WIXLIB

Cisco Application CentricInfrastructure RoadshowWednesday, 2. April 14

Cisco ACI Roadshow - Agenda§ Business and IT trends§ Cisco Open Network Environment (ONE)§ Lunch§ Cisco Application Centric Infrastructure (Data Center)§ Cisco APIC Enterprise Module (WAN & Access) 2013-2014 Cisco and/or its affiliates. All rights reserved.Cisco Confidential2

Cisco Open NetworkingEnvironmentWednesday, 2. April 14

Session objectives§ Understand Cisco ONE vision§ § § Comprehensive answer to SDNNew licensing scheme to simplify consumptionUnderstand the main Cisco ONE characteristics:§ § § Complete solution (as opposed to fragmented approaches)Open ecosystemOpen for customers (no architecture is forced upon them) 2013-2014 Cisco and/or its affiliates. All rights reserved.Cisco Confidential4

Simplify Application curity,Policy &ComplianceUNIFIED PLATFORMProvisioningInfrastructureSecurity& PolicyElementManagementData CenterWANAccessINFRASTRUCTURE 2013-2014 Cisco and/or its affiliates. All rights reserved.Cisco ONEServicesOrchestrationDCWANACCESSCisco Confidential5

Fragmented Approaches Creating Increased InfrastructureSecurity& PolicyDataSovereigntyVirtualServicesAPIsDCWAN 2013-2014 Cisco and/or its affiliates. All rights reserved.ACCESSHybrid CloudCisco Confidential6

Announcing the Cisco ONE PlatformEnabling Application Centric InfrastructureAPIsFaster application deploymentsProvisioningInfrastructureCisco ONE PLATFORMSecurityElement& PolicyManagementConsistency and agility across the EnterpriseImproved application availability with faster remediationIncreased security and productivity with automationAPIsDCWANACCESS 2013-2014 Cisco and/or its affiliates. All rights reserved.Cisco Confidential7

Cisco ONE Software PlatformCisco ONEAdvancedSecurity ServicesComprehensive Network Security and Threat DefenseCisco ONEAdvancedApplicationServicesPolicy-Based, Optimized End-to-End Application DeliveryCisco ONEFoundationACI Fabric, L2/L3 Services, Infrastructure ManagementCisco ONEEssentialsController, Virtual Switch, Northbound/Southbound APIsInfrastructureDomainsData Center 2013-2014 Cisco and/or its affiliates. All rights reserved.WANAccessCisco Confidential8

Cisco ONE Platform in the Data CenterCisco ONEAdvancedSecurity ServicesASAWeb/EmailCisco ONEAdvancedApplicationServicesCisco ONEFoundationCisco loudACI FabricUCS DirectorONE PKDevKitData Center 2013-2014 Cisco and/or its affiliates. All rights reserved.PrimeN1KVWANAccessCisco Confidential9

Cisco ONE Across WAN and AccessCisco ONEAdvancedSecurity ServicesASACisco ONEAdvancedApplicationServicesCisco ONEFoundationCisco ireInterCloudACI FabricUCS DirectorONE PKDevKitData Center 2013-2014 Cisco and/or its affiliates. All rights reserved.PrimeN1KVVPNFirewallCloudWeb SecurityISE/TrustSecAVCWAASUC GatewayAVCCSRPrimeONE PKWANDevKitAnyConnectCMXAP License,L2/L3 SwitchingPrimeONE PKDevKitAccessCisco Confidential10

Simplified Licensing with Logical SuitesCisco ONEAdvancedSecurity ServicesEnterprise Security SuiteCisco ONEAdvancedApplicationServicesCisco ONE Suitefor DCCisco ONE Suitefor WANCisco ONE Suitefor AccessCisco ONEFoundationData Center FoundationWAN FoundationAccess FoundationCisco ONEEssentialsInfrastructureDomainsIncluded with SmartNet and Collaborative ServicesData Center 2013-2014 Cisco and/or its affiliates. All rights reserved.WANAccessCisco Confidential11

Simplified Licensing with Logical SuitesCisco ONEAdvancedSecurity ServicesEnterprise Security SuiteCisco ONEAdvancedApplicationServicesCisco ONE Suitefor DCCisco ONE Suitefor WANCisco ONE Suitefor AccessCisco ONEFoundationData Center FoundationWAN FoundationAccess FoundationCisco ONEEssentialsInfrastructureDomainsIncluded with SmartNet and Collaborative ServicesData Center 2013-2014 Cisco and/or its affiliates. All rights reserved.WANAccessCisco Confidential12

When is this Available?Announced in FebruaryCisco ONE PlatformCisco InterCloudCisco APIC EnterpriseModule 2013-2014 Cisco and/or its affiliates. All rights reserved.Spring/Summer 2014Pricing & Offer DetailsAPIC ControllerAvailabilityEnterprise ModuleAvailabilityFall/Winter 2014Cisco ONE PlatformAvailabilityELA & SubscriptionLicensing ModelsInterCloud AvailabilityCisco Confidential13

Cisco ONE partner communityIntroducing Cisco DevNetTo Create a Community of Software Developers who Leverage CiscoTechnology in Their WorkInnovative Apps Compelling AppsInnovative & Compelling AppsEngineeringSDKsDeveloper SupportCommunity ManagementAPI DevelopmentONE DevKitCommon Northbound APIsCross Platform SupportAccess to Testing LabStrategic and Tactical MarketingDevNet PortalLiveCiscoCommunity &DevNetIntegrationONE tHackathon(May)DecJanFebMarApr 2013-2014 Cisco and/or its affiliates. All rights reserved.DevNetPortalDevNet APIs andSDKsDevNet Sandbox PlatformCisco Confidential14

2013-2014 Cisco and/or its affiliates. All rights reserved.Cisco Confidential15

“Cisco is late to the SDN game” laterals/Press Releases/2013/20131021 ITBrandPulse InnovationLeaderAwards.pdf 2013-2014 Cisco and/or its affiliates. All rights reserved.Cisco Confidential16

Cisco ONE: Infrastructure ProgrammabilityIf you want you can program, but you don’t need toVisibilityAutomation andOrchestrationProgrammable Puppet Chef NX-API JSON-RPC OpenStack network plugin XML/JSON Python scripting OpenDaylight integration XMPP support Dynamic buffer monitoring Enhanced Ethanalyzer SMTP email “pipe” output Embedded Event Manager (EEM) Flow monitoring vTracker Customizable CLIs BASH access Broadcom shell access Linux containers OpenFlow support Cisco onePK SNMP (v1, v2, v3), Syslog, NETCONF, RMON, CLI 2013-2014 Cisco and/or its affiliates. All rights reserved.Cisco Confidential17

Did you know?“Managing Cisco Devices using Puppet”:http://www.youtube.com/watch?v ai 93hUlmt0 2013-2014 Cisco and/or its affiliates. All rights reserved.Cisco Confidential18

Quiz:When did Cisco include into IOS programmability with“Embedded Event Manager” (TCL scripts) ? 2000 2013-2014 Cisco and/or its affiliates. All rights reserved.Cisco Confidential19

Open DaylightCisco’s reference for controller architecture§ Open-source controller§ Main industry players support theinitiative§ Multiple northbound andsouthbound APIs§ Base controller code provided byCisco§ Cisco will provide commercialversions of Open Daylight 2013-2014 Cisco and/or its affiliates. All rights reserved.Cisco Confidential20

Traditional traffic visibility in the DCLacking flexibility and scalabilityAnalysis appliances / modules(like Cisco NAM)Challenges: Some people need more analysis appliances (like IDS, Web site analytics, ad hoc Wireshark fortroubleshooting, etc) In many DCs the bandwidth to analyze exceeds the capacity of a single appliance: a scale-out approach isrequired 2013-2014 Cisco and/or its affiliates. All rights reserved.Cisco Confidential21

Solution: create a monitoring networkAll production traffic is sent via SPAN or TAPs to the monitoring networkNAM appliances“SPANaggregatorswitch”Other analysis appliances(IDS, Wireshark, etc)General purpose switch (unflexible)OrPurpose-built switch (expensive)Challenges: The configuration of the SPAN aggregator switch becomes “interesting” What if you need two SPAN aggregator switches? 2013-2014 Cisco and/or its affiliates. All rights reserved.Cisco Confidential22

SPAN aggregator switch: life can be hard Using a standard Ethernet switch as SPAN aggregator has limitations“SPAN aggregatorswitch”Analysis appliances(Troubleshooting, IDS,Performance, Wireshark, etc)Traffic selectively forwarded tospecific appliancesProduction networkdevicesTraffic coming fromTAPs or SPAN sessions N ingress ports (as many as switches in the production network) M egress ports (as many as analysis appliances) Forwarding rules examples: Send all traffic to appliances 1 and 2 Send HTTP traffic to appliance 3 Send Applications X and Y to appliance 4 Have you tried to do the above with VLANs/VACLs? 2013-2014 Cisco and/or its affiliates. All rights reserved. What if you need 2 SPAN aggregator switches?Cisco Confidential23

Example with Cisco commercial version of Open DaylightController Application: TAP aggregator using OpenFlowCisco Network AnalysisModules s 3000Other analysis appliances(IDS, Wireshark, etc)MonitoringNetworkProductionNetwork§ Introduce OpenFlow non-intrusively in your organization§ Cost-effective, flexible solution to gain more intelligence out of your networktraffic: gain visibility into what is going one in your network! 2013-2014 Cisco and/or its affiliates. All rights reserved.Cisco Confidential24

2013-2014 Cisco and/or its affiliates. All rights reserved.Cisco Confidential25

Network architectures in the DCFederatedCloudsApplication CentricInfrastructureNetwork FabricsVirtual NetworkingCisco Open Network EnvironmentSupportedinfrastructur Full Cisco Nexus portfolioe 2013-2014 Cisco and/or its affiliates. All rights reserved.AnythingCisco Nexus 9000Cisco Confidential2626

NetworkFabricsData Center Network Fabrics§ Scalable, flexible networks§ Technology examples:§ Virtual Port Channels enable non-blocking redundant architectures§ Fabric Extenders enable management simplification§ FabricPath enables flexible L2 topologies like spine/leaf or large domains§ Unified Ports and FCoE enable consolidation of storage and data fabrics§ BiDi optics enable low-cost transition to 40GbE§ With a rich switching portfolio to meet every need§ Dynamic Fabric Automation takes a DC network to the next level 2013-2014 Cisco and/or its affiliates. All rights reserved.Cisco Confidential27

Data Center Network FabricsDynamic Fabric Automation: the next tworkingNetworkFabricsVirtual FabricsDFA consists of four modules, that can be deployed individually or together for acomprehensive solutionCentralized ManagementXMPPZero-touch provisioningCable consistency checks 2013-2014 Cisco and/or its affiliates. All rights reserved.Orchestration integrationWorkload-aware fabricAutomated provisioningAny subnet anywhereReduced failure domainsScalable MultitenancyCisco Confidential28

VirtualNetworkingCisco Virtual NetworkingCiscoVirtualSecurityGateway(VSG)Zone AASA1000VCloudFirewallTenant calerVPXImpervaSecureSphereWAFZone BvPathNexus 1000VVXLANMulti-Hypervisor (VMware, Microsoft*, RedHat*, Citrix*)Any Physical Infrastructure (Compute, Network, Storage)Nexus 1000VSecurity Distributed switch Zone-based FW NX-OS Edge FWconsistencyApplication Applicationvisibility ApplicationperformanceRouting Virtual router WAN L3 gateway Routing andEcosystemServices Citrix NetScalerVPX virtual ADC Imperva WebInterCloud Flexible HybridCloudApp. FirewallVPN WAN optimization 2013-2014 Cisco and/or its affiliates. All rights reserved.Cisco Confidential29

Innovation Example: Cisco VXLAN GatewaysVirtualNetworkingConnecting physical workloads to a virtual overlayL3 VXLAN gateway: L3 services VM (CSR 1Kv /ASAv)L2 VXLAN gateway on Nexus 1110L2 VXLAN gateway on physical switchL3 VXLAN gateway on physical switch 2013-2014 Cisco and/or its affiliates. All rights reserved.Cisco Confidential30

VirtualNetworkingExample: Cisco IntercloudData CenterCloud ServicesPrivate CloudPublic CloudHybrid Cloud: The Best of Both WorldsDev/Test: Quickly develop in cloud and run production in data centerCapacity Augmentation: Build the base and rent the peakDisaster Recovery: Deliver as a service, reduce complexity and cost 2013-2014 Cisco and/or its affiliates. All rights reserved.Cisco Confidential31

VirtualNetworkingCurrent ApproachesOpen Workload MobilityProvidersCustomerOpenChoiceHomogeneous CustomCiscoInterCloud 2013-2014 Cisco and/or its affiliates. All rights reserved.vCloud Hybrid Services Cisco Confidential32