Management and Automation of Application Centric Infrastructure with
Cisco UCS DirectorMichael Zimmerman, Technical Marketing Engineer
Shankar Varanasy, Product Manager
BRKACI-2410
• Importance of UCS Director in an ACI Environment
• Integration Overview and Key Concepts
• Use-Case Demonstrations
• Conclusion
• Q&A
Agenda
Importance of UCS Director in an ACI
Environment
It’s All About the Applications
• Businesses make money through running applications, either directly or indirectly
• Online sales catalog (direct)
• HR application to onboard new Sales Rep. (indirect)
• IT operations typically revolve around the application lifecycle
• Provisioning
• Securing
• Maintaining
• Deprovisioning
Sounds simple…but what makes up an application…
Application “DNA”
• DNA is a complex structure made up of various combinations of units called “nucleotides”
• Similar to DNA, applications can be quite complex and are made up of various combinations of units, we typically call them “resources”
• Types of resources include:
• Virtual Compute
• Physical Compute
• Network
• Storage
• Services (L4-L7)
Rest
Of
World
Web
3-Tier Sample Application Blueprint
Application Database
Firewall
Load
Balancer
Virtual
Machines
Virtual
Machine
Virtual
Machine
Application Complexity
• Multiple virtual and/or physical devices to deploy and manage
Web Application Database
Firewall
Load
Balancer
Virtual
Machines
Virtual
Machine
Virtual
Machine
Rest
Of
World
Application Complexity
• Multiple network segments between devices
Web Application Database
Firewall
Load
Balancer
Virtual
Machines
Virtual
Machine
Virtual
Machine
Rest
Of
World
Application Complexity
• Storage resource configuration and connectivity
Storage
Web Application Database
Firewall
Load
Balancer
Virtual
Machines
Virtual
Machine
Virtual
Machine
Rest
Of
World
Application Complexity
• Services and security routes, rules, policies and configurations
Web Application Database
Firewall
Load
Balancer
Virtual
Machines
Virtual
Machine
Virtual
Machine
Rest
Of
World
Application Infrastructure Deployment
Is an aggregation of many individual infrastructure operations across many different layers…
• Numerous “touch-points”
• Various infrastructure teams/people (in most cases)
• Coordination to follow appropriate “order of operations”
• Cross-functional information sharing
All of which leads to more time and money spent on the deployment of applications
Importance of UCS Director for ACI
Automates the various operational tasks within the ACI fabric• Tenants, Private Networks, Bridge Domains, App Profiles, EPGs, etc.
• Automated through APIC REST API
Create
Tenant
Create
Private
Network
Create
Bridge
Domain
Create
Application
Profiles
And More
REST
API183 Tasks for ACI
Out-of-the-Box (UCSD 5.3)
1 2 3 4 N
Orchestration Workflow
UCSDirector
Importance of UCS Director for ACI
Complements the automation of ACI with the addition of endpoint automation
• End-to-end workflows encompassing operational tasks across all infrastructure layers; ACI fabric, virtual servers, physical servers, storage, services, etc.
APIC
Tasks
Storage
Tasks
Virtual
Server
Tasks
Physical
Server
Tasks
And More
APIs
SDKs
etc. 1500+ Overall TasksOut-of-the-Box (UCSD 5.3)
1 2 3 4 N
Orchestration Workflow
UCSDirector
Integration Overview and Key Concepts
UCS Director – ACI Integration
• UCS Director leverages the APIC REST-based API for ACI integration
ConfigurationThru
Policy
UCSDirector
REST
API
UCS Director “Methodologies” for ACI
1. Build your own custom workflows using Workflow Designer and Task Library
1. Leverage out of the box ACI Application Container framework for defining, provisioning and managing tenants and applications in an ACI environment
• Note: Only supported with certain topologies and use-cases
Methodology #1: Build Your Own Workflows
UCS Director – Infrastructure Task Library
Tasks for ACIOut-of-the-Box (UCSD 5.3)
Infrastructure TasksOut-of-the-Box (UCSD 5.3)
183 1500
UCS Director – Workflow Designer
UCS Director – Workflow Designer
Drag and Drop
Tasks
UCS Director – Workflow Designer
Map Outputs
to Inputs
UCS Director – Workflows on Cisco Communities
1. Navigate to: https://communities.cisco.com/community/technology/datacenter/compute-and-storage/ucs_management/cisco_ucs_developed_integrations
2. Click on “UCS Director Workflows”
With Great Power Comes Great Responsibility…
WARNING: Be careful when developing your own workflows…
• No mechanism to check configuration best practices, etc.
• Recommend Advanced Services engagements
• Work together with your Cisco technical team
• Leverage out-of-box workflows or communities workflows for examples
Methodology #2: ACI Application Container
Framework
ACI Application Container Framework
The ACI Application Container framework operates in two required phases
Phase I - Tenant Onboarding• Deploy a “tenant” within the environment
• Provision required resources for application provisioning
Phase II - Application Provisioning• Actual provisioning of an application instance from a template
• Publishing as a self-service capability
Phase I: Tenant Onboarding
Supported Topologies (as of UCS Director 5.3)
1. VNX-based Topology
Ethernet
Fiber Channel
ACI Spine
ACI Leaf
UCS FI
ACI Spine
ACI Leaf
UCS FI
UCS Chassis
EMC
APICs
NetApp
Supported Topologies (as of UCS Director 5.3)
2. NetApp-based Topology
ACI Spine
ACI Leaf
UCS FI
ACI Spine
ACI Leaf
UCS FI
UCS Chassis
NetApp
Ethernet
APICs
UCS Director CVD w/ FlexPod & ACI
CVD Link: http://www.cisco.com/c/dam/en/us/td/docs/unified_computing/ucs/UCS_CVDs/flexpod_iaas_ucsd_52_aci.pdf
Cisco Application Centric
Infrastructure
Tenant
Phase I –Tenant OnboardingVMware vSphere NetApp Clustered
Data ONTAP
Cisco UCS
Manager
Clu
ste
r N
od
e 2
Clu
ste
r N
od
e 1
Te
na
nt S
tora
ge
Vir
tua
l M
ach
ine
ES
Xi H
ost
1E
SX
i H
ost
2 NF
S
VL
AN
In
terf
ace
NF
S
VL
AN
In
terf
ace
VM
K-N
FS
Po
rt G
rou
p
Fle
xib
le V
olu
me
Vm
ke
rne
l
Inte
rfa
ce
SV
M-M
GM
T
VL
AN
In
terf
ace
SV
M-M
GM
T
VL
AN
In
terf
ace
VM
ke
rne
l
Inte
rfa
ce
NF
S D
ata
sto
re
LIF
-NF
S
Private Network
LIF
-SV
M-M
GM
T
VM
NE
T
Po
rt G
rou
p
Dyna
mic
VM
NE
T V
LA
N
UC
S P
hysic
al D
om
ain
VM
NE
T
Bri
dg
e D
om
ain
VM
NE
T
EP
G
NFS
Bridge Domain
LIF
-NF
S
EP
G
NFS
Contract
Pro
vid
er
Con
su
me
r
tcp_2049
udp_2049
tcp_111
udp_111
tcp_635
udp_635
Filter Rules
SM
V-M
GM
T
Bri
dg
e D
om
ain
LIF
-SV
M-M
GM
T
EP
G
Dyna
mic
NF
S V
LA
N
UC
S P
hysic
al D
om
ain
VM
K-N
FS
EP
G
Resource Groups
• Logical groupings used for resource management
• Assign device accounts to a resource group
• Determine what each device will “advertise”
• Capabilities
• Capacities
• Advertised capabilities and capacities can be used in resource allocation
• Resources divided into categories• Virtual Compute, Virtual Network, Virtual Storage
• Physical Compute, Physical Network, Physical Storage
Resource Groups
Resource Group
Compute
UCS
Domain
Server
PoolAPIC
Server
Pool
Network
APIC
Switch
PairStorage
Controllers
Storage
vServers
VMM
Account
Virtual
Data Center
Cluster
Physical
Compute
Physical
Network
Physical
Storage
Virtual
Compute
Virtual
Network
Virtual
Storage
Environment Specific Inputs
• Configured as part of a resource group
• Specific detail about connectivity of resource group devices
• Includes other environmental information such as specific IP and VLAN pools
Resource Tags (Optional)
• Enables more granular control of resources within a resource group
• Mechanism to “tag” resources with certain attributes or values
• Tags can be used by UCS Director in resource selection and allocation
• Example uses:
• Create tiers of resources within a resource group: tag resources as gold, silver, bronze, etc.
• Minimize scope list for available resources: tag certain aggregates that can specifically be used
Resource Tags (Optional)
Resource Group
aggr1 aggr2 aggr3
StorageAggregate
StorageAggregate
StorageAggregate
ESXiCluster 1
ESXiCluster 2
ESXiCluster 3
Resource Tags (Optional) – Create Tiers
Resource Group
aggr1 aggr2 aggr3
StorageAggregate
StorageAggregate
StorageAggregate
Tag: Tier
Value: Gold
Tag: Tier
Value: Silver
Tag: Tier
Value: Bronze
ESXiCluster 1
ESXiCluster 2
ESXiCluster 3
Resource Tags (Optional) – Minimize Scope
Resource Group
aggr1 aggr2 aggr3
StorageAggregate
StorageAggregate
StorageAggregate
Tag: Tier
Value: Gold
Tag: Tier
Value: Silver
Tag: Tier
Value: Bronze
ESXiCluster 1
ESXiCluster 2
ESXiCluster 3
Tag: Available
Value: Yes
Resource Tags (Optional)
1. Define the tag and the possible tag values…
2. Define the tag-able entities…
Service Offering
• Think of a “service offering” as a definition of requirements: “What does my tenant or application require?”
• Split into 6 classes (match categories):
• Virtual Compute
• Virtual Network
• Virtual Storage
• Physical Compute
• Physical Network
• Physical Storage
Service Classes
In each of the six service classes, define…
• Whether resources should be dedicated or shared for the tenant/application
• Tags to be used for more granular resource selection and allocation
• Capabilities required for the tenant/application
• Capacities required for the tenant/application
Service Offering & Service Classes
Resource Group
aggr1 aggr2 aggr3
StorageAggregate
StorageAggregate
StorageAggregate
Tag: Tier
Value: Gold
Tag: Tier
Value: Silver
Tag: Tier
Value: Bronze
ESXiCluster
ESXiCluster
ESXiCluster
Tag: Available
Value: Yes
Service Offering
Physical
Storage
Tag: Tier
Value:
Gold
Virtual
Compute
Tag: Available
Value: Yes
Physical
Compute
Physical
Network
Virtual
Storage
Virtual
Network
Tenant Profile
• “Pair” a service offering to a resource group
• Two mechanisms to determine valid resource group:
• Admin selection
• Resource Group tag-based selection
Tenant Profile
1. Select the Service Offering(s) and Resource Group selection method…
2. Pair the available Resource Groups with Service Offerings
UCS Director Tenant On-Boarding Flow Chart
Start
Create Pod
Create
Resource
Group
Create
Service
Offering
Define
Service
Classes
Add Devices
To Resource
Group
Define
Environment
Specific Inputs
Add Devices
To UCS
Director/Pod
Create
Resource
Tags
Resource Tags
Required?
Tag
Appropriate
Resources
Define
Tenant
Profile
Tenant
Onboarding
Wrapper Task
Execute
Onboarding
Workflow
Finish
No
Yes
Demo: Part I - Tenant Onboarding
Phase II: Application Provisioning
Application Profile
• Central configuration point for application container provisioning with ACI
• Define a “template” for a single or multi-tiered application
• Components include:
• Network (or tier) definition
• Virtual machine definition per network (tier)
• Physical server definition per network (tier)
• Contract definition between networks (tiers)
• L4-L7 service definition between networks (tiers)
Application Profile Web App DB
• Define application network tiers or APIC EPGs
• Also defines APIC Private Networks and Bridge Domains for each EPG (tier)
APIC Network Policy (Optional)
• Operates within the scope of an APIC tenant
• Tied to one or more networks (or tiers) in the application profile
• Override default application provisioning behavior and settings
• Private network specification
• Subnet specification
• EPG specification
• Bridge Domain specification
APIC Network Policy (Optional)
Default: Each provisioned bridge domain uses the tenant-level private network
Default:
APIC Network Policy (Optional)
Default: Immediate for both settings
Default:
Application Profile Web App DB
• Define application server components
Application Profile Web App DB
• Define contract rules between network tiers
Application Profile Web App DB
• Define L4-L7 services between network tiers
L4-L7 Service Policy (Optional)
• Defines more specific information about the L4-L7 services to be added
• Firewall and/or Load-balancer
• Define ACI Device Package
• Refer to service specific policies (i.e. Firewall: ASAv VM Deployment Policy and APIC Firewall Policy
L4-L7 Devices (Optional)
• Defined within the Resource Group definition
• Provides information about the specific service device
• IP Pools
• Management Port Group
APIC App Container Flow Chart
Start
Finish
APIC
Network
Policies
L4-L7 Services?
Include
Firewall?
APIC
Firewall
Policy
ASAv VM
Deployment
Policy
L4-L7
Service
Policy
Application
Profile
Virtual
Infrastructure
Policy
Application
Container
Template
No
No
Yes
YesSelf-Service?
No
Add Service
Container
Catalog Item
Finish
Yes
Demo: Part II -Application Provisioning
Conclusion
Conclusion
Cisco UCS Director dramatically reduces time to market for services and applications
• Out-of-the-box framework and workflows for provisioning application infrastructure w/ ACI…adding more with each release
• Growing community of user created workflows (ACI and non-ACI)
• Flexibility to create your own workflows or edit existing workflows
UCS Director is the foundation for Cisco ONE Enterprise Cloud Suite, start your journey to private cloud with UCS Director!!
Q&A
Complete Your Online Session Evaluation
Don’t forget: Cisco Live sessions will be available for viewing on-demand after the event at CiscoLive.com/Online
• Give us your feedback to be entered into a Daily Survey Drawing. A daily winner will receive a $750 Amazon gift card.
• Complete your session surveys though the Cisco Live mobile app or your computer on Cisco Live Connect.
Continue Your Education
• Demos in the Cisco campus
• Walk-in Self-Paced Labs
• Table Topics
• Meet the Engineer 1:1 meetings
• Related sessions
Thank you
Data Center / Virtualization Cisco Education OfferingsCourse Description Cisco Certification
Cisco Data Center CCIE Unified Fabric
Workshop (DCXUF);
Cisco Data Center CCIE Unified Computing
Workshop (DCXUC)
Prepare for your CCIE Data Center practical exam with hands on lab
exercises running on a dedicated comprehensive topology
CCIE® Data Center
Implementing Cisco Data Center Unified Fabric
(DCUFI);
Implementing Cisco Data Center Unified
Computing (DCUCI)
Obtain the skills to deploy complex virtualized Data Center Fabric and
Computing environments with Nexus and Cisco UCS.
CCNP® Data Center
Introducing Cisco Data Center Networking
(DCICN); Introducing Cisco Data Center
Technologies (DCICT)
Learn basic data center technologies and how to build a data center
infrastructure.
CCNA® Data Center
Product Training Portfolio: DCAC9k, DCINX9k,
DCMDS, DCUCS, DCNX1K, DCNX5K, DCNX7K
Get a deep understanding of the Cisco data center product line including
the Cisco Nexus9K in ACI and NexusOS modes
For more details, please visit: http://learningnetwork.cisco.com
Questions? Visit the Learning@Cisco Booth or contact [email protected]
Network Programmability Cisco Education OfferingsCourse Description Cisco Certification
Integrating Business Applications with Network
Programmability (NIPBA);
Integrating Business Applications with Network
Programmability for Cisco ACI (NPIBAACI)
Learn networking concepts, and how to deploy and troubleshoot
programmable network architectures with these self-paced courses.
Cisco Business Application
Engineer Specialist Certification
Developing with Cisco Network Programmability
(NPDEV);
Developing with Cisco Network Programmability
for Cisco ACI (NPDEVACI)
Learn how to build applications for network environments and effectively
bridge the gap between IT professionals and software developers.
Cisco Network Programmability
Developer Specialist Certification
Designing with Cisco Network Programmability
(NPDES);
Designing with Cisco Network Programmability
for Cisco ACI (NPDESACI)
Learn how to expand your skill set from traditional IT infrastructure to
application integration through programmability.
Cisco Network Programmability
Design Specialist Certification
Implementing Cisco Network Programmability
(NPENG);
Implementing Cisco Network Programmability
for Cisco ACI (NPENGACI)
Learn how to implement and troubleshoot open IT infrastructure
technologies.
Cisco Network Programmability
Engineer Specialist Certification
For more details, please visit: http://learningnetwork.cisco.com
Questions? Visit the Learning@Cisco Booth or contact [email protected]
Cloud Cisco Education OfferingsCourse Description Cisco Certification
Designing the FlexPod Solution (FPDESIGN);
Implementing and Administering the FlexPod
Solution (FPIMPADM)
Learn how to design, implement and administer FlexPod solutions FlexPod Design Specialist;
FlexPod Implementation &
Administration Specialist
UCS Director (UCSDF) Learn how to manage physical and virtual infrastructure using
orchestration and automation functions of UCS Director.
Cisco Prime Service Catalog Learn how to deliver data center, workplace, and application services in an
on-demand, automated, and repeatable method.
Cisco Intercloud Fabric Learn how to implement end-to-end hybrid clouds with Intercloud Fabric
for Business and Intercloud Fabric for Providers.
Cisco Intelligent Automation for Cloud Learn how to implement and manage cloud deployments with Cisco
Intelligent Automation for Cloud
For more details, please visit: http://learningnetwork.cisco.com
Questions? Visit the Learning@Cisco Booth or contact [email protected]