Cisco Blogs

Cisco Blog > Data Center

A Better Way to Private Cloud

Organizations are realizing that without a formal comprehensive cloud strategy, line of business and application architects will continue to sidestep their internal IT organizations and procure solutions on their own – an industry phenomenon known as “rogue IT” which happens out of necessity.  While it helps solve the immediate problem, it brings with it a host of complications – compliance, governance, financial, security and more.

A formal cloud strategy helps ease cloud service adoption, drives standardization of services and increases the value of IT to the business.  For all these reasons, cloud is now considered a core element in many enterprise IT portfolios.

Yet for all the strategizing and trial steps taken by organizations, only a small number of companies have implemented true private clouds.   This is because automation is challenging but not as challenging as maintaining the manual and siloed methods used to manage the data center today.

People need deeper knowledge about automation. They have to understand the types of automation available. They want clear insight into the short-term and future impact of automation decisions made today so that they can create the right strategy for their business and select the appropriate automation methods and technologies to support their strategy.  Without the right tools and approaches to automation adoption, most organizations experience pain and chaos.

Increase your automation knowledge by attending for this upcoming live webcast featuring Dave Bartoletti of Forrester together with automation and cloud experts from Cisco.

Webcast Title:   A Better Way to Private Cloud

Date:     Tuesday, March 10, 2015

Time: 11 am Eastern/8 am Pacific


What you will learn:

  • How a pragmatic, stepwise adoption of automation accelerates adoption of cloud services within your organization
  • How solutions engineered for hybrid-ready private cloud enable your organization to capture new revenue opportunities with on-demand delivery of applications and their supporting infrastructure
  • How Cisco ONE Enterprise Cloud Suite offers you cloud strategy, automation, and management options

Developers, end users and customers expect continuous delivery and automation is the crucial element to making this happen.  Join us for this live webcast and hear how Cisco can let your business soar and take advantage of new business opportunities.

The number of attendees is limited so register today.


Tags: , , , , , , , , ,

Application Configuration Management: What’s your Approach?

Last we spoke, it was about network device configuration management. Let’s move our focus up the stack to applications and management of their configuration. Whether enterprise or cloud-architected, running on physical servers, in virtual machines or in containers, how are you managing your applications?

Puppet, Chef, Ansible and Salt are popular answers to this question and leading contenders for initial provisioning and management of configuration drift of data center applications – whether they be common off the shelf (COTS) or custom built applications. Two of these configuration management technologies, Puppet and Chef, are supported by Cisco Intelligent Automation for Cloud 4.1. The collection of features enveloping these two Ruby-based technologies within Cisco IAC is referred to as Application Configuration Management (ACM).

Approach to Agent Bootstrapping

Puppet and Chef are similar in nature – in more ways that we’ll discuss in this post. An example of similarity being that both of these ACM technologies require an agent (Puppet) or client (Chef) installed on the server under management (node).


Agent Bootstrapping Methods

Both types of ACM technologies support client-only and client/server deployment models, referred to as agent/master for Puppet and client/server for Chef installations. Whether only using an agent-only (client-solo – Chef) or using an agent/master deployment model, unless your virtual or physical server image has the agent preinstalled, you’ll need to go perform the prerequisite work of agent installation.

IAC performs this dirty work by bootstrapping the appropriate agent (or client) whether on initial server provisioning or on-demand on any existing server when a user assigns an application to a server. Mechanics used to perform agent installation varies. The mechanics used within IAC are listed in the “Agent Bootstrapping Methods” chart. Initially, IAC used WinRM as its mechanism to bootstrap agents on Windows severs until customer feedback drove use of an alternative mechanism – psexec. We found that customer security teams were either uncomfortable with or had policy in place against the use of WinRM as a method to execute scripts remotely and made the switch to psexec, which “is a light-weight telnet-replacement that lets you execute processes on other systems, complete with full interactivity for console applications, without having to manually install client software”.

Part of the agent installation involves establishing a connection between the ACM server (Puppet Master or Chef Server) and the node (server with agent/client installed). IAC orchestrates the registration of the node with it’s respectively, assigned ACM server. This process is different depending on whether Puppet or Chef is used.  In the case of Chef, IAC has the chef-client register with the Chef server using the private key assigned to the chef-validator, which IAC loads into the node during client installation. In the case of Puppet, IAC performs an initial puppet agent run, which lodges a certificate authorization request on the Master, which IAC subsequently orchestrates the signing of on the Master. With agent bootstrap complete and authorized, secure communication between the ACM server and client, attention is turned to the management of connections IAC may have established with number of Puppet or Chef servers.

Cisco IAC System Health - ACM

System Health – ACM

Connection and System Health

In the case of client/server deployments, IAC will establish connection to one or more Puppet Masters and one or more Chef Servers. Each connection is treated with care as the health of each connection facilitates IAC’s ability to successfully orchestrate applications. Connections are established using a service account permissioned appropriately. The health of the connection between each ACM server is evaluated once every 30 minutes by default. Connection health is determined by performing connectivity, authentication and authorization tests. Details of these tests and a screenshot of the System Health console can be seen in the  “System Health – ACM” chart.

Cisco IAC CloudSync Finite State Machine

CloudSync Finite State Machine

Cloud Object Model and CloudSync

Immediately after establishing a healthy connection, CloudSync runs. CloudSync is a synchronization process driven by a finite state machine whose responsibility is to not only perform initial object discovery and granular fingerprinting – essentially a deep interrogation of cloud objects and their attributes – but also, manage ongoing reconciliation of infrastructure changes with respect to their representation of the provider’s cloud infrastructure as modeled within the service catalog. Note the “CloudSync Finite State Machine” chart, which is laced with Extension Points, where cloud administrators may insert custom logic on state transition for any given object within the model. Once collected, this inventory (e.g. a Chef Role) is presented to the cloud administrator for  the ACM server for use within their cloud. Cloud administrators may choose to register the discovered objects for use by end users.

Cisco IAC Cloud Object Model - Chef

Cisco IAC Cloud Object Model – Chef

Cisco IAC Cloud Object Model - Puppet

Cisco IAC Cloud Object Model – Puppet

For example, the cloud administrator may choose to register a Puppet Role as being available for end users to assign to a server. Registration of this role may include assignment of additional metadata, including price of the role as a one-time or recurring charge for use of the application and assignment of tenant permissions (whether to make the role available to all tenants or only select tenant(s)).

It’s through the relationships derived within the Cloud Object Model and assignment of tenant permissions that the specific applications are presented to a given end user. Service Resource Containers are used as a logical construct owned by the cloud administrator wherein tenant-specific resources may be hosted. Applications delivered to tenants may be created in a virtual data center that is serviced by either a Puppet Master or Chef Server. See the Cisco IAC documentation for further details on other constructs within these and other models.

Cisco IAC My Servers - Manage Applications - Node Classification

Manage Applications – Node Classification

Approach to Node Classification

Once registered for use, applications become visible to end users, who may assign applications to their servers whether during initial server provisioning or to an existing server. Upon selection of application(s) by the end user, IAC classifies the node by writing a hiera file (Puppet) or by writing a run-list (Chef) on the respective ACM server and forces an immediate agent run to ensure application configuration is promptly enforced.

In this sense, IAC provides a common user experience for node classification irrespective of the underlying technology chosen by the cloud provider (the organization running and administering IAC). As the IAC product suite evolves, so has our approach in terms of classification via Puppet and the more programmatically effective use of a custom-written External Node Classifier, taking advantage of the ability for the node_terminus configuration to to interact with an ENC.

Application Configuration Management Highlights

Cisco IAC CloudSync'ed Application Infrastructure

CloudSync’ed Applications

  • Integration with Puppet and Chef
    • Connections to number of servers
    • System health checks for these servers
    • Application infrastructure discovery (CloudSync)
    • Bootstrapping of agents (green and brownfield)
  • Financial Management
    • Pricing of applications
    • Showback for application orders
    • Run rates including application consumption by user, org, tenant
  • Multi-tenancy
    Financial Management - Application Pricing & Showback

    Financial Management – Application Pricing & Showback

    • Tenant-specific application catalogs
    • Tenant/application consumption dashboards
  • Provisioning
    • Application provisioning for virtual machines, physical servers
    • “My Applications” interface for application management
  • Service Offering Elections
    • 3-tiers of control on enable/disable application configuration management services at provider, tenant and organization levels
  • Multi-Cloud Platform Support
    • Support same services ubiquitously across all platforms

    Financial Management - Application Run Rates

    Financial Management – Application Run Rates

  • Application User Persona
    • “My Application” interface for application management
    • ACM Server and application usage dashboard

Cognizant of the plethora of application configuration management tools available to Cisco customers, including commercial, open source, and homegrown tools, we’re very interested to hear which ones you have found to be the best fit in your environment. Have you established revision control practices as you manage infrastructure as code?Having reviewed Cisco’s approach within its cloud management platform, IAC, whether you manage configuration of physical servers, virtual machines or use CM to build containers or hosts that run containers, how does your approach compare?

Tags: , , , , , ,

Improve the Ways and Means of Application Delivery

Organizations are rethinking their data centers and nothing is off limits for discussion – everything from infrastructure to software to processes, and even more fundamentally, the very ways in which a data center serves the business. One element that is empowering this phenomenal shift is IT automation. It is vital. No automation, no effective IT. The more sluggish IT is, the more costly it is to the business. Organizations know that, and they want to automate IT processes at all levels to increase effectiveness, time-to-market, and innovation so that they can perform well and compete effectively.  IT automation has proven itself, and now it is ready for its closeup.

This week at CiscoLive in San Francisco, you will see just how far automation is reaching into organizations. No longer content to provision virtual machines through a VM dispenser, companies are looking for ways to automate the entire solution stack: applications down through the infrastructure that supports them. Read More »

Tags: , , , , , , , , , ,

Let Cisco Cloud Work for Your Business

At a recent event I saw a T-shirt that said “Remember when cloud only meant rain?”  In the days before cloud computing, asking someone what they thought about cloud usually invoked a response about an animal-shaped formation or looking at cumulonimbus and predicting precipitation. One thing that today’s IT clouds have in common with their heavenly-based brethren is the ability for IT clouds to make it rain for your business.  When cloud is a part of your business strategy, they can increase business agility and effectiveness that translate into revenue generating opportunities.

Every day customers tell me what keeps them up at night is not how to reduce costs but how to survive. Cloud can take you far beyond survival to thriving  by delivering everything from data center services to applications to even office supplies.  But to get this benefit you need to bring together IT and your business strategy. And you need a new way of managing all these components in a unified manner.

Traditional management strategies and solutions utilize fragmented tools dedicated to specific systems.  They are ineffective in an environment where end users are empowered to request services on-the-fly and expect delivery almost instantly.

A customer told me this week that he believed all cloud management solutions were the same.    This is simply not true and two new reports from EMA and IDC provide supporting evidence.

Cisco’s cloud solution understands that your journey is a multi-step process.  You need to first automate your physical and virtual infrastructure to provide a foundational base for as-a-service, across heterogeneous hardware.  Let’s be honest – how can you increase efficiency when your solution manages a single hardware stack or hypervisor?

Cisco UCS Director delivers unified management and automation across both physical and virtual environments from a single pane of glass.   Designed to manage integrated and converged infrastructures utilizing Cisco UCS and Nexus fabric, UCS Director also manages third-party infrastructures such as HP, Dell and Brocade. Its innovative model-based orchestration tracks configuration changes ensuring that your business workflows run to completion, even if a switch is down or unavailable. UCS Director frees up your IT engineers from mundane daily management tasks allowing them to focus on more advanced projects.

Once infrastructure is automated, you can expand your horizons to automating the delivery of applications or general business processes.   Cisco Intelligent Automation for Cloud (IAC) is a full-stack cloud solution that includes embedded application provisioning, governance and usage tracking all from an end-user portal and service catalog that spans multiple cloud platforms and tenants.   Leveraging its networking strength, Cisco IAC simplifies  cloud-based deployment and management of network services with out-of-box templates for firewalls, load balancers and VPNs eliminating the need for manual, trouble-ticket based provisioning.   

Watch these videos to learn more about Cisco UCS Director and Cisco IAC.

Earlier this week, Cisco announced its open, hybrid cloud solution, Cisco Intercloud.  Cisco IAC is one of the management solutions powering this offering and is an example of Cisco IAC’s flexible cloud service capabilities – flexibility that your company needs.

With cloud becoming strategic to your organization’s IT strategy, Cisco’s two step solution of Cisco UCS Director and Cisco IAC gets you on the path to anything-as-a-service and your organization on its way to experiencing those rain making opportunities.    

Tags: , , , , , , , , , , ,

With Cisco Cloud Management, FASTWEB Delivers New Value-Added Cloud Services

Imagine that you head the leading telecommunications provider in Italy and you are watching traditional service and revenue streams struggle under intense competitive pressure. Customer retention is a major issue because the types of services required by your residential and business clients are changing. Clearly, you need to retain customers and do so by offering new services. It is a generally known business fact that often it is more cost effective to invest in retaining customers than trying to get new ones in such competitive industries.

So, how would you do it?

FASTWEB, a Swisscom company, asked Cisco exactly that question. FASTWEB’s analysis indicated that offering cloud-based service delivery would be an excellent opportunity to retain existing business while capturing new revenue streams from Italian businesses looking for new IT solutions. But FASTWEB struggled with execution due to insufficient resources to develop and deliver these new services.

So, FASTWEB adopted Cisco’s Unified Data Center architecture which includes Cisco UCS Blade Servers and Intelligent Automation for Cloud (IAC). Cisco UCS servers were selected for performance, reliability, and the ability to integrate smoothly with other heterogeneous elements in their solution stack. They thoroughly analyzed cloud management solutions, and Cisco IAC scored the highest in their evaluation for:

• Openness and flexibility
• Ease of use by users and administrators
• Single management console access to the entire cloud service lifecycle
• Ability to build services without deep technical skills


Teaming with Cisco Services, FASTWEB implemented cloud service delivery across six distinct use cases. Because of UCS they did so with minimum server hardware, gaining a complete cloud infrastructure that consumes only a few racks. With this Cisco Unified Data Center strategy and solution, FASTWEB estimates their customers can save around 50 percent over three years utilizing FASTWEB services compared to on-premises infrastructure.


What’s more FASTWEB relies on Cisco IAC to offer customers a portal that is intuitive with fast delivery thanks to strong automation and orchestration of all cloud elements, including network. None of their competitors in the Italian marketplace has an offering equal to this unified solution from Cisco.

Now FASTWEB’s cloud services are growing smoothly thanks to technology that scales as quickly as their business does. FASTWEB plans to expand its use of Cisco IAC to offer new services as such PaaS and SaaS for their customers.

Read more about FASTWEB’s implementation in this case study and this recent CiscoLive Milan presentation.

Tags: , , , , , , , , , , , , ,