cisco kick start to cloud workshop
TRANSCRIPT
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Public 1Cisco Confidential 1Cisco Confidential 1© 2010 Cisco and/or its affiliates. All rights reserved.
Cisco's "Kickstart-to-Cloud" Workshop
The Dirty Little Secret of Private Cloud: Why Many Fail and What to Do About It
November 2012
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Public 2
Agenda• 8:30-9:00 Meet and Greet
• 9:00-9:45 To Cloud and the Big Themes
• 9:45-10:30 Private Cloud Success: Cisco IT
• 10:30-11:00 What type of Cloud are you building (and for whom)?
• 11:00-11:30 Best practices of successful cloud builders
• 11:30-12:00 Panel: Storytelling about other successful clouds
Cisco Confidential 3© 2010 Cisco and/or its affiliates. All rights reserved.
To Cloud and the Big ThemesRodrigo Flores, Cloud Architect
[email protected], @RFFlores
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Public 4
Explosive Growth and Change in an IP World2015 by Numbers
7 Billion
91
767 Quintillion
176 Q in 2009
Quintillion =1018
* Source: Cisco 2011
Bytes of Global IP traffic * Mobile-connected Devices *
Percentage Share of Video in Consumer Traffic *
180005 Year Percentage
Growth in Web Video Conferencing *
12B all connected devices
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Public 5
Changing How Computing Is DoneThreat and Opportunity for Network Operators
0
** Source: Saugatuck Technology 2011* Source: Cisco 2011
Number of business computing categories NOT moved to Cloud by 2015 **
Amazon Cloud ***
14B
Stored Objects
262B
20102007
>200,000 requests per second
*** Source: Amazon 2011
$43B Advantage Network Operator *
Top 3 Differentiators per CIOs 2013 SP Global Revenue *
2011
762B
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Public 6
Some Stats to Impress Your Boss• 2.5 connections for every person on earth
(19 billion) by 2016
• 3.4 billion Internet users (45% of the planet’s population) by 2016
• 1.3 zettabytes of annual IP traffic (Zettabyte = one sextillion or 1E+21) by 2016. This is four times as much traffic as in 2011.
• There were 500 million global gamers in the World 18 months ago. This summer it doubled to a billion
• YouTube’s users upload about two days worth of video per minute
• http://gigaom.com/video/youtube-48-hours-of-video-per-minute/
• 6-30/11: Twitter does 1.3 Million writes a second
• Wu: China Unicom 3G traffic grew 62% ... in a single quarter. China Mobile's data 10x in one year.
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Public 7
Marketing Campaign: Super Bowl commercial offered every
American a FREE Grand Slam Breakfast if they signed up on
their website while the game was being played.
Issue: No idea how many people would come…they spent
$25M on the Ad Campaign!
Result: 59M Americans went to site on Super Sunday…Site
stayed up…This story is now in Denny’s Annual Report.
Source: SOASTA
Not your typical story…
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Public 8
AWS Feature Releases
Source: CloudScaling
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Public 9
Age of “Warehouse Scale” Machines
Google’s data center on the Columbia river, Oregon
Cisco Confidential 10© 2010 Cisco and/or its affiliates. All rights reserved.
To the CloudIf we can…
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Public 11
Cloud is an Operating Model
Lifecycle Management
Policies & GovernancePolicies
Management
SecurityOperations
DR
Orchestrate Delivery
Process Orchestration and Automated Provisioning
Developers
Track and Manage
Management
Self-Service Portal and Service Catalog
Define and Publish Standards
Architecture & IT
ReportConsumption
Chargeback or Showback
Self-Service Request
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Public 12
Elements of Cloud Computing• Self-Service Interface: Provides
ability for users to order and track metered services
• Service Delivery Automation:Automates provisioning and meters usage of services
• Resource Management:Resources are provisioned and managed as per service needs
• Operational Process Automation:Automates operational processes such as user management, capacity management, service level management, service desk integration, alerting…
• Lifecycle Management Lifecycle Management of Cloud Services
•Dynamic resource allocation
•Capacity management
•Resource utilization
•Performance management
•Maintenance
Standardized offerings
Very fast provisioning/
de-provisioningof resources
Meteredusage
Web-based front end
Automated fulfillment
Broad Network Access
RapidElasticity
Measured Service
On-Demand Self-Service
Resource Pooling
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Public 13
Business Applications and IT Services
On-Demand Provisioning Lifecycle Management
Integration and Automation
Pay-Per-Use
Service Governance
Service Catalog
Infrastructure Resource Mgmt
Self-Service Portal and Orchestration
Cisco Unified ManagementIT-as-a-Service Requires a New Management Approach
Seamless Physical-VirtualPooled Resources
Policy-Based Compute
Physical-Virtual, Multi-Hypervisor
Policy-Based Network
Dynamic Network Provisioning
Network ContainersService Profiles
Compute
Storage Network
Operations Support
Ecosystem
Service Assurance, Compliance, Configuration Management, Cisco Prime for
SP and Enterprise
Business Support
Ecosystem
Billing, Customer
Management, Financial
Management, …
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Public 14
1Server
Virtualization
4Hybrid Cloud
2PrivateCloud
3Public Cloud
1
2
3
4
ControlConsolidation
ScaleUtilization
PredictabilityDifferentiation
AgilityAvailability
Bus
ine
ss D
rive
rs
Transition Stages
Compute-as-a-Service:Basic Automation, Basic Process Optimization
Infrastructure-as-a-Service:Siloes of Automation, Basic Process Optimization
Platform-as-a-Service: Advanced Automation, Holistic Process Optimization
Application-as-a-Service:Holistic Automation, Operational Optimization
The Journey to Cloud
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Public 15
Traditional Data Center ApproachComplexity Grows With Number of Apps
App
OS
PhysicalServer
Corp
App
OS
PhysicalServer
App
OS
PhysicalServer
DB DB
Finance
DB
App
OS
PhysicalServer
Mktg
App
OS
Physical Server
Storage
Engineering
App
OS
PhysicalServer
App
OS
PhysicalServer
DB DB
HR
Poor Utilization Inflexible Infrastructure
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Public 16
Some one still has to run it (DevOps)Applications Run on Virtualized Infrastructure
App
OS
VirtualMachine
App
OS
VirtualMachine
Finance
App
OS
VirtualMachine
Mktg
App
OS
Virtual Machine
Engineering
App
OS
VirtualMachine
App
OS
VirtualMachine
HR
PhysicalServer
Cloud Infrastructure Service
Storage
App
OS
Corp
VirtualMachine
PhysicalServer
PhysicalServer
Storage
PhysicalServer
DB Service Queue
Cloud Infrastructure Service
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Public 17
Infrastructure Becomes Scalable & Efficient
Queue
App
OS
VirtualMachine
App
OS
VirtualMachine
Finance
App
OS
VirtualMachine
Mktg
App
OS
Virtual Machine
Engineering
App
OS
VirtualMachine
App
OS
VirtualMachine
HR
Storage
App
OS
Corp
VirtualMachine
PhysicalServer
PhysicalServer
PhysicalServer
Storage
PhysicalServer
DB Service
Cloud Infrastructure Service
Pool of shared resources
Self-service portalAPI-driven services Selective application mgmt
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Public 18
Today’s ArchitecturalBattleWeb
ApproachScale-out Architecture
Design for Failure
Information-centric
Commodity systems
Open Source
EnterpriseApproach
Vertical scaling
HA failover model
Transactional
Application specific Infrastructure
Commercial Software
Innovation
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Public 19
User and System Admin
ComputeServiceServers
StorageService
Disks
Hypervisor: KVM, Xen, ESX - Nexus 1000v + Open vSwitchNetwork Virtualization: L2-LISP, vPath, OpenFlow, VLAN
UCS Manager – Network Containers– System Level API
Example developer application
Virtual VPN
API
Virtual Waas
API
VirtualFirewall
API
App
OS
VM
App
OS
VM
Defeating Complexity:API’s at Every Layer
IaaS (Cloud stack) Layer• Allocates virtualized resources to tenants
through end-user portal and developer APIs• Each tenant only sees their own resources
Resource Virtualization Layer• Creates virtualized compute, storage and
networking resources• Manages resource creation, isolation, and non-
interference
Physical Resource Layer• Networking, Storage and Compute resources• Management, monitoring, etc.
Infrastructure as a Service – Developer API
Virt
ual I
nfr
ast
ruct
ure
Application Layer• Each tenant is responsible for requesting and
managing their own set of virtual resources• May call other services through APIs
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Public 20
But … Cloud Abstractions “Punt” the Problem Upwards (and Downwards)• Finally, some good high-class problems!
What is the service?
• What does the rest of the orchestration?
• Support? Install? Day 0? Day 1? Day 2? Day before I get fired?
• What are the policies I will automate?
• What risks will I run?
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Public 21
CLOUD INTELLIGENTNETWORK
Cisco Cloud Connect SolutionUnique Network Capabilities to Enable the Cloud
Users Cloud Services
UNIFIED MANAGEMENT AND POLICY
AppOS
VoIP VDIHDVideo
Optimal Experience Cloud Security Simplified Operations
Cisco and Third Party Cloud ConnectorsBranch Office
Mobile User
HomeSaaS
AppOS
IaaS
Collaboration
…ScanSafe Web Security
Hosted Collaboration Cloud Storage
Physical(ISR G2, ASR 1000, WAVE)
Virtualized(CSR, vWAAS)
Cloud-Ready Platforms
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Public 22
Unified Data Center
Integrated Compute Stack
– Vblock, FlexPod, etc.
Infrastructure Abstraction / Management Software
Infrastructure Orchestration Software
Assurance S
oftware
IaaS, CaaS, PaaS, HCS, HVD, DR, … (including software to automate & orchestrate the
application)
Scalable, Multi-Tenant L2/3 DC Networking
Security Features L4-7 Services
Scalable, Multi-Tenant L2/3 DC Networking
Security FeaturesL4-7
Services
Data Center Interconnect
Integrated Compute Stack
– Vblock, FlexPod, etc.
Integrated Compute Stack
– Vblock, FlexPod, etc.
Integrated Compute Stack
– Vblock, FlexPod, etc.
Integrated Compute Stack
– Vblock, FlexPod, etc.
Integrated Compute Stack
– Vblock, FlexPod, etc.
Integrated Compute Stack
– Vblock, FlexPod, etc.
Integrated Compute Stack
– Vblock, FlexPod, etc.
CloudInfrastructure(aka VMDC)
CloudOrchestration & Management
Data Center 1 Data Center n
Cloud EnabledApplications &Services
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Public 23
Cisco Unified Data CenterChanging the Economics of the Data Center
Infrastructure Costs
PowerCooling
ApplicationPerformance
DeploymentTimes
IT Staffing
Deploy2xCapacityNo Staff Increase
30% Less Cost
90% Less Time
30%Faster
60% Less Cost
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 24Cisco ConfidentialCisco Confidential© 2010 Cisco and/or its affiliates. All rights reserved. 24
Private Cloud Success: Cisco IT
CITEIS: CiscoIT Elastic Infrastructure Services
Brian Cinque
Cisco IT Solutions Architect
Email: [email protected], @bcinque
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 25
Cloud Services Stack – Taxonomy CITEIS – Cisco IT Elastic Infrastructure Services
CloudDeliveryModels
SaaSSoftware as a Service
Applications, collaboration, etc.
PaaSPlatform as a Service
Middleware, directories, etc.
IaaSInfrastructure as a Service
Compute, storage, networking
Data Center as a Service
Data center facilities, power, cooling DCaaS
CIT
EIS
Cisco Confidential© 2010 Cisco and/or its affiliates. All rights reserved. 26
Current Customer Profiles
• Engineering IT• Software Delivery• Security• Support Teams• Internal Labs• Smart Services
Group
• Customer Facing• Innovation Center• Ironport• Solutions Factory• Sales
• Legal• Finance
• Database Centric• Security Collection Services• Customer Portal• Web Services• Internal Development• Replacement for Physical Lab• Demonstrations• Data Warehousing
Typical Users
Customer Experiences
Ability to “control their destiny” with a self-managed VDC
Typical lead-time cut from several weeks or months to hours
Competitive savings over all other alternatives
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 27
ImpactCITEIS has enabled our application and business teams to deploy capabilities easier and quicker. Infrastructure is no longer in the critical path!
John Manville – Cisco IT Senior Vice President
Demo:
http://www.youtube.com/watch?v=5m2CJjSpb9Q&feature=relmfu
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 28
AutomatedSelf-ServiceProvisioning
Architect Design Where Can We Put It?
Procure Install Configure Secure Is It Ready?
Manual
CapacityOn-Demand
Policy-BasedProvisioning
Built-InGovernance
FROM 8 WEEKS TO 15 MINUTES
Cisco Intelligent Automation for CloudUnified Management – Automated Self-Service Provisioning
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 29
What do the Clients Want from the Infrastructure Providers?
SaaS
PaaS
IaaS
Client #1 (requires IaaS services only)
“Give me the VMs and Storage and I’ll manage everything above the OS”
Infrastructure Resources (e.g. VDC, VM, Storage)
Client #2(requires IaaS & PaaS services)
“My needs are mixed. I’ll take all the goodies I can get, and build the ones that I can’t”
IaaS Services(some bundled, some not)
PaaS Services
Client #3(requires PaaS services only)
“Give me all the standard goodies, and leave me just to manage my application”
Application Middleware(e.g. Appserver, Database, …)
Infrastructure Resources(not ordered directly by client)
Cisco Confidential© 2010 Cisco and/or its affiliates. All rights reserved. 30
The Essence of CITEIS
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 31
Critical Components for Cloud
Service Management
Technology
Operations
Operational SLAMaintenance WindowsManaged & Self Managed EnvironmentsTechnology & Services Ops Model
Service Portfolio DefinitionService Portfolio LifecycleCatalog GovernanceCosting & Billing
Domain TechnologiesIntegration PointsService CatalogWorkflow EnginePaaS
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 32
o Gen 2 Service Offerings Based on the Following Modelso CITEIS Virtual Data Centers (vDCs) (tenant pre-paid resource pools)
o CITEIS Express (personal infrastructure services or On Demand)
o CITEIS VDCs - Pre-Defined Resource Pools with Bundled Serviceso Virtual Resources Reserved and Guaranteedo Tenants Allocate and Manage Resources Based on Their Specific Needso Minimum One (1) Quarter Subscription Commitment Required
o CITEIS “Express” for Individual Cloud Based Serviceso Minimal SLAs and Support Provided; Best Effort
o Value Add Offeringso Enhanced Infrastructure Services Available for Additional Chargeso Compliments CITEIS VDC Subscriptions Only
CITEIS Gen2Subscription Models
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 33
CITEIS VDC Building BlocksCITEIS VDC Building Block(s) Mini Small Medium Large Jumbo
Maximum # of Virtual Machines 10 25 55 120 250
Reserved Compute Power(performance equivalent)
20 vCPUs/10 GHz
50 vCPUs/25 GHz
110 vCPUs/55 GHz
240 vCPUs/120 GHz
500 vCPUs/250GHz
Total Reserved Memory for Tenant Virtual Machines
50 GB 125 GB 275 GB 600 GB 1250 GB
Storage Allocation 250 GB 500 GB 1375 GB 3000 GB 6250 GB
Engagement Model Self Service Self Service Self Service Self Service Self Service
Base Container Cost $ $$ $$$ $$$$ $$$$$
Select Network Container
Network Segmentation (IP based) 5,10,25,55,120,250
Select Support Options (must select one)
Client-Managed OS Support (No Additional Charge)
IT Managed OS Support (Add $$)(Support for Cisco Enterprise Linux, Windows 2003, 2008 Based Images Only)
Base Service AgreementsService Availability 99.9%
Monthly Maintenance WindowMaintenance Occurs 1800-0800 Local Business Hours OnlyMonthly Window: Second Thursday of Each Month
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 34
CITEIS Express
o Individual Cloud Based Services :o Virtual Resources Reserved and Guaranteed
o Tenants Allocate and Manage Resources Based on Their Specific Needs
o Minimum One (1) Hour Subscription Commitment Required
o Maximum Ninety Day lease period
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 35
CITEIS Express – On-Demand Services
End User requested and provisioned Services from Shared PoolMaximum Number of Virtual Machines per User 2
Maximum IP Addresses 1 Address per VM
Virtual Machine Supported Configurations Option 1: 1 vCPU x 2GBOption 2: 2 vCPU x 4GB
Supported Images Client Provided and Uploaded into CITEIS Express
Virtual Machine Expiration 30 Days (Default)
Storage Options
OS and Data Storage 25 GB Increments
Snapshots Not Available
Backup and Recovery Not Available
Service Agreements
Service Availability Target 99.9%
Standard Support Window Best Effort
Monthly Maintenance Window Maintenance Occurs 1800-0800 Local Business Hours OnlyMonthly Window: Second Thursday of Each Month
Order Fulfillment SLA On Demand via Service Catalog
Service Costs
1cpu x 2GB VM Option $ per Month (does not include storage)
2cpu x 4GB VM Option $$ per Month (does not include storage)
Per GB of Storage Allocated $ per GB per Month
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 36
Do your due diligence!• Resource environment will be shared by multiple clients with varying demand types
Analysis into each domain to support and enable sharing of resources
Analysis into the creation composite based solutions that spans network, compute & storage
Analysis into the demand commitments from clients
• Services provided will support and honor service level agreements Analysis into the specific service level agreements around resiliency, performance, price, capacity & security
Analysis into the infrastructure foundational and functional services to support the service offerings and SLA's
Analysis into the lifecycle management of the IaaS based offerings
Analysis into the solutions that will monitor service offerings and ensure service assurance.
• Services provided will be priced and based on multiple demand models Analysis into the component and composite infrastructure elements
Analysis into methods to meter client usage models at a granular levels (i.e per hour)
Analysis into total cost of ownership that includes: management costs, infrastructure costs, operating costs, and operations costs, etc.
• Resource environment will be operated and supported by new support models Analysis into how foundational infrastructure will be operated and supported
Analysis into how the functional infrastructure will be operated and supported
Analysis into the incident and problem management for environment and services offered
Analysis into the customer demand and impact into existing change management IT policies
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 37
Virtual Environment & Operational Model
Compute
Network
Compute
Network
NAS POD
Infrastructure
Standard Built PODP1 Support for POD
CITEIS Mgmt
OrchestratorPortalPortal
DB DBApp Support – P3DB Support – P3
Self Managed
VDC
IT Managed
VDC
VDC EnvironmentP1 Support for IT Managed VMNo IT support for Self Managed
Self Managed
App
ITManaged
App
App Environment
P1 Support for IT Managed AppNo IT support for Self Managed
P1 Support for PODP1 Support for IT Managed EnvironmentsFreeze Periods: - POD: Hardware change only - Virtual: IT Managed – Impacted
Self Managed – No ImpactMaintenance Windows: - POD – Every 2 weeks for Low Impact - POD – Every Month for High Impact - CITEIS Mgmt – Every 2 weeks (Client Service not interrupted)
- VDC Env: IT Managed driven by CR’s
Operations
P1
P1
P1
No mixing of IT Managed & Self Managed environmentsIT Managed must leverage Change Mgmt process
Clients must patch OS & Apps – proactive security scans
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 38
Operational Model: Multi-Tenancy• Multi-tenancy enables sharing of resources
and costs across a large pool of users thus allowing for separation, utilization and efficiency improvements
• What are the keys to making multi-tenancy work?
Separation – meet security requirements, allow for operational policy autonomy, service level assurance
Fault isolation – avoid fate sharing and control
• The consumer does not manage or control the underlying cloud infrastructure but has control over operating systems & deployed applications
Tenant A VDC 1 Tenant B VDC 1
CITEIS Gen2
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 39
Operational Model: Boundaries• Freeze Periods vs Maintenance Windows
Fixed monthly
No tenant approval required
Posted windows 1 year in advance
Reserve right to take environment down
• Ad-Hoc Change Requests
• Break Fix Efforts
Exempt from maintenance windows
Document work via formalized Change Requests (audit trail)
• External POD Dependencies
• Tenant Roles & Responsibilities
• Provider Roles & Responsibilities
Sign End Use License Agreement
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 40
Lessons Learned
• Automation is about “doing more with less”
Do not automate “yesterday’s standards” nor “today’s exceptions”
Automate for the future: Opportunity for driving new, scalable standards
• Integration play: Data model and consistent interfaces (APIs) are key
• Off-the-shelf Products Maturing Rapidly
Manageable orchestration through enterprise-class products
Moved from 20 resources in Gen1 to 6 resources in Gen2
• Focus on operations, e.g. change management transformation
• PaaS integration is needed to meet application team expectations
• New skill sets: data modeling, virtualization, software development
• Communication, Communication & Communication
• Simplicity is a lost art – Know your user base!
Key Takeaways
Thank you.
Cisco Confidential 42© 2010 Cisco and/or its affiliates. All rights reserved.
What Type of Cloud are You Building (and For Whom)?Yair Dolev, Product Manager
[email protected], @CiscocloudY
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 43
Cloud Business Considerations• Multi-tenancy business cases
• Tenants
• Account types
• The changing relationship between cloud users and operators
• Tenant isolation
• Tenant user roles
• Self-management
• Federating user authentication and SSO
• Hierarchy of control
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 44
Cloud Business Customer Relationships Needs & Features
• Roles• Resource pools• Physical and virtual
servers• Storage and network POD
mgmt• Application provisioning• Lease, quota and capacity
mgmt• Pricing mgmt• Tenant/user on/off boarding• Integrations• Performance management• Bursting
Cloud Features
• Tenant account types • Hierarchical tenant /
organizational structure• Multi-tier catalog• Delegation of
administration (technical and business)
• Network isolation of user traffic
Dimensions of Multi-tenancy
• Enterprise starter cloud• Enterprise private cloud• SP providing SMB public
cloud• SP providing Managed
hosted private cloud for enterprises
• SP providing managed on premise private cloud
What Cloud Business?
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 45
Multi-tenancy Business CasesBusiness Case Key Use Cases Key Required Capabilities
Enterprise IT runs a private cloud hosting different BUs as tenants
All of SMB SP +• Hierarchy levels• Multi-site support• Tenant self-management• Tenant specific offers
SMB Service Provider
Runs a public cloud for small size clients
Access restricted to tenant scope, Dedicated resources, Namespace isolation, Personalization, Consumption reporting, Quota mgmt., Cost reporting
Tier 1 Service Provider
Runs a public cloud hosting managed private data center for enterprises
All of Enterprise +• Authorization/SSO
Managed On-Prem Cloud SP
Runs a cloud on enterprise customer premises and manages it for the customer
Many managed services use cases
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 46
What is a Cloud Tenant?• A set of cloud users that operates as one consuming entity
(account or business) and is separate from the cloud operator organization and isolated from other consuming entities.
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 47
Tenants Accounts Types• Important: Provider-tenant relationships differ
• Enterprise tenant: runs a hosted private datacenter on a public cloudSelf-managed: provider is hands-off
Managed: provider fills daily role of tenant administrator
• Internal tenant: both in private and public cloud cases. A BU that is part of the same business/organization as the cloud provider.
• Individual user tenant: casual walk-in account, single user
• Let’s put it in context of Cloud Business TypesTenants Types
Enterprise 1 Internal
Large Enterprise Many Internal
SMB Service Provider Many Enterprise
SP hosting clouds for enterprises Many Enterprise, Internal
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 48
Business and Financial Agreement• Private Cloud: Cost charging
IT is responsible for assigning right costs per service
Cost can be showback only or actually assigned to consuming organization
• Public Cloud: PricingStarts with a standard pricing structure
Factored by service levels
Modified per tenant based on contract terms, depending on committed usage, scale of usage, etc.
• Charge modelsPay as you go (usage-based)
Commit for a period + overage charge
Other (special arrangement)
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 49
How Are Users and Operators Related?
Enterprise
Cloud Provider Administrator
OUOU 1
User A User B
OU 2
User C
Enterprise private cloud: all part of same organization
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 50
How Are Operators and Users Related?
Cloud Provider
Administrator OU
Tenant X
Tenant X Admins OU 1
User A User B
OU 2
User C
Tenant Y
Tenant Y Admins OU Y1 OU Y2 ...
Multi-tenancy separates the operators from users, and users from each other through tenants
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 51
Tenants Must Be Tightly IsolatedIsolation Aspects are Diverse
• No visibility across tenantsTenant users cannot see or find other tenant user or entities
For example, when searching for users, or viewing “my servers”.
• No awareness across tenantsTenant users cannot know or find out about other tenants
• Isolated name spacesTenant entities can have same names as other
• No network accessTenant servers cannot access other tenant servers or data (except through the Internet)
Separate VLANs, mandatory firewall rules, etc.
• No resource impactTenant dedicated, reserved resource pools (e.g, VDC) cannot be impacted by any action of other tenants that might share the underlying infrastructure
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 52
Cloud Admin
Multi-tenancy – Areas of ImpactServiceCatalog
Provider Catalog
Admin Roles & Privileges
Cloud Admin Cloud Admin
OrgdminOrg Admin
Provider Catalog
Org Catalog
Provider Catalog
Tenant Catalog
Org Catalog
Tenant Admin
Org Admin
NetworkAutomation
Fixed Manual Self-ServiceAutomated
NetworkPath Isolation
Single Network
Multiple Networks
Network Container (L3 Isolation)
VLANs (L2 Isolation)
Shared(no isolation)
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 53
Cloud Network Topologies – Shared • Shared provider managed
networks
• Shared provider managed firewall
• May assign a network per tenant
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 54
Cloud Network TopologiesTenant VDC - Public Zone
• Tenant VDC
• Internet connectivity
• Tenant owned edge firewall
• Tenant owned load balancer (optional)
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 55
Cloud Network TopologiesTenant VDC - Public & Private Zones
• Tenant VDC
• Internet & VPN connectivity
• Tenant owned edge firewall
• Tenant owned load balancers (optional)
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 56
Cloud Network TopologiesTenant Public, Private, Internal Zones
• Tenant VDC
• Internet & VPN connectivity
• Tenant owned edge firewall
• Tenant owned host firewall
• Tenant owned load balancers (optional)
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 57
Tenant Administrative User Roles• Tenant Technical Administrator
Creates tenant user organizations
Assigns user organization-level administrator
Creates tenant-wide shared resources, libraries, and policies
• Tenant Business Administrator Controls subscription against the provider (such as SLAs, pricing discount)
Approves new charges (such as new VDC order)
Views consumption / cost reports
• Financial ControllerOversees expenses in assigned project(s)
Approval point for expenses related to project
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 60
Hierarchy of Service Classes and Offerings • Service Class: Category of
services offeredVirtual servers, Physical servers, Virtual data centers, PaaS, etc.
Provider
Tenant 1
User Org A
User Org B
Tenant 2
User Org
Provider determines global cloud offers are, by service class
Provider determines a set of global standard options
• Service Standard: Specific service option
VM templates, VDC size, OS templates, Network QoS, etc
Provider can limit classes for tenant as per agreement
Tenant blocks some global standards, adds local ones
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 62
Tenancy in Different Cloud Types
Private Cloud Public Cloud
Multi-tenancy No (Single tenant) Yes
Who managed the tenant Cloud Provider administrators
Tenant administrators
Tenant bring-up & mgmt functions Disabled Enabled
Migratable to Public cloud, at any point
Private cloud, if only 1 internal tenant exists
Tenant terminology in UI Avoided Used
Tenant level service options and standards
None (all derives from global)
Yes
Federated user authentication No Yes
Pricing and charging Optional Yes
Cross-tenant views and reports No Yes
Cisco Confidential 63© 2010 Cisco and/or its affiliates. All rights reserved.
Best practices of successful cloud buildersWayne Greene, Director of Product Management
[email protected], @Cloud_Wayne
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 64
Habit 1: TrainingFrom:http://www.eweek.com/c/a/Cloud-Computing/Cloud-System-Builders-12-Habits-That-Aid-Successful-Deployment-Projects-628178/
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 65
Habit 2: Culture
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 66
Habit 3: Organization
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 67
Habit 4: Single Cloud Lead
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 68
Habit 5: Cloud Architect
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 69
Habit 6: Service Design
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 70
Habit 7: Workflow Author
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 71
Habit 8: Infrastructure Lead
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 72
Habit 9: Executive Sponsor
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 73
Habit 10: Quick Wins Fast
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 74
Habit 11: Rollout Plan
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 75
Habit 12: Cloud Roadmap