1 / 38

Cisco’s IT Company Transformation

Introducing Cisco ONE APIC-Enterprise Module Reduce Network Complexity, Amplify Network Intelligence Ramit Kanda, CCIE Senior Product Line Manager - Enterprise SDN. Cisco’s IT Company Transformation. Today’s Business Operations. New Business Operations.

brete
Download Presentation

Cisco’s IT Company Transformation

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. IntroducingCisco ONE APIC-Enterprise Module Reduce Network Complexity, Amplify Network IntelligenceRamit Kanda, CCIESenior Product Line Manager- Enterprise SDN

  2. Cisco’s IT Company Transformation Today’s Business Operations New Business Operations The Whole Becomes More Effective Than the Sum of the Parts Seamlessly Fused Business Applications And Networking Components “Out of the Box” Business Applications and Networking Components offered With “Some Assembly Required” Reducing the Need for Business Operations as Expert Network Technology Centers Is A Catalyst for Aligning with New Business Goals

  3. Increasing Network ProgrammabilityKey Cisco Strategy OPEX Savings Business Agility Cisco Open NetworkingEnvironment Products Cisco AdvancedSupportServices Cisco Development Partners Includes a New ISV Ecosystem for Economically Customizable End to End IT Solutions

  4. The Value of SDN:Programmatically Connecting Applications to Networks via “Linked” Interfaces Applications “Semantically Linked” Interfaces Allow Abstraction Layers to Change While Maintaining the Stack Integrity REST API Customer Flexibility Enables Use Case Evolution + Investment Protection Controllers Vendor Flexibility Allows Components to Mature Over Time While Preserving Interoperability ODL SAL Network Devices Emerging Northbound and Southbound OpenDaylight (ODL) Standards Solidifies Industry Support for Semantics

  5. SDN Scorecard For Production Network Adoption + SDN Abstractions Enable Flexible End to End Solutions + ODL SAL and REST Interfaces Ensure Industry Wide Adoption - Consistent Policy Management Across All Domains Cisco Taking A Leadership Role

  6. ACI Enterprise ArchitectureA Rich Portfolio of IT Solutions SECURITY COLLABORATION SERVICES ORCHESTRATION IoE Network Aware Applications APIC EM APIC Controllers Infrastructure Endpoints Access Data Center WAN

  7. APIC-EM Design Points ( Validating with Advisory Board)

  8. Introducing APIC – Enterprise Module (APIC-EM)

  9. API Controller Enterprise Module – Architecture (Release1.0) ACL Visualizer ZTD Visualizer Policy Management QoS Visualizer APIC EM Applications Day0/1 Applications Advanced Topology Visualizer Addresses Low Programming Tolerance REST APIs APIC EM Services Policy Translation Application Awareness Inventory and Topology Identity and Location Services for Day0/1 Applications Network Infrastructure Management Analysis and Compliance Automated Provisioning IWAN APIC EM Elastic Services Controller Infrastructure Addresses Scale Out Requirements SAL CLI

  10. Topology Discovery and Management(Network Elements and Hosts) APIC EM Inventory File or Manual Inventory Input Formats CLI Interface Utilizes Multiple Communications Methods (SSH, TELNET, SNMP….) Device Configurations Are Retrieved and Stored in a Network Information Base (NIB)

  11. Network Information Base:One Source of Truth

  12. APIC EM Topology User InterfaceBuilt as an Application HTML5 and javascript

  13. A Scalable Infrastructure for Large NetworksAPIC-EM Scale Platform Grapevine: PaaS + Autoscale for network services Policy-based service management VM agnostic SDK / Framework based Includes rich core services: security + RBAC, multiclass storage, cloud upgrade Built using OSS components + Python for glue Cloud Platform Control Boundary Control Boundary Control Boundary Federated Metadata Network Devices Network Devices Network Devices Controller Cluster Controller Cluster Controller Cluster VDC VDC VDC Grapevine Grapevine Grapevine VM VM VM VM VM VM VM VM VM VM VM VM VM VM VM VM VM VM Campus, Branch, Building, Floor, Geo-location, etc

  14. APIC-EM Cloud Connect Support Model • Modern software uses cloud today • Controller releases will be incremental (no big releases) • Partially opt-in and fully auditable • Core value is seamless, “never-touch-it” upgrade • Data secured in Cisco cloud • Single, global reporting system for your networks • Config, state, and policy backup • Split-brain resolution • Push notification to mobile devices

  15. APIC for Enterprise:Software VM for Servers Business Agility OPEX Savings Abstracts and Automates Network Control • Enables Dynamic • Policy Changes • Across the Network APIC Features Provides Foundation for Simplification via Solutions Approach

  16. OPEX Savings ApplicationsAbstracting and Automating Network Control Abstracts and Automates Network Control

  17. Application:QoS Classification Management • Enables system level QoS classification, marking and queuing policies • Uses cisco valid design (CVD) templates to ensure faster, more reliable, and fully predictable deployment • Supports custom classification templates to meet enterprise specific needs

  18. Application:ACL Management • Easy identification of conflicts and shadows to save precious TCAM resources • Enables system level ACL inspection, interrogation and analysis of chosen flows

  19. Increasing Business AgilityIntroducing Intent Policy Management • Enables Dynamic • Policy Changes • Across the Network

  20. Abstracting Conventional Policy Complexity Conventional Model ACI Policy Model The What Admin Driven The What “Security Policy for Branch A” “Security Policy for Branch A” Admin Driven Northbound APIs ACI Constructs The How The How “Change ACLs in the Following Elements” APIC EM “Change ACLs in the Following Elements” ACI Abstracts System Management and Enables Programmable Driven Policies

  21. API Controller Enterprise Module – Intent Based Policies Auto-Translation of Business Intent into Device/Network Level Policies

  22. API Controller Enterprise Module - Policy Control Event Triggers Actions Action Properties Resources Network Users • Permit • Deny • Copy • Monitor • Redirect (L3, L4, L7) • No copy • No redirect • User-identifier (tenant/user) • Application • Device Type • Location • User-identifier (tenant/user) • Application • Device Type • Location • Priority Level • Resource Level • Experience Level • Trust Level • Destination • Sample Rate Policy Properties • High Level Business Intent Policies • Automatically converted to Network Language • Conflict Detection and Resolution • Extensible • Supports different patterns of policies: • Access Policies • Source-Destination Directional Policies • Event – Condition – Action • Includes Collections (Ex: a group of userids, a group of applications, etc.) • Choose custom tags for policies • Choose multiple attributes in each category • Policy Creator • Policy Name • Policy Scope • Policy Priority • Policy Time: • Start Time • End Time • Hard timeout • Idle timeout • recurrence

  23. API Controller Enterprise Module - Policy Enforcement Intent Attribute Available Technologies userid 802.1X, ISE – pxgrid, Radius Proxy, Active Directory Application NBAR2, NETFLOW, DNS, Firewall, etc Location MSE, Switch Configuration, Location Tags Device-Type ISE, Posture Analysis, EEDGE Priority-Level QoS – Marking, policing, Shaping, Queuing Experience Level QoS, PFR, WAN Optimization, Trust Level ACL, Service Chaining, Firewall, IPS, IDS, etc, Copy SPAN, RSPAN, ERSPAN, DPSS

  24. Business Agility Solutions:Utilizing Policy Management to Connect Other Applications • Enables Dynamic • Policy Changes • Across the Network

  25. Business Agility Example:Dynamic Network Branch security Controller Notification SDN Controller SourceFire Defence Center Remediation Policy Enforcement HQ WAN BYOD Malware/Javascript Attack SF Sensor detects threat SF DC notifies Controller Remediation API event Policy installed on Access switch port by Controller. Block or quarantine end-point Internet DefenseCenter Alert!!!! Malware Attack ISR ISR Sensor Sensor Branch X Host Quarantined SourceFire Sensor

  26. Business Agility Example:QoS Video Classification Enables Enterprise Wide Jabber EN Controller APIC-EM QoS Changes Pre-QOS change – Default Classification Post QoS change - VideoQ Enterprise Network 3945/ISRG2 3945/ISRG2 3945/ISRG2 Cat 3750 Cat 3750 Sales Branch Office A Cat 3750 Branch Office C Developer Branch Office B • Single change across all network elements enables high quality user experience • Optimizes Video Q combining high end fixed video stations and soft client video into same class

  27. Business Agility Example:Building A Smarter Branch Path Selection WAN Optimization App Visibility Flow Details App Visibility Zone FW Path Selection Encryption More Complexity, Higher OpEX and Longer Time To Migrate

  28. Business Agility Example:APIC + IWAN AVC DMVPN PfR WAAS IOS FW Simpler Operations, Faster Service Delivery

  29. DEMO

  30. APIC EM Services vs. Network Aware Apps • Services run inside the controller context, are written to work in the autoscalePaaS, and can directly change the network elements • Services expose network functionality and convert use intent into on-box changes • Services expose their interface via a Northbound API • The aggregation of all of those APIs makes up the controller NBAPI • Only Cisco and select partners will author and provide network services for the first few releases • Services have a high bar for lack of duplicate functionality, well-written and audited code, adherence to scale principles, etc • Apps run above the NBAPI, can be in any language, and can be authored by anyone • Apps aggregate and expose workflows, wizards, network views, etc • Very similar model to Facebook apps • Official, signed apps will be available from Cisco and partners • Most apps will be source-viewable and extensible by customers • Apps can only implement functionality exposed by NBAPI

  31. Basic Services APIC - Enterprise Module1.0: Services and Apps Policy Creation Services Apps Policy Helper Services Policy Analysis Services Network Tapping Visualizer Application Visualizer Policy Manager Easy QoS Visualizer Network Information Base Legacy Support Services Discovery Inventory Visualizer Topology Visualizer Policy Visualizer ZTD User identity Helpers Application identity Helpers REST API Policy Engine Policy Analysis Easy QoS APIC-EM Services Business Intent to Network Intent Conversion Conflict Detection and Resolution (BI and NI) Pxgrid Client+ LDAP client Statistics Manager Radius Proxy+ LDAP client NetFlow Collector DAS Policy Programmer (QoS, ACL) NIB ADClient + LDAP client Network Tapping Application Visibility Topology Inventory Network Discovery Network Events Network Programmer ZTD NETWORK Cisco Confidential

  32. Introducing Cisco ONE Enterprise Network Controller Network Abstraction and Automation Software or Appliance Based Open Daylight, RESTful, OpenFlow, CLI, OnePK Existing & New Installations Catalyst, ISR, ASR Agile Integration Model Masking Network Complexity, Exposing Network Intelligence 2QCY14 FCS, Base Software & Base Apps Included in SmartNet, Premium & Partner Apps Priced.

  33. API Controller Enterprise ModuleInitial Deployment Scenarios QoS Security Automation QoS Provisioning IWAN: PathOptimization Network-Wide Rapid Threat Detection and Mitigation (Sourcefire) ACL Management Automation Easy QoS Follow Me QoS Compliance Assurance Automated Performance Routing (PfR) Configuration Automated WAN Policy Compliance Assurance Solving the Most Pressing, Complex and Tedious IT Problems

  34. HW-SW Matrix Post FCS FCS 1.0 EFT1

  35. APIC EM + Prime Infrastructure

  36. Current Marketing Vision of APIC-EM and PI Roles Operational Automation Automated Service Provisioning Network Aware Application Dynamic Service Assurance Visualization and Analytics Management & Orchestration Layer Cisco IAC APIC-EM Apps PRIME INFRASTRUCTURE & NAM UCSD Catalog/ Provisioning Reporting / Analytics Fault/ Events User / Data Management Performance Monitoring REST API (ONE DevKit) Network Intelligence Device Layer Abstraction Network Control Policy Enforcement & Network Change Control Layer Cisco APIC Common ACI Architecture • Cisco Devices • Enterprise Networks, Data Center APIC for datacenter APIC - Enterprise Module CLI, OpenFlow, OnePK API Device Layer

  37. APIC-EM + Management Unified Element & N/W Mgmt Shared Functions across Mgmt and APIC-EM Reporting / Visualization Service /Policy Definition Change Management Performance Management System of Record Trending / Capacity Planning Compliance Management Multi-tenant Operations Center Analytics driven troubleshooting Prime Apps Hourly – x years of historical data NB REST API Centralized Network Services System of Change Common Controller Services ~ short span data Southbound Programming Layer (Common Models, NE communication, APIs) NE NE NE NE Infrastructure

More Related