Cisco Cloud Platform for Internet of Everything

Robert Feng

TSA

robfeng@cisco.com

Agenda

• IOE Cloud Vision

• Cisco – Microsoft Collaboration

• Cisco – Microsoft Joint Engineering

• Cisco ACI – Security, Scalability and Performance

• Summary

Internet of Everything (IOE)

Security ?

Application?

Computing?

App Agility?

Cloud Vision?

APPLICATION

SECURITYNETWORK

STORAGESERVER

+

VIRTUALIZATION

CIO

CLOUD

+

INFRASTRUCTURE AUTOMATION

OPERATIONS

Private Cloud

IaaS

What IT is doing to solve the App agility issue

CLOUD

CONSUMPTION

DEVELOPMENT

COMPLIANCE

BUSINESS ENTITIES

BUSINESS

ARCHITECT

BUSINESS APP

OWNER

Public Cloud

SaaSPaaSIaaS

How the business has addressed the App agility issue

APPLICATION

SECURITYNETWORK

STORAGESERVER

+

VIRTUALIZATION

CIO

CLOUD

+

INFRASTRUCTURE AUTOMATION

OPERATIONS

CLOUD

CONSUMPTION

DEVELOPMENT

COMPLIANCE

BUSINESS ENTITIES

BUSINESS

ARCHITECT

BUSINESS APP

OWNER

Public Cloud

Private Cloud

SaaSPaaSIaaS

IaaS

GAP

APPLICATION

SECURITYNETWORK

STORAGESERVER

+

VIRTUALIZATION

CIO

CLOUD

+

INFRASTRUCTURE AUTOMATION

OPERATIONS

CLOUD

CONSUMPTION

DEVELOPMENT

COMPLIANCE

BUSINESS ENTITIES

BUSINESS

ARCHITECT

BUSINESS APP

OWNER

Public Cloud

Private Cloud

Hybrid Cloud

SaaSPaaSIaaS

IaaS

Cisco ACI (Application Centric Infrastructure)– Best Cloud Platform to Deliver IOE

Cisco ACI (Application Centric Infrastructure) -Common Hardware Platform, Two Operational Models

APPLICATION CENTRIC INFRASTRUCTURE

APIC

SHIPPING

ENHANCED NX-OS

SHIPPING

Existing Network Model

PROGRAMABILITY—40 GigE—PRICE/PERFORMANCE

Nexus 9000

Cisco and Microsoft Collaboration

Cisco and Microsoft Are Working Together to…

Deep level

of engagement

Alignment around customer

success

Shared long-term

vision

Microsoft Converged Cloud OS Network Stack / Market Relevance

Cloud Elements Microsoft Position in Market

Workloads /

Applications

Management,

Identity & Security

Platform

Virtualization

Self-service

Metering

Dynamic provisioning

Process Automation

Control

Physical and Virtual

Infrastructure and Applications

Secure access

Agile - Cross Platform

High-Performance

Elastic and Scalable

Owned and Outsourced

Datacenter, Desktop, Cloud

Leading

Enterprise

Applications

Leading

Management

Solution

Fastest Growing

Virtualization

Solution*

Comprehensive

Solution

34%

16%11%

7% 4% 2%

Microsoft HP IBM/Tivoli VMWare Dell Symantec

Server 43%

9% 7%4% 4% 4%

Microsoft HP IBM/Tivoli Dell Symantec Novell

Desktop

Source: IDC Management Tracker: Microsoft Internal research

16%

9.6%

0

4

8

12

16 Microsoft

VMware

Source: IDC WW Quarterly Server Virtualization Tracker, March 2011

70% of Server OS

Market Share90% of

Desktop

*net new deployments

**internal

Cisco – Microsoft Joint Engineering

Cisco - Microsoft Joint Product EngineeringContinuing investments for deeper integration

UCS Health, Manage UCS domains, Graphical views

Power tools for

Compute &

Storage

Cisco UCS with Microsoft System Center

Compute and Storage Integration

Cisco ACI/APIC with

Microsoft System Center

Network and Services Integration

Windows Azure Pack

Microsoft System Center

Virtual Machine Manager (SCVMM)

APIC

Expose Cisco SDN

& Network Services

with APIC and

Resource Providers

Cisco Fast Track

Validated Architecture

Microsoft Cloud Fast TrackFabric Management Integration

Windows Azure Pack

Microsoft System Center

Windows Server (Hyper-V)

On-board

Microsoft Fabric

Management

on Cisco

Architecture

Cisco Cloud Architecture –

Microsoft Cloud Platform

CCA - MCP

Beyond SDN - Software Defined Data CenterFrom VMDC… To CCA…

• Data Center Fabric using Nexus 7000, Nexus 5000, Nexus 2000

• NOT SDN Capable, no STATEFUL connection policies

• Programmable connections per by tools OUTSIDE the Fabric

• 10G / 40G Capable

• Data Center Fabric using Nexus 9000, ACI/APIC

• SDN Capable, Programmable features built into Fabric

including Security

• Stateless Policy Model (APIC), fabric automation built-in

• Repeatable Deployment Model using Network/Service

Profiles

• 10G / 40G AND 100G Capable

• Lower Cost per Port Switching

External tools to stitch a

specific container

SDN Application Network Profiles,

Stateless, repeatable, secure, faster to

deploy

Introducing the Cisco Cloud Architecture Built with the Microsoft Cloud Platform

Introducing Cisco Cloud Architecture Service Patternsbuilt with the Microsoft Cloud Platform

Patterns represent

best practice

designs that are

validated on the

Cisco Cloud

Architecture and

enable Cloud

Offers:- Many IaaS Container

options

- Many WAN Gateways

options

- Application Hosting

(eg: DBaaS,

DeskTop-aaS)

- Value Added Services

(eg: DRaaS, BaaS)

Application

Zone

Tenant Perimeter

Services

WAN Gateway

Services

Customer

Network Pattern 1 + Backup-as-a-Service Zone

Application

Zone

Tenant Perimeter

Services

WAN Gateway

Services

Site to Site

VPNMPLS

L3 VPN

Value Added

Service

Zone

Cloud Storage as a Service

+ Secure Application Zone

Application

Zone

Tenant Perimeter

Services

WAN Gateway

Services

Site to Site

VPNMPLS

L3 VPN

Application

Zone 2

DMZ

WEB APP

Cisco Network Plan Example in WAP Value ADD-ONS to a Cisco Network PLAN

CCA - Network Automation ManagerBuilding Secure Value-Added Services with Window Azure Pack (WAP)

Multiple WAN Gateway Options

Multi-Tier Application support

Secure DMZ option for Internet

Secure Connection to Customer

SQL-aaS Database Service

Secure L2 Segments for Apps

Load Balancing Service

WAP Subscription for Services

Create Cisco Network Container directly from WAP Portals

IOE Requires Pervasive Security

ACI Fabric Provides L4 Distributed Firewall for East/West Traffic

Firewall at Each

Leaf switch

Servers (Physical or Virtual)

L4 Policy Enforcement in Leaf Switch

Line rate Policy Enforcement

Group based Policy (Managed via APIC)

L4 Stateful Firewall with AVS

Scales independent of End-Points

Policy Follows Workloads

MicroSegmentation

ACI - Multi-Hypervisor-Ready Fabric

• Integrated gateway for VLAN,

VxLAN, and NVGRE networks from

virtual to physical

• Normalization for NVGRE, VXLAN,

and VLAN networks

• Customer not restricted by a choice

of hypervisor

• Fabric is ready for multi-hypervisor

Virtual Integration

Network

Admin

Application

Admin

PHYSICAL

SERVER

VLAN

VXLAN

VLAN

NVGRE

VLAN

VXLAN

VLAN

ESX Hyper-V KVM

Hypervisor

Management

ACI Fabric

APIC

APIC

VMware

Microsoft

Red Hat

XenServer

VMware Microsoft Red Hat

Application Trends in Data Center

Instantiate

new VM

Decommission

existing VM

Migrate

existing VM

On-Demand ScalingDISTRIBUTED DEPLOYMENTS

Physical & VirtualHETERGENEOUS IMPLEMENTATION

Dynamic Instantiation/Removal

DYNAMIC WORKLOADS

Transparent to Underlying Network

LOCAITIONINDEPENDENT

Migration across public/private clouds

CLOUD-AWARE

Advanced Threat Protection with FirePOWER + ACI

FireSIGHT

Management CenterAlerts

Network Visibility

Policy Management

Analytics

Remediation

• Situation

– Advanced threats that are not detected by

conventional security products

– Limited security resources

• ACI Solution

– Automated provisioning of NGIPS and

Advanced Malware Protection

– Visibility and awareness with FireSIGHT

– Continuous analysis

– Physical and virtual appliances

• Benefits

– Industry-leading security efficacy

– Automation and correlation for reduced TCO

– Retrospective security helps scope, contain

and remediate

Automated Feedback Loop

for Intelligent Threat

Response

WEB

WEB WEB WEB

DB

DB DB DB

APP

APP APP APPAMP

NGIPSAMP

NGIPS

Performance and Scalability are

Key to IOE

100 150 200 250 300

ACI

TraditionalNetwork

Time (s)

Case Study –Big Data Analytics

Based on common network load and link failure scenarios

ACI Innovation Driving Application Performance

Congestion Management

60% 60%

90%

Network Innovations

Dynamic Load Balancing

Dynamic Packet Prioritization

30% reduction

in application

completion time

Network Utilization

ACI Full application visibilityA Single View of your Application in a distributed environment

Cisco Confidential

HEALTH SCORE

LATENCY

DROP COUNT

VISIBILITY

VMs

Physical

Application Delivery Controller

Firewall

28

96%

Microsecond(s)

Packets Dropped

5

25

73

ACI Openness: Opening the ACI policy ENGINE with Opflex

OPFLEX PROTOCOL + ECOSYSTEM

OPEN SOURCEOpen source implementation

available to anyone

ECOSYSTEMBroad, growing vendor support including

hypervisor, network, and L4-7

STANDARDUpcoming Opflex standard through IETF

APIC

OPFLEX

DELIVERING INVESTMENT PROTECTION BY

ALLOWING ANY DEVICE TO INTEGRATE WITH CISCO ACI

L4-7 DEVICE

HYPERVISOR SWITCH

Summary

Cisco ACI + Microsoft Azure Pack – best Cloud Platform for Internet of Everything

Deep technical integration between Cisco and MSFT stacks to automate delivering

of Cloud Services and common IT tasks – Speed of deployment and lower TCO

Cisco ACI – Strong Adoption and Broad Ecosystem

1,700+Nexus 9K and ACI Customers Globally

300+APIC Customers

35+Ecosystem Partners

APIC Cloud

NetworkApplication

Compute

Storage

Security

31

1,000+ 200+915+4,100+

Thank you