Cisco Prime Network Services
Controller
Sonali Kalje
Sr. Product Manager
Cloud and Virtualization, Cisco Systems
© 2014 Cisco and/or its affiliates. All rights reserved. Cisco Public
Agenda
• Cloud Networking Challenges
• Prime Network Services Controller
• L4-7 Services
• Solutions Integrations
– Cisco Intercloud Fabric
– Cisco IAC
– Cisco Virtual Application Container Services
– Cisco DFA
• Use Cases
3
Managing The Evolution of the Data
Center Cloud
© 2014 Cisco and/or its affiliates. All rights reserved. Cisco Public
The Evolution of the DC — World of Many Clouds
Enabling New IT Sourcing Models, Legacy Hosting and Cloud Hosting
Traditional
Data Center
Public Cloud
Services Private Cloud
Hybrid Cloud
© 2014 Cisco and/or its affiliates. All rights reserved. Cisco Public
The Evolution of the DC — Virtualization is Distributed
Every environment uses a virtualization solution with its own management platform
Traditional
Data Center
Public Cloud
Services Private Cloud
Hybrid Cloud
© 2014 Cisco and/or its affiliates. All rights reserved. Cisco Public
Hybrid Cloud – Extending The Traditional Data
Center
Workload Portability
Policy Consistency
Sustained workloads
Control & compliance
Elastic workloads
Quick ramp
Hybrid Cloud
DC or
Private
Cloud
Public
Cloud
© 2014 Cisco and/or its affiliates. All rights reserved. Cisco Public
Multi-Tenancy in the Data Center
Consolidating Resources
Distinct
Data Centers
Business
Units Multi-Tenant Data Center
R&D
Finance
Sales
© 2014 Cisco and/or its affiliates. All rights reserved. Cisco Public
IT Director, Enterprise Customer
Cisco’s Converged
Infrastructure
Secure & Shared Infrastructure
Flexpod
A B C
Secure Zoned Containers
Deploy Tenant containers in cloud
“Today’s” Approach Is Manual, Complex & Error Prone
“It takes month(s) to provision
Networking & Security at the
Virtual Layer”
“Today’s” Solution leads to:
Customer assembling
diverse set of virtual &
physical services
Provisioning nightmare
through different
Management Tools
© 2014 Cisco and/or its affiliates. All rights reserved. Cisco Public
Poll Question 1
10
Introducing..
Prime Network Services Controller
Multi-Service,
Multi-Tenant
Multi-
Cloud
Multi-
Hypervisor
Prime Network
Services Controller
© 2014 Cisco and/or its affiliates. All rights reserved. Cisco Public
Multi-Services - Network services automation for service deployments and configuration
Multi-Cloud - Intercloud enablement platform for infrastructure and services
Multi-Hypervisor – Services across multiple landscapes
Prime Network Services Controller
Enabling network service automation, policy consistency in private and hybrid cloud
Prime Network Services Controller
]
Virtual Services Hypervisor Provider Cloud
Cisco powered
cloud providers
CIAC Openstack BMC CLM UCSD DCNM
Northbound
Admin / Tenant API
Web Interface
Orchestration
Cloudstack
Enabling service automation, policy consistency with policy mobility across private and hybrid cloud
© 2014 Cisco and/or its affiliates. All rights reserved. Cisco Public
Enabling service automation, policy consistency with policy mobility across private and hybrid cloud
Virtual Services Hypervisor Cloud
Cisco Powered
Cloud Providers
Northbound
API
Orchestration
Managing Cloud Services with Cisco Prime Network
Services Controller
13
Prime Network Services Controller
© 2014 Cisco and/or its affiliates. All rights reserved. Cisco Public
Poll Question 2
14
© 2014 Cisco and/or its affiliates. All rights reserved. Cisco Public
Prime Network Services Controller
Features
15
VM lifecycle management
Northbound XML API
Role-Based Access Controls
Non disruptive Operations
Dynamic Service Provisioning
Multi-tenant Service
management
VM add, delete,
Tenant assignment
License automation
Network IP management
Service VM scaling
Policy management
© 2014 Cisco and/or its affiliates. All rights reserved. Cisco Public
Amazon
Azure
Cisco Powered
Cloud Providers
Prime Network Services Controller – High Level Architecture
Cisco Intelligent Automation for Cloud
Cisco UCS Director
Nexus1000V VSG (Zone- Based Firewall)
Virtual ASA(Edge
Firewall)
CSR1000V (L3 Router)
Third-Party Load Balancers (VPX)
Image
Management
Policy
Management
Service
Configuration
System
Administration
License
Management
Cisco Prime Network Services Controller
Service
Chaining Config Archive VM Lifecycle Change Audit Monitoring
Single Northbound API
IP Address Management
Capacity Management
Performance Management
vSphere HyperV KVM Xen
Multi-Hypervisor
OpenStack CloudStack
BMC CLM Cisco Intercloud
Policy Driven,
Template Based
3rdParty vSwitch Nexus 1000v© 2014 Cisco and/or its affiliates. All rights reserved. Cisco Public
Virtual Data Center / Cloud – Network Services
17
VSG
Public Zone Protected FE Zone 1 Zone 2 Zone 3
Front-End Zones
L3 VPN Internet
Back-End Zones
ASA1000V
CSR1000V
Citrix NetScaler
• Per tenant Service lifecycle
and Policy management for
:
o Load Balancer
o Edge Router
o Edge Firewall
o Compute/App Firewall
o Service Chaining
configuration
Cisco ® Prime Network Services Controller
L4-7 Services Management
© 2014 Cisco and/or its affiliates. All rights reserved. Cisco Public
Compute Firewall – Features
19
Cisco Virtual Security Gateway
(VSG)
Secures inter-VM traffic within a tenant
VM context-aware rules
Context-aware
security
Establish zones of trust
Zone-based
controls
Policies follow vMotion
/ live migration
Context-aware
security
Multi-instance
deployment
Scale
© 2014 Cisco and/or its affiliates. All rights reserved. Cisco Public
Compute Firewall in Prime Network Services Controller
20
© 2014 Cisco and/or its affiliates. All rights reserved. Cisco Public
Edge Router – Features
21
Cloud Services Router (CSR) 1000V
Cisco IOS Router in Virtual Form-Factor
IOS zone-based firewall, ACLs
Security
OSPF, EIGRP, BGP and static
routing
Routing
Routed interface, loopback
interface, sub interface, VPN tunnel
interface
Interfaces
Site-to-Site IPSec VPN, DHCP Server
& Relay, Smart Licensing
Other features
© 2014 Cisco and/or its affiliates. All rights reserved. Cisco Public
Edge Router
22
© 2014 Cisco and/or its affiliates. All rights reserved. Cisco Public
Edge Router - Instantiation
23
© 2014 Cisco and/or its affiliates. All rights reserved. Cisco Public
CSR 1000V – Smart Licensing
24
© 2014 Cisco and/or its affiliates. All rights reserved. Cisco Public
Network Services – Image Management
25
© 2014 Cisco and/or its affiliates. All rights reserved. Cisco Public
Load Balancer – Features
26
Virtual Load Balancer
HTTP, TCP, UDP, FTP, DNS, etc.
Protocols
Round Robin, Least Connection,
Source IP Hash, URL Hash, etc.
Load-balancing
algorithms
None, Cookie Insert, Source IP, SSL
Session
Persistence
One-arm mode, license automation,
vPath configuration
Other features
Citrix NetScaler VPX/1000V
© 2014 Cisco and/or its affiliates. All rights reserved. Cisco Public
Load Balancer – Instantiation
27
Prime Network Services Controller enabling
L4-L7 Services in broader solutions
© 2014 Cisco and/or its affiliates. All rights reserved. Cisco Public
Prime Network Services Controller - Solution Integrations
29
Dynamic
Fabric
Automation
Intelligent
Automation
for Cloud
UCS
Director
3 rd Party
Integrations
BMC CLM,
Cloudstack
Intercloud
Fabric
© 2014 Cisco and/or its affiliates. All rights reserved. Cisco Public
Cisco Intercloud Fabric – Solution Overview
Enterprise DC / Private Cloud Provider Clouds
vSphere
Hyper-V
Openstack/KVM
CloudStack/Xen
Intercloud
Business
Edition
End User &
IT Admin
Portals
Secure Fabric
Network, Compute & Storage
Azure APIs
EC2 APIs
Cloud Providers
&
Cisco Powered
Services
Intercloud
Provider
Edition
© 2014 Cisco and/or its affiliates. All rights reserved. Cisco Public
Poll Question 3
31
© 2014 Cisco and/or its affiliates. All rights reserved. Cisco Public
Cisco’s Hybrid Cloud Differentiation
Cisco
InterCloud
Customer
Cloud Providers
Cloud Brokers
Cisco Powered
Services
Choice
Open
No Vendor Lock-In
Any Hypervisor to Any Provider
Heterogeneous Infrastructure
End-to-End Security
Unified Workload Management and Governance
Workload Mobility Across Clouds
Open
Ecosystem
© 2014 Cisco and/or its affiliates. All rights reserved. Cisco Public
Cisco Intercloud Fabric Architecture Details
33
Public
V
M
Intercloud
Fabric Director
Intercloud
Switch
Intercloud Fabric
Provider Platform
VM
Manager
Private
Cloud Providers
IT Admins End Users
V
M VM
Intercloud
Extender
Intercloud Fabric Services
V
M
Intercloud Secure
Fabric
Administrator installs
Intercloud Fabric
Director
Installed and configured
through Intercloud Fabric
Director
SP Admin deploys
Provider Platform
Prime
NSC Intercloud Secure Fabric
© 2014 Cisco and/or its affiliates. All rights reserved. Cisco Public
Enterprise DC
Tenant1 - Production Tenant2 – Dev / QA
Hybrid Cloud
Cloud Admin
Cloud
User Provider Cloud
Prime Network
Services
Controller
Intercloud
Fabric
Director
End user
portal
IC Secure Tunnel
Prime Network Services Controller in Intercloud
Fabric
34
Intercloud Fabric
Services Management
© 2014 Cisco and/or its affiliates. All rights reserved. Cisco Public
Enterprise DC
Tenant2 – Dev / QA
Tenant1 - Production
Intercloud
Fabric Director
Prime Network
Services
Controller
Provider Cloud
FW
FW
FW
NAT
VPN
IC Secure Tunnel
Prime Network Services Controller in Intercloud Fabric
35
© 2014 Cisco and/or its affiliates. All rights reserved. Cisco Public
Virtualized Services Architecture (VSA) Orchestration
36
Storage
Compute
Cisco Prime Network CSP
Services Controller
Cisco Process Orchestrator
Network Element Management / Service Assurance
Network Devices and Services (Physical and
Virtual)
Cisco Prime Service Catalog
Storage Domain
Orchestrator
Virtual Physical Physical
vSphere
UCSM
Virtual
Cisco Intelligent Automation for Cloud (Cisco IAC)
© 2014 Cisco and/or its affiliates. All rights reserved. Cisco Public
Prime Network Services Controller
in Cisco Intelligent Automation for Cloud
© 2014 Cisco and/or its affiliates. All rights reserved. Cisco Public
Services Integration in Cisco Dynamic Fabric Automation
38
Network
Services
Controller
Fabric Mgmt
Provisioning
Open
APIs
Published
Schemas
Network & Network
Services Policies
Cloud Stacks
Compute & Storage
Policies
UCS Director
Advantages
Any workload, anywhere, anytime
Open Integration: orchestration
Automated scalable provisioning
Workload aware fabric
© 2014 Cisco and/or its affiliates. All rights reserved. Cisco Public
Dynamic Fabric Automation – Services Architecture
39
Use Cases
© 2014 Cisco and/or its affiliates. All rights reserved. Cisco Public
Deploy topology agnostic service chains
in minutes …
• Intelligent service chaining with Nexus
1000V vPath
• Flat network: as shown, all application
tier is on VLAN 100 segment, and
each have different set of services
enabled based on service requirement
vPath
Web
VLAN
100
VLAN
100
VLAN
100
WAN Optimization + Edge Firewall + NAT + Load Balancer +
Web Application Firewall + Zone based Firewall
Load Balancer + Zone based Firewall
VSG Zone based Firewall
© 2014 Cisco and/or its affiliates. All rights reserved. Cisco Public
Use Case: Deploy 3-Tier Application Container
Upstream Router
1. NAT (Optional)
2. L3 Routing – Dynamic or Static (Optional)
3. Edge FW
4. Load Balancer
5. App FW
3 Tier App Container
Zone based FW
Routing
VLAN 1/
VXLAN 101
Web Tier App Tier DB Tier
VSG
CSR 1000V
LB
All network services and policy management in centralized UI with Prime Network Services Controller
© 2014 Cisco and/or its affiliates. All rights reserved. Cisco Public
Cloud Service Provider
Multi-Tenancy
Tenant A
Virtual
Infrastructure
Cisco
VSG
Tenant B
Cisco CSR1kV
One or more Cisco
Nexus 1000V VSM and
Cisco Prime NSC
Instance per cluster
Compute
Cluster
Multi-Tenancy
Dedicated Service Node per Tenant
Shared host resources across Tenants
Management through Single Plane of Glass
Management
Cluster
Citrix
NetScaler1k
V Cisco vPath
Cisco Nexus 1000V
Cisco ASA1kV
Citrix
NetScaler1k
V
Cisco
VSG
© 2014 Cisco and/or its affiliates. All rights reserved. Cisco Public
Poll Question 4
44
© 2014 Cisco and/or its affiliates. All rights reserved. Cisco Public
Cloud Service Provider
On-demand Firewall and LB services Provisioning
Customer A
Virtual
Infrastructure
VSG
Customer B
VSG
CSR1kV
One VSM and PNSC
Instance per
customer cluster
VSG
Customer Cluster 1
Customer C
CSP On-boards new Customer C VM’s on
customer cluster 1
Tenant C admin configures LB and Firewall
Policies via Mgmt console on CSP Tenant Portal
Tenant VM’s secured with dedicated VSG Firewall
with policies provision in less than 10 Seconds
Customer C Admin creates new cloud resource
request on CSP portal
VSG Policies are to secure tenant boundary and
VM’s isolation within Tenant using VSG zones and
custom attributes
Add services to your
Cloud Resources:
- Firewalls
- Load balancers
- SSL VPN
Cloud Provider Portal
offers Services -
© 2014 Cisco and/or its affiliates. All rights reserved. Cisco Public