Managing Network Services in the Cloud

  • Published on
    12-May-2015

  • View
    426

  • Download
    3

Embed Size (px)

Transcript

  • 1.Cisco Virtual NetworkManagement Center (VNMC)Device and Policy Management of Cisco Network Virtual Services 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 1

2. Problem Statement and Vision N1K, VSG, ASA1000V Overview VNMC Benefits and Differentiators Resources 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 2 3. 1. VMware vMotion moves virtual machines across physical ports, and the network policy must follow this migration (across racks, pods, and data centers)2. Administrators must view or apply network and security policy to locally switched traffic3. Administrators need to maintain segregation of duties while helping ensure nondisruptive PortGroup operations4. Organizations need a VLAN-agnostic solution to decrease complexity and enhance scalability Security AdministrationServer AdministrationNetwork Administration 2012 Cisco and/or its affiliates. All rights reserved.Cisco Confidential 3 4. IT-as-a-Service Requires a New Management ApproachBusiness Applications and IT Services Self-Service Portal and Orchestration OperationsOn-Demand ProvisioningService Governance Lifecycle Management Business SupportSupportService Catalog Integration and AutomationPay-Per-Use Ecosystem EcosystemBilling, CustomerService Assurance, Management, Compliance, FinancialConfiguration Management, Infrastructure Resource MgmtManagement, Pooled ResourcesSeamless Physical-Virtual Policy-Based ComputePolicy-Based Network Service ProfilesNetwork Containers Physical-Virtual, Multi-Hypervisor Dynamic Network Provisioning ComputeStorageNetwork 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 4 5. Lower TCO by having Common UX and Common model toa single integrated operational flows enable federatedaccess to Cisco developmentnetwork virtualservices in the cloud API-accessible Part of the N1KAddressing Enterprise abstraction layer architecture, managesand Provider needs in simplifies cloud the VSG anda self contained multi- infrastructure ASA1000V securitytenant environment management for products customer and partners 2012 Cisco and/or its affiliates. All rights reserved.Cisco Confidential 5 6. Accelerate virtualization and multi-tenant cloud deploymentsVMVMVMVM Integrated into Vmware vSphere hypervisor Provides advanced virtual machine switching 1000V using .1Q switching technologyVEM vPath and VXLAN technologiesvSphere Built on Cisco NX-OS Server Provides: policy based VM connection, mobile virtual machine security and network policy, and a non-disruptive operational model1000V VSMPhysical Switches 2012 Cisco and/or its affiliates. All rights reserved.Cisco Confidential 6 7. Context aware Security VM context aware rules Virtual SecurityZone based ControlsEstablish zones of trustGateway (VSG) Dynamic, Agile Policies follow vMotion Best-in-class Architecture Efficient, Fast, Scale-out SW Non-DisruptiveVirtual NetworkOperations Security team manages security Management Center Policy Based Central mgmt, scalable deployment, (VNMC)Administration multi-tenancy Designed for Automation XML API, security profiles 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 7 8. Built using Cisco ASA infrastructureIPsec VPN (site to site) NATInteroperability with Cisco VSG throughDHCPservice chaining Default gatewayVXLAN gatewayStatic routing Stateful inspectionMulti-tenant managementThrough Cisco VNMC IP audit 2012 Cisco and/or its affiliates. All rights reserved.Cisco Confidential 8 9. Proven Cisco security: virtualized physical andvirtual consistency Cisco Virtual Network Management Center (VNMC) Collaborative security modelTenant ATenant B Cisco Virtual Secure Gateway (VSG) for intra-tenantVDCVDCsecure zones vApp Cisco ASA 1000V for tenant edge controls Cisco VSG Cisco Cisco VSG vApp Transparent integrationVSG With Cisco Nexus 1000V Switch and Cisco vPath Cisco VSG Scale flexibility to meet cloud demandCisco ASA Cisco ASA Multi-instance deployment for scale-out deployment1000V 1000Vacross the data center Cisco vPath Cisco Nexus 1000V Hypervisor 2012 Cisco and/or its affiliates. All rights reserved.Cisco Confidential 9 10. Multi-TenantDifferent customers and different needsSecurity ProfilesScalableSimple, policy-based security configurationStatelessXML APIExpandableReady for third-party integrationPartitionable Role-Based Access ControlsDifferent users and different privilegesIntegratedAutomated Cisco Nexus 1000V and VMware vCenterPort profiles refer to security profilesDynamic ProvisioningOne-stop configuration of network and security Custom created to manage virtualization-specific workflows 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 10 11. Single tenant can have up to three organizational sublevels Each sublevel can have multiple organizations Overlapping network addresses across tenants are supported Tenant vDC vApp TierLevel Level Level LevelTier 1DC 1App 1 Tier 2 Tenant A DC 2 Root App 2 Tier 3 Tenant B DC 3 2012 Cisco and/or its affiliates. All rights reserved.Cisco Confidential 11 12. Cisco VNMC Administrator Roles Tenant-Level Access 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 12 13. 192.168.200.20TradeshowOutsideSYN Floods 172.25.108.0Client TenantAOutside: 192.168.200.15 NAT IP: 192.168.200.11.87ASA 1000V Static NATInside: 192.168.100.15192.168.100.0 .20.10 .11.12 Web VSGWin 7 ClientDb ServerServer .86 .75 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 13 14. 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 14 15. Cisco.comCisco Support Community Cisco VNMC: www.cisco.com/go/vnmc Extensive training materials and VODs on various VNMC topics are available at the Cisco Support Cisco ASA 1000V: www.cisco.com/go/asa Community: https://supportforums.cisco.com Cisco Nexus 1000V: www.cisco.com/go/1000v Cisco VSG: www.cisco.com/go/vsg 2012 Cisco and/or its affiliates. All rights reserved.Cisco Confidential 15 16. Thank you.