Cloud IAAS Orchestration

Colin Li
Customer Solution Architect Cisco Asia Pac SP CTO office

Agenda
Cloud Strategy Cloud Building Blocks Cisco Orchestration Screen Captures Orchestration Architecture Questions

Data Centre Evolution

Where does the journey begin?
Application Silos
Apps Servers Network Storage

Zones of Virtualisation

External Private Internal Cloud Services Cloud Services

From silosto Dynamic Data Centre and IT as a service

Virtualize Centralize Standardize Consolidate Self-Service Automate

Data Centre Evolution

From Virtualisation to IaaS
Business Needs Lower costs Pay as you go Faster time-to-market Always on availability Data security and privacy Lower carbon footprint Infrastructure Needs Secure multi-tenancy Service automation and management

Traditional Virtualised Data Centre

Virtualized

ITaaS

Data mobility Integrated data protection & security Higher asset utilization

+ Multi-Tenant + Automated + Self-Service

The Challenge
Pain in Orchestration and IT Management
80% of downtime caused by poor change management 90% of breaches are from known vulnerabilities
Costs 3X more to manage a device than to buy one

Application releases are late 60% of the time

5
Source: Industry Analysts

Agenda
Cloud Strategy Cloud Building Blocks Cisco Orchestration Screen Captures Orchestration Architecture Questions

Virtualized Multitenant Data Center 2.0

Replicable Building Blocks
Application Orchestration/ Portal DCI/ POD Interconnect

Key App validation to accelerate adoption System tools; Utility consumption models (BMC, ..) Cisco DCI Options MPLS/ VPLS - evolution OTV/ LISP change the game Cisco POD options General purpose HFT/ HPC Partner specific efforts VMware, MSFT EMC, NetApp et.al.

POD
Network Services Network Access Compute/ Virtualization Storage

POD
Network Services Network Access Compute/ Virtualization Storage

Orchestration Reference Architecture

Service Consumer Tenant Admin Cloud Admin

Web Portal

Enterprise
Access Management Service Management
Service Catalog Fulfillment Governance Metering & Billing SLAs Operational Processes

Resource Management
Orchestration Automation Virtualization CMDB

Compute Storage Network

Compute Storage Network

Compute Storage Network

Service Provider

Cloud Resources
Network Containers
Virtual Datacenters Isolated for Tenants/Workloads

PODS

Location A

Location B

Network Containers

Customer Green Customer Red

Virtual Networks (per tenant)

Physical Infrastructure (shared)

IP/NGN Backbone
WAN Edge

Core

Aggregation

Services

DB

App

Web

Compute
DB App Web

Network Container Blueprint

WAN (MPLS,P2P)
Tenant Premise

Internet

InternetBased Consumer

FW LB Private LB

FW Public

Web

App

Database

Web

App

Database

11

Agenda
Cloud Strategy Cloud Building Blocks Cisco Orchestration Screen Captures Orchestration Architecture Questions

13

14

15

16

17

18

19

20

21

22

23

24

25

26

27

28

29

30

31

32

33

34

35

36

Agenda
Cloud Strategy Cloud Building Blocks Cisco Orchestration Screen Captures Orchestration Architecture Questions

Cloud Orchestration using BMCCLM

My Services Portal Cloud Extensions

Service Request Management

(SRM)

CMDB(Atriu
m)

Atrium Orchestrator

Change Management
(Remedy ARS)

BBNA

BBSA

BMC and Cisco Relationship Evolution

BMC Blade Logic and UCS Development

2009

BMC BladeLogic OEM Resale wins begin

Major joint cloud service provider win

2010

BMC CLM 1.01

Expanded Strategic Alliance Announcement Dec. 2010

2011

BMC BladeLogic and UCS Announcement

Go-to-Market, Service Engagement Models Developed

140 Joint OEM Customers 10 Joint Cloud Wins 5 Major Service Provider Wins 6 Federal Agency Wins Healthy Pipeline of Joint Opportunities

BMC ProactiveNetPerformance Mgmt & Compliance OEM Agreement

Presentation_ID

2003, Cisco Systems, Inc. All rights reserved.

40

Actors
Telework er

Tenant Premise

WAN (MPLS, P2P)

Internet

Cloud Admins

Tenant Admins

Service Consume rs

Edge Services
Common Services Directo
ry DNS SMTP

Screening Anti-DDoS/AD

Service Portals
Cloud Admin Tenant Admin

Private Access
VPN WAN Optimization

Secure Internet Access (VPN)

Site-to-Site Intrusion Prevention NAC Remote Access Web Email

Internet Gateway
NAT

NTP

Intrusion Prevention

Gateway Services

Bronze (Commodity)

Silver (SMB)
Web

Platinum (Enterprise)
App D B

Management

Orchestration/ Middleware

Tenant Services

AR

AO

Tibco

Instance Services

Domain Managers BBNA CS-ACS UCS-M FAB-M vCente BBSA r

Tenant Instances

F W

F W

F W

Delivery Infrastructure

Storage
41

End-toEnd-to-End Logical Topology

CE PE

IP/NGN Backbone L3
WAN Edge

Branch or Campus network

Customer Red Customer Green Customer Blue

L3 or L2 VPN Access Each tenant contained in a unique VRF

HSRP/Layer 3 gateway

L3
Core

L3 L3 L3 L2

Aggregation

Vlan/VRF maps to unique Virtual FW/load-balancer

vPC Layer 2 Trunks
Data base Data base Data base

App App App

Web Web Web

Tenant VRF maps to unique VLANs

VLAN per application tier

Network Containers Pre-Packaged Network Services

Bronze Silver Gold/Platinum Multiple VLANs SLB & SSL offload LB, 1 VLAN System Configs Multiple VLANs VPN Offload Firewall SLB & SSL offload System Configs

Virtual FW + pVLANs

Virtual FW + pVLANs Virtual FW + pVLANs

Shared VMFS, No Data Protection

Dedicated VMFS, DP via Snapshots

Dedicated VMFS, 100% DP, Cloning

43

Cisco/BMC Strategic Relationship

44

The Challenge
Pain in Orchestration and IT Management
80% of downtime caused by poor change management 90% of breaches are from known vulnerabilities
Costs 3X more to manage a device than to buy one

Application releases are late 60% of the time

4
Source: Industry Analysts

 BMCs Industry Leadership

IT Service Mgmt, Automation=> Cloud

Shared Vision
Public, Private, Hybrid Clouds IaaS to SaaS, Multi-Vendor

Complementary Solutions
Synergy w/Ciscos wire once Unified Service Delivery DC arch

Platform for Innovation

Rapid IT Service Innovation & Deploy Ongoing policy / event based mgmt

46

BMC and Cisco Relationship Evolution

BMC Blade Logic and UCS Development

2009

BMC BladeLogic OEM Resale wins begin

Major joint cloud service provider win

2010

BMC CLM 1.01

Expanded Strategic Alliance Announcement Dec. 2010

2011

BMC BladeLogic and UCS Announcement

Go-to-Market, Service Engagement Models Developed

BMC ProactiveNetPerformance Mgmt & Compliance OEM Agreement

140 Joint OEM Customers 10 Joint Cloud Wins 5 Major Service Provider Wins 6 Federal Agency Wins Healthy Pipeline of Joint Opportunities

Services Portfolio
What Can Cloud Do for My Business? Costs? ROI? Process Impact? What Architecture Maximizes Virtualization, Orchestration Speed, and Designs Chargeback Capability? How Do We Realize Our Cloud Architecture On-Time, Within Budget, and in Our Environment? How Do We Ensure Cloud Evolution and Ongoing Cost Reduction?

Cloud Strategy Service

Cloud Planning and Design Service

Cloud Implementation Service

Cloud Optimization Service

Assess Strategy
Technology and security Operations w/ tools Business case Chargeback approach Services Catalog Program and architecture management offices

Design
Technology, security, tools, facilities SLA and chargeback design Transition planning Program and architecture management offices

Implement & Integrate

Technology, security, tools, facilities Orchestration integration Workload migration Staging and validation Program and architecture management offices

Optimize via
Architectural reviews Security audits Cost reduction exercises Process improvements Tool customization Day-2 support

Accelerate Time to Value

World Class Expertise World Class Presence

Proven Delivery Capability

Delivering Unique Cisco Insight

Cloud Reference Architecture (VMDC 2.0)

49

Virtualized Multitenant Data Center 2.0

Replicable Building Blocks
Application Orchestration/ Portal DCI/ POD Interconnect

Key App validation to accelerate adoption System tools; Utility consumption models (BMC, ..) Cisco DCI Options MPLS/ VPLS - evolution OTV/ LISP change the game Cisco POD options General purpose HFT/ HPC Partner specific efforts VMware, MSFT EMC, NetApp et.al.

POD
Network Services Network Access Compute/ Virtualization Storage

POD
Network Services Network Access Compute/ Virtualization Storage

Actors
Telework er

Tenant Premise

WAN (MPLS, P2P)

Internet

Cloud Admins

Tenant Admins

Service Consume rs

Edge Services
Common Services Directo
ry DNS SMTP

Screening Anti-DDoS/AD

Service Portals
Cloud Admin Tenant Admin

Private Access
VPN WAN Optimization

Secure Internet Access (VPN)

Site-to-Site Intrusion Prevention NAC Remote Access Web Email

Internet Gateway
NAT

NTP

Intrusion Prevention

Gateway Services

Bronze (Commodity)

Silver (SMB)
Web

Platinum (Enterprise)
App D B

Management

Orchestration/ Middleware

Tenant Services

AR

AO

Tibco

Instance Services

Domain Managers BBNA CS-ACS UCS-M FAB-M vCente BBSA r

Tenant Instances

F W

F W

F W

Delivery Infrastructure

Storage
51

Technology Architecture Topology View

Virtual Servers Virtual Network Virtual Security Storage Compute Services Agg Core Edge Services Access

Virtualization & Separation designed at each Layer

WAN

WAN Edge MPLS Core Services Aggregation Access

VMWare Nexus1000V Virtual Host Appliances MDS UCS Chassis ASA ACE WAF Server IPS Nexus VM7000 OS Nexus 7000 App

Internet

Appliance/ Module

Virtual Context

VDC

VRF

VLAN

pVLAN
WAAS IronPort C IronPort S VPN NAT

OOB Management Connectivity Element Management, Orchestration, Federated CMDB

Encryption

Scalable, repeatable and homogeneous constructs VMDCArchitecture

Minimum VMs Servers 2,048 64 Maximum 12,288 384 VMs Servers Minimum 16,384 512 Maximum 98,304 3072

Compact POD

Large POD

Nexus NAS NAS

UCS

SAN

UCS

SAN

16

Network Containers Pre-Packaged Network Services

Bronze Silver Gold/Platinum Multiple VLANs SLB & SSL offload LB, 1 VLAN System Configs Multiple VLANs VPN Offload Firewall SLB & SSL offload System Configs

Virtual FW + pVLANs

Virtual FW + pVLANs Virtual FW + pVLANs

Shared VMFS, No Data Protection

Dedicated VMFS, DP via Snapshots

Dedicated VMFS, 100% DP, Cloning

54

Sample Platinum Network Container: Logical View L2L VPN

Telework er

InternetBased Private Consumer InternetBased Consumer

WAN (MPLS, P2P)

Internet

RA VPN FW Private Zone LB

Tenant Premise

FW

LB

Public Zone

Sub-Zone1
vSecAppliance

Sub-Zone2
vSecAppliance

Sub-Zone3
vSecAppliance

Sub-Zone1
vSecAppliance

Sub-Zone2
vSecAppliance

Sub-Zone3
vSecAppliance

vSecAppliance

vSecAppliance

vSecAppliance

vSecAppliance

vSecAppliance

vSecAppliance

Management Back-End
55

Large Pod DC
Wan/ Edge Core
Outside VRF
Nexus 7010 CRS-1 40G

IP/MPLS
40G 10GE FCoE FC

Aggregation/ Access Nexus 7018

EMC VMAX

Services
DSN Cat 6500 FWSM, ACE, ASA5580

SAN

Inside VRF

Agg/ Access

Nexus 7018

MDS 9500

Virtual Access / Compute

40G UCS 6140 ESXi UCS blade chassis

40G Nexus 1000

Compact Pod DC
IP/MPLS
10GE FCoE FC

Outside VDC

Wan/ Edge

Cat 6500

20G

20G

Aggregation
Nexus 7010

EMC VMAX

Services
DSN Cat 6500 FWSM, ACE,

SAN

Inside VDC

Sub-Agg Access
Virtual Access / Compute

Nexus 7010 MDS 9500 Nexus 5020 UCS 6120 40G ESXi UCS blade chassis 40G

Nexus 1000

Orchestration Reference Architecture

Service Consumer Tenant Admin Cloud Admin

Web Portal

Enterprise
Access Management Service Management
Service Catalog Fulfillment Governance Metering & Billing SLAs Operational Processes

Resource Management
Orchestration Automation Virtualization CMDB

Compute Storage Network

Service Provider
Compute Storage Network Compute Storage Network DC Interconnect

Orchestration Service Lifecycle

Define Service Request Service

IT and Line of Business

Service Catalog

Self-Service Portal

Customer

Service Request Management

Service Management

Cloud Storage Operations Physical Servers

Performance Compliance Management Management Metering & Chargeback

Network

Virtual Servers

Automated Provisioning

Cloud Orchestration using BMCCLM

My Services Portal Cloud Extensions

Service Request Management

(SRM)

CMDB(Atriu
m)

Atrium Orchestrator

Change Management
(Remedy ARS)

BBNA

BBSA

Details - Network Container

61

End-toEnd-to-End Logical Topology

CE PE

IP/NGN Backbone L3
WAN Edge

Branch or Campus network

Customer Red Customer Green Customer Blue

L3 or L2 VPN Access Each tenant contained in a unique VRF

HSRP/Layer 3 gateway

L3
Core

L3 L3 L3 L2

Aggregation

Vlan/VRF maps to unique Virtual FW/load-balancer

vPC Layer 2 Trunks
Data base Data base Data base

App App App

Web Web Web

Tenant VRF maps to unique VLANs

VLAN per application tier

Cloud Orchestration using BMCCLM

My Services Portal Cloud Extensions

Service Request Management

(SRM)

CMDB(Atriu
m)

Atrium Orchestrator

Change Management
(Remedy ARS)

BBNA

BBSA

Network Container Benefits

Step 1:

Logical Topology

Provides the customer with a fully segmented environment Elimination of administrative errors through service automation Removal of manual resource usage documentation and tracking Reduction in service deployment time Minimizing coordination of technologies between silos Abstraction of complexities from the user Self Provisioning

Customer 1 Create Customer 2

Networ k Contai Step Optional: ner Service Provider
Load Balancer MPLS Pool Create Backbone

Customer 1

web

db

app

Step 2 & 3: Bulk VM create Individual VM create

Logical Topology Step 1: Create Network Container

Step Optional: Load Balancer Pool Create

Customer 2

web

db

app

Physical Topology
64

Step 2 & 3: Bulk VM create Individual VM create

Resource Management: Four Types of Resources

Resource Type Subnet Pool IP Address Pool Context Pool VLAN Pool Description Pools of subnets Pools of IP addresses (/32) Pools of device contexts (FWSM, LB) Pools of VLANs

Release Request What is the request ID for the allocated Resource and the associated network container

65

Resource Pools
Resource PUB_IO_VLAN PUB_II_VLAN PUB1_VLAN PUB2_VLAN PUB3_VLAN PRIV_PE_VLAN PRIV_IO_VLAN PRIV_II_VLAN PRIV1_VLAN PRIV2_VLAN PRIV2_VLAN AGG_FT_VLAN SUBAGG_FT_VLAN PRIV_VRF PUB_VRF Category VLAN VLAN VLAN VLAN VLAN VLAN VLAN VLAN VLAN VLAN VLAN VLAN VLAN VRF VRF Start 601 611 621 631 641 791 701 711 721 731 741 771 781 End 609 619 629 639 649 799 709 719 729 739 749 779 789 Scope AGG,VSS,FWSM VSS,FWSM,ACE,SUB-AGG UCS,N1K,N5K,SUB-AGG,VSS,ACE UCS,N1K,N5K,SUB-AGG,VSS,ACE UCS,N1K,N5K,SUB-AGG,VSS,ACE PE,AGG AGG,VSS,FWSM VSS,FWSM,ACE,SUB-AGG UCS,N1K,N5K,SUB-AGG,VSS,ACE UCS,N1K,N5K,SUB-AGG,VSS,ACE UCS,N1K,N5K,SUB-AGG,VSS,ACE AGG SUB-AGG

66

Resource Pools: Continued

Resource Category PUB_INFRA_I P Subnet Pool PUB1_IP PUB2_IP PUB3_IP Subnet Pool Subnet Pool Subnet Pool Start 172.31.11.0/24 172.31.21.0/24 172.31.31.0/24 172.31.41.0/24 172.31.51.0/24 172.31.61.0/24 172.31.71.0/24 172.31.81.0/24 172.31.91.0/24 End 172.31.19.0/24 172.31.29.0/24 172.31.39.0/24 172.31.49.0/24 172.31.59.0/24 172.31.69.0/24 172.31.79.0/24 172.31.89.0/24 172.31.99.0/24 Scope AGG,SUB-AGG,ACE,FWSM SUB-AGG SUB-AGG SUB-AGG PE,AGG AGG,SUB-AGG,ACE,FWSM SUB-AGG SUB-AGG SUB-AGG PRIV_PE_IP Subnet Pool PRIV_INFRA_I P Subnet Pool PRIV1_IP PRIV2_IP PRIV3_IP Subnet Pool Subnet Pool Subnet Pool

AGG_FT_IP Subnet Pool SUBAGG_FT_I P Subnet Pool

172.31.101.0/24 172.31.109.0/24 AGG 172.31.111.0/24 172.31.119.0/24 SUB-AGG 172.29.9.0/24 PE AGG1 AGG2 172.31.253.19 172.31.253.29 172.31.253.39 172.31.253.49 172.31.253.59 172.31.253.69 172.31.253.79 PE AGG1 AGG2 SUB-AGG1 SUB-AGG2 SUB-AGG1 67 SUB-AGG2

PREMISE_IP Subnet Pool 172.29.1.0/24 PUB_AGG1_R ID_IP IP Address Pool 172.31.253.1 PUB_AGG2_R ID_IP IP Address Pool 172.31.253.2 PE_RID_IP IP PRIV_AGG1_R ID_IP IP PRIV_AGG2_R ID_IP IP PRIV_SUBAGG1_RID_IP IP PRIV_SUBAGG2_RID_IP IP PUB_SUBAGG1_RID_IP IP PUB_SUBAGG2_RID_IP IP Address Pool 172.31.253.11 Address Pool 172.31.253.21 Address Pool 172.31.253.31 Address Pool 172.31.253.41 Address Pool 172.31.253.51 Address Pool 172.31.253.61 Address Pool 172.31.253.71

Platinum Logical: Variabilized

WAN (MPLS, P2P) Internet

CE
${runtime.pe_vlan} ${runtime.pe_ip} VRF PRIV_${runtime.customer_id}

${runtime.pub_pool_ip}

NAT

${runtime.priv_io_vlan}

.2 53

.2 52 HSRP .254 .2 48.2 48

Context PRIV_${runtime.customer_id}

${runtime.pub_io_vlan}

.2 53
${runtime.pub_i_ip}

.2 52 HSRP .254 .2 48.2 48

Context PUB_${runtime.customer_id

${runtime.priv_i_ip}

${runtime.priv_ii_vlan}

Context PRIV_${runtime.customer_id} ${runtime.pub_ii_vlan}

.2 47

Context .2 PUB_${runtime.customer_id}

HSRP .251
VRF PRIV_${runtime.customer_id}

.2 50

.2 49

.2 52

.2 .2 54 53 HSRP .254
${runtime.priv1_ip} ${runtime.priv1_vlan}

.2 .2 50 .2 VRF PUB_${runtime.customer_id} 51 ${runtime.priv3_vlan} 49 .2 .2 54 53 ${runtime.priv2_vlan} HSRP .254

${runtime.priv2_ip} ${runtime.pub1_ip} ${runtime.pub1_vlan}

.2 46 ${runtime.priv3_ip}

HSRP .251

.2 52

47.2 46 .2 51 ${runtime.pub3_vlan}
${runtime.pub3_ip}

${runtime.pub2_vlan} ${runtime.pub2_ip}

68

Internet

Platinum Logical: Instantiated for Tenant1

WAN (MPLS, P2P) Internet

CE
VLAN 791 172.31.51.0/24 VRF PRIV_TNT001

10.88.10.50

NAT

VLAN 701

.2 53

.2 52 HSRP .254 .2 48.2 48

Context PRIV_TNT001

VLAN 601

.2 53
172.16.11.0/24

.2 52 HSRP .254 .2 48.2 48

Context PUB_TNT001

172.31.61.0/24

VLAN 711

Context PRIV_TNT001

.2 47 HSRP .251 .2 50 .2 52 .2 51 VLAN 741 .2 46 172.31.91.0/24

VLAN 611

Context PUB_TNT001

HSRP .251
VRF PUB_TNT001

.2 47.2

VRF PRIV_TNT001

.2 49

.2 50

.2 49

.2 52

46 .2 51 VLAN 641
172.31.41.0/25

.2 .2 54 53 HSRP .254
172.31.71.0/24 VLAN 721

VLAN 731 172.31.81.0/24 172.31.21.0/24

.2 .2 54 53 HSRP .254
VLAN 621

VLAN 631 172.31.31.0/25

69

What Infrastructure Gets Automated per Tenant?

Device Aggregation (N7K) Sub-Aggregation (N7K) Access (N1KV) Firewall (FWSM) LB (ACE-20) Configuration Elements PrivateVRF, Port-Channel Sub-Interfaces for Public and Private, OSPF for Public and Private Private and Public VRFs, Port-Channel Sub-Interfaces for Public and Private, OSPF for Public and Private VM Port-Profiles for three Public and three Private zones Private and Public contexts during initial network container creation. Per-VM rules during FW Console interaction. Private and Public contexts during initial network container creation. LB pools and addition of servers during LB Console interaction. NAT entries for Public-facing LB policies Simulated tenant premise: VRF, OSPF, Loopback Adding VLAN to vnic templates per tenant service request
70

NAT (ASA 5520) CE ( ISR 2800) UCS 6120 FIC

Solution Demo

71

Presentation_ID

2003, Cisco Systems, Inc. All rights reserved.

72