Upload
cisco-public-sector
View
261
Download
0
Embed Size (px)
Citation preview
Cisco Confidential 1© 2013-2014 Cisco and/or its affiliates. All rights reserved.
Cisco ACI Nexus 9000Igino ([email protected])@just_iginoProduct Manager, Cisco INSBU
Executive Briefing
“UCS was a game changer for Cisco. ACI is a game changer for the industry.”
– Large Network Television
Company
Cisco Confidential 3© 2013-2014 Cisco and/or its affiliates. All rights reserved.
ACI & Nexus 9000 - Industry Adoption
6,000+
50+1400+Nexus 9K and ACI
Customers GloballyEcosystem PartnersACI Customers
150+ACI Customers in Production
Cisco Confidential 5© 2013-2014 Cisco and/or its affiliates. All rights reserved.
Applications Are Changing
78%Network is even more critical to delivering applications than a year ago*
Type Big data, distributed, mobile
Consumption
Cloud – public, private, hybrid
Delivery Any where, any time, any device
* Cisco Global IT Impact Survey
Cisco Confidential 6© 2013-2014 Cisco and/or its affiliates. All rights reserved.
5
YEARS
2.5 YEAR
SFaster SERVER Refresh Cycle
2-3 YRS
NETWORK refresh cycle of 5 yrs. should
cover two server refresh cycles
Intel Haswell(2 Sockets x 12 Cores)*2
10G LOM/FlexLoM Shipping *4
New Server Platforms Enabling
Higher I/0 Throughput
Big DataIncreasing East-
West Traffic
DATA CENTER IP TRAFFIC GROWTH
25% CAGR (2012-2017)*3
*1 IDC Worldwide Virtual Machine 2013-2017 Forecast *3 Cisco Global Cloud Index: Forecast (2012-2017)
HYPERVISOR
VM VM VM VM VMVM
Virtual Machine Density Driving I/0
Performance
24 VMs/ Server*1
Data Market Trends
Cisco Confidential 7© 2013-2014 Cisco and/or its affiliates. All rights reserved.
Remove complexity from DC networks
1st gen SDN solutions tried to meet new technical challenges
Why SDN? Why Now?
Cisco Confidential 8© 2013-2014 Cisco and/or its affiliates. All rights reserved.
APPLICATION LANGUAGE
?
NETWORK LANGUAGE
• VLAN• IP Address• Subnets• Firewalls • Quality of Service • Load Balancer• Access Lists
• Application Tier Policy and Dependencies
• Security Requirements• Service Level Agreement• Application Performance• Compliance• Geo Dependencies• Tenants
Application vs. Network
Cisco Confidential 9© 2013-2014 Cisco and/or its affiliates. All rights reserved.
Automation & Programmability
Centralized Provisioning & Visibility
Simplification/ Abstraction
App Agility
Deliver New Revenue Streams More Quickly
Lower OpEx
Minimize Risk
Reduce CapEx
APIC
Cisco Confidential 10© 2013-2014 Cisco and/or its affiliates. All rights reserved.
SIM CardIdentity for a Phone
Service ProfileIdentity for a Server
UCS Service ProfileUnified Device Management
Network Policy
Storage Policy
Server Policy
Application ProfileIdentity for the Network
Cisco Confidential 11© 2013-2014 Cisco and/or its affiliates. All rights reserved.
WAN
Firewall
LB to Group 2
Connect to EPG 3
Connect to Group 2
High Priority
Group Policy ModelTopology /
Service Graph
GROUP 1 GROUP 2 GROUP 3
PRODUCTION POD DMZ
SHARED SERVICES
1 Profile
VLAN 1 VXLAN 2
VLAN 3
100s of Profiles DEV TEST
PROD
10s of Profiles
WEB APP
DB
1000s of Profiles
Cisco Confidential 12© 2013-2014 Cisco and/or its affiliates. All rights reserved.
TENANT APPLICATION
Operations Support
Cisco Confidential 13© 2013-2014 Cisco and/or its affiliates. All rights reserved.
EXISTING 3-TIER DESIGNS
PROGRAMMABLE SDN OVERLAY MODEL
APPLICATION PROFILES & POLICIES
VXLAN Bridging & Routing Application Centric Infrastructure
Existing 2-Tier & 3-Tier Designs
DC PODs
DC Core
Open API: Programmability
Modernized Operating System
Nexus OS
Integrated Network Virtualization
OpenFlow Support
No VM Tax: Any Hypervisor
Physical & Virtual
Open API’s & Controller
APIC
Cisco Confidential 16© 2013-2014 Cisco and/or its affiliates. All rights reserved.
AutomateCompliance, Centralized
Audit
VM VM VMVM VM
Visibility, Analytics, Forensics
Policies Track Workloads
Lifecycle Management
Security Expressed in Application Language
Distributed Security Across Physical and VirtualCentrally Managed & Fully Automated
Advanced Security At Scale
Cisco Confidential 17© 2013-2014 Cisco and/or its affiliates. All rights reserved.
DBAPPADCWEBF/W
ADC
ESX
MGMT VMOTION
BareMetal
LinuxContainer
ACI Integrated Security - Open, Flexible, Policy Driven
Consistent Audit, Logging, & Visibility – FIPS / CC / PCI / RBAC
ACI Policy Model – Security & Micro-Segmentation
Cisco Confidential 21© 2013-2014 Cisco and/or its affiliates. All rights reserved.
200 PORTS SCALING
TO
100K+PORTS
64K TENANTS
57640G PORTS WIRE-RATE (PER SPINE)
1M IPV4 / IPV6
END POINTS
60 TBPS CAPACITY
(PER SPINE)
8K MULTICAST
GROUPS (PER LEAF)
BUILT FOR THE GROWING COMMERCIAL ENTERPRISE TO THE LARGEST SERVICE PROVIDERS
Cisco Confidential 22© 2013-2014 Cisco and/or its affiliates. All rights reserved.
ACI & 9K Momentum is Growing: Public References“It’s critical that we are able to deliver hundreds of thousands of transactions per second, so latency and 40G throughput is a number one concern. After evaluating numerous vendor solutions, Cisco's Nexus 9000 switching platform provided us with the best performance to support our evolving data centers, while protecting existing IT investments."Bob Hammond, CTO, Millennial Media
“Symantec is an early adopter of Cisco's ACI, leveraging the technology within our own Agile Data Center. Cisco ACI brings the scalability and efficiency we need while enabling us to truly bring next generation networking capabilities to our customers.”Jon Sanchez, Director of Data Center Services, Symantec
Cisco Confidential 23© 2013-2014 Cisco and/or its affiliates. All rights reserved. 23
Delivering on Its Strategic Vision: 441% ROIWith Next-Generation, Secure Data Center Powered by Cisco ACI
5-Year Cumulative Benefits
IN BUSINESS BENEFITS
$145M
PAYBACK11MTH
FASTER APPLICATIONDEV. CYCLE
87%MORE EFFICIENT NETWORK OPS
83%IMPROVEMENT IN
BANDWIDTH
40X
“We did the planning, design and execution for this whole software-defined, ACI approach in four and a half months. That kind of speed is unheard of when
implementing a leapfrogging technology.” ~ Sheila Jordan, CIO, Symantec
Cisco Confidential 24© 2013-2014 Cisco and/or its affiliates. All rights reserved.
Sungard Availability Services provides cloud computing, disaster recovery as a service and managed hosting service globally.A multi-tenant cloud solution utilizing ACI open API (CloudStack); integrated tenant security and segmentation; ACI Fabric deployed at 7 sites.Start to finish time: 2 weeks
Key services Sungard will deliver via ACI:• New global public cloud service• Disaster recovery as a service• SAP as a service
Key challenges customer solved with ACI
- Fully-automated deployment- Infrastructure scalability- Power Efficiency (Cooling huge cost)- Mobility- Huge Capex saving- Operations Simplicity
Cisco Confidential 25© 2013-2014 Cisco and/or its affiliates. All rights reserved.
Key challenges customer solved with ACI
- Infrastructure scalability- Power Efficiency (Cooling huge cost)- Mobility- Multi-hypervisor support by design- Huge Capex saving- Operations Simplicity
Du is a leading Integrated Telecommunication Service Provider in UAE and the fastest growing in Middle East region.15+ data center consolidation to 2 new green field data centers designed to host new cloud services using Cisco Nexus 9000 switches and a multi-tenant ACI Fabric deployment. Key services Du will deliver via ACI:• Pay TV packages to commercial &
residential customers• Corporate IT• Hosted messaging & collaboration
solution• Voice & video services• Telecom / mobile & data services
Cisco Confidential 26© 2013-2014 Cisco and/or its affiliates. All rights reserved.
Key challenges customer solved with Nexus 9000:
- Infrastructure scalability- Future Proofing for SDN - Sustain changing needs for 7-10 years- Leveraging 10G Fiber infra for 40G core- Power Efficiency (Cooling huge cost)
Major school district in USA with over 23,000 students. The campuses are located in rural areas often separated by farming.School district wanted to paperless with their project named “Going Digital” where they decided they would give all 23,000 students wireless MSFT Surfaces. Leveraging Nexus 9000 for 10G aggregation and 40G in the core. Future proofing for SDN and changing network needs over the next 7-10 years. Key services school district will deliver with Nexus 9000 and Cisco offerings:• All Digital access to school programs
via MSFT Surface tablets• Network for physical Security cameras
and building control systems • Strong security with ICE• Centralized Unified Communications
services in a highly available environment
Cisco Confidential 27© 2013-2014 Cisco and/or its affiliates. All rights reserved.
ACI: Business Outcome and Benefits for Cisco IT
Reduce Network
Provisioning
58%Reduce
Management Costs
21%Reduce Power and Cooling
Costs
45%CAPEX
Reduction
25%Compute and
Storage Optimization
10–20%
GreaterBusiness Agility
Lower Capital
Expenses
Reduced Costs/
Complexity
Lower Operating
CostResource
Optimization
Cisco Confidential 28© 2013-2014 Cisco and/or its affiliates. All rights reserved.
Thank you.
Cisco Confidential 29© 2013-2014 Cisco and/or its affiliates. All rights reserved.
Attributes Based Intra-EPG BasedEPG Based
Cisco ACI Delivers Flexible, Granular, Consistent Microsegmentation
Attributes Based Micro-segmentation VMware VDS, Microsoft Hyper-V, KVM*, Cisco AVS, Physical
ACI Benefits
PROD POD DMZ
SHARED SERVICES
Basic DC Segmentation
DEV
TEST
PROD
Application Lifecycle Segmentation
WEB
APP
DB
Service Level Segmentation
Network-Centric Segmentation
VLAN 1 VXLAN 2
VLAN 3
VM
VM
VM
VM
FW
OS ‘Linux’
IP ‘1.1.1.1’
FW
Name ‘Video’
Intra-EPG Isolation
All Workloads Can Communicate
Application Tier Policy Group
VM VM
Isolate Workloads within Application Tier
Application Tier Policy Group
VM VMVMVM
Quarantine Compromised Workloads
Isolate
VMware VDS
Microsoft Hyper-V KVM* Cisco AVS
Policy Driven Micro-segmentation for Any WorkloadPhysical
*Future