Cisco Integrated System for Microsoft Azure Stack

#CLUS Cisco Multicloud: The How!

Carlos Pereira Distinguished Systems Engineer II BRKCLD-2931 Monday, June 10 / 2019 || 08:00 AM - 10:00 AM

#CLUS Agenda

• Multicloud “state of the union”

• Top initiatives on customer’s journey to multicloud

• Cisco Hybrid-Cloud solutions

• Cisco Multicloud offers

• Conclusion

Questions? Use Cisco Webex Teams to chat with the speaker after the session How 1 Find this session in the Cisco Live Mobile App 2 Click “Join the Discussion” 3 Install Webex Teams or go directly to the team space 4 Enter messages/questions in the team space

Webex Teams will be moderated cs.co/ciscolivebot#BRKCLD-2931 by the speaker until June 16, 2019.

Among cloud users

85% 87% 94%

evaluating or using taken steps towards plan to use public cloud a hybrid cloud multiple clouds strategy

Yet only 14% claim ”optimized”

Source: IDC CloudView, May, 2018, n=5,740 worldwide respondents, unweighted

Business & Operations Expect Great must balance Risk / Experience Experience at Scale

Users & Devices Applications & Data (consumers) (providers)

Software Defined Network, Compute, Storage

SaaS

Software Users & Devices Defined Applications & Data Access Public Cloud (consumers) (IaaS) (providers)

Software Defined WAN Cloud Edge Trust boundary

#CLUS BRKCLD-2931 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 7 Why multicloud? Application Modernization Cloud Native Apps Evolving on- Complexity Adopting premises public clouds Google Cisco SaaS Webex environmentCloud SaaS and SaaS AWSAWS

SaaS Private Oracle Hybrid Cloud SaaS Accelerating Azure … InnovationColocation SaaS

Campus Branch Private Hybrid Cloud … DC/Colo IoT/Edge Campus Branch Data Center Edge Consistency Application modernization New app development and Integration

App LOB CxO Evolving on- Owners Adopting public premises clouds and SaaS

environment Cloud Architect IT Ops Developers

Applications

Maintain Sustain Explore

Reduce YoY cost Digitize, UX, DevOps Cloud Native

Infrastructure

Resource Group 1 Resource Group 2

Legacy VMs, Containers Public Cloud

Infrastructure

Sustain + Explore

Resource Group 2

VMs, Containers Public Cloud

PaaS + Microservices

SaaS

Hybrid Cloud Infrastructure Multicloud Ability to run the Ability to use the same application most appropriate seamlessly on cloud, whether premises and in a on-premises or public cloud public, for each application Sustain + Explore

Resource Group 2

VMs, Containers Public Cloud

PaaS + Microservices

SaaS

• Multicloud “state of the union”

• Top initiatives on customer’s journey to multicloud

• Cisco Hybrid-Cloud solutions

• Cisco Multicloud offers

• Conclusion

Traditional Mindset DevOps Mindset

REQUEST REQUEST

DEV OPS

Avoid failure Embrace failure

Change is Risky Change is good

Change is Complex Active collaboration

Empowered accountability Empowered accountability

Limited Feedback systems Feedback systems

Manual Automation

Data Center • Everything is a (Compute, DB, Storage) service

• Service owner is the UC, Collaboration, GM Video • Budget, roadmap, metrics, etc. are the Network responsibility of the (WAN, DC, VPN) service owner

• Interlaced with Infra Security functions common (AD, Identity, etc.) across all services

Architecture & Implementation Finance, HR Design & Operations support

Traditional

On-prem Monolithic apps

Releases cadency

From Silos To DevOps

• Control Motions • Cost • Compliance

Traditional Pragmatic

On-prem Re- Monolithic hosted apps (lift & shift)

Releases cadency

From Silos To DevOps

• Control • Discovery Motions • Cost • Planning • Compliance • Migration

Traditional Pragmatic Transformation

On-prem Re- Re- Monolithic hosted platformed apps (lift & shift)

Releases cadency

From Silos To DevOps

• Control • Discovery • Containers (K8s / PaaS) Motions • Cost • Planning • Monitoring • Compliance • Migration • Dynamic Apps

Traditional Pragmatic Transformation Optimization

On-prem Re- Re- Monolithic hosted Re- platformed apps (lift & shift) architected

Releases cadency

From Silos To DevOps

• Control • Discovery • Containers (K8s / PaaS) • Visibility Motions • Cost • Planning • Monitoring • Security • Compliance • Migration • Dynamic Apps • Predictive

Deploy & Manage Applications on the Cloud Cloud Governance Private, Public, Hybrid, Multicloud

IT as a Service Cloud-based HA/DR

Develop Applications Secure Multicloud on/with the Cloud (DevOps) Networking

Yours only … , Consistent Network & because everyone is Security Policy different & special 

#CLUS BRKCLD-2931 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 23 Example 1: Cloud Deploy & Manage Applications on the Cloud Migration journey Private, Public, Hybrid, Multicloud with CWOM

ELA Renewals (MSFT, Hardware VMware, Oracle, etc.) Refreshes

Compelling Data Center Events CWOM = Cisco Workload Optimization Manager #CLUS BRKCLD-2931 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 24 Example 1: Cloud Deploy & Manage Applications on the Cloud Migration journey Private, Public, Hybrid, Multicloud with CWOM

Migration is a continuous exercise

1. Assess 2. Migrate 3. Optimize (via Rich Analytics) (via Accurate Plans) (via Workload Automation)

• Assess On-Premises Estate • Build a Migration Plan • Enable Responsible Agility • Build a Data Driven Cloud • Migrate & Cut Over • Unlock Elasticity Strategy • Consolidate & Decommission • Maximize Discounts w/o • Negotiate a Contract Sacrificing Elasticity • Enable Real-Time Scaling

CWOM = Cisco Workload Optimization Manager #CLUS BRKCLD-2931 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 25 Example 2: Secure Secure Multicloud Productivity Use Case Networking

• User group engineering needs access to the development servers • User group marketing needs access to Office365 and the Internet • They are often exposed to malware • Building automation systems must be air-gapped in their own separate network

Building Facilities Automation Application

Engineering Development Servers

Marketing

• Enable the authoring of User to Application segmentation policies • Normalize the different identity models in the multicloud DC • Bring the identity of Applications and Users/things under a single policy authoring environment • Orchestrate policies across domains • Assure policies across domains

Controller(s) Integration Building Facilities Automation Application

Cisco DNA Center Cisco vManage Cisco ACI

Engineering Private Development Servers

Cloud (IaaS) Marketing SD-Access SD-WAN Data Center

Pervasive Security Office 365 Internet SaaS

• Multicloud “state of the union”

• Top initiatives on customer’s journey to multicloud

• Cisco Hybrid-Cloud solutions

• Cisco Multicloud offers

• Conclusion

#CLUS BRKCLD-2931 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 28 #CLUS BRKCLD-2931 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 29 Cloud Technologies and Applications Platforms

Choice ?

CI/HCI

Infra

Private Cloud

On Premises

CI = Converged Infrastructure | HCI = Hyperconverged Infrastructure #CLUS BRKCLD-2931 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 30 Cloud Technologies and Applications Platforms

Bringing Choice at Private Cloud

Choice of Private and Hybrid Cloud Stacks

Announced

CI/HCI VIM CVD POD POD POD POD

Infra Infra Infra Infra Infra Infra Infra

Private Cloud Co-Lo

On Premises or Co-Lo / Hosted Public Cloud Options CI = Converged Infrastructure | HCI = Hyperconverged Infrastructure Co-Lo = Collocation site | CVD = Cisco Validated Design Cisco VIM = Virtual Infrastructure Manager (OpenStack-based)c #CLUS BRKCLD-2931 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 31 Cloud Technologies and Applications Platforms

Bringing Consistency and Services with Public Clouds

NETWORKING SECURITY ANALYTICS MANAGEMENT

CI/HCI VIM CVD POD POD POD POD

Infra Infra Infra Infra Infra Infra Infra

Private Cloud Co-Lo

Securely extend private Design, plan, networks- DC, branch accelerate, Cloud Cloud and campus, into public and de-risk multicloud Advisory Connect clouds and optimize the migrations application experience Multicloud Framework Protect multicloud users, Deploy, manage, and identities, direct-to-cloud optimize applications in connectivity, infrastructure, multicloud and Cloud Cloud data, and applications container environments Consume Protect including SaaS

On-premises Public clouds environment Consistent, production-grade experience and SaaS

Applications Campus Branch …

Security

DC/Colo IoT/Edge Networking …

FlexPOD Managed Azure Stack Appliance Hybrid Cloud Platform Private Cloud & Hybrid Architecture for SAP Data Hub with Azure Stack

Hybrid Cloud Platform Hybrid Solution for Hybrid Cloud Platform for Google Cloud Kubernetes on AWS with Google Anthos

Fast-Path to Cloud Mitigate Gaps in IT Experience on Prem Resources

• Multiple consumption choices • Leverage partner skillsets to better for on premises and off premises focus on new service deployments • Maintain data sovereignty • Reduce operational hassle and ownership Available now through select partners

1 Develop apps 2 Develop apps 3 Develop with in public cloud on-premises CI/CD across both consuming data consuming public public cloud from on-premises cloud services and on-premises

• Azure Services: Developers write once, deploy on-prem or in the Cisco Integrated cloud System for Microsoft • All-Cisco technology delivers Azure Stack performance and operational advantage

• Edge and disconnected solutions support varied regulation environments

On-premises environment Consistent, production-grade experience

AppDynamics Azure Marketplace Cisco Integrated System CloudCenter Suite for Azure Stack Azure Container Service

UCS Manager Azure Resource Manager Azure Active Directory

UCS Stealthwatch Cloud Compute Autoscaling

Nexus9K vNet SD-WAN | CSR 1000v VNFs (optional)

Enterprise-ready Hybrid-Cloud Data Processing

SAP Data Hub SAP Data Hub

Cisco Container Platform Hybrid Cisco HyperFlex

Unifying Data Silos On Premises

#CLUS BRKCLD-2931 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 41 Enabling modern hybrid cloud data processing SAP Data Hub with Cisco Container Platform and Amazon EKS 1 4 Elastic SAP Data Hub Container 1 Registry Public clouds Cisco AWS Container Identity and Cisco CSR1000v Platform UI Access 3 Secure Data Transport Management (IAM) 1 SAP Data Hub 2 Credentials Integrated, common Kubernetes Clusters Launch 4 authentication On-premises

Same RBAC policies across both environments

Kinesis SAP Data Hub read S3 Storage transform file AWS Amazon Connector join aggregate Redshift Operators query EMR / HDFS DB filter

DynamoDB

CSR Connection Cisco Container Platform

BW/4 HANA ABAP SAP Data Hub Integration read S/4 stream BW Workflow ERP join Cloud Integration API query HANA filter DB HANA Integration IBP

On-premises environment Consistent, production-grade experience

BigQuery AppDynamics Cloud SQL Pub/Sub Big Table Cloud Storage Cisco CloudCenter Cloud Spanner

Google Cisco Container Platform Kubernetes Engine

Intersight Cisco Stealthwatch Cloud Cisco HyperFlex CSR 1000v Cisco Nexus9K | ACI

On-premises environment Consistent, production-grade experience

BigQuery AppDynamics Cloud SQL Pub/Sub Big Table Cloud Storage Cisco CloudCenter Cloud Spanner

Containerized Infra Config Management Google Cloud’s Anthos Microservices Mgmt Monitoring and Logging

Intersight Cisco Stealthwatch Cloud Cisco HyperFlex SD-WAN | CSR 1000v … Cisco Nexus9K | ACI

Stackdriver

On-premises Public Cloud

Hub / Connect

Service Mesh (CSM)

Config / Policy Management

API API API API

Build Toolchain App App App App Marketplace

Container Container Monitoring Container Container

Google Google Google Container Orchestration (Kubernetes) Source Cloud Container Repositories Build Registry GKE On-Prem GKE

On-premises environment

Cisco SD-WAN Cisco SD-WAN Cloud OnRamp

Cisco Stealthwatch Sensor Cisco Stealthwatch Sensor Cisco Intersight Open Service Broker Google AI-Hub/Kubeflow Container Registry GKE On-prem GKE

Kubernetes Cluster Kubernetes Cluster Cisco Container AppDynamics Agent AppDynamics AmazonAgent EKS Platform ACI CNI ACI Envoy Service Catalog Service Mesh

HyperFlex CSI GKE Connect Managed Istio VPC CNI

Cisco Nexus9K / ACI VPC

Cisco HyperFlex / HyperFlex Edge GCE

On-premises environment Consistent, production-grade experience

AppDynamics

Cisco CloudCenter Elastic Container Registry

Cisco Container AWS Identity and Access Amazon EKS Platform Management (IAM)

Cisco Stealthwatch Cloud EC2 / EBS Cisco HyperFlex | UCS VPC SD-WAN | CSR 1000v Cisco Nexus9K | ACI

https://github.com/CiscoDevNet/multicloud-integrations/blob/master/AWS/README.md

Unified and Secure Networking

Proactive Security Secure Provisioning of Microservices / Applications One control plane to spin up Kubernetes clusters Real-time performance analytics Networking/Policy Enforcement of Containerized Applications

Cisco Container AWS Identity and Access Amazon EKS Platform (CCP) Management (IAM)

On-premises environment

Cisco Cloud Services Router 1000v* Cisco Cloud Services Router 1000v The solution leverages Cisco’s Cloud Services Cisco Stealthwatch Sensor Cisco Stealthwatch Sensor Router 1000v to create a Cisco CloudCenter unified and secure network AWS Open Service Broker between your data center Elastic and AWS. IAM Container Registry Cisco Container Platform EKS

Kubernetes Cluster Kubernetes Cluster

AppDynamics Agent AppDynamics Agent Service Catalog Service Mesh Service Mesh Service Catalog

ACI CNI / Calico CNI IAM Authenticator and RBAC IAM Authenticator and RBAC VPC CNI

Cisco Nexus9K / ACI or other VPC

Cisco HyperFlex or other HW EC2 / EBS

*or any other existing physical/virtual router

On-premises environment

Cisco Cloud Services Router 1000v* Cisco Cloud Services Router 1000v Cisco Stealthwatch Cloud delivers proactive security Cisco Stealthwatch Sensor Cisco Stealthwatch Sensor and threat detection by Cisco CloudCenter integrating with AWS’ VPC AWS Open Service Broker and your on-premises Elastic environment to manage IAM Container Registry access of users, devices Cisco Container Platform EKS and workloads with policy enforcement. Kubernetes Cluster Kubernetes Cluster AppDynamics Agent AppDynamics Agent Developers can focus on Service Catalog Service Mesh Service Mesh Service Catalog building applications while ACI CNI / Calico CNI IAM Authenticator and RBAC IAM Authenticator and RBAC VPC CNI you don’t have to worry about security or Cisco Nexus9K / ACI or other VPC compliance.

Cisco HyperFlex or other HW EC2 / EBS

*or any other existing physical/virtual router

#CLUS BRKCLD-2931 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 53 For your info & reference Cisco Hybrid Solution for Kubernetes on AWS Secure Provisioning of Microservices / Applications

On-premises environment

Cisco Cloud Services Router 1000v* Cisco Cloud Services Router 1000v With Cisco CloudCenter, securely deploy, optimize Cisco Stealthwatch Sensor Cisco Stealthwatch Sensor and manage containerized Cisco CloudCenter cloud native applications on AWS Open Service Broker Kubernetes with greater Elastic automation, governance, IAM Container Registry policy enforcement and Cisco Container Platform EKS cloud cost optimization across Cisco Container Kubernetes Cluster Kubernetes Cluster Platform on-premises and AppDynamics Agent AppDynamics Agent EKS on AWS Cloud. Service Catalog Service Mesh Service Mesh Service Catalog

ACI CNI / Calico CNI IAM Authenticator and RBAC IAM Authenticator and RBAC VPC CNI

Cisco Nexus9K / ACI or other VPC

Cisco HyperFlex or other HW EC2 / EBS

*or any other existing physical/virtual router

#CLUS BRKCLD-2931 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 54 For your info & reference Cisco Hybrid Solution for Kubernetes on AWS One control pane to spin up Kubernetes clusters

On-premises environment

Cisco Cloud Services Router 1000v* Cisco Cloud Services Router 1000v The Cisco Container Platform configures on- Cisco Stealthwatch Sensor Cisco Stealthwatch Sensor premises Kubernetes Cisco CloudCenter clusters to use AWS IAM AWS Open Service Broker for identity and RBAC, Elastic matching EKS in the cloud. IAM Container Registry Cisco Container Platform EKS This tight integration allows workload deployments to Kubernetes Cluster Kubernetes Cluster be consistent both on- AppDynamics Agent AppDynamics Agent premises or in AWS cloud Service Catalog Service Mesh Service Mesh Service Catalog using IAM as a common ACI CNI / Calico CNI IAM Authenticator and RBAC IAM Authenticator and RBAC VPC CNI identity for access management. Cisco Nexus9K / ACI or other VPC

Cisco HyperFlex or other HW EC2 / EBS

*or any other existing physical/virtual router

On-premises environment

Cisco Cloud Services Router 1000v* Cisco Cloud Services Router 1000v AppDynamics helps you monitor both your Cisco Stealthwatch Sensor Cisco Stealthwatch Sensor Kubernetes infrastructure Cisco CloudCenter and applications on- AWS Open Service Broker premises and in AWS with Elastic continuous, real-time IAM Container Registry analytics for every line of Cisco Container Platform EKS code and transaction.

Kubernetes Cluster Kubernetes Cluster In addition, the solution AppDynamics Agent AppDynamics Agent offers curated open Service Catalog Service Mesh Service Mesh Service Catalog source monitoring for ACI CNI / Calico CNI IAM Authenticator and RBAC IAM Authenticator and RBAC VPC CNI Kubernetes based on Elasticsearch-Fluentd- Cisco Nexus9K / ACI or other VPC Kibana (EFK), Prometheus and Grafana. Cisco HyperFlex or other HW EC2 / EBS

*or any other existing physical/virtual router

#CLUS BRKCLD-2931 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 56 For your info & reference Cisco Hybrid Solution for Kubernetes on AWS Network / Policy Enforcement of Containerized Applications

On-premises environment

Cisco Cloud Services Router 1000v* Cisco Cloud Services Router 1000v With Cisco’s Application- Centric Infrastructure (ACI) Cisco Stealthwatch Sensor Cisco Stealthwatch Sensor and ACI Container Network Cisco CloudCenter Interface (CNI), you can easily AWS Open Service Broker enforce networking policies Elastic that move across clouds with IAM Container Registry your containerized applications, so networking Cisco Container Platform EKS becomes easier to manage Kubernetes Cluster Kubernetes Cluster and monitor. You can take

AppDynamics Agent AppDynamics Agent advantage of ACI’s native Service Catalog Service Mesh Service Mesh Service Catalog multi-tenancy support and hardware-accelerated ACI CNI / Calico CNI IAM Authenticator and RBAC IAM Authenticator and RBAC VPC CNI performance for your containerized applications. Cisco Nexus9K / ACI or other VPC The network team will also benefit from the per- Cisco HyperFlex or other HW EC2 / EBS container visibilities provided through ACI and Kubernetes *or any other existing physical/virtual router integration.

On-premises Consistent environment, Public clouds environment production grade experience & SaaS

Security Compliance

Campus Branch …

DC/Colo IoT/Edge Simplicity Visibility … User experience

• Multicloud “state of the union”

• Top initiatives on customer’s journey to multicloud

• Cisco Hybrid-Cloud solutions

• Cisco Multicloud offers

• Conclusion

#CLUS BRKCLD-2931 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 59 #CLUS BRKCLD-2931 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 60 The Multicloud “Operations Matrix”

Applications developer

“Cloud Services” DevOps

Kubernetes / Serverless Security SecOps

OS / Virtualization / Containers

ITOps Automation

Software Defined X

Infrastructure

Edge Data Center Cloud

Business Metric & Outcome dozens (# of contract closed, # of mortgage approved, revenue etc.)

Business Transactions Hundreds –

(login, add to cart, play video, upgrade, auth, etc.) thousands Business Value Business

Metrics and events (infra, users, devices) millions (throughput, latency, response time, load, connect, alarm, etc.)

Private Cloud & Co-Lo

Business Metric & Outcome dozens (# of contract closed, # of mortgage approved, revenue etc.)

Business Transactions Hundreds –

(login, add to cart, play video, upgrade, auth, etc.) thousands Business Value Business

Metrics and events (infra, users, devices) millions (throughput, latency, response time, load, connect, alarm, etc.)

Private Cloud & Co-Lo

Business Metric & Outcome dozens (# of contract closed, # of mortgage approved, revenue etc.)

Business Transactions Hundreds – (login, add to cart, play video, upgrade, auth, etc.) thousands

CloudCenter Suite Duo MFA CWOM Tetration StealthWatch Cloud Threat Response Business Value Business

Metrics and events (infra, users, devices) millions (throughput, latency, response time, load, connect, alarm, etc.)

Private Cloud & Co-Lo

Business Metric & Outcome dozens (# of contract closed, # of mortgage approved, revenue etc.)

Business Transactions Hundreds – (login, add to cart, play video, upgrade, auth, etc.) thousands

CloudCenter Suite Duo MFA CWOM Tetration StealthWatch Cloud Threat Response Business Value Business

Metrics and events (infra, users, devices) millions (throughput, latency, response time, load, connect, alarm, etc.) ACI Anywhere Hyperflex / Hyperflex Edge / Intersight Viptela SD WAN Cisco DNA Center

Private Cloud & Co-Lo

Business Metric & Outcome dozens (# of contract closed, # of mortgage approved, revenue etc.)

Business Transactions Hundreds – (login, add to cart, play video, upgrade, auth, etc.) thousands CWOM

CloudCenter Suite Tetration SaaS Business Value Business

Metrics and events (infra, users, devices) millions (throughput, latency, response time, load, connect, alarm, etc.) ACI Anywhere UCS / Hyperflex / Hyperflex Edge / Intersight Viptela SD WAN

Day 0 / 1 deployment integration Private Cloud & Co-Lo Additional Day-2 lifecycle mgmt. integration

Roadmap / Under-consideration

On-premises Public clouds environment Consistent, production-grade experience & SaaS

Application Performance Monitoring Applications Applications Application Optimization Containers | VM I BM Containers | VM I BM Application Workflows | Deployment | Cost Networking Networking Application Security Compute Compute Network Security Storage Storage Software Defined Networking (DC, Campus, WAN)

On-premises Public clouds environment Consistent, production-grade experience & SaaS

Tag Follow Learn Trace

Instrument every user Follow through complex systems Baseline behavior and performance Collect application and business transaction data

Java Heap Usage: 76% Network Errors: 1.3% CPU Usage: 36% Database Time: 156ms Business Transaction: //: 32ms : 12ms : 56ms : 340ms Book A Flight From: LON Platinum Customer Class: Business Payment: Mastercard Response Time: 2.1s To: LAS Lives: CA, USA Price: $3,269 Merchant: WorldPay Out: Thursday 10th Using: Chrome Special Meals: No Confirmed: True

NoSQL

#CLUS BRKCLD-2931 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 71 AppDynamics production architecture SaaS/On-Prem Controller User Interface & Reporting Application Correlated transaction view Intelligence No code changes required Platform Low overhead in production

One-Way HTTP/S One-Way HTTP/S One-Way HTTP/S Remote JDBC

End user agent Application agent Machine agent Database

Java | .NET | PHP | C++ Browser / Mobile (IOS / Android) Node.js | Go | python | SAP … OS SQL / noSQL

Deployment Choice

Cloud Migration

Confidence to migrate applications at speed

Cloud Monitoring

Clarity to drive application and business performance in hybrid architectures

blog.appdynamics.com appdynamics.com

Cloud Elasticity

Control to instantly scale capacity when required

Unified Control Platform Trustworthy Decisions Automate Decision Making Continuous Health

Application Application Scale

Virtual Machine Virtual Machine Place Assure Performance Move ABSTRACTION ANALYTICS AUTOMATION Storage Host Storage Host + Configure Lowest Policy Cost Compliant Disk Array IO Module Disk Array IO Module

Start

Storage Controller Fabric Storage Controller Fabric Interconnect Interconnect

Stop

Domain Chassis Domain Chassis

#CLUS BRKCLD-2931 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 77 AppDynamics + CWOM = Better Together for multicloud AppDynamics Apps are written and Architected Well. Mobile App Web App

Apache Tomcat SQL Tomcat

Workload Optimization CWOM Assures multicloud infrastructure K8s is optimized at all times, automatically. VM VM POD K8s POD Hypervisor

Infrastructure

Compute Network Storage

Cisco Portfolio Integrations Cisco • AppDynamics • Cisco UCS Manager Applications Capacity • Cisco UCS Director • Cisco CloudCenter Cisco Workload • Cisco ACI • Cisco HyperFlex Optimization Manager • Cisco Tetration

Compute Platform

Public cloud

Storage

Databases

Application-Aware Infrastructure Drive better optimization through the infrastructure with AppDynamics metrics. Self-Managing Container Platforms Accelerate cloud native projects with production-scale Kubernetes, OpenShift & Cloud Foundry. Multicloud Deployment Deploy workloads with Cisco CloudCenter Suite, optimized for performance, cost, & compliance with Cisco Workload Optimization Manager. Cloud Elasticity On-Prem Safely maximize cloud elasticity in Cisco HyperFlex & UCS environments. Cluster Optimization Extend the hypervisor platform and maximize virtualization and Cisco Hyperflex investments. Multicloud Dynamic Optimization Optimize performance, cost, & compliance in the data center or public cloud (AWS and Azure) with one platform. Cloud Center Tetration Network-Aware Optimization HyperFlex Reduce latency by dynamically localizing “chatty” workloads with Tetration UCS Analytics

Workload Manager Cost Optimizer Action Orchestrator Provides existing Provides public and private cloud Enables workflow process CloudCenter functionality cost visibility and optimization orchestration and automation

Suite Admin Administers modules, manages tenancy, licensing, logging, RBAC, monitoring, authentication

Modular, microservices architecture

WM UI WMO

Workload Cost Action Manager Optimizer Orchestrator Core Activities AWS

Cloud Blade Local Proxy Invoice Suppression AO Container Collector Evaluator OrchestrationInvoice Script Execution Engine Executor Service Collector (CES)

Hazlecast Guacamole AMQP Reservation Rightsize NSO APIC Terraform Manager Engine

Shared Services

Inventory Metric Cost Cloud Setup PostgreSQL MongoDB Collector Collector Calculator

Peer Tenant Isolation Peer Tenant

Users Sharing Groups Users Sharing Groups

Partial Root Tenant Isolation

Sub-Tenant

Users Sharing Groups

Peer Peer Peer Tenant Tenant Tenant

• Each tenant with separated SAML SSO Sub-Tenant integration • Tenant hierarchy can go n-level deep • Role-based access control within tenant

Sub-Tenant

• Multicloud abstraction • Governance optimization

Pre-deployment cost optimization

Multicloud deployment

Persona driven execution

• Public Clouds

• Obtained from Cloud Provider Invoices

• Private Cloud

• Aggregated internally based on usage

• Multiple Cost Views

• By Cloud, Department, Accounts

• By Category, Org Hierarchies

• Over Time per Cloud

#CLUS BRKCLD-2931 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 85 Action Orchestrator Workflow Sequence AO’s Orchestration Engine invokes Adapters to execute Activities on the Target Systems, which returns results and status, then the next step in the workflow begins.

Orchestration Adapter Activities Target System Engine

Start Workflow Invoke 1 Run Activity Execute on this Target Update Status Results Results

Time 2 Invoke Run Activity Execute on this Target

Results Update Status Results … n Execute until last activity in a workflow End Activity: can be REST call, Target system: the Workflow Adapter: integration with a target system, provides Run terminal, Send email… host/endpoint that activities to perform task executes an activity. automation

Author Adapter Adapters for: Automation Pack Adapters • Core Git Integration AO UI • Web Service • Ansible Adapters Author Workflows REST API • Terminal • Email AO Client • Cloud - AWS, GCP, Orchestration AZURE Adapters Engine • Network - APIC-EM, Schedules Meraki, NSO • Cloud Center Events • DB adapter Adapters • Security adapter Triggers Approval • Custom adapters

IoT

Email Spark

Web hook

User Intelligent Application Orchestration

CloudCenter Manager — AppDynamics Agent seamlessly as part of Workload Manager Application Profile

AppDynamics — Application ecosystem Controller and identify emerging issues

CloudCenter Orchestrator — Automate scale out to preserve performance and minimize AppDynamics cost Agents

Advanced security

Software Process security inventory baseline

Segmentation

Application Policy Whitelist policy segmentation compliance

Cisco Tetration Insights

Visibility and Process inventory Application insight forensics

• Application owners need some amount of autonomy to make application-level changes quickly

• Security and network teams need to control the global aspects of application interconnection and shared services

• Cisco Tetration flattens intent in a deterministic order, prioritizing intent of higher authority users over intent of application owners

Security team rules Network team rules Application owner rules

Virtual Containers

Process Pods

Denies Allows Container Host OS

Denies Allows Endpoint

Hypervisor Virtual Network Container Networking Interface

Network Infrastructure Bare metal Cloud

Process Any infrastructure Process Any networking Denies Allows Same security model Denies Allows Rich context Endpoint Endpoint

Network infrastructure Cloud infrastructure

Expected communication path

WEB APP DB

Expected communicationClients path WEB APP DB

ANY

:2049 NFS :80 wp01

:30000 End-users Web-HAProxy :80 wp02

:80 Kubernetes

:80 wp03 db-mysql01 Tetration Agent Virtual Machine :3306

Kubernetes workers Kubernetes Pod On Premises

Tetration

● — Application Profile — ● Import VM

● Use Action Library to deploy Tetration sensor ●

App Owner

AWS Role VPC Flow Logs Group

Stealthwatch Consistency Cloud

Rules Cloud Trail Cloud Watch SaaS Portal Additional AWS Inspector IAM Forecast Data Sources

Config Lambda

• Operational Simplicity: Same Container Hypervisor “look and feel” as On-Premise s

• Automated Policy Translation: Consistency across the entire ACI Anywhere data center, CoLo, remote locations and public clouds Cloud • Common Governance: Exchange Data End-to-end discovery, visibility Center and troubleshooting

On Premises Cloud IOT Edge

ACI Multi-POD ACI Remote-Leaf ACI Multicloud Multiple Networks Physical Remote Leaf ACI Extensions to (Pods) in a single extends an Availability Public Clouds (AWS, Availability Zone Zone (Fabric) to Azure, GCP) (Fabric) ACI 3.0 remote locations ACI 4.0

ACI 2.0 ACI 3.1 ACI 4.1 ACI Multi-Site ACI vPod Multiple Availability Virtual POD extends an Zones (Fabrics) in a Availability Zone Single Region ’and’ (Fabric) to remote Multi-Region Policy locations Management

ACI Virtual Edge Any Routed IP Network Bare Metal Cloud

Data Center B

ACI VPod

Pod 3 Pod 1 VM VM VM VM ACI Virtual Edge

Brownfield Data Center C

ACI VPod

Pod 4

VM VM VM VM VM VM VM ACI Virtual Edge Co-location/Remote DC

#CLUS BRKCLD-2931 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 99 Cloud ACI - Multicloud Extensions Cloud Service Connectivity Public Cloud Bare Metal Cloud Public Cloud Public Cloud

Container Hypervisor ACI Anywhere s ACI Virtual ACI ACI Anywhere Data Center ACI Anywhere

Internet Compute Edge (Branch) MPLS

Cloud On Premises Exchange Cloud

Automation Security Mobility Visibility

Resource Group Tenant

Virtual Network VRF

Subnet BD Subnet

Application Security Group (ASG) EPG

NSG Network Security Group (NSG) EPG Contracts

Outbound rule Consumed contracts Source/Destination: ASG or Subnet or IP or Any or ‘Internet’ Protocol Port Inbound rule Provided contracts Virtual Machine

Network Adapter

User Account Tenant

Virtual Private VRF Network VPC Subnet BD Subnet Security Group EPG

Security Group Rule EPG Contracts

Outbound rule Consumed contracts Source/Destination: Subnet or IP or Any or ‘Internet’ Protocol Port Inbound rule Provided contracts EC2 Instance

Network Adapter

IP Network

Site 1 Site 2

Consistent Policy Enforcement Automated Inter-connect Simplified Operations on-Premise & Public Cloud provisioning with end-to-end visibility

Overall architecture Q1CY19

Multi-Site Orchestrator (MSO) On-Premise Public Cloud

• Single or group of multiple regions in AWS represents an ACI site Infra VPC AWS Instances User VPC • Each Region in AWS is Site A Region 1 similar to ACI POD in the Site B cloud

• Cluster of minimum 3 cAPICs Infra VPC will be spin up in the infra AWS Instances VPC at each Site. Region 2 User VPC CSR-1000V AWS Internet Gateway (IGW)

On-Premise Public Cloud Site A DX Location Site B User VPC-1 Overlay

Golf CSR1000V VXLAN TUNNEL (DATA PLANE) IPN Customer CSR1000V Customer AWS Premise Router VGW Router AWSAWS Direct Direct AWS Instances (CPE) ConnectConnect Colocation RouterRouter

Infra VPC VGW VM VM VM

IPN VXLAN TUNNEL (DATA PLANE) Customer Premise Router (CPE) AWS Instances

AWS Region User VPC-2

Bring application context to the network

• Faster root cause identification and remediation

• Reduce risk of unexpected app outages regardless of network location

• Better collaboration across network and application teams

Cisco CloudCenter

Northbound API Cisco ACI VMware vSphere Seamless Integration

Network Fabric

automation Spine Spine Spine

Powerful Benefits Leaf Leaf Leaf Leaf Leaf Leaf

Zero Trust Security

Ops Efficiency End-point End-point End-point Group Group Group Contract Contract Tier 1 Tier 1 Tier 1

User Agility VM VM VM “No Touch” Automation Touch” “No

Traditional Cisco HyperFlex for Optimized for the Infrastructure Modernized Datacenter Datacenter Anywhere Highly Manual Core Operations Software Defined Limited Time and Budget Compute+Storage+Networking for Future Initiatives

Core Cloud 63% of Organizations Currently Describe Their Current Workload at “Highly Manual” Edge

Management 75% 3 451 RESEARCH, Time Savings VOICE OF THE ENTERPRISE Downtime 90% Reduction7 Savings vs. 3-tier 80% Infrastructure1

Speed, Simplicity & Convergence of Cloud Economics Reliability Application types On-Premise

APPS

Turnkey Deployment Optimized platform for Scale out SaaS based Operations Enterprise Apps & architecture that Highly Reliable Microservices enables Pay as you grow

• Pre deployed Kubernetes using Hyperflex storage • Pre deployed Kubeflow stack • One click AI/ML setup experience • Cisco Validated Design for UCS and Hyperflex with GPUs

Learn more

Private ML cloud and Edge Public ML cloud

UCS C240 / Hyperflex NGC

Cisco Intersight UCS C480ML

HyperFlex

Data gravity and governance Test dev Security & TCO Enable multi-cloud Fast deployment Retraining and production scale APIs

This is so easy our CEO could deploy clusters…

Factories, B2B partners USA, France, Italy, Germany, Netherlands Gina

Brussels NOC SD-WAN 1 2 3 4

Ship Connect Cluster Rapid Cluster Configuration On-Going Management Connect to Internet with Intersight API or Policy & Profile Cloning Including Full Stack Upgrades & Claim Devices Tools

PROFILE

Policy PROFILE Upgrade -or- + PROFILE Cloning PROFILE PROFILE

PROFILE

Supercharge your infrastructure with application insights

• Optimize infrastructure based on dynamics application needs

• Detailed usage visibility for better planning and issue remediation

• Understand impact of infrastructure changes on application performance

Application Deploy and Manage on both HyperFlex and Public Cloud Cisco CloudCenter Add application-centric automation to:

• Self service VM or Application

• Optimize Capacity Cisco HyperFlex

• Enable Hybrid IT Strategy Pre-Integrated HW and SW with SmartPlay Bundles

• Multicloud “state of the union”

• Top initiatives on customer’s journey to multicloud

• Cisco Hybrid-Cloud solutions

• Cisco Multicloud offers

• Conclusion

#CLUS BRKCLD-2931 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 119 Complete your online session • Please complete your session survey after each session. Your feedback evaluation is very important.

• Complete a minimum of 4 session surveys and the Overall Conference survey (starting on Thursday) to receive your Cisco Live water bottle.

• All surveys can be taken in the Cisco Live Mobile App or by logging in to the Session Catalog on ciscolive.cisco.com/us.

Cisco Live sessions will be available for viewing on demand after the event at ciscolive.cisco.com.

Demos in the Walk-in labs Cisco campus

Meet the engineer Related sessions 1:1 meetings

#CLUS #CLUS