Cisco Cloud Architecture with Microsoft Cloud Platform

Peter Lackey Technical Solutions Architect

PSOSPG-1002

• Joint Cisco and Microsoft Integration Efforts

• Introduction to CCA-MCP

• What is a Pattern?

• How This Solution Affect My Time to Provision, Security and Multi-Tenancy

• Conclusion

Agenda

Joint Cisco and Microsoft Integration Efforts

Deeper Partnership for Service Providers

Joint Go-to-Market

• Realize unprecedented lifecycle support

by leveraging Cisco Powered and

Microsoft COSN partner benefits

• Improve your sales processes with joint

go-to-market and exceptional sales and

pre-sales support and collaboration from

Cisco and Microsoft

• Offer credible solutions endorsed and

branded with Cisco and Microsoft

Joint Product Engineering

• Aligned technology at the product level

with integrated management software

• Provision network and application

together with Cisco Application Centric

Infrastructure (ACI) and Windows Azure

Pack (WAP)

• Validated components using Fast Track

architectures

Joint Solution Development

• Deliver complete solution development

through a combination of services

• Next Generation of IaaS / PaaS / SaaS

• Provide Disaster Recovery and Backup

services

• Offering value added services such as

Desktop as a Service and Database as a

Service

• Cisco Validated Architectures & Microsoft

Service Provider Reference Architectures

to reduce risks and operational costs

Joint Product EngineeringContinuing investments for deeper integration

UCS Health, Manage UCS domains, Graphical views

Power tools for

Compute &

Storage

Cisco UCS with Microsoft System Center

Compute and Storage Integration

Cisco ACI/APIC with

Microsoft System Center

Network and Services Integration

Windows Azure Pack

Microsoft System Center

Virtual Machine Manager (SCVMM)

APIC

Expose Cisco SDN

& Network Services

with APIC and

Resource Providers

Cisco Fast Track

Validated Architecture

Microsoft Cloud Fast TrackFabric Management Integration

Windows Azure Pack

Microsoft System Center

Windows Server (Hyper-V)

On-board

Microsoft Fabric

Management

on Cisco

Architecture

Introduction to CCA-MCP

Validated Platform Architecture

• Foundation architecture validated from

the infrastructure based on Cisco

Validated Designs and Microsoft

Service Provider Reference

Architectures

• Scaled to meet the multi-tenant and

enterprise-grade needs of today’s

service providers

• Support for future workloads to help

build your monetization pipeline

Next-gen Service Patterns

• Standard Service Patterns from the

application to the network layers

• Integrated testing of workloads on the

platform

• Combining experiences and

engineering leadership around

applications and network patterns

Lifecycle managed Service

Packages

• Automation, integration and deployment

guidance from both Microsoft and Cisco

• Lifecycle approach to design and

deployment of packages through

releases

• Microsoft Services and Cisco Advanced

Services subscriptions to accelerate

your services to market

Introducing Cisco Cloud Architecture ComponentsBuilt with the Microsoft Cloud Platform

Windows Azure Pack Services

Customer Portal Admin Portal

Hosting

Plans

Tenant

MgtBilling

Auto-

mation

Resource

Clouds

Windows Azure Pack Services

Bringing Windows Azure Services to

Windows ServerFor Hosting Service Providers Identity

Services

Hosted Private

Cloud

Desktop Hosting

DR as a ServiceCRM as a Service

Database Hosting

Cloud Storage

as a Service

Physical

Networking

Hypervisors and

Virtual NetworkingComputing L4–L7 Services Storage

Multi DC

WAN and Cloud

Integrated WAN Edge

Cisco Nexus® 7000 Series

Cisco Nexus

2000 Series

Cloud Service Portals

Hyper-Automation

Orchestrated Workloads

Library of

Application Profiles and

Cloud Service Profiles

Centralized Policy Mgmt.

Open APIs,

Open Standards

Excellent for DevOps

Industry-Leading

10/40/100-Gbps

Programmable Fabric

Infrastructure Endpoints

Physical and Virtual

Introducing Cisco Cloud Architecture ComponentsBuilt with the Microsoft Cloud Platform

CCA Reference BOM’s & solution Scale Out Design Points Infrastructure Components Bronze Bronze with HA Silver Gold

Fabric Management6 HV nodes min distributed (C-

200M4)6 HV nodes min distributed (C-

200M4)6 HV nodes Min distribution (C-

200M4)10 HV nodes Scale distributed (C-

200M4)

Workload Fabric 16 HV nodes(B200 M4) 16 HV nodes(B200 M4) 48 HV nodes(B200 M4) 192 HV nodes(B200 M4)

Chassis for Blades 2 (5108) 2 (5108) 6 (5108) 24 (5108)

Fabric Interconnect 2 (UCS-FI-6248UP) 2 (UCS-FI-6248UP) 2 (UCS-FI-6248UP) 4 (UCS-FI-6296UP)

ACI Spine switches 2 (N9K-9336PQ) 2 (N9K-9336PQ) 2 (N9K-9336PQ) 4(9504)

ACI leaf Switches 2 (N9K-C9396PX) 2 (N9K-C9396PX) 2 (N9K-C9396PX) 2 (N9K-C9396PX)

APIC ClusterAPIC Cluster - Medium

Configurations (Up to 1000 Edge Ports)

APIC Cluster - Medium Configurations (Up to 1000 Edge

Ports)

APIC Cluster - Medium Configurations (Up to 1000 Edge

Ports)

APIC Cluster - Medium Configurations (Up to 1000 Edge

Ports)Out of Band Management

Switches2 (Catalyst Switches 3850 ) 2 (Catalyst Switches 3850 ) 2 (Catalyst Switches 3850 ) 2 (Catalyst Switches 3850 )

Storage Connectivity 2 (Nexus 5672UP) 2 (Nexus 5672UP) 2 (Nexus 5672UP) 2 (Nexus 5672UP)

Cloud service router (per Tenant)

30 (CSR1000V) 30 (CSR1000V) 30 (CSR1000V) 100 (CSR1000V)

Routing Functionalities 1 (ASR 1006) 2 (ASR 1006) 2 (ASR 1006) 2 (ASR 9006)

Adaptive Security Appliance 1** (ASA 5585-S10-K9) 2 (ASA 5585-S10-K9) 2 (ASA 5585-S10-K9) 2 (ASA 5585-S60-2A-K9)

Cisco Cloud Network

Automation Manager100 Containers 200 Containers 500 Containers 1000 Containers

Decision Points Considerations for Scale out

Pair of Fabric interconnects can manage up to 20 Chassis (160 blades)

Migration from ASR 1006 to ASR 9006 based on future expansion needs is a decision which should be made upfront

ASA appliance migration from Bronze to Silver need to rewire

Spine switches of 9504 for Gold deployments

What is a Pattern?

Introducing Cisco Cloud Architecture Service Packagesbuilt with the Microsoft Cloud Platform

Hosted Private Cloud

Copper

Container

Package

Bronze

Container

Package

Palladium

Container

Package

Gold

Container

Package

Zinc

Container

Package

IaaS Cloud Container

PackagesMPLS

L3 VPN

Package

Internet

Access

Package

Site-to-Site

VPN

Package

WAN Gateway

Packages ASR-9000

ASR-1000

CSR

WAN Service Database Hosting

SQL

DBaaS

Package

Shared

DB Model

SQL

DBaaS

Package

Dedicated

DB Model

SQL

DBaaS

Package

Availability

Clusters

Application

Packages

Disaster Recoveryas a Service

Backup-aaS

Package

DRaaS

Package

Value-Added Service

Packages

Backupas a Service

Identity Management

Active

Directory

Package

Microsoft

Fabric

Cluster

Package

WAP

Tenant

Management

Package

Cloud Management

Packages

Cisco

Infrastructure

Management

Package

Cisco Network Resource Provider – Network Pattern ExampleHighlighting expanded services of Cisco Network Resource Provider

• Provision Value Added Service Zone

Application

DMZ Zone

Cloud Backup

as a Service

Value Added

Service Zone

Cisco Network Services

Resource Provider(Service Provider)

Tenant Perimeter Services

Tenant

WAN Gateway Services

Site to Site

VPN

MPLS

L3 VPN

Remote

Access VPN

• Provision Tenant Perimeter Firewall

• Provision WAN Gateway (MPLS L3 VPN)

• Provision WAN Gateway (Site-to-Site VPN)

• Provision WAN Gateway (Remote Access VPN)

Tenant VRF

eBGP

NAT

• Provision Edge Routing • Provision Secure Application Zone (DMZ)

• Provision PaaS Application Service Zone Database-aaS

• Provision Tenant

• Provision Network End Point Group (EPG)

• Provision Shared Load Balancer

• Provision new Bridge Domain

• Provision ACI Security Policy

EPG

EPG

Bridge Domains

EPGEPG

AC

I F

ab

ric

Application

Zone

Application

Zone

Tenant Perimeter

Services

WAN Gateway

Services

Customer

Network Pattern 1 + Backup-as-a-Service Zone

Application

Zone

Tenant Perimeter

Services

WAN Gateway

Services

Site to Site

VPNMPLS

L3 VPN

Value Added

Service

Zone

Cloud Storage as a Service

+ Secure Application Zone

Application

Zone

Tenant Perimeter

Services

WAN Gateway

Services

Site to Site

VPNMPLS

L3 VPN

Application

Zone 2

DMZ

WEB APP

Cisco Network Plan Example in WAP Value ADD-ONS to a Cisco Network PLAN

CCA - Network Automation ManagerBuilding Secure Value-Added Services with Window Azure Pack (WAP)

Cloud Resource Providers Automate Cloud OffersRapid Onboarding of Tenants and Applications onto the Cisco Cloud Infrastructure

Cloud Management

Components

Cisco Power

Tools for UCS

Compute

Cisco Cloud Infrastructure

Container

Cisco Network

Resource

Provider

SQL

DBaaS

Network

Pattern

WAN Gateway,

Network Segments,

Security Services

Microsoft SQL

Resource

Provider

SQL

DBaaS

App

Pattern

Compute, Storage,

Hypervisor,

Application

How do Patterns affect time to provision, security and multi-

tenancy

Application Policies Based on Expert Reference Models

1

Cisco ACI Infrastructure with Microsoft Azure Pack Building on the Transformative Approach of UCS

DevOps SYSTEMS APPROACH: Rapidly Deploy from an Application Catalogue: Scale, Performance, Security and Full Visibility

NetworkPackage

Security Package

Application Package

APIC

2

Policies Used To Create Catalogue of Application Network Profiles

3Automated policy configuration across the infrastructure

Life cycle management for day 1, day 2 operations

4

Physical Networking

Compute L4–L7Services

StorageHypervisors and Virtual Networking

Multi DC WAN and Cloud

Nexus 2K

Nexus 7K

Integrated

WAN EdgeIaaS / PaaS / SaaS

Example Enterprise Workload

Provide a Secure Network Container to a

sample EZ Trade Financial application that

requires:

Site-to-Site VPN access

Remote Access VPN from the Internet

A secure DMZ Zone for Web Access

Load Balancing services

Access to a hosted SQL Database (DB-as-

a-Service)

EZ Trade Financial

(Enterprise Site)

EZ Trade Financial

(Remote Worker)

Multiple WAN Gateway Options

Multi-Tier Application support

Secure DMZ option for Internet

Secure Connection to Customer

SQL-aaS Database Service

Secure L2 Segments for Apps

Load Balancing Service

WAP Subscription for Services

Create Cisco Network Container directly from WAP Portals

Create WAN Gateway Connectivity to Customer Site-to-Site VPN

Site-to-Site VPN Settings

Provider Assigned IP Subnets

or Bring-your-own-IP Subnets

VPN Authentication Options

Pre-Shared Keys

Internet Key Exchange (IKE)

Digital Certificates

Public Key Infrastructure (PKI)

Create Tenant Security Rules across the Container and Application

Security Settings for Perimeter Firewall

and Application Zones

Support Physical and Virtual Firewalls

Firewall settings configurable for

Perimeter and each Application Tier

Per Zone Access Lists and Policy Maps

Protect the Application elements

across the SDN Fabric

Default settings tailored to the Application

and Service (eg. SQL Database-aaS)

Create Tenant Application Zones across the ACI Fabric

Multi-Tier Applications Supported,

up to three Tiers, plus DMZ Zone

Multiple L2 Segments / Subnets

allowed per Application Zone

Software Load Balancing supported

for each Application Zone

Provider Assigned IP Subnets

or Bring-your-own-IP Subnets

Windows Azure Pack Tenant running on the Cisco ACI Fabric

ACI SDN Fabric

APIC Services extended to support Microsoft Cloud O/S stack

Auto-discovery of APIC Networks within

Microsoft Windows Azure Pack

Tenant Resources on the ACI FabricMapped to each Windows Azure Pack Application/Tenant

Cisco SDN Application

Profile for WAP Tenant

Cisco Application Profile

for each Application,

captures Application

requirements using an

SDN Service Pattern

End Point Groups for each Application Zone

orchestrated thru the Cisco Resource Provider

and Windows Azure Pack Portals

Tenant Analytics – Traffic Stats and Tenant Health Score

Cisco SDN exposes per

Tenant Analytics

Application Health Scores

available for SDN

Networking resources

Application bandwidth

consumption stats available

per WAP Tenant.

Best-in-Class granularity

built into Cisco SDN Fabric

Cisco SDN Infrastructure shared across Tenants,

Best in Class “Per Tenant” and “Per Application “Analytics

Conclusion

Solution Benefits with Cisco Cloud Architecture with Microsoft

Deep technical integration between Cisco and MSFT stacks to

automate delivery of Cloud Services and common IT tasksDramatically Lower TCO

Reduce Risk and Speed Deployment through Cisco and MSFT

validated profiles, designs and Consulting ServicesReduce Risk and TTM

ACI oriented lifecycle approach to system development,

improvement, support and service deliveryInvestment Protection

Leverage both Cisco and MSFT GTM Programs to address

Scale Up Services in market transition to as-a-Service ICTIncrease Demand

Cisco and MSFT solution provide a simplified support model

versus complex multi-vendor support modelSimplified Support

IaaS / SaaS / PaaS Platform jointly engineered to facilitate rapid

adoption of Application ServicesMore Profitable Services

Complete Your Online Session Evaluation

Don’t forget: Cisco Live sessions will be available for viewing on-demand after the event at CiscoLive.com/Online

• Give us your feedback to be entered into a Daily Survey Drawing. A daily winner will receive a $750 Amazon gift card.

• Complete your session surveys though the Cisco Live mobile app or your computer on Cisco Live Connect.

Thank you