cisco cloud architecture with - amazon web services · •introduction to cca-mcp ... zinc gold...
TRANSCRIPT
Cisco Cloud Architecture with Microsoft Cloud Platform
Peter Lackey Technical Solutions Architect
PSOSPG-1002
• Joint Cisco and Microsoft Integration Efforts
• Introduction to CCA-MCP
• What is a Pattern?
• How This Solution Affect My Time to Provision, Security and Multi-Tenancy
• Conclusion
Agenda
Joint Cisco and Microsoft Integration Efforts
Deeper Partnership for Service Providers
Joint Go-to-Market
• Realize unprecedented lifecycle support
by leveraging Cisco Powered and
Microsoft COSN partner benefits
• Improve your sales processes with joint
go-to-market and exceptional sales and
pre-sales support and collaboration from
Cisco and Microsoft
• Offer credible solutions endorsed and
branded with Cisco and Microsoft
Joint Product Engineering
• Aligned technology at the product level
with integrated management software
• Provision network and application
together with Cisco Application Centric
Infrastructure (ACI) and Windows Azure
Pack (WAP)
• Validated components using Fast Track
architectures
Joint Solution Development
• Deliver complete solution development
through a combination of services
• Next Generation of IaaS / PaaS / SaaS
• Provide Disaster Recovery and Backup
services
• Offering value added services such as
Desktop as a Service and Database as a
Service
• Cisco Validated Architectures & Microsoft
Service Provider Reference Architectures
to reduce risks and operational costs
Joint Product EngineeringContinuing investments for deeper integration
UCS Health, Manage UCS domains, Graphical views
Power tools for
Compute &
Storage
Cisco UCS with Microsoft System Center
Compute and Storage Integration
Cisco ACI/APIC with
Microsoft System Center
Network and Services Integration
Windows Azure Pack
Microsoft System Center
Virtual Machine Manager (SCVMM)
APIC
Expose Cisco SDN
& Network Services
with APIC and
Resource Providers
Cisco Fast Track
Validated Architecture
Microsoft Cloud Fast TrackFabric Management Integration
Windows Azure Pack
Microsoft System Center
Windows Server (Hyper-V)
On-board
Microsoft Fabric
Management
on Cisco
Architecture
Introduction to CCA-MCP
Validated Platform Architecture
• Foundation architecture validated from
the infrastructure based on Cisco
Validated Designs and Microsoft
Service Provider Reference
Architectures
• Scaled to meet the multi-tenant and
enterprise-grade needs of today’s
service providers
• Support for future workloads to help
build your monetization pipeline
Next-gen Service Patterns
• Standard Service Patterns from the
application to the network layers
• Integrated testing of workloads on the
platform
• Combining experiences and
engineering leadership around
applications and network patterns
Lifecycle managed Service
Packages
• Automation, integration and deployment
guidance from both Microsoft and Cisco
• Lifecycle approach to design and
deployment of packages through
releases
• Microsoft Services and Cisco Advanced
Services subscriptions to accelerate
your services to market
Introducing Cisco Cloud Architecture ComponentsBuilt with the Microsoft Cloud Platform
Windows Azure Pack Services
Customer Portal Admin Portal
Hosting
Plans
Tenant
MgtBilling
Auto-
mation
Resource
Clouds
Windows Azure Pack Services
Bringing Windows Azure Services to
Windows ServerFor Hosting Service Providers Identity
Services
Hosted Private
Cloud
Desktop Hosting
DR as a ServiceCRM as a Service
Database Hosting
Cloud Storage
as a Service
Physical
Networking
Hypervisors and
Virtual NetworkingComputing L4–L7 Services Storage
Multi DC
WAN and Cloud
Integrated WAN Edge
Cisco Nexus® 7000 Series
Cisco Nexus
2000 Series
Cloud Service Portals
Hyper-Automation
Orchestrated Workloads
Library of
Application Profiles and
Cloud Service Profiles
Centralized Policy Mgmt.
Open APIs,
Open Standards
Excellent for DevOps
Industry-Leading
10/40/100-Gbps
Programmable Fabric
Infrastructure Endpoints
Physical and Virtual
Introducing Cisco Cloud Architecture ComponentsBuilt with the Microsoft Cloud Platform
CCA Reference BOM’s & solution Scale Out Design Points Infrastructure Components Bronze Bronze with HA Silver Gold
Fabric Management6 HV nodes min distributed (C-
200M4)6 HV nodes min distributed (C-
200M4)6 HV nodes Min distribution (C-
200M4)10 HV nodes Scale distributed (C-
200M4)
Workload Fabric 16 HV nodes(B200 M4) 16 HV nodes(B200 M4) 48 HV nodes(B200 M4) 192 HV nodes(B200 M4)
Chassis for Blades 2 (5108) 2 (5108) 6 (5108) 24 (5108)
Fabric Interconnect 2 (UCS-FI-6248UP) 2 (UCS-FI-6248UP) 2 (UCS-FI-6248UP) 4 (UCS-FI-6296UP)
ACI Spine switches 2 (N9K-9336PQ) 2 (N9K-9336PQ) 2 (N9K-9336PQ) 4(9504)
ACI leaf Switches 2 (N9K-C9396PX) 2 (N9K-C9396PX) 2 (N9K-C9396PX) 2 (N9K-C9396PX)
APIC ClusterAPIC Cluster - Medium
Configurations (Up to 1000 Edge Ports)
APIC Cluster - Medium Configurations (Up to 1000 Edge
Ports)
APIC Cluster - Medium Configurations (Up to 1000 Edge
Ports)
APIC Cluster - Medium Configurations (Up to 1000 Edge
Ports)Out of Band Management
Switches2 (Catalyst Switches 3850 ) 2 (Catalyst Switches 3850 ) 2 (Catalyst Switches 3850 ) 2 (Catalyst Switches 3850 )
Storage Connectivity 2 (Nexus 5672UP) 2 (Nexus 5672UP) 2 (Nexus 5672UP) 2 (Nexus 5672UP)
Cloud service router (per Tenant)
30 (CSR1000V) 30 (CSR1000V) 30 (CSR1000V) 100 (CSR1000V)
Routing Functionalities 1 (ASR 1006) 2 (ASR 1006) 2 (ASR 1006) 2 (ASR 9006)
Adaptive Security Appliance 1** (ASA 5585-S10-K9) 2 (ASA 5585-S10-K9) 2 (ASA 5585-S10-K9) 2 (ASA 5585-S60-2A-K9)
Cisco Cloud Network
Automation Manager100 Containers 200 Containers 500 Containers 1000 Containers
Decision Points Considerations for Scale out
Pair of Fabric interconnects can manage up to 20 Chassis (160 blades)
Migration from ASR 1006 to ASR 9006 based on future expansion needs is a decision which should be made upfront
ASA appliance migration from Bronze to Silver need to rewire
Spine switches of 9504 for Gold deployments
What is a Pattern?
Introducing Cisco Cloud Architecture Service Packagesbuilt with the Microsoft Cloud Platform
Hosted Private Cloud
Copper
Container
Package
Bronze
Container
Package
Palladium
Container
Package
Gold
Container
Package
Zinc
Container
Package
IaaS Cloud Container
PackagesMPLS
L3 VPN
Package
Internet
Access
Package
Site-to-Site
VPN
Package
WAN Gateway
Packages ASR-9000
ASR-1000
CSR
WAN Service Database Hosting
SQL
DBaaS
Package
Shared
DB Model
SQL
DBaaS
Package
Dedicated
DB Model
SQL
DBaaS
Package
Availability
Clusters
Application
Packages
Disaster Recoveryas a Service
Backup-aaS
Package
DRaaS
Package
Value-Added Service
Packages
Backupas a Service
Identity Management
Active
Directory
Package
Microsoft
Fabric
Cluster
Package
WAP
Tenant
Management
Package
Cloud Management
Packages
Cisco
Infrastructure
Management
Package
Cisco Network Resource Provider – Network Pattern ExampleHighlighting expanded services of Cisco Network Resource Provider
• Provision Value Added Service Zone
Application
DMZ Zone
Cloud Backup
as a Service
Value Added
Service Zone
Cisco Network Services
Resource Provider(Service Provider)
Tenant Perimeter Services
Tenant
WAN Gateway Services
Site to Site
VPN
MPLS
L3 VPN
Remote
Access VPN
• Provision Tenant Perimeter Firewall
• Provision WAN Gateway (MPLS L3 VPN)
• Provision WAN Gateway (Site-to-Site VPN)
• Provision WAN Gateway (Remote Access VPN)
Tenant VRF
eBGP
NAT
• Provision Edge Routing • Provision Secure Application Zone (DMZ)
• Provision PaaS Application Service Zone Database-aaS
• Provision Tenant
• Provision Network End Point Group (EPG)
• Provision Shared Load Balancer
• Provision new Bridge Domain
• Provision ACI Security Policy
EPG
EPG
Bridge Domains
EPGEPG
AC
I F
ab
ric
Application
Zone
Application
Zone
Tenant Perimeter
Services
WAN Gateway
Services
Customer
Network Pattern 1 + Backup-as-a-Service Zone
Application
Zone
Tenant Perimeter
Services
WAN Gateway
Services
Site to Site
VPNMPLS
L3 VPN
Value Added
Service
Zone
Cloud Storage as a Service
+ Secure Application Zone
Application
Zone
Tenant Perimeter
Services
WAN Gateway
Services
Site to Site
VPNMPLS
L3 VPN
Application
Zone 2
DMZ
WEB APP
Cisco Network Plan Example in WAP Value ADD-ONS to a Cisco Network PLAN
CCA - Network Automation ManagerBuilding Secure Value-Added Services with Window Azure Pack (WAP)
Cloud Resource Providers Automate Cloud OffersRapid Onboarding of Tenants and Applications onto the Cisco Cloud Infrastructure
Cloud Management
Components
Cisco Power
Tools for UCS
Compute
Cisco Cloud Infrastructure
Container
Cisco Network
Resource
Provider
SQL
DBaaS
Network
Pattern
WAN Gateway,
Network Segments,
Security Services
Microsoft SQL
Resource
Provider
SQL
DBaaS
App
Pattern
Compute, Storage,
Hypervisor,
Application
How do Patterns affect time to provision, security and multi-
tenancy
Application Policies Based on Expert Reference Models
1
Cisco ACI Infrastructure with Microsoft Azure Pack Building on the Transformative Approach of UCS
DevOps SYSTEMS APPROACH: Rapidly Deploy from an Application Catalogue: Scale, Performance, Security and Full Visibility
NetworkPackage
Security Package
Application Package
APIC
2
Policies Used To Create Catalogue of Application Network Profiles
3Automated policy configuration across the infrastructure
Life cycle management for day 1, day 2 operations
4
Physical Networking
Compute L4–L7Services
StorageHypervisors and Virtual Networking
Multi DC WAN and Cloud
Nexus 2K
Nexus 7K
Integrated
WAN EdgeIaaS / PaaS / SaaS
Example Enterprise Workload
Provide a Secure Network Container to a
sample EZ Trade Financial application that
requires:
Site-to-Site VPN access
Remote Access VPN from the Internet
A secure DMZ Zone for Web Access
Load Balancing services
Access to a hosted SQL Database (DB-as-
a-Service)
EZ Trade Financial
(Enterprise Site)
EZ Trade Financial
(Remote Worker)
Multiple WAN Gateway Options
Multi-Tier Application support
Secure DMZ option for Internet
Secure Connection to Customer
SQL-aaS Database Service
Secure L2 Segments for Apps
Load Balancing Service
WAP Subscription for Services
Create Cisco Network Container directly from WAP Portals
Create WAN Gateway Connectivity to Customer Site-to-Site VPN
Site-to-Site VPN Settings
Provider Assigned IP Subnets
or Bring-your-own-IP Subnets
VPN Authentication Options
Pre-Shared Keys
Internet Key Exchange (IKE)
Digital Certificates
Public Key Infrastructure (PKI)
Create Tenant Security Rules across the Container and Application
Security Settings for Perimeter Firewall
and Application Zones
Support Physical and Virtual Firewalls
Firewall settings configurable for
Perimeter and each Application Tier
Per Zone Access Lists and Policy Maps
Protect the Application elements
across the SDN Fabric
Default settings tailored to the Application
and Service (eg. SQL Database-aaS)
Create Tenant Application Zones across the ACI Fabric
Multi-Tier Applications Supported,
up to three Tiers, plus DMZ Zone
Multiple L2 Segments / Subnets
allowed per Application Zone
Software Load Balancing supported
for each Application Zone
Provider Assigned IP Subnets
or Bring-your-own-IP Subnets
Windows Azure Pack Tenant running on the Cisco ACI Fabric
ACI SDN Fabric
APIC Services extended to support Microsoft Cloud O/S stack
Auto-discovery of APIC Networks within
Microsoft Windows Azure Pack
Tenant Resources on the ACI FabricMapped to each Windows Azure Pack Application/Tenant
Cisco SDN Application
Profile for WAP Tenant
Cisco Application Profile
for each Application,
captures Application
requirements using an
SDN Service Pattern
End Point Groups for each Application Zone
orchestrated thru the Cisco Resource Provider
and Windows Azure Pack Portals
Tenant Analytics – Traffic Stats and Tenant Health Score
Cisco SDN exposes per
Tenant Analytics
Application Health Scores
available for SDN
Networking resources
Application bandwidth
consumption stats available
per WAP Tenant.
Best-in-Class granularity
built into Cisco SDN Fabric
Cisco SDN Infrastructure shared across Tenants,
Best in Class “Per Tenant” and “Per Application “Analytics
Conclusion
Solution Benefits with Cisco Cloud Architecture with Microsoft
Deep technical integration between Cisco and MSFT stacks to
automate delivery of Cloud Services and common IT tasksDramatically Lower TCO
Reduce Risk and Speed Deployment through Cisco and MSFT
validated profiles, designs and Consulting ServicesReduce Risk and TTM
ACI oriented lifecycle approach to system development,
improvement, support and service deliveryInvestment Protection
Leverage both Cisco and MSFT GTM Programs to address
Scale Up Services in market transition to as-a-Service ICTIncrease Demand
Cisco and MSFT solution provide a simplified support model
versus complex multi-vendor support modelSimplified Support
IaaS / SaaS / PaaS Platform jointly engineered to facilitate rapid
adoption of Application ServicesMore Profitable Services
Complete Your Online Session Evaluation
Don’t forget: Cisco Live sessions will be available for viewing on-demand after the event at CiscoLive.com/Online
• Give us your feedback to be entered into a Daily Survey Drawing. A daily winner will receive a $750 Amazon gift card.
• Complete your session surveys though the Cisco Live mobile app or your computer on Cisco Live Connect.
Thank you