PSOCLD 1007 Cisco Hybrid Cloud Platform for Google Cloud

#CLUS
Allan Naim, Senior Manager, Google
PSOCLD-1007
Cisco + Google Cloud
Open Hybrid Cloud
Solution
Rohit Agarwalla, Principal Engineer,Cisco
@allannaim
https://www.linkedin.com/in/allannaim
https://www.linkedin.com/in/rohitagarwalla/
@rohitagarwalla

Agenda
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public#CLUS
• Overview
• Usecases
• Demo
• Conclusion
3PSOCLD-1007

Cisco WebexTeams
Questions?
Use Cisco Webex Teams (formerly Cisco Spark)
to chat with the speaker after the session
Find this session in the Cisco Live Mobile App
Click “Join the Discussion”
Install Webex Teams or go directly to the team space
Enter messages/questions in the team space
How
Webex Teams will be moderated
by the speaker until June 18, 2018.
cs.co/ciscolivebot#PSOCLD-1007
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 4
1
2
3
4
4PSOCLD-1007

© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
Key Learning
Objectives
At the end of this session, you should
be able to:
• Understand usecases for the Cisco
Hybrid Cloud Platform for Google
Cloud
• Learn how various open source
components,Cisco and Google
products fit into the solution
5PSOCLD-1007

Cloud Evolution
7PSOCLD-1007
Traditional
Data Center
Proprietary,
monolithic apps
Hardware
Virtualization
Server consolidation,
Cost-driven IT
Infrastructure
as a Service
Elastic compute,
On demand
Cloud Native
Services (XaaS)
PortableWorkloads, Service
Management,
Catalog/Marketplace

Public cloud
services
On-premises
environment
Rapid technology and organizational change
DevOps/
Developers
IT Ops
Cloud
architects
IT Mgt
LOBSecurity
Networking
Data Center
Application
Modernization
Cloud
Native Apps
PSOCLD-1007 8

Hybrid is an Enterprise reality
9PSOCLD-1007
Public
On-Prem
Classic Apps and Operations Cloud-NativeApps and Operations
Efficient and Ops Agility
Pay for use
Secured
Efficient ops
and agility
Pay for Use
Secured
Rigid and Expensive
Developer Productivity
Portable
Portable
Developer
productivity

if you could focus more on innovating
and less on trying to make everything work together
PSOCLD-1007 10

Workload Portability + Service Consistency Across
Hybrid/Multi-Cloud
11PSOCLD-1007
Open services can serve on-prem, private
managed, public cloud infrastructures
SaaS/Solutions, Partner Ecosystem
Policy Automation, Governance
Secure Service Management
Apps
ServicesInfrastructure
APPS
Infrastructure
APPS
Enterprise Premise Google Cloud Platform Other PublicClouds

Open Hybrid Cloud
12PSOCLD-1007
Managed by policy
Open platform for
running containers,
portable apps that run
across environments
Simple, elegant way to
deliver and consume
services across
environments
Istio
Kubernetes Run Open Services
Connect, manage,
and secure services
across environments

Google Cloud Platform
13PSOCLD-1007
15 current regions. 4
new regions coming in
2018.

Google Network
14PSOCLD-1007
Unity (US, JP) 2010
Monet (US, BR) 2017
Tannat (BR, UY, AR) 2018
Junior (Rio, Santos)
2018
FASTER (US, JP, TW) 2016
PLCN (HK, LA) 2019
Indigo (SG, ID, AU)
2019
Edge node
locations 7500+
Edge points of
presence 100+
Google Network
Curie (CL, US) 2019
Havfrue (US,IE, DK) 2019
SJC (JP, HK, SG) 2013
HK-G (HK, GU) 2019
100+ edge points of presence
7500+ edge nodes, 80+ CDN
locations

ANYWHERE
with a secure and consistent
hybrid environment
Innovation on your own terms
Develop and Deploy
Cisco Hybrid Cloud Platform for Google Cloud
PSOCLD-1007 15

Best of both worlds
16
Networking and Security
Private Cloud Infrastructure
Multicloud Management
Enterprise Class Sales
and Support
Cloud Services
Microservices / Containers
API Gateway for Existing Services
Developer Community
PSOCLD-1007

✓ Extend your CI/CD pipeline
✓ Deploy containerized
applications anywhere
✓ Connect, Manage and Secure
Services
Develop with a hybrid
CI/CD across both public
cloud and on-premises
On-Prem
Consistent
Environment
PSOCLD-1007 18

Google Kubernetes Engine
19PSOCLD-1007
• Fully-managed service for Kubernetes
• Takes advantage of Google Cloud Platform infrastructure
for optimal performance, reliability and cost savings
• Uses security-hardened, container-optimized OS
• Enterprise-grade compliance and auditability; HIPAA and
PCI DSS 3.2 compliant
• Uses upstream & up-to-date Kubernetes for access to
latest innovations

Cisco Container Platform
Hybrid Cloud Optimized
E.g: Google, …
Flexible Deployment Model
VM | Bare metal  HX, ACI
Integrated
Networking | Management | Security | Analytics
CNCF Certified Kubernetes Platform
100% upstream, updates and best practices from open source
community
Turnkey Solution
For Production-Grade Container
Environments
Easy to acquire, deploy & manage | Open & consistent | Extensible platform | World-class advisory & support
20PSOCLD-1007

• Kubernetes PersistentVolume and Persistent
VolumeClaims supported via the FlexVolume driver
framework and implemented by mapping iSCSCI
LUNs from Hyperflex
• Developers can leverage HyperFlex storage for
stateful container storage and containers have
accessibility to storage incase of pod restarts or
worker node vmotion
• HyperFlex Data Performance and Resiliency
provided to Kubernetes container storage
Cisco HyperFlex Kubernetes integration
K8s Node VM
Kubelet
HX FlexVolume
Driver
SW iSCSI Initiator
private host-only vswitch
ESXi vmkernel interface
iSCSI
LUN
File
HX iSCSI Proxy
HX Controller VM
vswitch-hx-storage-data
NFS Datastore
HX ESXi Node
21PSOCLD-1007

Cisco ACI Kubernetes Integration
Node
OpFlex OVS
Kubernetes
ACI Policies
Network Policy
Node
OpFlex OVS
• Network policies of Kubernetes supported using standard
upstream format but enforced through OpFlex / OVS using
APIC Host Protection Profiles
• Kubernetes apps can be moved without modification to/from
ACI and non-ACI environments
• Embedded fabric and virtual switch load balancing
• PBR in fabric for external service load balancing
• OVS used for internal service load balancing
• VMM Domain for Kubernetes
• Statistics per namespace, deployment, service, pod
• Physical to container correlation
22PSOCLD-1007

Cisco Cloud Center Kubernetes integration
• Sits across any upstream Kubernetes cluster (1.8+)
• Model application topology using containers,VMs, PaaS/cloud
services, or any mixture thereof
• Unified governance policies forVM and container/Kubernetes-
based applications to enforce where, how, and by whom an
application can be deployed
• Create containerized application portability by dynamically
create app podYAML in target cloud
• Integrates with build tools in the CI/CD process so that a new
build automatically kicks off a new deployment
• Ensure that monitoring through AppDynamics (when available)
is baked into the application deployment for cross cloud/cluster
monitoring
23PSOCLD-1007

Service mesh: Istio
Service discovery
Load balancing
Failure recovery
Metrics
Monitoring
A/B testing
Canary releases
Rate limiting
Access control
End-to-end
authentication
24PSOCLD-1007

Istio Architecture
svcA
Envoy
Pod
Service A
svcB
Envoy
Service B
Pilot
Control
Plane
Mixer
Control flow during
request processing Citadel
Traffic is transparently intercepted
and proxied. App is unaware of
Envoy’s presence
Data
Plane
25PSOCLD-1007

Istio Multi Cluster support
svcA
Envoy
Pod
Service A
svcB
Envoy
Service B
Pilot Mixer Citadel
svcC
Envoy
Service C
Primary/Local Kubernetes deployment Secondary/Remote Kubernetes deployment (s)
26PSOCLD-1007

Demo - Booksinfo app architecture
Product
Reviews v1
Reviews v2
Details
RatingsReviews v3
27PSOCLD-1007

Demo – Deployment architecture
Cloud - GKE cluster
Pods – 10.40.0.0/19
On-prem - CCP cluster
Pods – 10.50.0.0/16
Product
Reviews
v1
Reviews
v2
Details
Ratings
Reviews
v3
28PSOCLD-1007

Demo - Booksinfo app architecture with Envoy
Product
Reviews v1
Reviews v2
Details
RatingsReviews v3Ingress
Gateway
Requests
29PSOCLD-1007

On-Prem
✓ Production ready on-prem
Kubernetes environment
✓ Easy access to services
in GoogleCloud
Develop applications
on-premises
consuming public
cloud services
Consumption of
cloud services
Open Service
Broker
PSOCLD-1007 30

Open Service Broker API
• Provides a standard way to instantiate
and consume any service
• Producers (e.g.,GCP) create brokers to
provide services
• Consumers can discover and access via a
catalog that subscribes to these brokers
Cloud
SQL
Big
Query
Email Storage
PubSub Storage SQL Chat
31PSOCLD-1007

Kubernetes, Service Catalog and OSB integration
32PSOCLD-1007

Demo - Booksfe app deployment architecture
Booksfe
Inventory
Users
Purchases
33PSOCLD-1007
Open Service Broker
Pub/Sub Service
Other Services…
Container Platform

✓ No re-platforming of existing
applications
✓ Leveraging cloud for modernized
application development
✓ Consistent policies
and access
Develop applications in
the public cloud
consuming data
from on-premises On-Prem
Google Apigee
Consumption
of on-prem
services
Existing
Services
Apps | Data
PSOCLD-1007 34

Google Apigee
35PSOCLD-1007
• Integrating legacy applications
• Recompose monolithic applications as services
• Build a service layer in front of existing systems to increase IT velocity
• Import legacy systems into modern, container-based architectures as services
Management services
Analytics
Dev management
Security analytics
Monolithic systems
on premise
Centralized governance of
allAPI services
Kubernetes Integration
AllApigee services are
Kubernetes services

✓ Proactive security and threat
detection
✓ IntegratedVPN creates one
unified encrypted network
…across a secure
environment
On-Prem
PSOCLD-1007 36

Permissions allow
Stealthwatch Cloud to
read GCP Flow Logs
Stealthwatch
Cloud
Virtual Private Cloud
Cisco Stealthwatch Cloud integration
with Google Cloud
• Google Cloud’sVPC flow logs provide records of all the resource
communications in an account, bothVPC-to-VPC and to
external IP addresses.
• Cisco’s Stealthwatch Cloud consumesVPC flow logs
• Automatic, helpful alerts: 95% marked helpful by users
• Works out-of-the-box: Deploys quickly in agentless fashion,
with no tuning or configuration needed
• Dozens of detections for malware, insider threats,
misconfigurations, and software vulnerabilities
• Hybrid environments: on-prem and in the cloud
PSOCLD-1007 37

Cisco Cloud Services Router 1000v integration
with Google Cloud
38PSOCLD-1007
CSR 1000v
Cloud
Router
Network
Subnet
Private N/w 1
Private N/w 2
Private N/w 3
Cisco
ASR/ASA/ISR/C
SR
Physical /
Virtual
Appliance
• CSR1Kv on Google Cloud
enables private, secure
communications using IPSec
• BGP over IPSec ensures that the
routes are advertised from on-
prem to cloud and vice versa

On-premises
environment
Google
Kubernetes Engine
Existing
Services
Apps | Data
Cisco Hybrid Cloud Platform for Google Cloud
Cisco HyperFlex
Cisco Nexus9K / ACI
Cisco CSR1000v
Cisco Stealthwatch Cloud
Cisco Container
Platform
Consistent Environment
Google Apigee
Cisco CloudCenter
Istio
BigQuery
Cloud SQL
Pub/Sub
Big Table
Cloud Storage
Cloud Spanner
Open Service Broker
PSOCLD-1007 39

Delivering on the Promise
40PSOCLD-1007
October 2017
Cisco - Google Cloud
Hybrid Cloud Solution
January 2018
Cisco Container
Platform
May 2018
Kubernetes support
for AppDynamics
& CloudCenter
March 2018 July 2018 >>
More to
come
Cisco Stealthwatch
Cloud support for
Google Cloud
July 2017
Joined new
open source
initiative Istio
November 2017
Cisco Multicloud
PortfolioMulticloud
Portfolio
Cloud
Connect
Cloud
Protect
Cloud
Advisory
Cloud
Consume

Innovation on your own terms
Develop
and deploy
anywhere
Engineered &
supported by Cisco
& Google
The next
generation of
hybrid cloud
PSOCLD-1007 41

Complete your online session evaluation
Give us your feedback to be entered into a
Daily Survey Drawing.
Complete your session surveys through the
Cisco Live mobile app or on
www.CiscoLive.com/us.
Don’t forget: Cisco Live sessions will be available for viewing on
demand after the event at www.CiscoLive.com/Online.
42PSOCLD-1007

Continue the conversation...
Check out other Cisco Cloud activities at Cisco Live Orlando!
Attend PSO
Sessions
• PSOCLD-1003 Production-
Grade Kubernetes in a
Multicloud World | W209C
(Tue)
• PSOCLD-1007 Cisco Hybrid
Cloud Platform for Google
Cloud | W313 (Wed)
• PSOCLD-1010 The
Multicloud Approach | W208B
(Thur)
Attend the
Cloud
Innovation
Talk
Tuesday, Jun 12
3:45 p.m. - 4:15 p.m.
World of Solutions
Innovation Theater
Get your
Multicloud
Assessment
Visit the Embrace a
Multicloud World
Zone
World of Solutions
Cisco Campus
Visit the
Embrace a
Multicloud
World Zone
World of Solutions
Cisco Campus
Share
#CLUS
@CiscoLive
@CiscoCloud
43

Are you Multicloud
Ready?
Let us help you go from
newbie to ninja
Get your personalized Multicloud Assessment in the
“Embrace the MulticloudWorld” Zone.
Just follow-the signs to the Cisco Cloud booth.

Demos in
the Cisco
campus
Walk-in
self-paced
labs
Meet the
engineer
1:1
meetings
Related
sessions
Continue
your
education
45PSOCLD-1007

PSOCLD 1007 Cisco Hybrid Cloud Platform for Google Cloud

Recomendados

Recomendados

Más contenido relacionado

La actualidad más candente

La actualidad más candente (20)

Similar a PSOCLD 1007 Cisco Hybrid Cloud Platform for Google Cloud

Similar a PSOCLD 1007 Cisco Hybrid Cloud Platform for Google Cloud (20)

Más de Rohit Agarwalla

Más de Rohit Agarwalla (6)

Último

Último (20)

PSOCLD 1007 Cisco Hybrid Cloud Platform for Google Cloud

Notas del editor