Consuming the Multicloud · Accelerating Innovation “56% of cloud adopters use cloud services to enable innovation, 50% to improve business agility” “Microservices Momentum

Consuming the MulticloudHelps you deploy, monitor, and optimize applications in multicloudand container environments

KwaiSeng Lai

DC Technical Solution Architect, Cisco Systems, APJ

Accelerating Innovation

“56% of cloud adopters use cloud services to enable innovation,

50% to improve business agility”

“MicroservicesMomentum Accelerates”

“Digital disruption drives CIOs to double down on innovation”

“The more programmers on a company’s platform, the more

software applications are created, attracting customers and still

more developers — a flywheel of growth and profit.”

“Large enterprises increasingly embrace open-source software to attract developers and keep

up with digital-native competitors.”

3

The reality is anything but simple

Multiple public cloud services

New data protection regulations

Private data centers still

crucial

SaaS adoption rising

IoT exploding

4

Google trends

Docker

OpenStack

5 years

LTRACI-2967 5

Google trends

5 years

Kubernetes

OpenStackLTRACI-2967 6

Google trends

5 years

Kubernetes

vsphereLTRACI-2967 7

2013

Dev Prod

Dev Ops

I need a resources for a new project Please submit a

help desk ticket

Never mind…

Test

2019

Dev Ops

I need a resourcesfor a new project

Never mind…

Kubernetes Anywhere

Please submit ahelp desk ticket

Dev ProdTest

• Focused on Developer

• Creates a mechanism for developers to operationalize what they work on (DevOps)

On Premises

Blood and Sweat

Cloud

11

Cisco IT: A Spectrum of Workloads

Virtual VM

2500 Business apps & 500 SaaS In Use

90 SaaS assets (revenue gathering)50 engineering apps(for 40k developers)

Multi Cloud Operating Model

On Prem Public

Baremetal UCS x86

Private Cloud Public CloudsBRKCLD-1823

Growth Enablement

Cisco IT Cloud Evolution

GLOBAL DATA CENTER STRATEGY

Capacity(Optimize & Extend)

Software-Defined Intelligence

Speed

App/Data Transformation

MULTICLOUD STRATEGY

2007-2015 Today & Future

TRANSFORMATION

Capacity (Build)

Resiliency

Service Transformation

UI/Manual API Driven

Past Future

Operating Model

Traditional Cloud

Provisioning UI API

Architecture Integrated Cloud Native

Driven by Limited Automation

Software Defined Everything

Resiliency App Level Cloud Native

Security Enforced Pervasive

Customer Base

Mostly IT All

VISION

Cisco Connect 2019 Malaysia, Kuala Lumpur . 18 April 2019

How did we get there?

Web Frontend

App

Backend

DB

Traffic patterns to

monitor

Web Server

Auth

Cart Payment

Search Recommendations

Other Service

Traffic patterns to monitor

Server1

Server2

Server3

Server5

Server4

Data Center 1 Data Center 2 Public Cloud

Operating the Death Star

14

BRKCLD-1003


Microservices: what do I need?

Security

Automation

Visibility


Problems to solve

• Diverse traffic patterns with no context

• Network and Security teams have limited to no visibility into container workloads

• Segmentation and security internal to the cluster can only be done by cluster administrators.

• Missing tools to troubleshoot network issues


Segmentation

• Secure K8s infrastructure:

• network isolation for infrastructure related objects

• Network isolation between namespaces

• Controlling access between Kubernetes services and external services

PODPOD

POD

Frontend-EPG

PODPOD

POD

API-Gateway-EPG

Policy

PODPOD

POD

Backend-EPG

PODPOD

POD

Monitoring-EPG

Policy

Policy Policy


Communications outside of the Cluster

• Non-Cluster endpoints communicating with Cluster:

• Exposing external services, how? NodePort? LoadBalancer?

• Scaling-out ingress controllers, how can you scale?

• Cluster endpoints communicating with non-cluster endpoints:

• POD access to external services and endpoints

Policy

PODPOD

POD

Frontend-EPG

PODPOD

POD

API-Gateway-EPG

Policy

PODPOD

POD

Backend-EPG

PODPOD

POD

Monitoring-EPG

Policy

Policy Policy


Storage Access from Nodes

• Applications running in Kubernetes Pods that need high-bandwidth, low-latency traffic to data external to the cluster suffer the bottleneck imposed by the egress router implementation. i.e. centralized storage from node or PODs:

• iSCSI, NFS, GlusterFS, CEPH, etc.

• HyperFlex


Operations

• Skills gap between network and Kubernetes admins

• Visibility and governance of network policies

• Simplified Network Operations

Developer Network AdministratorInfosec

Demo:Container Visibility with ACI

In this live demo:

• Control Plane view

➢ K8S node mapping

➢ K8S objects mapping

• Data Plane view

➢ EPG mapping

➢ Namespace annotation

Visibility


ACI makes containers visibile and manageable!

• Seamless experience to Kubernetes users

• Network admins have visibility at control plane and data plane level

• Network admin can create consistent policies encompassing baremetal, virtual machine and container domains

• Flexible EPG mapping model, can enable enforcement by annotating deployments

Everybody is happy, everything is green! ☺


Problems to solve

• Resources used are out of control

• Misuse of public cloud resources

• Where are my corporate policies?

Demo:CCPTenant Cluster Creation

AutomationVisibility


Silence LB SVC

SilenceAPI Server

K8S Deployment

Foo

lC

lust

er-

IP S

VC

Jungle LB SVC

JungleWeb Frontend

K8S Deployment

StairwayTraffic/Incidents

K8S Deployment

RainbowMusic Events

K8S Deployment

FoolWeather Service

K8S Deployment

Rai

nb

ow

C

lust

er-

IP S

VC

Stai

rway

Clu

ste

r-IP

SV

C

Tarantula Architecture


Cisco CI/CD for Containers

Tenant AlphaL4/L7 SG

User commit1 Jenkins detectsit and

downloads code

2

Jenkins buildscontainer images

and uploads to registry

3Jenkins requestsCCC to deploythe App

4

CCC gets the images and deploys to K8S

5

Services are created in K8S and ACI

6That’s it7

Demo:CI/CD

• CI/CD workflow demo

• Container services in CloudCenter

• CloudCenter Application Profile

Automation


Wait! Why CloudCenter when I can use K8S directly?

• Governance!

• Mixed apps (VM/Containers)

• Multi/hybrid cloud with single profile modeling(Model once, deploy everywhere)• This includes multiple k8s clusters (technically

different Clouds/Regions)


Multiple Clouds – Multiple Interfaces

DEVNET-1139


Multiple Clouds – With CloudCenter

DEVNET-1139


Problem solved!

• Easy way to create managed, monitored and scalable Kubernetes clusters with CCP

• Support CI/CD chain with:

• Governance

• Multi-tenancy

• Cost control

• Agnostic application modeling

Back in control ☺


The Multicloud Consume so far…

Reliable and flexible infrastructures

Analytics and Monitoring

Uptime

Scale

Prevent

React

CI/CD Infrastructure and tools

Agility

Governance


Security problems to solve

• Core business apps run in vulnerable infrastructures

• Lack of granular, intent-based security policies

Address the security issues withTetration

• Assess VM/Kubernetes node vulnerability

• Create and monitor flexible policies based on Kubernetes annotations

VisibilitySecurity

Address the performance issuewith AppD

• AppD machine agent

• Server monitor

• App Helicopter view

• App Drill down and waterfall

Visibility


App security and performance monitor

• Assessed infrastructure vulnerability

• Implemented filters to create flexible, extremely granular policies based on arbitrary tags

• Assess performance from an application and infrastructure point of view

• Drilled down and analyzed each single step of the applicatione2e experience

Continue in Monitoring & Protecting the Workload Session!

Let’s sum it up


Tetration

AppDynamics

CloudCenter

The integrated story

K8S Master

K8S Workers

Tenant Cluster AlphaCCP Control Plane

Tenant Alpha


Microservices: what we offer

Security

Automation

We cover the full stack!

Visibility

CCP CloudCenter

TetrationAppD

Tetration

ACI CCP

Documents

Consuming the Multicloud · Accelerating Innovation “56% of cloud adopters use cloud services to enable innovation, 50% to improve business agility” “Microservices Momentum