Cisco continues to roll out innovations that will enable the next generations of multi-cloud computing. I’m a product manager working on Cisco’s Cloud Management software, and we’re all about the high-level, self-service, automatic provisioning of services that the end-user cares about. The network just moves ones and zeros, and all protocols of interest (HTTP, SSH, RDP, SQL, etc.) work fine over TCP/IP. The hypervisor takes care of putting that pesky motherboard chipset and storage bus into a black box, right? The end-user doesn’t care about that stuff, or at least doesn’t want to have to care about it.
A common perspective, except among the engineers who manage the network, is that network infrastructure is a bunch of mysterious plumbing that “just works” and how it does what it does doesn’t matter. Indeed, many vendors in the “cloud” arena would like to perpetuate this perspective on the network. They would like you to believe a bunch of dumb pipes can carry traffic and that determination of the traffic (content, flow, etc.) is determined at higher levels in the stack.
In some cases, this is true, but operating this way doesn’t unlock anything new. The model they describe would be brilliant if all of your network requirements were defined in 1998. Few companies can afford to operate technology today like they did in 1998 and remain competitive.
Cisco is announcing a newNexus 1000V(N1KV), and this one changes the game.In brief, the Nexus 1000V is the foundation of the networking services that Cisco brings to virtual computing. The N1KV can be managed using the same NX-OS commands and practices used to manage the Nexus 5K and 7K switches, and extends network control down to the VM and virtual port into which a VM is “plugged in”, even across different vendors’ hypervisors.
The N1KV is also the platform for additional L2 and L3 network services such as those provided by the vASA Firewall, vNAM, and VSG. The new Nexus 1000V InterCloud extends this ability to cloud service providers, such as Amazon, but is “cross-provider” (in fact, it doesn’t even depend on the Cloud Service Provider). For me, in my role as a Cloud Product Manager, this is an important new addition to basic networking capabilities, and is exactly the kind of thing that Cisco can and should do in its role as “Networking Giant” to open up the promise of hybrid or multi-cloud.
I have a mental image of what this can do, and I tried to put this into images to the right. Animation would have been better, I just don’t have the Flash skills to put it together for a quick blog post. I envision a virtual machine as a ghostly “physical” server tower with network cables plugged into it. These network connections can come from end-users in a client-server model, or any of our web-and-mobile constructs. After all, we still are end-users connecting to machines. Of course, the “client” for a compute function could be another compute function, so there is a network cable coming from another nearby ghost server. These ghost servers can today float from blade to blade thanks to most mainstream virtual machine managers (VMM) and a virtual switch like the N1KV, and the cords stay connected throughout. With the new N1KV, that VM can float right out of that VMM and into another VMM (such as across VMware datacenters, or even from VMware to Hyper-V), or out to a public or hosted provider. The cord just magically uncoils to remain connected wherever that machine goes! I love magic.
The N1KV provides that cable that can float after its ethereal virtual machine. It also provides the platform to maintain monitoring by the vNAM, even as the machine moves. You simply can’t economically achieve this using basic dumb pipes. Add to this the new Virtual Network Management Console (VNMC) InterCloud management capabilities. In order for that cord to stay connected, there do have to be network switches or routers along the way that understand how to make that network cable follow the machine. VNMC InterCloud manages these devices, but adds another particularly important capability: actually moving the workload.
VNMC InterCloud adds the ability to discover virtual machines, and convert them to a cloud-provider’s instance format, move what could possibly be a fairly large set of files, and get that machine started back up in a far-away environment, with seamless network consistency. VNMC InterCloud is like a puff of wind that pushes the ghostly VM from my corporate VMWare-based cloud to float over to my hosted private cloud. Remember, ghosts can float through walls.
This is groundbreaking. Workload mobility is one of those hard-to-do core capabilities required for all of us to realize the promise of multi-cloud, and it requires a network that is both dynamic and very high performing. I’ve been looking forward to this from Cisco for some time now.
Customers have often said to me, “Joann, we have virtualization all over the place. That’s cloud isn’t it?” My response is, “Well not really, that is not a cloud, but you can get to cloud!” Then there is a brief uncomfortable silence, which I resolve with an action provoking explanation that I will now share with you.
Here’s why that isn’t truly a cloud. What these customers often have is server provisioning that automates the process of standing up new virtual servers while the storage, network, and application layers continue to be provisioned manually. The result is higher management costs that strain IT budgets, which are decreasing or flat to begin with. With this approach, businesses aren’t seeing the agility and flexibility they expected from cloud. So, they become frustrated when they see their costs rising and continue struggling to align with new business innovation.
If your IT department adopted widespread virtualization and thought it was cloud, my guess is you are probably nodding your head in agreement. Don’t worry, you’re not alone.
So then, what are the key elements an organization needs to achieve the speed, flexibility and agility promised by cloud?
1) Self-service portal and service catalog The self-service portal is the starting point that customers use to order cloud services. Think of a self-service portal as a menu at a restaurant. The end user is presented with a standardized menu of services that have been defined to IT’s policies and standards and customers simply order what they need. Self-service portals greatly streamline resource deployment which reduces the manual effort by IT to provision resources.
2) Service delivery automation
After the user selects services from the portal service menu, then what? Well, under the hood should be automated service delivery—which is a defining characteristic of a real cloud environment. Behind each of the standardized menu items in the self-service portal is a blueprint or instructions that prescribe how the service order is delivered across the data center resources. This has been proven to appreciably simplify IT operations, reduce costs and drive business flexibility.
The Cisco Process Orchestrator has very rich integration capabilities, yet we often hear the question, “Does it integrate with…” or “Does it work with” [insert product]. The Cisco Process Orchestrator is a primary component in the Cisco Intelligent Automation for Cloud management solution.
The fact is that in modern environments with modern orchestrators the answer is always yes. The reality is that cloud automation requires a Process Orchestrator tie into a variety of different systems in order to start offering cloud services. Remember, Cloud is an operating model, not a product. This means that to deliver self-service, on-demand services requires all the elements of the service be orchestrated.
The graphic below shows the components in the deployments. You see integration with Cisco UCS, VMware and storage, as you would expect. It also orchestrates IP address management (that IP won’t provision itself), Remedy incident, CMDB, ActiveDirectory (so tenants can log in), image management and a few other things such as Service Assurance.
By the way, the architecture below is Cisco Process Orchestrator provision across multiple Cisco data centers.
Just the other morning, my 3.5 year old daughter said “Daddy, can you make me a waffle?” And like any self-respecting parent, I of course responded with “Poof. You’re a waffle.”
It reminded me of something we frequently hear from customers: they effectively ask us to “make my data center a cloud.” Now we could wave our arms and say “Poof. It’s a cloud.” But it’s not that easy. Despite what some cloudwashers may say, virtualizing your data center does not mean you have a cloud – and self-service provisioning of VMs is not cloud computing. Real clouds require much more.
Fortunately, we have solutions to help our customers deploy real clouds – with market-leading compute, network, and management products in our Unified Data Center portfolio as well as our cloud enablement services. In fact, today we introduced yet another innovation in our Unified Computing System (UCS) portfolio with Cisco UCS Central.
I’m pleased to also announce the latest release of our cloud management software solution today: Cisco Intelligent Automation for Cloud version 3.1. This release introduces several exciting new features, and I’ve highlighted a few of these new product capabilities below.
Virtual Data Centers – In simple infrastructure-as-a-service use cases, virtual machines and other resources may be provisioned from a shared pool of resources on-demand. In more advanced infrastructure-as-a-service use cases, virtual data centers (VDCs) can be established to provide project teams or departments with a dedicated resource pool of compute, storage, and network capacity for their own organization. I’ve written in the past about this concept of a virtual data center and this is what Cisco IT deployed for our own internal private cloud.
Wow, there’s been a lot of news in the SDN and virtual networking space in the last week or so! VMware acquiring Nicira, and Oracle acquiring Xsigo are testimony to how important virtual overlay networks and virtual switching infrastructure has become for data center vendors, and how integral they are to each company’s strategy. Speaking of our own Nexus 1000V-based virtual networks, last week I provided an overview and some new resources on Virtual Extensible LANs (VXLAN) for Nexus 1000V virtual switches. That turned out to be quite a popular post, so I’m following up this week on another fundamental component of Nexus 1000V-based virtual networks, vPath, the secret sauce that allows us to deploy virtual network services in the data center.
What is vPath? Well, if VXLANs can set up secure tunnels over a shared, multi-tenant virtual network, vPath is a feature of the Nexus 1000V virtual switch that can redirect traffic to virtual application services before the switch sends the packets down into the virtual machine. Very important stuff, but how does it do that? I find that my blog posts are more popular the less I type, and the more I embed cool TechWiseTV videos that illustrate the concept, so I’m dusting off this classic from the TWTV team on just how vPath does that with our Virtual Security Gateway (VSG). Take it away Robb…
