VACS: Secure Application Segmentation in Minutes

Similar documents
Cisco Prime Network Services Controller. Sonali Kalje Sr. Product Manager Cloud and Virtualization, Cisco Systems

Installing Intercloud Fabric Firewall

HAWAII TECH TALK SDN. Paul Deakin Field Systems Engineer

UCS Director Cisco ONE Enterprise Cloud Suite

Understanding Cisco Cloud Fundamentals CLDFND v1.0; 5 Days; Instructor-led

Network Services Orchestration Software Defined Networks, Network Function Virtualization - TODAY

Cisco Network Services Manager 5.0

Cisco Hybrid Cloud Solution: Deploy an E-Business Application with Cisco Intercloud Fabric for Business Reference Architecture

Why Cisco for Cloud? IT Service Delivery, Orchestration and Automation

Empowering Private Cloud with Next Generation Infrastructure. Martin Ip, Head of Advanced Solutions and Services Macroview Telecom

Simplify IT. With Cisco Application Centric Infrastructure. Barry Huang Nov 13, 2014

Outline. Why Neutron? What is Neutron? API Abstractions Plugin Architecture

Planning, Provisioning and Deploying Enterprise Clouds with Oracle Enterprise Manager 12c Kevin Patterson, Principal Sales Consultant, Enterprise

Simplify IT. With Cisco Application Centric Infrastructure. Roberto Barrera VERSION May, 2015

Intro to NSX. Network Virtualization VMware Inc. All rights reserved.

Palo Alto Networks. Security Models in the Software Defined Data Center

Cisco ASA 1000V Cloud Firewall

Course. Contact us at: Information 1/8. Introducing Cisco Data Center Networking No. Days: 4. Course Code

The Path to the Cloud

CCNA DATA CENTER BOOT CAMP: DCICN + DCICT

The Evolving Data Center. Past, Present and Future Scott Manson CISCO SYSTEMS

How To Build A Software Defined Data Center

Cisco Intercloud Fabric for Business

Shifting Roles for Security in the Virtualized Data Center: Who Owns What?

Agenda. Importance of UCS Director in an ACI Environment Integration Overview and Key Concepts Use-Case Demonstrations Conclusion Q&A

Business Values of Network and Security Virtualization

Cisco ACI Simulator Release Notes, Release 1.2(1i)

DCICT: Introducing Cisco Data Center Technologies

Transform Your Business and Protect Your Cisco Nexus Investment While Adopting Cisco Application Centric Infrastructure

Cisco OverDrive Network Hypervisor 4.0

Apache CloudStack 4.x (incubating) Network Setup: excerpt from Installation Guide. Revised February 28, :32 pm Pacific

Private Cloud Management

VMware vcloud Networking and Security Overview

How Network Virtualization can improve your Data Center Security

Deploy Your First CF App on Azure with Template and Service Broker. Thomas Shao, Rita Zhang, Bin Xia Microsoft Azure Team

Installing and Configuring vcloud Connector

ANZA Formación en Tecnologías Avanzadas

INTRODUCTION TO CLOUD MANAGEMENT

Cisco Secure Network Container: Multi-Tenant Cloud Computing

Unleash the IaaS Cloud About VMware vcloud Director and more VMUG.BE June 1 st 2012

Implementing and Troubleshooting the Cisco Cloud Infrastructure **Part of CCNP Cloud Certification Track**

White Paper. Juniper Networks. Enabling Businesses to Deploy Virtualized Data Center Environments. Copyright 2013, Juniper Networks, Inc.

Moving beyond Virtualization as you make your Cloud journey. David Angradi

Cisco Intercloud Fabric Getting Started Guide, Release 2.3.1

Installing and Using the vnios Trial

Cisco-Citrix Alliance

Unleash the power of Cisco ACI and F5 Synthesis for Accelerated Application deployments. Ravi Balakrishnan Senior Marketing Manager, Cisco Systems

Cisco Intercloud Fabric Security Features: Technical Overview

Cisco Virtual Network Management Center

BMC Cloud Management Functional Architecture Guide TECHNICAL WHITE PAPER

Simplified Private Cloud Management

Installing the Cisco Nexus 1000V for Microsoft Hyper-V

SDN Solutions ~SDN for Carrier Data Center~ November, 2013 NEC Corporation

Virtualization, SDN and NFV

VMware Software Defined Network. Dejan Grubić VMware Systems Engineer for Adriatic

Virtual Machine Manager Domains

Datacenter Networking. Joy ABOIM Consulting System Engineer

SDN v praxi overlay sítí pro OpenStack Daniel Prchal daniel.prchal@hpe.com

About the VM-Series Firewall

Next Gen Data Center. KwaiSeng Consulting Systems Engineer

Oracle Reference Architecture and Oracle Cloud

Journey to the Cloud and Application Release Automation Shane Pearson VP, Portfolio & Product Management

Cisco Unified Data Center

Networking Topology For Your System

Service Automation to implement and operate your Cloud initiatives

Guide to the LBaaS plugin ver for Fuel

MANAGEMENT AND ORCHESTRATION WORKFLOW AUTOMATION FOR VBLOCK INFRASTRUCTURE PLATFORMS

2013 ovh.com. All rights reserved

CLOUDFORMS Open Hybrid Cloud

Administration Guide for the System Center Cloud Services Process Pack

Avaya Virtualization Provisioning Service

Architecting Data Center Networks in the era of Big Data and Cloud

Introduction... 4 Purpose... 4 Scope... 4 Audience... 5 Feedback... 5

SSL VPN. Virtual Appliance Installation Guide. Virtual Private Networks

Architecting and Building a Secure and Compliant Virtual Infrastructure and Private Cloud

VMware Cloud Computing in de praktijk VMware Inc. All rights reserved

Software Defined Environments

Microsegmentation Using NSX Distributed Firewall: Getting Started

Technical Note. vsphere Deployment Worksheet on page 2. Express Configuration on page 3. Single VLAN Configuration on page 5

CloudCenter Full Lifecycle Management. An application-defined approach to deploying and managing applications in any datacenter or cloud environment

On-Demand Infrastructure with Secure Networks REFERENCE ARCHITECTURE

Outline VLAN. Inter-VLAN communication. Layer-3 Switches. Spanning Tree Protocol Recap

Cisco and Canonical: Cisco Network Virtualization Solution for Ubuntu OpenStack

IT Infrastructure Services. White Paper. Utilizing Software Defined Network to Ensure Agility in IT Service Delivery

Managed Cloud Services

SDN PARTNER INTEGRATION: SANDVINE

Enabling Application Defined Networking with F5 Synthesis and Cisco Application Centric Infrastructure

AVI NETWORKS CLOUD APPLICATION DELIVERY PLATFORM FOR VMWARE VCLOUD AIR

How Cisco IT Automated End-to-End Infrastructure Provisioning In an Internal Private Cloud

VMUG - vcloud Air Deep Dive VMware Inc. All rights reserved.

SOFTWARE DEFINED NETWORKING

VMware NSX A Perspective for Service Providers part 2

Installation Guide Avi Networks Cloud Application Delivery Platform Integration with Cisco Application Policy Infrastructure

Hybrid Cloud: Overview of Intercloud Fabric. Sutapa Bansal Sr. Product Manager Cloud and Virtualization Group

AppStack Technology Overview Model-Driven Application Management for the Cloud

Aligning Applications and Connectivity to Enable Fast And Safe Cloud Computing Derrick Loi, May 2015

Transcription:

VACS: Secure Application Segmentation in Minutes Joachim Jerberg Jensen Systems Engineer, Global Service Providers CCIE SP #42403 September 2015

Agenda VACS overblik 4 slides Container Topologies Deployment process Hvad er nyt I VACS 2.0 Customization Demo af portal og VACS UCS-D komponent Cisco Confidential 2

VACS Overview Cisco Confidential 3

Cisco Virtual Application Container Services (VACS) Secure segmentation in minutes on shared infrastructure Simplified virtual networking and security Unified virtual services licensing: cost-effective solution Cisco Confidential 4

Secure Segmentation in Minutes on Shared Infrastructure Current physically segmented architecture Virtual segmentation with VACS Physical segmentation results in longer provision time and under-utilized resources Procure, rack, stack and provision individual devices Secure segmentation in mins on shared infrastructure Enforced by best in class virtual networking and security services Simplified virtual networking and security Vcenter Virtual segmentation independent of physical topology VACS VACS Unified virtual services licensing: cost-effective solution Vcenter Cisco Confidential 5

Simplified Virtual Networking and Security on Shared Infrastructure Current provisioning model Wizard based provisioning model with full life cycle mgmt. of virtual services No longer have to configure individual components. VACS does it for you. VACS VACS Provisions subnet / NAT / Routing Provisions VIP Provision FW rules / GW Vcenter Vcenter Cisco Confidential 6

Unified Virtual Services Licensing Per Server Based Current pricing schema makes virtual services cost prohibitive Every vendor has different licensing schema Per instance based Expensive as throughout increases Automated Provisioning and Orchestration UCS director Load-balancer HA Proxy VACS Routing CSR 1000V Edge FW CSR 1000V Zone based FW Virtual Security Gateway Unified Licensing Per Server Based Create as many instances as you need and with 10G throughput! Virtual Fabric Nexus 1000V Platform for Distribute FW HA Proxy in VACS 2.0 GA June 15 Cisco Confidential 7

Container Topology Configuration Cisco Confidential 8

What is a VACS Container? VACS Containers are: Virtual Network & Security Services VACS Templates for Application Workloads Topology Configurations designed for logical secure isolation and compliance Exposed through UCS-D GUI to allow rapid and consistent provisioning of Secure Applications Cisco Confidential 9

Types of VACS Logical Container Templates VACS VACS VACS 3 Tier - Internal Access 3 Tier - External Access Custom Container Cisco Confidential 10

Deeper View: VACS Containers 3-Tier (Internal) Upstream Router Routing EIGRP or OSPF or Static CSR 1000V VLAN 1/ VXLAN 101 VACS 3 Tier App Container (Internal) NAT (Optional) L3 Routing EIGRP or OSPF (P2) Edge FW Monitoring Features VSG Zone based FW HA Proxy HTTP(s) LB Web Zone App Zone DB Zone Cisco Confidential 11

Deeper View: VACS Containers 3-Tier (External) Upstream Router Routing EIGRP or OSPF or Static CSR 1000V VLAN 1/ VXLAN 101 VACS 3 Tier App Container (External) NAT (Optional) L3 Routing EIGRP or OSPF (P2) Edge FW Monitoring Features VSG Zone based FW HA Proxy HTTP(s) LB Web Zone App Zone DB Zone Cisco Confidential 12

Custom VACS Containers Upstream Router Routing EIGRP or OSPF or Static VACS Custom Container CSR 1000V VLAN 1/ VXLAN 101 NAT (Optional) L3 Routing EIGRP or OSPF (P2) Edge FW Monitoring Features VSG Zone based FW HA Proxy Any Zone LB Zone 1 Zone 2 Cisco Confidential 13

Going forward - Build container with GW of choice Built-In GW Physical GW Other Virtual GW VM VM VM VM VM VM VM VM VM VACS VACS VACS Virtual GW CSR 1,000v Physical GW ASA/Checkpoint, PAN External Virtual GW ASAv, vgw, vpan * VACS 2.0 GA June 15 Cisco Confidential 14

Example Physical Topology Nexus 5000 Nexus 5000 Nexus FEX Nexus FEX Static or mac-pinning vpc mac-pinning Static or mac-pinning (single trunk supported but not recommended) Server-1 / VEM-1 Server-2 / VEM-2 Server-n / VEM-n UCS-D PNSC Vmware HA vsum Nexus 1000V Manager N1KV VSM HA Pair UCS-D HA Pair Tier 1 VM 1 Tier 1 VM 2 Tier 1 VM 3 N1KV VSM Note: HA is optional for Beta VSG CSR 1000V VACS Container Cisco Confidential 15

VACS Deployments Service Provider Managed Cloud DC Enterprise Multi-Tenant Private Cloud Cisco Confidential 16

Deployment process Cisco Confidential 17

VACS Deployment Phases Day 0 Day 1 Day 2 Day 3+ Review System Requirements/ Fill out deployment worksheet Provision VC and Hosts Allocate IP addresses and IP Address Pools Download necessary files Install UCS-Director Install VACS patch Install UCSD and VACS licenses Install CSR License Perform Package Upload Add Virtual Physical and Virtual Accounts Configure UCSD Cloud Components: Site Pod Cloud Provision VACS Management Components: PNSC N1KV/VSG Hosts Review Container Template Requirements Configure Policy Elements: Compute, Storage, VM Templates, Mgmt and VM IP Pools, VLAN and VXLAN Pools Setup customer Access Controls for custom containers, if required Setup Secure VACS containers using self-service portal GUI Publish Templates to a Self- Service Catalog for end-users Train end-users on ordering containers and managing workload VMs lifecycle Train system admins and operations team on VACS secure container concepts, etc. Server Admin Server Admin SMEs End-Users Cisco Confidential 18

VACS Deployment Phases Day 0 Day 1 Day 2 Day 3+ Review System Requirements/ Fill out deployment worksheet Provision VC and Hosts Allocate IP addresses and IP Address Pools Download necessary files Install UCS-Director Install VACS patch Install UCSD & VACS licenses Install CSR License Perform Package Upload Add Virtual Physical & Virtual Accounts Configure UCSD Cloud Components: Site Pod Cloud Provision VACS Management Components: PNSC N1KV/VSG Hosts Review Container Template Requirements Configure Policy Elements: Compute, Storage, VM Templates, Mgmt & VM IP Pools, VLAN & VXLAN Pools Setup customer Access Controls for custom containers, if required Setup Secure VACS containers using self-service portal GUI Publish Templates to a Self- Service Catalog for end-users Train end-users on ordering containers and managing workload VMs lifecycle Train system admins and operations team on VACS secure container concepts, etc. Server Admin Server Admin SMEs End-Users Cisco Confidential 19

VACS Admin Experience Install UCSD 1 Initial Setup Install UCS Director as the VACS Management Console 2 Apply VACS Patch 3 Apply the UCSD & VACS Licenses UCS-D UCS / Cloud Services Platform UCS 1 UCS N Cisco Confidential 20

VACS Deployment Phases Day 0 Day 1 Day 2 Day 3+ Review System Requirements/ Fill out deployment worksheet Provision VC and Hosts Allocate IP addresses and IP Address Pools Download necessary files Install UCS-Director Install VACS patch Install Latest VACS Workflows Install UCSD & VACS licenses Install CSR License Perform Package Upload Add Virtual Physical & Virtual Accounts Configure UCSD Cloud Components: Site Pod Cloud Provision VACS Management Components: PNSC N1KV/VSG Hosts Review Container Template Requirements Configure Policy Elements: Compute, Storage, VM Templates, Mgmt & VM IP Pools, VLAN & VXLAN Pools Setup customer Access Controls for custom containers, if required Setup Secure VACS containers using self-service portal GUI Publish Templates to a Self- Service Catalog for end-users Train end-users on ordering containers and managing workload VMs lifecycle Train system admins and operations team on VACS secure container concepts, etc. Server Admin Server Admin SMEs End-Users Cisco Confidential 21

VACS Admin Experience Install UCSD 1 Setup Virtual Accounts 2 Setup Physical Accounts 3 Create Groups and Users UCS-D UCS / Cloud Services Platform UCS 1 UCS N Cisco Confidential 22

VACS Admin Experience Install VACS Management Components Install Management Components q Install CSR Token q Install PNSC from GUI (Wizard Driven) q Install N1KV VSM from GUI (Wizard Driven) q Install VEMs via GUI also wizard driven UCS-D VSM PNSC UCS / Cloud Services Platform VEM UCS 1 VEM UCS N Cisco Confidential 23

VACS Deployment Phases Day 0 Day 1 Day 2 Day 3+ Review System Requirements/ Fill out deployment worksheet Provision VC and Hosts Allocate IP addresses and IP Address Pools Download necessary files Install UCS-Director Install VACS patch Install Latest VACS Workflows Install UCSD & VACS licenses Install CSR License Perform Package Upload Add Virtual Physical & Virtual Accounts Configure UCSD Cloud Components: Site Pod Cloud Provision VACS Management Components: PNSC N1KV/VSG Hosts Review Container Template Requirements Configure Policy Elements: Compute, Storage, VM Templates, Mgmt & VM IP Pools, VLAN & VXLAN Pools Setup customer Access Controls for custom containers, if required Setup Secure VACS containers using self-service portal GUI Publish Templates to a Self- Service Catalog for end-users Train end-users on ordering containers and managing workload VMs lifecycle Train system admins and operations team on VACS secure container concepts, etc. Server Admin Server Admin SMEs End-Users Cisco Confidential 24

VACS User Experience Define Global Resource Pools Define Global Resource Pools Ø Define Global Resource Pools q Create Pools of resources for later consumption: q VLAN Pools: VLAN / VXLAN Pools CSR External interface VLAN ID q IP Pools: Global and/or NAT IP Pool VSG Management IP Pool VSG Data IP pool CSR External Subnet IP Pool UCS-D VSM PNSC VEM UCS / Cloud Services Platform UCS 1 VEM UCS N Cisco Confidential 25

VACS Deployment Phases Day 0 Day 1 Day 2 Day 3+ Review System Requirements/ Fill out deployment worksheet Provision VC and Hosts Allocate IP addresses and IP Address Pools Download necessary files Install UCS-Director Install VACS patch Install Latest VACS Workflows Install UCSD & VACS licenses Install CSR License Perform Package Upload Add Virtual Physical & Virtual Accounts Configure UCSD Cloud Components: Site Pod Cloud Provision VACS Management Components: PNSC N1KV/VSG Hosts Review Container Template Requirements Configure Policy Elements: Compute, Storage, VM Templates, Mgmt & VM IP Pools, VLAN & VXLAN Pools Setup customer Access Controls for custom containers, if required Setup Secure VACS containers using self-service portal GUI Publish Templates to a Self- Service Catalog for end-users Train end-users on ordering containers and managing workload VMs lifecycle Train system admins and operations team on VACS secure container concepts, etc. Server Admin Server Admin SMEs End-Users Cisco Confidential 26

VACS in motion - Container Definition & Deployment (Admin View) 3 Tier App Container Template Create container in less than 6 questions Ø Create Template Ø Deploy Container Deploy from Container Templates dynamically installs & licenses VSG, CSR1000V VACS Container Deployment cut from weeks to mere minutes (approximately 20 minutes) Optionally you can deploy VMs along with Container reducing additional steps. UCS-D VSM PNSC UCS / Cloud Services Platform VEM UCS 1 VEM UCS N Cisco Confidential 27

VACS in motion - Container Definition & Deployment (User View) Ø Template are published by Administrators Ø End Users can Deploy Containers themselves Deploy from Container Templates dynamically installs & licenses VSG, CSR1000V dynamically deploys VMs/Apps VACS Container Self Service Portal Deploy without having to engage with IT team Worry free deployments UCS-D VSM PNSC UCS / Cloud Services Platform VEM UCS 1 VEM UCS N Cisco Confidential 28

VACS in motion Deploy Tiered App 1 Add VMs to the Container VACS Container UCS-D VSM PNSC UCS / Cloud Services Platform VEM UCS 1 VEM UCS N Cisco Confidential 29

What is new in VACS 2.0 Cisco Confidential 30

Server Load Balancing as part of VACS container Server Load Balancing functionality supported through open source HAProxy Available for both out-of-box and custom containers Cisco Confidential 31

Building VACS container with Gateway of choice Flexibility in combining VACS services with user-deployed services Available for custom containers VACS provisions the application VMs Gateway IP needs to be manually configured by user on the external gateway Cisco Confidential 32

Further Customization to VACS Cisco Confidential 33

Further customization for Expert Users Use Case: 1. Insert a shell script after Container deployed 2. Add PVLAN to a N1KV port profile 3. Update DNS server after container is created Solution: 1. UCS Director allows custom workflows using custom tasks (scripts) 2. Create custom task 3. Create a custom workflow by appending custom task to the VACS container Type of Task Description SSH Command task Collect Inventory task Execute Cloupia Script task Notify URL task Custom Tasks allowed Executes a command in a secure shell (SSH) session Collects inventory collection task for available devices Execute a script within a workflow Notifies the specified URL Cisco Confidential 34

Creating custom workflows Cisco Confidential 35

VACS Offers for FY15 A la carte SKU s Software only Cisco ONE for Data Center Software only Key Licensing Points: 1. VACS Licensing same as UCSD License per Server for 50 VMs Includes all component product license N1Kv, VSG and CSR 1000V (VACS functionality only) Cisco Confidential 36

Al-a-carte SKU for VACS Option 1: For Existing UCSD Customers Option 2: For New UCSD & VACS Customer or Existing Nexus 1000V Customers Promo Bundle - $6000 LIST/server VACS: VACS - $4500 LIST/server Secured Containers + Virtual Services $4500 LIST Per Server Perpetual Secured Containers + Virtual Services UCS Director: Physical + Virtual Infra Management 4 Months Promo Volume Discounts SKU Available SKU: CUIC-VACS-SVR-PROM Cisco Confidential 37

Demo Cisco Confidential 38

Thank you.

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information