Evolving the Data Center Critical Cloud Success

A Light Reading Webinar

Sponsored by

Webinar Logistics

Participate in the webinar: Ask questions, share

feedback via the survey, and access the Information

panel.

Personalize your experience: Click the buttons at

the bottom of your screen to open supporting content

and user tools at your own convenience.

Technical Issues: Ask the support team for live

assistance in the ask-a-question window.

Enjoy the webinar and thank you for viewing!

Today’s Presenters

Caroline Chappell Senior Analyst

Heavy Reading

Satish Iyer Campaign Lead, Cisco Cloud MegaTest

Carsten Rossenhoevel Managing Director

European Advanced Networking Testing Center

(EANTC)

Agenda

• Data Center Evolution and the Cloud

• Putting Cisco’s CloudVerse to the Test

• Test Bed

• Validation of Cisco’s Cloud Data Center Infrastructure solution

• Q&A

Drivers for Data Center Transformation Improve Business

Operations

• Reduce cost

• Increase business agility

• Accelerate innovation

Support New Services

• IaaS

• PaaS

• SaaS

Evolving Data Center Requirements • Low Opex

– Simplified and Unified Management of Resources

– Automated Provisioning

– Low cost scalability

• High Security – Multi-tenant isolation

– Configuration accuracy

– VM policy management

• User Experience – Rapid Response

– High-level UI

Benchmarking Cloud Technology

• Will It Work?

– Over 40% of telcos say reliable cloud delivery is their

greatest challenge

• Can You Prove It?

– 66% of operators want to see proofs of concept and

cloud working in technology labs

• Can My Cloud Service Provider Deliver?

– Enterprises say due diligence effort is a barrier to

cloud service uptake

© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 8

Cloud

Intelligent

Network

Unified

Data

Center

Cloud

Applications

Cloud

Enablement

Services

Enabling Cloud Applications/Services by Uniquely Combining the Unified Data Center and Cloud Intelligent Network

© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 9

independent public test complete Cloud

infrastructure Cisco was the first

vendor to accept the

challenge

© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 10

Cloud

Intelligent

Network

Unified

Data

Center

Cloud

Applications

Collaboration IaaS

Video CRM

Using Comprehensive End to End Infrastructure

© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 11

A Facts-based Reality Check for Cloud Delivery

6 Months of Planning

8 Weeks of On-Site Testing

25 Test Suites Across DC, Network

and Applications

$75 Million Equipment Involved in Test

80 Engineers Supporting Testing

Quality Assurance of Cloud Solutions

In-Situ Cloud service tests

Quality audit of live cloud services

Well-suited to evaluate public cloud offerings

Can only monitor functionality and performance of single service

„Friendly“ tests only, to avoid harming the platform

In-Vitro Cloud solution tests

Functional, performance and availability test of solutions in the lab

Best for proof of concept testing (prior to purchasing)

Unlimited testing of scale, failure situations, security breaches, management actions and new applications

Deriving Metrics Developing Tests per Metric

What do customers care about? • Uninterrupted

availability • Security • Quick uptimes

What are Service Providers interested in? • Simplified

Operations • Flexibility • Security • Replacing legacy IT

EANTC Test Plan Development Guidelines

Cloud Intelligent Network - IPv6 Core • CRS-1, CRS-3 Edge • ASR 9000 Branch Router • ASR 1000 Management • Prime Register Mobile Core • ASR 5000

System Under Test per Test Area

Cloud Data Center Infrastructure Servers • UCS Network Infrastructure • Nexus 7000 • Nexus 5000 • Nexus 2000 • Nexus 1000 • Catalyst 6500 • MDS Management • UCS Manager • BMC Cloud Lifecycle Manager • Network Services Manager

Cloud Video Services: Videoscape Transcode Manager, Cisco Media Processor (CMP) Cisco Transcode Manager (CTM) Cisco Mediasuite Content Delivery System Internet Streamer (CDS-IS)

Today April 04

May 16

Test Requirement Categories

Test Bed Design

We created a single test bed

Realistic setup of integrated solution

Used for almost all tests (few exceptions: Mobile Video, HCS, and PCRF setup)

Six weeks of lab testing

EANTC conducted the test and documented all results

Ixia Communications supported EANTC’s test extensively

XM12 with Xcellon-Ultra NP modules Video testing (stateful) capacity of 40 Gbit/s

XM12 with Xcellon-Flex modules Network Load Testing capacity of 800 Gbit/s

ImpairNet to emulate delay in the network

Virtual Test Appliances IxNetworkVM (network emulation)

IxLoadVM (application emultion)

Test Equipment

Testing the Virtual Environment

Testing in a virtual environment requires embedded test tools

Virtual test ports (IxNetwork-VM and IxLoad-VM) act as VMs to: Generate network and application traffic,

measure performance

Test security within the virtual space emulated 3 tier web installation

Identify impact of VM mobility

Software Test Ports

Function as VMs

Required for tests of Tenant Isolation, Virtual Securtiy Gateway, VM-FEX

Test Cases

• Tenant Isolation

• VSG

• LISP Security

• BMC CLM

• UCS Manager

• Cisco Network Services Manager Manageability

• FabricPath

• QoS

• VMFex Performance

• HCS: Call Manager

• Siebel CRM Applications

Multi-Tenancy Isolation

Validate security – isolate tenants from each other

Procedure:

1. Send “background traffic” (allowed)

2. Send full mesh in parallel (not allowed), look for cross-talk

1 of 2

Security Manageability Performance

Tenant Isolation: Results

Results:

No loss for North-South profile

Little loss for East-West profile (0.0001 % of 24 Gbit/s)

100% Loss for Isolation profile (full meshed tenants)

100% End to End Tenant Isolation Verified

2 of 2

Security Manageability Performance

Virtual Security Gateway (VSG)

How can firewall rules be enforced on virtual servers?

How does VM migration affect security? Virtual firewall, integrated with Cisco Nexus 1000V

1 of 2

Realistic policies consistently enforced in the virtual space, even as virtual machines were migrated.

Security Manageability Performance

Locator/ID Separation Protocol (LISP)

Allowing for routing exceptions

Move VM between Data Centers, check client’s session

No need for client or web server IP address reconfiguration.

Automatic service restoration during workload mobility across cloud (LISP)

Security Manageability Performance

BMC Cloud Lifecycle Management Integration

Walkthrough:

Provisioned one tenant (less than 25 minutes)

Provisioned one VM

Provisioned five tenants (over 1 hour) One Gold, one Silver and three Bronze

Provisioned 50 windows VMs (under 1 hour) 10 VMs per tenant

Provisioning software: Tenants & VMs

Security Manageability Performance

United Computing System Manager

Typically, server outages => configuration on the spot => long maintenance windows

Question: How does Cisco’s UCS service profiles help?

1 of 2

Preconfigure profiles and measure:

1. Outage for card failure and restoration

“Stateless Compute”

2. Time required to bring up 8 new blades

Security Manageability Performance

9,9

1,7

10,8 11,7

13,1

0,0

2,0

4,0

6,0

8,0

10,0

12,0

14,0

Blade VM First blade Last Blade VM

1 Blade Failed 8 Blades Booted

Out

of

Serv

ice T

ime [

Min

ute

s]

Time Taken to Respond [Minutes]

Measured load time with pings

Measured out of Service Time Reduced admin cost with UCS automated

service profiles

United Computing System Manager: Results 2 of 2

Security Manageability Performance

Cisco Network Services Manager

Provisioning tool

Configuration of multiple tenants

Formerly known as OverDrive Network Hypervisor

Demo represented

Provision of 10 tenants

Took 8:26 minutes

Security Manageability Performance

Data Center Scalability and Performance

Problem: spanning tree and LAG present issues in massive, fluid (virtual) environments

1 of 3

Cisco’s answer: FabricPath

Based on TRILL

Security Manageability Performance

Fabric Path – Results

A total of 292.8 Gbit/s with no frame loss

2 of 3

Security Manageability Performance

Fabric Path Resiliency Results

No loss during restoration.

Maximum delay of 200 microseconds, Out of service time for link failures under 200 milliseconds

3 of 3

Security Manageability Performance

Tiered Services (QoS): Goals

What happens when the cloud overruns its uplink capacity?

Goal: verify prioritization by the edge router (ASR 9010) of Gold, Silver, and Bronze traffic

Procedure: Slowly decrease upstream bandwidth, check loss.

1 of 4

Security Manageability Performance

Tiered Cloud Services (QoS): Test Procedure

Tested in 5 steps: Step 1 – Full bandwidth, four links, no loss

Step 2 – Three links, expect bronze loss only

Step 3 – Two links, expect bronze loss only

Step 4 – Single link, expect bronze loss only

Step 5 – Single link, decrease bronze traffic and increase silver traffic, bronze and silver loss

2 of 4

Security Manageability Performance

Tiered Cloud Services: Results

No loss observed for prioritized customers

6,8 6,8 6,8 6,8 6,8 6,8 6,8 6,8 6,8 6,8

2,1 2,1 2,1 2,1 2,1 2,1 2,1 2,1

3,2 2,2

25,2 25,2 25,2

21,0 25,2

11,1 25,2

1,1 3,0

1,0

TransmittedReceived

TransmittedReceived

TransmittedReceived

TransmittedReceived

TransmittedReceived

Run1

Run2

Run3

Run4

Run5

Bitrate [Gbit/s]

Tiered Cloud Services - Downstream Frame Loss

Gold Tenants Silver Tenants Bronze Tenants

Higher priority SLAs for Gold and Silver tenants confirmed

3 of 4

Security Manageability Performance

Tiered Cloud Services: Results

No latency increase for prioritized customers

1

10

100

1.000

10.000

100.000

1.000.000

Gold Tenant Silver Tenant Bronze Tenant

Late

ncy

- L

ogari

thm

ic S

cale

[µs]

Tiered Cloud Services - Latency in Logarithmic Scale [µs]

Run1 Run2 Run3 Run4 Run5

4 of 4

Security Manageability Performance

Virtual Machine Fabric Extender (VM-FEX) Performance

VM-FEX performance versus Distributed Virtual Switching

1 of 2

Security Manageability Performance

Virtual Machine Fabric Extender (VM-FEX) Performance: Results

140

69.9

30.7

107

53.5 41.0

Disc Read Performance

VM-FEX Nexus 1000v

Input/Output Operations Data Transmission Rate Average Response Time

9,78 9,87

8,38 8,06

0

2

4

6

8

10

L2/L3 Traffic HTTP Traffic

Thro

ughput

[Gbit/s]

Emulated Traffic

Throughput Performance

VM-FEX Host

Nexus 1000v Host

2 of 2

VM-FEX increased performance for all four applications: Layer 3 traffic, HTTP traffic, iSCSI traffic, and video encoding

Security Manageability Performance

Summary

Secured tenants using isolated architecture and virtual firewall

Scaled FabricPath infrastructure up to 292.8 Gbit/s and increased application performance with VM-FEX

Managed infrastructure (CNSM & BMC) and computing layer(UCS mgr)

Demonstrated enterprise applications: HCS, Siebel