Data Center Business Advantage UNS Cisco Data Center

Data Center Business Advantage 统一网络服务（UNS） Cisco Data Center

Agenda § UNS summary § Cisco ACE and v. ACE § Cisco WAAS and

数据中心和云计算的演进 Consolidation Presentation_ID Virtualization Automation = Utility/Cloud model © 2010 Cisco and/or its affiliates.

基于软件的虚拟机交换机 Collection of v. Switches or v. Network Distributed Switch VNIC VM VM VETH Hypervisor UCS Server Virtual Switching § Need to switch between VMs on same host § v. Network Distributed Switch: Nexus 1000 v Switch Presentation_ID © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 4

VM-FEX: Cisco UCS 独一无二的整合能力增强VM的I/O能力 VM VNIC VM VM VETH Hypervisor UCS VIC Hypervisor UCS Server VN-Link in HW: One Network § Unify virtual and physical switching layers § Fabric extender for VMs: Reduce network management points § Reduce broadcast domain Host CPU Cycles Relief UCS 6100 § Host CPU cycles relieved from VM switching § I/O Throughput improvements Presentation_ID © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 5

Cisco 统一网络服务的整体视图 Policy framework Application Delivery Others ANY SERVICE …. . Dedicated (Hardware coupled) Dynamic “On-demand” Feature Consistency Appliance Workload mobility Network Module Integrated Compute Virtual Cloud ANY DELIVERY MECHANISM ANY FORM FACTOR ANY ENVIRONMENT 在任意部署模型下都提供了足够的灵活性和丰富的选择 Presentation_ID © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 6

统一网络服务同时为物理和虚拟环境提供统一的服务框架 Physical Network Services Private Cloud Public Cloud Virtual Firewall WAN Opt VDC-1 App App OS OS OS WAN Opt Firewall SLB/ADC • Application-specific service nodes • Form factors: • Appliance • Switch module • Router-integrated Presentation_ID Hypervisor VDC-2 • Virtual appliance form factor • Elastic Instantiation/Provisioning • Service transparent to VM mobility • Support scale-out • Large scale multi-tenant operation © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 7

统一网络服务架构的创新和优势 FY 11 FLEXIBILITY RESPONSIVENESS CONSISTENCY Presentation_ID © 2010 Cisco and/or its affiliates. All rights reserved. Virtual services Agility and on-demand delivery Policy-aware VMs Workload Portability and Mobility Cloud optimization Secure multi-tenant cloud experience Fabric Integration Rapid Service Enablement Policy-based provisioning Operational simplicity Open APIs Seamless Integration and automation Cisco Confidential 8

Cisco UNS 架构下的虚拟池调配 Load Balance ANM-ACE VM VM Server Team VM VM VM LB Context Security Team v. Center VSG 快速调整 Port Profile Nexus 1000 V Security Profile 和物理防火墙保持一致 Network Team Presentation_ID © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 9

应用服务器的自动化部署与调解 3 rd party Workflow Automation Software API ANM (GS) API v. Center VM ACE VM VM © 2010 Cisco and/or its affiliates. All rights reserved. VM ESX Host Presentation_ID Nexus 1000 v VSM Cisco Confidential 10

业务系统的应用级可视化展现 Presentation_ID © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 11

统一网络服务产品层面的更新 Virtual ANS Virtual Security Gateway (VSG) On Nexus 1000 V ESXi Hypervisor w/ Nexus 1000 V Virtual Network Management Center (VNMC) UCS /x 86 Servers v. Path Nexus 1000 V v. Path: Fabric Intelligence for Virtual services • Traffic interception/redirection, Fast-path off-load Presentation_ID © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 12

Cisco v. ACE (虚拟应用控制引擎) Presentation_ID © 2010 Cisco and/or its affiliates. All rights reserved.

服务虚拟化部署的多种选择 1 Redirect VM traffic via VLANs to external (physical) firewall Web Server App Server Database Server Apply hypervisor-based Virtual Firewall 2 Web Server Hypervisor App Server Database Server Hypervisor VLANs Virtual Contexts VSN Virtual Service Nodes Traditional Service Nodes Presentation_ID © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 17

应用控制随需而动 For Public, Private, and Hybrid Clouds § What? • Demand based scaling of ACE application delivery system • Demand based scaling of applications serviced by ACE • Scale across ACE form factors • Hitless VIP mobility from ACE to ACE and Cloud to Cloud • ADC metering and chargeback. Demand based billing ACE ACE Nexus 7 K ACE Demand Unified Compute § Why? ACE ACE Demand ACE Appliance Application Demand ACE Virtual Appliance Presentation_ID • Eliminate ADC as bottleneck to elastic applications • Enable application scaling beyond the borders of a single cloud ACE Switch Module ACE UCS Blade © 2010 Cisco and/or its affiliates. All rights reserved. VIP Mobility & Scale Cisco Confidential 18

Virtual ACE (v. ACE)随云而动 Enabler For Cloud On Demand § What • Virtual ACE & GSS for UCS and Generic compute v. ACE • Target Segment: Cloud SP; Enterprise • Bundled with UCS for Commercial Segment UCS C-series § Performance v. ACE UCS B-series • v. ACE Small – 1 to 4 Gbps • v. ACE Large – 1 - 8 Gbps § Competitive Functionality • On-demand App Scaling via v. Path (N 1 Kv / Sereno) • Ease of network insertion (with N 1 Kv) Presentation_ID • Integration with v. Block © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 19

Cisco v. WAAS (虚拟广域网络应用加速服务 ) Presentation_ID © 2010 Cisco and/or its affiliates. All rights

WAAS 经典部署模式和私有云 Private Cloud Virtual Desktops Secondary DC Enterprise Apps Virtualized Infra WAN Cisco WAAS: Challenges § Poor response times § Slow file transfers § Limited user sessions Presentation_ID WAAS Branch Office © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Mobile Users § LAN-like App Performance § Up to 4 X increase in VDI users § Efficient data transfer & Bulk v. Motion 21

云模型下的广域网优化： Cisco Virtual WAAS Available Q 4 CY 10 FEATURES Virtual WAAS “Appliances” ESXi Hypervisor w/Nexus 1000 v. Path § Allows Agile, Elastic, & Multi Tenant Deployment § Supports DRE Cache in SAN § Policy-based Provisioning w/ Nexus 1000 V § Extends WAAS Solution Portfolio BUSINESS BENEFITS UCS /x 86 Servers Virtual WAAS on Nexus 1000 V with v. Path Presentation_ID © 2010 Cisco and/or its affiliates. All rights reserved. § Business Agility with on-demand orchestration § Lower operational cost, reduced migration risk § Fault-tolerance with VM mobility awareness Cisco Confidential 22

Cisco v. WAAS: 云模型下的广域网优化 WAAS解决方案整体视图 Cisco v. WAAS WAN WAAS Mobile Server Internet Private Cloud Public Cloud Mobile Users WAAS Mobile Client Key Requirements WAAS Benefits Ø 弹性部署随需而动 Ø 广域网络优化的随需调度 Ø 最简单的网络配置 Ø 基于虚拟机Vmotion技术的容错部署 Ø 支持虚拟机的动态部署 Ø 支持多租户模型 Presentation_ID Ø 降低云迁移的运营成本 © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Branch Differentiator Ø 和 Cisco Nexus 1000 V 紧密集成 Ø 快速部署广域网加速服务 Ø 通过WCCP实现透明部署 25

Cisco VSG (虚拟安全网关) Presentation_ID © 2010 Cisco and/or its affiliates. All rights reserved. Cisco

虚拟安全网关的介绍 Virtual Security Gateway (VSG) Virtual Network Management Center (VNMC) Presentation_ID Context aware Security VM context aware rules Zone based Controls Establish zones of trust Dynamic, Agile Policies follow v. Motion Best-in-class Architecture Efficient, Fast, Scale-out SW Non-Disruptive Operations Security team manages security Policy Based Administration Central mgmt, scalable deployment, multi-tenancy Designed for Automation XML API, security profiles © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 27

实现多层次安全 Tenant A VDC Tenant B v. App v. Path Nexus 1000 V v. Sphere Specify zoning policy with the appropriate granularity § Tenant § VDC § v. App Presentation_ID © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 28

VSG 同物理设备的部署逻辑保持一致 VNMC VM VM VM VM VM Nexus 1000 V v. Path Distributed Virtual Switch VSG Secure Segmentation (VLAN agnostic) Efficient Deployment (secure multiple hosts) Dynamic policy-based provisioning Transparent Insertion (topology agnostic) High Availability Mobility aware (policies follow v. Motion) Presentation_ID © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Log/Audit 29

VSG 虚拟机到虚拟机的通信流程 1 st packet VSG 2 Servers App Web servers VM #1 3 VM #2 VM #3 VM #4 1 6 Service Data Path VM #5 VM #8 VM #7 VM #6 4 5 Nexus 1000 DVS § For the 1 st packet within a network session, although the traffic redirection scheme is different, but the packet flow is similar. § Traffic redirection bases on Port-profile-to-VSG binding and flow entry lookup in the Service Data Path (SDP) § Processing of internet VMs and Inter-VMs traffic are normalized. Different firewall policies will be applied to these traffic strictly based on source/destination attributes defined in the policy Presentation_ID © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 30

VSG 虚拟机到虚拟机的通信流程 2 nd and subsequent packets App Servers Web Servers VSG VM #1 VM #2 VM #3 VM #4 1 4 Service Data Path VM #5 VM #8 VM #7 VM #6 2 3 Nexus 1000 DVS § After VSG has done the policy evaluation against the first packet of a network section, a flow-entry cache is established in SDP, which off-loads the processing of the rest of packets to SDP § The flow-lookup done in SDP would be able to identify the current state of the flow, thus SDP can process the subsequent packets based on the actions stored at the flow entry Presentation_ID © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 31

Presentation_ID © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 34

Cisco Nexus 1000 V Distributed Virtual Switch for VMware v. Sphere § Industry’s most advanced software switch for VMware v. Sphere § Standards based – interoperates with all 802. 1 Q switching platforms § Built on Cisco NX-OS § § VM Feature and operational consistency across physical and virtual networks No change for server administration § Network team manages virtual network VM VM Nexus 1000 V VEM Maintain v. Center provisioning model § VM v. Sphere Nexus 1000 V VSM Policy-Based VM Connectivity Presentation_ID Mobility of Network & Security Properties © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Non-Disruptive Operational Model 35

Nexus 1000 V – Benefits § NX-OS feature consistency –Across physical and virtual networks (Nexus 7 K/5 K/2 K/1 KV) –Cisco CLI experience § Advanced switching features –Security, Qo. S, Monitoring, Management § Administrative consistency –Network team manages virtual network, creates port profiles –Server team assigns port profiles to VMs Presentation_ID © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 36

Cisco Nexus 1000 V Faster VM Deployment Cisco VN-Link: Virtual Network Link Policy-Based VM Connectivity Mobility of Network & Security Properties VM VM Non-Disruptive Operational Model VM VM Port Profiles Nexus 1000 V VEM WEB Apps HR Nexus 1000 V VEM DB v. Sphere DMZ VM Connection Policy • Defined in the network • Applied in Virtual Center • Linked to VM UUID Nexus 1000 V VSM v. Center Presentation_ID © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 37

Features of the Nexus 1000 V Switching § L 2 Switching, 802. 1 Q Tagging, VLAN Segmentation, Rate Limiting (TX) § IGMP Snooping, Qo. S Marking (COS & DSCP), Class-based WFQ* § Policy Mobility, Private VLANs w/ local PVLAN Enforcement Security § Access Control Lists (L 2– 4 w/ Redirect), Port Security § Dynamic ARP inspection, IP Source Guard, DHCP Snooping Provisioning § Automated v. Switch Config, Port Profiles, Virtual Center Integration § Optimized NIC Teaming with Virtual Port Channel – Host Mode § VMotion Tracking, Net. Flow v. 9 w/ NDE, CDP v. 2 Visibility § VM-Level Interface Statistics § Policy-based SPAN & ERSPAN § Virtual Center VM Provisioning, Cisco Network Provisioning, Cisco. Works Management Presentation_ID § Cisco CLI, Radius, TACACs, Syslog, SNMP (v. 1, 2, 3) § Hitless upgrade © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential *In 1. 4 Release, 4 Q CY 2010 38

Cisco Nexus 1010 Presentation_ID © 2010 Cisco and/or its affiliates. All rights reserved. Cisco

Nexus 1010: VSM on an Appliance VSM on Virtual Machine VM 1000 V VSM x 1 VM VSM on Nexus 1010 VM VM 1000 V VEM VM VM VM 1000 V VEM v. Sphere Server 1000 V VSM x 4 Cisco Nexus 1010 Presentation_ID © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 40

Feature Comparison Network Team manages the switch hardware Installation like a standard Cisco switch NX-OS high availability of VSM VEM running on v. Sphere 4 Enterprise Plus Nexus 1000 V features and scalability VSM on Virtual Machine Presentation_ID © 2010 Cisco and/or its affiliates. All rights reserved. VSM on Nexus 1010 Cisco Confidential 41