Avatar

This blog is a collaboration between Meenakshi Kaushik,  Product Manager, Engineering Cloud & Co-Authored byMansi Garg, Engineering Product Manager and Praveen Banoth, Engineering Technical Leader.


Intersight Kubernetes Service (IKS) is a turn-key SaaS solution for managing consistent, production-grade Kubernetes both on-premises and in the public cloud. Our focus has been around bringing simplicity and automation to the hybrid deployment of Kubernetes clusters including networking, storage, compute, virtualization, and operating systems – all done from a single pane of glass within the Cisco Intersight cloud operations platform.

But does cloud native mean cloud bound? How can organizations in finance, healthcare, public sector and other highly regulated industries deploy Kubernetes with their added data security and compliance requirements at top of mind?  This isn’t an easy problem to solve. With air-gap deployments, the installation and maintenance of entire infrastructure stacks, along with Kubernetes, becomes increasingly complex. These isolated deployments require additional planning and implementation details to successfully operate.  And even if a cobbled together implementation succeeds, the day 2 maintenance, troubleshooting, and upgrades are beyond the already stretched thin IT resources who have cloud native skill sets.  Few, if any, solutions exist to help customers succeed with this isolated full stack deployment model.  Until now!

The Intersight Kubernetes Service capabilities, that are now available on the Intersight Private Virtual Appliance, were purposefully built for these customers who may have isolated or “air-gapped” requirements, to take advantage of cloud native technologies. The Intersight Private Virtual Appliance (PVA) delivers a similar full-stack infrastructure, Kubernetes management, and automation features as our SaaS Kubernetes version to ensure security so that no system details leave the premises. Intersight Private Virtual Appliance requires no connection to public networks or link back to Cisco to operate. That means customers can rely on Cisco to curate a secure and enterprise ready cloud-native solution no matter how isolated the application and data sources might be, and  still obtain continuous updates.

Intersight Private Virtual Appliance Graphic
Intersight Kubernetes Service (IKS) for Sovereign Clouds

 

Let’s take a look at what Intersight PVA enables in a bit more detail.

Simplified Day 2 management

So how do you bring the “as a Service” simplicity and continuous innovation to isolated environments?  Simple (not simple!), by bringing the Kubernetes cloud features and management platform to the air-gapped datacenter, which is a function of the Intersight Private Virtual Appliance.

Let’s start with flexibility of upgrades during non-critical business hours and certification prior to production pushes to meet compliance requirements. All of this can be easily accomplished with the on-premises management plane. First, Intersight PVA offers complete control over curated updates and upgrades and customers can schedule the maintenance windows according to their business schedules. Additionally, customers’ internal compliance requirements are met by avoiding any deployment downtime through first validating and certifying the latest versions in the lab and then using included in-place and then rolling update options to push the latest Kubernetes versions in their production environments.

As with any cloud native solution, reliability is a key element to any implementation.  Intersight PVA mitigates single point of failure by utilizing the existing Hypervisor provided HA (High Availability) solutions. The same certified virtualization solutions can also ensure disaster recovery, backup, and restore options with VM snapshots of the Kubernetes clusters.

And can you deploy it on your existing Virtualization Stack?

Intersight PVA supports flexible deployment options in three easy to deploy form factors including  VMware, Microsoft Hyper-V, and KVM hypervisors; so customers can use any of the popular hypervisors for their isolated deployment.

…And the hardest part – Cloud Native Cluster and Application lifecycle/management.

Intersight PVA includes all of the existing and upcoming features of the Intersight Kubernetes Services (IKS) SaaS platform. For Administrators and DevOps,  IKS provides easy continuous delivery (OpenAPI/Terraform/GUI) of full-stack infrastructure, production grade security, hardened Kubernetes, and application lifecycle management on both VMware and cloud native hypervisor Intersight Workload Engine (IWE) .   Aside from lowering the need for costly VMware virtualization, IWE is included with IKS at no extra cost.

But infrastructure is only part of the story, a service mesh, like Istio, provides developers, operators, and SecOps with consistent development, deployment, security and scalability of the application with little or no changes to the application code. But unlike Istio, which requires separate installation of one tool for metrics, another for topology, and yet another for tracing, Cisco Service Mesh Manager integrates visibility into a single pane of glass so that you can more easily maintain your application service-level objectives over time, even within an isolated infrastructure.

Conclusion

Intersight Kubernetes Services is now available alongside the other great full-stack infrastructure management capabilities currently available within Intersight PVA.  Intersight Private Virtual Appliance removes all the barriers of cloud native deployments for customers with isolated, sovereign clouds which enables IT Operations and DevOps teams to adopt a cloud operating model. Stay tuned as we will be adding exciting new capabilities in the upcoming months, continuously expanding the IKS functionality with weekly production pushes! Finally, give it a try with a 90-day trial.

 


Resources

IKS on Intersight PVA announcement video
Intersight Kubernetes Service (IKS) Observability and Security Video 
Cisco Intersight Kubernetes Service User Guide
Cisco Intersight Virtual Appliance and Intersight Assist Getting Started Guide
Cisco Intersight Kubernetes Service (IKS) Blog
Cisco Service Mesh Manager (SMM) Blog
Visit our Intersight Help Center