Cloud service providers are discovering that cloud computing offers compelling benefits, including cost savings due to more efficient use of infrastructure, faster time to market, and greater flexibility in the deployment of assets. However, one challenge service providers and end customers face as they move toward broader adoption of cloud technology within the data center is the management of the complex physical and virtual resources that enable cloud services.
Now Cisco has made it easier to harness the combined resources of the service provider data center and the end-to-end IP Next-Generation Network (IP NGN) for cloud services with the Cisco® Unified Service Delivery solution. In combination with this unified service provider infrastructure, the new Cisco Secure Network Container allows network administrators to swiftly represent physical and virtual network infrastructure in abstracted "containers" of services. These network containers in turn interoperate with computing and storage resource configurations that can now be orchestrated by the BMC Cloud Lifecycle Management solution to rapidly deliver new cloud services, from customer request through delivery and ongoing management.
Challenge
The platforms, technologies, techniques, and areas of specialization within data centers and extending to multiservice networks have brought tremendous value to customers around the world, while at the same time increasing operational complexity. The emergence of cloud services has increased the need to better coordinate and automate provisioning and service orchestration between network layers and computing and storage infrastructure. Without the capability to comprehensively manage the creation, activation, and ongoing support of all the resources necessary to provide cloud services, adherence to service-level agreements (SLAs), time to market, cost efficiencies, and compliance with myriad government regulations are all at risk.
A July 2010 survey of 468 business technology professionals by InformationWeek Magazine found that the top three features these individuals desired in their data centers are virtualization support, adherence to industry standards, and support for network configuration automation.
Business Benefits
Three interrelated cloud infrastructure provisioning and service orchestration solutions from Cisco and BMC Software collectively delivery benefits that service providers and their customers want in the network cloud.
Cisco Unified Service Delivery benefits include the following:
• The solution provides a virtualized end-to-end platform for deploying services across the data center and IP NGN.
• Cisco Nexus® Family switching in the data center provides a unified fabric for LAN and Fibre Channel over Ethernet (FCoE) connectivity with virtual machine awareness.
• Cisco Carrier Routing System 3 (CRS-3) and other routing platforms for the data center provide industry-leading features and performance.
• The Cisco Unified Computing System™ delivers a fully integrated solution optimized to support the deployment of virtualized workloads across the data center.
• A variety of specialized technologies and platforms provide security, reliability, optimization, and management.
• Optimization of virtualization through VMware, with support for additional server virtualization platforms, provides greater server flexibility and utilization.
BMC Cloud Lifecycle Management benefits enable service providers to do the following:
• Design and build a cloud infrastructure that meets the needs of customers.
• Deliver superior service levels while helping ensure the greatest utilization of underlying resources.
• Deploy the cloud model across heterogeneous platforms.
• Enable full-stack layered provisioning for rapid, automated resource allocation.
• Provide a self-service portal for customers through which services can be requested and managed.
Cisco Secure Network Container benefits enable service provider to do the following:
• Abstract and consolidate complex network service configurations and deployment specifications.
• Configure physical and virtual network infrastructure and network services at Layers 2 through 7 to interoperate with computing and storage resources.
• Modify these resources on each virtual machine placed in the same container.
• Securely segregate virtual and physical resources by customer.
• Enable industry-standard services across providers and infrastructure.
Solution
These three interrelated solutions make creation and delivery of cloud services faster and easier for service providers:
• The Cisco Unified Service Delivery solution combines the power of the interconnected data center with the application-aware and subscriber-aware IP NGN to form a foundation for service providers worldwide, enabling them to offer new, higher-value services such as infrastructure as a service (IaaS) and the Cisco Hosted Collaboration Solution. These products and technologies can help service providers deliver carrier-class IT services that build on both their IP NGN and data center assets.
• BMC Cloud Lifecycle Management is a cloud service delivery environment. It includes a service catalog that defines service offerings, a self-service portal for procuring resources, and management capabilities to control the cloud, among many other features. Cisco has partnered with BMC to enable a single platform to provision, configure, and manage cloud services. BMC software increases service agility and reduces complexity through autoprovisioning and configuration of the end-to-end infrastructure supporting each cloud offering. Figure 1 shows BMC Cloud Lifecycle Management integration with the Cisco Unified Computing System, one component of Cisco Unified Service Delivery.
Figure 1. BMC Cloud Lifecycle Management Solution and Integration of Cisco Unified Computing System
In a cloud model, virtualized resources are used as dynamic shared pools consisting of physical and virtual computing, networking, and storage elements. The cloud model allows dynamic binding between applications and resource pools, and automation allows these resource pools to be provisioned in minutes. BMC Cloud Lifecycle Management offers a comprehensive set of tools to autoprovision virtualized shared resource pools in the cloud.
• Cisco Secure Network Container abstracts physical and virtual network infrastructure and services using templates. These templates can then be associated with computing and storage resources and services to enable the delivery of differentiated services from the cloud.
BMC Cloud Lifecycle Management offers four predefined Cisco Secure Network Containers. These containers represent different service-level tiers (Gold, Silver, Bronze, and Basic) with different degrees of security and application-delivery services.
Cisco and BMC Cloud Lifecycle Management Integration and Provisioning Process
The integration of Cisco Unified Service Delivery and support for Cisco Secure Network Containers with BMC Cloud Lifecycle Management allows service provider customers to select, from a self-service web portal, cloud service attributes that were previously not exposed to the end user. The degree of customization possible with this self-service capability is exceptional in the industry, enabling customers to choose among many service attributes on demand, including:
• Virtual machine hosting and network orchestration with best-in-class scalability
• Multi-tenant partitioning through which customer and virtual machine traffic is fully segmented
• Various levels of security options with Layer 4 to 7 integration rules
• Application delivery services through content load-balancing options
• Secure Shell (SSH) and SSL termination
When accessing the portal, the end customer selects a service from the service catalog, which opens a remedy ticket that is processed by the BMC orchestration engine, BMC Atrium Orchestrator (AO). The orchestrator checks with the configuration management database (CMDB) to determine the availability of resources and may add or remove configuration items. If resources are available, the orchestrator begins the process of creating or otherwise modifying or removing a Cisco Secure Network Container through the BMC BladeLogic Network Automation (BNA) module, which is the network administrator component that is responsible for creating and connecting the various network elements.
Administrators can choose one or several containers in which to associate their virtual machines. Virtual machines in the same container will have the same network services, based on the customer's choice of available container options. Through the selection of appropriate container options, customers can choose the level of service that matches their specific needs.
As part of the registration and subscription process, a customer is assigned a container that includes a credential, IP address, and billing and customer management integration. These functions occupy a layer above the orchestration and configuration of the individual services within the container and are offered through a service catalog accessible through the customer portal. After the customer is assigned one or more containers, the underlying orchestration and configuration manager uniquely configures all the Layer 2 through 7 services defined in the container. The process of enabling services includes the configuration of some or all of the following components:
• VLAN
• Virtual route interfaces
• Virtual context
• Firewall rules
• Content load-balancing rules
• Virtual IP addresses
Additionally, the VPN or Multiprotocol Label Switching (MPLS) termination points from the WAN to each logical container are mapped using the orchestration engine. Figure 2 shows sample Cisco Secure Network Container and BMC Cloud Lifecycle Management workflows.
• The service request manager (SRM) collects all the information required for the container creation request and passes it to BMC AO in the form of an XML document.
• BMC AO creates the change request and initializes the associated tasks.
• According to the type of container being requested, BMC AO identifies the resources required to provision the container.
• BMC AO then reserves all the required resources and starts the container provisioning using BMC BNA.
Cloud Services Automation
These solutions from Cisco and BMC offer fully automated cloud service configurations with provisioning intelligence, eliminating what has been a very specialized, manual, time-consuming, and error-prone set of network operations. A service provider may host hundreds of customers and thousands of virtual machines, so the abstraction of complex security configurations to containers that can cross large numbers of machines can dramatically simplify configuration and provide consistency across a large deployment.
After one or more containers are assigned to a customer, the customer can configure virtual machines through the self-provisioning portal and assign virtual machines to any of the containers to which the customer has administrative rights. These containers, uniquely assigned to each customer during the initial registration and credential assignment process, are encapsulated in a rich security model. Applying the concepts of role-based access control (RBAC), customers can add, modify, and remove virtual machines within the containers to which they have access.
With the self-service portal, the low-level operations are abstracted and offered as a business services layer to the customer. The portal facilitates the assignment of hundreds of virtual machines within containers, with assignment limited only by the components in the container. The IP address space, server cluster size, and storage pool associations are encapsulated in the container. Containers can also be fully decommissioned and their resources reclaimed for use by newly created containers. Interdependency logic helps ensure that virtual machines do not become stranded or orphaned while network containers are commissioned or decommissioned.
Transparent Virtual Machine Edge Migration
Cisco has worked with BMC to enable tight integration of both the virtual machine's network interface and switch and the mapping of these services back to network container properties. These mappings include initial orchestration when the virtual machine is first provisioned through the portal, and dynamic reconfiguration of these mappings through a specific data and control mapping technology both in the Cisco Unified Computing System (UCS) server and the Cisco Nexus 1000V Switch. Cisco Virtual Network Link (VN-Link) technology enables configuration in the Cisco Nexus 1000V, and the BMC orchestration layer provides interdependency mapping between the virtual machine and service attributes in the network and the capability to reconfigure these services dynamically. BMC enables virtual machine migration by using a tagging and services mapping technology in the data plane. When a virtual machine is migrated, it retains the network services within it, and if it is moved to a different Cisco UCS server blade, it is configured again in real time. The network services at the server access edge move with the virtual machine. This orchestration and Cisco VN-Link tagging technology preserve the multi-tenant partitioning while allowing virtual machine mobility across Cisco UCS server nodes.
Customization
The orchestration stack can be modified based on a specific set of network services and containers, a customized self-service portal, customized workflows, and customized service catalogs. BMC Cloud Lifecycle Management software offers toolkits and published APIs to accommodate these customized requirements. The collaboration between Cisco and BMC has resulted in development of a common set of use cases that the service provider can start with as an initial offering, although individual service providers may want to change their services based on their business requirements. For example, a customer may want to situate a firewall or load balancer in a different logical place than what is packaged in the standard silver and gold container templates. These changes can be easily accommodated by changing some of the lower-level provisioning flows within the BMC BNA tool, while the orchestration layer is responsible for a different set of higher-level workflows. Additionally, these services can be linked through the portal with customized integration into BMC's service catalog. The service provider can choose to offer many different types of network service containers and map these to the customer registration and portal layers.
Why Cisco and BMC?
According to the Cisco Visual Networking Index Forecast covering 2008 to 2013, IT services in the cloud are expected to grow by more than 300 percent within this 5-year span. A comprehensive, automated cloud service delivery infrastructure that combines end-to-end networking resources with computing and storage infrastructure in the data center is vital for service providers to keep up with demand and provide competitive differentiation.
With the combination of the Cisco Unified Service Delivery solution, the Cisco Secure Network Container tool, and the BMC Cloud Lifecycle Management solution, service providers now have a powerful service delivery environment that reduces complexity and accelerates time-to-market. The overall offering has undergone rigorous quality testing that includes scalability, high availability, error checking, and resource management diagnostics in various failover, concurrent-transaction, and change-management conditions. The result is a cloud service creation and management environment that can support business-critical customer applications, provide exceptional customer choice through the self-service portal, and offer new revenue opportunities for service providers
