Redundant Cloud Services Skyrocketing! How to Provision Minecraft Server on Metacloud

Home , Bracket (mathematics)

Cisco Service Provider Cloud

Josip Zimet CCIE 5688 Cisco My Favorite Example of Digital Transformations started with data centers ….

Example of Digital Transformations started with data centers ….

Paris Dubai

Dubrovnik https://developer.cisco.com/site/flare/

SIM Card Identity for a Phone

+ SIM Card Identity for a Phone HSRP x.x.x.1 + STP/802.1Q/FP IS-IS/BGP/VXLAN Anycast GW x.x.x.1

Physical, virtual, Container SIM Card Identity for a Phone

+ Multitenant multivendor across bare metal, virtual and container private and public cloud

Cloud Center VMs=house Apartments=containers

Nova/cinder/Neutron NSX/ACI/Contiv

EC2/S3/EBS/VPC/Sec Groups Broad Multi-Vendor Infrastructure Support UCS Director

Converged VM L4-L7 Compute Network Storage

vASA, Nexus CSR1000v MDS * * * *

* * * * * Partner provided roleback https://www.youtube.com/watch?v=hz7zwd98rn4

No Web-1 No Web-2 No App-1 No DB-1 No DB-2 No DB-3 No App-2 No DB-3 Value of Sec ?

st 0.36 Seconds nd 1 Place ($881,000) separates 2 Place 1st and 2nd place • $2,447 Per Millisecond • $1.6 more dollars awarded to • $719,000 Million 1st Place Value of Sec ? Financial Media Transport Retail

Airline Brokerage Home Shopping Pay per View Reservations operations $1,883/min $2,500/min $1,483/min $107,500/min

Credit card/Sales Authorizations Teleticket Package Catalogue Sales $43,333/min Sales Shipping $1,500/min $1,150/min $466/min

ATM Fees $241/min

Classification Availability Annual Down Time Continuous processing 100% 0 min/year Fault Tolerant 99-999% 5 min/Year Fault Resilient 99.99% 53 min/year High Availability 99.9% 8.8 hours/Year Normal Commercial Availability 99-99.5% 87.6-43.8 hours The Matrix – blue pill, red pill Could UCSD do OpenStack and VMW and ACI ? Openstack Manually, ACI automatically Openstack and ACI automatically APIC API Inspector

Replace { With single Line of JSON Retrieved from APIC via API Inspector APIC Inspector to UCS Director Workflow Task Convertor Convertor Script: https://cisco.box.com/s/3mbvmmo1r8iq8516np9uqqzice1aa4ur HowTo Video: https://cisco.box.com/s/ka6ru7cziq6iep5h5rrc6gvicyvd6h4j Cisco Communities ( >300 Examples )

https://communities.cisco.com/docs/DOC-56419 20 https://aciappcenter.cisco.com/ http://www.cliqr.com/partners/ http://www.cliqr.com 25+ Cloud supported

CliQr can manage applications running on any CliQr can launch applications in Microsoft CliQr can launch workloads on Amazon Web Services data center in any region as Auzre’s many data centers. Cisco’s Unified Computing System well as support for their Relational Database Service with support for Cisco UCS Director. and Elastic Load Balancing.

CliQr Supports deployment to AWS GovCloud (US), Deploy in the physical and logical network- CloudStack version 3.x or later is an isolated AWS Region designed for US government isolated instance of Azure dedicated for US supported as a target cloud by CliQr. agencies and customers to move sensitive workloads government use. to the cloud.

Deploy and manage in a Bracket Compute Cell in All of the Rackspace OpenStack Havana- CloudCenter supports Windows multiple cloud environments. based offerings are supported by CliQr. Azure Pack, which brings Microsoft Azure technologies to private data centers.

Cloud N data centers in both the US and Japan are Get “one click” deployment and CliQr can launch workloads on the manageable by CliQr. management in the IBM public cloud Mirantis Private-Cloud-as-a-Service. including bare metal provisioning

CliQr can run workloads on Dimension Data’s Public In addition to managing VMware-based CliQr is a sponsor of OpenStack and Compute-as-a-Service portfolio. private clouds, CliQr also supports their can deploy workloads on Havana- vCloud Air offering based installations.

In addition to managing workloads on Google Cloud Both vSphere and vCloud Director targets CliQr supports RedHat's distribution Platform virtual machines, CliQr also supports Google are supported. of OpenStack. Cloud SQL. Dev  QAStageProd Deploy as Hybrid

Deploy Database @ Deploy Load Balancer Deploy Apache @ DC1 @ DC1 DC2

Add External Network to Load Add External Network to Database Balancer

Could UCSD+CliQr do OpenStack and VMW and MS and Containers and ACI and multivendor infrastructure? https://meraki.cisco.com https://developer.ciscospark.com

https://www.tropo.com/tropo- https://map.webex.com/ developer-network/ Cisco Spark Innovation Fund Unlocking innovation The $150 million Spark Innovation Fund is focused on the Spark ecosystem covering direct investments, joint development, additional enhancements and developer support. The fund will incubate great ideas so they become great applications and integrations. Read more here. Smart Spaces in Building 10

https://acecloud.webex.com/meet/jzimet https://www.tropo.com/ https://github.com/CiscoCloud/tropo

Shipped+Tropo https://ciscoshipped.io/ 208.67.222.222 https://developer.cisco.com

Using mesos to deploy infrastructure : 4 worker nodes Up & Running

Managing Traffic Marathon Flow on Traffic Manage deployement of application http://drone.lab.apps.imapex.io/jzimet/cicd_demoapp

git add demoapp.py

commit -m "Test from Sarajevo" git push

https://www.ciscospark.com/ https://control.sandbox.imapex.io/ WIFI Analytics -aaS

Energy Management-aaS Cloud consumption-aaS Cisco IT : 936 Cloud Services 150+ industry risk controls (COBIT,HIPAA, ISO27001, SP800_53, FEDRAMP , PCI, EU-Safe Harbour, SAS70 Type 2 …)

Monitor Use & Predict Cloud Needs Reduce Cloud Risk & Protect Business

Discover & Evaluate Providers Redundant Cloud Services Skyrocketing! How to provision Minecraft server on MetaCloud

1. Heat template for Minecraft which Set a series of parameters : Enable or disable Game mode, Difficulty, Monsters, Hardcore mode, Animals, Villagers, Message of days, Max players, Valid Minecraft account, Public network from which floating ip address will be allocated, Flavor : small, medium, large or xlarge, Image : ubuntu, Nova KeyPair, Neutron Net, Neutron Subnet, Neutron router, Neutron router interface, Neutron server port, Neutron floatingip, Neutron security group

2. Provision Minecraft server Git clone using Ansible playbook using previously set parameters … Apply Parameters Check Topology Check SSH Key Check IP address

3. Load Minecraft Server on this IP address Tenant “compute”

0 External Contract 1

EPG’s EPG 0 2 0

3 nodes running

Set forwarding mode to ACI with VLAN range

Create tenant compute

Learn different tenant

Create contracts “vmHTTPprovide” and “vmHTTPconsume” for vm to the PODs Create network “podnet”

default gateway “100.100.100.254” subnet“100.100.0/24” encapsulation “VLAN” Tenant “Compute”

Create group or POD “App” network “podnet” External contracts created for tenant tenant “compute” Create group or POD “DB” without contracts Spinning PODs living within kubernetes environment

App1 yaml file or pod spec Providing labels or metadata as part of pod definitions tenant “compute” network “podnet” created using contiv epg “app” : App1 pod need to be part of “app” end point group

from App1 (100.100.100.1) ping App2 (100.100.100.2) and ping DB (100.100.100.3) And external VM (101.101.101.101)

3 POD up and running From db1 (100.100.100.3) ping App1 (100.100.100.1) 0 packets received

3 packets received Vi docker-compose.yml Web exposed on port 5000 Extracting policy information's from image that developer build Instantiating labels and policy associated with it Launch the composition of application that you can launch in Docker swarm cluster

https://www.youtube.com/watch?v=dkQhjKL1xfo https://www.youtube.com/watch?v=8IiPOlmxXz4 https://www.youtube.com/watch?v=25OZHQ_t3nY https://www.youtube.com/watch?v=uE7cXUY Z_08 • Whitelist and micro segmentation • AWS implements “assured security model” - aws is responsible for security of infrastructure and physical location of data center. Users and consumers are responsible for security policy wrapped around application. • Security group used for white list policy model or access list – required every time when you configure amazon compute instance that you assign appropriate security group • Ex : Wordpress + load balancing + database cluster + proxy + caching Compute with default security group

Default security group DB HA Proxy

Access DB via Ping and curl

Run Script and add security Compute with default security group Compute assigned to new security groups

Added security group Selected Security Group Default security group Ping Stops Curl doesn’t work

Search 1.5 Bil Flows

Over a Range of 4 Months

And response in 55 ms App Is Slow MajorityLook for are process “ms” distribution drill down into and the see Show me latency distributions onewhich in “s” processes are generating such latencyDrill-Down into “python” Process Filter Flows Shift in Time Expand on It

App Latency Net Latency Process Reply of all flows across 25 dimension Turn on or off dimension

Show me outliers

Visual Querry Web Platform talking to non production DB

Partners Labs And production DB

120 servers with agents Tetration recommended 4 clusters or EPG Tetration Analytics - Policy Compliance

15 digits for Freedom/Shadow IT Cisco eStore – What we will have in the store IT Infrastructure & Software & Apps Devices Collaboration Software Network Platform Services

Laptops & Email & Instant Messaging Desktop Corporate CITEIS Application & Web Desktops Calendaring Software Network Services

Smartphones & Tablets WebEx Social Web Mobile Home & Remote Datacenter Datacenter Conferencing Apps Access Computing Network

IP Phones Telepresence & Video - Live & WebEx Social Partner Database Hosting & Strategic & Voice Video Conferencing On-Demand Apps Connection (Extranet) ERP Innovation & Product Validation

Printers Content Web Applications Management & Accounts NSO Cisco Prime Service Catalog E M

Mail Server

Legacy Network Cisco Process Orchestrator Devices

Service Request/ Ticketing System

Cisco Prime Infrastructure

Analytics Engines W W W Hadoop Oracle CloudCenter Database(s) CI/CD UCSD CMDB Git UCSM Web Servers Jenkins Digital Signage Repo DNS/DHCP

Virtual and physical appliance orchestration

Next-Gen To Campus Intrusion Host-based Prevention Load Flow Security System Firewall Balancer Switch Analytics

Database Next-Gen Zone Threat Access Intrusion Access Intell- Control + Anti- Prevention L2//L3 Control + igence TrustSec Malware System Firewall Network TrustSec VPN PCI Compliance Zone WAN Next-Generation Firewall Router App L2//L3 Server Network Zone Web Centralized Management Application Flow Firewall Analytics

Shared Services Policy/ Visibility/ Analysis Analytics Zone Configuration Context Correlation

Virtualized Capabilities

Logging/ Threat Vulnerability Monitoring To Edge Reporting Intelligence Management