vmworld

What are some of the conversations at Cisco Booth? #CiscoACI

@furrier Comparing SDN options - NSX vs. ACI

@furrier Three customers had security concerns, separating Dev environments from Production and one tenant from another.

It need not be either-or. ACI runs NSX like any othe reapplication well. The benefit is that your get deep visibility into all your app and tenant health across P+V

I was talking to @jimmchugh this morning USC from Cisco is #1 in blades.. integrating SDN is something that is very interesting

UCS is #1 in USA, and second worldwide in X86

Very true. The application policy model can be used implement any application, even NSX.

@furrier That's not surprising about UCS' rise. The defining of compute profiles is just as powerful and necessary as SDN or SDS. The maturing of the UCS platform has been well received by customers and the market share shows that

@furrier Jim McHugh spoke about UCS, SAP, and ACI here http://bit.ly/1LJGdf...

. @HPettyIII Jim also mentioned the notion of unified which has been a Cisco effort now adopted by VMware

@furrier there is a lot of upside for UCS still as we go after BigData

. @RaviBala8 Yes Jim is speaking at #BigDataNYC event next month at #stratahadoop so YES #bigdata is more upside for #CiscoUCS

From customer discussions, the key question that comes back is how do I become agile to compete with Amazon ? How can I offer services as well as Amazon in a private cloud env ?

@furrier Anand is exactly right. Enterprises needs to offer full service cloud, not just IaaS, with high internal governance. AWS and other public cloud services should be part of the brokered infrastructure under control of Enterprise IT, not replacing.

@jeremy_oakey ACI is UCS for networks

@anand_louis In many cases I'd say that is the wrong question. Maybe you can't compete with Amazon? Are you spending 300mil a quarter on your private cloud? Have a strategy that embraces both and let the business decide the best execution venue.

@netkiran built around the same principles of abstraction and profile based automation, imparting state on demand etc

@anand_louis How do I move my app seamlessly from AWS to my private cloud while preserving my network and security policies for my app?

great point

Do you think that Policy-based {fill in the blank} is overused or is it relevant today?

There is a big difference between device policies and application policies. I always say "application policy based..."

If no one uses it, does it matter? I think the solution has to provide value and agility without making the entire system more complex and fragile. If intent can improve in an org with better uptime and speed then policy-based is relevant.

It is on old term but there is an exciting new use of it in cloud across compute, network, and storage applied to applications

Congress is an important industry effort to address this

it is key to convey that a policy is needed to enforce some level of consistency - this applies to security, application deployment and networking

What users really care about are policies for managing access to enterprise data, for different tenants and QoS, availability. Translating this to device policies and configuration quickly and accurately is the automation challenge of our time.

application centered policy help automate the provisioning of all supporting infrastructure to deploy app in private, public, and hybrid cloud. It is a huge need that was touched on during today's vmworld keynote with Pat Gelsinger

while hype is never far, in this case it's substance that makes it relevant: #ciscoACI policy based declarative approach to make infrastructure cater to application needs

Intent is what an agent has chosen to do. Normally this is used as an intent to achieve a desired state or a promise to do so

This is the declarative vs. imperative, promise theory based architecture. ACI is built for scale, where the controller provides the end state to the nodes (services or switches), it is up to the agent to implement the intent, Very powerful !!!

Intent documents what the infrastructure is supposed to do. Documentation is huge for the Operations teams. It also simplifies the job of provisioning.

Intent means user and business intentWhat users really care about are policies for managing access to enterprise data, for different tenants and QoS, availability.

Think of an air traffic controller who tells a pilot he can take off an dfly to Chicago from SFO. The pilot intends to take the passengers to Chicago. The air traffic controller doesn't need to tell the pilot to control flaps and throttle.

this "intent" based architecture allows controllers a la google to scale, implemented also in the server world with Puppet manifest, where a patch can be applied to 100s of servers in a single shot

I think of "commander's intent" and how does the business goal translate down to technology and get out to where the revenue is created? Silos of tech wizards and manual processes can't be agile and intent can get lost in the processes.

if so inclined to learn more about "promise theory", http://www.amazon.co...

@HPettyIII I'm a fan of a self-documentation view of the apps and infrastructure as code that is checked in so tacit knowledge isn't lost when the expert leaves or there is a need to scale beyond the one expert. The expert's intent can be captured.

@anand_louis I talked to Puppet CEO Luke Kanies about intent here - https://www.sdxcentr...

When security guys leave, it's terrific to have the security intent documented so that app decommissioning also can clean up security rules

yes to Harry's point - that is day-2 clean up that helps in compliance

In most environments, applications exist that use both VMs and bare metal hosts. Its nearly impossible to restrict tenants or applications to the virtual domain exclusively. ACI is able instantiate the application on both virtual and physical.

The one problem I see with the NSX approach is the oversimplification of the underlay network (physical). You may get the impression you could buy $50 switches from your local computer store and NSX would be magic on top of them.

example - customer apps run in bare metal servers and VMs

cisco ACI uses consistent approach for controlling P+V and bringing visibility across P+V

ability to orchestrate policy across Vms, Bare metal, container based applications

ACI is built to handle mutli-hypervisor and baremetal.

I love this topic. It's speaks to what customers want - easy to deploy, manage, programmable infr #CiscoACI

the physical+virtual capability of ACI also extends to orchestrating L4-L7 services (F5 BIG-IP, Citrix NS etc both physical applicances and VM based)

We still have a lot of IT orgs that are deploying baremetal workloads - mainly for big data apps like Hadoop

@anand_louis spot on Anand - also, many companies run Oracle/RAC like apps on bare-metal

@jeremy_oakey oversimplification of overlay or underlay is just sweping future problems under the carpet!

@jeremy_oakey #CiscoACI is the best underlay of any virtual overlay. IT staff will reduce the time it spends on areas such as datacenter access, access control, and load balancing requests by an average of 58.1%

@HPettyIII Agreed. There is a wealth of experience around asics, protocols and features that we are building upon to make virtual and cloud better. Their maturity makes them seem simple. Maybe we should buy all those CCIEs with #s under 4k a drink?!