DEVNET-1009Cisco Intercloud Fabric for Business (ICFB), Helping Enterprises Move to Hybrid Cloud!

Cisco Intercloud Fabric for Business,helping enterprises move to hybrid cloud

Chhavi NijhawanTechnical Marketing Engineer,

Cloud Network Services Group, Cisco Systems

DEVNET-1009

© 2015 Cisco and/or its affiliates. All rights reserved. Cisco PublicDEVNET-1009 3

• Why Hybrid IaaS?

• Cisco Intercloud Fabric What and Why Architecture, Services Newly introduced features (release 2.2.1) Deployment Considerations References and related sessions.

• Q&A

Agenda

© 2015 Cisco and/or its affiliates. All rights reserved. Cisco PublicDEVNET-1009

DC/PrivateClouds

ProviderClouds

Why Hybrid IaaS?

Striking the Perfect Balance

Fixed workloads Elastic workloadsChoice to build / rent across providers

Workload portability Consistent security

Economics

SpeedScale

DataSovereignty

Control

Hybrid

Security


Reality of Hybrid Cloud and Key Challenges

• Require App Re-Configuration

• Slow and Manual Process of Discovering Infrastructure Dependencies

• No Visibility or Control

Slow and Complex

• Inconsistent Cloud Architectures

• Fragmented Solutions Solving Networking and Security Challenges

• Different Management Tools

Siloed Infrastructure

• Unsecure Connection

• Limited Workload Protection

Loss of Security


DC/Private Cloud

End User and IT Admin Portals

Secure Fabric Extender Network,

Compute, and Storage

vSphere

Hyper-V

KVM

Xen*

Intercloud Fabric for Business

EC2 APIs

Azure APIs

Provider Clouds

Intercloud Fabric for Providers

Cisco Powered Services and Cloud

Providers

Cisco Intercloud Fabric: Solution Overview

* Available in subsequent releases


Intercloud Fabric Architecture


Intercloud Fabric Structure

Cisco Intercloud Fabric Architecture is Modularized to Achieve the Elasticity Needed to Support Evolving Cloud Environments

ICF Extended Services + External Partners (storage, load balancing, etc.)

ICF Core ServicesSecurity Management

and VisibilityAutomationVM Portability

ICF Core Infrastructure ICFD PNSC ICFPPSecure

Communications

Private Cloud: Enterprise Public Cloud: Provider

Networking


Intercloud Fabric Secure Extender(Secure Network Extension)

DC/Private Cloud

Provider Cloud

Cisco Intercloud Fabric Architectural Details

Intercloud Switch

VM Manager

Intercloud Fabric Services

Intercloud Extender

Intercloud Fabric

Director

End User and IT Admin PortalWorkload and Fabric Management

IT AdminsEnd Users

VM VM

VM VMIntercloud Fabric

for Business

Secure Layer 2 Extension to Cloud

Extend VLAN/VXLAN with DTLS/TLS/HTTPS Tunnel

Flexible Application Reachability

Enterprise IP Address or Provider IP Address

Network & Security Services

Inter-VM firewalling and routing


Intercloud Fabric GUI -- admin


Intercloud Fabric GUI -- user


Intercloud Fabric GUI -- user




ICF Core Services

ICF Core ServicesFundamental Service Functions and Capabilities Integrated Natively to ICF and its Operation

Security

Management and Visibility

Automation and APIs

VM to VM and App-to-App security controls

Private and hybrid cloud monitoring capabilities

VM lifecycle capabilities, automated operations and Programmatic APIs

VM Portability VM format conversion and mobility

Networking Switching, routing and other advanced network-based capabilities


Core Services: VM Portability

VM portability is the process or converting an existing image from the source cloud format to the destination cloud format, and placing it on the destination cloud with its associated policy

Value: VMs can be placed on any cloud independently from the origin cloud and hypervisor flavor, yet conserving the application related policies

Key VMPortabilityFunctions:

FormatConversion

PolicyPortability

and Control

Driver(Agent)

ApplicationInstantiation



VM is powered up on public cloud and management continues through Intercloud Fabric Director 4

VM Portability: Migration Across Hybrid Cloud

Intercloud Fabric Secure Extender

DC/Private Cloud

Provider Cloud

Intercloud Switch

Intercloud Extender

IT AdminsEnd Users

VM

VM VM

Image is converted to public cloud format (e.g., AMI) and migrated to public cloud

3

End user/admin triggers VM migration to cloud

1

VM is shut down and Intercloud Fabric driver added2

VM ManagerIntercloud

Fabric Director



ICF VM Image Conversion

Install Driver andNormalize to Raw

Convert Normalized Imageto Provider Format

Provider Image

Storage

Image

Install Driver and Keys

Import Source Image

ISO RAW

VMDK OVAVM

Manager

Convert Raw Image to Provider Format

Converted Raw

Image

RAW

Upload VM Image to Datastore

Private Cloud

PublicCloud

Converted Image

AMI VHD

VMDK OVA

Uninstall Driver andNormalize to Private Format

Convert Cloud Image to RAW Format

Remove Driver and

Keys

Download Source Image

ISO RAW

VMDK OVAVM

Manager

Convert Image to

RAW Format

Converted Raw

Image

RAW

Download VM Image

fromDatastore

DownloadedImage

AMI VHD

VMDK OVA

Provider Image

Storage

Image


Intercloud Fabric Features – Security

• Secure Tunnels• Site-to-Site tunnel - Enterprise to Cloud Provider

• UDP, TCP, HTTPS• Multiple encryption, hash, and rekey choices

• Access tunnel – intra VM communication in the provider Cloud• UDP• Multiple encryption, hash and rekey choices

• Cloud Security Groups• MAC Address Filtering• Intercloud Fabric Firewall

http://www.cisco.com/c/en/us/products/collateral/cloud-systems-management/intercloud-fabric/white-paper-c11-734535.html

Encryption algorithm – AES-128-GCM, AES-128-CBC, AES-256-GCM (Suite B), AES-256-CBC

Hashing algorithm – SHA-1, SHA-256, SHA-384

Private CloudCisco Intercloud Fabric Security Features: Technical Overview White Paper

ICX

Public Cloud

ICS

VM

VMPrivate




Intercloud Fabric Secure Extender(Secure Network Extension)

DC/Private Cloud

Provider Cloud

Intercloud Switch

Intercloud Fabric

Director


Intercloud Extender

IT Admins Intercloud Fabric

Intercloud Fabric VSG: Protects VMs in Provider Cloud

Test VM

Test VM

Enterprise VSG: Protects VMs in Private Cloud

Single Security Policy for Private

and Provider Clouds

Web VM

Core Services: Firewalling/Zoning



Intercloud Fabric

Director

Enterprise VPN Access to Public cloud VMs

Core Services: Routing Across Hybrid Cloud

Direct access to public cloud VMs through NAT

Intercloud Fabric Secure Extender

DC/Private Cloud

Provider Cloud

Intercloud Extender

VM VM

VM VM

VLAN App

19.2.168.x.x

Default Gateway for VLAN A &B

VLAN Web

VMVM

VMVM

Provider Gateway

10.x..x.x

54.x..x.x

VLAN AIntercloud

Fabric CSR

Inter-VLAN communication through ICF Routing

VLAN B

192.168.x.x

Remote/ Branch Office

ISR

VPNVPN

MobileWorker

Mobile Worker

Intercloud Switch


Newly released features (release 2.2.1)


New Features

Security

Automation and APIs

Networking

Platform Features

Intercloud Fabric Router (Integrated) support on Azure

Cloud Security Groups, Intercloud Fabric Firewall on Azure and Cisco Intercloud Services

Seamless Upgrade support, AWS VPC support, limited support for Hyper-V and KVM/Openstack platforms

Management and Visibility

ERSPAN, Netflow for Traffic Visibility, Cloud VM on-boarding into ICF management

End User Single Pane of Glass through Integration with PSC version 11.0

Storage Support for Multiple Disks within Guest VMs


What is ICF Onboard VM feature?

• User could have created VM directly on provider cloud before or after installing ICF

• These VMs are not secured by the IcfCloud bubble and not layer 2 extended from enterprise cloud

• User wants to bring it into the secure IcfCloud bubble so that it can be managed from single place and make use of enterprise IP to manage them securely – this is the shadow IT use case

The onboarding feature is about bringing these non ICF VM into ICF


Onboarding cloud VM into ICF

Tenant Virtual Network 10.1.1.0/24

Gateway 10.1.1.1 Tenant

VM 1

Guest 10.1.1.3

Tenant ICS

Guest 10.1.1.2

TenantVirtual Router

Public IP 65.37.141.1165.37.141.36

Internet

cVSM

VMVM

ICXSecureAccess Tunnels

IntercloudFabric

Director

192.168.1.2192.168.1.1 192.168.1.3

192.168.1.4

EnterpriseSubnet

EnterpriseSubnet

Interfaces

ICFDAdmin

SP Public Cloud

Datacenter

Enterprise Private Cloud

Datacenter

Tenant VM 2

Guest 10.1.1.4

Secure Network Extender

icfLink

icfCloud

Tenant VM 3

Guest 10.1.1.5

Step 1: Download ICF

Onboarding package

Step 2: Install ICF

Onboarding package

Step 3: Onboard VM from

provider

Tenant VM 3

Guest 10.1.1.5

192.168.1.5

© 2015 Cisco and/or its affiliates. All rights reserved. Cisco PublicBRKCLD-2003

Deployment Considerations


Supported enterprise hypervisors: Vmware vSphere (5.1,5.5) OpenStack KVM (Icehouse) Microsoft System Center Virtual Machine Manager(SCVMM 2012 R2)

Providers: Amazon Web Services, Azure, Cisco Integrated Services

• OS Versions:• RHEL 6.0 - 6.5: 64-bit versions • CentOS 6.2 - 6.5: 64-bit versions • Windows 2008 R2 SP1 • Windows 2012 • Windows 2012 R2 • SUSE Linux 11 SP2 and SP3

Cisco Intercloud Fabric Support Matrix


Key Benefits of Intercloud Fabric


• Consistent architecture across heterogeneous environments – any hypervisor to any cloud

• Secure communications between private and public cloud and between VMs in the public cloud

• Layer 2 extension provides seamless access to enterprise services from the public cloud - no change to applications

• Single point of cloud connection management – eliminate Shadow IT

• Workload portability - Image conversion and VM migration

• RBAC integrated with LDAP – Use existing security practices to protect access to cloud workloads

Key Benefits of Intercloud Fabric


References and related sessions


Related Sessions @CiscoLive San Diego 2015.

Session ID Title

PSOCLD-1001 Hybrid Cloud with Intercloud Fabric

PSODCT-1009 Hybrid Clouds: Integrating the Enterprise Data Center and the Public Cloud

BRKCLD-2003 Building Hybrid Cloud Applications with Intercloud Fabric

TECCLD-3001 Intercloud Fabric Technical Deepdive

BRKCLD-1828 Designing Hybrid Cloud operations with ServiceGrid and Intercloud Fabric

DEVNET-1128 Cisco Intercloud Fabric NB Api's for Business & Providers

DEVNET-2009 Intercloud Fabric REST APIs for Providers

DEVNET-1120 Intercloud Fabric - AWS and Azure Account Setup and Utilization

DEVNET-1009 Cisco Intercloud Fabric for Business (ICFB), Helping Enterprises Move to Hybrid Cloud!

DEVNET-1136 Cisco ONE Enterprise Cloud Suite for Infrastructure Management

DEVNET-1008 Private or Public or Hybrid ? Which Cloud Should I choose?


Related Sessions @CiscoLive San Diego 2015.

Session ID Title

TECDCT-2750 Unleash the Power of Cisco ONE Enterprise Cloud Suite for Infrastructure Management and Automation

BRKDCT-2522 Cisco Enterprise Cloud Suite

BRKCLD-1004 End-to-end Cloud Management: A holistic approach for developing and managing the platform and service offerings that transform IT

PSOCLD-1002 Cisco Cloud Services - A product overview

BRKCLD1002 Cloud Onboarding

BRKCLD1003 A Practical Introduction to DevOps Practices and Tools

BRKCLD2001 Building scalable and highly available enterprise applications on Cisco Cloud Services

BRKCLD2002 Cisco Cloud Services - Under the Hood

LTRVIR-2999 Using the Nexus 1000V to Deploy Virtual Application Container Services & OpenStack Introduction


Intercloud Fabric Resources• Hands On

• 60 Day License for 10 VMs included in Intercloud Fabric• Install and run with your Amazon AWS or Microsoft Azure provider accounts

• DevNet• Test out the ICF APIs in DevNet sandbox• http://develper.cisco.com/cloud

• Cisco dCloud• Self-Paced lab covering all aspects of Intercloud Fabric• http://dcloud.cisco.com

• Official Site• www.cisco.com/go/intercloudfabric

• Documentation• http://www.cisco.com/c/en/us/products/cloud-systems-management/intercloud-fabric/literature.htm

ICF release noteshttp://www.cisco.com/c/en/us/td/docs/cloud-systems-management/cisco-intercloud-fabric/cisco-intercloud-fabric-for-business/2-2-1/release-notes/b_Cisco_Intercloud_Fabric_Release_Notes_Release_2_2_1.html

http://develper.cisco.com/cloud

http://dcloud.cisco.com/

http://dcloud.cisco.com/

http://www.cisco.com/go/intercloudfabric

http://www.cisco.com/c/en/us/td/docs/cloud-systems-management/cisco-intercloud-fabric/cisco-intercloud-fabric-for-business/2-2-1/release-notes/b_Cisco_Intercloud_Fabric_Release_Notes_Release_2_2_1.html

http://www.cisco.com/c/en/us/td/docs/cloud-systems-management/cisco-intercloud-fabric/cisco-intercloud-fabric-for-business/2-2-1/release-notes/b_Cisco_Intercloud_Fabric_Release_Notes_Release_2_2_1.html

Thank you


Technology

DEVNET-1009Cisco Intercloud Fabric for Business (ICFB), Helping Enterprises Move to Hybrid Cloud!