Cisco Prime Network Services Controller

Cisco Confidential 1© 2012 Cisco and/or its affiliates. All rights reserved.

Cisco Prime Network Services Controller

© 2012 Cisco and/or its affiliates. All rights reserved. 2

Agenda

• Background and Problem Statement

• Introducing Cisco Prime Network Controller

• Integration OverviewCisco Nexus 1000V Switch Series

Cisco Virtual Security Gateway

Cisco ASA 1000V Firewall

Cisco Cloud Services Router 1000V Series

• Why Cisco?

Cisco Public 3© 2012 Cisco and/or its affiliates. All rights reserved.

Background & Problem Statement


Business Opportunity

INFRASTRUCTURE LAYER

CONTROLLAYER

APPLICATION LAYER

Network DeviceNetwork Device Network Device

Network DeviceNetwork Device

Prime Network Controller

Network Services

Performance Mgmt.

Advanced Security

IPAddress Mgmt.Load BalancingDisaster Recovery

APIAPI

Control Data Plane Interface (e.g. OnePK)

• Worldwide cloud management software revenue will reach $2.5B in 2015 (source: IDC)

• Leverage control layer to deliver advanced cloud operations for network services

• Develop application vendor ecosystem

• Cisco as a provider of infrastructure and management

• Take advantage of Cisco sales motion and market footprint


Cloud Network Management Challenges

Resource Allocation

• Tenant Configuration• Allocate Compute (VMs, Memory,

CPU)• Allocate Network• Allocate Storage

Service Definition • Port profile Configuration

• Lay-out network topology• Edge GW (FW rules, VPN, DHCP,

NAT)• Load Balancers

Env. Set-Up

• System Installations (Servers, FW, LB)

• Assign User Privileges

Scaled Environments (VXLAN)

Silo vs. Central Management

Single vs Multi-Tenant

Static vs Dynamic

Hybrid Private/Public

Programmatic Networking


Cloud Network Management Challenges

Scaled Environments

Central Management

Multi Tenancy

Network Virtualization

Hybrid Private/Public


New Operational Models

Service Definition • Port profile Configuration

• Lay-out network topology• Edge GW (FW rules, VPN, DHCP,

NAT)• Load Balancers and tenant

services

Resource Allocation

• Tenant Configuration• Allocate Compute (VMs, Memory,

CPU)• Allocate Network• Allocate Storage

Env. Set-Up

• System Installations (Servers, FW, LB)

• Assign User Privileges

VM Mobility e-w Traffic Dynamic VM Creation Different Hypervisor Networking

Models Segregation of Duties Network segmentation

Consolidate Management Compute/Network/Storage

Various Management Assets (EMS, Hypervisor Managers, Orchestrators)

Self-Service Automation

Co-existence of multiple Organizations

Segment Enterprise Mission Critical Systems

SP and Enterprise co-operate service management

High Scale customer environmentsNew Architectures Evolves to

support DemandsComplex service configuration

WAN/Core


Review: Network Management Challenges

Scaled Environments

Central Management

Multi-Tenancy

Network Virtualization

Hybrid / Private /Public


New Operational Models

Cisco Public 8© 2012 Cisco and/or its affiliates. All rights reserved.

Introducing Cisco Prime Network Services Controller

© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 9

What is Cisco Prime Network Controller?

Public Cloud

Construct a Hybrid Cloud environment, install and configure solution components w/ Nexus 1000V

Build a Hybrid Cloud Environment

Manage the day-to-day operation activitiesVM Operation

Ensure service availability and alert on service degradationService Assurance

Single place of operation supporting enterprisemanagement standardsSystem Management

Integrate with internal and external management systemsManagement Orchestration

Enterprise Data Center

Public Cloud

Tenant BEnterprise Private Cloud


Prime Network Controller Benefits• Address cloud management networking challenges

– Network virtualization

– New operational models

– Multi-tenancy

• Virtual and physical services support

• Hybrid cloud management

• Multi-vendor, multi-platform, multi-service

• Ecosystem – integration point to northbound management & orchestration systems

• SDK

– Infrastructure to support 3rd-party network services

– Increased feature customization and velocity

DHCP

NATDNS

IPSec VPN

Firewall

VirtualizationACL OSPF

StaticEIGRP

LB

BGP

IKE


CISCO AND THIRD-PARTY MANAGEMENT ECOSYSTEM

HYBRID CLOUD

Amazon

Azure

Terramark

Operation Management

MULTI-SERVICE

Prime Network Services Controller - Vision

Cisco Intelligent Automation for Cloud

Cisco UCS Director

N1KV InterCloud

VSG (Zone-Based

Firewall)

ASA1000V (Edge

Firewall)

CSR1000V

(L3 Router)

Third-Party Device

Image Management

Policy Management

Service Configuration

System Administration

License Management

Cisco Prime Network Services Controller

Service Chaining

Config Archive VM Lifecycle Change Audit Monitoring

Single API

IP Address Management

Capacity Management

Performance Management

vSphere HyperV KVM Xen

Multi-Hypervisor

OpenStack

VMware vCD

CloudStack

BMC CLM

Other


Cisco Cloud Initiatives – Prime Network Controller Coverage

Access Switching• N1KV• Integration for network

service management• vPath configuration• Service binding• Service chaining

Security• VSG, ASA1000V• Security policy

configuration• EMS (service monitoring,

service access point)• Image management

InterCloud

• VM mobility• VM lifecycle

management• System administration• License management• Monitoring• Reporting

Cloud Routing• CSR1000V, VPE• L3 cloud service routing• Policy configuration• Control plane for

distributed architecture

Service Insertion

• Load balancing, network performance, WAN optimization

• Cloud service insertion• Service policy

configuration• Control plane for service

placing in the network

Cisco Public© 2010 Cisco and/or its affiliates. All rights reserved. 13

Integration Overview: Cisco Nexus 1000V


Integration with Cisco Nexus 1000V• Accelerate virtualization and multi-

tenant cloud deployments

• Integrated into Vmware vSphere and Microsoft Hyper-V hypervisors

• Provides advanced virtual machine switching using .1Q switching technology

• vPath and VXLAN technologies

• Built on Cisco NX-OS

• Provides: policy based VM connection, mobile virtual machine security and network policy, and a non-disruptive operational model

vSphere

1000VVEM

1000V VSM

VM VM VM VM

Server

Physical Switches


PROVIDER CLOUDS

(Public / Utility / Community)

Nexus1000V InterCloud: Securely Extend Enterprise Environment into Provider Cloud

ENTERPRISE CLOUDS

(Private / Hosted / Managed)

Enterprise-Grade Crypto and Firewalling within & across cloudsSecure

SimpleTransparent Application Migration; Centralized Management

FlexibleChoice of Provider Clouds and Hypervisors

Cisco Prime

NetworkController

OtherTenants

VM

VM

VM

Nexus1000V

vSwitch

N1KV InterCloud

L2 VirtualPrivate Cloud

VM

VM

VM

N1KV InterCloud

Nexus Switching | IOS Routing | Network Services


Hybrid Cloud Management with VNMC InterCloud + Cisco Intelligent Automation for Cloud

Cisco Cloud Portal

Orchestrator manages workflow

across multiple cloud

environments

PrivateCloud

Public Cloud

Nexus 1000V (Platform layer)

Policy managerResource manager

Service registryVM Manager

Cloud Provider ManagerVM

VM

VM N1KV SwitchingFirewall, RoutingCrypto Secure

Tenant B

VNMC INTERCLOUD (MANAGEMENT LAYER)

(Integrationvia Northbound API)

(Workloads movedvia InterCloud)

Cisco Intelligent Automation for Cloud

User requests

cloud services via end-

user portal

Cisco Process

Orchestrator


Tenant BVirtual Private Cloud

Nexus 1000V InterCloud – Building Secure Hybrid Clouds

Network Transparency

Secure Tunnel and Network Overlay

Customer Control

Multi-Platform (Cloud, Hypervisor, Switch)

Consistent L4-7 Network Services

Single Management Interface

Workload Mobility

Secured Multi-Tenant Environment

Enterprise Data Center Public Cloud


Hybrid Cloud Use Cases

Seasonal Capacity, Events

Supplement/Geo-Specific Capacity

Upgrade and Migration

Disaster Recovery


Nexus 1000VSwitchingFirewall, Routing



Enterprise Data Center Public Cloud

Prime Network ControllerHybrid Cloud Management

Build InterCloud Environment Construct InterCloud environment, install and configure solution components

VM Operation Manage the day-to-day operation activities

Service Monitoring Monitor service availability and alert on service degradation

System Management Single place of operation supporting enterprise management standards

Management Integration Integrate with Cisco and 3rd party management systems


Modular Switch

…Linecard-N

Supervisor-1

Supervisor-2

Linecard-1

Linecard-2

Bac

k P

lane

Server 1 Server 2 Server 3

Nexus 1000V ArchitectureComparison to a Physical Switch


ESX ESX ESX

Modular Switch

…Linecard-N

Supervisor-1

Supervisor-2

Linecard-1

Linecard-2

Bac

k P

lane

Nexus 1000V ArchitectureMoving to a Virtual Environment


Hypervisor Hypervisor Hypervisor

Modular Switch

…Linecard-N

Supervisor-1

Supervisor-2

Linecard-1

Linecard-2

Bac

k P

lane

Nexus 1000 ArchitectureLinecards Virtual Ethernet Modules (VEMs)

VEM-NVEM-1 VEM-2

VSM: Virtual Supervisor ModuleVEM: Virtual Ethernet Module

• Server Virtualization Events Awareness

• L2 Advanced Switching (PortChannel, QOS, Security, Monitoring)


Hypervisor Hypervisor Hypervisor

Modular Switch

…Linecard-N

Supervisor-1

Supervisor-2

Linecard-1

Linecard-2

Bac

k P

lane

Nexus 1000 ArchitectureSupervisors Virtual Supervisor Modules (VSMs)

VSM1

VSM2

Virtual Appliance

VSM: Virtual Supervisor Module

VEM-NVEM-1 VEM-2

L2 M

ode

L3 M

ode

• VEMs Controller• Single Interface for

Configuration


Embedding Intelligence for Virtual Services vPath – Virtual Service Datapath

Virtual Appliance

VSM

VEM-1

vPath

VEM-2

vPath

L2 M

ode

L3 M

ode

Hypervisor Hypervisor

vPath• Virtual Service Datapath

VSG

• Virtual Security Gateway for N1K

ASA 1000V

• Virtual Edge Firewall

vWAAS

• Virtual WAAS

vWAAS VSG

vPath• Traffic Steering• Flexible Deployments• Network Service

Acceleration


Cisco Virtual Security Gateway (VSG) Overview


App

OS

App

OS

App

OS

App

OS

VM-to-VM traffic VM-to-VM traffic

Control inter-VM trafficAddress new blind spot

Enable Dynamic Provisioning

Mobility Transparent Enforcement

VLAN-agnostic OperationPolicy based

Administrative SegregationServer • Network • Security

Integration with VSG


Deployment Options in Virtualized/Cloud DC

Hypervisor

Traditional Service Nodes

Virtual Contexts

VLANs

Redirect VM traffic via VLANs to external (physical) firewall

AppServer

DatabaseServer

WebServer

AppServer

DatabaseServer

WebServer

VSN

Virtual Service Nodes

VSN

1 Apply hypervisor-basedvirtual network services2

Hypervisor

Virtual Service Nodes


Virtual NetworkManagement

Center(VNMC)

Virtual Security GatewayVirtual Firewall for Nexus 1000V

VM context aware rulesContext aware Security

Establish zones of trustZone based Controls

Policies follow vMotionDynamic, Agile

Efficient, Fast, Scale-out SWBest-in-class Architecture

Security team manages securityNon-Disruptive Operations

Central mgmt, scalable deployment, multi-tenancy

Policy Based Administration

Virtual Security

Gateway (VSG)

XML API, security profilesDesigned for Automation


Multi-tenant Scale-out DeploymentApply Security at Multiple Levels

Specify intra-tenant zoning policy with the appropriate deployment granularity Tenant-level, VDC-level, vApp-level

Tenant BTenant A

VDC

vApp

vApp

vSphereNexus 1000V

vPath

VDC

Virtual Network Management Center (VNMC)


Integration Overview: Cisco ASA1000V


Introducing Cisco ASA 1000V Cloud Firewall

Cisco® ASA 1000V Cloud Firewall

Secures the tenant edge in virtualized multi-tenant private and public clouds


Extending the Cisco ASA Adaptive Security Appliance Product Line End-to-End Security for Hybrid Infrastructure

Cisco ASA 5585-X

Cisco Catalyst® 6500 Series ASA Services

Module

• Scalable in-line performance

• Data center-edge security policies

• Flexible deployment options

Physical Appliances and ModulesCisco Multi-Scale™ data center-class Cisco® ASA devices

Cisco VSG Cisco ASA 1000V Cloud Firewall

• Proven firewall to secure your cloud

• Policies specific to the tenant edge to the virtual machine

• Automated, policy-based provisioning

Cloud FirewallEnhanced cloud security

Physical Virtual and Cloud


Cisco ASA 1000V Solution Features and Capabilities

Built using Cisco® ASA infrastructure

Interoperability with Cisco VSG through service chaining

VXLAN gateway

Multi-tenant management Through Cisco VNMC

IPsec VPN (site to site)

NAT

DHCP

Default gateway

Static routing

Stateful inspection

IP audit


Why Cisco?


6 Reasons to Choose Prime Network Controller1. Velocity:

• Prime Network Controller is a network service deployment product for Cloud and Virtualized environments

• Already used by more than 400 customers– proven enterprise scalability

• Real momentum and some big ambitions: expecting a few thousand Prime Network Controller customers in the next 24 months

2. Value: • Feature-rich and integral to major Cisco initiatives: e.g. Vinci, InterCloud, ONE

• Integration with Cisco Intelligent Automation for Cloud and Cloupia (and third-party management tools)

3. Control:• Prime Network Controller is the primary network control point for many cloud

management platform for enterprises and service providers

• One network controller that covers virtual network services and L2/L3


6 Reasons to Choose Prime Network Controller

4. Commitment: • Cisco is aligning product roadmaps and cloud management strategy

5. Legitimacy:• Full participant in the Cisco ONE strategy (for Software-Defined Networking)

• Building integration with onePK

• Role as a controller in the overlay network

• Built from the ground up with partnerships in mind

6. Extensible


Extensible by design• Hybrid cloud management

platform via cloud plug-ins

• Multi-vendor, multi-platform support via SDK’s

• Native hypervisor extension points

• Integration point to Cisco and 3rd party orchestration and management systems

PrimeNetwork

Controller

CloudPlug-In

(jclouds)

CloudProviders

Virtual and Physical Services

Hypervisors

Automation & Orchestration

ExternalSDK

EmbeddedFW (PA)

Extension &Packaging

RestNBI

ESB(JMS)


Prime Network Controller – Example Customers


Why Cisco?

Compute + Network + Storage + Management = Full stack delivery

• Consistency between physical and virtual infrastructure that spans across a hybrid cloud environment

Consistent policies

Consistent applications

Consistent environment

• Crypto-level security for workload mobility and transportation in a hybrid cloud

• End-to-End Network Hybrid Cloud Ecosystem via Northbound API (End-User Portal, Orchestration Engine, Workload Migration

Thank you.


Additional Resources


Resources

Cisco.com Cisco Support Community

• Cisco Prime Network Controller: NEW ADDRESS

• Cisco® ASA 1000V: www.cisco.com/go/asa

• Cisco Nexus® 1000V: www.cisco.com/go/1000v

• Cisco VSG: www.cisco.com/go/vsg

• Cisco CSR 1000V:www.cisco.com/go/csr1000v

• Extensive training materials and VODs on various VNMC topics are available at the Cisco Support Community: https://supportforums.cisco.com

http://www.cisco.com/go/asa

http://www.cisco.com/go/1000v

http://www.cisco.com/go/vsg

http://www.cisco.com/go/csr1000v

https://supportforums.cisco.com/




Cisco Cloud Lab Hands-on Training and Demonstrations

Hands-on labs available for VNMC, Cisco® ASA

1000V, Cisco VSG, and Cisco Nexus® 1000V in

Cisco Cloud Lab

• https://cloudlab.cisco.com

• Open to all Cisco employees

• Customers and partners require sponsorship from

account team for access using Cisco.com login ID

https://cloudlab.cisco.com/

Cisco Prime Network Services Controller

Technology

cisco andor

cisco public

cisco confidential

party network services

service availability

hybrid cloud environment

advanced cloud operations

system installations