Cisco Multicloud Portfolio: Overview
Cloud Consume overview
Cloud Consume use cases
Cloud Consume benefits
Application profile sharing
Validated deployment steps
Cloud computing is changing rapidly. To get the best technological and business advantage, you need an evolving cloud strategy to put the right workload in the right environment. You have many choices, and there are good business reasons to use different on-premise or cloud environments: agility, efficiency, costs, security, control, compliance, and performance, to name a few. As a result, a growing mix of applications is available across multiple environments. These applications need to be managed to deliver the promised benefits of cloud.
The ability to deploy applications at an accelerated rate is one of the primary advantages of cloud. However, this rapid deployment also tends to increase the pressure organizations put on their teams. CIOs of organizations are concerned that in their efforts to meet shrinking deadlines teams will bypass the governance rules that are required for their business.
This guide documents how the Cisco CloudCenter™ solution can help you maintain the visibility and control, and proactively enforce governance rules to prevent security breaches, reduce compliance headaches, and lower operating costs. The audience for this guide includes, but is not limited to, infrastructure administrators and application developers.
Cisco Multicloud Portfolio: Overview
In a multicloud world, growing complexity is driving a cloud gap between what your customers require and what your people, processes, and tools can support. With the Cisco Multicloud Portfolio, we make it simple: simple to connect, simple to protect, and simple to consume.
The Cisco Multicloud Portfolio is a set of essential products, software, and services supported with simplified ordering and design and deployment guides to help you when it comes to multicloud adoption. The Cisco Multicloud Portfolio consists of four component portfolios (Figure 1):
● Cloud Advisory: Helps you design, plan, accelerate, and reduce risk during your multicloud migration
● Cloud Connect: Securely extends your private networks into public clouds and helps make sure of the appropriate application experience
● Cloud Protect: Protects your multicloud identities, direct-to-cloud connectivity, data, and applications, including Software as a Service (SaaS) and detects infrastructure and application threats on-premises and in public clouds
● Cloud Consume: Helps you deploy, monitor, and optimize applications in multicloud and container environments
Figure 1. Cisco Multicloud Portfolio: Cloud Advisory, Cloud Connect, Cloud Protect, and Cloud Consume
Cloud Consume overview
Cloud Consume consists of essential products to help you maintain governance and control in multicloud environments:
● Cisco CloudCenter
● Cisco Container Platform
For detailed use cases, see the section about Cloud Consume on the portfolio’s solution page at https://www.cisco.com/go/multicloud.
Cloud Consume use cases
Cloud Consume allows you to scale applications, gain visibility into application performance, control cloud spend, and manage the full application lifecycle. Cloud Consume delivers value in the following use cases:
● Optimize resources by scaling applications based on end-user performance and business metrics (such as conversion rate, page loading time) to align with your organization’s needs.
● Apply governance and control of who deploys what and where to ensure security and compliance while controlling resource usage and cloud costs.
● Optimize service quality by identifying and responding to emerging issues before they impact your business.
● Seamless deployment and monitoring using automated provisioning of fully configured application stacks with monitoring agents into any environment.
● Optimize code by identifying code-level performance issues.
● Migrate with comparison by first identifying services to migrate and then getting an accurate view of application technical and business metrics—before and after—to prove migration success.
● Simplify deployment and management of Kubernetes containers through automation and end to end lifecycle management of container clusters.
● Optimize containers for multicloud environments - on-premises and in public clouds e.g. GCP etc.
Cloud Consume benefits
Cloud Consume benefits include:
● Seamless deployment and monitor of applications across multicloud
● Identification of performance trends to right-size IT resources and control cloud spend
● Identification of application dependencies to prioritize migration candidates
● Analysis of user, app, and business performance before and after migration
● 20–30 times faster application deployment time
● 10–20 percent lower overall TCO
● Faster application turnaround cycles (develop-test-stage-run)
● Assurance of multicloud performance
● Collection of business metrics (such as conversion rates, costs) to drive cloud-consumption decisions
● Reduced complexity with fully curated, open container management for production-grade Kubernetes
The majority of organizations worldwide have begun to adopt a hybrid cloud strategy. The ability to deploy applications in hours, rather than days or weeks, is a primary factor in the adoption of public cloud among application developers. However, the ease of availability and increased pressure to deploy applications more quickly has CIOs concerned that teams will bypass the governance rules that are required for their business.
No cloud-management platform is complete without governance. With the proper tools in place, you can maintain control of who is deploying what into which cloud. In this way, you can address security issues, reduce compliance risks, and lower operational costs.
The key aspect of governance involves visibility and control. Visibility and control are vital to your business because they enable you to be proactive and prevent security breaches rather than simply react to breaches that have already occurred.
The Cisco CloudCenter solution is a hybrid cloud management platform that securely provisions infrastructure resources in data centers, private clouds, and public clouds so that you can quickly and easily model, deploy, and manage applications and data in any environment. Whether you are deploying simple or complex workloads to one or many environments, Cisco CloudCenter enables your users to serve themselves without having to understand the nuances of the underlying automation mechanisms or cloud environments.
The solution supports a wide range of uses in enterprise IT organizations, including application migration, DevOps automation across various cloud environments, and dynamic capacity augmentation within or between clouds. It also can serve as the foundation for a comprehensive hybrid IT-as-a-Service (ITaaS) delivery strategy.
Each cloud, whether private or public, uses a different approach when it comes to compute, network, security, and storage. Cisco CloudCenter abstracts these differences for the end user, providing a single-pane-of-glass approach that makes deployment of applications seamless across all clouds without the need for cloud-specific scripting. In addition to eliminating cloud lockin, it also simplifies cost control, security, governance, and portability.
Cisco CloudCenter begins with a cloud-independent and portable object model called an application profile that combines infrastructure-automation and application-automation layers in a single, deployable blueprint. Application profiles define each application’s deployment and management requirements, as well as outline the relationship between users, deployment environments, and deployable blueprints.
Cisco CloudCenter also abstracts Infrastructure as a Service (IaaS) APIs that are different in each environment, and it uses a unique patented architecture to allow a single deployable blueprint to be used in the user’s choice of target environments. These cloud-specific orchestrators’ abstract applications from the cloud, interpret the applications’ needs, and translates these needs to cloud-specific services and APIs.
● Descriptions of application topology and dependencies
● Infrastructure resource and cloud-service requirements
● Descriptions of deployment artifacts, including packages, binaries, scripts, and (optionally) data
● Orchestration procedures needed to deploy, configure, and secure all application components
● Run-time policies that guide ongoing lifecycle management
Each application profile can also provide details such as upgrade information and backup-and-restore information that is needed when migrating an application from cloud to cloud.
Cisco CloudCenter provides the visibility and control you need to maintain governance in your organization. With its simple two-part architecture, Cisco CloudCenter delivers fast time-to-value with simplified deployment that does not require major professional services. As an enterprise-class solution, Cisco CloudCenter provides a secure, scalable, extensible multitenant platform that meets the needs of even the most demanding IT organizations and cloud service providers. At the same time, it makes department-level deployments easy for IT and users to deploy and manage applications in any data center or cloud environment.
The Cisco CloudCenter hybrid cloud management platform securely provisions infrastructure resources and deploys application components and data in more than 19 data center and private and public cloud environments. The solution supports a wide range of uses in enterprise IT organizations, including application migration, DevOps automation across various cloud environments, and dynamic capacity augmentation within or between clouds. It also can serve as the foundation for a comprehensive hybrid ITaaS delivery strategy.
The prerequisites for this design are:
● You need basic knowledge of Cisco CloudCenter.
● The platform must be set up and running.
● Multiple clouds must be integrated into Cisco CloudCenter using orchestrators.
● Image mappings must be set up for the clouds that are being used.
Please refer to https://docs.cloudcenter.cisco.com/ for details on installation and configuration.
Cisco CloudCenter abstracts IaaS APIs that are different in each environment and uses a unique and patented architecture to allow a single deployable blueprint to be used in a user’s choice of target environment. Under the hood, the application profile object model defines relationships between users, deployment environments, and deployable blueprints.
The result is a single set of policies that can implement governance and controls across users, applications, and multiple target deployment environments. Effectively, Cisco CloudCenter puts a governance wrapper around everything. This capability enables you to create designated control paths for users to follow, making both your job and the jobs of your end users easier.
The Cisco CloudCenter platform supports a wide range of controls to enable tag-based governance. Through tags, administrators can control user actions to simplify user placement, deployment, and run-time actions. Put another way, tags provide a means to limit choices and guide users into making good decisions that maintain governance rules.
To implement effective governance and control in a multicloud environment, several design aspects need to be considered:
● Overall strategy
● Cost control
● Security profiles
● Application profile sharing
● Tag-based governance
The first step to comprehensive governance and control is to outline your overall strategy. A best practice for designing your Cisco CloudCenter governance model is to begin by considering the specific requirements of your organization. Determine answers to the following questions.
● Which users are allowed to deploy workloads to multicloud environments?
● How many deployments can these users make?
● What authority do these users have across the various states of the development and release cycles?
● Which applications can be deployed?
● How are these applications configured?
● Which services are included in each application?
● Where does each workload reside?
● Do workloads have sensitive data that determines their destination?
● Is the destination of a workload determined by the various stages of its lifecycle?
● Should workloads be alive only during business hours?
● Can deployments be terminated or suspended?
● How long should workloads be alive?
● Are self-service, preapproved deployments unlimited?
● Can users choose any instance size they want?
● Can deployments be scaled out?
● What is the budget associated with each workload?
● Is there a time limit on specific deployments?
● Can this time limit be extended?
● Can workloads be suspended?
Billing governance allows you to control how much a user can provision in a multicloud environment. Financial controls for each deployment are available in the form of plans and bundles that provide budget and capacity details, charges for each virtual machine, cloud time cost, and so forth.
To implement billing governance, Cisco CloudCenter allows you to assign a usage plan to each user (Figure 2). As an administrator, you can choose a plan that restricts user in different ways:
● VM Hour Subscription: Specifies the number of virtual machines per month. Rollover options can be enabled.
● VM Subscription: Specifies the number of concurrent virtual machines allowed across all clouds.
● Prepaid VM Hour Bundle: Limits users by a prepaid cost limit.
● Prepaid Budget Bundle: Unlimited use of applications until the budget is exhausted.
● Unlimited Subscription: No limitations on usage.
Figure 2. You can assign an individual usage plan to each user
An environment is a resource that consists of one or more associated cloud regions and cloud accounts that have been set aside for specific deployment purposes (Figure 3). Users deploy applications to deployment environments, and deployment environments can be shared with multiple users.
Figure 3. Environments are associated with one or more cloud regions and cloud accounts
You can designate environments in a number of different ways, such as by associating deployment environments with different stages of the release cycle. For example, a development environment could be linked with a development cloud, and a production deployment environment could be associated with a production-grade high-performance cloud that has a higher cost. Users on a development team would only be able to deploy to the development environment, while users on an operations team would be limited to deploying to the production environment.
Another option is to associate deployment environments with different data centers. For example, you could have a deployment environment for your data center in San Jose and a different environment for a data center in Dallas (Figure 4).
Figure 4. You can associate environments with specific data centers
Policies determine how long deployments can run and whether they can be scaled out. They allow you to specify the how long and when aspects of governance.
Cisco CloudCenter allows you create a variety of policies that can be associated with each deployment.
Aging policies cause the Cisco CloudCenter platform to suspend and optionally terminate each application deployment that is associated with the policy. An aging policy is activated after an application deployment has been running for a designated period (Figure 5) or has reached a specified cost threshold (Figure 6).
Figure 5. Aging policies can trigger suspension or termination after a designated period of time
Figure 6. Aging policies can trigger suspension or termination after a deployment has reached a specified cost threshold
Scaling policies increase or decrease the number of virtual machines for each application deployment tier that is associated with the policy (Figure 7).
Figure 7. Scaling policies can increase or decrease the number of virtual machines for each deployment tier
Suspension policies suspend deployment following a schedule configured by the administrator. For example, to lower operating costs, a suspension policy could suspend all virtual machines after business hours when they are not needed and turn them back on at the start of the business day (Figure 8).
Figure 8. A suspension policy can lower operating costs by suspending virtual machines after business hours
To configure security on the cloud, you can define policies that define ingress and egress rules that are dynamically associated with a Cisco CloudCenter deployment using specific tag rules (see Figure 9). For example, you can create a profile for deployments to a development environment that has a few more open ports than the profile for a production environment. In this case, in the production environment port 22 might be closed whereas it is open in the development environment. Security profiles can be associated with system tags so that while it is in governance mode the profile is automatically selected and attached.
Figure 9. You can define security profiles that dynamically apply ingress and egress rules to virtual machines deployed in the cloud
Application profile sharing
With environments, policies, and usage defined, you can determine which applications users can deploy by creating an application profile. Once an application profile has been created, the owner of the profile can share it with users either through access control (Figure 10) or by publishing the application to the marketplace (Figure 11).
Figure 10. You can share application profiles with users through access control
Figure 11. You can share application profiles with users through the marketplace
Tags are the method by which the Cisco CloudCenter platform brings together all the aspects of governance and control. You can guide and control user actions with tag-based automation, which simplifies user placement, deployment, and run-time decisions. You can identify tags with easy-to-understand labels such as Development, Production, and Testing You can then specify the rules associated with each tag: the rules that control the selection of the appropriate deployment environment, firewall rules, and/or aging policy rules (Figure 12). When users want to deploy an application profile, they simply add the required tags. They do not need to understand the underlying rules and policies that are automatically put into place.
Figure 12. You can create tags, label them appropriately, and specify the rules associated with each one
Tags can specify deployment to an appropriate deployment environment. For example, a tag labeled Development could specify deployment to Amazon Web Services (AWS), while a tag labeled HIPAA could specify deployment to a data center with managed by Cisco Application Centric Infrastructure (Cisco ACI™) software that has microsegmentation that is appropriate for sensitive data. You can also use these tags to reflect the different stages of release cycles or to designate different sites for your data centers (Figure 13). Note that the user using the tag does not need to understand how the tag works to use it.
Figure 13. Tags can reflect the different stages of release cycles
Tags can specify firewall rules and port settings. They can also be linked to a security profile and applied to a specific application tier or to an entire deployment. A Development tag, for example, could specify a security profile that opens all ports. A Production tag could specify a security profile that closes all ports except the one needed for network monitoring.
Tags can specify day-2 operations. For example, tags can be used to specify aging, scaling, and suspension policies that are monitored and enforced over time. By linking tags to run-time policies, you can control ongoing management of workloads deployed by Cisco CloudCenter (Figure 14).
Figure 14. Tags can specify run-time policies like aging, scaling, and suspension to be enforced over time
Validated deployment steps
Tags allow you to form a logical grouping of various objects in CloudCenter. You can attach a tag to a deployment environment, aging policy, scaling policy, suspension policy, or a security profile. When an application is deployed and the tag is chosen, the environment and the policies are automatically attached.
Step 1: Choose and deploy your application (Figure 15).
Figure 15. Deploy your application
Step 2: Choose your tag (Figure 16). Based on the tag, the aging policy and the suspension policy are automatically selected. In this case, the tag DEV has been associated to an aging policy called 1 month, a suspension policy called PST Business Hours, and a deployment environment called DEV.
Figure 16. Choose your tag
Step 3: The deployment environment is preselected based on the tag chosen (Figure 17).
Figure 17. The deployment environment is preselected based on the tag chosen
For any questions, please refer to these additional resources:
● Cisco CloudCenter Communities:
● Cisco CloudCenter information:
● Product documentation:
● Software download:
● End-user guide:
For a complete list of all of our design and deployment guides for the Cisco Multicloud Portfolio, including Cloud Consume, visit https://www.cisco.com/go/clouddesignguides.
About Cisco design and deployment guides
Cisco Design and Deployment Guides consists of systems and/or solutions designed, tested, and documented to facilitate faster, more reliable, and more predictable customer deployments. For more information visit: https://www.cisco.com/go/designzone.
ALL DESIGNS, SPECIFICATIONS, STATEMENTS, INFORMATION, AND RECOMMENDATIONS (COLLECTIVELY, "DESIGNS") IN THIS MANUAL ARE PRESENTED "AS IS," WITH ALL FAULTS. CISCO AND ITS SUPPLIERS DISCLAIM ALL WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OR ARISING FROM A COURSE OF DEALING, USAGE, OR TRADE PRACTICE. IN NO EVENT SHALL CISCO OR ITS SUPPLIERS BE LIABLE FOR ANY INDIRECT, SPECIAL, CONSEQUENTIAL, OR INCIDENTAL DAMAGES, INCLUDING, WITHOUT LIMITATION, LOST PROFITS OR LOSS OR DAMAGE TO DATA ARISING OUT OF THE USE OR INABILITY TO USE THE DESIGNS, EVEN IF CISCO OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
THE DESIGNS ARE SUBJECT TO CHANGE WITHOUT NOTICE. USERS ARE SOLELY RESPONSIBLE FOR THEIR APPLICATION OF THE DESIGNS. THE DESIGNS DO NOT CONSTITUTE THE TECHNICAL OR OTHER PROFESSIONAL ADVICE OF CISCO, ITS SUPPLIERS OR PARTNERS. USERS SHOULD CONSULT THEIR OWN TECHNICAL ADVISORS BEFORE IMPLEMENTING THE DESIGNS. RESULTS MAY VARY DEPENDING ON FACTORS NOT TESTED BY CISCO.
CCDE, CCENT, Cisco Eos, Cisco Lumin, Cisco Nexus, Cisco StadiumVision, Cisco TelePresence, Cisco WebEx, the Cisco logo, DCE, and Welcome to the Human Network are trademarks; Changing the Way We Work, Live, Play, and Learn and Cisco Store are service marks; and Access Registrar, Aironet, AsyncOS, Bringing the Meeting To You, Catalyst, CCDA, CCDP, CCIE, CCIP, CCNA, CCNP, CCSP, CCVP, Cisco, the Cisco Certified Internetwork Expert logo, Cisco IOS, Cisco Press, Cisco Systems, Cisco Systems Capital, the Cisco Systems logo, Cisco Unified Computing System (Cisco UCS), Cisco UCS B-Series Blade Servers, Cisco UCS C-Series Rack Servers, Cisco UCS S-Series Storage Servers, Cisco UCS Manager, Cisco UCS Management Software, Cisco Unified Fabric, Cisco Application Centric Infrastructure, Cisco Nexus 9000 Series, Cisco Nexus 7000 Series. Cisco Prime Data Center Network Manager, Cisco NX-OS Software, Cisco MDS Series, Cisco Unity, Collaboration Without Limitation, EtherFast, EtherSwitch, Event Center, Fast Step, Follow Me Browsing, FormShare, GigaDrive, HomeLink, Internet Quotient, IOS, iPhone, iQuick Study, LightStream, Linksys, MediaTone, MeetingPlace, MeetingPlace Chime Sound, MGX, Networkers, Networking Academy, Network Registrar, PCNow, PIX, PowerPanels, ProConnect, ScriptShare, SenderBase, SMARTnet, Spectrum Expert, StackWise, The Fastest Way to Increase Your Internet Quotient, TransPath, WebEx, and the WebEx logo are registered trademarks of Cisco Systems, Inc. and/or its affiliates in the United States and certain other countries.
All other trademarks mentioned in this document or website are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company. (0809R)
© 2018 Cisco Systems, Inc. All rights reserved.