Service Oriented Data Center Mike Younkers SSEM, National Programs Operation DC_End-to-End © 2007vn Cisco Systems, Inc.
Download ReportTranscript Service Oriented Data Center Mike Younkers SSEM, National Programs Operation DC_End-to-End © 2007vn Cisco Systems, Inc.
Slide 1
Service Oriented
Data Center
Mike Younkers
SSEM, National Programs Operation
DC_End-to-End
© 2007vn Cisco Systems, Inc. All rights reserved.
Cisco Confidential
1
Slide 2
What is the Data Center ?
The Data Center is what
happens between mouse
click…
and screen refresh!
DC_End-to-End
© 2007 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
2
Slide 3
The Data Center is Evolving (again)
DC Importance
Mainframe
Client Server
ServiceOriented
Web / n-Tier
Monolithic Infrastructure
Proprietary Platforms
Tightly Coupled App’s
Direct Attached Storage
Automated
Virtualized Infrastructure
Assembly from ‘Pools’
Standard Components
Service-Oriented App’s
Distributed Infrastructure
Server Proliferation
Web Facing Applications
Storage Aggregation
Server-Centric New DC Infrastructure Requirements Service-Centric
DC_End-to-End
© 2007 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
3
Slide 4
Evolution of the Data Center Infrastructure
Phased Approach
Data
Network
LAN
WAN
MAN
Server
Storage Fabric
Network Network
SAN
HPC
Cluster
GRID
Intelligent
Information
Network
Enterprise
Applications
Dynamic Provisioning and
Information Lifecyle
Management (ILM) to Enable
Business Agility
VIRTUALIZATION
Management of Resources
Independent of Underlying
Physical Infrastructure to
Increase Utilization,
Efficiency and Flexibility
DC_End-to-End
© 2007 Cisco Systems, Inc. All rights reserved.
Business Policies
On-Demand
Service Oriented
Compute
Network
CONSOLIDATION
Centralization and
Standardization to
Lower Costs, Improve
Efficiency and Uptime
AUTOMATION
Storage
Compute Network Storage
Cisco Confidential
4
Slide 5
Data Center Strategy and Evolution
Virtualization
Consolidation
Automation
Virtualization
• Scale
• Net-Centric Server
Evolution
• Performance
• Density
• Power Savings
• Availability
• Service Velocity
• Operational
Manageability
• Opex Alignment
• Inline Data
Protection
• Capital Utilization
Improvement
• Separation of Policy
and Forwarding
• Investment
Protection
• Unified Network Fabric
• Integrated Provisioning
DC_End-to-End
© 2007 Cisco Systems, Inc. All rights reserved.
Innovation
and
Integration
Cisco Confidential
• Virtual Machine
Network Coupling
• Data Center Class Platform
• Integrated Services
5
5
Slide 6
What does a SODC Deliver?:
Intelligent Management Fabric
Automatic data center infrastructure provisioning based on a set of pre-defined
policies/business rules.
On-Demand Utilities
Data center resources are drawn from a shared pool when needed, and returned
when not. Business units/application owners are only charged for the resources
they consume, eliminating redundant resource expenses.
Rapid Delivery of Services
Cisco’s SODC provisions new processing or storage resources to meet an
application's new requirements within minutes, rather than weeks or months.
Resource Optimization
Storage, servers and applications are optimized for maximized reliability,
availability and serviceability.
End-to-End Security
Robust, easily managed security solution ensures highly sensitive proprietary
data is accessed only by those with appropriate clearance
DC_End-to-End
© 2007 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
6
Slide 7
How does a SODC Support Mission
Objectives:
High Availability
Automatic resource provisioning and reduced client-impacting service outage
times.
Enhanced Continuity
Intelligent security applications based on data type and criticality ensure robust
transmission and monitoring.
Improved Agility
Capacity aligned to demand easily adapts to changing mission requirements and
enables scaling on new resources in minutes instead of days.
Lower TCO
Significantly reduce server and data center operating expenses by lowering
system administrative overhead, diminishing the number of dedicated compute
hosts and utilizing inexpensive commodity hardware.
DC_End-to-End
© 2007 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
7
Slide 8
What Does A SODC Look Like?
Compartment A
Compartment B
Compartment C
Server
Consolidation
Web
Servers
Data Center
Headquarters
DWDM
Network
VPN
Remote
Worker
IP
WAN
Web
Servers
Data Center
Branch
Compartment A
Compartment B
Compartment C
DC_End-to-End
© 2007 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
8
Slide 9
Data Center Overview
HPC
Applications
Back End
Back End
SAN
Front End
LAN
N-Tier
Applications
SAN
Integrated Application Optimization
Server Clusters
Integrated Security
FC/
FC/
iSCSI
iSCSI
SAN
SAN
Web Servers
Resilient
IP
VPN
ACNS
Firewall
MDS
GSS
SSL
RAID
RAID
Tape
Tape
CSS/ACE
App Servers
GE/10GE
DB Servers
Metro Network
DWDM/SONET/Ethernet
DC_End-to-End
© 2007 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
Anomaly
Detect/Guard IDS
WAAS
MDS
Backup Data Center
9
Slide 10
Services Embedded in the Fabric
Low Latency
RDMA
Application
Control Engine
Virtual I/O
EMBEDDED COMPUTE SERVICES
SFS
7000
SSL Off-load
Server
Load Balancing
Application
Message Services
EMBEDDED APPLICATION NETWORK SERVICES
Management and Provisioning
Framework
Catalyst
AVS
High Performance
Compute (HPC) Clusters
WAAS
Internet
MPLS VPN
IPSEC/SSL VPN
SFS
3000
SERVER
NETWORK
Blade Servers UNIX/NT Servers
Mainframes
DDOS Guard
Firewall Services
Intrusion
Prevention
Secure Virtual
Fabrics
EMBEDDED SECURITY SERVICES
Enterprise Applications
EMPLOYEE / PARTNER / CUSTOMER
ACCESS NETWORK
ONS 15000
SONET/SDH
xWDM
Metro Ethernet
FCIP
MDS 9500
STORAGE AREA
NETWORK
Storage & Tape Arrays
DC_End-to-End
© 2007 Cisco Systems, Inc. All rights reserved.
DATA CENTER
INTERCONNECT NETWORK
Fabric Hosted
Applications
Storage
Virtualization
Fabric Assisted
Applications
Data Replication
Services
EMBEDDED STORAGE SERVICES
Cisco Confidential
Fibre Channel
Infiniband
GE / 10GE
FICON
10
Slide 11
PLM
CRM
ERP
HCM
Procurement
SCM
COLLABORATION
LAYER
APPLICATION
LAYER
The Data Center is a Proof Point for SONA
Instant
Messaging
Contact
Center
Unified
Rich Media
Messaging Conferencing
Video
Telephony
Unified
Comm.
Clients
NETWORKED
INFRASTRUCTURE
LAYER
DC_End-to-End
Fabric Hosted
Applications
DDOS Guard
Protocol
Application-Oriented
Optimization
ApplicationIntrusion
Delivery
Fabric Assisted
Prevention
Applications
Security ServicesFirewall
Storage
Virtualization
Mobility ServicesServices
Secure Virtual
Data Replication
Fabrics
Services Storage Services
SSL Off-load
Infrastructure
Services
Application
Message Services
Data
Center
Branch
Identity Services
EMBEDDED COMPUTE
SERVICES
Enterprise
WAN/MAN Teleworker
Edge
Building Control network & Physical Security
SFS Family
Server
© 2007 Cisco Systems, Inc. All rights reserved.
Catalyst Family
Storage
Cisco Confidential
RDMA
Unified Communication
Services
Virtual I/O
Compute Services
EMBEDDED SECURITY
EMBEDDED APPLICATION
Network
Infrastructure
Virtualization
SERVICES
NETWORK SERVICES
EMBEDDED STORAGE
SERVICES
Campus
Server
Load Balancing
Low Latency
Networking
Adaptive Management
Services
Services Management
INTERACTIVE
SERVICES
LAYER
Middleware and Application Platforms
MDS Family
Clients
ONS Family
Routing
11
Slide 12
Architecture Framework
Three functional areas map to access control, path isolation, and services edge.
Functions
Access Control
Branch - Campus
Path Isolation
Services Edge
WAN - MAN - Campus
Data Center - Campus
1. Identify and authenticate
client
2. Isolate into a segment
3. Grant/prevent access
1. Map client VLAN to
transport technology
2. Transport client traffic
through isolated path
GRE
3. Terminate isolated path at
destination edge
MPLS
VRFs
1. Map isolated path to
destination VLAN
2. Apply policy at VLAN entry
point
3. Isolate application
environments
Compartment A
Compartment B
Compartment C
DC_End-to-End
© 2007 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
12
Slide 13
Access Control
Objective
Authenticate users or devices logging
onto the network
Process
Identify endpoints
Authorize onto the network through port
activation
Associate endpoint to specified user
group
Primary authentication scenarios
Client-based authentication for endpoints
with client software
Clientless authentication for endpoints
without client software
DC_End-to-End
© 2007 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
13
Slide 14
Path Isolation
Objective
Isolate traffic, so that users only have
access to designated data and resources
Process
Using separate Layer 2 domains to logically
isolate traffic negates scalability and
modularity benefits of hierarchical network
design
Alternatively, traffic separation can occur in
the Layer 3 domain
GRE
MPLS
VRFs
Distributed access control lists (ACLs)
Overlay of GRE tunnels interconnecting VRFs
VRFs at every hop interconnected with VLAN
trunks
MPLS/BGP VPNs
DC_End-to-End
© 2007 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
14
Slide 15
Services Edge
Provides mechanisms required for
users from different groups to
securely access common services
Provides access to user-groupspecific services
Provides logical connectivity and
security mechanisms over shared
facilities
DC_End-to-End
© 2007 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
15
Slide 16
Shared Data Center Services
Virtualized Data Center Architecture
Compartment A
Compartment B
Compartment C
Layer 3 Switch
Network Management
Intrusion Prevention
Detector
PIX Firewall
SSL
VPN Concentrator
Wide Area Network
Compartment A (500 employees)
Compartment B
(200 employees)
Compartment B
(200 employees)
Compartment C
(30 employees)
Compartment C
(10 employees)
Site A
DC_End-to-End
Compartment A (100 employees)
© 2007 Cisco Systems, Inc. All rights reserved.
Site B
Cisco Confidential
16
Slide 17
The Application Control Engine
Multifunction application solution for the Cat 6500
Incorporates …
Existing Layer 4-7 SLB and application delivery
functionality
Industry-leading application performance, throughput,
and firewalling capabilities
a new extensible hardware and software architecture
Application
Control Engine
Delivers new …
Logical partitioning and workflow simplification
delivering 66% reduction in time-to-deployment
Management and monitoring solution including rolebased access control for each partition
and XML API control
Software upgrade to the Application Velocity System,
the leading acceleration and security solution
AVS 6.0
DC_End-to-End
© 2007 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
17
Slide 18
Integrated Network Services
Virtualization Delivers Service Density
Cisco
Catalyst
6500 Integrated Services
Business
Requirements:
1. Business Segmentation
2. Application Specific Security
3. Discrete Service Levels
4. Service Velocity
5. High Availability
6. Predictable
Performance
V V V V
Cisco Solution Benefits:
Simplified Operational management
Less Power Consumption
Less Rack Space
Reduced Ports and Cabling
Lower Maintenance Costs
Number
of Devices,
cables,
power
Non-Virtualized Offering
Firewall
SLB
Cisco Solution
1
IDS
1
V V V V
2
3
4
5
6………
Number of Applications
DC_End-to-End
© 2007 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
18
Slide 19
Integrated Network Services
Power of Architecture - Service Integration and Density
Application servers typically have
multiple appliances associated
with them. For Cisco IT this
equaled an additional
With ACE and FWSM deployed in a
Catalyst 6500 these services reside in
the network fabric, eliminating the
appliances and their associated load
2.7kW per server
Savings =
2.7kW x total servers x kW/hr
Cisco IT Estimates
$23.5M over 3 Years
• Firewall
Support
for 200
contexts
• Load Balancer
• SSL Offload
Reduces complexity, increase manageability, reduces
latency, and eliminates single points of failure
DC_End-to-End
© 2007 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
19
Slide 20
Datacenter management – Industry trend
Source: Gartner Infrastructure Maturity Model, Nov 2004
DC_End-to-End
© 2007 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
20
Slide 21
Data Center Management – Products
vFrame
Data Center
ANM
DC_End-to-End
© 2007 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
Data Center
Manager
21
Slide 22
End-to-end Data Center Provisioning
VISION Cisco Virtualized Data Center
Administrator
Define application services
and pass policy to VFrame
Catalyst
6500
AVS
VFrame translates
policies to actions
and passes to
infrastructure
VFrame™
Policy
VFrame picks server
with right criteria to
run application and
boots server
VFrame provisions
security policies to
Firewall Service Module
AONS
Application Network Services
VFrame identifies right
App / OS Image
From storage
VFrame gives new
server right VLAN and
LUN info so it can
find/be found by right
clients and storage
WAEE
DCE
Application: SAP
Virtual Server
Clusters
Image
Enterprise Grids
Performance
Blade Servers
UNIX/NT Servers
Mainframes
Security
Availability
Accounting
VFrame provisions
CSM Module to add
new server to load
balancing pool
DC_End-to-End
MDS 9500
Application Service Provisioned!
© 2007 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
Storage & Tape Arrays
22
Slide 23
Physical PODs
Creating Virtual Services from
Physical Infrastructure PODs
Virtual Service Template
Network Pool
DC_End-to-End
Virtual
Network
Services
Server Pool
Virtual
LUNs
VSANs
VLANs
VMs
© 2007 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
Storage Pool
•
•
•
•
•
•
•
VFRAME Data Center Automation
Specific resources selected from pools
VLANs, VSANs are configured
Macros are played
SAN is zoned
Servers get booted with assigned image
Application(s) are started
Traffic into logical network turned “on”
23
Slide 24
DC_End-to-End
© 2007 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
24
Service Oriented
Data Center
Mike Younkers
SSEM, National Programs Operation
DC_End-to-End
© 2007vn Cisco Systems, Inc. All rights reserved.
Cisco Confidential
1
Slide 2
What is the Data Center ?
The Data Center is what
happens between mouse
click…
and screen refresh!
DC_End-to-End
© 2007 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
2
Slide 3
The Data Center is Evolving (again)
DC Importance
Mainframe
Client Server
ServiceOriented
Web / n-Tier
Monolithic Infrastructure
Proprietary Platforms
Tightly Coupled App’s
Direct Attached Storage
Automated
Virtualized Infrastructure
Assembly from ‘Pools’
Standard Components
Service-Oriented App’s
Distributed Infrastructure
Server Proliferation
Web Facing Applications
Storage Aggregation
Server-Centric New DC Infrastructure Requirements Service-Centric
DC_End-to-End
© 2007 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
3
Slide 4
Evolution of the Data Center Infrastructure
Phased Approach
Data
Network
LAN
WAN
MAN
Server
Storage Fabric
Network Network
SAN
HPC
Cluster
GRID
Intelligent
Information
Network
Enterprise
Applications
Dynamic Provisioning and
Information Lifecyle
Management (ILM) to Enable
Business Agility
VIRTUALIZATION
Management of Resources
Independent of Underlying
Physical Infrastructure to
Increase Utilization,
Efficiency and Flexibility
DC_End-to-End
© 2007 Cisco Systems, Inc. All rights reserved.
Business Policies
On-Demand
Service Oriented
Compute
Network
CONSOLIDATION
Centralization and
Standardization to
Lower Costs, Improve
Efficiency and Uptime
AUTOMATION
Storage
Compute Network Storage
Cisco Confidential
4
Slide 5
Data Center Strategy and Evolution
Virtualization
Consolidation
Automation
Virtualization
• Scale
• Net-Centric Server
Evolution
• Performance
• Density
• Power Savings
• Availability
• Service Velocity
• Operational
Manageability
• Opex Alignment
• Inline Data
Protection
• Capital Utilization
Improvement
• Separation of Policy
and Forwarding
• Investment
Protection
• Unified Network Fabric
• Integrated Provisioning
DC_End-to-End
© 2007 Cisco Systems, Inc. All rights reserved.
Innovation
and
Integration
Cisco Confidential
• Virtual Machine
Network Coupling
• Data Center Class Platform
• Integrated Services
5
5
Slide 6
What does a SODC Deliver?:
Intelligent Management Fabric
Automatic data center infrastructure provisioning based on a set of pre-defined
policies/business rules.
On-Demand Utilities
Data center resources are drawn from a shared pool when needed, and returned
when not. Business units/application owners are only charged for the resources
they consume, eliminating redundant resource expenses.
Rapid Delivery of Services
Cisco’s SODC provisions new processing or storage resources to meet an
application's new requirements within minutes, rather than weeks or months.
Resource Optimization
Storage, servers and applications are optimized for maximized reliability,
availability and serviceability.
End-to-End Security
Robust, easily managed security solution ensures highly sensitive proprietary
data is accessed only by those with appropriate clearance
DC_End-to-End
© 2007 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
6
Slide 7
How does a SODC Support Mission
Objectives:
High Availability
Automatic resource provisioning and reduced client-impacting service outage
times.
Enhanced Continuity
Intelligent security applications based on data type and criticality ensure robust
transmission and monitoring.
Improved Agility
Capacity aligned to demand easily adapts to changing mission requirements and
enables scaling on new resources in minutes instead of days.
Lower TCO
Significantly reduce server and data center operating expenses by lowering
system administrative overhead, diminishing the number of dedicated compute
hosts and utilizing inexpensive commodity hardware.
DC_End-to-End
© 2007 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
7
Slide 8
What Does A SODC Look Like?
Compartment A
Compartment B
Compartment C
Server
Consolidation
Web
Servers
Data Center
Headquarters
DWDM
Network
VPN
Remote
Worker
IP
WAN
Web
Servers
Data Center
Branch
Compartment A
Compartment B
Compartment C
DC_End-to-End
© 2007 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
8
Slide 9
Data Center Overview
HPC
Applications
Back End
Back End
SAN
Front End
LAN
N-Tier
Applications
SAN
Integrated Application Optimization
Server Clusters
Integrated Security
FC/
FC/
iSCSI
iSCSI
SAN
SAN
Web Servers
Resilient
IP
VPN
ACNS
Firewall
MDS
GSS
SSL
RAID
RAID
Tape
Tape
CSS/ACE
App Servers
GE/10GE
DB Servers
Metro Network
DWDM/SONET/Ethernet
DC_End-to-End
© 2007 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
Anomaly
Detect/Guard IDS
WAAS
MDS
Backup Data Center
9
Slide 10
Services Embedded in the Fabric
Low Latency
RDMA
Application
Control Engine
Virtual I/O
EMBEDDED COMPUTE SERVICES
SFS
7000
SSL Off-load
Server
Load Balancing
Application
Message Services
EMBEDDED APPLICATION NETWORK SERVICES
Management and Provisioning
Framework
Catalyst
AVS
High Performance
Compute (HPC) Clusters
WAAS
Internet
MPLS VPN
IPSEC/SSL VPN
SFS
3000
SERVER
NETWORK
Blade Servers UNIX/NT Servers
Mainframes
DDOS Guard
Firewall Services
Intrusion
Prevention
Secure Virtual
Fabrics
EMBEDDED SECURITY SERVICES
Enterprise Applications
EMPLOYEE / PARTNER / CUSTOMER
ACCESS NETWORK
ONS 15000
SONET/SDH
xWDM
Metro Ethernet
FCIP
MDS 9500
STORAGE AREA
NETWORK
Storage & Tape Arrays
DC_End-to-End
© 2007 Cisco Systems, Inc. All rights reserved.
DATA CENTER
INTERCONNECT NETWORK
Fabric Hosted
Applications
Storage
Virtualization
Fabric Assisted
Applications
Data Replication
Services
EMBEDDED STORAGE SERVICES
Cisco Confidential
Fibre Channel
Infiniband
GE / 10GE
FICON
10
Slide 11
PLM
CRM
ERP
HCM
Procurement
SCM
COLLABORATION
LAYER
APPLICATION
LAYER
The Data Center is a Proof Point for SONA
Instant
Messaging
Contact
Center
Unified
Rich Media
Messaging Conferencing
Video
Telephony
Unified
Comm.
Clients
NETWORKED
INFRASTRUCTURE
LAYER
DC_End-to-End
Fabric Hosted
Applications
DDOS Guard
Protocol
Application-Oriented
Optimization
ApplicationIntrusion
Delivery
Fabric Assisted
Prevention
Applications
Security ServicesFirewall
Storage
Virtualization
Mobility ServicesServices
Secure Virtual
Data Replication
Fabrics
Services Storage Services
SSL Off-load
Infrastructure
Services
Application
Message Services
Data
Center
Branch
Identity Services
EMBEDDED COMPUTE
SERVICES
Enterprise
WAN/MAN Teleworker
Edge
Building Control network & Physical Security
SFS Family
Server
© 2007 Cisco Systems, Inc. All rights reserved.
Catalyst Family
Storage
Cisco Confidential
RDMA
Unified Communication
Services
Virtual I/O
Compute Services
EMBEDDED SECURITY
EMBEDDED APPLICATION
Network
Infrastructure
Virtualization
SERVICES
NETWORK SERVICES
EMBEDDED STORAGE
SERVICES
Campus
Server
Load Balancing
Low Latency
Networking
Adaptive Management
Services
Services Management
INTERACTIVE
SERVICES
LAYER
Middleware and Application Platforms
MDS Family
Clients
ONS Family
Routing
11
Slide 12
Architecture Framework
Three functional areas map to access control, path isolation, and services edge.
Functions
Access Control
Branch - Campus
Path Isolation
Services Edge
WAN - MAN - Campus
Data Center - Campus
1. Identify and authenticate
client
2. Isolate into a segment
3. Grant/prevent access
1. Map client VLAN to
transport technology
2. Transport client traffic
through isolated path
GRE
3. Terminate isolated path at
destination edge
MPLS
VRFs
1. Map isolated path to
destination VLAN
2. Apply policy at VLAN entry
point
3. Isolate application
environments
Compartment A
Compartment B
Compartment C
DC_End-to-End
© 2007 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
12
Slide 13
Access Control
Objective
Authenticate users or devices logging
onto the network
Process
Identify endpoints
Authorize onto the network through port
activation
Associate endpoint to specified user
group
Primary authentication scenarios
Client-based authentication for endpoints
with client software
Clientless authentication for endpoints
without client software
DC_End-to-End
© 2007 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
13
Slide 14
Path Isolation
Objective
Isolate traffic, so that users only have
access to designated data and resources
Process
Using separate Layer 2 domains to logically
isolate traffic negates scalability and
modularity benefits of hierarchical network
design
Alternatively, traffic separation can occur in
the Layer 3 domain
GRE
MPLS
VRFs
Distributed access control lists (ACLs)
Overlay of GRE tunnels interconnecting VRFs
VRFs at every hop interconnected with VLAN
trunks
MPLS/BGP VPNs
DC_End-to-End
© 2007 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
14
Slide 15
Services Edge
Provides mechanisms required for
users from different groups to
securely access common services
Provides access to user-groupspecific services
Provides logical connectivity and
security mechanisms over shared
facilities
DC_End-to-End
© 2007 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
15
Slide 16
Shared Data Center Services
Virtualized Data Center Architecture
Compartment A
Compartment B
Compartment C
Layer 3 Switch
Network Management
Intrusion Prevention
Detector
PIX Firewall
SSL
VPN Concentrator
Wide Area Network
Compartment A (500 employees)
Compartment B
(200 employees)
Compartment B
(200 employees)
Compartment C
(30 employees)
Compartment C
(10 employees)
Site A
DC_End-to-End
Compartment A (100 employees)
© 2007 Cisco Systems, Inc. All rights reserved.
Site B
Cisco Confidential
16
Slide 17
The Application Control Engine
Multifunction application solution for the Cat 6500
Incorporates …
Existing Layer 4-7 SLB and application delivery
functionality
Industry-leading application performance, throughput,
and firewalling capabilities
a new extensible hardware and software architecture
Application
Control Engine
Delivers new …
Logical partitioning and workflow simplification
delivering 66% reduction in time-to-deployment
Management and monitoring solution including rolebased access control for each partition
and XML API control
Software upgrade to the Application Velocity System,
the leading acceleration and security solution
AVS 6.0
DC_End-to-End
© 2007 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
17
Slide 18
Integrated Network Services
Virtualization Delivers Service Density
Cisco
Catalyst
6500 Integrated Services
Business
Requirements:
1. Business Segmentation
2. Application Specific Security
3. Discrete Service Levels
4. Service Velocity
5. High Availability
6. Predictable
Performance
V V V V
Cisco Solution Benefits:
Simplified Operational management
Less Power Consumption
Less Rack Space
Reduced Ports and Cabling
Lower Maintenance Costs
Number
of Devices,
cables,
power
Non-Virtualized Offering
Firewall
SLB
Cisco Solution
1
IDS
1
V V V V
2
3
4
5
6………
Number of Applications
DC_End-to-End
© 2007 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
18
Slide 19
Integrated Network Services
Power of Architecture - Service Integration and Density
Application servers typically have
multiple appliances associated
with them. For Cisco IT this
equaled an additional
With ACE and FWSM deployed in a
Catalyst 6500 these services reside in
the network fabric, eliminating the
appliances and their associated load
2.7kW per server
Savings =
2.7kW x total servers x kW/hr
Cisco IT Estimates
$23.5M over 3 Years
• Firewall
Support
for 200
contexts
• Load Balancer
• SSL Offload
Reduces complexity, increase manageability, reduces
latency, and eliminates single points of failure
DC_End-to-End
© 2007 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
19
Slide 20
Datacenter management – Industry trend
Source: Gartner Infrastructure Maturity Model, Nov 2004
DC_End-to-End
© 2007 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
20
Slide 21
Data Center Management – Products
vFrame
Data Center
ANM
DC_End-to-End
© 2007 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
Data Center
Manager
21
Slide 22
End-to-end Data Center Provisioning
VISION Cisco Virtualized Data Center
Administrator
Define application services
and pass policy to VFrame
Catalyst
6500
AVS
VFrame translates
policies to actions
and passes to
infrastructure
VFrame™
Policy
VFrame picks server
with right criteria to
run application and
boots server
VFrame provisions
security policies to
Firewall Service Module
AONS
Application Network Services
VFrame identifies right
App / OS Image
From storage
VFrame gives new
server right VLAN and
LUN info so it can
find/be found by right
clients and storage
WAEE
DCE
Application: SAP
Virtual Server
Clusters
Image
Enterprise Grids
Performance
Blade Servers
UNIX/NT Servers
Mainframes
Security
Availability
Accounting
VFrame provisions
CSM Module to add
new server to load
balancing pool
DC_End-to-End
MDS 9500
Application Service Provisioned!
© 2007 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
Storage & Tape Arrays
22
Slide 23
Physical PODs
Creating Virtual Services from
Physical Infrastructure PODs
Virtual Service Template
Network Pool
DC_End-to-End
Virtual
Network
Services
Server Pool
Virtual
LUNs
VSANs
VLANs
VMs
© 2007 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
Storage Pool
•
•
•
•
•
•
•
VFRAME Data Center Automation
Specific resources selected from pools
VLANs, VSANs are configured
Macros are played
SAN is zoned
Servers get booted with assigned image
Application(s) are started
Traffic into logical network turned “on”
23
Slide 24
DC_End-to-End
© 2007 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
24