Why your Datacenter Infrastructure should be Policy Defined Dr. Markus Hofmann DC Specialist Application Centric Infrastructure mahofman@cisco.com 30.9.2015
Why Automation is Key in the DC Agility Cloud-like self-service consumption of IT Better usage of resources Better Service Levels through QoS enforcement Improved Security and Compliance by reducing operational risks Shift people workload from fire fighting to proactive work
How to automate complex systems?
Controlling Complexity - Design it for Automation They should want to be here Most IT Service providers are here Speed Capacity Security Fly-by-wire Auto Pilot Automated Solutions
How to automate complex systems of complex systems?
Two approaches to Control Systems IMPERATIVE CONTROL DECLARATIVE CONTROL Good enough for fairly complex systems of simple sequential tasks Centralized Intelligence Air traffic control tells where to take off from, but not how to fly the plane Distributed Intelligence
How to automate a datacenter End-User Service Catalogue High-Level IT Prozess- Automation Need Infrastructure Need Infrastructure API Standard Infrastructure-Service-Catalogue How do we control the airplanes? Physical + Virtual Infrastructure- Automation
Infrastructure The workflow automated datacenter Define Workflo w Manage Exceptions Control Workflow Execution The nasty part Analyze SLAs
Infrastructure The Policy Defined Datacenter Eliminate the nasty terms from the equation Define Policies Manage Exceptions Apply Policies Analyze SLAs You have to TRUST the (auto-)pilot!!
SIM Card Identity for a phone UCS Service Profile Identity for compute Service Profile Network Policy Storage Policy Compute Policy ACI Application Profile Identity for the network
Group Based Policies in Openstack Watch out: can you trust the pilot?
The automated DC with policy based infrastracture definition End-User Service Catalogue High-Level IT Prozess- Automation Need Infrastructure Need Infrastructure API Standard Infrastructure-Service-Catalogue Physical + Virtual
Application Centric Infrastructure Open API s, Complete Automation & Application Focused Controller Policy Model Nexus 9000 APIC Open restful APIs Centralized policy model Open source Applications Centric Infrastructure
Application Centric Infrastructure Policy-basierte Netzwerk-Konfiguration Applikationen Dev Health Score Systems Telemetry 82 % 25 Packets dropped APPLICATION CENTRIC POLICY APIC Latency Isolation Netzwerk
Enhance DC security: Network-based stateful Firewall with contracts Contract WEB APP Physical + virtual Wire-speed Zero Management Microsegmentatio n in the network: Zero CPU cycles on host No exposure to infected hosts
ACI Supports Flexible East-West Security Models L4 Stateful Security L4-7 Visibility and Control ACI Services Graph Servers (Physical or Virtual) Firewall at Each Leaf switch L4-7 Security Services (physical or virtual, location independent) L4 Distributed Stateful Firewall L4 Stateful Firewall Attached to Every Server Port Line Rate Policy Enforcement Policy Follows Workloads L4-7 Security Via ACI Service Graph Advanced Protection with NGFW, IPS/IDS, DDoS Services Insertion Sizing at Scale-Enabled via Pool and ACI Dynamic Redirection L4-7 Security Policy Applied Consistently for Any Workload
Enhanced Compliance and Full Day-0 Auditability ACI is PCI certified Common Criteria and FIPS certification in H2CY15 Auto-Documentation Prove compliance at any point in time Policy = Configuration guaranteed Full audit: who did what and when Backup and Restore full DC configuration End-Point-Tracking Determine what was on network at any time
Application Centric Infrastructure Solution Overview ACI Ecosystem Partners Automation Hypervisor Management OVM Enterprise Monitoring Systems Management Orchestration Frameworks Application Network Profile APIC Centralized Policy Management Open APIs, Open Source, Open Standards TURN-KEY OPEN Fabric Physical Networking Hypervisors and Virtual Networking Compute L4 L7 Services Storage Multi DC WAN and Cloud Nexus 7K End Points Physical & Virtual Nexus 2K Integrated WAN Edge
Scorecard for 6 Quarters of Shipment: Nexus 9K Customers Globally ACI Customers Globally Ecosystem Partners
www.cisco.com/go/aci