App to Cloud: Patrick Kerpan's DataCenter Dynamics Converged Keynote

copyright 2014

Patrick Kerpan, CEO

1

App to Cloud: Doing More With Overlay Networks at the IaaS Level

copyright 2014copyright 2014

Agenda

2

•Company Overview •What Customers Need •Overlay/Underlay •The Promise of Network Virtualization •Application Networks in the “Top of the Cloud” •A New “Network Reality” •Summary & Questions

copyright 2014copyright 2014 3

VNS3 FamilyWho We Are

• Founded by IT and capital markets professionals

• VNS3 launched in 2008 • Hundreds of millions device hours in

public, private, & hybrid clouds • Offices in Chicago, London and Palo

Alto

!

• Network Function Virtualization (NFV) software-only appliance that allows customers to build customized overlay networks, Mgmt System, HA System, Cloud Agents

• Extends existing networks to public, private & hybrid clouds

• Use cases: cloud VPN, cloud WAN, & cloud partner networks

Public Cloud Solution Partner

CohesiveFT


What Customers Need

4


What Customers Need

5


Virtual servers are moving by the millions per year, into public cloud, and applications are moving with them.

6

Millions of Applications

by 2020System Integrators

as a Service businesses

TECH

Geezeo®

ISV as a Service OfferingCloud ERP Cloud

as a Service


Everywhere these cloud applications go, they need connectivity, integration and security.

7

This creates the market for application network services (Layers 3-7) for applications deployed to public cloud.

Connectivity Integration Security

confidential 2014

Just like the existing, large market for connecting, integrating, and securing mobile workers…

…the market for application network services in the public cloud creates a large market opportunity for new entrants.

8

copyright 2014 9

•The transition of spend from IT to LOB has been accelerated by cloud computing.

•$10B+ is spent annually on value-added networking (Layers 3-7) in data centers.

•A significant % of this spend is shifting toward application networking services in Public Cloud, becoming a $1B market by 2017


Your Overlay is my “Underlay”

10


Networking at the top of the cloud

11

Layer 3

!

Layer 2

!

Layer 1

!

Layer 0

Layer 7

Layer 6

Layer 5

Layer 4

Layer 3

Application SDN • Help me run my business in

the cloud NOW • Delivered primarily via

Network Function Virtualization (NFV) appliances

Service-Provider SDN • Optimizes service provider

data center operations • Delivered primarily via

OpenFlow Controllers

Application Layer

Virtual Layer

Limit of user access, control and visibility

Application O

wner

Clo

ud O

wne

r

Hardware Layer

Alcatel


Datacenter as a Service (public cloud) has 2 “buying” centers • The infrastructure

owner / operator • And the application

owner / operator

Traditional HW and Software Defined Datacenter have one buying center • The infrastructure

owner / operator

Layer 3

!

Layer 2

!

Layer 1

!

Layer 7

Layer 6

Layer 5

Layer 4

Layer 3

Software Defined Datacenter

Application Intelligence

Infr

astr

uctu

re In

telli

genc

e

Datacenter as a Service

Traditional HW Datacenter

Limit of user access, control and visibility

Public Cloud is the trendsetter


The Promise of Network Virtualization

13


Level Set - NFV and SDN•Network Function Virtualization (NFV)

- Network independent from hardware runs in virtual layer - Isolation between the virtual network, physical network and control plane - Programmatic networking provisioning and control

•Software Defined Networking (SDN) - Networks that can be configured through an API - OpenFlow (Nicira) pure view is separation of a

control plane from forwarding plane - What is managing the network vs what moves

the packets around the network

14

OpenFlow

SDN

NFV


Nicira’s “declaration of independence” from metal, freed NFV from OpenFlow

+

http://nicira.com/sites/default/files/docs/Nicira%20-%20The%20Seven%20Properties%20of%20Virtualization.pdf

15

http://nicira.com/sites/default/files/docs/Nicira%20-%20The%20Seven%20Properties%20of%20Virtualization.pdf


Independence from network hardware

16

Customer Data Center

NFV

Standard IPsec Tunnel

Firewall / IPsec Device

Data Center Servers

Overlay IP: 172.31.11.xx

Public CloudRegion 1

IP: 192.168.1.xx LAN

Cloud Server Cloud Server

Overlay Network

With VM-based network devices you can use the cloud network as “bulk transport” and are indifferent to all else.


Compatible with any hypervisor platform

NFV does more than “follow” the model of compute virtualization, it exists via compute virtualization.

17


Secure isolation

Isolation takes many forms: from underlying infra, allow my protocols, keep my “chattiness” in, keep others out, etc

Customer Data CenterCustomer Remote Office

NFV

Overlay NetworkSubnet: 172.31.0.0/22

Overlay IP: 172.31.1.1 Overlay IP: 172.31.1.5 Overlay IP: 172.31.1.9 Overlay IP: 172.31.1.13 Overlay IP: 172.31.1.17 Overlay IP: 172.31.1.21Cloud Server A Cloud Server B Cloud Server C Cloud Server D Cloud Server E Cloud Server F

Active IPsec Tunnel Active IPsec Tunnel

Failover IPsec Tunnel192.168.4.0/24 - 172.31.1.0/24192.168.3.0/24 - 172.31.1.0/24

Firewall / IPsec Cisco 5505

Firewall / IPsec Cisco 5585

Data Center ServerData Center Server

LAN IP: 192.168.4.50 LAN IP: 192.168.4.100User Workstation

LAN IP: 192.168.3.100

User Workstation

LAN IP: 192.168.3.50

Chicago, IL USA Remote Subnet: 192.168.3.0/24

London, UK Remote Subnet: 192.168.4.0/24

Public IP: 184.73.174.250 Overlay IP: 172.31.1.250



Peered Peered

US East 1 EMEA APAC

NFV

18


Cloud performance and scale

Where NFV really shines today: create a WAN in minutes, use cloud as points of presence for your business

NFV

User Workstation User Workstation

Data Center Server

19


Application layer networking gives control in the cloud of: • IP Addressing •Protocols •Network Topology •Security !

Use NFV to build Application Networks: •Separate network identity from location •Configure in a mesh for high availability •Overlay network across multiple virtual

environments for infrastructure federation •Rest API or UI Data Center

VNS3 Overlay Network 172.31.0.0/24

VNS3 1

Overlay IP’s: 172.31.1.1 - 172.31.1.10

Cloud Server Instances

Public IP: 54.42.93.145

PeeredVNS3 2

Public IP: 54.42.93.147

VNS3 3

Overlay IP’s: 172.31.1.11 - 172.31.1.20

Cloud Server Instances

Public IP: 15.108.20.50

PeeredVNS3 4

Public IP: 15.108.20.52

Peered

Cloud 1 Cloud 2

Data Center Server

LAN IP: 192.168.4.50Data Center Server

LAN IP: 192.168.4.100

Cisco ASA

IPsec Tunnel

Extend Applications with NFV

20


Application Networking in the “Top of Cloud”

21


Top of Cloud Trends

22

Cloud Databases

• More complex networks (more functionality needed)

Cloud Databases

Cloud Databases Cloud Databases



Failover


EC2 US-East-1EC2 US-East-1 EC2 US-East-1

Top of Cloud Trends

23

Cloud Databases

• More complex networks (more functionality needed)• Larger networks (more devices/more networks)

Cloud Databases




Failover


EC2 US-East-1EC2 US-East-1 EC2 US-East-1

Top of Cloud Trends

24

Cloud Databases

• More complex networks (more functionality needed)• Larger networks (more devices/more networks)• More important network (growing costs)

$ $$ $$$Cloud Databases




Failover


Top of Cloud Use Cases

25

Hybrid Cloud Cloud AD Cloud Migration Cloud WAN Partner/Customer Network

App Modernization Capacity Expansion Cloud DR Cloud Federation

!


26

Secure Hybrid CloudNetwork Subnet 10.1.1.0/24

Customer Data Center - LondonSubnet: 192.168.4.0/24

Customer Remote Office - ChicagoSubnet: 192.168.3.0/24

Client Server Overlay IP: 172.31.1.9




Data Center ServerData Center ServerLAN IP: 192.168.4.50 LAN IP: 192.168.4.100

User WorkstationLAN IP: 192.168.3.100

User WorkstationLAN IP: 192.168.3.50

the internet

Public Cloud - Europe

FirewallFirewall

SwitchSwitch

VNS3 Manager Public IP: 170.225.97.160 Overlay IP: 172.31.1.250

IPsec Tunnel 192.168.4.0/24 - 172.31.1.0/24

IPsec Tunnel 192.168.3.0/24 - 172.31.1.0/24


Federated and Hybrid within the “Big Clouds”

27

VNS3 Manager 2 VNS3 Manager 1 VNS3 Manager 3

VNS3 Manager 4

VNS3 Overlay Network - 192.168.56.0/24

Sinatra App Tier Primary DB Backup DB

Active IPsec Tunnel

Peered

VNS3 Overlay - 172.31.0.0/22

Nginx Server

Peered

Customer Corp OfficeSan Francisco

Private Cloud / Data Center

US East 1 US West EMEA


Federated and Hybrid across the “Small Clouds”

28

VNS3 Manager 2 VNS3 Manager 1 VNS3 Manager 3

VNS3 Manager 4

VNS3 Overlay Network - 192.168.56.0/24

Sinatra App Tier Primary DB Backup DB

Active IPsec Tunnel

Peered

VNS3 Overlay - 172.31.0.0/22

Nginx Server

Peered

Customer Corp Office

Private Cloud

San Francisco


Critical but Transient Infrastructures

29


Application Overlay Networks let customers build their businesses in the cloud - anywhere.

30


A New Network Reality (from cloud application owner’s point of view)

31


The Cloud Application Owner = A New Network Reality

Your complexity is not my problem (separation of concerns)

32



Your overlay is my underlay.

33



Networks (telcos/carriers take note) where there is NOT

customer controlled encryption end-to-end are NOT safe.

They should by no measure qualify as “trusted networks”.

34



No computer can talk to any other server through a “naked” switch, there MUST be an intervening

security and mediation device IN PATH of every network interaction.

35

copyright 2013

•As we converge our infrastructures we need proper “separation of concerns” between “physical networks”, “virtual infrastructure networks” and “application networks”.

•There is a new customer at the “top of the cloud” and that customer is mostly concerned with their application and their business.

•Network Function Virtualization (NFV) devices and techniques help align the interests and capabilities of the “top of cloud” customer and the underlying infrastructure providers.

Summary

36


Questions?•Body Level One • Body Level Two

• Body Level Three • Body Level Four

• Body Level Five

!

CohesiveFT [email protected] 888.444.3962

!

37

Patrick Kerpan CEO @pjktech

Technology

App to Cloud: Patrick Kerpan's DataCenter Dynamics Converged Keynote