© 2007vn Cisco Systems, Inc. All rights reserved.Cisco Confidential 1 DC_End-to-End Service Oriented Data Center Mike Younkers SSEM, National Programs Operation
© 2007 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialDC_End-to-End 2 What is the Data Center ? The Data Center is what happens between mouse click… and screen refresh!
© 2007 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialDC_End-to-End 3 The Data Center is Evolving (again) Mainframe Web / n-Tier Service- Oriented Service- Oriented Automated Client Server DC Importance New DC Infrastructure Requirements Service -Centric Server -Centric Monolithic Infrastructure Proprietary Platforms Tightly Coupled App’s Direct Attached Storage Monolithic Infrastructure Proprietary Platforms Tightly Coupled App’s Direct Attached Storage Distributed Infrastructure Server Proliferation Web Facing Applications Storage Aggregation Distributed Infrastructure Server Proliferation Web Facing Applications Storage Aggregation Virtualized Infrastructure Assembly from ‘Pools’ Standard Components Service-Oriented App’s Virtualized Infrastructure Assembly from ‘Pools’ Standard Components Service-Oriented App’s
© 2007 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialDC_End-to-End 4 Evolution of the Data Center Infrastructure Phased Approach AUTOMATION Storage Network Compute Dynamic Provisioning and Information Lifecyle Management (ILM) to Enable Business Agility Business Policies On-Demand Service Oriented VIRTUALIZATION StorageNetworkCompute Enterprise Applications Management of Resources Independent of Underlying Physical Infrastructure to Increase Utilization, Efficiency and Flexibility Data Network Server Fabric Network Centralization and Standardization to Lower Costs, Improve Efficiency and Uptime CONSOLIDATION LAN WAN MAN SAN Storage Network Intelligent Information Network HPC Cluster GRID
© 2007 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialDC_End-to-End 5 5 Net-Centric Server Evolution Virtual Machine Network Coupling Inline Data Protection Separation of Policy and Forwarding Automation Data Center Strategy and Evolution Virtualization Power Savings Service Velocity Opex Alignment Capital Utilization Improvement Virtualization Scale Performance Density Availability Operational Manageability Investment Protection Consolidation Unified Network Fabric Integrated Provisioning Data Center Class Platform Integrated Services Innovation and Integration
© 2007 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialDC_End-to-End 6 What does a SODC Deliver?: Intelligent Management Fabric Automatic data center infrastructure provisioning based on a set of pre-defined policies/business rules. On-Demand Utilities Data center resources are drawn from a shared pool when needed, and returned when not. Business units/application owners are only charged for the resources they consume, eliminating redundant resource expenses. Rapid Delivery of Services Cisco’s SODC provisions new processing or storage resources to meet an application's new requirements within minutes, rather than weeks or months. Resource Optimization Storage, servers and applications are optimized for maximized reliability, availability and serviceability. End-to-End Security Robust, easily managed security solution ensures highly sensitive proprietary data is accessed only by those with appropriate clearance
© 2007 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialDC_End-to-End 7 How does a SODC Support Mission Objectives: High Availability Automatic resource provisioning and reduced client-impacting service outage times. Enhanced Continuity Intelligent security applications based on data type and criticality ensure robust transmission and monitoring. Improved Agility Capacity aligned to demand easily adapts to changing mission requirements and enables scaling on new resources in minutes instead of days. Lower TCO Significantly reduce server and data center operating expenses by lowering system administrative overhead, diminishing the number of dedicated compute hosts and utilizing inexpensive commodity hardware.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialDC_End-to-End 8 What Does A SODC Look Like? Compartment A Compartment B Compartment C Branch Remote Worker Headquarters Data Center Server Consolidation Web Servers DWDM Network IP WAN Web Servers VPN Compartment A Compartment B Compartment C
© 2007 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialDC_End-to-End 9 MDS Backup Data Center Data Center Overview Front End LAN Integrated Application Optimization CSS/ACE ACNS WAAS SSL Back End SAN Tape FC/ iSCSI SAN RAID N-Tier Applications Web Servers DB Servers Back End SAN Tape FC/ iSCSI SAN RAID MDS Integrated Security IDS VPN Anomaly Detect/Guard Firewall Resilient IP GE/10GE HPC Applications Server Clusters GSS Metro Network DWDM/SONET/Ethernet App Servers
© 2007 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialDC_End-to-End 10 Services Embedded in the Fabric DATA CENTER INTERCONNECT NETWORK SONET/SDH xWDM Metro Ethernet FCIP SFS 7000 MDS 9500 AVS WAAS Firewall ServicesDDOS Guard Intrusion Prevention EMBEDDED SECURITY SERVICES Secure Virtual Fabrics STORAGE AREA NETWORK High Performance Compute (HPC) Clusters SFS 3000 Catalyst ONS Internet MPLS VPN IPSEC/SSL VPN Storage & Tape Arrays Blade Servers UNIX/NT Servers Mainframes EMBEDDED APPLICATION NETWORK SERVICES Server Load Balancing SSL Off-load Application Message Services Application Control Engine EMBEDDED COMPUTE SERVICES Low Latency RDMA Virtual I/O EMPLOYEE / PARTNER / CUSTOMER ACCESS NETWORK SERVER NETWORK Enterprise Applications Fibre Channel FICON Infiniband GE / 10GE Management and Provisioning Framework Fabric Assisted Applications Data Replication Services Storage Virtualization EMBEDDED STORAGE SERVICES Fabric Hosted Applications
© 2007 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialDC_End-to-End 11 The Data Center is a Proof Point for SONAInstantMessagingUnifiedMessaging Rich Media ConferencingContactCenterVideoTelephonyUnifiedComm.Clients PLMCRMERPHCMProcurementSCM Adaptive Management Services Middleware and Application Platforms ServerStorageClients NETWORKEDINFRASTRUCTURE LAYER LAYER INTERACTIVESERVICES APPLICATION COLLABORATION Security Services Mobility Services Storage Services Unified Communication Unified Communication Services Services Compute Services Identity Services Infrastructure Services Infrastructure Services Application Delivery Application-Oriented Networking Data Center BranchCampusTeleworkerWAN/MAN Enterprise Edge Services Management Network Infrastructure Virtualization Routing Building Control network & Physical Security MDS FamilySFS FamilyCatalyst FamilyONS Family EMBEDDED STORAGE SERVICES Fabric Assisted Applications Data Replication Services Storage Virtualization Fabric Hosted Applications EMBEDDED SECURITY SERVICES Firewall Services DDOS Guard Intrusion Prevention Secure Virtual Fabrics EMBEDDED APPLICATION NETWORK SERVICES Server Load Balancing SSL Off-load Application Message Services Protocol Optimization EMBEDDED COMPUTE SERVICES Low Latency RDMA Virtual I/O
© 2007 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialDC_End-to-End 12 Three functional areas map to access control, path isolation, and services edge. Architecture Framework Compartment A Compartment B Compartment C FunctionsAccess ControlPath IsolationServices Edge Branch - CampusWAN - MAN - CampusData Center - Campus GRE MPLS VRFs 1.Identify and authenticate client 2.Isolate into a segment 3.Grant/prevent access 1.Map client VLAN to transport technology 2.Transport client traffic through isolated path 3.Terminate isolated path at destination edge 1.Map isolated path to destination VLAN 2.Apply policy at VLAN entry point 3.Isolate application environments
© 2007 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialDC_End-to-End 13 Access Control Objective Authenticate users or devices logging onto the network Process Identify endpoints Authorize onto the network through port activation Associate endpoint to specified user group Primary authentication scenarios Client-based authentication for endpoints with client software Clientless authentication for endpoints without client software
© 2007 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialDC_End-to-End 14 Path Isolation Objective Isolate traffic, so that users only have access to designated data and resources Process Using separate Layer 2 domains to logically isolate traffic negates scalability and modularity benefits of hierarchical network design Alternatively, traffic separation can occur in the Layer 3 domain Distributed access control lists (ACLs) Overlay of GRE tunnels interconnecting VRFs VRFs at every hop interconnected with VLAN trunks MPLS/BGP VPNs GRE MPLS VRFs
© 2007 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialDC_End-to-End 15 Services Edge Provides mechanisms required for users from different groups to securely access common services Provides access to user-group- specific services Provides logical connectivity and security mechanisms over shared facilities
© 2007 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialDC_End-to-End 16 Virtualized Data Center Architecture Shared Data Center Services Compartment ACompartment BCompartment C Layer 3 Switch Network Management Intrusion Prevention Detector PIX Firewall SSL VPN Concentrator Site ASite B Compartment A (500 employees) Compartment B (200 employees) Compartment C (30 employees) Compartment A (100 employees) Compartment B (200 employees) Compartment C (10 employees) Wide Area Network
© 2007 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialDC_End-to-End 17 Application Control Engine AVS 6.0 The Application Control Engine Multifunction application solution for the Cat 6500 Incorporates … Existing Layer 4-7 SLB and application delivery functionality Industry-leading application performance, throughput, and firewalling capabilities a new extensible hardware and software architecture Delivers new … Logical partitioning and workflow simplification delivering 66% reduction in time-to-deployment Management and monitoring solution including role- based access control for each partition and XML API control Software upgrade to the Application Velocity System, the leading acceleration and security solution
© 2007 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialDC_End-to-End 18 Cisco Solution Non-virtualized Solution(s) Business Requirements: 1.Business Segmentation 2.Application Specific Security 3.Discrete Service Levels 4.Service Velocity 5.High Availability 6.Predictable Performance Integrated Network Services Virtualization Delivers Service Density Number of Applications Number of Devices, cables, power 1 Cisco Solution Benefits: Simplified Operational management Less Power Consumption Less Rack Space Reduced Ports and Cabling Lower Maintenance Costs Cisco Solution Benefits: Simplified Operational management Less Power Consumption Less Rack Space Reduced Ports and Cabling Lower Maintenance Costs Cisco Catalyst 6500 Integrated Services VVVV Non-Virtualized Offering VVVV Firewall SLB IDS ………
© 2007 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialDC_End-to-End 19 Integrated Network Services Power of Architecture - Service Integration and Density 2.7kW per server Reduces complexity, increase manageability, reduces latency, and eliminates single points of failure Support for 200 contexts Application servers typically have multiple appliances associated with them. For Cisco IT this equaled an additional With ACE and FWSM deployed in a Catalyst 6500 these services reside in the network fabric, eliminating the appliances and their associated load Savings = 2.7kW x total servers x kW/hr Cisco IT Estimates $23.5M over 3 Years Firewall Load Balancer SSL Offload
© 2007 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialDC_End-to-End 20 Datacenter management – Industry trend Source: Gartner Infrastructure Maturity Model, Nov 2004
© 2007 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialDC_End-to-End 21 ANM Data Center Manager Data Center Management – Products vFrame Data Center
© 2007 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialDC_End-to-End 22 End-to-end Data Center Provisioning VISION Cisco Virtualized Data Center Virtual Server Clusters Storage & Tape Arrays Enterprise Grids Blade Servers UNIX/NT Servers Mainframes MDS 9500 Catalyst 6500 AVS WAEE Application Network Services Administrator VFrame™ Policy Application: SAP Performance Security Availability Image VFrame identifies right App / OS Image From storage VFrame translates policies to actions and passes to infrastructure Define application services and pass policy to VFrame VFrame picks server with right criteria to run application and boots server VFrame gives new server right VLAN and LUN info so it can find/be found by right clients and storage VFrame provisions security policies to Firewall Service Module VFrame provisions CSM Module to add new server to load balancing pool Application Service Provisioned! Accounting DCE AONS
© 2007 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialDC_End-to-End 23 Creating Virtual Services from Physical Infrastructure PODs VFRAME Data Center Automation Specific resources selected from pools VLANs, VSANs are configured Macros are played SAN is zoned Servers get booted with assigned image Application(s) are started Traffic into logical network turned “on” Physical PODs Virtual Service Template Network PoolServer Pool Storage Pool VLANs Virtual Network Services VMs VSANs Virtual LUNs
© 2007 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialDC_End-to-End 24