Managing Network Services in the Cloud

Cisco Confidential 1© 2012 Cisco and/or its affiliates. All rights reserved.

Cisco Virtual Network Management Center (VNMC)Device and Policy Management of Cisco Network Virtual Services

© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 2

Agenda

• Problem Statement and Vision

• N1K, VSG, ASA1000V Overview

• VNMC Benefits and Differentiators

• Resources


Virtualization Challenges - Network Implications

PortGrou

p

Hypervisor

Hypervisor

Server Administration

Network Administration

SecurityAdministration

1. VMware vMotion moves virtual machines across physical ports, and the network policy must follow this migration (across racks, pods, and data centers)

2. Administrators must view or apply network and security policy to locally switched traffic

3. Administrators need to maintain segregation of duties while helping ensure nondisruptive operations

4. Organizations need a VLAN-agnostic solution to decrease complexity and enhance scalability


Business Applications and IT Services

On-Demand Provisioning Lifecycle Management

Integration and Automation Pay-Per-Use

Service Governance

Service Catalog

Infrastructure Resource Mgmt

Self-Service Portal and Orchestration

Cisco Unified ManagementIT-as-a-Service Requires a New Management Approach

Seamless Physical-VirtualPooled Resources

Policy-Based Compute

Physical-Virtual, Multi-Hypervisor

Policy-Based Network

Dynamic Network Provisioning

Network ContainersService Profiles

Compute

Storage Network

Operations Support

Ecosystem

Service Assurance, Compliance, Configuration

Management, …

Business Support Ecosystem

Billing, Customer Management,

Financial Management, …


Cisco Virtual Network Manager (VNMC)

Common model to enable federated development

Common UX and operational flows

API-accessible abstraction layer simplifies cloud infrastructure management for customer and partners

Part of the N1K architecture, manages the VSG and ASA1000V security products

Addressing Enterprise and Provider needs in a self contained multi-tenant environment

Lower TCO by having a single integrated access to Cisco network virtual services in the cloud


Cisco Nexus 1000V

• Accelerate virtualization and multi-tenant cloud deployments

• Integrated into Vmware vSphere hypervisor

• Provides advanced virtual machine switching using .1Q switching technology

• vPath and VXLAN technologies

• Built on Cisco NX-OS

• Provides: policy based VM connection, mobile virtual machine security and network policy, and a non-disruptive operational model

vSphere

1000VVEM

1000V VSM

VM VM VM VM

Server

Physical Switches


Virtual NetworkManagement Center

(VNMC)

Virtual Security GatewayVirtual Firewall for Nexus 1000V

VM context aware rulesContext aware Security

Establish zones of trustZone based Controls

Policies follow vMotionDynamic, Agile

Efficient, Fast, Scale-out SWBest-in-class Architecture

Security team manages securityNon-Disruptive Operations

Central mgmt, scalable deployment, multi-tenancy

Policy Based Administration

Virtual SecurityGateway

(VSG)

XML API, security profilesDesigned for Automation


Cisco ASA 1000V: Solution Features and Capabilities

Built using Cisco® ASA infrastructure

Interoperability with Cisco VSG through service chaining

VXLAN gateway

Multi-tenant management Through Cisco VNMC

IPsec VPN (site to site)

NAT

DHCP

Default gateway

Static routing

Stateful inspection

IP audit


Securing the Tenant Intra domain and Edge

• Proven Cisco® security: virtualized physical and virtual consistency

• Collaborative security model

I̶ Cisco Virtual Secure Gateway (VSG) for intra-tenant secure zones

I̶ Cisco ASA 1000V for tenant edge controls

• Transparent integration

I̶ With Cisco Nexus® 1000V Switch and Cisco vPath

• Scale flexibility to meet cloud demand

I̶ Multi-instance deployment for scale-out deployment across the data center

Tenant BTenant AVDC

vApp

vApp

Hypervisor

Cisco Nexus® 1000V

Cisco vPath

VDC

Cisco® Virtual Network Management Center (VNMC)

Cisco VSGCisco VSG

Cisco VSG

Cisco ASA1000V

Cisco ASA 1000V

Cisco VSG


Virtual Network Management Center

Custom created to manage virtualization-specific workflows

Scalable

Stateless

Expandable

Partitionable

Integrated

Automated

Multi-TenantDifferent customers and different needs

Security ProfilesSimple, policy-based security configuration

XML APIReady for third-party integration

Role-Based Access ControlsDifferent users and different privileges

Cisco Nexus® 1000V and VMware vCenterPort profiles refer to security profiles

Dynamic ProvisioningOne-stop configuration of network and security


Cisco VNMC: Multi-Tenant Organizational Structure

• Single tenant can have up to three organizational sublevels

• Each sublevel can have multiple organizations

• Overlapping network addresses across tenants are supported

RootTenant A

Tenant B DC 3

DC 2

DC 1

App 1

App 2

Tier 2

Tier 3

Tier 1

Tenant Level

vDCLevel

vApp Level

Tier Level


Cisco® VNMC Administrator Roles Tenant-Level Access

Cisco VNMC: Administrative RolesTenant-Level RBAC Access for Security Administrators

Judith Ziajka

Please add or dellete note here.


VNMC Demo

OutsideClient

Outside: 192.168.200.15

Inside: 192.168.100.15

TenantA

.10

192.168.200.20

Win 7 ClientWeb

Server Db ServerVSG

ASA 1000V Static NAT

NAT IP: 192.168.200.11

.11 .12192.168.100.0

.20

.86 .75

172.25.108.0

TradeshowSYN Floods

.87

Cisco Confidential© 2010 Cisco and/or its affiliates. All rights reserved. 14

Resources


Resources

Cisco.com Cisco Support Community

• Cisco VNMC: www.cisco.com/go/vnmc

• Cisco® ASA 1000V: www.cisco.com/go/asa

• Cisco Nexus® 1000V: www.cisco.com/go/1000v

• Cisco VSG: www.cisco.com/go/vsg

• Extensive training materials and VODs on various VNMC topics are available at the Cisco Support Community: https://supportforums.cisco.com

http://www.cisco.com/go/vnmc

http://www.cisco.com/go/vnmc

http://www.cisco.com/go/asa

http://www.cisco.com/go/1000v

http://www.cisco.com/go/vsg

https://supportforums.cisco.com/



Thank you.

Technology

Managing Network Services in the Cloud