compute and management - cisco · iaas hyperflex compute/storage hyperflex network aci nexus 9k...

Lars GranbergSystems EngineerMarts 2018

Compute and ManagementCisco Virtual Update

© 2017 Cisco and/or its affiliates. All rights reserved.

• UCS Manager 3.2.(3)• HyperFlex 3.0• Cisco Intersight Essentials

Agenda


Cisco UCS Manager 3.2(3)


Big items:• Spectre/Meltdown microcode updates for M3/M4/M5 (Except EX platforms)

UCS Manager 3.2(3)

Additional M5 Server Support• S3260 M5• C220 M5 NVMe SKUs• C240 M5 NVMe SKUs• C480 M5 NVMe SKUs

Diagnostics & Enhancements• End to End Diagnostics Support for M5 C-Series Servers

• Enhanced Chassis FW Install, Install Wizards.• Prepare for FW Install – Mass “Staging” Updates for Chassis and Servers in Parallel – Only updates in advance, no activations.

ExpectedMarch 16th

© 2017 Cisco and/or its affiliates. All rights reserved.© 2017 Cisco and/or its affiliates. All rights reserved.

Same Chassis: New M5 Server Node

• Dual M5 CPUs: Choice of Intel Scalable Processors SKUs: • 4110 (2.1/8C), 4114 (2.2/10C),

5118(2.3/12C), 6132 (2.6/14C), 6138 (2.0/20C), 6152 (2.1/22C)

• 14 DIMMs Slots: 2 Slots 3D Xpoint Ready• 16G, 32G, 64G

• Storage Controller: Choice between• HBA Passthrough with Dual LSI 3316

Chip and IT Firmware• RAID Controller with Dual LSI 3316 Chip

and MegaRAID Firmware

• Dual 7MM NVMe On board• New Intel Cliffdate 4501 with Capacity

points: 500G, 1TB and 2TB

• 1G Host Management Port

Target FCS

Q1CY18

PID: UCS-S3260-M5SRB


Cisco HyperFlex 3.0Stretch Cluster

64 nodescale

Logical Availability Zones


• 64 node clusters• Support for up to 64 node clusters (32 HX converged, 32 compute-only)

• New limits applicable for Hybrid & All Flash clusters

• M4 & M5 node support with mixing of M4 & M5 nodes within a cluster

• Same rules for compute-only nodes still apply

Node Scaling Options in HXDP 3.0

H X D A T A P L A T F O R MIOVisor

IOVisor

IOVisor

IOVisor

....

....

....

Up to 32 HX nodes

Up to 32 compute nodes

IOVisor

IOVisor

HX 3.0


• Cluster Scale With High Availability

• Increased resiliency without added manageability overhead

• How does it work?• HX nodes grouped into logical

“availability groups” (N/A for compute nodes)

• HXDP never places 2 copies of the data in the same availability group

• Clusters with LAZ can survive > 2 simultaneous node failures without data loss or loss of availability

• Tolerate more independent failures

Logical Availability Zones (LAZ)

H X D A T A P L A T F O R M

Availability Grp 1

Availability Grp 2

IOVisor

IOVisor

IOVisor

IOVisor

Availability Grp 3

IOVisor

IOVisor

IOVisor

IOVisor

IOVisor

IOVisor

IOVisor

IOVisor

IOVisor

HX 3.0


LAZ in HX Connect


Disaster Avoidance Zero RPO Automated DR Maximum Uptime

HyperFlex Stretched Cluster Cloud Scale Data Platform

Power Mission Critical Apps with

Site-BSite-A

HX Data Platform

DBAPPAPPDB

Synchronous Replication

SSDSSDSSDSSDSSDSSD

HX 3.0


HyperFlex Stretched Cluster ZERO RPO ! NEAR ZERO RTO!

Site-B

VM VM VM VM

VM VM VM VM

10Gbps /5ms R

TT

Site-A

3rd site Configuration Support

ü Single Stretched Cluster across 2 sites

ü Symmetric Configuration ü Site to host a “Witness

Server” (small VM)

ü 8 HX nodes on each site

IO Pathü Active-Active sites – VMs

Active on each siteü VM Read IOs served locally ü VM Write IOs Sync-Writes

across sitesü 2x copies on each site

HA Operations

ü Recover from a Site failure ü Recover from a Local failure ü Failover of VM ü vMotion of VMü Split Brain handling

Managementü Cross site Cluster creationü Non disruptive online rolling

upgradeü Site awareness in HX Connectü Site specific Alarm and Events

on a single Dashboard

100

Mbp

s/ 2

00 m

s

100 Mbps/ 200 ms

Witness Server

HX 3.0


vCenter

• Single vCenter for both sites

• Need credential during cluster creation

• Can be on either site or 3rd site

• Can be a VM

• Configure independently for HA as required

UCSM:

• Need UCSM credentials for both sites

• Two separate FI Domains (not automatically synchronized)

VLAN

• IP addresses for nodes on both sites

• Stretched VLANs across both sites

Witness

• Access to 3rd Site to host witness VM

• IP address and connectivity for the witness VM

HyperFlex Stretched Cluster Network & Infrastructure: Supported Configurations & Prerequisites

ü 10Gbps (dedicated), 5ms RTT latency

between the 2 active sites

ü 100 Mbps, 200ms RTT latency between

the active sites & witness site

ü FI based configuration

ü Existing FIs are supported

HX 3.0


HX Connect Dashboard


Cisco HyperFlex 3.0Virtualization and Cloud

Cisco ContainerPlatform

Microsoft Hyper-V


Microsoft Hyper-V Support

Integrated Management • Manage Hyper-V hosts from familiar SCVMM, Hyper-V manager,

and PowerShell• Automate HX operations using HX REST API• Leverage HX Connect UI (HTML5) for HX management

Enterprise workloads, Validated solutions• Citrix VDI deployment (XenDesktop and XenApp)• Microsoft SQL, Exchange, Sharepoint etc.• Oracle & other mission critical apps• Backup vendor integrations

Industry Leading Foundation• Log Structured Filesystem & Data services designed for HCI• Highly scalable, resilient, scale-out SMB3 file server protocol• Fully Data distributed, No Data locality

Windows Server with Hyper-V• Windows Server 2016 Datacenter• HX220 M5 and HX240 M5: Hybrid-Flash & All-Flash• Microsoft native failover clustering, checkpoint (snapshots), replica

support, AD support

CRTLVM

CRTLVM

CRTLVM

VM VM VM VM VM VM VM VM VM

HyperFlex Data Platform


Controller VM Architecture with Hyper-V

SMB Client SMB Client SMB Client

Controller VM

I/Ovisor

StorFSrunning

SMBserver

SMBproxy

Controller VM

I/Ovisor

StorFSrunning

SMBserver

SMBproxy

Controller VM

I/Ovisor

StorFSrunning

SMBserver

SMBproxy

HX Datastore

HyperFlex Data Fabric for Microsoft Hyper-V

App VM

VHDX App VM

VHDX App VM

VHDX

App VM

VHDX App VM

VHDX App VM

VHDX

App VM

VHDX App VM

VHDX App VM

VHDX

SMB file share

Windows Server 2016 Windows Server 2016 Windows Server 2016

HX 3.0


Executing on Cisco and Google Open Hybrid Cloud Solution

On Prem/Colo Data Center Google Cloud

Google Cloud Platform

Google Kubernetes Engine

Existing Services

Apps | Data

Private Cloud infrastructureCisco Container PlatformFor HyperFlex

CloudApps

Istio: Hybrid CloudService Management

ConsistentEnvironment

Networking | Security | Private Cloud Infrastructure | Consumption ManagementCSR 1000v, ACI, Stealthwatch Cloud, HyperFlex, Cisco Container Platform, Contiv, CloudCenter,

AppDynamics

HX 3.0


Cisco Container Platform for HyperFlex

IaaSHyperFlex

Compute/StorageHyperFlex

Network ACINexus 9k standalone

On prem KubernetesCisco Container Platform

Container NetworkingContiv/Contiv-ACI, CNI

drivers

Container StorageHyperFlex Flex driver

Turnkey Kubernetes• Simple & Seamless Day0 &

DayN K8S operations integrated into HyperFlex

• HyperFlex IaaS

Enterprise Storage • Scale-out, HA Filesystem• Data protection, efficiency

and resiliency

Enterprise Networking & Security • Multi-tenant architecture,

Micro-segmentation, Security policies

Common Platform for Legacy & Modern Apps• Co-existence of VMs and

containers on same platform

DevOps Ready IT • Enable developer agility

with IT & security policies• Avoid Shadow IT

Turnkey Appliance for Enterprise Kubernetes

Cisco Container Platform

Single vendor Support• Fully supported by Cisco

Global TAC• Single throat to choke for

entire stack


Cisco Container Platform Architecture

• Deploy Kubernetes clusters on HyperFlex IaaS (VMware)

• Container Networking (Contiv / ACI)

• Persistent Storage (Flex Driver

• Layer-4 and Layer-7 Load Balancing

• High Availability

• Authentication with Active Directory

• Role Based Access Control

• Communication between containers and external VMs / BMs

• UI – Harmony Kubernetes, API

• Security (Policies, Encryption)

• Add / remove Kubernetes nodes

• Lifecycle Management (OS Updates, Kubernetes Upgrades)

• Monitoring (Prometheus)

• Logging (EFK)

Kubernetes-as-a-Service

Setup ManageConsume


• Containers Persistent Volume Support for HyperFlex

• New HyperFlex Kubernetes FlexVolume Driver

• Developers Volumes Self-service

• HyperFlex Data Performance and Resiliency

HyperFlex 3.0 Flex Volume DriverVirtualization and Cloud Native Innovations

K8s Node VM

KubeletHX FlexVolumeDriver

SW iSCSI Initiator

private host-only vswitch

ESXi vmkernel interface

iSCSILUN

File

HX Iscsi Proxy

HX Controller VM

vswitch-hx-storage-data

NFS Datastore

HX ESXi Node

API

HX 3.0


Contiv – Networking for Cisco Container Platform

100% Open Source The Most Powerful Container Networking Fabric L2, L3, Overlay or ACI Rich Policy Model

DevOps IT Admin

Any NetworkingAny Platform

Any Infrastructure

ACI integration

Container, VM,BM

LDAP/RBAC

Application Intent

Rich Policy

Connectivity


Cisco Intersight


Automation / Orchestration

One Interface, One API

Multi-SiteOperations

HyperconvergedRemote / Branch / Edge

Cisco Intersight

Performance

Purpose built Management Tools


SaaS-Delivered

UCS CentralGlobal Resource Pooling and Policy Management

UCS DirectorInfrastructure-as-a-Service and Orchestration

Third Party Infrastructure

UCS Manager & IMC

Unified Element Management

Policy-Based Automation

Intersight

Intersight

Consumption ModelsCisco hosted

Service provided, customer hosted


Customer Benefits: Greater Simplicity

Unified ManagementSingle pane of glass, consistent operations model and experience for managing all systems and solutions

Recommendation EngineEmbedded recommendation platform with insights sourced from across Cisco installed base and tailored to each customer

SaaS/SubscriptionHosted management will free customers from care/feeding of management tools and eliminate upgrade dependencies

Enhanced Support ExperienceHosted platform allows Cisco to address issues platform-wide and experience extends into TAC supported platforms

ProgrammabilityEnd to end programmability with native API, SDK’s and popular DevOps toolsets will enable customers to consume natively

No-Impact TransitionIMC/UCSM/HX embedded connector will allow customers to start consuming benefits without forklift upgrade


Intersight: Initial Release

IMC Policy FrameworkHyperFlex Cloud Installer

Deployment

Fault Alerting Platform Inventory

Dashboard

HF/FW CompatibilityUpgrade Checks

Platform Compliance

Cloud ConnectorsSupportability

Telemetry Data Collection

Cisco IMCUCS Manager and HXDP

UI Launch

SaaS Subscription


Cisco Intersight: Licensing Tiers

Base Edition (Free License)

• Supports Cisco UCS and HyperFlex Systems

• Global monitoring of health and inventory status

• User customizable dashboard• Tagging and basic search• Context launch of element

managers (UCS Manager, IMC, and HyperFlex Connect)

• HyperFlex Installer – quickly deploy clusters

Essentials Edition• All the functionality of the Base Edition

• Simplified server setup and policy-based configuration with service profiles

• Firmware management with scheduled updates

• Detailed inventory and server actions• Advanced global search and detailed

inventory• HCL compliance check and upgrade

recommendations (coming soon)• Remote management and virtual

Keyboard-Video-Mouse (vKVM) (coming soon)


• Feature Tier and access• Base Edition – Included with each UCS Server purchase

• No orderable part number. Simply go to https://www.intersight.com and log in using your cisco.com user ID.

• Essentials Edition – Base plus additional feature sets• Available in one-year, three-year, and five-year subscription periods.• Volume discounts are available for customers ordering more than 1000 server subscriptions at the same time.• Cisco Smart Accounts and Smart Licensing are mandatory for Essentials.

Intersight Ordering Information


Cisco Intersight – License MigrationNo

Customer has installed

Migration to Cisco Intersight

Comments

1 IMC Supervisor Essentials Commercial $ credit for exchanging IMC-S Purchase Order / Licenses for Intersight adoption

2 UCS Central

3 UCS Director

4 C1-Foundation/ECS Perpetual

5 C1-ECS-IAAS Subscription


For more info …Cisco Smart Accounts:https://www.cisco.com/c/en/us/buy/smart-accounts.html

Setup Cisco Smart Account for your customer, if they don’t have one:https://webapps.cisco.com/software/company/smartaccounts/home?route=module/accountcreation

Cisco Smart Licensing:https://www.cisco.com/c/en/us/buy/smart-accounts/software-manager.html


Cisco IntersightArchitecture Overview


Intersight Innovations

§ Cloud-based datacenter management§ Global / Multi-Site / Data Center, Edge§ Recommendation Engine§ Real-time analytics & Machine Learning§ Forecasting

Cloud Managed

DevOps

§ Continuous integration§ Continuous delivery - services are added

with no disruption to the customers§ Continuous monitoring

Control Nodes

(Cisco DC)

Intersight Data Centers

#2#1

Manage Anywhere, 24/7/365, Cloud Scale


Maa

SC

usto

mer

Si

tes

Cisco Intersight: Management-as-a-Service

Stand-AloneUCS C-Series

HyperFlex

Cisco Intersight(SaaS or On-Prem)

Data Center 1 Data Center 2Branch A Branch N

Policy BasedOrchestration

API Driven,DevOps Enabled

Secure andCompliant

ConnectedTAC

App Store

UCS S-SeriesUnified

Computing System

Device Connector

Device Connector

Device Connector

Device Connector

Device ConnectorDevice

Connector

HyperFlex

UCSMini

Telemetry& Analytics


Device Connectors

UCS & HX become SaaS Enabled


Intersight Connection to Element Managers

A very light and autonomous piece of software allowing:• Communication with the Intersight

portal, wherever the portal is.• Capability of inserting tasks / calls

against the infrastructure (UCS Manager, Cisco IMC Software, HyperFlex, UCS Director) via the pluggable / extensible framework

Key Features• Bundled with Firmware• Embedded Product Feature• Secure Communications• Self Updated• Autonomous Check-In

UCSManager

ElementManagement

Cisco Intersight

Unique Customer InstanceTwo-factor Authentication

US Fabric Interconnect(All Servers)

IMCSoftware

ElementManagement

C-Series Servers(Standalone)

HXConnect

ElementManagement

HyperFlex(Under UCS Manager or Edge)


Device Connector reports current version each startup If Intersight determines an upgrade is needed, UpgradeRequest is created with the desired versionDevice performs upgrade• Only attempted if device is currently connected• Only impacts Device Connector – Infrastructure, Server, or HyperFlex

FW/SW remains user controlled and is not automatically updated

Intersight polls DeviceRegistration to determine upgrade success

Device Connector Upgrades


Device Connector Availability

Cisco HyperFlex: - HX v2.5.1 (or later)

Cisco UCS Manager: - UCSM v3.2 (or later)

Standalone C-Series: (M5 Servers):- IMC Software v3.1 (or later)

Standalone C-Series M4 Servers & S-Series: - Availability: Release in Planning

Cisco UCS Director - Availability: Release in Planning


HyperFlex Installer


• Deploy from anywhere!• No need for existing infrastructure or

OVA setup• Latest version always available• Reusable policy for rapid & consistent

deployment• Simple ramp-up of large HX projects

with simultaneous background deployment

• Download latest OVA from Cisco.com

• Deploy on existing infrastructure

• Run single cluster deployment

HyperFlex Installer User Experience


§ HX Edge on M5 � GA Now§ Dedicated or Shared LOM§ 1GbE Single switch or dual switch§ Nested VC option

§ HX w/FI on M4/M5 � Coming Soon

§ HX Edge on M4 � When M4 DC is available

§ Newly Manufactured Systems � GA Now

§ Field Re-imaged Systems � Coming Soon

HyperFlex Installer

q Configured network switchq Pre-install checklistq Claim HX nodes

Compatible Hardware

Pre-Requisites

Compatible Configurations


Standalone Management for UCS C-Series Servers


UCS Standalone Management SimplificationCisco Intersight Core Features and Functionality

Familiar Capabilities from IMCS Cisco Intersight Enhanced Functionality

• Platform Hardware Inventory• Hardware Health Status• vKVM Launcher (Incl. vMedia)• Firmware Inventory + Management• Call-Home (Email Alerting)• Cisco Smart Call Home• Policy/Profile Based Framework• C-Series + HX Standalone Only

UCS CentralGlobal Resource Pooling and Policy Management

UCS DirectorInfrastructure-as-a-Service and Orchestration

Third Party Infrastructure

UCS Manager

Unified Element Management

Policy-Based Automation

HyperFlex Connect

Hyperconverged Management

IMC SupervisorPolicy Management and

Remote vKVM

IMCStandalone

C-Series, S-Series

Cisco UCS: Programmable Infrastructure


UCS Standalone Management SimplificationCore Differences – IMC Supervisor vs Intersight

Cisco IMC Supervisor Cisco Intersight

• On-Premise Virtual Appliance• Feature / appliance upgrades require user

intervention and downtime• Fixed bundle licensing – 1000 servers max per

appliance• REST XML API• Database backup / redundancy requires

multiple appliances and manual intervention

• Cloud-based centralized management• Features and upgrades pushed through

the cloud to streamline availability• SaaS / Subscription based model

licensing – Smart Licensing support• RESTFUL JSON API (OpenAPI)• Cloud based redundancy -

autonomously• Cisco HyperFlex Installation• Customizable dashboards• Telemetry Data Collection /

Recommendation Engine


Live Demo


Intersight API§ UCS Management Ecosystem

§ Intersight Extensible Architecture


Integrations

Current Cisco UCS Ecosystem

Third Party Integrations

Cisco UCS Tools

UCS Director UCS PerformanceManager

Cisco Tools

Customization

Customer Tools and Portals

API

UCS ManagementPolicy and Model Driven Infrastructure

UCS Mini

UCS S-SeriesUCS C-SeriesStorage

HyperFlex SystemsHyperconverged

UCS B-SeriesServers


Single Endpoint for Management/Monitoring

Servers Network

Devices

Storage

Silos of Manual Element Management

Intersight

Restful OpenAPI

Configuration Management/Monitoring

ServersServers

StorageStorage

Network

DevicesNetwork

Devices


Cisco and 3rd Party Infrastructure

Intersight Portal

Extensible ArchitectureAdvanced Integrations

UCS HWConnector

(XML/REST)(BU / Cust. / 3rd party)

PartnerDevelopedConnectors

Inventory & Alerting

OrchestrationSecurity

& Authentication

New Connectors

Open Connector Framework

Example: Tools and SDKRestful OpenAPI


Cisco Intersight Model Browser & Swagger SpecVersioned API Downloadable Swagger Spec

Run queries in model browser

Search

Description & Detail


https://github.com/CiscoUcs/intersight-python- Generated by Intersight “Swagger Specs”

- Install instructions

- Example Usage- (add users, claim devices, etc.)

Intersight Programmability and SDKs


SecurityEnsuring data is transmitted and stored securely


Key Features in Intersight Security Architecture

Use of industry standard security protocols

Encryption of all data

Compliance with Cisco security and data handling standards

Starship security architecture


Stand-AloneUCS C-SeriesHyperFlex

Intersight Enhanced Security• Ensuring Connections• Durable websocket is used after initial

connection• Two factor authentication when claiming a

device: serial number and claim code• During subsequent transfers: identify,

authenticate, and authorize

• All communication from device is outbound• Device initiates connection• No inbound connections are needed

HTTPS/TLSStarship and device in syncwith latest security updates

Intersight


• Intersight uses an Out of Band Management Architecture to separate management data from IT production network and application data

• No disruption to customer’s IT production if Intersight connection is interrupted• Only management network accessible data (e.g., device configuration and usage)

is stored in Intersight• All sensitive data (e.g., passwords) stored in encrypted format• Application workload data does not pass through to Intersight

Management Network Separation


HTTPS (port 443) or proxy

Outbound Initiated Only (from Browser)

HTTPS (port 443) or proxy

Outbound Initiated Only (from Browser)

Intersight Device/Browser Connectivity

1. Operations/Administration

Off Premise

1. Account Setup/Creation

2. Device Claiming

3. Operations/Administration

Customer Premise

Fabric Interconnect Device Connector

C-series (IMC) Device Connector

HX Device Connector

Tier

-1, S

AS70

type

II /

SSAE

16 C

ertif

ied

Dat

acen

ters

Cloud Portal

FIPS 140-2ISO 27001HIPAAPCI (Level 1)

User Accesshttps://ucs-starship.com• cisco.com used to create a

Starship account• Becomes the “root” user• Invite other cisco.com users

• User can only be “root” for one Intersight instance

Device Access• DNS required - must resolve

svc.ucs-connect.com• Intersight always provides CA

signed x509 certificate• Two Factor Authentication for

device claim• Device Serial Number• Device Claim Code

Device Traffic

Certificate Authority (CA) Signed Certificate

User Browser Traffic

Certificate Authority (CA) Signed Certificate

TLS v1.1 (or higher)

HTTPS (port 443)

Outbound Initiated

Only (from Browser)


Features available if devices cannot communicate with Intersight:• Users can still access the local management and productions networks• All UCS policies and settings continue to be enforced• Local user authentication remains unaffected• Local configuration tools (e.g., UCS Manager) remain available

When Intersight portal is unreachable, services that are temporarily unavailable:• Global configuration and diagnostic tools provided by Intersight are unavailable• Some usage statistics are stored locally until the connection is re-established, at

which time they are pushed to Intersight• Intersight Web UI and APIs are unavailable

Local Management Availability


• Categorized/reviewed by Cisco InfoSec• Encryption methods, retention, and Cisco Employee access • Customer data not used in testing/non-production environments

Data Stored in Intersight

Data Type Cisco Internal access to data

How is Data Obtained?

User modify directly?

Retention Policy*

Customer contact information

Automated processes Cisco.com account profile

Yes Indefinite

Browser Configuration/Cookies

Automated processes Browseraccess, account login

No 90 days, session cookies cleared on logout

Telemetry/System Configuration

TAC, Engineering, Product Management (after data sanitization)

Device Connector

No 90 days, summary information kept longer


• Intersight meets or exceeds InfoSec’s requirements applying to numerous Industry Standards including the following:• PCI DSS• HIPAA• ISO 27001• FIPS 140-2• FedRAMP*

• Reports of Compliance available upon request*

Intersight Standards Compliance/Certifications

*Contact the Intersight product management team for specifics on Security related certifications


Cisco Intersight Roadmap

Tech Preview

Future >> CI/CD PipelineJuly 2017

Host Online Firmware UpdatesCisco

Intersight

Health dashboard Detailed InventoryC-Series ConfigurationHyperFlex InstallerTAC Integration

M4 Standalone Server Support

UCSM Policy Framework

HyperFlex Expansion & Upgrades

OS DeploymentTAC Proactive

Analysis

Q4 CY17


Questions?


Kommende arrangementer

https://www.cisco.com/c/da_dk/training-events/seminars.html


http://cisco.dk/connect

compute and management - cisco · iaas hyperflex compute/storage hyperflex network aci nexus 9k...

Documents