DB

Cisco ACI Fabric

Apply Policy

Cisco® APIC Administrator

Traditional 3-Tier Application

DoS and DDoS

Protection

Typical applications: •  Per-tenant attack protection •  Infrastructure protection •  Value-added security services

Radware Attack Mitigation Platforms

V-Direct


TCO: Achieving CapEx and OpEx Benefits

Network Access Access Control Lists Local Server ADC Global Server ADC

Where to Start

1. Connectivity

2. Security and services

3. Application profiles

Application Network Profiles

Web App DB

WEB WEB WEB APP APP APP DB DB DB

Open Device

Packages Security Policies

Application Layer 4-7 Services

FW ADC

FW ADC

Connectivity Policy

QoS Bandwidth

Reservation Availability

Hypervisor

Hypervisor

Hypervisor

Hypervisor

80% of OpEx value of Cisco ACI™ comes from these features: •  Automate network connectivity •  Offload ACLs to policy •  Redirect traffic to appliances •  Turn on EPG visibility

CapEx •  Merchant plus: Remove the risk of white-box economics •  BiDi eliminates cost to transition to 40 or 100 Gbps SAP ADP

Microsoft Red Hat

VMware Citrix

80% 14%

19%

Minor Medium Complex

80%

21%

29%


80% 14%

24%


80% NA%

7%



For More Information Cisco® Application Centric Infrastructure (Cisco ACI™) https://www.cisco.com/go/aci

Cisco ACI plus Citrix NetScaler http://www.cisco.com/go/acicitrix

Cisco ACI plus A10 http://www.cisco.com/go/acia10

Cisco ACI plus Radware http://www.cisco.com/go/aciradware

Cisco ACI plus F5 http://www.cisco.com/go/acif5

cisco at v mworld 2015 ravi_vmworldtheater2015

Engineering