Cisco Confidential 1 © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Prime Network Services Controller
Jan 19, 2015
Cisco Confidential 1© 2012 Cisco and/or its affiliates. All rights reserved.
Cisco Prime Network Services Controller
© 2012 Cisco and/or its affiliates. All rights reserved. 2
Agenda
• Background and Problem Statement
• Introducing Cisco Prime Network Controller
• Integration OverviewCisco Nexus 1000V Switch Series
Cisco Virtual Security Gateway
Cisco ASA 1000V Firewall
Cisco Cloud Services Router 1000V Series
• Why Cisco?
Cisco Public 3© 2012 Cisco and/or its affiliates. All rights reserved.
Background & Problem Statement
© 2012 Cisco and/or its affiliates. All rights reserved. 4
Business Opportunity
INFRASTRUCTURE LAYER
CONTROLLAYER
APPLICATION LAYER
Network DeviceNetwork Device Network Device
Network DeviceNetwork Device
Prime Network Controller
Network Services
Performance Mgmt.
Advanced Security
IPAddress Mgmt.Load BalancingDisaster Recovery
APIAPI
Control Data Plane Interface (e.g. OnePK)
• Worldwide cloud management software revenue will reach $2.5B in 2015 (source: IDC)
• Leverage control layer to deliver advanced cloud operations for network services
• Develop application vendor ecosystem
• Cisco as a provider of infrastructure and management
• Take advantage of Cisco sales motion and market footprint
© 2012 Cisco and/or its affiliates. All rights reserved. 5
Cloud Network Management Challenges
Resource Allocation
• Tenant Configuration• Allocate Compute (VMs, Memory,
CPU)• Allocate Network• Allocate Storage
Service Definition • Port profile Configuration
• Lay-out network topology• Edge GW (FW rules, VPN, DHCP,
NAT)• Load Balancers
Env. Set-Up
• System Installations (Servers, FW, LB)
• Assign User Privileges
Scaled Environments (VXLAN)
Silo vs. Central Management
Single vs Multi-Tenant
Static vs Dynamic
Hybrid Private/Public
Programmatic Networking
© 2012 Cisco and/or its affiliates. All rights reserved. 6
Cloud Network Management Challenges
Scaled Environments
Central Management
Multi Tenancy
Network Virtualization
Hybrid Private/Public
Programmatic Networking
New Operational Models
Service Definition • Port profile Configuration
• Lay-out network topology• Edge GW (FW rules, VPN, DHCP,
NAT)• Load Balancers and tenant
services
Resource Allocation
• Tenant Configuration• Allocate Compute (VMs, Memory,
CPU)• Allocate Network• Allocate Storage
Env. Set-Up
• System Installations (Servers, FW, LB)
• Assign User Privileges
VM Mobility e-w Traffic Dynamic VM Creation Different Hypervisor Networking
Models Segregation of Duties Network segmentation
Consolidate Management Compute/Network/Storage
Various Management Assets (EMS, Hypervisor Managers, Orchestrators)
Self-Service Automation
Co-existence of multiple Organizations
Segment Enterprise Mission Critical Systems
SP and Enterprise co-operate service management
High Scale customer environmentsNew Architectures Evolves to
support DemandsComplex service configuration
WAN/Core
© 2012 Cisco and/or its affiliates. All rights reserved. 7
Review: Network Management Challenges
Scaled Environments
Central Management
Multi-Tenancy
Network Virtualization
Hybrid / Private /Public
Programmatic Networking
New Operational Models
Cisco Public 8© 2012 Cisco and/or its affiliates. All rights reserved.
Introducing Cisco Prime Network Services Controller
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 9
What is Cisco Prime Network Controller?
Public Cloud
Construct a Hybrid Cloud environment, install and configure solution components w/ Nexus 1000V
Build a Hybrid Cloud Environment
Manage the day-to-day operation activitiesVM Operation
Ensure service availability and alert on service degradationService Assurance
Single place of operation supporting enterprisemanagement standardsSystem Management
Integrate with internal and external management systemsManagement Orchestration
Enterprise Data Center
Public Cloud
Tenant BEnterprise Private Cloud
© 2012 Cisco and/or its affiliates. All rights reserved. 10
Prime Network Controller Benefits• Address cloud management networking challenges
– Network virtualization
– New operational models
– Multi-tenancy
• Virtual and physical services support
• Hybrid cloud management
• Multi-vendor, multi-platform, multi-service
• Ecosystem – integration point to northbound management & orchestration systems
• SDK
– Infrastructure to support 3rd-party network services
– Increased feature customization and velocity
DHCP
NATDNS
IPSec VPN
Firewall
VirtualizationACL OSPF
StaticEIGRP
LB
BGP
IKE
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 11
CISCO AND THIRD-PARTY MANAGEMENT ECOSYSTEM
HYBRID CLOUD
Amazon
Azure
Terramark
Operation Management
MULTI-SERVICE
Prime Network Services Controller - Vision
Cisco Intelligent Automation for Cloud
Cisco UCS Director
N1KV InterCloud
VSG (Zone-Based
Firewall)
ASA1000V (Edge
Firewall)
CSR1000V
(L3 Router)
Third-Party Device
Image Management
Policy Management
Service Configuration
System Administration
License Management
Cisco Prime Network Services Controller
Service Chaining
Config Archive VM Lifecycle Change Audit Monitoring
Single API
IP Address Management
Capacity Management
Performance Management
vSphere HyperV KVM Xen
Multi-Hypervisor
OpenStack
VMware vCD
CloudStack
BMC CLM
Other
© 2012 Cisco and/or its affiliates. All rights reserved. 12
Cisco Cloud Initiatives – Prime Network Controller Coverage
Access Switching• N1KV• Integration for network
service management• vPath configuration• Service binding• Service chaining
Security• VSG, ASA1000V• Security policy
configuration• EMS (service monitoring,
service access point)• Image management
InterCloud
• VM mobility• VM lifecycle
management• System administration• License management• Monitoring• Reporting
Cloud Routing• CSR1000V, VPE• L3 cloud service routing• Policy configuration• Control plane for
distributed architecture
Service Insertion
• Load balancing, network performance, WAN optimization
• Cloud service insertion• Service policy
configuration• Control plane for service
placing in the network
Cisco Public© 2010 Cisco and/or its affiliates. All rights reserved. 13
Integration Overview: Cisco Nexus 1000V
© 2012 Cisco and/or its affiliates. All rights reserved. 14
Integration with Cisco Nexus 1000V• Accelerate virtualization and multi-
tenant cloud deployments
• Integrated into Vmware vSphere and Microsoft Hyper-V hypervisors
• Provides advanced virtual machine switching using .1Q switching technology
• vPath and VXLAN technologies
• Built on Cisco NX-OS
• Provides: policy based VM connection, mobile virtual machine security and network policy, and a non-disruptive operational model
vSphere
1000VVEM
1000V VSM
VM VM VM VM
Server
Physical Switches
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 15
PROVIDER CLOUDS
(Public / Utility / Community)
Nexus1000V InterCloud: Securely Extend Enterprise Environment into Provider Cloud
ENTERPRISE CLOUDS
(Private / Hosted / Managed)
Enterprise-Grade Crypto and Firewalling within & across cloudsSecure
SimpleTransparent Application Migration; Centralized Management
FlexibleChoice of Provider Clouds and Hypervisors
Cisco Prime
NetworkController
OtherTenants
VM
VM
VM
Nexus1000V
vSwitch
N1KV InterCloud
L2 VirtualPrivate Cloud
VM
VM
VM
N1KV InterCloud
Nexus Switching | IOS Routing | Network Services
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 16
Hybrid Cloud Management with VNMC InterCloud + Cisco Intelligent Automation for Cloud
Cisco Cloud Portal
Orchestrator manages workflow
across multiple cloud
environments
PrivateCloud
Public Cloud
Nexus 1000V (Platform layer)
Policy managerResource manager
Service registryVM Manager
Cloud Provider ManagerVM
VM
VM N1KV SwitchingFirewall, RoutingCrypto Secure
Tenant B
VNMC INTERCLOUD (MANAGEMENT LAYER)
(Integrationvia Northbound API)
(Workloads movedvia InterCloud)
Cisco Intelligent Automation for Cloud
User requests
cloud services via end-
user portal
Cisco Process
Orchestrator
© 2012 Cisco and/or its affiliates. All rights reserved. 17
Tenant BVirtual Private Cloud
Nexus 1000V InterCloud – Building Secure Hybrid Clouds
Network Transparency
Secure Tunnel and Network Overlay
Customer Control
Multi-Platform (Cloud, Hypervisor, Switch)
Consistent L4-7 Network Services
Single Management Interface
Workload Mobility
Secured Multi-Tenant Environment
Enterprise Data Center Public Cloud
© 2012 Cisco and/or its affiliates. All rights reserved. 18
Hybrid Cloud Use Cases
Seasonal Capacity, Events
Supplement/Geo-Specific Capacity
Upgrade and Migration
Disaster Recovery
Tenant BVirtual Private Cloud
Nexus 1000VSwitchingFirewall, Routing
© 2012 Cisco and/or its affiliates. All rights reserved. 19
Tenant BVirtual Private Cloud
Enterprise Data Center Public Cloud
Prime Network ControllerHybrid Cloud Management
Build InterCloud Environment Construct InterCloud environment, install and configure solution components
VM Operation Manage the day-to-day operation activities
Service Monitoring Monitor service availability and alert on service degradation
System Management Single place of operation supporting enterprise management standards
Management Integration Integrate with Cisco and 3rd party management systems
© 2012 Cisco and/or its affiliates. All rights reserved. 20
Modular Switch
…Linecard-N
Supervisor-1
Supervisor-2
Linecard-1
Linecard-2
Bac
k P
lane
Server 1 Server 2 Server 3
Nexus 1000V ArchitectureComparison to a Physical Switch
© 2012 Cisco and/or its affiliates. All rights reserved. 21
ESX ESX ESX
Modular Switch
…Linecard-N
Supervisor-1
Supervisor-2
Linecard-1
Linecard-2
Bac
k P
lane
Nexus 1000V ArchitectureMoving to a Virtual Environment
© 2012 Cisco and/or its affiliates. All rights reserved. 22
Hypervisor Hypervisor Hypervisor
Modular Switch
…Linecard-N
Supervisor-1
Supervisor-2
Linecard-1
Linecard-2
Bac
k P
lane
Nexus 1000 ArchitectureLinecards Virtual Ethernet Modules (VEMs)
VEM-NVEM-1 VEM-2
VSM: Virtual Supervisor ModuleVEM: Virtual Ethernet Module
• Server Virtualization Events Awareness
• L2 Advanced Switching (PortChannel, QOS, Security, Monitoring)
© 2012 Cisco and/or its affiliates. All rights reserved. 23
Hypervisor Hypervisor Hypervisor
Modular Switch
…Linecard-N
Supervisor-1
Supervisor-2
Linecard-1
Linecard-2
Bac
k P
lane
Nexus 1000 ArchitectureSupervisors Virtual Supervisor Modules (VSMs)
VSM1
VSM2
Virtual Appliance
VSM: Virtual Supervisor Module
VEM-NVEM-1 VEM-2
L2 M
ode
L3 M
ode
• VEMs Controller• Single Interface for
Configuration
© 2012 Cisco and/or its affiliates. All rights reserved. 24
Embedding Intelligence for Virtual Services vPath – Virtual Service Datapath
Virtual Appliance
VSM
VEM-1
vPath
VEM-2
vPath
L2 M
ode
L3 M
ode
Hypervisor Hypervisor
vPath• Virtual Service Datapath
VSG
• Virtual Security Gateway for N1K
ASA 1000V
• Virtual Edge Firewall
vWAAS
• Virtual WAAS
vWAAS VSG
vPath• Traffic Steering• Flexible Deployments• Network Service
Acceleration
Cisco Public© 2010 Cisco and/or its affiliates. All rights reserved. 25
Cisco Virtual Security Gateway (VSG) Overview
© 2012 Cisco and/or its affiliates. All rights reserved. 26
App
OS
App
OS
App
OS
App
OS
VM-to-VM traffic VM-to-VM traffic
Control inter-VM trafficAddress new blind spot
Enable Dynamic Provisioning
Mobility Transparent Enforcement
VLAN-agnostic OperationPolicy based
Administrative SegregationServer • Network • Security
Integration with VSG
© 2012 Cisco and/or its affiliates. All rights reserved. 27
Deployment Options in Virtualized/Cloud DC
Hypervisor
Traditional Service Nodes
Virtual Contexts
VLANs
Redirect VM traffic via VLANs to external (physical) firewall
AppServer
DatabaseServer
WebServer
AppServer
DatabaseServer
WebServer
VSN
Virtual Service Nodes
VSN
1 Apply hypervisor-basedvirtual network services2
Hypervisor
Virtual Service Nodes
© 2012 Cisco and/or its affiliates. All rights reserved. 28
Virtual NetworkManagement
Center(VNMC)
Virtual Security GatewayVirtual Firewall for Nexus 1000V
VM context aware rulesContext aware Security
Establish zones of trustZone based Controls
Policies follow vMotionDynamic, Agile
Efficient, Fast, Scale-out SWBest-in-class Architecture
Security team manages securityNon-Disruptive Operations
Central mgmt, scalable deployment, multi-tenancy
Policy Based Administration
Virtual Security
Gateway (VSG)
XML API, security profilesDesigned for Automation
© 2012 Cisco and/or its affiliates. All rights reserved. 29
Multi-tenant Scale-out DeploymentApply Security at Multiple Levels
Specify intra-tenant zoning policy with the appropriate deployment granularity Tenant-level, VDC-level, vApp-level
Tenant BTenant A
VDC
vApp
vApp
vSphereNexus 1000V
vPath
VDC
Virtual Network Management Center (VNMC)
Cisco Public© 2010 Cisco and/or its affiliates. All rights reserved. 30
Integration Overview: Cisco ASA1000V
© 2012 Cisco and/or its affiliates. All rights reserved. 31
Introducing Cisco ASA 1000V Cloud Firewall
Cisco® ASA 1000V Cloud Firewall
Secures the tenant edge in virtualized multi-tenant private and public clouds
© 2012 Cisco and/or its affiliates. All rights reserved. 32
Extending the Cisco ASA Adaptive Security Appliance Product Line End-to-End Security for Hybrid Infrastructure
Cisco ASA 5585-X
Cisco Catalyst® 6500 Series ASA Services
Module
• Scalable in-line performance
• Data center-edge security policies
• Flexible deployment options
Physical Appliances and ModulesCisco Multi-Scale™ data center-class Cisco® ASA devices
Cisco VSG Cisco ASA 1000V Cloud Firewall
• Proven firewall to secure your cloud
• Policies specific to the tenant edge to the virtual machine
• Automated, policy-based provisioning
Cloud FirewallEnhanced cloud security
Physical Virtual and Cloud
© 2012 Cisco and/or its affiliates. All rights reserved. 33
Cisco ASA 1000V Solution Features and Capabilities
Built using Cisco® ASA infrastructure
Interoperability with Cisco VSG through service chaining
VXLAN gateway
Multi-tenant management Through Cisco VNMC
IPsec VPN (site to site)
NAT
DHCP
Default gateway
Static routing
Stateful inspection
IP audit
Cisco Public© 2010 Cisco and/or its affiliates. All rights reserved. 34
Why Cisco?
© 2012 Cisco and/or its affiliates. All rights reserved. 35
6 Reasons to Choose Prime Network Controller1. Velocity:
• Prime Network Controller is a network service deployment product for Cloud and Virtualized environments
• Already used by more than 400 customers– proven enterprise scalability
• Real momentum and some big ambitions: expecting a few thousand Prime Network Controller customers in the next 24 months
2. Value: • Feature-rich and integral to major Cisco initiatives: e.g. Vinci, InterCloud, ONE
• Integration with Cisco Intelligent Automation for Cloud and Cloupia (and third-party management tools)
3. Control:• Prime Network Controller is the primary network control point for many cloud
management platform for enterprises and service providers
• One network controller that covers virtual network services and L2/L3
© 2012 Cisco and/or its affiliates. All rights reserved. 36
6 Reasons to Choose Prime Network Controller
4. Commitment: • Cisco is aligning product roadmaps and cloud management strategy
5. Legitimacy:• Full participant in the Cisco ONE strategy (for Software-Defined Networking)
• Building integration with onePK
• Role as a controller in the overlay network
• Built from the ground up with partnerships in mind
6. Extensible
© 2012 Cisco and/or its affiliates. All rights reserved. 37
Extensible by design• Hybrid cloud management
platform via cloud plug-ins
• Multi-vendor, multi-platform support via SDK’s
• Native hypervisor extension points
• Integration point to Cisco and 3rd party orchestration and management systems
PrimeNetwork
Controller
CloudPlug-In
(jclouds)
CloudProviders
Virtual and Physical Services
Hypervisors
Automation & Orchestration
ExternalSDK
EmbeddedFW (PA)
Extension &Packaging
RestNBI
ESB(JMS)
© 2012 Cisco and/or its affiliates. All rights reserved. 38
Prime Network Controller – Example Customers
© 2012 Cisco and/or its affiliates. All rights reserved. 39
Why Cisco?
Compute + Network + Storage + Management = Full stack delivery
• Consistency between physical and virtual infrastructure that spans across a hybrid cloud environment
Consistent policies
Consistent applications
Consistent environment
• Crypto-level security for workload mobility and transportation in a hybrid cloud
• End-to-End Network Hybrid Cloud Ecosystem via Northbound API (End-User Portal, Orchestration Engine, Workload Migration
Thank you.
Cisco Public© 2010 Cisco and/or its affiliates. All rights reserved. 41
Additional Resources
© 2012 Cisco and/or its affiliates. All rights reserved. 42
Resources
Cisco.com Cisco Support Community
• Cisco Prime Network Controller: NEW ADDRESS
• Cisco® ASA 1000V: www.cisco.com/go/asa
• Cisco Nexus® 1000V: www.cisco.com/go/1000v
• Cisco VSG: www.cisco.com/go/vsg
• Cisco CSR 1000V:www.cisco.com/go/csr1000v
• Extensive training materials and VODs on various VNMC topics are available at the Cisco Support Community: https://supportforums.cisco.com
© 2012 Cisco and/or its affiliates. All rights reserved. 43
Cisco Cloud Lab Hands-on Training and Demonstrations
Hands-on labs available for VNMC, Cisco® ASA
1000V, Cisco VSG, and Cisco Nexus® 1000V in
Cisco Cloud Lab
• https://cloudlab.cisco.com
• Open to all Cisco employees
• Customers and partners require sponsorship from
account team for access using Cisco.com login ID