Redundant Cloud Services Skyrocketing! How to Provision Minecraft Server on Metacloud
Total Page:16
File Type:pdf, Size:1020Kb
Cisco Service Provider Cloud Josip Zimet CCIE 5688 Cisco My Favorite Example of Digital Transformations started with data centers …. Example of Digital Transformations started with data centers …. Paris Dubai Dubrovnik https://developer.cisco.com/site/flare/ SIM Card Identity for a Phone + SIM Card Identity for a Phone HSRP x.x.x.1 + STP/802.1Q/FP IS-IS/BGP/VXLAN Anycast GW x.x.x.1 Physical, virtual, Container SIM Card Identity for a Phone + Multitenant multivendor across bare metal, virtual and container private and public cloud Cloud Center VMs=house Apartments=containers Nova/cinder/Neutron NSX/ACI/Contiv EC2/S3/EBS/VPC/Sec Groups Broad Multi-Vendor Infrastructure Support UCS Director Converged VM L4-L7 Compute Network Storage vASA, Nexus CSR1000v MDS * * * * * * * * * Partner provided roleback https://www.youtube.com/watch?v=hz7zwd98rn4 No Web-1 No Web-2 No App-1 No DB-1 No DB-2 No DB-3 No App-2 No DB-3 Value of Sec ? st 0.36 Seconds nd 1 Place ($881,000) separates 2 Place 1st and 2nd place • $2,447 Per Millisecond • $1.6 more dollars awarded to • $719,000 Million 1st Place Value of Sec ? Financial Media Transport Retail Airline Brokerage Home Shopping Pay per View Reservations operations $1,883/min $2,500/min $1,483/min $107,500/min Credit card/Sales Authorizations Teleticket Package Catalogue Sales $43,333/min Sales Shipping $1,500/min $1,150/min $466/min ATM Fees $241/min Classification Availability Annual Down Time Continuous processing 100% 0 min/year Fault Tolerant 99-999% 5 min/Year Fault Resilient 99.99% 53 min/year High Availability 99.9% 8.8 hours/Year Normal Commercial Availability 99-99.5% 87.6-43.8 hours The Matrix – blue pill, red pill Could UCSD do OpenStack and VMW and ACI ? Openstack Manually, ACI automatically Openstack and ACI automatically APIC API Inspector Replace { With single Line of JSON Retrieved from APIC via API Inspector APIC Inspector to UCS Director Workflow Task Convertor Convertor Script: https://cisco.box.com/s/3mbvmmo1r8iq8516np9uqqzice1aa4ur HowTo Video: https://cisco.box.com/s/ka6ru7cziq6iep5h5rrc6gvicyvd6h4j Cisco Communities ( >300 Examples ) https://communities.cisco.com/docs/DOC-56419 20 https://aciappcenter.cisco.com/ http://www.cliqr.com/partners/ http://www.cliqr.com 25+ Cloud supported CliQr can manage applications running on any CliQr can launch applications in Microsoft CliQr can launch workloads on Amazon Web Services data center in any region as Auzre’s many data centers. Cisco’s Unified Computing System well as support for their Relational Database Service with support for Cisco UCS Director. and Elastic Load Balancing. CliQr Supports deployment to AWS GovCloud (US), Deploy in the physical and logical network- CloudStack version 3.x or later is an isolated AWS Region designed for US government isolated instance of Azure dedicated for US supported as a target cloud by CliQr. agencies and customers to move sensitive workloads government use. to the cloud. Deploy and manage in a Bracket Compute Cell in All of the Rackspace OpenStack Havana- CloudCenter supports Windows multiple cloud environments. based offerings are supported by CliQr. Azure Pack, which brings Microsoft Azure technologies to private data centers. Cloud N data centers in both the US and Japan are Get “one click” deployment and CliQr can launch workloads on the manageable by CliQr. management in the IBM public cloud Mirantis Private-Cloud-as-a-Service. including bare metal provisioning CliQr can run workloads on Dimension Data’s Public In addition to managing VMware-based CliQr is a sponsor of OpenStack and Compute-as-a-Service portfolio. private clouds, CliQr also supports their can deploy workloads on Havana- vCloud Air offering based installations. In addition to managing workloads on Google Cloud Both vSphere and vCloud Director targets CliQr supports RedHat's distribution Platform virtual machines, CliQr also supports Google are supported. of OpenStack. Cloud SQL. Dev QAStageProd Deploy as Hybrid Deploy Database @ Deploy Load Balancer Deploy Apache @ DC1 @ DC1 DC2 Add External Network to Load Add External Network to Database Balancer Could UCSD+CliQr do OpenStack and VMW and MS and Containers and ACI and multivendor infrastructure? https://meraki.cisco.com https://developer.ciscospark.com https://www.tropo.com/tropo- https://map.webex.com/ developer-network/ Cisco Spark Innovation Fund Unlocking innovation The $150 million Spark Innovation Fund is focused on the Spark ecosystem covering direct investments, joint development, additional enhancements and developer support. The fund will incubate great ideas so they become great applications and integrations. Read more here. Smart Spaces in Building 10 https://acecloud.webex.com/meet/jzimet https://www.tropo.com/ https://github.com/CiscoCloud/tropo Shipped+Tropo https://ciscoshipped.io/ 208.67.222.222 https://developer.cisco.com Using mesos to deploy infrastructure : 4 worker nodes Up & Running Managing Traffic Marathon Flow on Traffic Manage deployement of application http://drone.lab.apps.imapex.io/jzimet/cicd_demoapp git add demoapp.py commit -m "Test from Sarajevo" git push https://www.ciscospark.com/ https://control.sandbox.imapex.io/ WIFI Analytics -aaS Energy Management-aaS Cloud consumption-aaS Cisco IT : 936 Cloud Services 150+ industry risk controls (COBIT,HIPAA, ISO27001, SP800_53, FEDRAMP , PCI, EU-Safe Harbour, SAS70 Type 2 …) Monitor Use & Predict Cloud Needs Reduce Cloud Risk & Protect Business Discover & Evaluate Providers Redundant Cloud Services Skyrocketing! How to provision Minecraft server on MetaCloud 1. Heat template for Minecraft which Set a series of parameters : Enable or disable Game mode, Difficulty, Monsters, Hardcore mode, Animals, Villagers, Message of days, Max players, Valid Minecraft account, Public network from which floating ip address will be allocated, Flavor : small, medium, large or xlarge, Image : ubuntu, Nova KeyPair, Neutron Net, Neutron Subnet, Neutron router, Neutron router interface, Neutron server port, Neutron floatingip, Neutron security group 2. Provision Minecraft server Git clone using Ansible playbook using previously set parameters … Apply Parameters Check Topology Check SSH Key Check IP address 3. Load Minecraft Server on this IP address Tenant “compute” 0 External Contract 1 EPG’s EPG 0 2 0 3 nodes running Set forwarding mode to ACI with VLAN range Create tenant compute Learn different tenant Create contracts “vmHTTPprovide” and “vmHTTPconsume” for vm to the PODs Create network “podnet” default gateway “100.100.100.254” subnet“100.100.0/24” encapsulation “VLAN” Tenant “Compute” Create group or POD “App” network “podnet” External contracts created for tenant tenant “compute” Create group or POD “DB” without contracts Spinning PODs living within kubernetes environment App1 yaml file or pod spec Providing labels or metadata as part of pod definitions tenant “compute” network “podnet” created using contiv epg “app” : App1 pod need to be part of “app” end point group from App1 (100.100.100.1) ping App2 (100.100.100.2) and ping DB (100.100.100.3) And external VM (101.101.101.101) 3 POD up and running From db1 (100.100.100.3) ping App1 (100.100.100.1) 0 packets received 3 packets received Vi docker-compose.yml Web exposed on port 5000 Extracting policy information's from image that developer build Instantiating labels and policy associated with it Launch the composition of application that you can launch in Docker swarm cluster https://www.youtube.com/watch?v=dkQhjKL1xfo https://www.youtube.com/watch?v=8IiPOlmxXz4 https://www.youtube.com/watch?v=25OZHQ_t3nY https://www.youtube.com/watch?v=uE7cXUY Z_08 • Whitelist and micro segmentation • AWS implements “assured security model” - aws is responsible for security of infrastructure and physical location of data center. Users and consumers are responsible for security policy wrapped around application. • Security group used for white list policy model or access list – required every time when you configure amazon compute instance that you assign appropriate security group • Ex : Wordpress + load balancing + database cluster + proxy + caching Compute with default security group Default security group DB HA Proxy Access DB via Ping and curl Run Script and add security Compute with default security group Compute assigned to new security groups Added security group Selected Security Group Default security group Ping Stops Curl doesn’t work Login to mysql works Click & Dril Down Data Scientist out of the box https://www.youtube.com/watch?v=a5FddThT6vc Search 1.5 Bil Flows Over a Range of 4 Months And response in 55 ms App Is Slow MajorityLook for are process “ms” distribution drill down into and the see Show me latency distributions onewhich in “s” processes are generating such latencyDrill-Down into “python” Process Filter Flows Shift in Time Expand on It App Latency Net Latency Process Reply of all flows across 25 dimension Turn on or off dimension Show me outliers Visual Querry Web Platform talking to non production DB Partners Labs And production DB 120 servers with agents Tetration recommended 4 clusters or EPG Tetration Analytics - Policy Compliance 15 digits for Freedom/Shadow IT Cisco eStore – What we will have in the store IT Infrastructure & Software & Apps Devices Collaboration Software Network Platform Services Laptops & Email & Instant Messaging Desktop Corporate CITEIS Application & Web Desktops Calendaring Software Network Services Smartphones & Tablets WebEx Social Web Mobile Home & Remote Datacenter Datacenter Conferencing Apps Access Computing