Project Cirrus for SPs -- Strategy and Overvie · CCIE Data Center / Service Provider / Security...

© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 1 Cisco Confidential © 2013 Cisco and/or its affiliates. All rights reserved. 1

思科混合云安全解决方案－Intercloud引领云计算新时代

Presented by:

Tim Xu, Partner System Engineer

Jun 2014

© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 2

Full bleed image placeholder

2000.10

2001.6

2002.6

2004.10

2008.11

2011.3

2013.11

2009.10

4 Years 2.5 Years 2.5 Years 2.5 Years 1 Years


• 思科中国20年，CCIE认证20年，追逐思科认证13年，个人CCIE

10年

• 自见到第一个准CCIE之日起，立志25岁前成为CCIE

• 时间轴，知识更新的频率平均3年左右

• 6次考场：2次东方广场、3次银泰、1次日本

• 成本约10万RMB（含考试费、资料、Rack、差旅费等），全自

学，没有参加过培训

• 考官（Vincent、Frank、Andy Wu、James)


• 个中辛酸（设备、刷座位、找资料、Money、精力）

R&S兰大校园

2次R&S飞机到北京、火车无座回

SP小女出生

DC攒设备找资料等记忆犹新

• CCIE SunHui

• 兰州－>北京，地区SI－>全国SI－>Cisco－>Global SEVT 今生不再考CCIE Lab，下一个10年计划ing


• 目标是学习知识

• 所学、所做、行业发展趋势，尽可能balance

• 尽可能自学，多练习，尽可能拒绝paper、以最少的代价实现学习的目的

• 技术不是全部，人脉也很重要，考试的同时结交些志同道合的朋友，人际7法则，

CCIE 3法则，7次过R&S的台湾兄弟，神交已久，刚加入思科的XuHao

• 要想走得快，一个人走，要想走得远，一群人走

• 学习技术，系统地学习技术，而不是功利：加薪&升职，至少和CCIE没有直接关系，

找工作有用只要坚持，付出总会有回报！！！


CCIE是把杀猪刀，且考且珍惜！！！

© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 8 Cisco Confidential 8 © 2013 Cisco and/or its affiliates. All rights reserved.

Cloud Monetization with Hybrid Services

Cisco Confidential

许玉善 Tim Xu

思科合作伙伴事业部工程师

CCIE Data Center / Service Provider / Security / R&S

[email protected] WeiChat:41251035

mailto:[email protected]


• Launch at Cisco Live in Milan on January 28th, 2014

• GA at the end of Q2 CY2014

• GTM plans being developed

• Cisco Powered Program

• Monetizaiton approach

• RTM

• Channel program

• Technology partners

• System integrators

• Sales compensation being developed

• Will be part of the Cloud compensation program


Global Intercloud (with a small “c”) – a global network of clouds built

with partners that represents the next phase in cloud computing; it will be

a platform for the "Internet of Everything"

Cisco Cloud Services – the set of specific cloud services, consisting of

Cisco Unique IP and Partner IP, that Cisco will deliver with and through

partners, including PaaS/IaaS, Collaboration as a Service, Virtualized

Managed Services, Remote Management Services, etc.

Cisco InterCloud (with a capital “C”) – Cisco's hybrid cloud strategy

and solution announced in January 2014 at Cisco Live! Milan; it consists

of the InterCloud Fabric and the InterCloud Provider Enablement Platform


DC or Private

Fixed workloads

Control and compliance

Hybrid

Choice of to build & rent

across providers

Workload portability

Consistent security

Public

Elastic workloads

Quick ramp

WORKLOAD TYPE

?


Siloed Infrastructure Loss of Security Slow and Complex

Unsecure Connection

Limited Workload Protection

Require app re-configuration

Slow and manual process of discovering enterprise application dependencies

No Visibility or Control

Inconsistent cloud architectures

Fragmented solutions solving networking, security, application and management challenges

Different Management Tools


Dev/Test Disaster Recovery* Shadow IT

Dev/Test Application across vDC, private and

virtual private cloud

DR as a service in a multi-tenant virtual private cloud or public cloud for

Enterprises to reduce DR complexity and cost

Capacity Augmentation

Production

Dev/Test

Bursting from vDC, private cloud to virtual private or

public cloud for peak workloads

Workload migration

Application On-boarding

Common Peak Workloads

Providing rapid access to hybrid cloud capacity

IT in control of what and where their applications

can be deployed

WAN

Private

Cloud

VPC/Publi

c Cloud

What is the most important use case for Hybrid Cloud?

• Automated on-demand capacity (cloud bursting): 47%

• Split application architectures: 22%

• Disaster recovery: 22%

• Backup and archive: 5%

• Data center migration: 4%


Public Cloud

Private Cloud

InterCloud Director

Cisco

Powered

InterCloud Provider Enablement

Platform (Optional)

Secure Network Extension

Workload Mobility

End User and IT Admin Portal

Workload and Fabric Management Cloud APIs

VM VM

快速高效访问业务

无感知一致的管理运维策略

安全


Public Cloud

Private Cloud

VM

InterCloud

Director

InterCloud

Switch

InterCloud Provider

Enablement

Platform VM Manager

Cloud Providers

IT Admins End Users

VM VM

InterCloud

Extender

VM

InterCloud Secure Fabric

InterCloud Services


Public

Cloud

VM

InterCloud

Switch

InterCloud

Extender

InterCloud Services

VM

InterCloud Secure Fabric

Secure Layer 2 Extension to Cloud

Extend VLAN/VXLAN with TLS Tunnel

Network & Security Services

Inter-VM firewalling and routing

Flexible Application Reachability

Enterprise IP Address or

Public IP Address


Private

Cloud

VM

Manager

IT Admins End Users

VM VM

Self-service

End User Portal

Choice of workload

placement

IT as Cloud Broker

Admin Portal

Policy based Cloud Management

API

InterCloud

Director

Open

Open API for integration with

other cloud management

platforms


Cloud API

Interface with InterCloud

Controller and Fabric South Bound API

API Translation Logic

vCenter

Adapter

vCloud

Adapter

Others CloudStack

Adapter

Open API

Rapid Deployment

Enable Cloud Provider to Quickly

Offer Hybrid Cloud Services

Provider Enablement

Platform

Open API

For Integration with Cloud

Provider Infrastructure

Flexible

Abstraction over Cloud Provider

Infrastructure


Cloud Provider InterCloud

Provider

Enablement

Platform

Customer vDC or Private Cloud Provider Clouds

Hyper-V

based Cloud

vSphere based

Cloud (w or w/o

vCD/vCAC)

OpenStack/KVM

based Cloud

GUI APIs

InterCloud

Director

InterCloud

Secure Fabric

InterCloud

EC2

APIs

Azure

APIs

CloudStack

based Cloud


• VSM (Virtual Supervisor Module) : Manages Standard VEMs (Nexus 1000v Virtual

Ethernet Modules, per Nexus 1000v Architecture) • InterCloud Switch (ICS) – Deployed as a VEM in Public Cloud • InterCloud Extender (ICX) – Deployed as a VEM in Private Cloud • InterCloud Link (ICL) – Extends (Tunnel) the L2 domain across clouds • cVSM (Cloud VSM) – Manages ICS, ICX and ICL creations • VM Manager – Manages VM lifecycle at Private Cloud • Public Provider – Manages VM lifecycle at Public Cloud Prime Network Services Controller: The Overlay Orchestrator of the InterCloud Solution


Enterprise Datacenter Prime Network Services

Controller

VM VM

VM

Manager

VSM

VEM

Enterprise Virtual Distributed Switch

Cloud

Datacenter

I

n

t

e

r

n

e

t Cloud VMs

ICS

cVSM

ICX

Cloud API

Interface

Secure Tunnel

(L2 trunk over DTLS)

ICL

Migrate …


Enterprise Datacenter Prime Network

Services Controller

VM VM

VM Manager

VSM

VEM

Cloud

Datacenter1

I

n

t

e

r

n

e

t

Cloud VMs

ICS1

cVSM

ICX

Cloud API

Interface

ICL1

Choose where to migrate

Cloud

Datacenter2

Cloud VMs

ICS2

Cloud API

Interface

ICL2


• AWS, (Azure, Terremark are targeted)

• AWS now , Azure in 3.2.1 (Feb) , Terramark next..

• Cisco Nexus1000v ICS is agnostic to the cloud

• Nexus 1000v is not mandatory on private side

• ICS interface directly with the VM (an overlay)

• Prime Network Services Controller interacts with provider’s API

• Prime Network Services Controller tracks the VM interconnect status

• Full lifecycle management of InterCloud secure links


High-level Architecture

InterCloud

Provider

Enablemen

t Platform

Scripts

Openstack

vC/ vCD, SCVMM

Virtual Private Cloud

VM

1

VSG

VM

2

CSR

Customer vDC or Cloud Provider Cloud

InterCloud

Extender (ICX)

InterCloud

Director

(End-User and

Admin Portal)

InterCloud

Switch(ICS)

Cisco Cloud API

InterCloud Secure Fabric – L2/L3, L4-L7

InterCloud

Director

InterCloud


Conceptual perspective

Customer Proprietary + Custom = Sticky Proprietary Open

Cisco InterCloud


Conceptual perspective

Customer Proprietary + Custom = Sticky Proprietary Open

No vendor lock-in

Any Hypervisor to any Provider

Heterogeneous infrastructure

Cisco InterCloud

End to end Security

Unified workload Management

Workload Mobility and Placement

across a world of Clouds

Consistent Policy enforcement & Governance

… Our Partners


Cloud Provider

Enterprise Managed Provider Managed

S

w

it

c

hi

n

g

R

o

ut

in

g

S

e

c

ur

it

y

a

n

d

L

4-

7

S

er

vi

c

e

s

Nexus

1000V CSR

1000V

N

e

t

w

o

r

k

C

o

m

p

ut

e

S

t

o

r

a

g

e

K

V

M

H

y

p

er

-

V

v

S

p

h

er

e

IFC PNSC

Infra

Provisioning

APIs G

U

I

A

P

I

s

InterCl

oud

Direct

or

N

ex

us

10

00

v

Int

er

Cl

ou

d

UCS

Director

Enterprise Data Center/ Private Cloud

InterCloud Business

Edition

InterCloud

Provider

Enablement

Platform

Enterprise procures and deploys software on-premise

Choice of InterCloud enabled provider clouds

No extra provider charge for InterCloud

S

w

i

t

c

h

i

n

g

R

o

u

t

i

n

g

S

e

c

u

r

i

t

y

a

n

d

L

4

-

7

S

e

r

v

i

c

e

s

Nexus

1000V CSR

1000V

N

e

t

w

o

r

k

C

o

m

p

u

t

e

S

t

o

r

a

g

e

K

V

M

H

y

p

e

r

-

V

v

S

p

h

e

r

e

IFC PNSC

I

n

f

r

a

P

r

o

v

i

s

i

o

n

i

n

g

A

P

I

s

G

U

I

A

P

I

s I

n

t

e

r

C

l

o

u

d

D

i

r

e

c

t

o

r

N

e

x

u

s

1

0

0

0

v

I

n

t

e

r

C

l

o

u

d

UCS

Director

Enterprise A—Data Center/Private Cloud

S

w

i

t

c

h

i

n

g

R

o

u

t

i

n

g

S

e

c

u

r

i

t

y

a

n

d

L

4

-

7

S

e

r

v

i

c

e

s

Nexus

1000V CSR

1000V

N

e

t

w

o

r

k

C

o

m

p

u

t

e

S

t

o

r

a

g

e

K

V

M

H

y

p

e

r

-

V

v

S

p

h

e

r

e

IFC PNSC

I

n

f

r

a

P

r

o

v

i

s

i

o

n

i

n

g

A

P

I

s

G

U

I

A

P

I

s I

n

t

e

r

C

l

o

u

d

D

i

r

e

c

t

o

r

N

e

x

u

s

1

0

0

0

v

I

n

t

e

r

C

l

o

u

d

UCS

Director

Enterprise B—Data Center/Private Cloud

S

w

i

t

c

h

i

n

g

R

o

u

t

i

n

g

S

e

c

u

r

i

t

y

a

n

d

L

4

-

7

S

e

r

v

i

c

e

s

Nexus

1000V CSR

1000V

N

e

t

w

o

r

k

C

o

m

p

u

t

e

S

t

o

r

a

g

e

K

V

M

H

y

p

e

r

-

V

v

S

p

h

e

r

e

IFC PNSC

I

n

f

r

a

P

r

o

v

i

s

i

o

n

i

n

g

A

P

I

s

G

U

I

A

P

I

s I

n

t

e

r

C

l

o

u

d

D

i

r

e

c

t

o

r

N

e

x

u

s

1

0

0

0

v

I

n

t

e

r

C

l

o

u

d

UCS

Director

Enterprise B—Data Center/Private Cloud

InterCloud Provider

Edition

Provider procures and deploys software at enterprise

Enterprise controls workload placement

Enterprise pays provider for InterCloud service

Cloud Provider

B

Cloud Provider

A

Shared or Dedicated

Clouds


• Cirrus extends and secures L2 VLANs into public clouds

• CSR provides access into the secure Cirrus networks

• VPN for branch and remote users

• Inbound and outbound direct access for cloud applications

• Routing and services within Kumo networks

Enterprise DC

Nexus

HW Switches

Physical Services

Virtual Services

ASR 1K/9K

vPath

Cloud Manager

UCS/Servers

vPath Kumo cVEM vPath

Nexus

1000V

VM VM VM

VM VM CSR

1000V

VM

VM Outside

Kumo Network

Remote/Branch Office

ISR Mobile

Worker

VPN VPN

Outside access to

apps inside Kumo

network


Flexibility and choice to customer Multi-Cloud Multi-Hytpervisor


Thank you.

Project Cirrus for SPs -- Strategy and Overvie · CCIE Data Center / Service Provider / Security...

Documents

Transcript of Project Cirrus for SPs -- Strategy and Overvie · CCIE Data Center / Service Provider / Security...