Upload
others
View
0
Download
0
Embed Size (px)
Citation preview
Michael Petersen – Cisco Cloud Løsninger
Partner and Customer Session - April 2020
Welcome to:UP-TO-SPEED-ON-CISCO
The MultiCloud Reality..What is the complexity we are looking into?
What does the building blocks look like?
Who are the players?
How is operation and automation achieved in this reality?
The Multicloud “Operations Matrix”
Security
Software Defined X
OS/Virtualization/Containers
Kubernetes/Serverless
Infrastructure
“Cloud Services”
Applications
Aut
omat
ion
Data Center CloudEdge
Developer
ITOps
DevO
ps
SecOps
Visibility Action
Incident response
Workload scaling
Cost optimization
Intent
Insight
Intelligent Engine
Business Data
Application Data
Infrastructure Data
Security Data
Context Feedback
Cisco business value framework
Cisco’s end-to-end technical approach
Data-driven insights engines
drive
Policy driven automation engines
which consume
Multicloud Targets and Services
via
operational use-cases
IntentContext
Use Cases
Policy Driven Automation Engines
Data Driven Insight Engines
Multicloud Targets and ServicesEDGE DC
Day 0, 1, 2
HyperFlex Edge
Multicloud Infrastructure Targets and Services
UCS/HyperFlex
Managing the Application Experience –components and considerations
ACI | Nexus/MDS
Based on use-caseChoose a target!
CWOM Tetration SaaS
CloudCenter Suite
Viptela SD WAN
ACI Anywhere/DCNM
Intersight
Stealthwatch Cloud
Data-driven INSIGHTS engines
Policy-based AUTOMATION engines
Duo MFA
Inte
nt
Con
text
AppDynamics Talos
On-premises environment
Campus
DC/Colo
Branch
IoT/Edge
SaaS & Cloud NativeExisting
…
What’s needed for multicloud to WORK AS ONE
Consistent,production-grade
experience
Publicclouds
Publicclouds
Application Optimization
Application Workflows | Deployment | Cost
Application Performance Monitoring
Application Security
Network Security
Software Defined Networking
SaaS & Cloud NativeExisting
Campus
DC/Colo
Branch
IoT/Edge
On-premises environment
…
Capabilities that deliver a WORK AS ONE experience
Consistent,production-grade
experience
Depending on the use-case
Publicclouds
SaaS & Cloud NativeExisting
CSR1000v | vEdge | Meraki vMX
DUO | Cloudlock | Email Security | Umbrella
Stealthwatch Cloud | Tetration
Cloud ACI
Workload Optimization Manager
CloudCenter Suite
AppDynamics
On-premises environment
…
Container Platform | UCS Director
Intersight | HyperFlex | UCS
Nexus 9K
The Cisco portfolio that makes it possible (integrations)
Consistent,production-grade
experience
• Deploying applications consistently in different clouds (CCS)
• Deploy/Operate Kubernetes clusters on-prem and in Cloud (CCP)
• Ensuring Capacity, Performance and cost optimization (CWOM)
Use cases
Any Application. Any Infrastructure. One Solution.Cisco CloudCenter Suite
CloudCenter Suite
End to End Lifecycle
New and ExistingApplications
Container as Service
Public Cloud
Data Center
Private Cloud
Multicloud management platform securely design, deploy, and optimize anywhere
One Integrated Platform
CloudCenter “Suite” What’s new
Workload ManagerProvides existing
CloudCenter functionality
Cost OptimizerProvides public and private cloud
cost visibility and optimization
Action OrchestratorEnables workflow process
orchestration and automation
Suite AdminAdministers modules, manages tenancy,
licensing, logging, RBAC, monitoring, authentication
Modular, microservices architecture
MultiCloud ManagementWorkload Manager
Unique Approach to Cloud Scale
Infrastructure-centricCloud-specific workflows and scriptsLabor/services intensiveError Prone
Unique Script/Workflow
Script-Based
Unique Script/Workflow
Unique Script/Workflow
Application Profile-Based
Application-centricCloud agnosticLow TCO
VMware vSphere
VMware vSphere
Workload Manager ComponentsWorkload
Manager UIApplication
ProfileWorkload Manager
Orchestrator (WMO)
MicroserviceHosted in Kubernetes
JSON-Based ModelBuilt and Lives in WM UI
MicroserviceHosted in Kubernetes
Workload Manager Capabilities
WorkloadManager UI Provides:
• UI/API• Self-Service Catalog• Modeling Tool• Governance• Policy Enforcement• Object Management
MicroserviceHosted in Kubernetes
Application Profile Capabilities
Describes:• Virtual Infrastructure• Application Topology• Service Creation• Lifecycle Actions• Service Interdependencies• Firewall Rules
Application Profile
JSON-Based ModelBuilt and Lives in WM UI
Application Profile Capabilities
Executes:• Translation from Application Profile to API• Cloud-specific Objects and Security• Calls to 3rd Party Tools• Dynamic Agent Installation
Workload Manager Orchestrator (WMO)
MicroserviceHosted in Kubernetes
End-to-end infrastructure and application lifecycle management
• Blueprint once, deploy anywhere• Integrate with CI/CD toolchain• Govern and control user and cloud accounts, environments and budgets
Benefits: Increase workload management efficiencies, accelerate time to value, provide governance and policy across multiple clouds
Workload Manager
Workload Manager UI
Profile
Cloud Personalities
Private/ Public Clouds
Abstraction of application profile from infrastructure
Cisco Container Platform
Hybrid Cloud Optimized
Flexible Deployment ModelVM | Bare metal ßà HX, ACI | Public cloud
IntegratedNetworking | Management | Security | Analytics
Native Kubernetes (100% Upstream)Direct updates and best practices from open source community
Turnkey SolutionFor Production-Grade Container
Environments
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
Why Containers vs traditional infrastructure?
Server
Hypervisor
Server
Host OS
Docker Engine
Server
Host OS
Bins/Libs
App
Bare Metal Virtual Machine Container
Guest OS
Bins/Libs
App
Guest OS
Bins/Libs
App
Bins/Libs
App
Bins/Libs
App
Container-based architecture Common elements
Infrastructure
Runtime
Orchestration
Kubernetes
Container Platforms
Nomad
CCP
DCWAN
StorageCompute
VirtualizationOS - KernelOS–User Space
MiddlewareRuntime
FrameworkData
ApplicationUser
DCWAN
StorageCompute
VirtualizationOS
Middleware
RuntimeFramework
Data
ApplicationUser
CaaS PaaS
UserManaged
UserManaged
Vs.
ü Simple to setup, manageü Light: Focused on container managementü Standardizedü Bring your own CI/CDü Innovate at speed of Open Source
• Complex to setup, manage • Heavy: Pre-Built “Stack” or “Gear” + “buildpack”• Custom• Built-In CI/CD• Releases 9-12 months after upstream
• Deploy Kubernetes clusters on HyperFlex IaaS (VMware)
• Container Networking (Contiv / ACI)
• Persistent storage (Flex Driver)
• Layer-4 and Layer-7 load balancing
• High availability
• Authentication with Active Directory
• Role based access control
• Communication between containers and external VMs / BMs
• UI – Kubernetes, API• Security (policies, encryption)
• Add / remove Kubernetes nodes
• Lifecycle management (OS updates, Kubernetes upgrades)
• Monitoring (Prometheus)• Logging (EFK)
Cisco Container Platform Feature SetKubernetes-as-a-Service
Setup ManageConsume
Control Plane Cluster Tenant Clusters
VM VM
Control Plane Kubernetes
Auto
mat
ion
Orc
hest
ratio
n
Ope
ratio
ns
HX Connect Cluster/ Machine
Controllers
VM VM VM
Cluster 1 Kubernetes
Clu
ster
1
Wor
kloa
ds
Clu
ster
1
Ops
Pod
Pod
Pod
Cluster 2 Kubernetes
Clu
ster
2
Wor
kloa
ds
Clu
ster
2
Ops
Pod
Pod
Pod
Kubernetes Fluentd Prometheus Kibana Hyperflex CNI
Storage (HyperFlex / VMware)
Networking (Nexus 9K)
Compute Hardware (UCS)
Hypervisor Layer (HyperFlex / VMware)
Cisco Container Platform (Multi-master)
VM VM
Istio
VM
VM
VM
VM
VM
VM
Demo
Cisco Container Platform CNI OptionsACI CNI Contiv Calico
Network Policy • K8s network policy• ACI policy (EPGs +
Contracts) for K8s network policy
• K8s network policy • K8s network policy
Underlay Network Integration • Underlay integration with ACI fabric
• Policy extends beyond single K8s cluster across VMs, Bare Metal, Multi-clusters
Load Balancer Integration • Hardware L3 Load Balancer integrated with ACI CNI to provide optimal data path
• Software metalLB L3 Load Balancer
• Software metalLB L3 Load Balancer
Istio Integration • Istio integration • Istio integration • Istio Integration
Fragmented Security
overlay
Virtual Machine
Kubernetes ACI CNI Solution Overview
Node
OpFlex OVS
Kubernetes
ACI Policies
Technical DescriptionNetwork Policy
Node
OpFlex OVS
ü Network policies of Kubernetes supported using standard upstream format but enforced through OpFlex / OVS using APIC Host Protection Profiles
ü Kubernetes app configurations can be moved without modification to/from ACI and non-ACI environments
ü Embedded fabric and virtual switch load balancing• PBR in fabric for external service load balancing
• OVS used for internal service load balancing
ü VMM Domain for Kubernetes• Stats per namespace, deployment, service, pod• Physical to container correlation
Using Network Policy and EPGsCluster Isolation Namespace Isolation Deployment Isolation
• Single EPG for entire cluster(Default behavior)
• No need for any internal contracts
• Each namespace is mapped to its own EPG
• Contracts for inter-namespace traffic
• Each deployment mapped to an EPG• Contracts tightly control service traffic
EPG Network PolicyKey Map Contract
Interacting with Cisco Container Platform
Kubernetes
Kubernetes Lifecycle
IT Admin
UI+
API
CLI+UI+
API
Monitoring / Logging
Storage / Network
Developers
KubernetesCisco CP
Cisco Workload Optimization Manager (CWOM)
91% of users see ROI in 90 days
or less 1
Cisco Workload Optimization ManagerEnsure continuous application performance
Real-timemicro improvementspreempt degradation
Any workload,any infrastructure,anywhere
Decision automationenables real-time
optimization at scaleMulticloudReady
ROIContinuousPerformance
Self-Managing
Optimize and
Automate
Use-case: Ensuring Capacity, Performance and cost optimization
Continuous Optimization Real-time actions drive continuous performance, efficiency, and compliance.• 30-minute install
through VM & single OVA file
• Improvement actions appear within 1 hour
• Agentless
CWOM
Capacity ManagementQuickly & accurately model what-if scenarios: workload growth, add/remove hardware, cloud costs
Compliance & Business PoliciesEasy custom policies ensure CWOM actions abide by business and compliance requirements.
Demo
Understanding app resource needs at every layer
Machine intelligence to drive automated resourcing decisions on-prem and in the public cloud
Continuous optimization matches application resource demands to the underlying infrastructure
Cisco Intersight Workload Optimizer
Ensure app performance and operational efficiency
Day 0, 1, 2
HyperFlex Edge
Multicloud Infrastructure Targets and Services
UCS/HyperFlex
Managing the Application Experience –components and considerations
ACI | Nexus/MDS
Based on use-caseChoose a target!
CWOM Tetration SaaS
CloudCenter Suite
Viptela SD WAN
ACI Anywhere/DCNM
Intersight
Stealthwatch Cloud
Data-driven INSIGHTS engines
Policy-based AUTOMATION engines
Duo MFA
Inte
nt
Con
text
AppDynamics Talos
Questions?