Recently the widespread fire of data breaches impacting privacy of millions of hapless people across the globe has become the stirring news. This spree of cyber attacks unveiling the fact that information security industry, organizations and even governments are vulnerable to today’s persistent, well-organized and sophisticated cyber threats.
There was a common theme among all the recent data breaches shown below and that is the amount of time for initial detection, which is in weeks and months.
According to Verizon data breach report, 85% of cyber attacks Read More »
Today’s announcement expands the reach of the Intercloud by 250 additional data centers in 50 countries, and advances Cisco’s OpenStack based cloud strategy to address customer requirements for a globally distributed, highly secure cloud platform capable of meeting the robust demands of the Internet of Everything. Cisco’s open approach to the Intercloud is designed for high-value application workloads, with real-time analytics and “near infinite” scalability and allows local hosting and local provider options that enable data sovereignty around the world.
Essentially, there are three components to this Intercloud strategy that set us apart from other companies. It starts with Cisco’s cloud architectural solutions including UCS, our Application Centric Infrastructure (ACI), and a networks functions virtualization (NFV) driven policy. The second component is network connectivity and providing the user with the right quality of service (QoS) experience for their application workloads. And the third component is our partners, who play a critical role in building out this network of clouds from a data center, network, application acceleration and compliance/data sovereignty perspective. In this blog I’d like to delve further into network connectivity and the role that our newest hosting partner, Equinix, plays in powering our Intercloud vision.
Importance of Network Connectivity in Hybrid Cloud
The role of the CIO has to move from a builder of services for the enterprise to an orchestrator of services across private clouds and various public clouds. This hybrid cloud orchestration has to be secure, hypervisor independent, manageable and compliant with all the enterprise’s IT policies across the full IT stack and across all the clouds. Cisco’s Intercloud capabilities are designed to do exactly this and will be enhanced by enabling the orchestration to be carried out in a private hosted environment where these cloud providers will be virtually located within the same exchange. This will facilitate workload interconnections between cloud providers in true hybrid cloud fashion with the lowest application latency and secure workload management for customers.
Where better to do this than in Equinix’s data centers and through the Equinix Cloud Exchange (ECX)? As the world’s largest IBX data center and colocation provider, the company offers fast application performance and low latency routes across all continents. The company provides a global interconnection platform called Equinix Cloud Exchange that hosts private clouds for enterprise customers and facilitates over 135,000 connections among more than 4,500 customers. Cisco will enable the Equinix Cloud Exchange to deliver secure private cloud access to the rich ecosystem of cloud service providers in Equinix data centers globally and to deploy Cisco Intercloud capabilities in 16 Equinix markets across Europe, Asia and the Americas. Equinix also plans to deploy key Cisco technologies and services across its Cloud Exchange, including the Cisco Nexus 9000 Series switch, Cisco APIC, and the Cisco Evolved Services Platform.
For Equinix this announcement significantly enhances their value proposition to the CIO. Their Equinix Cloud Exchange solution will now be able to guarantee full bi-directional workload portability across any hypervisor and full extensible application policy compliance across all services and clouds. This will enhance their already unique interconnect capabilities, lowest latency capabilities and extensive global footprint.
Beginning and Ending with Network Connectivity
So it is all about the connectivity, but this is not a new proposition. It’s one that has been proven consistently over the last 30 years. When networks first emerged they were proprietary, did not interoperate and as a result customers had to choose which one to use. Cisco and our partners played a major role in seamlessly connecting them together to create the Internet. As a result, business processes were transformed, billions of dollars of value was created and a large successful partner ecosystem emerged. As we look at the cloud landscape today we see several similarities – many independent closed and proprietary clouds which were designed to maximize vendor revenue rather than enable interoperability, security and compliance. The combined value of Cisco and Equinix will provide fast, open, secure connectivity and will unleash the value of hybrid cloud for enterprises globally.
Together with our partners we will connect the clouds to create the Intercloud.
What is Next-Gen Workload Mobility for the Private Cloud?
Enterprises across the globe have been asking for simpler ways to provide multi-site Business Continuity and Workload Mobility for applications hosted in their Private Cloud. The Cloud promises a more agile operational environment and that promise has been fulfilled to a large extent within their data centers. But many Enterprises are challenged to unlock this same agility across multi-site Cloud topologies. For example, Enterprise CTOs and CIOs have asked us directly to provide simplified Workload Mobility of critical apps between sites to give their operations teams more flexibility.
Many competitive solutions offer basic VM mobility between sites and storage replication, but do not address the rest of the application environment including: security, stateful services, network containers, tenancy, and most importantly both physical and virtual resources.
What good does it do to move a VM to a new site if the rest of the application environment is left behind causing a potential security hole?
How to move a LIVE 3-tier app like Microsoft SharePoint to a new site (without impacting users)
As we all know, business critical applications require a robust service environment to operate securely across the cloud. In our example below, the application environment provides firewall and load balancing services for each tier of the SharePoint application; web, app, and database tiers. These services are stitched together using a secure Network Container that carve out a slice of resources across the data center for SharePoint. Most Enterprises and SPs use a mix of physical and virtual resources including firewalls, load balancers, VPN termination, IDS, and network switching. Many of these services create stateful connections to users, so….
If you perform a live migration of SharePoint to a new site, stateful connections to firewalls and load balancers need to be preserved to maintain security and TCP connections to active users.
Broken user connections = Service disruption (that’s not good)
You must also provide identical security and services for new SharePoint users even though the application has moved to a new site.
Broken Network Services = Potential Security hole (that’s even worse)
How does Next-Gen Workload Mobility actually work?
Let’s share some test results from our new Business Continuity and Workload Mobility Solutionto illustrate how we performed live SharePoint migrations to a new site (75 km away) while maintaining security, stateful services, and user connections. Oh yes, automatically without manual intervention.
Baseline topology for Microsoft SharePoint deployed in our Private Cloud
We first deployed the SharePoint Web, App, and Database tiers in a secure network container in Data Center 1 using service orchestration, simple and easy. Refer to the figure below for a topology picture.
SharePoint Web Tier is in a Public Zone, and uses a virtual firewall (VSG) and Citrix load balancer
SharePoint App Tier and Database Tier (SQL) are in a Protected Zone and use an ASA Firewall and Citrix load balancer
Our validated design provides LAN extensions, extended clusters, secure network containers, virtual switching, and storage replication between Metro sites
SharePoint is up and running in Data Center 1, supporting hundreds of users with secure connections. Now let’s move SharePoint to a new site without the users knowing it.
Step 1: Perform Live SharePoint Migration to Data Center 2….while maintaining secure user connections!
We performed a Live vMotion of SharePoint (Web, App, Database) to new hosts in Data Center 2, described in the figure below. Data Center 2 is 75 km away. Our SharePoint migration had minimal disruption (2 seconds or less) and maintained security, stateful services, and all user connections across our multi-site Cloud. Pretty sweet! A few highlights from our validated design are provided below.
Our virtual switch (Nexus 1000v), virtual firewall (VSG), and UCS automatically updated Port and Security Profiles at the new site, so our virtual switching and application firewalls were preserved without lifting a finger.
Layer 2 Extensions permit tromboning back to Data Center 1 to maintain connections to physical appliances (stateful firewalls and load balancers), also without manual intervention.
Our Network Container was automatically extended between Metro sites, maintaining security, tenancy, QoS, IP addressing, and user connections. SharePoint was discovered on the new host in Data Center 2 within seconds, using this extended Network Container.
Now let’s move the rest of the network container to Data Center 2 in less than one second!
Step 2: Redirect users to a new Network Container in Data Center 2….in less than 1 second!
With the aid of service orchestration, we simply created a new network container in Data Center 2. This new container included the same configuration, connections, and services (firewalls, load balancers) as the original container in Data Center 1. Once created, we simply redirected external users to the SharePoint application running in Data Center 2, as described below. The redirection of users happened in less than one second, pretty amazing. A simple routing update delivered through service orchestration performed the redirection. In this step, user connections were broken and new connections were re-established to the already running SharePoint application in less than one second! A few highlights from our validated design are provided below.
Layer 2 Extensions allowed the preservation of IP Addressing for Apps and Services during migration. There is no need to “re-IP” your applications just because they’ve moved to a different city.
The complete Network Container including physical and virtual resources was moved with minimal disruption (sub-second) to users
Our Multi-site Cloud solution supports a typical application environment, including both physical and virtual resources, with scaling for large and small private clouds
We also support Cold workload moves of less critical workloads that don’t require these stringent stateful requirements.
For More Info:
We encourage you to follow my blog series and check out our new business continuity and workload mobility solution (VMDC DCI), which describes key business drivers, Cisco DCI innovations, and validated designs that our customers are deploying in their private clouds.
Deploy with confidence! (and sleep better knowing your Cloud is more reliable and secure)
CVD Design Guide -- Cisco Business Continuity and Workload Mobility solution (VMDC DCI )
Solution Overview -- Cisco Business Continuity and Workload Mobility solution (VMDC DCI)
BrightTalk Session -- VMDC DCI for Business Continuity and Workload Mobility in the Private Cloud (webcast)