Embed Size (px)
Citation preview
Cisco Intercloud Intercloud Fabric for Business: Technical Overview
Tanja Hess
Systems Engineer
September 2014
Cisco Confidential 2 © 2014 Cisco and/or its affiliates. All rights reserved.
Agenda
Overview
Architecture
Intercloud Fabric Services
Deployment Considerations
Summary
Cisco Confidential 3 © 2014 Cisco and/or its affiliates. All rights reserved.
Cisco Confidential 4 © 2014 Cisco and/or its affiliates. All rights reserved.
Together with our partners, we’re building an Intercloud to include all the cloud services you’re using today, and so much more!
HCS
Microsoft Suite aaS
DRaaS
PaaS
IaaS
Enterprise Private Clouds
Public Clouds
Partner Clouds Cloud Services and Applications
Meraki
Security
Analytics
vDesktop aaS
WebEx
HANA aaS
IOE aaS
Collaboration and Video
Big Data and Analytics
Native Cloud Applications
Enterprise Workloads
Cisco Confidential 5 © 2014 Cisco and/or its affiliates. All rights reserved.
Why Hybrid?
Fixed workloads Elastic workloads Choice to build / rent across providers
Workload portability Consistent security
DC/Private Clouds Provider Clouds Economics
Speed
Scale
Data
Sovereignty
Security
Control
Cisco Confidential 6 © 2014 Cisco and/or its affiliates. All rights reserved.
Reality of Hybrid Cloud and Key Challenges
Loss of Security Siloed Infrastructure Slow and Complex
• Unsecure Connection
• Limited Workload Protection
• Inconsistent Cloud Architectures
• Fragmented Solutions Solving Networking and Security Challenges
• Different Management Tools
• Require App Re-configuration
• Slow and Manual Process of Discovering Infrastructure Dependencies
• No Visibility or Control
Cisco Confidential 7 © 2014 Cisco and/or its affiliates. All rights reserved.
DC/Private Cloud
End User and IT Admin Portals
Secure Fabric Extender Network,
Compute, and Storage
vSphere
Hyper-V*
KVM*
Xen*
Intercloud Fabric
for Business
EC2 APIs
Azure APIs
Intercloud Fabric for Providers
Provider Clouds
Intercloud Ecosystem
Intercloud Fabric for Providers
Cisco Powered Services and Cloud
Providers
Cisco Intercloud Fabric: Solution Overview
* Available in subsequent releases
Cisco Confidential 8 © 2014 Cisco and/or its affiliates. All rights reserved.
Cisco Confidential 9 © 2014 Cisco and/or its affiliates. All rights reserved.
Intercloud Fabric for
Business
Cisco Intercloud Fabric: Software-based Solution
DC or Private Hybrid Public
Intercloud Fabric for
Provider
GUI APIs
Cloud APIs
Cisco Confidential 10 © 2014 Cisco and/or its affiliates. All rights reserved.
Intercloud Fabric Secure Extender
(Secure Network Extension)
DC/Private Cloud
Provider Cloud
Cisco Intercloud Fabric Architectural Details
Intercloud Switch
VM Manager
Intercloud Fabric
for Providers
Intercloud
Fabric Services
Intercloud Extender
Intercloud
Fabric Director
End User and IT Admin Portal Workload and Fabric Management IT Admins End Users
VM VM
VM VM Intercloud Fabric
for Business
Cisco Confidential 11 © 2014 Cisco and/or its affiliates. All rights reserved.
Intercloud Fabric Secure Extender
(Secure Network Extension)
Intercloud Fabric for Business
DC/Private Cloud
VM Manager Intercloud
Fabric Director
IT Admins End Users
VM VM
Cisco Intercloud Fabric Director Features
• End User Portal • Choice of workload
placement
• Admin Portal • Policy-based
Cloud Management
• Open API for integration with other cloud management platforms
Cisco Confidential 12 © 2014 Cisco and/or its affiliates. All rights reserved.
Intercloud Fabric for Business
Intercloud Secure Extender
Provider Cloud
Intercloud Switch
Intercloud Extender
Intercloud
Fabric Services VM VM
Cisco Intercloud Fabric Secure Extender Features
Extend VLAN/VXLAN
with TLS Tunnel
Inter-VM firewalling and routing Enterprise IP Address or Provider IP Address
Intercloud
Fabric Director
Cisco Confidential 13 © 2014 Cisco and/or its affiliates. All rights reserved.
Intercloud Fabric Provider Platform Features
Cloud API
API Translation Logic
South Bound API
VCD Adapter
Open stack
Adapter
Cloud Stack
Adapter
Custom Adapter
Intercloud Fabric Cloud API
Provider
Platform
Intercloud Fabric Provider API
Enable Cloud Provider to Quickly
Offer Hybrid Cloud Services
For Integration with Cloud
Provider Infrastructure
Abstraction over Cloud Provider Infrastructure
Core Logic Tenant DB
Intercloud Fabric Provider Southbound API
To Provider OS / BSS
To Provider Infrastructure
To Intercloud
Fabric for
Business
Securely stores tenant
records and templates
Custom Adapter
Cisco Confidential 14 © 2014 Cisco and/or its affiliates. All rights reserved.
Intercloud Fabric Structure
Cross-clouds app portability and mobility
Any App on Any Cloud
Hybrid, Public and Private ICF: A Platform for Cloud Services
Cisco and/or 3rd party service offerings
supporting applications in cloud environments ICF Extended Services
Fundamental service functions and
capabilities integrated natively ICF Core Services
Fundamental technologies and components
that support ICF aaS functions ICF Core Infrastructure
Cisco Confidential 15 © 2014 Cisco and/or its affiliates. All rights reserved.
Intercloud Fabric Structure
Cisco Intercloud Fabric Architecture is Modularized to Achieve the
Elasticity Needed to Support Evolving Cloud Environments
ICF Extended Services + External Partners (storage, load balancing, etc.)
ICF Core Services
Security Management and Visibility
Automation Networking VM Portability
ICF Core Infrastructure ICFD PNSC ICFPP Secure
Communications
Private Cloud: Enterprise Public Cloud: Provider
Cisco Confidential 16 © 2014 Cisco and/or its affiliates. All rights reserved.
ICF Core Infrastructure
ICF Core Infrastructure
PNSC
ICFPP
Secure Communications
Enterprise tool to manage and orchestrate hybrid clouds
Enterprise Service orchestration function for private and public services
Site-to-site and VM-to-VM communication technology
Cloud Provider Public Cloud management tool
Fundamental Technologies and Components
That Support Intercloud Fabric Functions
Intercloud
Fabric Director
Cisco Confidential 17 © 2014 Cisco and/or its affiliates. All rights reserved.
Cisco Confidential 18 © 2014 Cisco and/or its affiliates. All rights reserved.
ICF Core Services
ICF Core Services Fundamental Service Functions and Capabilities
Integrated Natively to ICF and its Operation
Security
Management
and Visibility
Automation
and APIs
Networking
VM
Portability
Switching, routing and other advanced network-based capabilities
VM to VM and App-to-App security controls
VM format conversion and mobility
Private and hybrid cloud monitoring capabilities
VM lifecycle capabilities, automated operations and Programmatic APIs
Cisco Confidential 19 © 2014 Cisco and/or its affiliates. All rights reserved.
Core Services: VM Portability
VM portability is the process or converting an existing image from
the source cloud format to the destination cloud format, and placing it on the destination cloud with its associated policy
Value: VMs can be placed on any cloud independently from the origin cloud and hypervisor flavor, yet conserving the application related policies
Key VM
Portability Functions:
Format
Conversion
Policy
Portability and Control
Driver
(Agent) Application
Instantiation
Cisco Confidential 20 © 2014 Cisco and/or its affiliates. All rights reserved.
Intercloud
Fabric Services
VM is powered up on public cloud and management continues through Intercloud Fabric Director 4
VM Portability: Migration Across Hybrid Cloud
Intercloud Fabric Secure Extender
DC/Private Cloud
Provider Cloud
Intercloud Switch
Cloud Providers
Intercloud Extender
IT Admins End Users
VM
VM VM
Image is converted to public cloud format (e.g., AMI) and migrated to public cloud
3
End user triggers VM migration to cloud 1
VM is shut down and Intercloud Fabric driver added 2
VM Manager Intercloud
Fabric Director
Intercloud Fabric for Business
Cisco Confidential 21 © 2014 Cisco and/or its affiliates. All rights reserved.
ICF VM Image Conversion
Install Driver and
Normalize to Raw
Convert Normalized Image
to Provider Format
Provider Image
Storage
Image
Install Driver
and Keys
Import Source
Image
ISO RAW
VMDK OVA VM
Manager
Convert Raw
Image to
Provider
Format
Converted
Raw
Image
RAW
Upload VM
Image to
Datastore
Private Cloud
Public Cloud
Converted
Image
AMI VDH
VMDK OVA
Uninstall Driver and
Normalize to Private Format
Convert Cloud Image to
RAW Format
Remove
Driver and
Keys
Dow nload
Source Image
ISO RAW
VMDK OVA VM
Manager
Convert
Image to
RAW Format
Converted
Raw
Image
RAW
Download
VM Image
from
Datastore
Downloaded
Image
AMI VDH
VMDK OVA
Provider Image
Storage
Image
Cisco Confidential 22 © 2014 Cisco and/or its affiliates. All rights reserved.
Intercloud Fabric for Business
Intercloud Secure Extender
Intercloud
Fabric Director
DC/Private Cloud
Provider Cloud
Core Services: Network Extension
Enterprise Virtual Switch
Application
VM
Provider Network Switch
Enterprise VM
access port
Tunnel Port
Trunk Port
Enterprise Ports
Outer MAC/
IP/UDP Tunnel L2X
Application
VM
IC Driver
Data
Data
Data
1
2 3
Intercloud Switch
Intercloud Extender
Outer MAC/
IP/UDP Tunnel L2X Data
Cisco Confidential 23 © 2014 Cisco and/or its affiliates. All rights reserved.
Intercloud Fabric Secure Extender
(Secure Network Extension)
DC/Private Cloud
Provider Cloud
Intercloud Switch
Intercloud Extender
Intercloud
Fabric Director
Intercloud Fabric for Business
Core Services: Firewalling/Zoning
IT Admins Intercloud Fabric
Intercloud Fabric
VSG: Protects VMs
in Provider Cloud
Test VM
Test VM
Enterprise VSG: Protects VMs in Private Cloud
Single Security
Policy for Private and
Provider Clouds
Web VM
Cisco Confidential 24 © 2014 Cisco and/or its affiliates. All rights reserved.
Intercloud Fabric for Business
Intercloud
Fabric Director
Enterprise VPN Access to Public cloud VMs
Core Services: Routing Across Hybrid Cloud
Direct access to public
cloud VMs through NAT
Intercloud Fabric Secure Extender
DC/Private Cloud
Provider Cloud
Intercloud Extender
VM VM
VM VM
VLAN App
19.2.168.x.x
Def ault Gateway f or VLAN A &B
VLAN Web
VM VM
VM VM
Prov ider Gateway
10.x..x.x
54.x..x.x
VLAN A Intercloud
Fabric CSR
Inter-VLAN communication
through ICF Routing
VLAN B
192.168.x.x
Remote/ Branch Office
ISR
VPN VPN
Mobile
Worker
Mobile
Worker
Intercloud Switch
Cisco Confidential 25 © 2014 Cisco and/or its affiliates. All rights reserved.
Intercloud Fabric Secure Extender
(Secure Network Extension)
DC/Private Cloud
Provider Cloud
Intercloud Switch
Intercloud Extender
Intercloud
Fabric Director
Intercloud Fabric for Business
Core Services: Establishing Trust
Web VM
IT Admins
IT Admin configures an icfCloud 1
Generate SSH key pair 2
SSH public key passed as part of creating VM along with SSH username
3
SSH public key downloaded as part of VM startup and made as authorized key for SSH user
4
HTTP/HTTPS
Cisco Confidential 26 © 2014 Cisco and/or its affiliates. All rights reserved.
Intercloud Fabric Secure Extender
(Secure Network Extension)
DC/Private Cloud
Provider Cloud
Intercloud Switch
Intercloud Extender
Intercloud
Fabric Director
Intercloud Fabric for Business
Core Services: Establishing Secure Communications
Web VM
IT Admins
Select encryption algorithm and hash for an icfCloud
1
S2S Tunnel Profile: Control Channel PSK
2
S2S and Access Tunnel Profile: Control Channel PSK Data Tunnel Encryption Key Data Tunnel Hash Key
3 Control Channel PSK 4
Encryption algorithm – AES-128-GCM, AES-128-CBC,
AES-256-GCM (Suite B), AES-256-CBC
Hashing algorithm – SHA-1, SHA-256, SHA-384
HTTPS/XML API
SCP
Cisco Confidential 27 © 2014 Cisco and/or its affiliates. All rights reserved.
Cisco Intercloud Fabric Management Options Flexibility to integrate cloud and on-premise infrastructure operations
On-Premise Infrastructure Off-Premise / Cloud
Included
Optional
Intercloud Fabric for Business
UCS Director (On-Premise Converged Infrastructure
Mgmt. & Automation)
Off-premise Hybrid Cloud Infrastructure Management
Prime Services Catalog (Unified application centric consumption for end users)
Cisco & 3rd Party Management Systems (CIAC, custom, etc.)
IaaS
A
pplic
atio
n
Unit of Operations –
VM, VPC, Service Nodes, and Infrastructure policy
End User and IT
Admin portals for IaaS consumption
Unit of operation –
application blueprint/deployment profile
Business policy ,
Governance and Regulatory
compliance
Cisco Confidential 28 © 2014 Cisco and/or its affiliates. All rights reserved.
Cisco Confidential 29 © 2014 Cisco and/or its affiliates. All rights reserved.
Consistency
Security/Networking as an extension of
Private Cloud
Control
Unified workload management across clouds
Choice
Freedom to place workloads across
heterogeneous Clouds
Compliance
Policy-based deployment/governance
in cloud
Cisco Intercloud Fabric Value Proposition: Secure Workload Mobility
DC/Private Cloud Cisco Intercloud Fabric
Fixed Workloads Variable Workloads
Provider Cloud
Thank you.
