Cisco Prime Network Services Controller. Sonali Kalje Sr. Product Manager Cloud and Virtualization, Cisco Systems

(1)

(2)

Cisco Prime Network Services

Controller

Sonali Kalje

Sr. Product Manager

Cloud and Virtualization, Cisco Systems

(3)

Agenda

• Cloud Networking Challenges

• Prime Network Services Controller

• L4-7 Services

• Solutions Integrations

– Cisco Intercloud Fabric

– Cisco IAC

– Cisco Virtual Application Container Services

– Cisco DFA

• Use Cases

3

(4)

Managing The Evolution of the Data

Center Cloud

(5)

The Evolution of the DC — World of Many Clouds

Enabling New IT Sourcing Models, Legacy Hosting and Cloud Hosting

Traditional

Data Center

Public Cloud

Services Private Cloud

Hybrid Cloud

(6)

The Evolution of the DC — Virtualization is Distributed

Every environment uses a virtualization solution with its own management platform

Traditional

Data Center

Public Cloud

Services Private Cloud

Hybrid Cloud

(7)

Hybrid Cloud – Extending The Traditional Data

Center

Workload Portability

Policy Consistency

Sustained workloads

Control & compliance

Elastic workloads

Quick ramp

Hybrid Cloud

DC or

Private

Cloud

Public

Cloud

(8)

Multi-Tenancy in the Data Center

Consolidating Resources

Distinct

Data Centers

Business

Units Multi-Tenant Data Center

R&D

Finance

Sales

(9)

IT Director, Enterprise Customer

Cisco’s Converged

Infrastructure

Secure & Shared Infrastructure

Flexpod

A B C

Secure Zoned Containers

Deploy Tenant containers in cloud

“Today’s” Approach Is Manual, Complex & Error Prone

“It takes month(s) to provision

Networking & Security at the

Virtual Layer”

“Today’s” Solution leads to:

Customer assembling

diverse set of virtual &

physical services

 Provisioning nightmare

through different

Management Tools

(10)

Poll Question 1

10

(11)

Introducing..

Prime Network Services Controller

Multi-Service,

Multi-Tenant

Multi-

Cloud

Multi-

Hypervisor

Prime Network

Services Controller

(12)

 Multi-Services - Network services automation for service deployments and configuration

 Multi-Cloud - Intercloud enablement platform for infrastructure and services

 Multi-Hypervisor – Services across multiple landscapes

Prime Network Services Controller

Enabling network service automation, policy consistency in private and hybrid cloud

Prime Network Services Controller

]

Virtual Services Hypervisor Provider Cloud

Cisco powered

cloud providers

CIAC Openstack BMC CLM UCSD DCNM

Northbound

Admin / Tenant API

Web Interface

Orchestration

Cloudstack

Enabling service automation, policy consistency with policy mobility across private and hybrid cloud

(13)

Enabling service automation, policy consistency with policy mobility across private and hybrid cloud

Virtual Services Hypervisor Cloud

Cisco Powered

Cloud Providers

Northbound

API

Orchestration

Managing Cloud Services with Cisco Prime Network

Services Controller

13

Prime Network Services Controller

(14)

Poll Question 2

14

(15)

Prime Network Services Controller

Features

15

VM lifecycle management

Northbound XML API

Role-Based Access Controls

Non disruptive Operations

Dynamic Service Provisioning

Multi-tenant Service

management

VM add, delete,

Tenant assignment

License automation

Network IP management

Service VM scaling

Policy management



(16)

Amazon

Azure

Cisco Powered

Cloud Providers

Prime Network Services Controller – High Level Architecture

Cisco Intelligent Automation for Cloud

Cisco UCS Director

Nexus1000V VSG (Zone- Based Firewall)

Virtual ASA(Edge

Firewall)

CSR1000V (L3 Router)

Third-Party Load Balancers (VPX)

Image

Management

Policy

Management

Service

Configuration

System

Administration

License

Management

Cisco Prime Network Services Controller

Service

Chaining Config Archive VM Lifecycle Change Audit Monitoring

Single Northbound API

IP Address Management

Capacity Management

Performance Management

vSphere HyperV KVM Xen

Multi-Hypervisor

OpenStack CloudStack

BMC CLM Cisco Intercloud

Policy Driven,

Template Based

³^rdParty vSwitch Nexus 1000v

(17)

Virtual Data Center / Cloud – Network Services

17

VSG

Public Zone Protected FE Zone 1 Zone 2 Zone 3

Front-End Zones

L3 VPN Internet

Back-End Zones

ASA1000V

CSR1000V

Citrix NetScaler

• Per tenant Service lifecycle

and Policy management for

:

o Load Balancer

o Edge Router

o Edge Firewall

o Compute/App Firewall

o Service Chaining

configuration

Cisco ^® Prime Network Services Controller

(18)

L4-7 Services Management

(19)

Compute Firewall – Features

19

Cisco Virtual Security Gateway

(VSG)

Secures inter-VM traffic within a tenant

VM context-aware rules

Context-aware

security

Establish zones of trust

Zone-based

controls

Policies follow vMotion

/ live migration

Context-aware

security

Multi-instance

deployment

Scale

(20)

Compute Firewall in Prime Network Services Controller

20

(21)

Edge Router – Features

21

Cloud Services Router (CSR) 1000V

Cisco IOS Router in Virtual Form-Factor

IOS zone-based firewall, ACLs

Security

OSPF, EIGRP, BGP and static

routing

Routing

Routed interface, loopback

interface, sub interface, VPN tunnel

interface

Interfaces

Site-to-Site IPSec VPN, DHCP Server

& Relay, Smart Licensing

Other features

(22)

Edge Router

22

(23)

Edge Router - Instantiation

23

(24)

CSR 1000V – Smart Licensing

24

(25)

Network Services – Image Management

25

(26)

Load Balancer – Features

26

Virtual Load Balancer

HTTP, TCP, UDP, FTP, DNS, etc.

Protocols

Round Robin, Least Connection,

Source IP Hash, URL Hash, etc.

Load-balancing

algorithms

None, Cookie Insert, Source IP, SSL

Session

Persistence

One-arm mode, license automation,

vPath configuration

Other features

Citrix NetScaler VPX/1000V

(27)

Load Balancer – Instantiation

27

(28)

Prime Network Services Controller enabling

L4-L7 Services in broader solutions

(29)

Prime Network Services Controller - Solution Integrations

29

Dynamic

Fabric

Automation

Intelligent

Automation

for Cloud

UCS

Director

3 ^rd Party

Integrations

BMC CLM,

Cloudstack

Intercloud

Fabric

(30)

Cisco Intercloud Fabric – Solution Overview

Enterprise DC / Private Cloud Provider Clouds

vSphere

Hyper-V

Openstack/KVM

CloudStack/Xen

Intercloud

Business

Edition

End User &

IT Admin

Portals

Secure Fabric

Network, Compute & Storage

Azure APIs

EC2 APIs

Cloud Providers

&

Cisco Powered

Services

Intercloud

Provider

Edition

(31)

Poll Question 3

31

(32)

Cisco’s Hybrid Cloud Differentiation

Cisco

InterCloud

Customer

Cloud Providers

Cloud Brokers

Cisco Powered

Services

Choice

Open

No Vendor Lock-In

Any Hypervisor to Any Provider

Heterogeneous Infrastructure

End-to-End Security

Unified Workload Management and Governance

Workload Mobility Across Clouds

Open

Ecosystem

(33)

Cisco Intercloud Fabric Architecture Details

33

Public

V

M

Intercloud

Fabric Director

Intercloud

Switch

Intercloud Fabric

Provider Platform

VM

Manager

Private

Cloud Providers

IT Admins End Users

V

M VM

Intercloud

Extender

Intercloud Fabric Services

V

M

Intercloud Secure

Fabric

Administrator installs

Intercloud Fabric

Director

Installed and configured

through Intercloud Fabric

Director

SP Admin deploys

Provider Platform

Prime

NSC Intercloud Secure Fabric

(34)

Enterprise DC

Tenant1 - Production Tenant2 – Dev / QA

Hybrid Cloud

Cloud Admin

Cloud

User Provider Cloud

Prime Network

Services

Controller

Intercloud

Fabric

Director

End user

portal

IC Secure Tunnel

Prime Network Services Controller in Intercloud

Fabric

34

Intercloud Fabric

Services Management

(35)

Enterprise DC

Tenant2 – Dev / QA

Tenant1 - Production

Intercloud

Fabric Director

Prime Network

Services

Controller

Provider Cloud

FW

NAT

VPN

IC Secure Tunnel

Prime Network Services Controller in Intercloud Fabric

35

(36)

Virtualized Services Architecture (VSA) Orchestration

36

Storage

Compute

Cisco Prime Network CSP

Services Controller

Cisco Process Orchestrator

Network Element Management / Service Assurance

Network Devices and Services (Physical and

Virtual)

Cisco Prime Service Catalog

Storage Domain

Orchestrator

Virtual Physical Physical

vSphere

UCSM

Virtual

Cisco Intelligent Automation for Cloud (Cisco IAC)

(37)

Prime Network Services Controller

in Cisco Intelligent Automation for Cloud

(38)

Services Integration in Cisco Dynamic Fabric Automation

38

Network

Services

Controller

Fabric Mgmt

Provisioning

Open

APIs

Published

Schemas

Network & Network

Services Policies

Cloud Stacks

Compute & Storage

Policies

UCS Director

Advantages

 Any workload, anywhere, anytime

 Open Integration: orchestration

 Automated scalable provisioning

 Workload aware fabric

(39)

Dynamic Fabric Automation – Services Architecture

39

(40)

Use Cases

(41)

Deploy topology agnostic service chains

in minutes …

• Intelligent service chaining with Nexus

1000V vPath

• Flat network: as shown, all application

tier is on VLAN 100 segment, and

each have different set of services

enabled based on service requirement

vPath

Web

VLAN

100 VLAN

100 WAN Optimization + Edge Firewall + NAT + Load Balancer +

Web Application Firewall + Zone based Firewall

Load Balancer + Zone based Firewall

VSG Zone based Firewall

(42)

Use Case: Deploy 3-Tier Application Container

Upstream Router

1. NAT (Optional)

2. L3 Routing – Dynamic or Static (Optional)

3. Edge FW

4. Load Balancer

5. App FW

3 Tier App Container

Zone based FW

Routing

VLAN 1/

VXLAN 101

Web Tier App Tier DB Tier

VSG

CSR 1000V

LB

All network services and policy management in centralized UI with Prime Network Services Controller

(43)

Cloud Service Provider

Multi-Tenancy

Tenant A

Virtual

Infrastructure

Cisco

VSG

Tenant B

Cisco CSR1kV

One or more Cisco

Nexus 1000V VSM and

Cisco Prime NSC

Instance per cluster

Compute

Cluster

Multi-Tenancy

Dedicated Service Node per Tenant

Shared host resources across Tenants

Management through Single Plane of Glass

Management

Cluster

Citrix

NetScaler1k

V Cisco vPath

Cisco Nexus 1000V

Cisco ASA1kV

Citrix

NetScaler1k

V

Cisco

VSG

(44)

Poll Question 4

44

(45)

Cloud Service Provider

On-demand Firewall and LB services Provisioning

Customer A

Virtual

Infrastructure

VSG

Customer B

VSG

CSR1kV

One VSM and PNSC

Instance per

customer cluster

VSG

Customer Cluster 1

Customer C

CSP On-boards new Customer C VM’s on

customer cluster 1

Tenant C admin configures LB and Firewall

Policies via Mgmt console on CSP Tenant Portal

Tenant VM’s secured with dedicated VSG Firewall

with policies provision in less than 10 Seconds

Customer C Admin creates new cloud resource

request on CSP portal

VSG Policies are to secure tenant boundary and

VM’s isolation within Tenant using VSG zones and

custom attributes

Add services to your

Cloud Resources:

- Firewalls

- Load balancers

- SSL VPN

Cloud Provider Portal

offers Services -

(46)

Policy and VM Mobility -

Private and Hybrid Cloud

Intercloud

Fabric

Multi-tenant

Programmable

Service VM

Life-cycle

management

Prime Network

Services Controller

(Prime NSC)

Key Takeaways..

Prime Network Services Controller

Enabling service automation, policy consistency and policy mobility across private and

hybrid cloud

(47)