Cisco Intercloud Fabric for Business,helping enterprises move to hybrid cloud
Chhavi NijhawanTechnical Marketing Engineer,
Cloud Network Services Group, Cisco Systems
DEVNET-1009
© 2015 Cisco and/or its affiliates. All rights reserved. Cisco PublicDEVNET-1009 3
• Why Hybrid IaaS?
• Cisco Intercloud Fabric What and Why Architecture, Services Newly introduced features (release 2.2.1) Deployment Considerations References and related sessions.
• Q&A
Agenda
© 2015 Cisco and/or its affiliates. All rights reserved. Cisco PublicDEVNET-1009
DC/PrivateClouds
ProviderClouds
Why Hybrid IaaS?
Striking the Perfect Balance
Fixed workloads Elastic workloadsChoice to build / rent across providers
Workload portability Consistent security
Economics
SpeedScale
DataSovereignty
Control
Hybrid
Security
© 2015 Cisco and/or its affiliates. All rights reserved. Cisco PublicDEVNET-1009
Reality of Hybrid Cloud and Key Challenges
• Require App Re-Configuration
• Slow and Manual Process of Discovering Infrastructure Dependencies
• No Visibility or Control
Slow and Complex
• Inconsistent Cloud Architectures
• Fragmented Solutions Solving Networking and Security Challenges
• Different Management Tools
Siloed Infrastructure
• Unsecure Connection
• Limited Workload Protection
Loss of Security
© 2015 Cisco and/or its affiliates. All rights reserved. Cisco PublicDEVNET-1009 6
DC/Private Cloud
End User and IT Admin Portals
Secure Fabric Extender Network,
Compute, and Storage
vSphere
Hyper-V
KVM
Xen*
Intercloud Fabric for Business
EC2 APIs
Azure APIs
Provider Clouds
Intercloud Fabric for Providers
Cisco Powered Services and Cloud
Providers
Cisco Intercloud Fabric: Solution Overview
* Available in subsequent releases
© 2015 Cisco and/or its affiliates. All rights reserved. Cisco PublicDEVNET-1009
Intercloud Fabric Architecture
© 2015 Cisco and/or its affiliates. All rights reserved. Cisco PublicDEVNET-1009
Intercloud Fabric Structure
Cisco Intercloud Fabric Architecture is Modularized to Achieve the Elasticity Needed to Support Evolving Cloud Environments
ICF Extended Services + External Partners (storage, load balancing, etc.)
ICF Core ServicesSecurity Management
and VisibilityAutomationVM Portability
ICF Core Infrastructure ICFD PNSC ICFPPSecure
Communications
Private Cloud: Enterprise Public Cloud: Provider
Networking
© 2015 Cisco and/or its affiliates. All rights reserved. Cisco PublicDEVNET-1009
Intercloud Fabric Secure Extender(Secure Network Extension)
DC/Private Cloud
Provider Cloud
Cisco Intercloud Fabric Architectural Details
Intercloud Switch
VM Manager
Intercloud Fabric Services
Intercloud Extender
Intercloud Fabric
Director
End User and IT Admin PortalWorkload and Fabric Management
IT AdminsEnd Users
VM VM
VM VMIntercloud Fabric
for Business
Secure Layer 2 Extension to Cloud
Extend VLAN/VXLAN with DTLS/TLS/HTTPS Tunnel
Flexible Application Reachability
Enterprise IP Address or Provider IP Address
Network & Security Services
Inter-VM firewalling and routing
© 2015 Cisco and/or its affiliates. All rights reserved. Cisco PublicDEVNET-1009 10
Intercloud Fabric GUI -- admin
© 2015 Cisco and/or its affiliates. All rights reserved. Cisco PublicDEVNET-1009 11
Intercloud Fabric GUI -- user
© 2015 Cisco and/or its affiliates. All rights reserved. Cisco PublicDEVNET-1009 12
Intercloud Fabric GUI -- user
© 2015 Cisco and/or its affiliates. All rights reserved. Cisco PublicDEVNET-1009
Intercloud Fabric Services
© 2015 Cisco and/or its affiliates. All rights reserved. Cisco PublicDEVNET-1009
ICF Core Services
ICF Core ServicesFundamental Service Functions and Capabilities Integrated Natively to ICF and its Operation
Security
Management and Visibility
Automation and APIs
VM to VM and App-to-App security controls
Private and hybrid cloud monitoring capabilities
VM lifecycle capabilities, automated operations and Programmatic APIs
VM Portability VM format conversion and mobility
Networking Switching, routing and other advanced network-based capabilities
© 2015 Cisco and/or its affiliates. All rights reserved. Cisco PublicDEVNET-1009
Core Services: VM Portability
VM portability is the process or converting an existing image from the source cloud format to the destination cloud format, and placing it on the destination cloud with its associated policy
Value: VMs can be placed on any cloud independently from the origin cloud and hypervisor flavor, yet conserving the application related policies
Key VMPortabilityFunctions:
FormatConversion
PolicyPortability
and Control
Driver(Agent)
ApplicationInstantiation
© 2015 Cisco and/or its affiliates. All rights reserved. Cisco PublicDEVNET-1009
Intercloud Fabric Services
VM is powered up on public cloud and management continues through Intercloud Fabric Director 4
VM Portability: Migration Across Hybrid Cloud
Intercloud Fabric Secure Extender
DC/Private Cloud
Provider Cloud
Intercloud Switch
Intercloud Extender
IT AdminsEnd Users
VM
VM VM
Image is converted to public cloud format (e.g., AMI) and migrated to public cloud
3
End user/admin triggers VM migration to cloud
1
VM is shut down and Intercloud Fabric driver added2
VM ManagerIntercloud
Fabric Director
Intercloud Fabric for Business
© 2015 Cisco and/or its affiliates. All rights reserved. Cisco PublicDEVNET-1009
ICF VM Image Conversion
Install Driver andNormalize to Raw
Convert Normalized Imageto Provider Format
Provider Image
Storage
Image
Install Driver and Keys
Import Source Image
ISO RAW
VMDK OVAVM
Manager
Convert Raw Image to Provider Format
Converted Raw
Image
RAW
Upload VM Image to Datastore
Private Cloud
PublicCloud
Converted Image
AMI VHD
VMDK OVA
Uninstall Driver andNormalize to Private Format
Convert Cloud Image to RAW Format
Remove Driver and
Keys
Download Source Image
ISO RAW
VMDK OVAVM
Manager
Convert Image to
RAW Format
Converted Raw
Image
RAW
Download VM Image
fromDatastore
DownloadedImage
AMI VHD
VMDK OVA
Provider Image
Storage
Image
© 2015 Cisco and/or its affiliates. All rights reserved. Cisco PublicDEVNET-1009
Intercloud Fabric Features – Security
• Secure Tunnels• Site-to-Site tunnel - Enterprise to Cloud Provider
• UDP, TCP, HTTPS• Multiple encryption, hash, and rekey choices
• Access tunnel – intra VM communication in the provider Cloud• UDP• Multiple encryption, hash and rekey choices
• Cloud Security Groups• MAC Address Filtering• Intercloud Fabric Firewall
http://www.cisco.com/c/en/us/products/collateral/cloud-systems-management/intercloud-fabric/white-paper-c11-734535.html
Encryption algorithm – AES-128-GCM, AES-128-CBC, AES-256-GCM (Suite B), AES-256-CBC
Hashing algorithm – SHA-1, SHA-256, SHA-384
Private CloudCisco Intercloud Fabric Security Features: Technical Overview White Paper
ICX
Public Cloud
ICS
VM
VMPrivate
© 2015 Cisco and/or its affiliates. All rights reserved. Cisco PublicDEVNET-1009
Intercloud Fabric Secure Extender(Secure Network Extension)
DC/Private Cloud
Provider Cloud
Intercloud Switch
Intercloud Fabric
Director
Intercloud Fabric for Business
Intercloud Extender
IT Admins Intercloud Fabric
Intercloud Fabric VSG: Protects VMs in Provider Cloud
Test VM
Test VM
Enterprise VSG: Protects VMs in Private Cloud
Single Security Policy for Private
and Provider Clouds
Web VM
Core Services: Firewalling/Zoning
© 2015 Cisco and/or its affiliates. All rights reserved. Cisco PublicDEVNET-1009
Intercloud Fabric for Business
Intercloud Fabric
Director
Enterprise VPN Access to Public cloud VMs
Core Services: Routing Across Hybrid Cloud
Direct access to public cloud VMs through NAT
Intercloud Fabric Secure Extender
DC/Private Cloud
Provider Cloud
Intercloud Extender
VM VM
VM VM
VLAN App
19.2.168.x.x
Default Gateway for VLAN A &B
VLAN Web
VMVM
VMVM
Provider Gateway
10.x..x.x
54.x..x.x
VLAN AIntercloud
Fabric CSR
Inter-VLAN communication through ICF Routing
VLAN B
192.168.x.x
Remote/ Branch Office
ISR
VPNVPN
MobileWorker
Mobile Worker
Intercloud Switch
© 2015 Cisco and/or its affiliates. All rights reserved. Cisco PublicDEVNET-1009
Newly released features (release 2.2.1)
© 2015 Cisco and/or its affiliates. All rights reserved. Cisco PublicDEVNET-1009
New Features
Security
Automation and APIs
Networking
Platform Features
Intercloud Fabric Router (Integrated) support on Azure
Cloud Security Groups, Intercloud Fabric Firewall on Azure and Cisco Intercloud Services
Seamless Upgrade support, AWS VPC support, limited support for Hyper-V and KVM/Openstack platforms
Management and Visibility
ERSPAN, Netflow for Traffic Visibility, Cloud VM on-boarding into ICF management
End User Single Pane of Glass through Integration with PSC version 11.0
Storage Support for Multiple Disks within Guest VMs
© 2015 Cisco and/or its affiliates. All rights reserved. Cisco PublicDEVNET-1009
What is ICF Onboard VM feature?
• User could have created VM directly on provider cloud before or after installing ICF
• These VMs are not secured by the IcfCloud bubble and not layer 2 extended from enterprise cloud
• User wants to bring it into the secure IcfCloud bubble so that it can be managed from single place and make use of enterprise IP to manage them securely – this is the shadow IT use case
The onboarding feature is about bringing these non ICF VM into ICF
© 2015 Cisco and/or its affiliates. All rights reserved. Cisco PublicDEVNET-1009
Onboarding cloud VM into ICF
Tenant Virtual Network 10.1.1.0/24
Gateway 10.1.1.1 Tenant
VM 1
Guest 10.1.1.3
Tenant ICS
Guest 10.1.1.2
TenantVirtual Router
Public IP 65.37.141.1165.37.141.36
Internet
cVSM
VMVM
ICXSecureAccess Tunnels
IntercloudFabric
Director
192.168.1.2192.168.1.1 192.168.1.3
192.168.1.4
EnterpriseSubnet
EnterpriseSubnet
Interfaces
ICFDAdmin
SP Public Cloud
Datacenter
Enterprise Private Cloud
Datacenter
Tenant VM 2
Guest 10.1.1.4
Secure Network Extender
icfLink
icfCloud
Tenant VM 3
Guest 10.1.1.5
Step 1: Download ICF
Onboarding package
Step 2: Install ICF
Onboarding package
Step 3: Onboard VM from
provider
Tenant VM 3
Guest 10.1.1.5
192.168.1.5
© 2015 Cisco and/or its affiliates. All rights reserved. Cisco PublicBRKCLD-2003
Deployment Considerations
© 2015 Cisco and/or its affiliates. All rights reserved. Cisco PublicDEVNET-1009
Supported enterprise hypervisors: Vmware vSphere (5.1,5.5) OpenStack KVM (Icehouse) Microsoft System Center Virtual Machine Manager(SCVMM 2012 R2)
Providers: Amazon Web Services, Azure, Cisco Integrated Services
• OS Versions:• RHEL 6.0 - 6.5: 64-bit versions • CentOS 6.2 - 6.5: 64-bit versions • Windows 2008 R2 SP1 • Windows 2012 • Windows 2012 R2 • SUSE Linux 11 SP2 and SP3
Cisco Intercloud Fabric Support Matrix
© 2015 Cisco and/or its affiliates. All rights reserved. Cisco PublicDEVNET-1009
Key Benefits of Intercloud Fabric
© 2015 Cisco and/or its affiliates. All rights reserved. Cisco PublicDEVNET-1009
• Consistent architecture across heterogeneous environments – any hypervisor to any cloud
• Secure communications between private and public cloud and between VMs in the public cloud
• Layer 2 extension provides seamless access to enterprise services from the public cloud - no change to applications
• Single point of cloud connection management – eliminate Shadow IT
• Workload portability - Image conversion and VM migration
• RBAC integrated with LDAP – Use existing security practices to protect access to cloud workloads
Key Benefits of Intercloud Fabric
© 2015 Cisco and/or its affiliates. All rights reserved. Cisco PublicDEVNET-1009
References and related sessions
© 2015 Cisco and/or its affiliates. All rights reserved. Cisco PublicDEVNET-1009 3434
Related Sessions @CiscoLive San Diego 2015.
Session ID Title
PSOCLD-1001 Hybrid Cloud with Intercloud Fabric
PSODCT-1009 Hybrid Clouds: Integrating the Enterprise Data Center and the Public Cloud
BRKCLD-2003 Building Hybrid Cloud Applications with Intercloud Fabric
TECCLD-3001 Intercloud Fabric Technical Deepdive
BRKCLD-1828 Designing Hybrid Cloud operations with ServiceGrid and Intercloud Fabric
DEVNET-1128 Cisco Intercloud Fabric NB Api's for Business & Providers
DEVNET-2009 Intercloud Fabric REST APIs for Providers
DEVNET-1120 Intercloud Fabric - AWS and Azure Account Setup and Utilization
DEVNET-1009 Cisco Intercloud Fabric for Business (ICFB), Helping Enterprises Move to Hybrid Cloud!
DEVNET-1136 Cisco ONE Enterprise Cloud Suite for Infrastructure Management
DEVNET-1008 Private or Public or Hybrid ? Which Cloud Should I choose?
© 2015 Cisco and/or its affiliates. All rights reserved. Cisco PublicDEVNET-1009 3535
Related Sessions @CiscoLive San Diego 2015.
Session ID Title
TECDCT-2750 Unleash the Power of Cisco ONE Enterprise Cloud Suite for Infrastructure Management and Automation
BRKDCT-2522 Cisco Enterprise Cloud Suite
BRKCLD-1004 End-to-end Cloud Management: A holistic approach for developing and managing the platform and service offerings that transform IT
PSOCLD-1002 Cisco Cloud Services - A product overview
BRKCLD1002 Cloud Onboarding
BRKCLD1003 A Practical Introduction to DevOps Practices and Tools
BRKCLD2001 Building scalable and highly available enterprise applications on Cisco Cloud Services
BRKCLD2002 Cisco Cloud Services - Under the Hood
LTRVIR-2999 Using the Nexus 1000V to Deploy Virtual Application Container Services & OpenStack Introduction
© 2015 Cisco and/or its affiliates. All rights reserved. Cisco PublicDEVNET-1009
Intercloud Fabric Resources• Hands On
• 60 Day License for 10 VMs included in Intercloud Fabric• Install and run with your Amazon AWS or Microsoft Azure provider accounts
• DevNet• Test out the ICF APIs in DevNet sandbox• http://develper.cisco.com/cloud
• Cisco dCloud• Self-Paced lab covering all aspects of Intercloud Fabric• http://dcloud.cisco.com
• Official Site• www.cisco.com/go/intercloudfabric
• Documentation• http://www.cisco.com/c/en/us/products/cloud-systems-management/intercloud-fabric/literature.htm
ICF release noteshttp://www.cisco.com/c/en/us/td/docs/cloud-systems-management/cisco-intercloud-fabric/cisco-intercloud-fabric-for-business/2-2-1/release-notes/b_Cisco_Intercloud_Fabric_Release_Notes_Release_2_2_1.html