Simplify IT. With Cisco Application Centric Infrastructure. Roberto Barrera rbarrera@grupo-dice.com. VERSION May, 2015

Simplify IT With Cisco Application Centric Infrastructure Roberto Barrera rbarrera@grupo-dice.com VERSION May, 2015

Content Understanding Software Definded Network (SDN) Why SDN? What is SDN and Its Benefits? Understanding OpenFlow What is OpenFlow SDN vs OpenFlow SDN Ecosystem SDN Vendors VERSION May, 2015

VERSION May, 2015 Why SDN?

Decoupling the system that makes decision about where traffic is sent (the control plane) from the underlying systems that forwards traffic to the selected destination (the data plane) What is SDN? Benefits Centralization of Control of the Network via eparation of Control Logic to Off Device Compute that enables automation and orchestration of network services via Open Programatting Interfaces. Efficiency: Optimaze existing application, services and Infrastructure. Scale: rapidly grow existing applications and services. Innovation: Create and deliver new types of applications and services and business models. VERSION May, 2015

What is OpenFlow OpenFlow is a standars based protocol allowing for a centralized control plane in a separate divice (the controller) Provides hardware abstraction Is managed by the Open Networking Foundation (ONF) Is asynchronous. VERSION May, 2015

SDN vs OpenFlow Application Layer Business Application API API API Control Layer Network Services Network Services Network Services Infraestructure Layer VERSION May, 2015

SDN vs OpenFlow SDN is not a Technology, it is a architecture There is nothing that can be implemented using SDN and not with traditional networks While SDN is a architecture, OpenFlow is a Protocol that enables deployment and implementation of it VERSION May, 2015

VERSION May, 2015 Some SDN Vendors

AGENDA Challenges and Opportunities Application Centric Infrastructure and Business Benefits What problem are we trying to solve and how do we solve it Open, Open and Open Summary and Q&A 2013-2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 9

ACI Addresses Business Objectives Best Customer Service Product and Service Innovation IT as a Competitive Advantage Increased Business Insight Accelerated Application Delivery Flexible Infrastructure Greater Visibility and Analytics Simplified Processes Compliance and Governance Auditing and Forensics Integration Security Intelligence Alignment with Business Objectives CEO CIO CISO ACI Benefits Competitive Advantage 2014 Cisco and/or its affiliates. All rights reserved. Business Agility Lower TCO Reduced Risk Cisco Confidential 10

IT Challenges and Opportunities Better alignment of IT with rapidly changing business needs requires dynamic and automated policy-based control of DC and Cloud infrastructure. Technology Transitions CIOs need a model that balances agility & risk. Public Cloud Offerings Brings new and different security and operational challenges/opportunities. IT Processes Policy semantics impede alignment of IT with business. 2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 11

Introducing: Application Centric Infrastructure Apps + Infrastructure Open + Secure Physical + Virtual On-Premises + Cloud Application Oriented Policy = Operational Simplicity 2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 12

Application Centric Infrastructure Customer Business Benefits Deploy applications faster Workload mobility Higher application availability Compliant and secure CapEx reduction Single open API for entire system Network Service Appliances H Y P E R V I S O R X86 Multi-Hypervisor H Y P E R V I S O R H Y P E R V I S O R Customer Operational Benefits Application Centric Infrastructure East-West optimized for all workloads Risk mitigation Better utilization of resources Operational efficient / zero touch deployment and de-commissioning Self documenting network Simplified day-2 troubleshooting OpEx reduction X86-Virtual Machines & Virtual Appliances X86 Servers Unix Systems P and Z systems IP Storage 2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 13

ACI: Business Outcome and Benefits for Cisco IT Cisco ACI is an open, future-proofed data center architecture that can continue to grow as we enhance client services. Chuck Crane Network and Security Architect, Axciom (Transitioning from AWS to Private Cloud) Cisco s open standards approach makes ACI even stronger. We conducted testing on ACI it fully delivered everything we expected, and proved to be quite stable and mature. Nik Weidenbacher Principal Engineer, SunGard This will enable Telstra to deliver service agility, security and performance that our customers expect from an enterprise grade cloud. Erez Yarkoni Executive Director, Telstra Greater Business Agility Lower Capital Expenses Reduced Costs/ Complexity Lower Operating Cost Resource Optimization 58 % Reduce Network Provisioning 25 % CAPEX Reduction 21 % Reduce Management Costs 45 % Reduce Power and Cooling Costs 10-20 % Compute and Storage Optimization 2013-2014 Cisco and/or its affiliates. All rights reserved. Source: Cisco IT Cisco Confidential 14

ACI Addresses the Security Challenge in the DC Security Expressed in Application Language Simplified Policybased Segmentation Network Services Automation, Open Eco- System Visibility, Analytics, Forensics Automate Compliance, Centralized Audit Centralized Security Across Physical and Virtual 2013-2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 15

Investment Protection Extending ACI into the existing infrastructure Extend ACI Model on existing IP networks, L4-7 Services, Hypervisors Existing Nexus networks PROFILE ACI Fabric AVS Extended ACI POLICY Bare Metal AVS Hypervisors VM s Bare Metal Hypervisor VMs 2013-2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 16

ACI is evolving the network infrastructure to be an enabler for faster application deployment. 2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 17

Two Types of Languages Infrastructure Language App Language VLAN IP Address Subnets Firewalls Quality of Service Load Balancer Access Lists Human Translator Application Tier Policy and Dependencies Security Requirements Service Level Agreement Application Performance Compliance Geo Dependencies 2013-2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 18

Data Center Automation Manual versus Policy Driven Architect it Design it Procure it Install it Configure it Secure it QA it Is it ready? Architect it Design it ACI Policy Driven Is procured Is installed Is configured Is secured Is QA d It is ready Service Request ARCHITECT DESIGN COMPUTE 2014 Cisco and/or its affiliates. All rights reserved. Application SERVICES SECURITY NETWORK Available Application Available Cisco Confidential 19

Data Center Automation and IT Collaboration Today: Serialized Configuration and Management MANUAL PROCESS LEADS TO INCREASED DEPLOYMENT TIMES Application Requirements COMPUTE SERVICES NETWORK SECURITY Successful Deployment Deployment Trigger Configuration Mismatch Policy Violation Service Request ARCHITECT DESIGN COMPUTE 2014 Cisco and/or its affiliates. All rights reserved. SERVICES SECURITY NETWORK Application Available Cisco Confidential 20

Data Center Automation and IT Collaboration ACI: Common Policy Framework and Operational Model POLICY-BASED AUTOMATION Deployment Trigger STORAGE SECURITY Application Requirements COMPUTE Application Policy NETWORK Defined set of application requirements APPLICATION CLOUD Team builds application policy and template Operations team deploys with minimal risk and maximum speed Service Request ARCHITECT 2014 Cisco and/or its affiliates. All rights reserved. DESIGN Application Available Cisco Confidential 21

A new common language to describe desired state is needed. 2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 22

An Innovative Approach to Policy Provided Contract Provided Contract Provided Contract OUTSIDE F/W ADC WEB ADC APP DB What is an application policy? 1. 2. 3. Group: A set of virtual or physical workloads with the same policy Contracts: A set of rules governing communication between groups Service Chains: A set of network services between groups 2013-2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 23

Policy is Business Relevant Application Centric Infrastructure (ACI) allows the entire infrastructure to take commands in a business-relevant language. ACI Policy Aligned with Applications Traditional Policy Aligned with.? Let my app servers talk to my web servers. 1. Figure out where app lives in physical net 2. Trunk VLAN 112 to switch 22. 3. Add route. 4. Plumb ports 7-12 5. Configure ACL 6. Apply QoS 2013-2014 Cisco and/or its affiliates. All rights reserved. 7. Repeat every time app moves or needs more capacity Cisco Confidential 24

The Benefits of an Application Centric Policy Application Workload Mobility Health Score TENANT APPLICATION Health Score Systems Telemetry 0 Packets dropped 25 Packets dropped Systems Telemetry Latency 0 0 0 7 0 0 0 6 Latency Isolation Isolation CONSISTENT VISIBILITY ACROSS CLOUD AND DC 2013-2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 25

Simplify IT Combining Public and Private Cloud Enterprise Cloud APIC Provider Cloud F/W WE AP ADC L/B WEB ADC L/B APP DB B P InterCloud Secure Connection WE F/W ADC L/B WEB ADC L/B F/W B WE ADC L/B WEB ADC L/B F/W B WE ADC L/B WEB ADC L/B B AP APP P AP APP P AP APP P Consistent ACI Policy Across Public and Private Clouds 2013-2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 26

Open Open Source, Open Standards, Open Interfaces 2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 27

Opening the ACI Policy with OpFlex OPFLEX PROTOCOL + ECOSYSTEM APIC OPEN SOURCE Open source implementation available to anyone OPFLEX STANDARD Upcoming OpFlex standard through IETF L4-7 DEVICE HYPERVISOR SWITCH ECOSYSTEM Broad, growing vendor support including hypervisor, network, and L4-7 2013-2014 Cisco and/or its affiliates. All rights reserved. DELIVERING INVESTMENT PROTECTION BY ALLOWING ANY DEVICE TO INTEGRATE WITH CISCO ACI Cisco Confidential 28

Open: APIC Programming Interfaces Automation Hypervisor Management OVM Enterprise Monitoring Systems Manageme nt Orchestration Frameworks Open REST APIs Support Integration With Any Software Applications NORTHBOUND PROGRAMMABILITY LAYER APIC OpFlex: Open Fabric Attached Device API Supports Integration with Any Network Device SOUTHBOUND PROGRAMMABILITY LAYER 2013-2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 29

The ACI Fabric HYPERVISOR HYPERVISOR HYPERVISOR 2013-2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 30

Open and Secure from the Ground Up OPEN SOURCE WITH ADVANCED SECURITY Policy OPEN STANDARDS NSH VXLAN OpFlex + RBAC Encryption Auditing Tenant Isolation OPEN INTERFACES JSON XML REST OpFlex 2013-2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 31

Summary: Our Direction Data centers and cloud network infrastructures, both physical and virtual, will no longer be configured, will not be software defined (or programmed), but instead will be Policy Driven and Application Centric. 2013-2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 32

Thank you.

Open and Secure from the Ground Up OPEN SOURCE WITH ADVANCED SECURITY Policy OPEN STANDARDS NSH VXLAN OpFlex + RBAC Encryption Auditing Tenant Isolation OPEN INTERFACES JSON XML REST OpFlex 2013-2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 34