Data Center Designs Network Virtualization

Cisco Virtualized Multi-Tenant Data Center Solution 2.2 Data Sheet

  • Viewing Options

  • PDF (175.5 KB)
  • Feedback
Cisco Virtualized Multi-Tenant Data Center Solution 2.2

Table Of Contents

Cisco Virtualized Multi-Tenant Data Center Solution 2.2


VMDC 2.2 Solution Highlights

Solution Scale

Solution Topology

Solution Components

Layered Security Strategy

Differentiated Services—Example Service Tiers

Management and Automation

For More Information

Cisco Virtualized Multi-Tenant Data Center Solution 2.2


The Cisco® Virtualized Multi-Tenant Data Center (VMDC) architecture is a set of specifications and guidelines for creating and deploying a scalable, secure, and resilient infrastructure that addresses the needs of cloud computing. To develop a trusted approach to cloud computing, Cisco VMDC combines the latest routing and switching technologies, advancements in cloud security and automation, and leading edge offerings from cloud ecosystem partners. Cisco VMDC enables service providers (SPs) to build secure public clouds and enterprises to build private clouds with the following benefits:

Reduced time to deployment—Provides a fully tested and validated architecture that enables technology adoption and rapid deployment.

Reduced risk—Enables enterprises and service providers to deploy new architectures and technologies with confidence.

Increased flexibility—Enables rapid, on-demand workload deployment in a multi-tenant environment using a comprehensive automation framework with portal-based resource provisioning and management capabilities.

Improved operational efficiency—Integrates automation with multi-tenant resource pools (compute, network, and storage) to improve asset use, reduce operational overhead, and mitigate operational configuration errors.

VMDC 2.2 Solution Highlights

Details of Release 2.2

Validated data center design for enterprise or service provider scalability

Builds on top of the baseline that was established in release 2.0, validating standard data center architectures in a multi-tier, Layer 3-centric network architecture with compact to large scale specifications, using standard integrated compute stacks such as Cisco FlexPodTM and VCE VblockTM Infrastructure Packages.

Enhanced security services for improved secure multi-tenancy

Extends the security model that was established in release 2.0, which among other benefits enabled secure multi-tenancy by adding "defense in depth" strategy using Cisco Virtual Security Gateway (VSG) and Cisco Adaptive Security Appliances (ASA).

Differentiated services

Supports the same set of differentiated services defined in release 2.0 and 2.1, Gold, Silver, Bronze, and Palladium.

Multi-media application support

Extends and validates the campus quality of service (QoS) model to the data center, enabling higher quality of experience for multi-media applications such as VoIP, video, and hosted collaboration.

Layer 2 data center interconnect

Validates Virtual Private LAN Services (VPLS) and Ethernet over Multiprotocol Label Switching (EoMPLS) on the Cisco Aggregation Series Router 9000 (ASR 9000) for data center interconnect, enabling SPs to seamlessly connect their data centers through their IP-NGN networks for intra-data center connectivity as well as hybrid cloud support for connecting enterprise data centers.


Builds on top of the release 2.0 baseline and revalidates the scalability of the large pod model for parameters such as VLANs, MAC addresses, Hot Standby Router Protocol (HSRP), routes, contexts, and virtual machines.

End-to-end security

Revalidates the end-to-end security validation that was designed in release 2.0 and extended with enhanced security services for secure multi-tenancy.

High availability

Revalidates failover scenarios and the high availability of the system as designed in release 2.0.


Validates new platforms such as the ASR 9000 for data center edge, Cisco ACE30 Application Control Engine Module for virtual Server Load Balancing (vSLB), ASA5585X for virtual firewall (vFW), and VSG for virtual machine (VM) security.

Solution Scale

The following table summarizes the Cisco VMDC 2.2 scalability validation.

Compact Pod Design
Large Pod Design




Servers per pod



Virtual machines per pod



VLANs per pod



Virtual firewall contexts



Virtual load balancers



Server VLANs



MAC addresses



HSRP gateway instances



Routing protocol scale

256 Open Shortest Path First (OSPF) neighbors

480 Border Gateway Protocol (BGP) peers

Solution Topology

Solution Components



Cisco Nexus® 7010, 7018, NXOS 5.2.1

Data center services node—Cisco Catalyst® 6509-E Switch (with Virtual Switching System [VSS]), IOS 12.2(33)SXJ

Cisco ASR 9000, XR 4.1.0

Cisco ASR 1006, XE 3.4.0 15.1(3)S


Cisco Nexus 1000V switch, NXOS 4.2.1 SV1(1.4a)

Cisco Virtual Security Gateway, 4.2(1)SV1(2)

Cisco Virtual Network Management Center: 1.2(1b)

Cisco Adaptive Security Appliance 5585-60X, 8.4.2

Cisco ACE30 Application Control Engine Module, A 4.2.1


Cisco Unified Computing System™ (UCS™), 1.4(2b)

Cisco UCS 5108 Blade Server Chassis

Cisco UCS 6140 Fabric Interconnect

Cisco UCS B200 M1 Blade Server

Cisco UCS M71KR-E Emulex Converged Network Adapter (CNA)

Cisco UCS M81KR Virtual Interface Card (VIC)


VMware® vSphereTM 4.1 U1

VMware ESXi 4.1U1 Hypervisor

Cisco Nexus 1000V switch (virtual access switch)


Cisco MDS 9513 Multilayer Directors, NXOS 5.0.4d

EMC® Symmetrix® VMAXTM with Engenuity 5874

NetApp® FAS3170 and NetApp FAS6080 with ONTAP® 8.0.2

Layered Security Strategy

Security Options

Data center edge

Secured access and perimeter firewall


Layer 2 and Layer 3 VPNs

SSL and IP Security (IPsec) VPNs

Infrastructure security to protect device, traffic plane, and control plane

Core and aggregation

Device virtualization for control-, data-, and management-plane segmentation

Infrastructure security to protect device, traffic plane, and control plane services


Server load balancing to mask servers and applications

Application firewall to mitigate cross-site scripting (XSS), HTTP, SQL, and XML attacks

Infrastructure security to protect device, traffic plane, and control plane

Aggregation and access

Secure, authenticated connections

Dynamic Address Resolution Protocol (ARP) inspection

Dynamic Host Configuration Protocol (DHCP) snooping

IP source guard

Zone security (private VLANs, port switching, and port profiles with access control lists)

Infrastructure security to protect device, traffic plane, and control plane

Virtual access

Policy-based virtual machine connectivity

Mobile virtual machine security and network policies

Virtual firewall integration with Cisco Nexus 1000V switch


Role Based Access Control

Application security

Storage and storage aggregation

Fibre Channel Zoning

Differentiated Services—Example Service Tiers


Tenant-specific network services

No additional services

Load-balancing services

Firewall and load-balancing services

Firewall and load-balancing services


One VLAN per client and a single virtual routing and forwarding (VRF) instance

Multiple VLANs per client and a single VRF instance

Multiple VLANs per client and a single VRF instance

Multiple VLANs per client with both a a public and private VRF instance

Data protection


Snap: Virtual copy (local site)

Clone: Mirror copy (local site)

Clone: Mirror copy (local site)

Disaster recovery


Remote replication (with specific recovery-point objective [RPO] or recovery-time objective [RTO])

Remote replication (any-point-in-
time recovery)

Remote replication (any-point-in-
time recovery)

Workload sizing (number of virtual machines per core)

4:1, 2:1, or 1:1

4:1, 2:1, or 1:1

4:1, 2:1, or 1:1

4:1, 2:1, or 1:1

Management and Automation

VMDC 2.2 is complemented by a set of orchestration, automation, and management software. For details contact your Cisco account representative.

For More Information

For more information about Cisco VMDC, visit and consult your Cisco account representative.