Cisco Blogs


Cisco Blog > Data Center and Cloud

Application Configuration Management: What’s your Approach?

October 21, 2014 at 7:27 pm PST

Last we spoke, it was about network device configuration management. Let’s move our focus up the stack to applications and management of their configuration. Whether enterprise or cloud-architected, running on physical servers, in virtual machines or in containers, how are you managing your applications?

Puppet, Chef, Ansible and Salt are popular answers to this question and leading contenders for initial provisioning and management of configuration drift of data center applications -- whether they be common off the shelf (COTS) or custom built applications. Two of these configuration management technologies, Puppet and Chef, are supported by Cisco Intelligent Automation for Cloud 4.1. The collection of features enveloping these two Ruby-based technologies within Cisco IAC is referred to as Application Configuration Management (ACM).

Approach to Agent Bootstrapping

Puppet and Chef are similar in nature -- in more ways that we’ll discuss in this post. An example of similarity being that both of these ACM technologies require an agent (Puppet) or client (Chef) installed on the server under management (node).

cisco-iac-agent-bootstrapping

Agent Bootstrapping Methods

Both types of ACM technologies support client-only and client/server deployment models, referred to as agent/master for Puppet and client/server for Chef installations. Whether only using an agent-only (client-solo -- Chef) or using an agent/master deployment model, unless your virtual or physical server image has the agent preinstalled, you’ll need to go perform the prerequisite work of agent installation.

IAC performs this dirty work by bootstrapping the appropriate agent (or client) whether on initial server provisioning or on-demand on any existing server when a user assigns an application to a server. Mechanics used to perform agent installation varies. The mechanics used within IAC are listed in the “Agent Bootstrapping Methods” chart. Initially, IAC used WinRM as its mechanism to bootstrap agents on Windows severs until customer feedback drove use of an alternative mechanism -- psexec. We found that customer security teams were either uncomfortable with or had policy in place against the use of WinRM as a method to execute scripts remotely and made the switch to psexec, which “is a light-weight telnet-replacement that lets you execute processes on other systems, complete with full interactivity for console applications, without having to manually install client software”.

Part of the agent installation involves establishing a connection between the ACM server (Puppet Master or Chef Server) and the node (server with agent/client installed). IAC orchestrates the registration of the node with it’s respectively, assigned ACM server. This process is different depending on whether Puppet or Chef is used.  In the case of Chef, IAC has the chef-client register with the Chef server using the private key assigned to the chef-validator, which IAC loads into the node during client installation. In the case of Puppet, IAC performs an initial puppet agent run, which lodges a certificate authorization request on the Master, which IAC subsequently orchestrates the signing of on the Master. With agent bootstrap complete and authorized, secure communication between the ACM server and client, attention is turned to the management of connections IAC may have established with number of Puppet or Chef servers.

Cisco IAC System Health - ACM

System Health -- ACM

Connection and System Health

In the case of client/server deployments, IAC will establish connection to one or more Puppet Masters and one or more Chef Servers. Each connection is treated with care as the health of each connection facilitates IAC’s ability to successfully orchestrate applications. Connections are established using a service account permissioned appropriately. The health of the connection between each ACM server is evaluated once every 30 minutes by default. Connection health is determined by performing connectivity, authentication and authorization tests. Details of these tests and a screenshot of the System Health console can be seen in the  “System Health -- ACM” chart.

Cisco IAC CloudSync Finite State Machine

CloudSync Finite State Machine

Cloud Object Model and CloudSync

Immediately after establishing a healthy connection, CloudSync runs. CloudSync is a synchronization process driven by a finite state machine whose responsibility is to not only perform initial object discovery and granular fingerprinting -- essentially a deep interrogation of cloud objects and their attributes -- but also, manage ongoing reconciliation of infrastructure changes with respect to their representation of the provider’s cloud infrastructure as modeled within the service catalog. Note the “CloudSync Finite State Machine” chart, which is laced with Extension Points, where cloud administrators may insert custom logic on state transition for any given object within the model. Once collected, this inventory (e.g. a Chef Role) is presented to the cloud administrator for  the ACM server for use within their cloud. Cloud administrators may choose to register the discovered objects for use by end users.

Cisco IAC Cloud Object Model - Chef

Cisco IAC Cloud Object Model -- Chef

Cisco IAC Cloud Object Model - Puppet

Cisco IAC Cloud Object Model -- Puppet

For example, the cloud administrator may choose to register a Puppet Role as being available for end users to assign to a server. Registration of this role may include assignment of additional metadata, including price of the role as a one-time or recurring charge for use of the application and assignment of tenant permissions (whether to make the role available to all tenants or only select tenant(s)).

It’s through the relationships derived within the Cloud Object Model and assignment of tenant permissions that the specific applications are presented to a given end user. Service Resource Containers are used as a logical construct owned by the cloud administrator wherein tenant-specific resources may be hosted. Applications delivered to tenants may be created in a virtual data center that is serviced by either a Puppet Master or Chef Server. See the Cisco IAC documentation for further details on other constructs within these and other models.

Cisco IAC My Servers - Manage Applications - Node Classification

Manage Applications -- Node Classification

Approach to Node Classification

Once registered for use, applications become visible to end users, who may assign applications to their servers whether during initial server provisioning or to an existing server. Upon selection of application(s) by the end user, IAC classifies the node by writing a hiera file (Puppet) or by writing a run-list (Chef) on the respective ACM server and forces an immediate agent run to ensure application configuration is promptly enforced.

In this sense, IAC provides a common user experience for node classification irrespective of the underlying technology chosen by the cloud provider (the organization running and administering IAC). As the IAC product suite evolves, so has our approach in terms of classification via Puppet and the more programmatically effective use of a custom-written External Node Classifier, taking advantage of the ability for the node_terminus configuration to to interact with an ENC.

Application Configuration Management Highlights

Cisco IAC CloudSync'ed Application Infrastructure

CloudSync’ed Applications

  • Integration with Puppet and Chef
    • Connections to number of servers
    • System health checks for these servers
    • Application infrastructure discovery (CloudSync)
    • Bootstrapping of agents (green and brownfield)
  • Financial Management
    • Pricing of applications
    • Showback for application orders
    • Run rates including application consumption by user, org, tenant
  • Multi-tenancy
    Financial Management - Application Pricing & Showback

    Financial Management -- Application Pricing & Showback

    • Tenant-specific application catalogs
    • Tenant/application consumption dashboards
  • Provisioning
    • Application provisioning for virtual machines, physical servers
    • “My Applications” interface for application management
  • Service Offering Elections
    • 3-tiers of control on enable/disable application configuration management services at provider, tenant and organization levels
  • Multi-Cloud Platform Support
    • Support same services ubiquitously across all platforms

    Financial Management - Application Run Rates

    Financial Management -- Application Run Rates

  • Application User Persona
    • “My Application” interface for application management
    • ACM Server and application usage dashboard

Cognizant of the plethora of application configuration management tools available to Cisco customers, including commercial, open source, and homegrown tools, we’re very interested to hear which ones you have found to be the best fit in your environment. Have you established revision control practices as you manage infrastructure as code?Having reviewed Cisco’s approach within its cloud management platform, IAC, whether you manage configuration of physical servers, virtual machines or use CM to build containers or hosts that run containers, how does your approach compare?

Tags: , , , , , ,

Improve the Ways and Means of Application Delivery

Organizations are rethinking their data centers and nothing is off limits for discussion – everything from infrastructure to software to processes, and even more fundamentally, the very ways in which a data center serves the business. One element that is empowering this phenomenal shift is IT automation. It is vital. No automation, no effective IT. The more sluggish IT is, the more costly it is to the business. Organizations know that, and they want to automate IT processes at all levels to increase effectiveness, time-to-market, and innovation so that they can perform well and compete effectively.  IT automation has proven itself, and now it is ready for its closeup.

This week at CiscoLive in San Francisco, you will see just how far automation is reaching into organizations. No longer content to provision virtual machines through a VM dispenser, companies are looking for ways to automate the entire solution stack: applications down through the infrastructure that supports them. Read More »

Tags: , , , , , , , , , ,

Let Cisco Cloud Work for Your Business

At a recent event I saw a T-shirt that said “Remember when cloud only meant rain?”  In the days before cloud computing, asking someone what they thought about cloud usually invoked a response about an animal-shaped formation or looking at cumulonimbus and predicting precipitation. One thing that today’s IT clouds have in common with their heavenly-based brethren is the ability for IT clouds to make it rain for your business.  When cloud is a part of your business strategy, they can increase business agility and effectiveness that translate into revenue generating opportunities.

Every day customers tell me what keeps them up at night is not how to reduce costs but how to survive. Cloud can take you far beyond survival to thriving  by delivering everything from data center services to applications to even office supplies.  But to get this benefit you need to bring together IT and your business strategy. And you need a new way of managing all these components in a unified manner.

Traditional management strategies and solutions utilize fragmented tools dedicated to specific systems.  They are ineffective in an environment where end users are empowered to request services on-the-fly and expect delivery almost instantly.

A customer told me this week that he believed all cloud management solutions were the same.    This is simply not true and two new reports from EMA and IDC provide supporting evidence.

Cisco’s cloud solution understands that your journey is a multi-step process.  You need to first automate your physical and virtual infrastructure to provide a foundational base for as-a-service, across heterogeneous hardware.  Let’s be honest – how can you increase efficiency when your solution manages a single hardware stack or hypervisor?

Cisco UCS Director delivers unified management and automation across both physical and virtual environments from a single pane of glass.   Designed to manage integrated and converged infrastructures utilizing Cisco UCS and Nexus fabric, UCS Director also manages third-party infrastructures such as HP, Dell and Brocade. Its innovative model-based orchestration tracks configuration changes ensuring that your business workflows run to completion, even if a switch is down or unavailable. UCS Director frees up your IT engineers from mundane daily management tasks allowing them to focus on more advanced projects.

Once infrastructure is automated, you can expand your horizons to automating the delivery of applications or general business processes.   Cisco Intelligent Automation for Cloud (IAC) is a full-stack cloud solution that includes embedded application provisioning, governance and usage tracking all from an end-user portal and service catalog that spans multiple cloud platforms and tenants.   Leveraging its networking strength, Cisco IAC simplifies  cloud-based deployment and management of network services with out-of-box templates for firewalls, load balancers and VPNs eliminating the need for manual, trouble-ticket based provisioning.   

Watch these videos to learn more about Cisco UCS Director and Cisco IAC.

Earlier this week, Cisco announced its open, hybrid cloud solution, Cisco Intercloud.  Cisco IAC is one of the management solutions powering this offering and is an example of Cisco IAC’s flexible cloud service capabilities – flexibility that your company needs.

With cloud becoming strategic to your organization’s IT strategy, Cisco’s two step solution of Cisco UCS Director and Cisco IAC gets you on the path to anything-as-a-service and your organization on its way to experiencing those rain making opportunities.    

Tags: , , , , , , , , , , ,

With Cisco Cloud Management, FASTWEB Delivers New Value-Added Cloud Services

Imagine that you head the leading telecommunications provider in Italy and you are watching traditional service and revenue streams struggle under intense competitive pressure. Customer retention is a major issue because the types of services required by your residential and business clients are changing. Clearly, you need to retain customers and do so by offering new services. It is a generally known business fact that often it is more cost effective to invest in retaining customers than trying to get new ones in such competitive industries.

So, how would you do it?

FASTWEB, a Swisscom company, asked Cisco exactly that question. FASTWEB’s analysis indicated that offering cloud-based service delivery would be an excellent opportunity to retain existing business while capturing new revenue streams from Italian businesses looking for new IT solutions. But FASTWEB struggled with execution due to insufficient resources to develop and deliver these new services.

So, FASTWEB adopted Cisco’s Unified Data Center architecture which includes Cisco UCS Blade Servers and Intelligent Automation for Cloud (IAC). Cisco UCS servers were selected for performance, reliability, and the ability to integrate smoothly with other heterogeneous elements in their solution stack. They thoroughly analyzed cloud management solutions, and Cisco IAC scored the highest in their evaluation for:

• Openness and flexibility
• Ease of use by users and administrators
• Single management console access to the entire cloud service lifecycle
• Ability to build services without deep technical skills

FASTWEB

Teaming with Cisco Services, FASTWEB implemented cloud service delivery across six distinct use cases. Because of UCS they did so with minimum server hardware, gaining a complete cloud infrastructure that consumes only a few racks. With this Cisco Unified Data Center strategy and solution, FASTWEB estimates their customers can save around 50 percent over three years utilizing FASTWEB services compared to on-premises infrastructure.

FASTWEB2

What’s more FASTWEB relies on Cisco IAC to offer customers a portal that is intuitive with fast delivery thanks to strong automation and orchestration of all cloud elements, including network. None of their competitors in the Italian marketplace has an offering equal to this unified solution from Cisco.

Now FASTWEB’s cloud services are growing smoothly thanks to technology that scales as quickly as their business does. FASTWEB plans to expand its use of Cisco IAC to offer new services as such PaaS and SaaS for their customers.

Read more about FASTWEB’s implementation in this case study and this recent CiscoLive Milan presentation.

Tags: , , , , , , , , , , , , ,

Move Past Survival and Thrive

Every area of your business has a stake in the way IT delivers services. Each one needs speed, agility, efficiency, and a clear definition of its relationship with all of the other areas and the business as a whole. In order to get there and create an agile and efficient organization that flows, you need to unify IT with all areas of the business. There is no way around it.

If your company is one of the four out of ten companies moving to a private cloud by the end of 2014, then you know you need a solution that does more than dispense virtual machines in minutes. You need a solution to deliver diverse services across an entire solution stack. You need a cloud partner that can align with the demands of your business today, tomorrow, and well into the future. Always keep in mind that your cloud technology choices are major decisions with business-critical impact.

Selecting a cloud management solution is a strategic decision for your organization. In a previous blog, I wrote about Cisco Intelligent Automation for Cloud (IAC) receiving the highest score in the Forrester Private Cloud Wave Report for cloud vision and strategy. What we presented to Forrester, and even more, is now available for your organization through the latest release of Cisco IAC.

How does vision and strategy translate into IT better aligning with your business? Sit back and watch this informative, short video to find out.

Every day customers tell me what keeps them up at night is not how to reduce costs but how to survive. Just as in nature, survival for business depends on intelligence and fast and agile execution of processes. To make these capabilities part of your organization’s genetic composition, so that they are intrinsic, almost intuitive, you need a cloud management solution that sees, understands, and manages your whole environment: physical and virtual, networks, applications, and more – whatever comprises your stacks.

Plus, you need cloud efficiencies to extend beyond your data center securely and encompass business functions such as delivery of development environments within minutes, the ordering of a new laptop or virtual desktop, onboarding of a new employee, or even the ordering of office supplies. And you want to be able to do all of these things from a unified user interface.

That’s exactly what the latest release of Cisco IAC brings to the table:

• The integration of Cisco IAC and Cisco UCS Director delivers a comprehensive private cloud, which frees you to focus on creating differentiated services instead of building your cloud.
• A unified self-service portal and catalog covers your enterprise, providing a modern online shopping experience across all data center and workplace functions.
• Advanced cloud governance offers the ability to manage demand, suppliers, and service consumption tracked to specific budgetary or resource thresholds.

But wait, there’s more. There’s the network. Any NOC expert will tell you that delivering network services in the cloud is a manual, trouble-ticket-based grind. At a time when your business needs speed and agility, manual network service delivery slows down IT and your business.

Unchain your business with Cisco IAC’s out-of-box templates that automate the delivery of VPNs, firewalls, and load balancers. We’re not talking about a single configuration applied to every organization, but the ability for each tenant to define its own unique network service configuration.

Cisco understands that cloud management is more than dispensing virtual machines. The latest release of Cisco IAC allows IT to align with your business, so that you’re free to not just survive, but to thrive.

Take the next step and watch this technical video overview of Cisco IAC.

Tags: , , , , , , , , , , , , , , ,