Cloudy with a chance of SDN
Casimer DeCusatis, Ph.D., Assistant Professor, Marist College
@Dr_Casimer [email protected]
BRKCRT-2603
• Introduction to the New York State Cloud Computing & Analytics Center
• SDN for Cloud Exchanges
• Network Security with SDN
• Energy Savings and Automation
• Open Standards and the Internet of Everything
• Conclusions
Agenda
• Introduction to the New York State Cloud Computing & Analytics Center
• SDN for Cloud Exchanges
• Network Security with SDN
• Energy Savings and Automation
• Open Standards and the Internet of Everything
• Conclusions
Agenda
• Cloud, SDN, & You
• Use Case Examples& Cloud Lab Results
• Reality vs Hype
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public
The New York State Cloud Computing & Analytics Center at Marist College, Poughkeepsie, NY
5BRKCRT-2603
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public 6BRKCRT-2603
ADVA FSP 3000
Site A
Site C Site BStorageStorage
IBM V7000 Storage
dual 10G
dual 10G dual 10G
ADVA OF Agent (VM)
IBM, NEC, Plexxi Switch
Cisco Routers
OpenDayLight ControllerFloodlight Controller
ADVA FSP 3000
ADVA FSP 3000
Ciena vWAN, Brocade/Vyatta vSwitch
IBM Controller
dual 10G
PureSystem PureSystem
Power blade
125 km
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public 7BRKCRT-2603
What is a Cloud?
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public
I see a pony! I see 50% lower operating expense !
8BRKCRT-2603
What is a Cloud?
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public 9BRKCRT-2603
The IT Industry is at an Inflection Point
VM
O
S
VM
O
S
VM
O
SHypervisor
Applications & Devices are independent Step-by-step, Manual Configuration Static Workloads, Inefficient, Add-ons
Traditional Environment
2000 2014 2024
IT R
esp
on
siv
ene
ss
Software Defined Cloud
VM
O
S
VM
O
S
VM
O
S
VMO
SVMO
SVMO
S
Hypervisor – Workload Aware
Apps Control Infrastructurethru Software Patterns
Centralized, Programmable APIsAutomated Configuration
Dynamic, Workload AwareVirtual Appliances
Efficient, Integrated Security& Analytics
Service Chains & Software Patterns
Drivers
New Workloads (Mobile, Social, Big Data)
Need for Agility & Rapid App Deployment
Cost Effective Scaling & Automation
Traditional environments no longer support emerging business needs
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public 10BRKCRT-2603
What is the ISSIP ?
• Founded Jul 2012 – “to promote innovation in the global service economy”
• Individual Members: > 600
• Institutional members representing:
• Universities: 150+
• Companies 100+
• Countries: 40+
• 5 Special Interest groups(including SDN)
• Ambassadors to over 30 professional associations
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public
Cisco white paper, “Simplify and Automate for Enhanced Service Agility”11BRKCRT-2603
What is the primary client driver for cloud services ?
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public
•
12BRKCRT-2603
Use network virtualization
?Use storage virtualization
93%
Percent of servers virtualized
60+%
Why are networks still over-provisioned?
Source: 2012 IBM Data Center Study: http://www.ibm.com/data-center/study** J. Manville, “The power of a programmable cloud”, OFC 2012 annual meeting, Anaheim, CA, paper
OM2D.2 (March 18-22, 2013)
But… today:
multi-tier virtual-system connectivity is
measured in days.
John Manville, Cisco IT; The Power of a
Programmable Cloud, OFC 2013
(OM2D.2): “It takes about 5 days from an
end-end point of view to provision
something like that (a multi-tier system).”
Goal is to “get at least to sub-one day.”
Networks are: Statically provisioned, under utilized, & energy inefficient
IntrusionPrevention
Firewall
Web Servers
Application Server
FirewallLoad
Balancer
DatabaseCluster
Today: VM on-boarding is measured in minutes
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public
Controller
Data Plane
Applications
Vendor-
specific APIs
OpenFlow,
PCEP,
I2RS
Traditional SDN
Vendor
Specific
Controller
Data Plane
Applications
Vendor-
specific APIs
OpenFlow,
PCEP,
I2RS
Control Plane
Hybrid SDN
Applications
Virtual Switch
Overlays
Overlay
Protocols
(e.g. VXLAN)
Vendor-
specific APIs
Overlays Networks
Control Plane
Data Plane
Overlays
Vendor-
specific APIs
Applications
Programmable APIs
Control Plane
Data Plane
Vendor
SpecificVendor
Specific
13BRKCRT-2603
More “Complete” View of SDN
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public 14BRKCRT-2603
Cisco Open SDN Controller
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public 15BRKCRT-2603
Potential Benefits of SDN
Uniform management visibilityMultiple administrative domains, multiple technologies, multiple implementations per technology
Flow optimizationAt Hyperscale
Elasticity & Service AgilityChanging, unpredictable demands created by new ways of consuming(cloud)
Under-utilization
Impacts entire service lifecycle
Tenant 1 cloud
Network Hypervisor
Tenant 2 cloud
Site A
Site B
Storage
Firewall
Web Serve
r
Database
Application
Server
IntrusionPrevention
Hoursto Days
Minutes
De-couple virtual & physical network
Program & Automate multi-tier patterns(avoids human error)
Provide global network visibility with “real-time” control (Lower CapEx)
Current networks are: Statically provisioned, under utilized, & manual intensive
Brownfield & Greenfield deployments
SDN and Cloud Exchanges
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public
Cisco white paper, “Simplify and Automate for Enhanced Service Agility”17BRKCRT-2603
An Unsustainable Operations Model
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public 18BRKCRT-2603
Carrier & Cloud Exchange Use Cases with SDN
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public
Virtual
Tape/Disk/Server
Cloud
Customer 1
Remote Desktop
Customer #2
Customer #3
19BRKCRT-2603
An Early Cloud Exchange
The High Cost of Overprovisioning
During the storage or virtual machine migration at the beginning of a cloudburst into the provider cloud, bandwidth of 1 to 10 gigabits per second will generally be required. However, for the remainder of that IaaS instance life-cycle, much lower bandwidth, rarely exceeding 200 megabits per second, is required.
FSP 3000
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public 20BRKCRT-2603
Cloud Storage Use Case: Never Enough Static Bandwidth
From Internet2 Global Community Showcase 2015 Data used with permission from IBM
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public 21BRKCRT-2603
WDM Node A
WDM Node CWDM Node B
Switch
1GbE
SDN Controller and Network
Hypervisor
With cloud orchestrator API
Switch
Switch
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public
• Details of the migration methods
used in some commercial
products are not readily
available
• Typical values:
– Minimum 1028 MB per VM
– 4 KB per memory page
– Sustainable 1 Gbps
• Migration algorithms can be
highly nonlinear; application
awareness is key
22BRKCRT-2603
Predictive Analytics Driving SDN
Page Dirty Rate (pages/second)
VM
mig
ration
tim
e (
secon
ds)
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public 23BRKCRT-2603
Service Provider Business Transformation
AutomatedManagementOrchestrationPolicy
Applications
Physical & Virtual Infrastructure
Evolved Services Platform (ESP)
Service Broker
Catalog of Physical& Virtual Functions
ServiceProfiles
Evolved Programmable Network (EPN)
VNFs with network compute, storage
Orchestration Engine
Mobility Enterprise Consumer Video
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public 24BRKCRT-2603
Service Provider Business Transformation
AutomatedManagementOrchestrationPolicy
Applications
Physical & Virtual Infrastructure
Evolved Services Platform (ESP)
Service Broker
Catalog of Physical& Virtual Functions
ServiceProfiles
Evolved Programmable Network (EPN)
VNFs with network compute, storage
Orchestration Engine
Mobility Enterprise Consumer Video
APIC, VTSAPIC-EM ML-SDN, WAE,EPNM
Network Service Orchestrator
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public 25BRKCRT-2603
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public 26BRKCRT-2603
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public 29BRKCRT-2603
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public 30BRKCRT-2603
Telefonica – A Multi-Layer, Multi-Domain SDN Network Control Architecture
Optimization Visibility
Multi-Layer App Platform (MAP)
Orchestrator
ML Controller ControllerController
HuaweiCienaInfineraCisco
Spain
What-If analysis
USAChina
Multi-layer, multi-domain SDN with TelefonicaJuan Pedro Fernandez-Palacios, OFC 2015
SDN and OpenStack Congress
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public 32BRKCRT-2603
What is Congress ?
OpenStack “Policy as a Service”
Integrates data frommultiple sources within the data center
Organizes data into tables& makes REST APIs available
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public
Traditional Approach
33BRKCRT-2603
Evolving How We Interact With Network Devices
CLI
AAA
SNMP
HTML
XML
Syslog
Span
Netflow
CDP
Routing Protocols
Monitoring
Routing
QoS
Discovery
Security
Interfaces
Control
New Paradigm
App
C
Java
Python
Anyth
ing y
ou c
an thin
k o
f
Rich Actions, Rich Events,
Rich Environment
SDN and Cyber-Security
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public 35BRKCRT-2603
Security Skills are in High Demand
“Federal agencies to hire more
cyber defenders in 2014”
“"Security is the only area of certified IT
skills that has never had a negative
quarter throughout this recession"
Banks want to get into the cloud!
IT costs as % of revenue (7.3%)
are about twice the average
across other industries (3.7%).
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public
Trusted Intranet
Online
Banking
Application
Employee
Application
DMZ Untrusted Internet
36BRKCRT-2603
Traditional perimeter-based security control…
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public
Online
Banking
Application
Investment
API Services
Employee
Application
Build and Deliver Apps, Services (PaaS)
Consume Apps and Services (SaaS)
Leverage Public Clouds (IaaS)
Trusted Intranet DMZ Untrusted Internet
Apps, APIs
Services
37BRKCRT-2603
… are changing to security centered around applications and data
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public 38BRKCRT-2603
A Challenge: Efficient Firewall Structure
• OS or HW to hypervisor
• Very resource efficient
• VMs are not protected
Source: X.J. He, et al.; Improving cloud network security using the Tree-Rule firewall; Future Generation Computer Systems Vol. 30, pp. 116 (2014).
Today’s reality:
Move to VMs
Resource wasting
Hard to configure
Merge firewall with virtual
switch
Leverages resource and
configuration requirements
Given a virtual switch integrated in the hypervisor, where to place the firewall(s)?
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public 40BRKCRT-2603
Comparing Virtual and Physical Firewalls
ASA – Cisco; CP – Check Point; FG – FortiGate Source: Miercom Lab Testing Summary Report SR120514 (2012)
UDP IMIX default profile
traffic contribution
4-Point IMIX profile traffic
contribution
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public
Security Intelligence
Real-time Processing
• Real-time data correlation
• Anomaly detection
• Event and flow normalization
• Security context & enrichment
• Distributed architecture
Security Operations
• Pre-defined rules and reports
• Offense scoring & prioritization
• Activity and event graphing
• Compliance reporting
• Workflow management
Big Data Warehouse
• Long-term, multi storage
• Unstructured and structured
• Distributed infrastructure
• Preservation of raw data
• Hadoop-based backend
Big Data
Analytics and Forensics
• Advanced visuals and interaction
• Predictive & decision modeling
• Ad hoc queries
• Spreadsheet UI for analysts
• Collaborative sharing tools
• Pluggable UI
Security
Intelligence
with
Big Data
Creative,
exploratory,
intuitive
Structured,
analytical,
repeatable
41BRKCRT-2603
Security Intelligence and Big Data
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public 42BRKCRT-2603
Cisco Science DMZ Architecture
Secure Science DMZ using event-driven SDN, Tae Hwang, Technical Solutions Architect, Cisco
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public
NSF “SecureCloud” Project
• Campus Cyberinfrastructure Data Networking Integration (2 years, $690 K)
• Casimer DeCusatis (PI), 4 students, other faculty/CIO co-PI
• Industry partners including IBM, Brocade, Ciena, BlackRidge, Cisco
• Autonomic security for cloud computing environments
• Develop & deploy novel end-to-end security policy for each application
• Dynamically monitor the network both within and between data centers (up to 100 km) and change security configuration in response to attacks
• Develop & test new code, eventually deploy into production at Marist
• Goals
• Sense & response for denial of service attacks, IP spoofing, botnets, and malware
• Segregate traffic based on properties for improved visibility & quarantine threats
• Security analytics on big data sets collected from honeypots & cloaking key infrastructure
43BRKCRT-2603
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public 44BRKCRT-2603
Extending Identity-Based Security to Cloud Environments
• Networks do not allow for user or device identity to be determined before establishing network connections
• BlackRidge Transport Access Control (TAC) authenticates identity and enforces security policy on the first packet, before a network session is established
Before caller-ID, you
needed to answer to
determine identity.
Caller-ID for the Internet
After caller-ID, you only
answer authenticated and
authorized callers.
First Packet
Authentication™
First Packet
Authentication stops
unauthorized access at
the earliest possible
time.
Current security
products start after
network sessions are
established.
time
Data
Packet Flows
Session
Setup
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public
Syslog for Real-time Alert and/or Audit
Trail
45BRKCRT-2603
Insider and 3rd Party Protection with Attribution
• Control insider and third party vendor access to servers and networks • Leverage your SIEM to produce real-time Alerts with user identity attribution for
both authorized and unauthorized actions • Example configuration and workflow:
• Protected resources are Accounting (192.168.7.75) and HR (192.168.7.76• Authorized user “Johnson” on 192.168.7.10 only has access to Accounting
Corporate
Network 3rd Party Authorized
Accounting (192.168.7.75)
3rd Party Unauthorized
HR (192.168.7.76)
1) Insert Identity 2) Apply Policy
3rd Party User
192.168.7.10
SIEM / Analytics
System4) Generate Alert!
3) Send syslogs
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public 46BRKCRT-2603
Cloaked and Protected:You Can’t Attack What You Can’t See
Without BlackRidgeServers Being Scanned
BlackRidge Enforce ModeServers Not Found
Cloaked,
Protected
, and
Isolated!
12 Open
Ports
Found
No Open
Ports
Found
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public
WDM Node A
WDM Node CWDM Node B
SDN Controller and
Network Hypervisor
With cloud orchestrator API
Brocade/Vyatta
5600
V-Router/Firewall
Ciena Metro
Ethernet
Ciena
Blue Planet
Marist API code
Marist LongTail &
Honeypot (SSH, SDN)
SDN Controller and Network
Hypervisor
With cloud orchestrator API
ICO with Application
Security Policy
Brocade/Vyatta
5600
V-Router/Firewall
Marist Remote
Management App
NetConf
Local Probes Remote Probes
47BRKCRT-2603
NSF SecureCloud
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public 48BRKCRT-2603
LongTail Security Analytics & Honeypots• http://longtail.it.marist.edu/honey/
• IEEE TryCybSi Project, LongTail Honeypot http://try.cybersecurity.ieee.org/trycybsi/explore/honeypot
● We have deployed 21
SSH honeypots across the
Hudson Valley
● Collected and analyzed
over 41 million data points
over a 12 month period,
and identified over 100
unique attack patterns
SDN for Energy Saving
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public
Can SDN Really Save Energy ?
• Data centers account for an estimated 1.2% of total electricity consumption in the United States; Internet transmission/switching adds an additional 0.4% *
• Cloud Computing offers potential energy savings for compute and storage
• CSP can employ more modern, energy efficient servers and storage
• Lower energy consumption in heating/cooling may be achieved through economics of scale for warehouse-scale cloud data centers
• Technologies such as virtualization and sleep scheduling in cloud data centers can further improve energy efficiency
• Offsetting this, cloud computing increases network traffic, number of switches/routers, and overall network energy consumption; static over-provisioning wastes energy
50BRKCRT-2603
*J. Baliga, R. Ayre, K. Hinton, & R. Tucker, “Green cloud computing: balancing energy in processing, storage, and transport”, Proc. IEEE vol 99 no 1 p. 149-167 Jan 2011
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public
Ways to improve energy savings in the network
• Virtual Slicing
• Share CSP network among multiple tenants for better utilization• Avoid over-provisioning without sacrificing performance and throughput
Demonstrate re-provisioning in minutes vs days or weeks
• Use fewer resources to accomplish the same tasks
• Enable each tenant to optimize their own slice of the network• Further reduce over-provisioning on a per-tenant basis
• Long term, enable cloud exchanges with associated cost reductions in energy and carbon footprint
• Automated dynamic re-provisioning eliminates the need for dispatching service trucks on 100 km scale networks (reduces greenhouse gas generation and carbon footprint while saving energy)
51BRKCRT-2603
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public 52BRKCRT-2603
Cloud Bursting Model
• Energy required to transport one bit from data center to user *Ec = 5 x 1.5 x 2 x { (number TORs)(PTOR/CTOR) + (number of WDM nodes)(PWDM/CWDM) }
Redundancy (factor of 2))
Cooling/overheads (factor 1.5)
Network operating at 20 % utilization while consuming almost 100% of maximum power
• PTOR/CTOR = Power consumed by TOR switches / capacity of TOR (bits/second)
• PWDM/CWDM = Power consumed by WDM / Capacity of WDM (bits/second)
Power consumed by WDM = Power chassis/management cards + (number of client cards x power client card)+ (number of wavelength cards x power wavelength card)
* methodology after J. Baliga, R. Ayre, K. Hinton, and R. Tucker, “Green cloud computing: balancing energy in processing, storage, and transport”, Proc. IEEE vol 99 no 1 p. 149-167 (January 2011)
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public
0
2
4
6
8
10
12
14
16
0.01 0.02 0.04 0.06 0.08 0.1
Power Consumption vs Downloads/File/Hour
Series1 Series2Downloads per file per hour
Po
we
r C
on
su
mptio
n (
Wa
tts)
53BRKCRT-2603
Assuming 10 GB file, storage device specifications per the following reference:
J. Baliga, R. Ayre, K. Hinton, and R. Tucker, “Green cloud computing: balancing
energy in processing, storage, and transport”, Proc. IEEE vol 99 no 1 p. 149-167 (January 2011)
Conservatively, Up to 25%PowerSavings
SDN for IoT
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public 55BRKCRT-2603
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public 56BRKCRT-2603
HiPerCube – Cisco UCS High Performance Cloud
• Large memory footprints & I/O Read/WriteMassive batch workloads, long runtimes, bare metal performance on a non-hypervisor based virtualized cloud architecture
• 40 Gbps SDN integrated (Nexus 9396PX, 6332UP); project isolated VX-LANs & VNICs
• Scales to 25,000 VMs (project owned computational objects); Docker Linux containers or KVM
• Secure, auditable INTER-organization IP sharing
• Smart Virtual Client (Chromium appliance) with 2 factor authentication, encrypted web services
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public
2003 2007 2010 2013 2015 2020
500M
Connected Devices
10B
25B
50Billion$20 Trillion Market
550K1M
1.5M
2M
Certifications
5B
~5M
~10M
57BRKCRT-2603
SDN/IoT Challenge: The Growing Services Gap
Automation
Innovation
Education
A. Corno, “Evolution of the network engineer job role”, Proc. SDN Workshop, 2014 Annual Meeting of the
Association of Technology Management and Applied Engineering (ATMAE), St. Louis, MO (November 20-
22, 2014) https://atmae.site-ym.com/?page=AnnualConference
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public 58BRKCRT-2603
Networking will be the cost limiting factor in IoT
• Consider several IoT applications:
• Energy Utility Companies Process: 1.1 BILLION Data Points (0.5 TB) per Day
• A Large Offshore Field Produces: 0.75 TB of Data Weekly
• An Airplane: 10 TB of Data for Every 30 Minutes of Flight
• The deluge of data & need for distributed processing stress capacity & drive requirements for a 3 tier network architecture with SDN
• including edge computing and Cisco Data in Motion for data manageable at scale.
• https://developer.cisco.com/site/data-in-motion/discover/overview/
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public 59BRKCRT-2603
IoT Inverts Existing Traffic Trends
• Possible benefits:
• VPN Exhaustion• Fleets of machine-to-machine devices
using SIM cards for voice communication on a mobile network. Without SIMs, the size of the device fleet is limited by the number of VPNs a given switch can support. SDN flow control avoids this & potentially means you don’t need to buy more switches
• Telecom networks connect IoT devices to the cloud. • Traditional views of carrier-grade
infrastructure are under pressure.
• Replace single, monolithic service delivery elements with SDN & NFV, maintain SLAs
Number of devices
Tra
ffic
vo
lum
e
conventional
IoT
What happens to securitywhen everything’s connected?
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public 60BRKCRT-2603
IoT security when everything’s connected
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public 61BRKCRT-2603
Segmentation and Security
Desired View of Network Resources Actual View of Network Resources
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public
Where is IoT Headed?
• Much more than thermostats, refrigeratorsand light switches…
• A world of disposable endpoints
• Very inexpensive
• Will not run Windows Mobile, iOS, or Android
• Most data we create now isn’t being used (network ACKs, Siri voice clips, …)
• Imagine tens of billions short-lived network endpoints – all look the same (HTTP:80/HTTP:443)
http://searchsdn.techtarget.com/opinion/Dark-alleys-ahead-when-SDN-automation-meets-Internet-of-Things (Patrick Hubbard)
62BRKCRT-2603
Conclusions sdn.marist.edu
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public
Key Takeaways for SDN and Cloud
• Cloud Exchanges – Cisco ESP/EPN
• Agility and time to value are the main reasons client are using SDN with Cloud
• Network is a high percentage of total cost, SDN benefits cloud burst workloads
• Energy Efficiency
• SDN reduces overprovisioning, eliminates truck rolls
• Can save up to 25% off total energy costs
• Security
• Cloud is the new network perimeter; SDN, NFV enable Cisco firewalls
• Disposable network endpoints are a major security risk, maybe SDN can help
• Internet of Everything
• Drives 3 tier networks, flips traffic profiles opposite of conventional networks
• Significant shortages in security & network admins with SDN skills
64BRKCRT-2603
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public 65BRKCRT-2603
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public 66BRKCRT-2603
Author’s opinion…your mileage may vary…
Congress
• C. DeCusatis, R. Cannistra, B. Carle, M. Johnson, J. Kapadia, Z. Meath, M. Miller, D. Young, T. Bundy , G. Zussman, K. Bergman, A. Carranza, C. Sher-DeCusatis, A. Pletch, R. Ransom, “Dynamic orchestration test bed for SDN and NFV at the New York State Center for Cloud Computing & Analytics”, OFC 2014 annual meeting, San Francisco, CA (accepted & to be published, March 2014)
• C. DeCusatis et.al., “Developing a software defined networking curriculum through industry partnership”, Proc. ASEE Annual Meeting, Hartford, CT (April 3-5, 2014) ** named among top 10 conference papers ** http://asee-ne.org/proceedings/2014/index.htm
• Internet2 Global Summit, April 6-10, 2014, Denver, Colorado http://meetings.internet2.edu/2014-global-summit/detail/10003109/
• C. DeCusatis, “SDN, NFV, and the cloud disruption: the next generation open data center interoperable network (ODIN)”, BrightTalk webinar, April 17, 2014 https://www.brighttalk.com/search?q=DeCusatis
• C. DeCusatis and L. Miano, “Cloud computing and software defined environments”, Pace University college of computer science and engineering seminar series, April 30, 2014
• C. DeCusatis and R. Cannistra, “Dynamic management and provisioning of software defined cloud data centers”, Proc. NSF Enterprise Computing Conference (ECC), paper SC3101, June 8-10, Marist College, Poughkeepsie, NY (2014)
• C. DeCusatis and A. Carranza, “Hybrid implementation of the flipped classroom approach to cybersecurity education”, National Cybersecurity Institute Journal vol 2 no 3 pp. 45-55 (January 2016)
• C. DeCusatis, Aparicio Carranza, Alassane Ngaide, Sundas Zafar, and Nestor Landaez, “An open digital forensics model based on CAINE”, Proc. 15th IEEE International Conference on computer and information technology (CIT 2015), October 26-28, Liverpool, U.K.
• C. DeCusatis and I Papapanagiotou, “Service Industry Applications of Software Defined Radio Access Networks”, Proc. 15 th International conference on algorithms and architectures for parallel Processing (ICA3PP), Zhangjiajie, China, November 18-20, 2015
• C. DeCusatis, “Reference Architecture for Multi-Layer Software Defined Optical Data Center Networks” Electronics 2015, (special issue on SDN) 4(3), 633-650 (September 2015)
• C. DeCusatis, “Value and cost of multi-layer SDN”, Proc. OFC Service Provider Summit, Los Angeles, CA (March 22-26, 2015)
• R. Cannistra, C. DeCusatis, “ NFV Integration and Orchestration for Resource Automation within Hybrid Cloud Environments”, Proc. NFV World Congress, San Francisco, CA (May 2015)
Recent Research Publications
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public
Complete Your Online Session Evaluation
Don’t forget: Cisco Live sessions will be available for viewing on-demand after the event at CiscoLive.com/Online
• Give us your feedback to be entered into a Daily Survey Drawing. A daily winner will receive a $750 Amazon gift card.
• Complete your session surveys through the Cisco Live mobile app or from the Session Catalog on CiscoLive.com/us.
68BRKCRT-2603
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public
Continue Your Education
• Demos in the Cisco campus
• Walk-in Self-Paced Labs
• Lunch & Learn
• Meet the Engineer 1:1 meetings
• Related sessions
69BRKCRT-2603
Follow @Dr_Casimer or http://www.ofcconference.org/en-us/home/about/ofc-blog/
Thank You !
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public
Security Cisco Education OfferingsCourse Description Cisco Certification
CCIE Security Expert Level certification in Security, for comprehensive understanding of security
architectures, technologies, controls, systems, and risks.
CCIE® Security
Implementing Cisco Edge Network Security Solutions
(SENSS)
Implementing Cisco Threat Control Solutions (SITCS)
Implementing Cisco Secure Access Solutions (SISAS)
Implementing Cisco Secure Mobility Solutions
(SIMOS)
Configure Cisco perimeter edge security solutions utilizing Cisco Switches, Cisco
Routers, and Cisco Adaptive Security Appliance (ASA) Firewalls
Deploy Cisco’s Next Generation Firewall (NGFW) as well as Web Security, Email
Security and Cloud Web Security
Deploy Cisco’s Identity Services Engine and 802.1X secure network access
Protect data traversing a public or shared infrastructure such as the Internet by
implementing and maintaining Cisco VPN solutions
CCNP® Security
Implementing Cisco Network Security (IINS 3.0) Focuses on the design, implementation, and monitoring of a comprehensive
security policy, using Cisco IOS security features
CCNA® Security
Securing Cisco Networks with Threat Detection and
Analysis (SCYBER)
Designed for security analysts who work in a Security Operations Center, the
course covers essential areas of security operations competency, including event
monitoring, security event/alarm/traffic analysis (detection), and incident response
Cisco Cybersecurity Specialist
Network Security Product Training For official product training on Cisco’s latest security products, including Adaptive
Security Appliances, NGIPS, Advanced Malware Protection, Identity Services
Engine, Email and Web Security Appliances.
For more details, please visit: www.cisco.com/go/securitytraining or http://learningnetwork.cisco.com
Questions? Visit the Learning@Cisco Booth or contact [email protected]
BRKCRT-2603 72
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public
Data Center / Virtualization Cisco Education OfferingsCourse Description Cisco Certification
Introducing Cisco Data Center Networking (DCICN);
Introducing Cisco Data Center Technologies (DCICT)
Learn basic data center technologies and skills to build a
data center infrastructure.
CCNA® Data Center
Implementing Cisco Data Center Unified Fabric (DCUFI);
Implementing Cisco Data Center Unified Computing (DCUCI)
Designing Cisco Data Center Unified Computing (DCUDC)
Designing Cisco Data Center Unified Fabric (DCUFD)
Troubleshooting Cisco Data Center Unified Computing
(DCUCT)
Troubleshooting Cisco Data Center Unified Fabric (DCUFT)
Obtain professional level skills to design, configure,
implement, troubleshoot data center network infrastructure.
CCNP® Data Center
Product Training Portfolio: DCNMM, DCAC9K, DCINX9K,
DCMDS, DCUCS, DCNX1K, DCNX5K, DCNX7K
Gain hands-on skills using Cisco solutions to configure,
deploy, manage and troubleshoot unified computing, policy-
driven and virtualized data center network infrastructure.
Designing the FlexPod® Solution (FPDESIGN);
Implementing and Administering the FlexPod® Solution
(FPIMPADM)
Learn how to design, implement and administer FlexPod
solutions
Cisco and NetApp Certified
FlexPod® Specialist
For more details, please visit: http://learningnetwork.cisco.com
Questions? Visit the Learning@Cisco Booth or contact [email protected]
BRKCRT-2603 73
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public
Network Programmability Cisco Education OfferingsCourse Description Cisco Certification
Integrating Business Applications with Network
Programmability (NIPBA);
Integrating Business Applications with Network
Programmability for Cisco ACI (NPIBAACI)
Learn networking concepts, and how to deploy and troubleshoot
programmable network architectures with these self-paced courses.
Cisco Business Application
Engineer Specialist Certification
Developing with Cisco Network Programmability
(NPDEV);
Developing with Cisco Network Programmability
for Cisco ACI (NPDEVACI)
Learn how to build applications for network environments and effectively
bridge the gap between IT professionals and software developers.
Cisco Network Programmability
Developer Specialist Certification
Designing with Cisco Network Programmability
(NPDES);
Designing with Cisco Network Programmability
for Cisco ACI (NPDESACI)
Learn how to expand your skill set from traditional IT infrastructure to
application integration through programmability.
Cisco Network Programmability
Design Specialist Certification
Implementing Cisco Network Programmability
(NPENG);
Implementing Cisco Network Programmability
for Cisco ACI (NPENGACI)
Learn how to implement and troubleshoot open IT infrastructure
technologies.
Cisco Network Programmability
Engineer Specialist Certification
For more details, please visit: http://learningnetwork.cisco.com
Questions? Visit the Learning@Cisco Booth or contact [email protected]
BRKCRT-2603 74
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public
Cloud Cisco Education OfferingsCourse Description Cisco Certification
Understanding Cloud Fundamentals
(CLDFND)
Learn how to perform foundational tasks related to Cloud computing, and the essentials
of Cloud infrastructureCCNA Cloud
Introducing Cloud Administration
(CLDADM)
Learn the essentials of Cloud administration and operations, including how to provision,
manage, monitor, report and remediate.
Implementing and Troubleshooting the
Cisco Cloud Infrastructure (CLDINF)
Learn how to implement and troubleshoot Cisco Cloud infrastructure: compute,
network, storage.
CCNP Cloud
Designing the Cisco Cloud (CLDDES)*Learn how to design private and hybrid Clouds including infrastructure, automation,
security and virtual network services
Automating the Cisco Enterprise Cloud
(CLDAUT)*
Learn how to automate Cloud deployments – provisioning IaaS (private, private with
network automation and hybrid) and applications, life cycle management
Building the Cisco Cloud with Application
Centric Infrastructure (CLDACI)*
Learn how to build Cloud infrastructures based on Cisco Application Centric
Infrastructure, including design, implementation and automation
UCS Director Foundation (UCSDF)Learn how to manage physical and virtual infrastructure using orchestration and
automation functions of UCS Director.
* Available Q2CY2016
For more details, please visit: http://learningnetwork.cisco.com
Questions? Visit the Learning@Cisco Booth or contact [email protected]
BRKCRT-2603 75