Virtualized Multiservice Data Center with Virtualized Services Cisco and/or its affiliates. All rights reserved.

29 

Loading....

Loading....

Loading....

Loading....

Loading....

Full text

(1)

© 2013 Cisco and/or its affiliates. All rights reserved.

Virtualized Multiservice Data Center

with Virtualized Services

(2)

Register and view recordings/presentations here:

www.cisco.com/go/1000vcommunity

Date/Time

Topic

Thur, Feb 21st at 0900 PST

Cisco Open Network Environment (Cisco ONE) – Next Phase of Network Programmability

and SDN

Thur, Feb 28th at 0900 PST Cisco One Platform Kit (onePK): Technical Deep Dive and key use cases

Wed, Mar 6th at 0900 PST Nexus 1000V for Hyper-V with Microsoft SCVMM integration

Wed, Mar 13th at 0900 PST Cisco ONE Controller: Technical Deep Dive and key use cases

Wed, Mar 20th at 0900 PST

5000 Seat VDI Reference Architecture: Cisco UCS & Nexus 1000V, Citrix XenDesktop, and

EMC VNX

Wed, Mar 27th at 0900 PST Nexus 1000V v2.2 for vSphere: More scale, Multicast-less VXLAN, and VXLAN Gateway

Wed, April 3rd at 0900 PST Cloud Services Router (CSR 1000V) - technical deep dive and key use cases

Wed, April 10th at 0900 PST Cloud Security with ASA 1000V and Virtual Security Gateway v2.1 (VSG)

Wed, April 17th at 0900 PST Secure Hybrid Cloud solution with Nexus 1000V InterCloud & VNMC InterCloud

Wed, April 24th at 0900 PST

Nexus 1100 Series Cloud Services Platform: new services & ecosystem including

VXLAN-to-VLAN GW and Imperva's SecureSphere WAF

Wed, May 1st at 0900 PST Cloud Networking Services: vWAAS and vNAM

Wed, May 8th at 0900 PST Virtualized Multiservice Data Center (VMDC) with Virtualized Services

Wed, May 15th at 0900 PST Nexus 1000V for KVM (with OpenStack and VXLAN)

(3)

31%

CAGR 2011–2016

Global Data Center Traffic Growth

Data Center Traffic Nearly Quadruples from 2011 to 2016

0.0

1.0

2.0

3.0

4.0

5.0

6.0

7.0

Zett

aby

te

s

/

Y

ea

r

6.6 ZB

1.8 ZB

2.6 ZB

3.3 ZB

4.1 ZB

5.2 ZB

(4)

0

20

40

60

80

100

120

140

160

180

200

2011

2012

2013

2014

2015

2016

Instal

led

W

orkloads

i

n

Mi

ll

ions

Cloud Data Center

Traditional Data Center

Workload Shift: Cloud vs. Traditional

Nearly Two-thirds of all Workloads Will Be Cloud-based by 2016

62%

38%

30%

70%

52%

48%

20%

CAGR 2011–2016

(5)

Within

Data Center

76%

Data Center-

to-Data

Center

7%

Data Center-

to-User

17%

Global Data Center Traffic by Destination

Most Data Center Traffic Consistently Stays Within the Data Center

Web, email,

internal VoD,

WebEx, et al.

Storage, production

and development

data, authentication

A

B

Within Data Center (76%)

C

Replication,

inter-database

links

Data Center-to- Data Center (7%)

(6)

Cisco’s Cloud Strategy

Enable cloud services

including

people-centric collaboration

and other applications

Rich Ecosystem

of

Integrated

Solutions

Enable customers

to deploy tested,

best of breed

solutions

Enable customers to

build and operate

private, public or

hybrid clouds

Enabling

Cloud Applications/Services by Uniquely Combining

the Unified Data Center and Cloud Intelligent Network

Tailored

Solutions for

Building

Clouds

Innovative

Cloud Services

Research In Motion

SAMSU NG

(7)

What is Virtualized Multiservice Data Center?

(VMDC)

A validated reference architecture

Reducing time to deployment

Reducing risk

Increasing flexibility

Improving operational efficiency

A blueprint enabling customer to readily deploy services or applications

A flexible, modular design that can be used as a blueprint for cloud deployments

A prescriptive package available to customers as a whole offer

An architecture built to scale

An architecture that combines integrated compute stacks, unified data center and

data center interconnect into an end-to-end architecture

Architecture for customers deploying virtualized services (application workloads)

in a “cloud-style” environment, sharing common infrastructure for multiple cloud

consumers or “tenants”

(8)

Enhanced Data

Center Interconnect

Unified

Data Center

Networking

Integrated

Compute Stacks

Compute

NAS

SAN

VM

DC

VM

DC

VM

DC

Data Center

Access

Services

Aggregation

Core

V

M

D

C

Cloud Service

Management

Business

Support

Provisioning

Configuration

Portability/

Interoperability

Cisco Virtualized Multiservice Data Center

A Cloud Ready Data Center Architecture

Validated Design

Comprehensive

Modular

Flexible Approach

Reduced Risk

Increased Flexibility

Operational Efficiency

Service Tiers

(9)

Cisco Validated Design Process

Innovation and Quality Through System Level Design and Validation

System Development

Guidelines

Planning

Design

End-To-End Validation

Documentatio

n

System

Development

Fundamentals

System Delivery

Tested and validated

designs

Thought Leadership

System level innovations

Product Development

Cross platform collaboration

Key Customer Engagements

Consider end-to-end view

U

n

it

Fea

tu

re

In

te

g

ra

tion

S

y

s

te

m

C

u

s

to

m

e

r

(10)

Virtualized Multiservice Data Center (VMDC)

Cloud Infrastructure

Inter-Data

Center Networking

Unified Fabric and

Data Center

Networking

Providing Network

and Services

Virtualization

Unified

Computing and

Integrated

Systems

Providing Server

and Application

Virtualization

Compute

NAS

SAN

WAN

Access

Services

Network

Fabric

Networking Fabric

VM

DC

Cloud Service

Management

Business

Support

Provisioning

Configuration

Portability/

Interoperability

Storage

Compute

Unified Computing

Multi-Site Connectivity

FlexPod

with NetApp

Vblock

with VCE

VIA

with HDS

CIAC

BMC CLM

Zenoss

Cloud Ready

Infrastructure

(11)

The Challenge:

How do I scale my data center?

The Solution

• Point of Delivery

(POD)

Integrated Compute

Stack

Compute

Storage

Network

Integrated Compute

Stack

Compute

Storage

Network

Service

Appliances

Data

Center

Services

Node

PoD

Point of Delivery (PoD)

Architectural consistency

through a modular approach

Modular, tiered construct consisting

of groupings of integrated compute

stacks plus storage and networking

infrastructure

A single Pod can be deployed and

operated by itself or connected

together to other Pods to achieve

scale

VMDC validates 2 styles of Pods:

Compact and Large

Benefits

Simplified capacity planning

(12)

Scalable Compute: VMDC Supported ICS

VCE’S Vblock Family of Cloud Infrastructure Packages

Vblock Series 700

Storage:

EMC Symmetrix

Vmax

Compute: Cisco UCS

Virtualization: VMware

Orchestration:

Unified Infrastructure

Manager (UIM)

Vblock Series 700

model MX

Vblock Series 300

Storage

: EMC VNX

Compute: Cisco UCS

Virtualization: VMware

Orchestration: Unified

Infrastructure Manager (UIM)

Four Models

Pre-Integrated and

Supported

Cloud Infrastructure

Focus teams on using infrastructure vs.

assembling and supporting the

individual components

Cloud Service Provider

Operational Model

Provisioning, service delivery,

chargeback, etc.

Accelerates the Shift to a

Private

Cloud Model

Less time debating, more time using

(13)

Scalable Compute: VMDC Supported ICS

Cisco and NetApp’s FlexPod Reference Architecture

Standard, pre-validated,

best-in-class infrastructure building

blocks

Flexible: One platform scales to

fit many environments and

mixed workloads

Add applications and workload

Scale up and out

Simplified management and

repeatable deployments

Design and sizing guides

Services: Facilitate deployment

of different environments

Cisco

®

UCS

B-Series Blade

Servers and UCS

Manager

Cisco Nexus

®

5000

Family Switches

NetApp

®

FAS

10GE and FCoE

(14)

VMDC PoD Construct

VMDC 2.2 Components

Component

SW Versions

ASR9000

XR 4.1.0

ASR1006

XE 3.4.0 15.1(3)S

Nexus 7010

NXOS 5.2.1

ASA5585-60X

8.4.2

ACE30

A 4.2.1

Cat 6509

IOS 12.2.33 SXJ

UCS 6140, B200

1.4(2b)

VSG

4.2(1)SV1(2) - VNMC:

1.2(1b)

Nexus 1000V

NXOS 4.2.1 SV1(1.4a)

VMware

vSphere 4.1 U1, ESXi

MDS9513

NXOS 5.0.4d

Aggregation/

Access

Compute

Services

Core

WAN Edge /

DCI

Storage

(15)

VMDC Secure Containers

Service Levels

Bronze

Silver

Gold

Palladium

L2

L3

L3

LB

FW

L2

L3

L3

L2

L3

L3

L2

L3

FW

LB

LB

vFW

vFW

vFW

vFW

Public Zone

Private Zone

vFW

(16)

Public/Shared

VRF

vPath

Protected VRF

(control point)

Nexus

1000v

VSG

ASA Context

(per tenant)

Public Zone (DMZ)

Protected FE

Zone 1

Zone 2

Zone 3

Sub-Zone W Sub-Zone X Sub-Zone Y Sub-Zone Z

Private

(Tenant VRF)

Less Trusted Zones

Front-end Zones

Back-end Zones

Front-end Tenant Perimeter

Back-end Tenant Perimeter

Back-end Management

Perimeter

VMDC Container Model

Tiered Security - Logical Perimeters and Zones

(17)

Cisco Virtual Networking and Cloud Network

Services

WAN

Router

Servers

Tenant A

ASA

1000V

Cloud

Firewall

Nexus 1000V

Physical

Infrastructure

Virtualized/Cloud

Data Center

vWAAS

Cisco Virtual

Security

Gateway

Switches

Cloud Network Services

Citrix

NetScaler

VPX

Imperva

SecureSphere

WAF

Cloud

Services

Router

1000V

Zone A

Zone B

vPath

VXLAN

Multi-Hypervisor (VMware, Microsoft*, RedHat*, Citrix*)

Nexus 1000V

(Dist. Virtual Switch

)

Distributed switch

NX-OS

consistency

VSG

(Zone-based FW)

VM-level

controls

Zone-based

ASA 1000V

(Cloud FW)

Edge firewall,

VPN

Protocol

vWAAS

(WAN Optimization)

WAN

optimization

Application

CSR 1000V

(Cloud Router)

WAN L3

gateway

Routing and

Ecosystem

Services

Citrix NetScaler VPX

virtual ADC

Imperva Web App.

vNAM

(Network Analytics)

App Visibility

(L2-L7)

Overlay

Network

Analysis

Module

(vNAM)

(18)

VSG

Public Zone

(DMZ)

Protected FE

Zone 1

Zone 2

Zone 3

Su b-Zon e W Su b-Zon e X Su b-Zon e Y Su b-Zon e Z

Front-end Zones

VMDC VSA:

Sample Virtual Private Cloud Container

L3 VPN

Internet

Back-end Zones

ASA1000v

VPN

CSR1000v (vCE)

Nexus 1000v + VPATH

VPX

VPX

VPX

vWaaS

vNAM

vWaaS

Components:

IOS XR 4.3

CSR XE 3.9 (IOS FW, RaaS,

AppNav Controller, NBAR2)

Netscaler VPX 10.1

vWaaS 5.2 (vPath and AppNav

redirection)

vNAM 6.0

N1KV 2.2

VXLAN on N1kV

IPv6 Dual Stack (TBC)

Hyper-V (TBC)

(19)

VSG

Public Zone

Protected FE

Zone 1

Zone 2

Zone 3

Sub-Zone W Sub-Zone X Sub-Zone Y Sub-Zone Z

Front-end Zones

Virtual Services Architecture:

Key Concepts

Overlay networking –

VXLAN for scalable

tenant segmentation

and intra-DC L2

extension

Virtual services – with

single service instance

per tenant

Virtual + physical also

supported

RAAS – virtual router

for tenant routing

Abstracted network

control via DC network

controller

L3 VPN

Internet

Back-end Zones

ASA1000v

VPN

CSR1000v

Citrix Netscaler

(20)

VSG

Public Zone

Protected FE

Zone 1

Zone 2

Zone 3

Sub-Zone W Sub-Zone X Sub-Zone Y Sub-Zone Z

Front-end Zones

Virtual Services Architecture:

Key Concepts (Cont’d)

End to End

differentiated SLA

Support and

Application Visibility

NBAR2 on CSR for

application-based

differentiation

vNAM Network Analysis

Application

Performance Tuning

vWaaS for end-to-end

application optimization

L3 VPN

Internet

Back-end Zones

ASA1000v

VPN

CSR1000v

Nexus 1kv + VPATH

Citrix Netscaler

vNAM

vWaaS

(21)

Security Services Chaining With vPath

Cisco Nexus

®

1000V

Distributed Virtual Switch

VM

VM

VM

VM

VM

VM

VM

VM

VM

VM

VM

VM

VM

VM

VM

VM

VM

VM

vPath

VSG

2

3

4

5

(22)

Cisco CSR 1000V

Cisco IOS Software in Virtual Form-Factor

Selected feature set of Cisco IOS

XE

Virtual Route Processor (RP)

Virtual Forwarding Processor (FP)

Optimized for single tenant use

cases

Multi-Hypervisor

(see Roadmap)

Virtual switch agnostic

Server

Hypervisor

Virtual Switch

VPC/vDC

OS

App

OS

App

CSR

1000V

(23)

Built using ASA technology

Support for Virtual Extensible

LAN (VXLAN)

Multitenant management

through VNMC

Interoperability with VSG

using service chaining

Cisco

®

ASA 1000V:

Features and Capabilities

IPSec VPN (Site-to-Site)

NAT

DHCP

Default Gateway

Static Routing

Stateful Inspection

IP Audit

(24)

Cisco Virtual WAAS

ESX ESXi Hypervisor

w/Nexus 1000

UCS /x86 Servers

Virtual WAAS “Appliances”

vPath

Virtual WAAS

on Nexus 1000V with vPath

FEATURES

• Full feature parity with traditional

WAAS

• Allows Agile, Elastic, & Multi Tenant

Deployment

• Supports Data Redundancy

Elimination (DRE) Cache in SAN

• Policy-based Provisioning w/ Nexus

1000V

• wccp, vPath, or AppNav based

deployment

BUSINESS BENEFITS

• Business Agility with on-demand

orchestration

• Lower operational cost, reduced

migration risk

• Fault-tolerance with VM mobility

awareness

(25)

Managing with VMNC

Proven Cisco

®

security: virtualized

physical and virtual consistency

Collaborative security model

̶

Cisco Virtual Secure Gateway (VSG)

for intra-tenant secure zones

̶

Cisco ASA 1000V for tenant edge

controls

Transparent integration

̶

With Cisco Nexus

®

1000V Switch and

Cisco vPath

Scale flexibility to meet cloud

demand

̶

Multi-instance deployment for

scale-out deployment across the data

Tenant B

Tenant A

VDC

vApp

vApp

Hypervisor

Cisco Nexus

®

1000V

Cisco vPath

VDC

Cisco

®

Virtual Network Management Center (VNMC)

Cisco

VSG

Cisco

VSG

Cisco

VSG

Cisco ASA

1000V

Cisco ASA

1000V

Cisco

VSG

(26)

VMDC with Virtualized Network Services

PoC/Demo Setup

Customer Edge

(Tenant Entry Point)

Application

Virtual Access/

Compute

WAN

Edge

VM

Win7

(DHCP)

ASA1000v

VM

Win7

(DHCP)

Outside: 10.40.25.101

Inside: 192.168.1.100

VM

Web Srv

VSG

VM

DB Srv

ASA1000v

VM

Win7

(DHCP)

Outside: 10.40.26.101

Inside: 192.168.2.100

VSG

VM

VM

Win7

(DHCP)

vWAAS

192.168.1.110

VM

VM

VCM

192.168.1.111

Tenant DHCP Range:

192.168.1.200-210

Web: 192.168.1.1/24

DB: 192.168.1.2/24

Tenant DHCP Range:

192.168.2.200-210

Data Center

Nexus

1000V

Nexus

1000V

Nexus

7000

CSR

Cisco Nexus 1110-X

VSMs

ASR9K

Cisco Nexus 1110-X

VSMs

V

VLAN102

(Port Profile: TenantB)

VLAN101

(Port Profile: TenantA)

TenantB

TenantA

(27)

Demo: Service Chaining of Virtualized Network

Services (Products: vWAAS, ASA1000v, VSG)

VM

Win Clients

(DHCP)

VLAN101

(Port Profile: TenantA)

ASA1000v

VM

File

Server

Outside: 10.40.25.101

Inside: 192.168.1.100

VM

Web

Server

VSG

ASR1K

VM

Database

Server

VM

TenantA

Containe

r

vWAAS

192.168.1.110

VM

vWAAS

Central Mgr

Tenant DHCP Range:

192.168.1.200-210

Nexus

1000V

VM

192.168.1.1 192.168.1.2

192.168.1.216

WAN

Edge

Bank.com

ISR

Remote

Backup Service

(w/ vWAAS)

Backup1

10.140.10.10/24

Remote DR Site

Remote

Backup Service

(no vWAAS)

Backup2

10.140.11.10/24

172.28.224.102

172.28.224.103

vWAAS

VSG:

Virtual Security Gateway

INTERNET

VNMC

DCNM

10.40.99.7

10.40.99.5

VM

VM

Mgmt

X

(28)

VMDC Resource Links

VMDC Design Zone

http://www.cisco.com/go/vmdc

Questions

:

ask-vmdc-external@cisco.com

(Core team members, including mgmt, planning, architecture and test

engineers)

DU Publications (Internal) – select VMDC and associated Orchestration and DCI system IDs

http://sdu.cisco.com/systems/

VMDC Webex Social Page (Internal)

http://iwe.cisco.com/web/sdu/vmdc

SVMDC 2.2 CVD

http://www.cisco.com/en/US/partner/docs/solutions/Enterprise/Data_Center/VMDC/2.2/implementation_guide/vmdcImpl

ementationGuide22.html

VMDC 3.0 CVD

http://www.cisco.com/en/US/partner/docs/solutions/Enterprise/Data_Center/VMDC/3.0/IG/VMDC_3.0_IG.html

Cisco Cloud Megatest (based on VMDC)

http://www.cisco.com/en/US/solutions/ns341/eantc_cloud.html

Data Center Interconnect Design Zone

http://www.cisco.com/en/US/partner/netsol/ns749/networking_solutions_sub_program_home.html

VMDC Orchestration with BMC CLM

http://www.cisco.com/en/US/partner/solutions/ns340/ns414/ns742/cloud_orchestration_bmc_clm.html#~entitled

VMDC Assurance with Zenoss CSA

http://www.cisco.com/en/US/partner/solutions/ns340/ns414/ns742/dz_cloudservice.html

Cloud Enablement Services Website

(29)

Thank you.

Thank you.

Figure

Updating...