Management and Automation of Application Centric Infrastructure with

Cisco UCS DirectorMichael Zimmerman, Technical Marketing Engineer

Shankar Varanasy, Product Manager

BRKACI-2410

• Importance of UCS Director in an ACI Environment

• Integration Overview and Key Concepts

• Use-Case Demonstrations

• Conclusion

• Q&A

Agenda

Importance of UCS Director in an ACI

Environment

It’s All About the Applications

• Businesses make money through running applications, either directly or indirectly

• Online sales catalog (direct)

• HR application to onboard new Sales Rep. (indirect)

• IT operations typically revolve around the application lifecycle

• Provisioning

• Securing

• Maintaining

• Deprovisioning

Sounds simple…but what makes up an application…

Application “DNA”

• DNA is a complex structure made up of various combinations of units called “nucleotides”

• Similar to DNA, applications can be quite complex and are made up of various combinations of units, we typically call them “resources”

• Types of resources include:

• Virtual Compute

• Physical Compute

• Network

• Storage

• Services (L4-L7)

Rest

Of

World

Web

3-Tier Sample Application Blueprint

Application Database

Firewall

Load

Balancer

Virtual

Machines

Virtual

Machine

Virtual

Machine

Application Complexity

• Multiple virtual and/or physical devices to deploy and manage

Web Application Database

Firewall

Load

Balancer

Virtual

Machines

Virtual

Machine

Virtual

Machine

Rest

Of

World

Application Complexity

• Multiple network segments between devices

Web Application Database

Firewall

Load

Balancer

Virtual

Machines

Virtual

Machine

Virtual

Machine

Rest

Of

World

Application Complexity

• Storage resource configuration and connectivity

Storage

Web Application Database

Firewall

Load

Balancer

Virtual

Machines

Virtual

Machine

Virtual

Machine

Rest

Of

World

Application Complexity

• Services and security routes, rules, policies and configurations

Web Application Database

Firewall

Load

Balancer

Virtual

Machines

Virtual

Machine

Virtual

Machine

Rest

Of

World

Application Infrastructure Deployment

Is an aggregation of many individual infrastructure operations across many different layers…

• Numerous “touch-points”

• Various infrastructure teams/people (in most cases)

• Coordination to follow appropriate “order of operations”

• Cross-functional information sharing

All of which leads to more time and money spent on the deployment of applications

Importance of UCS Director for ACI

Automates the various operational tasks within the ACI fabric• Tenants, Private Networks, Bridge Domains, App Profiles, EPGs, etc.

• Automated through APIC REST API

Create

Tenant

Create

Private

Network

Create

Bridge

Domain

Create

Application

Profiles

And More

REST

API183 Tasks for ACI

Out-of-the-Box (UCSD 5.3)

1 2 3 4 N

Orchestration Workflow

UCSDirector

Importance of UCS Director for ACI

Complements the automation of ACI with the addition of endpoint automation

• End-to-end workflows encompassing operational tasks across all infrastructure layers; ACI fabric, virtual servers, physical servers, storage, services, etc.

APIC

Tasks

Storage

Tasks

Virtual

Server

Tasks

Physical

Server

Tasks

And More

APIs

SDKs

etc. 1500+ Overall TasksOut-of-the-Box (UCSD 5.3)

1 2 3 4 N

Orchestration Workflow

UCSDirector

Integration Overview and Key Concepts

UCS Director – ACI Integration

• UCS Director leverages the APIC REST-based API for ACI integration

ConfigurationThru

Policy

UCSDirector

REST

API

UCS Director “Methodologies” for ACI

1. Build your own custom workflows using Workflow Designer and Task Library

1. Leverage out of the box ACI Application Container framework for defining, provisioning and managing tenants and applications in an ACI environment

• Note: Only supported with certain topologies and use-cases

Methodology #1: Build Your Own Workflows

UCS Director – Infrastructure Task Library

Tasks for ACIOut-of-the-Box (UCSD 5.3)

Infrastructure TasksOut-of-the-Box (UCSD 5.3)

183 1500

UCS Director – Workflow Designer

UCS Director – Workflow Designer

Drag and Drop

Tasks

UCS Director – Workflow Designer

Map Outputs

to Inputs

UCS Director – Workflows on Cisco Communities

1. Navigate to: https://communities.cisco.com/community/technology/datacenter/compute-and-storage/ucs_management/cisco_ucs_developed_integrations

2. Click on “UCS Director Workflows”

With Great Power Comes Great Responsibility…

WARNING: Be careful when developing your own workflows…

• No mechanism to check configuration best practices, etc.

• Recommend Advanced Services engagements

• Work together with your Cisco technical team

• Leverage out-of-box workflows or communities workflows for examples

Methodology #2: ACI Application Container

Framework

ACI Application Container Framework

The ACI Application Container framework operates in two required phases

Phase I - Tenant Onboarding• Deploy a “tenant” within the environment

• Provision required resources for application provisioning

Phase II - Application Provisioning• Actual provisioning of an application instance from a template

• Publishing as a self-service capability

Phase I: Tenant Onboarding

Supported Topologies (as of UCS Director 5.3)

1. VNX-based Topology

Ethernet

Fiber Channel

ACI Spine

ACI Leaf

UCS FI

ACI Spine

ACI Leaf

UCS FI

UCS Chassis

EMC

APICs

NetApp

Supported Topologies (as of UCS Director 5.3)

2. NetApp-based Topology

ACI Spine

ACI Leaf

UCS FI

ACI Spine

ACI Leaf

UCS FI

UCS Chassis

NetApp

Ethernet

APICs

UCS Director CVD w/ FlexPod & ACI

CVD Link: http://www.cisco.com/c/dam/en/us/td/docs/unified_computing/ucs/UCS_CVDs/flexpod_iaas_ucsd_52_aci.pdf

Cisco Application Centric

Infrastructure

Tenant

Phase I –Tenant OnboardingVMware vSphere NetApp Clustered

Data ONTAP

Cisco UCS

Manager

Clu

ste

r N

od

e 2

Clu

ste

r N

od

e 1

Te

na

nt S

tora

ge

Vir

tua

l M

ach

ine

ES

Xi H

ost

1E

SX

i H

ost

2 NF

S

VL

AN

In

terf

ace

NF

S

VL

AN

In

terf

ace

VM

K-N

FS

Po

rt G

rou

p

Fle

xib

le V

olu

me

Vm

ke

rne

l

Inte

rfa

ce

SV

M-M

GM

T

VL

AN

In

terf

ace

SV

M-M

GM

T

VL

AN

In

terf

ace

VM

ke

rne

l

Inte

rfa

ce

NF

S D

ata

sto

re

LIF

-NF

S

Private Network

LIF

-SV

M-M

GM

T

VM

NE

T

Po

rt G

rou

p

Dyna

mic

VM

NE

T V

LA

N

UC

S P

hysic

al D

om

ain

VM

NE

T

Bri

dg

e D

om

ain

VM

NE

T

EP

G

NFS

Bridge Domain

LIF

-NF

S

EP

G

NFS

Contract

Pro

vid

er

Con

su

me

r

tcp_2049

udp_2049

tcp_111

udp_111

tcp_635

udp_635

Filter Rules

SM

V-M

GM

T

Bri

dg

e D

om

ain

LIF

-SV

M-M

GM

T

EP

G

Dyna

mic

NF

S V

LA

N

UC

S P

hysic

al D

om

ain

VM

K-N

FS

EP

G

Resource Groups

• Logical groupings used for resource management

• Assign device accounts to a resource group

• Determine what each device will “advertise”

• Capabilities

• Capacities

• Advertised capabilities and capacities can be used in resource allocation

• Resources divided into categories• Virtual Compute, Virtual Network, Virtual Storage

• Physical Compute, Physical Network, Physical Storage

Resource Groups

Resource Group

Compute

UCS

Domain

Server

PoolAPIC

Server

Pool

Network

APIC

Switch

PairStorage

Controllers

Storage

vServers

VMM

Account

Virtual

Data Center

Cluster

Physical

Compute

Physical

Network

Physical

Storage

Virtual

Compute

Virtual

Network

Virtual

Storage

Environment Specific Inputs

• Configured as part of a resource group

• Specific detail about connectivity of resource group devices

• Includes other environmental information such as specific IP and VLAN pools

Resource Tags (Optional)

• Enables more granular control of resources within a resource group

• Mechanism to “tag” resources with certain attributes or values

• Tags can be used by UCS Director in resource selection and allocation

• Example uses:

• Create tiers of resources within a resource group: tag resources as gold, silver, bronze, etc.

• Minimize scope list for available resources: tag certain aggregates that can specifically be used

Resource Tags (Optional)

Resource Group

aggr1 aggr2 aggr3

StorageAggregate

StorageAggregate

StorageAggregate

ESXiCluster 1

ESXiCluster 2

ESXiCluster 3

Resource Tags (Optional) – Create Tiers

Resource Group

aggr1 aggr2 aggr3

StorageAggregate

StorageAggregate

StorageAggregate

Tag: Tier

Value: Gold

Tag: Tier

Value: Silver

Tag: Tier

Value: Bronze

ESXiCluster 1

ESXiCluster 2

ESXiCluster 3

Resource Tags (Optional) – Minimize Scope

Resource Group

aggr1 aggr2 aggr3

StorageAggregate

StorageAggregate

StorageAggregate

Tag: Tier

Value: Gold

Tag: Tier

Value: Silver

Tag: Tier

Value: Bronze

ESXiCluster 1

ESXiCluster 2

ESXiCluster 3

Tag: Available

Value: Yes

Resource Tags (Optional)

1. Define the tag and the possible tag values…

2. Define the tag-able entities…

Service Offering

• Think of a “service offering” as a definition of requirements: “What does my tenant or application require?”

• Split into 6 classes (match categories):

• Virtual Compute

• Virtual Network

• Virtual Storage

• Physical Compute

• Physical Network

• Physical Storage

Service Classes

In each of the six service classes, define…

• Whether resources should be dedicated or shared for the tenant/application

• Tags to be used for more granular resource selection and allocation

• Capabilities required for the tenant/application

• Capacities required for the tenant/application

Service Offering & Service Classes

Resource Group

aggr1 aggr2 aggr3

StorageAggregate

StorageAggregate

StorageAggregate

Tag: Tier

Value: Gold

Tag: Tier

Value: Silver

Tag: Tier

Value: Bronze

ESXiCluster

ESXiCluster

ESXiCluster

Tag: Available

Value: Yes

Service Offering

Physical

Storage

Tag: Tier

Value:

Gold

Virtual

Compute

Tag: Available

Value: Yes

Physical

Compute

Physical

Network

Virtual

Storage

Virtual

Network

Tenant Profile

• “Pair” a service offering to a resource group

• Two mechanisms to determine valid resource group:

• Admin selection

• Resource Group tag-based selection

Tenant Profile

1. Select the Service Offering(s) and Resource Group selection method…

2. Pair the available Resource Groups with Service Offerings

UCS Director Tenant On-Boarding Flow Chart

Start

Create Pod

Create

Resource

Group

Create

Service

Offering

Define

Service

Classes

Add Devices

To Resource

Group

Define

Environment

Specific Inputs

Add Devices

To UCS

Director/Pod

Create

Resource

Tags

Resource Tags

Required?

Tag

Appropriate

Resources

Define

Tenant

Profile

Tenant

Onboarding

Wrapper Task

Execute

Onboarding

Workflow

Finish

No

Yes

Demo: Part I - Tenant Onboarding

Phase II: Application Provisioning

Application Profile

• Central configuration point for application container provisioning with ACI

• Define a “template” for a single or multi-tiered application

• Components include:

• Network (or tier) definition

• Virtual machine definition per network (tier)

• Physical server definition per network (tier)

• Contract definition between networks (tiers)

• L4-L7 service definition between networks (tiers)

Application Profile Web App DB

• Define application network tiers or APIC EPGs

• Also defines APIC Private Networks and Bridge Domains for each EPG (tier)

APIC Network Policy (Optional)

• Operates within the scope of an APIC tenant

• Tied to one or more networks (or tiers) in the application profile

• Override default application provisioning behavior and settings

• Private network specification

• Subnet specification

• EPG specification

• Bridge Domain specification

APIC Network Policy (Optional)

Default: Each provisioned bridge domain uses the tenant-level private network

Default:

APIC Network Policy (Optional)

Default: Immediate for both settings

Default:

Application Profile Web App DB

• Define application server components

Application Profile Web App DB

• Define contract rules between network tiers

Application Profile Web App DB

• Define L4-L7 services between network tiers

L4-L7 Service Policy (Optional)

• Defines more specific information about the L4-L7 services to be added

• Firewall and/or Load-balancer

• Define ACI Device Package

• Refer to service specific policies (i.e. Firewall: ASAv VM Deployment Policy and APIC Firewall Policy

L4-L7 Devices (Optional)

• Defined within the Resource Group definition

• Provides information about the specific service device

• IP Pools

• Management Port Group

APIC App Container Flow Chart

Start

Finish

APIC

Network

Policies

L4-L7 Services?

Include

Firewall?

APIC

Firewall

Policy

ASAv VM

Deployment

Policy

L4-L7

Service

Policy

Application

Profile

Virtual

Infrastructure

Policy

Application

Container

Template

No

No

Yes

YesSelf-Service?

No

Add Service

Container

Catalog Item

Finish

Yes

Demo: Part II -Application Provisioning

Conclusion

Conclusion

Cisco UCS Director dramatically reduces time to market for services and applications

• Out-of-the-box framework and workflows for provisioning application infrastructure w/ ACI…adding more with each release

• Growing community of user created workflows (ACI and non-ACI)

• Flexibility to create your own workflows or edit existing workflows

UCS Director is the foundation for Cisco ONE Enterprise Cloud Suite, start your journey to private cloud with UCS Director!!

Q&A

Complete Your Online Session Evaluation

Don’t forget: Cisco Live sessions will be available for viewing on-demand after the event at CiscoLive.com/Online

• Give us your feedback to be entered into a Daily Survey Drawing. A daily winner will receive a $750 Amazon gift card.

• Complete your session surveys though the Cisco Live mobile app or your computer on Cisco Live Connect.

Continue Your Education

• Demos in the Cisco campus

• Walk-in Self-Paced Labs

• Table Topics

• Meet the Engineer 1:1 meetings

• Related sessions

Thank you

Data Center / Virtualization Cisco Education OfferingsCourse Description Cisco Certification

Cisco Data Center CCIE Unified Fabric

Workshop (DCXUF);

Cisco Data Center CCIE Unified Computing

Workshop (DCXUC)

Prepare for your CCIE Data Center practical exam with hands on lab

exercises running on a dedicated comprehensive topology

CCIE® Data Center

Implementing Cisco Data Center Unified Fabric

(DCUFI);

Implementing Cisco Data Center Unified

Computing (DCUCI)

Obtain the skills to deploy complex virtualized Data Center Fabric and

Computing environments with Nexus and Cisco UCS.

CCNP® Data Center

Introducing Cisco Data Center Networking

(DCICN); Introducing Cisco Data Center

Technologies (DCICT)

Learn basic data center technologies and how to build a data center

infrastructure.

CCNA® Data Center

Product Training Portfolio: DCAC9k, DCINX9k,

DCMDS, DCUCS, DCNX1K, DCNX5K, DCNX7K

Get a deep understanding of the Cisco data center product line including

the Cisco Nexus9K in ACI and NexusOS modes

For more details, please visit: http://learningnetwork.cisco.com

Questions? Visit the Learning@Cisco Booth or contact ask-edu-pm-dcv@cisco.com

Network Programmability Cisco Education OfferingsCourse Description Cisco Certification

Integrating Business Applications with Network

Programmability (NIPBA);

Integrating Business Applications with Network

Programmability for Cisco ACI (NPIBAACI)

Learn networking concepts, and how to deploy and troubleshoot

programmable network architectures with these self-paced courses.

Cisco Business Application

Engineer Specialist Certification

Developing with Cisco Network Programmability

(NPDEV);

Developing with Cisco Network Programmability

for Cisco ACI (NPDEVACI)

Learn how to build applications for network environments and effectively

bridge the gap between IT professionals and software developers.

Cisco Network Programmability

Developer Specialist Certification

Designing with Cisco Network Programmability

(NPDES);

Designing with Cisco Network Programmability

for Cisco ACI (NPDESACI)

Learn how to expand your skill set from traditional IT infrastructure to

application integration through programmability.

Cisco Network Programmability

Design Specialist Certification

Implementing Cisco Network Programmability

(NPENG);

Implementing Cisco Network Programmability

for Cisco ACI (NPENGACI)

Learn how to implement and troubleshoot open IT infrastructure

technologies.

Cisco Network Programmability

Engineer Specialist Certification

For more details, please visit: http://learningnetwork.cisco.com

Questions? Visit the Learning@Cisco Booth or contact ask-edu-pm-dcv@cisco.com

Cloud Cisco Education OfferingsCourse Description Cisco Certification

Designing the FlexPod Solution (FPDESIGN);

Implementing and Administering the FlexPod

Solution (FPIMPADM)

Learn how to design, implement and administer FlexPod solutions FlexPod Design Specialist;

FlexPod Implementation &

Administration Specialist

UCS Director (UCSDF) Learn how to manage physical and virtual infrastructure using

orchestration and automation functions of UCS Director.

Cisco Prime Service Catalog Learn how to deliver data center, workplace, and application services in an

on-demand, automated, and repeatable method.

Cisco Intercloud Fabric Learn how to implement end-to-end hybrid clouds with Intercloud Fabric

for Business and Intercloud Fabric for Providers.

Cisco Intelligent Automation for Cloud Learn how to implement and manage cloud deployments with Cisco

Intelligent Automation for Cloud

For more details, please visit: http://learningnetwork.cisco.com

Questions? Visit the Learning@Cisco Booth or contact ask-edu-pm-dcv@cisco.com