Design Guide
Last Updated: June 20, 2017
About the Cisco Validated Design (CVD) Program
The CVD program consists of systems and solutions designed, tested, and documented to facilitate faster, more reliable, and more predictable customer deployments. For more information visit
http://www.cisco.com/go/designzone.
ALL DESIGNS, SPECIFICATIONS, STATEMENTS, INFORMATION, AND RECOMMENDATIONS (COLLECTIVELY, "DESIGNS") IN THIS MANUAL ARE PRESENTED "AS IS," WITH ALL FAULTS. CISCO AND ITS SUPPLIERS DISCLAIM ALL WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OR ARISING FROM A COURSE OF DEALING, USAGE, OR TRADE PRACTICE. IN NO EVENT SHALL CISCO OR ITS SUPPLIERS BE LIABLE FOR ANY INDIRECT, SPECIAL, CONSEQUENTIAL, OR INCIDENTAL DAMAGES, INCLUDING, WITHOUT LIMITATION, LOST PROFITS OR LOSS OR DAMAGE TO DATA ARISING OUT OF THE USE OR INABILITY TO USE THE DESIGNS, EVEN IF CISCO OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
THE DESIGNS ARE SUBJECT TO CHANGE WITHOUT NOTICE. USERS ARE SOLELY RESPONSIBLE FOR THEIR APPLICATION OF THE DESIGNS. THE DESIGNS DO NOT CONSTITUTE THE TECHNICAL OR OTHER PROFESSIONAL ADVICE OF CISCO, ITS SUPPLIERS OR PARTNERS. USERS SHOULD CONSULT THEIR OWN TECHNICAL ADVISORS BEFORE IMPLEMENTING THE DESIGNS. RESULTS MAY VARY DEPENDING ON FACTORS NOT TESTED BY CISCO.
CCDE, CCENT, Cisco Eos, Cisco Lumin, Cisco Nexus, Cisco StadiumVision, Cisco TelePresence, Cisco WebEx, the Cisco logo, DCE, and Welcome to the Human Network are trademarks; Changing the Way We Work, Live, Play, and Learn and Cisco Store are service marks; and Access Registrar, Aironet, AsyncOS, Bringing the Meeting To You, Catalyst, CCDA, CCDP, CCIE, CCIP, CCNA, CCNP, CCSP, CCVP, Cisco, the Cisco Certified Internetwork Expert logo, Cisco IOS, Cisco Press, Cisco Systems, Cisco Systems Capital, the Cisco Systems logo, Cisco Unified Computing System (Cisco UCS), Cisco UCS B-Series Blade Servers, Cisco UCS C-Series Rack Servers, Cisco UCS S-Series Storage Servers, Cisco UCS Manager, Cisco UCS Management Software, Cisco Unified Fabric, Cisco Application Centric Infrastructure, Cisco Nexus 9000 Series, Cisco Nexus 7000 Series. Cisco Prime Data Center Network Manager, Cisco NX-OS Software, Cisco MDS Series, Cisco Unity, Collaboration Without Limitation, EtherFast, EtherSwitch, Event Center, Fast Step, Follow Me Browsing, FormShare, GigaDrive, HomeLink, Internet Quotient, IOS, iPhone, iQuick Study, LightStream, Linksys, MediaTone, MeetingPlace, MeetingPlace Chime Sound, MGX, Networkers, Networking Academy, Network Registrar, PCNow, PIX, PowerPanels, ProConnect, ScriptShare, SenderBase, SMARTnet, Spectrum Expert, StackWise, The Fastest Way to Increase Your Internet Quotient, TransPath, WebEx, and the WebEx logo are registered trademarks of Cisco Systems, Inc. and/or its affiliates in the United States and certain other countries.
All other trademarks mentioned in this document or website are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company. (0809R)
© 2017 Cisco Systems, Inc. All rights reserved.
Table of Contents
Private Cloud: VersaStack with Cisco ACI and IBM SVC
VersaStack Private Cloud Components
Cisco Unified Computing System
Cisco Nexus 9000 based Application Centric Infrastructure
Cisco Adaptive Security Appliance – ASA
VersaStack for Hybrid Cloud Add-on Components
Hybrid Cloud Management System: Cisco CloudCenter
Copy Data Management: IBM Spectrum Copy Data Management
Public Cloud: IBM Bluemix Cloud
Cisco Prime Services Catalog (Optional)
VersaStack for Hybrid Cloud with Cisco CloudCenter
VersaStack for Hybrid Cloud Physical Topology
IBM Bluemix Virtual Private Network (VPN) for Management Access
IBM Bluemix Direct Link (Optional)
Network segmentation in IBM Bluemix
Cisco CloudCenter – Architecture and Setup
CloudCenter Orchestrator (CCO)
Management Agent and Base OS Images
CloudCenter Multi-Tenancy Design
VersaStack for Hybrid Cloud: CloudCenter Components Deployment
CloudCenter: VersaStack Private Cloud Configuration
CloudCenter: IBM Bluemix Public Cloud Configuration
OpenCart Application Deployment Overview using Cisco CloudCenter
Model Cloud-Agnostic Application Profile
Deploy On-demand to VersaStack Private Cloud or IBM Bluemix Public Cloud
VersaStack Application Protection with IBM Spectrum Copy Data Management
VersaStack Application Protection Physical Topology
VersaStack Application Protection and Recovery
Deploy Application to VersaStack Data Center with Data Availability
Script Integration with Spectrum Copy Data Management
Deployment Hardware and Software
Cisco Validated Designs (CVDs) deliver systems and solutions that are designed, tested, and documented to facilitate and improve customer deployments. These designs incorporate a wide range of technologies and products into a portfolio of solutions that have been developed to address the business needs of the customers and to guide them from design to deployment.
Cisco and IBM have partnered to deliver a series of VersaStack solutions that enable strategic data center platforms with the above characteristics. VersaStack solution delivers an integrated architecture that incorporates compute, storage and network design best practices thereby minimizing IT risks by validating the integrated architecture to ensure compatibility between various components. The solution also addresses IT pain points by providing documented design guidance, deployment guidance and support that can be used in various stages (planning, designing and implementation) of a deployment.
The VersaStack for Hybrid Cloud solution, covered in this CVD is a converged infrastructure solution including Cisco ACI and IBM SVC storage with additional software components that deploy and manage applications and automate application-aware data to and between data center and cloud environments. This “converged cloud” capability extends existing VersaStack solutions that include both IBM and Cisco best-in-class hardware and software products. It adds easy-to-consume hybrid cloud solutions to scalable and automate VersaStack infrastructure.
The Solution also provides Enterprises the ability to get control over their Copy Data across the enterprise Hybrid IT Infrastructure, delivering the right data copy for the right business function, at the right time and in the right location all within a single, simplified and automated platform.
The VersaStack for Hybrid Cloud design showcases:
· Cisco ONE Enterprise Cloud Suite, which includes CloudCenter to automate self-service application deployment to users’ choice of on-premises or public loud environments. It works with more than 20 cloud types and regions, including IBM Bluemix® Infrastructure (formerly SoftLayer®).
· IBM Spectrum™ Copy Data Management that orchestrates the creation, distribution, efficient use, and retention of application-aware copies of data on-premises. This capability builds on the wide range of IBM storage solutions that can be included in VersaStack.
VersaStack solution is a pre-designed, integrated and validated architecture for data center that combines Cisco UCS servers, Cisco Nexus family of switches, Cisco MDS fabric switches and IBM Storwize and FlashSystem Storage Arrays into a single, flexible architecture. VersaStack is designed for high availability, with no single points of failure, while maintaining cost-effectiveness and flexibility in the design to support a wide variety of workloads.
As Enterprises are adopting both the Private and Provider Clouds (Public Clouds), they want the flexibility to place their workloads in either of the two clouds based on their needs as well as company policy and/or compliance requirements. As the Enterprise business grows rapidly and requires additional compute resources, Enterprise IT wants to take advantage of resources in the Public Clouds rather than building out additional Data Centers or adding additional compute resources in their Private Cloud.
Combining Cisco CloudCenter and IBM Spectrum Copy Data Management technologies in VersaStack implementations creates VersaStack for Hybrid Cloud with a hybrid cloud management layer enabling orchestration, deployment, management and migration of applications across data center, public cloud and private cloud environments. The solution allows enterprises to:
· Improve business agility by deploying applications now and moving to an optimal environment later
· Migrate applications and data to the cloud
· Enable end-to-end data management through tracking and management of copies
VersaStack for Hybrid Cloud provides the flexibility to choose the best deployment option for a wide variety of enterprise IT workloads, while freeing up resources in the data center for new-generation applications and cognitive workloads.
The intended audience of this document includes, but is not limited to, sales engineers, field consultants, professional services, IT managers, partner engineering, and customers who want to take advantage of an infrastructure built to deliver IT efficiency and enable IT innovation.
The following design elements distinguish this version of VersaStack from previous models:
· Integration of Cisco CloudCenter with VersaStack with Cisco ACI and IBM SVC as Private Cloud
· Integration of Cisco CloudCenter with IBM Bluemix as Public Cloud
· Secure Connectivity between the VersaStack Private Cloud and the IBM Bluemix Public Cloud
· Cisco ONE Enterprise Cloud Suite, Cisco CloudCenter
· Cisco CloudCenter integration with Cisco ACI
· IBM Spectrum Copy Data Management
· IBM Storwize V7000 as secondary storage for data protection
· Optional: Support for Cisco Prime Services Catalog
For more information on previous VersaStack models, please refer the VersaStack guides at:
VersaStack for Hybrid Cloud provides a powerful Hybrid Cloud solution using VersaStack converged infrastructure extended to IBM Bluemix Public Cloud and inclusion of Cisco CloudCenter and IBM Spectrum Copy Data Management software components to deploy, provision, and manage applications and data in hybrid cloud environments
This solution supports both traditional and emerging cloud native applications; it delivers extensive IT automation and hybrid cloud versatility for applications and data.
In addition to providing a simplified, comprehensive, on-premises IT infrastructure with agile cloud connectivity and data management, VersaStack for Hybrid Cloud can be used by enterprises to gain a variety of benefits, such as:
· “Converged cloud” IT infrastructure that allows easy movement of applications and data across on-premises and cloud environments such as IBM Bluemix Infrastructure to optimize cost and performance
· End-to-end copy data management to lower storage capacity requirements and accelerate application development and testing
· IT as a service to balance user self-service on-demand deployment and management in environments with central governance and control
· Capacity utilization optimization with automated standup and teardown of applications and the ability to supplement data center storage with cloud capacity on demand
· Hybrid cloud application migration to enable migration of existing applications from one environment to another
· DevOps and CI/CD automation to facilitate automated continuous application deployment to existing continuous delivery, with acceleration of the software development lifecycle using an integrated tool chain
Figure 1 VersaStack for Hybrid Cloud Solution Overview
Cisco and IBM have carefully validated and verified the VersaStack solution architecture and its many use cases while creating a portfolio of detailed documentation, information, and references to assist customers in transforming their data centers to this shared infrastructure model. This portfolio will include, but is not limited to the following items:
· Architectural design best practice
· Implementation and deployment instructions
· Technical specifications (rules for what is, and what is not, a VersaStack configuration)
· Cisco Validated Designs (CVDs) and IBM Redbooks focused on a variety of use cases
Cisco and IBM have also built a robust and experienced support team focused on VersaStack solutions. The team includes customer account and technical sales representatives as well as professional services and technical support engineers. The support alliance between IBM and Cisco provides customers and channel services partners direct access to technical experts who are involved in cross vendor collaboration and have access to shared lab resources to resolve potential multi-vendor issues.
The terms VersaStack Data Center and VersaStack Private Cloud have been used interchangeably within this document; both of these represent the VersaStack converged infrastructure on-premises within the solution.
IBM Bluemix and IBM Softlayer Public Cloud have been used interchangeably throughout this document. IBM Softlayer Cloud has been leveraged as the Public Cloud option for this solution and is currently under the IBM Bluemix brand name.
The VersaStack for Hybrid Cloud is comprised of the following design areas:
· Private Cloud: VersaStack with Cisco ACI and IBM SVC
· Hybrid Cloud Management System: Cisco CloudCenter
· Copy Data Management System: IBM Spectrum CDM
· Public Cloud: IBM Bluemix (formerly IBM SoftLayer®)
The technologies and solutions covered in each of these areas are outlined in the following sections.
VersaStack for Hybrid Cloud includes VersaStack Private Cloud connected to IBM Bluemix Public Cloud and add-on software components: Cisco CloudCenter and IBM Spectrum Copy Data Management Platform.
VersaStack Private Cloud architecture in the solution is comprised of the following infrastructure components for compute, network and storage:
· Cisco Unified Computing System (Cisco UCS)
· Cisco Nexus and Cisco MDS Switches
· IBM SAN Volume Controller, IBM FlashSystem and IBM Storwize family storage
These components are connected and configured according to the best practices of both Cisco and IBM; they provide an ideal platform for you to confidently run a variety of workloads. The reference architecture is detailed in the following two Design and Deployment Guides:
Design Guide:
Deployment Guide:
http://www.cisco.com/c/en/us/td/docs/unified_computing/ucs/UCS_CVDs/versastack_aci_svc_vmw6.html
The main components of the VersaStack Data Center are briefly introduced in this section and are not covered in detail in this document. For detailed information about these components and the design of the VersaStack Private Cloud, please refer to the Design and Deployment guides listed above.
Figure 2 VersaStack Private Cloud– Components
Cisco Unified Computing System is a next-generation solution for blade and rack server computing. The system integrates a low-latency; lossless 40 Gigabit Ethernet unified network fabric with enterprise-class, x86-architecture servers. The system is an integrated, scalable, multi-chassis platform in which all resources participate in a unified management domain. Cisco Unified Computing System accelerates the delivery of new services simply, reliably, and securely through end-to-end provisioning and migration support for both virtualized and non-virtualized systems.
Cisco UCS) fuses access layer networking and servers. This high-performance, next-generation server system provides a data center with a high degree of workload agility and scalability.
For detailed information on the Cisco Unified Computing System product line, see:
http://www.cisco.com/c/en/us/products/servers-unified-computing/index.html
The Cisco Nexus 9000 family of switches supports two modes of operation: NX-OS standalone mode and Application Centric Infrastructure (ACI) fabric mode. In standalone mode, the switch performs as a typical Cisco Nexus switch with increased port density, low latency and 40Gbps connectivity. In fabric mode, the administrator can take advantage of Cisco Application Centric Infrastructure (ACI).
The ACI switching architecture is presented in a leaf-and-spine topology where every leaf connects to every spine using 40G Ethernet interfaces. At a high-level, the Cisco ACI fabric consists of three major components:
· The Application Policy Infrastructure Controller (APIC)
· Spine switches
· Leaf switches
Cisco Nexus 9000-based VersaStack design with Cisco ACI consists of Cisco Nexus 9336 PQ based spine and Cisco 93180YC-EX based leaf switching architecture controlled using a cluster of three Application Policy Infrastructure Controllers (APICs).
For detailed information on the Cisco Nexus 9000 product line, see: http://www.cisco.com/c/en/us/products/switches/nexus-9000-series-switches/models-listing.html
The Cisco MDS 9396S 16G Multilayer Fabric Switch is the next generation of the highly reliable, flexible, and affordable Cisco MDS 9000 Family fabric switches. This powerful, compact, 2-rack-unit switch scales from 48 to 96 line-rate 16-Gbps Fibre Channel ports in 12 port increments. Cisco MDS 9396S is powered by Cisco NX-OS and delivers advanced storage networking features and functions with ease of management and compatibility with the entire Cisco MDS 9000 Family portfolio for reliable end-to-end connectivity. Cisco MDS 9396S provides up to 4095 buffer credits per group of 4 ports and supports some of the advanced functions such as Virtual SAN (VSAN), Inter-VSAN routing (IVR), port-channels and multipath load balancing and flow-based and zone-based QoS.
For more information, see: http://www.cisco.com/c/en/us/products/storage-networking/mds-9000-series-multilayer-switches/index.html
IBM SAN Volume Controller (SVC), is a combined hardware and software storage virtualization system with a single point of control for storage resources. SVC includes many functions traditionally deployed separately in disk systems and by including these in a virtualization system, SVC standardizes functions across virtualized storage for greater flexibility and potentially lower costs.
Built with IBM Spectrum Virtualize™ software—part of the IBM Spectrum Storage™ family—SVC helps organizations achieve better data economics by supporting the new workloads that are critical to company’s success. SVC systems can handle the massive volumes of data from mobile and social applications, enable rapid and flexible cloud services deployments, and deliver the performance and scalability needed to gain insights from the latest analytics technologies.
More SVC product information is available on the IBM SAN Volume Controller website: http://www-03.ibm.com/systems/storage/software/virtualization/svc/
The Cisco ASA Family of security devices protects corporate networks and data centers of all sizes. Cisco ASA delivers enterprise-class firewall capabilities for ASA devices in an array of form factors. ASA Software also integrates with other critical security technologies to deliver comprehensive solutions that meet continuously evolving security needs. Cisco ASA delivers high availability for high resiliency applications thereby meeting the unique requirements in the data center. Cisco ASA supports multiple contexts for a multi-tenant deployment. This Design guide uses Cisco ASA 5585 platform to provide firewall functionality.
VMware vCenter is the simplest and most efficient way to manage VMware vSphere hosts at scale. It provides unified management of all hosts and virtual machines from a single console and aggregates performance monitoring of clusters, hosts, and virtual machines. VMware vCenter Server gives administrators a deep insight into the status and configuration of compute clusters, hosts, virtual machines, storage, the guest OS, and other critical components of a virtual infrastructure. A single administrator can manage 100 or more virtualization environment workloads using VMware vCenter Server, more than doubling the typical productivity in managing physical infrastructure. VMware vCenter manages the rich set of features available in a VMware vSphere environment.
For more information, see: http://www.vmware.com/products/vcenter-server/overview.html
Cisco CloudCenter™ is an application-centric hybrid cloud management platform that securely provisions infrastructure resources and deploys applications across more than 20 data center, private cloud, and public cloud environments including VersaStack Private Cloud, with some shown in the Figure 3 below. Cisco CloudCenter also improves IT speed and agility, optimizing work for users, who can quickly and easily model, deploy, and manage applications on any environment. Cisco CloudCenter delivers IT control for administrators, who gain visibility and governance across boundaries of applications, clouds, and users.
Figure 3 Cisco CloudCenter supported sample Clouds
Cisco CloudCenter provides a single-platform solution with unique hybrid cloud technology that abstracts the application from the underlying cloud environment and helps ensure that the infrastructure adapts to meet the deployment and management needs of each application. With Cisco CloudCenter, IT organizations can start with one application in one cloud or manage multiple applications across multiple environments. It works with a simple virtual machine or with complex, multitier application stacks. With an application-centric management platform, enterprise IT organizations can pursue a range of powerful use cases such as on-demand hybrid IT as a service (ITaaS), automated DevOps and continuous delivery, capacity augmentation including bursting and high availability and disaster recovery, and permanent application migration.
What differentiates CloudCenter is its simple approach to application-centric multi-cloud management. The solution combines a cloud-agnostic application profile, which defines deployment and management requirements for the application stack, with a cloud-specific orchestrator, which deploys both the infrastructure and the application using the best practices for each environment.
Figure 4 Cisco CloudCenter Full-Lifecycle Management
Cisco CloudCenter offers single-click automated end-to-end provisioning of compute, storage, network and security, as well as deployment of your application stack components and data. Cisco CloudCenter enables its users to deploy to any of its supported environments, while not forcing applications to adapt to infrastructure.
Cisco CloudCenter provides organizations with the process and tools to build and manage a cloud-agnostic application profile. One profile can be used in any environment without modifying deployment scripts or changing application code. The application profile defines the deployment and management requirements for the application in five key areas:
· Application topology and dependencies
· Infrastructure resource and cloud service requirements
· Description of deployment artifacts, consisting of packages, binaries, scripts, and optional data
· Orchestration procedures needed to deploy, configure, and secure
· Run-time policies that guide ongoing management
Cisco CloudCenter enables organizations to migrate existing applications or on-board new applications to cloud infrastructures. In this phase, users deploy the application profile to the target deployment environment of their choice. Cisco CloudCenter helps its user to:
· Create a cloud management profile for any application
· Drag and drop the required tiers for each application
· Graphically view the topology for each application
· Isolate your application's requirements from the cloud dependencies
· Try out your application on multiple clouds
· Deploy new or existing applications (with or without data)
After applications are deployed, Cisco CloudCenter helps organizations to manage deployments and perform ongoing operations. Users can monitor the applications and use a range of lifecycle management actions, or specify automated responses using preconfigured policies. Unlike many cloud management platforms that are focused on managing infrastructure, Cisco CloudCenter application-centric management integrates the management of the application with management of the underlying cloud resources. Cisco CloudCenter helps you:
· Measure price, performance, and other factors to choose the best cloud for your application
· Perform cross-cloud release management tasks
· Manage the application's lifecycle management activities
· Implement policy-driven automation for each deployment
· Perform batch computing tasks
· Upgrade deployments
Cisco CloudCenter eases cloud governance by providing a single management platform with powerful administration and governance capabilities for data center, private cloud, and public cloud environments. Allows organizations to manage and administer multiple tenants (organizations) and multiple users (or groups of users).
Cisco CloudCenter meets the needs of the most demanding service providers and Enterprise IT organizations.
Benefits include the following:
· Model once
· Choose the best cloud execution environment
· Deploy anywhere
· Manage with runtime policies
· Unified administration and governance
· Tag-based governance
· Unmatched security
· Financial controls
· Customizable service library
· Application marketplace
IBM Spectrum Copy Data Management delivers the first “In Place” Copy Data Management platform, which works with IBM Spectrum Virtualize in VersaStack and drive operational efficiencies, cost savings and provides better leverage of your storage assets. In the modern IT environment, copies of production data can be more vital to the business than the production data itself. But with exponential copy data growth, and a mix of existing tools and scripts to manage these copies, IT is often unable to meet the commitments to the business that depend on this data.
The common factor across multiple IT use cases is gaining access to copies of data. How to best get this done can be considered the “copy data management challenge.” Typically, access to data (such as on an enterprise storage array) or systems that connect to data (such
as a virtual machine) require a lengthy request and provisioning process passed through gatekeepers in the IT organization. Data consumers can wait days or even weeks to get the data they request, which can limit their effectiveness.
IBM Spectrum Copy Data Management immediately delivers three key value areas by managing the full lifecycle of Copy Data. Spectrum CDM allows IT to manage, orchestrate and analyze Copy Data across the enterprise and cloud.
Catalog - The Catalog function discovers the assets in your environment to build a rich, meta-data catalog which you can search for numerous IT objects.
Automate - The Automate function brings automation and ease of operations to common IT tasks, using a policy-based model.
Transform - And finally, these features let you transform your IT environment by easily expanding into areas such as hybrid cloud and DevOps.
With this core functionality, IBM Spectrum Copy Data Management drives many use cases as shown in Figure 5. IBM Spectrum Copy Data Management allows IT to leverage application consistent data copies to drive use cases like enhanced protection and disaster recovery, automated Dev-Test, DevOps integration, and near real-time data access for Business Analytics. At the heart of the platform is an actionable catalog and a robust policy engine to manage and orchestrate the Copy Data environment and associated workflows. IBM Spectrum Copy Data Management has detailed and customizable reports along with an advanced query engine providing deep analysis as well as real-time and historical service-level reporting.
Figure 5 IBM Spectrum Copy Data Management
Copy Data Management technology addresses this challenge by bringing modern IT approaches – self- service, automation, APIs – to legacy systems, which is where the vast bulk of organizational data resides.
IBM Spectrum Copy Data Management is purpose-built to leverage the data copy services of existing IT infrastructure (storage array snapshot, replication and clone engines). IBM Spectrum Copy Data Management is delivered as a virtual appliance that can be deployed in 15 minutes and runs without agents to catalog the existing copy data environment (storage, VMs, applications). Once deployed, IBM Spectrum Copy Data Management allows the IT team to significantly improve its ability to deliver key functions, while dramatically reducing the cost of infrastructure and ongoing operations.
IBM Spectrum Copy Data Management delivers the orchestration and automation of tasks that are typically done today with complex and error-prone scripting, and/or rely on a hodgepodge of existing tools. With IBM Spectrum Copy Data Management, formerly complex workflows in the virtualization, application and storage environments can now be easily configured and run through a simple, template-based “point-and-click” interface or through API calls.
The following are the benefits of IBM Spectrum Copy Data Management:
· Automate the creation and use of copy data— snapshots, clones, and replicas – leveraging VersaStack storage infrastructure.
· Dramatically reduce time spent on infrastructure management while improving reliability.
· Modernize existing IT resources by providing automation, user self-service and API-based operations without the need for any additional hardware.
· Simplify management of critical IT functions such as data protection and disaster recovery.
· Automate test and development infrastructure provisioning, reducing management time as much as 99%.
· Drive new, high-value use cases such as leveraging hybrid cloud compute and rapid DevOps development.
· Catalog and track IT objects: databases, virtual machines, volumes, snapshots, datastores, files, etc.
· Deliver advanced insights into copy data environments across the enterprise, including protection RPO/RTO compliance reporting.
IBM® Bluemix® is IBM's innovative cloud computing platform that combines platform as a service (PaaS) with infrastructure as a service (IaaS). Additionally, Bluemix has a rich catalog of cloud services that can be easily integrated with PaaS and IaaS to build business applications rapidly.
Bluemix has cloud deployments that fit your needs whether you are a small business that plans to scale, or a large enterprise that requires additional isolation. You can develop in a cloud without borders, where you can connect your private services to the public Bluemix services available from IBM. You and your team can access the apps, services, and infrastructure in Bluemix and use existing data, systems, processes, PaaS tools, and IaaS tools. Developers can tap into the rapidly growing ecosystem of available services and runtime frameworks to build applications using polyglot programming approaches.
You can take an idea from inception, to a development sandbox, to a globally distributed production environment with compute and storage infrastructure, open source platform services and containers, and software services and tools from IBM, Watson, and more. Beyond the capabilities of the platform itself, IBM® Bluemix® also provides flexible deployment. Provision IBM® Bluemix® resources on-premises, in dedicated private cloud environments, or in the public cloud, and manage the resources from all three types of environments in a single dashboard.
All IBM cloud resources that are deployed in public and dedicated environments are hosted from your choice of IBM® Cloud Data Center locations around the world. IBM Cloud Data Centers provide regional redundancy, a global network backbone connecting all data centers and points of presence, and stringent security controls and reporting. Through IBM Cloud Data Centers, IBM can meet your most demanding expansion, security, compliance, and data residency needs.
Cisco Prime™ Service Catalog is an optional component in the solution, it offers essential user interface for organizations using automation to deliver data center and application services. It turns multi-level solutions into a set of standard services that can be ordered and delivered on-demand. Users simply access a menu of services they are entitled to receive and place their orders, which sets the automated delivery processes in motion. The combination of self-service ordering, standardized service options, and automation increases efficiency for everyone.
Cisco Prime Service Catalog supports a wide range of services, including data center IT, cloud applications, platform applications, and business services such as BYOD or device services. Cisco Prime Service Catalog is a key component of Service Management package of the Cisco ONE Enterprise Cloud Suite, the solution for a software defined data center.
Cisco Prime Service Catalog provides out-of-box integration with Cisco CloudCenter to offer a user-friendly IT service storefront for applications as a service.
Figure 6 Cisco CloudCenter and Cisco Prime Services Catalog Integration
The VersaStack for Hybrid Cloud architecture is built as an extension of the VersaStack Private Data Center or cloud to the IBM Bluemix Public Cloud. The VersaStack private cloud architecture is the main building block with in this solution and is based on the “VersaStack for Data Center with Cisco Application Centric Infrastructure and IBM SAN Volume Controller” Design Guides.
Figure 7 VersaStack Private Datacenter Architecture
The VersaStack Private Cloud design is not discussed in this document but can be found here:
http://www.cisco.com/c/en/us/td/docs/unified_computing/ucs/UCS_CVDs/versastack_aci_svc_vmw6.html
The Solution Design includes two main sections:
· VersaStack for Hybrid Cloud with Cisco CloudCenter; which includes Cisco CloudCenter with On-prem VersaStack Private Cloud and IBM Bluemix Public cloud.
· VersaStack Application Protection and Recovery; which includes Cisco CloudCenter and IBM Spectrum Copy Data Management with VersaStack Private Cloud.
This section describes the reference architecture of VersaStack for Hybrid Cloud with VersaStack Data Center, IBM Bluemix Cloud, and Cisco CloudCenter. Enterprise IT organizations can offer self-service on-demand application services, including IBM Bluemix deployments starting with a simple virtual machine, or more complex enterprise or cloud-native applications using Cisco CloudCenter. You can automate DevOps processes and continuous deployment or augment data center capacity. You can also use the solution as an IT-as-a-service (ITaaS) platform and broker both data center and cloud service delivery options.
This design targets a specific e-commerce (OpenCart) application in the Hybrid Cloud to provide an application development for production and test environments and is validated On-premise with VersaStack and Off-premises at IBM Bluemix Cloud.
Figure 8 shows the physical topology of the VersaStack for Hybrid Cloud Solution, it consists of two environments: an on-premise VersaStack Data Center and off-premises Bluemix Public Cloud. Both environments are connected via IPSec VPN link across the Internet.
Figure 8 VersaStack for Hybrid Cloud Physical Topology
The VersaStack Data Center includes an ASA55xx firewall running a site-to-site VPN tunnel to an edge gateway at the IBM Bluemix Cloud. This network layer is used to support communication between on-prem and off-prem environments. The Cisco CloudCenter shown at the top of the architecture in Figure 8 provides single pane of glass for the Multi-Cloud management. CloudCenter users can create and deploy an application profile to the target data center or cloud environment. The cloud-specific, multitenant orchestrator shown above runs at the target environment and natively deploys the application profile in a way that optimizes security, increases application performance, and maintains application portability. By using cloud-specific orchestrators, Cisco CloudCenter can abstract away the specifics of the configuration and as a result users get the ability to provide their requirements and select the application profiles and get fully configured and deployed applications within minutes in any environment on-prem or off-prem.
Network connectivity between VersaStack Data Center and IBM Bluemix Cloud is typically achieved in one of two ways: a direct link connection to the IBM Bluemix Cloud, or an Internet-based routing to an IBM Bluemix hosted environment.
The Network connectivity tested for this solution is Internet based and has a site-to-site IPSec VPN Tunnel established for communication across the locations. The main purpose of this site-to-site VPN Tunnel is to enable communication between the management components deployed across the locations.
For customers who need data transfer between the locations need to have an IBM Bluemix account with Custom Private Addressing (CPA) enabled. For the validation of this solution we have used the default IBM Bluemix account and we are limited to management communication traffic only across the Private and Public Clouds.
For details about the CPA account, see: http://www.softlayer.com/custom-private-addressing
To establish a VPN tunnel, order IPSEC VPN from the Bluemix Portal by selecting the Bluemix Data Center Location that you want to use for the applications deployment. After the order request is processed, configure the IPSec tunnel by using the Internal peer address of the Bluemix VPN end point and the remote peer address of the ASA firewall.
The following IPsec configuration displays the sample parameters required:
Your Peer Address: x.x.x.x
NetworkLayer Peer Address: x.x.x.x
Preshared Key: password
Phase 1 Encryption: AES128
Phase 1 Authentication: SHA1
Phase 1 Diffie-Hellman Group: 2
Phase 1 Keylife: 14400
Phase 2 Encryption: AES128
Phase 2 Authentication: SHA1
Phase 2 Perfect Forward Secrecy (PFS): Yes
Phase 2 Diffie-Hellman Group: 2
Phase 2 Keylife: 3600
Your Subnets: 192.168.163.0/24, (sample customer on-premises private IP subnets)
NetworkLayer Subnets: 10.173.142.80/28, 10.142.244.192/26, 10.142.87.192/26, 10.0.80.0/25 (sample private IP subnets in the public cloud)
The ASA55xx firewall on-prem needs to be configured with matching parameters and by specifying the local and remote subnets for communication, which brings up the IPSec Tunnel.
Figure 9 VersaStack for Hybrid Cloud VPN Connectivity
IBM Bluemix offers VPN access designed to allow users to remotely manage all servers and services associated with their account over the private network. A VPN connection to the private network allows for unlimited file transfers, out-of-band management and server rescue through an encrypted VPN tunnel. Communicating using the private network is inherently more secure and gives users the flexibility to limit public access while still being able to access their servers. Any user on a customer's account can be given VPN access, which is available as both SSL and PPTP. VPN interactions through the Bluemix Customer Portal allow for VPN access customization at the user level. This access takes you directly to your private network so that you can access and manage your server infrastructure independently of the operating system.
With VPN access customers can:
· Establish a VPN connection to the private network via SSL, PPTP or IPSec
· Access your server via its private 10.x.x.x IP address via SSH or RDP
· Connect to your server’s IPMI IP address for additional server management or rescue needs
IBM Bluemix Direct Link allows you to connect your VersaStack on-premises infrastructure directly to the IBM Bluemix private network with Direct Link. Physical connections are available in IBM Bluemix network points of presence around the world. IBM Bluemix network engineers will work with you and your network service provider, cloud exchange provider, or colocation provider to cross-connect your router to routers at cloud. IBM Bluemix can enable a private and secure 1Gbps or 10Gbps connection to your IBM Bluemix servers across the private network.
This means that no traffic across your Direct Link and between your servers touches the public network or otherwise interferes with your public network traffic. This VersaStack for Hybrid Cloud design does not include direct link connectivity and this can be a network connectivity option within the solution based on the customer's needs.
For more information on Direct Link connectivity, see:
https://www.ibm.com/cloud-computing/bluemix/direct-link
The IBM Bluemix network integrates three distinct and redundant network architectures into a network-within-a-network topology. Every virtual server is connected to public, private, and out-of-band management networks, as Figure 10 illustrates.
Figure 10 IBM Bluemix Network Segmentation
In this architecture, IBM Bluemix-specific, triple-network architecture, interfaces are dedicated to different usage purposes, providing for varying levels of security:
· Public network handles public traffic to hosted websites or online resources. Customers may choose to order servers with no public network connectivity, meaning that they are provisioned without a Public IP address and are not Internet routable.
· Private network provides free, secure connectivity between servers housed in any IBM Bluemix facilities. Bandwidth between servers on the private network is unmetered and free, so you can move data from one server to another in any of IBM Bluemix’s data centers quickly and easily over the private network.
· Management network allows for true out-of-band management through a distinct, stand-alone third network. This allows both IBM Bluemix automation and customer management to be separated from the inter-server traffic on the private network cables.
IBM Bluemix assigns each account to an IP address subnet (a range of IP addresses) and then assigns that subnet to a VLAN. Because of IBM Bluemix’s private/public network separation, every (public-facing) server is assigned to two VLANs: a public VLAN and a private VLAN. If a customer is ordered without public connectivity, it is not assigned a public IP address and thus is not added to the customer’s public VLAN. When a customer is assigned multiple private VLANs, such as if their workload spans multiple data centers, VLAN spanning must be turned on to allow servers on the separate VLANs to talk to each other.
This section provides an overview to the Cisco CloudCenter software components, main architectural features and setup details for the solution. Figure 11 shows the primary software components of the solution: Cisco CloudCenter Manager and Cisco CloudCenter Orchestrator. The solution also offers various other architectural features such as application profile that give Cisco CloudCenter customers a significant advantage when implementing their cloud strategies.
Figure 11 Cisco CloudCenter Architecture
Cisco CloudCenter Manager serves as the primary interface for users and administrators. Only one manager is required for VersaStack for Hybrid Cloud Solution, and the manager can be used with multiple fully or partially isolated tenants as needed. A manager is linked to one or many orchestrators and can simultaneously support thousands of applications. Additional managers can be added to meet disaster-recovery or high-availability requirements. For a traditional on-premises configuration, the manager is delivered as a preinstalled virtual appliance. VersaStack for Hybrid Cloud solution design includes CloudCenter Manager deployed on-premises on the VersaStack infrastructure. With the other option, the multitenant SaaS version of the manager can be linked to customer-installed orchestrators. The manager includes user functions for modeling, deploying, and managing applications, and administrator functions that deliver visibility and control that spans the boundaries of applications, users, and clouds. Cisco CloudCenter users and administrators access the manager through a web browser user interface, command-line interface (CLI), or representational state transfer (REST) API.
Figure 12 Cisco CloudCenter manager Portal
The application profile, a critical feature of the unique Cisco CloudCenter hybrid cloud management solution, is a cloud-independent and portable model that defines each application’s deployment and management requirements. Each application profile combines infrastructure automation and application automation layers in a single deployable blueprint. With an application profile, one Cisco CloudCenter platform can be used to deploy and manage any modeled application in VersaStack Private Cloud or IBM Bluemix Public Cloud environment. The solution’s cloud-independent application profile coupled with its cloud-specific orchestrator abstracts the application from the cloud, interprets the needs of the application, and translates these needs to cloud-specific services and APIs. It thus eliminates the need for cloud-specific scripting and cloud lock-in. OpenCart application profile has been used for the validation of this solution.
Each application profile is an XML and JavaScript Object Notation (JSON) metadata description that includes:
· Descriptions of application topology and dependencies
· Infrastructure resource and cloud service requirements
· Descriptions of deployment artifacts, including packages, binaries, scripts, and, optionally, data
· Orchestration procedures needed to deploy, configure, and secure all application components
· Run-time policies that guide ongoing management
Figure 13 Cisco CloudCenter Application Profile
Cisco CloudCenter Orchestrator is a patented technology that decouples applications from underlying infrastructure and hides the complexity of underlying cloud resources. One orchestrator is deployed locally in each VersaStack datacenter or private cloud, and IBM Bluemix public cloud regions and orchestrates the initial deployment of the application profile and all ongoing management requests that come from Cisco CloudCenter Manager. The orchestrator receives information and instructions from the manager, including application profiles, runtime policies, and application lifecycle management commands such as deploy, start, stop, and remove. The orchestrator runs those commands and sends a status update back to the manager.
Figure 14 illustrates the orchestrator workflow to deploy and manage applications at the target cloud.
Figure 14 Cisco CloudCenter Orchestrator Workflow
1. CloudCenter Manager sends Profile to CloudCenter Orchestrator that is running on the target cloud (VersaStack or IBM Bluemix), and Orchestrator performs the following tasks:
2. Provisions and configures cloud infrastructure and services (compute, storage, networking) as defined by the application profile.
3. Launches VMs and mounts storage to each VM
4. Installs the CloudCenter agent in each VM.
5. Links to the appropriate artifact repository to access application-specific packages, data, and scripts and optionally data.
6. Deploys each application component (different tiers in a multitier application) and orchestrates application services in the proper order as specified by the application profile topology.
7. Applies appropriate security policies to configure port settings and firewall rules at the application level and individual tier level.
The CloudCenter platform features Advanced Message Queuing Protocol (AMQP) based communication between the CCO and the Agent VM. The CloudCenter platform incorporates RabbitMQ as the open source message broker for AMQP implementation.
The CloudCenter platform uses a Guacamole server to enable web based SSH/VNC/RDP to application VMs launched during the application lifecycle process. The Guacamole component is embedded, by default, in the AMQP server.
In this design, an AMQP/Guacamole server is required for each cloud, including private cloud.
The bundle store hosts agent bundles and service bundles and is used by the application VMs to bootstrap, install, and start the agent on the application VM (worker). A bundle store can also be installed locally for a CloudCenter deployment. In the current VersaStack for Hybrid Cloud design, an Internet connection is required so that the application VM can reach the default bundle store on CDN (cdn.cliqr.com).
The package store is a repository that contains binaries for all third-party application services (out-of-box services) as well as binaries for several components required for the CloudCenter installation itself. The default package store is hosted at repo.cliqrtech.com and the current design requires CloudCenter components and VMs Internet access to use the default package store. Customers can also choose to install a local package store and register it with the CCO.
CloudCenter installations require installation of a management agent in the application VMs. Cisco provides Base OS images with the management agent already installed for a number of operating systems and on a number of Public and Private clouds. A complete list of the supported Base OS Images can be found at:
http://docs.cloudcenter.cisco.com/display/CCD46/Base+OS+Images
For some clouds (e.g. IBM Bluemix) where a Base OS image is not provided, the CloudCenter management agent can be dynamically installed on the VMs at the launch time. The list of clouds and images supporting dynamic bootstrapping can be found at:
http://docs.cloudcenter.cisco.com/display/CCD46/Dynamic+Bootstrapping+Support
Customers can choose to create their own private images for various clouds to customize the Base OS Image.
Cisco CloudCenter offers various multitenant models to support typical enterprise IT hybrid-cloud use cases, as shown in Figure 15. These models give IT architects and administrators a range of options, from simple to complex, for configuring and controlling isolation and sharing within or between groups of users.
· Full isolation: With Cisco CloudCenter, each tenant can be fully isolated from other peer tenants. In this way, two completely independent business units can use a single Cisco CloudCenter instance while strictly separating tenants.
· Flexible sharing: Cisco CloudCenter facilitates sharing within each tenant. Powerful features for sharing application profiles, application services, deployment environments, and more multiply the speed and agility benefits of an application-defined management solution.
· Partial isolation: Cisco CloudCenter offers an option for partial isolation between parent and child tenants. In some cases, a central IT organization may offer shared services, delivered either on the premises or through cloud service provider, that are consumed by various business units that are otherwise independent. For otherwise independent IT departments, the central IT organization may want to enforce OS image standards, require use of specific artifact repositories, or require a common rules-based governance framework.
Figure 15 Cisco CloudCenter Multi-Tenancy
The CloudCenter components are deployed in the form of Virtual machines with CloudCenter software installed or as preinstalled virtual appliances.
A Cloud Region refers to single public cloud region, private virtualized datacenter, or private cloud supported by CloudCenter. Each cloud region is identified in the CCM UI when you configure clouds. For every cloud region that needs to be managed by the CloudCenter platform, you must install, setup, and configure the following CloudCenter components. In this solution we have two cloud regions: VersaStack Data Center and the IBM Bluemix Cloud.
Table 1 lists the deployment location and VM requirements for various CloudCenter components used in the VersaStack for Hybrid Cloud design.
Table 1 Component Requirements
Component |
Per Cloud Region |
Deployment Mode |
VM Requirement |
Deployment Location |
CCM |
No |
Appliance |
2 CPU, 4GB memory, 50GB storage* |
VersaStack |
CCO |
Yes |
Appliance for VMware Manual installation for IBM Bluemix |
2 CPU, 4GB memory, 50GB storage* |
VersaStack, IBM Bluemix |
AMQP/Guacamole |
Yes |
Appliance for VMware Manual installation for IBM Bluemix |
2 CPU, 4GB memory, 50GB storage* |
VersaStack, IBM Bluemix |
Base OS Image |
Yes |
Customized Image created in each cloud |
CentOS 6; Minimum CPU and Memory instances selected for solution validation |
VersaStack, IBM Bluemix |
* VMware appliances auto-select the VM size. The recommended VM size is based on less than 500 application VMs. For complete sizing details, see: http://docs.cloudcenter.cisco.com/display/CCD46/Phase+1%3A+Prepare+Infrastructure
Figure 16 shows the various CloudCenter Components deployed across the two Cloud regions: VersaStack Private Cloud and the IBM Bluemix Cloud. Some of the components shown are optional and can be deployed based on the customers need.
Figure 16 also shows the minimal port requirements for inter-component communication. Production environments typically are secured by only allowing communication through the specified ports for security reasons.
For detailed information about the CloudCenter components and deployment requirements along with installation procedures, refer to the CloudCenter documentation: http://docs.cloudcenter.cisco.com/display/CCD46/d.+Version+4.6+and+4.7+Home
Figure 16 Cisco CloudCenter Components and network requirements
As shown in Table 1, in the VersaStack for Hybrid Cloud design, CCM, CCO and AMQP servers are deployed in the VersaStack with ACI based private cloud. These three appliances are downloaded from cisco.com and deployed in the management cluster within the VersaStack environment. For deployment details for these components, refer to: http://docs.cloudcenter.cisco.com/display/CCD46/VMware+Appliance+Setup.
These components can to be added to DNS and should be setup with Internet access to be able to reach the CloudCenter repositories for upgrade and maintenance. CCM, in particular, needs to be able to reach CCOs running in public clouds and be able to communicate on port 443 and port 8443. Additionally, the application VMs also need access to the CloudCenter components using both IP and DNS information.
After the components are deployed add the VMware based VersaStack Private cloud in CCM using the VersaStack vCenter Credentials and add the Orchestrator deployed on VersaStack.
Figure 17 VersaStack for Hybrid Cloud – Private Cloud
To add VMware vCenter based private cloud as an application deployment environment, a VMware datacenter and cluster needs to be identified. Figure 18 shows the corresponding CloudCenter configuration for application deployment on the VersaStack private cloud.
Figure 18 CloudCenter VMware Cloud Deployment Information
For detailed information about setting up the VMware based cloud, see: http://docs.cloudcenter.cisco.com/pages/viewpage.action?pageId=5540210.
In a VMware environment, the base OS image is a VM Snapshot. The VM is created for each base operating system and is referenced using its snapshot name. For the OpenCart application deployment, the base image used is the CentOS6 image. A VM called CentOS is created and a snapshot named Snap1 is created.
Figure 19 shows the VM template to Base OS image mapping in the CloudCenter.
Figure 19 CloudCenter - VMware Image Mapping
To successfully integrate an IBM Bluemix account with Cisco CloudCenter and to be able to deploy applications in Bluemix Cloud, CCO and AMQP need to be deployed in the customer Bluemix account.
Cisco does not provide the CCO and AMQP appliances for IBM Bluemix deployments that mean customers need to proceed with manual installation procedure to deploy these two components. http://docs.cloudcenter.cisco.com/display/CCD46/Installation+Approach covers the manual installation procedures for the various clouds.
After CCO and AMQP are successfully deployed and configured according to the URL above, an IBM Bluemix (Softlayer) Cloud can be added to CCM. For detailed information, see:
http://docs.cloudcenter.cisco.com/pages/viewpage.action?pageId=5540210
Figure 20 VersaStack for Hybrid Cloud – Public Cloud
When the IBM Bluemix cloud is added to CloudCenter, all the available instance types become available and customers can make one or more instance types available to end users for application deployments.
Figure 21 CloudCenter – IBM Bluemix Instance Types
During Bluemix environment setup, various base OS images are automatically populated in the CCM, mapping of appropriate images has to be done manually. For the OpenCart application deployment, the CentOS6 base image is used. A custom image is created and mapped for application usage.
Figure 22 CloudCenter - Bluemix Image Mapping
To demonstrate the applicability of Cisco CloudCenter, OpenCart application has been modeled and deployed across VersaStack Private and IBM Bluemix Public clouds. OpenCart is an open-source e-commerce application with online store management system.
OpenCart application is designed with the Apache web server and PHP web scripting language and uses the MySQL database server to store data. Although OpenCart can be installed on any web server that has PHP installed and has access to a database server, a typical installation includes the following:
Catalog Frontend and Database Backend
· CentOS 6 with Apache and PHP (frontend)
· CentOS 6 with MySQL database (backend)
Figure 23 OpenCart E-Business Application
CloudCenter Application Profiles are templates or blueprints that can be used to describe how applications should be deployed, configured, and managed in a cloud environment.
Application Modeling is the process of capturing all images, scripts, and other dependencies required to fully deploy an existing, working application and build them into a model that you can configure using the CloudCenter platform.
The CloudCenter platform application models are composed of services. If the VM deployment is required for the service, then it can be mapped to a logical VM image. The logical VM images are in turn mapped to real images on a per-cloud basis. The procedure for mapping the images has been covered in the Base OS image sections of this document above.
The OpenCart binaries and scripts have been stored in the Artifact repository, which is made available from both of the Cloud Environments. Use the Artifact Repository to attach your own external repository to store and access your files for application deployments. CloudCenter provides a Repositories tab in the CCM UI for this purpose.
With your images and Artifact repository in place, you can start setting up services. Services have an associated lifecycle framework that calls different commands at different points in the service's lifecycle.
Figure 24 CloudCenter Artifact Repository
The OpenCart application can be modeled or imported in to the CloudCenter. The modeler, shown in Figure 25, is a graphical drag-and-drop interface on which an engineer or architect models the application stack and related dependencies. The model approach is best for users who have detailed knowledge of the application.
The import approach is best for users who do not have detailed knowledge of the application and related components. The OpenCart application profile used for validating the solution has been imported to the Cisco CloudCenter manager. The intent of this guide is not to detail the process of modeling applications and the modeling process requires knowledge of applications and may need assistance from Cisco services based on specific applications.
Figure 25 CloudCenter Application Modeler
Choose your best deployment environment based on price and performance. As previously stated, the Cisco CloudCenter solution includes a logical construct called the deployment environment that simplifies management of multiple users accessing a single cloud billing account for multiple purposes. There are two deployment environments created, one for VersaStack datacenter and one for the IBM Bluemix Public Cloud with shared access and linked to a single cloud account that is reserved for a specific use such as development or production. With deployment environments, the admin team can easily identify the appropriate target environment for each application and maintain cost and usage accounting.
To deploy OpenCart application, access the OpenCart application profile from the CloudCenter manager UI and choose the deployment environment, the target cloud to deploy the application. Based on the application definition, CloudCenter automatically filters out clouds that do not meet the requirements of the OpenCart application definition requirements.
Figure 26 Deploy OpenCart Application
After the application is deployed in the cloud, users can click Access<app name> to open the IP address where the application is hosted and can access the application.
There are many ways to make production data available in the cloud when application instances are deployed in the IBM Bluemix cloud. When an OpenCart application instance is deployed in the public cloud that the customers want to utilize for testing purposes, it is extremely beneficial to have the production data also available to the application which provides the test users identical environment to production.
Within this solution validation we have leveraged basic OS utility “rsync” to replicate production data from VersaStack private cloud OpenCart instance to the instance deployed at the IBM Bluemix cloud. Customers can leverage any utility such as backup and restore of databases for example to make the production data available in the public cloud.
There are different approaches available for data migration and replication for specific applications; customers should work with the Cisco services to identify the best approach for data availability in the public cloud.
CloudCenter and Cisco ACI are application-centric platforms, which integrate seamlessly for application delivery. Because CloudCenter is tightly integrated with the APIC, the network and security requirements are easily satisfied during the execution phase. When an application is deployed by CloudCenter into an ACI fabric, the conventional APIC objects and policies are dynamically created and applied to the respective virtual machines.
For setting up the private cloud as a deployment environment, a dedicated ACI tenant named App-A is created to host all the application instances. The application tenant creation is covered in detail in the VersaStack with ACI design guide: http://www.cisco.com/c/en/us/td/docs/unified_computing/ucs/UCS_CVDs/versastack_aci_svc_vmw6_design.html
To successfully deploy an application, the following requirements need to be met:
1. An application profile and EPGs need to be pre-provisioned
2. A DHCP server needs to be setup to assign IP addresses to the VMs
3. The DNS server should be able to resolve the IP addresses for the CloudCenter components
4. An L3-Out or Shared L3-Out needs to be setup and VMs should be able to access Internet
The VersaStack for Hybrid Cloud design needs an EPG to be provisioned for deploying OpenCart application. All the contracts to allow communication to the storage system as well as to utilize L3-Out for accessing Internet also needed to be pre-configured. One shortcoming of this design is that all new Dev/Test instances will be deployed in the same EPG and will not be isolated from each other at the network layer. Integrating CloudCenter with ACI overcomes this limitation. CloudCenter offers various deployment models for an ACI-enabled private cloud. For the details of various design options, see: http://docs.cloudcenter.cisco.com/display/CCD46/ACI .
Figure 27 Cisco CloudCenter and Cisco ACI Integration
This section describes the reference architecture of data protection for the applications deployed on VersaStack using IBM Spectrum Copy Data Management.
Figure 28 shows the physical topology of the VersaStack running enterprise applications like Oracle, MS-SQL, EPIC, SAP-HANA on VMware virtual environment. The setup consists of two datacenters with VersaStack. Both these environments are connected over the WAN via any connectivity the enterprises have, the example shown below is via VPN link across the Internet.
Figure 28 VersaStack Application Protection
IBM Spectrum Copy Data Management delivers a robust in-place copy data management platform, giving IT a single enterprise-wide system that replaces the complicated set of products, tools and scripts that are collectively used today. IBM Spectrum Copy Data Management is a software-only solution that installs as a virtual machine, requires no agents and deploys within 15 minutes. IBM Spectrum Copy Data Management automated workflows allow clients to streamline Copy Data management operations.
IBM Spectrum Copy Data Management catalogs all of the production databases hosted on VersaStack. This allows users to orchestrate, analyze, search, and report on all the data and to take full advantage of the data assets. By cataloging and managing all tiers of array-based snapshots and database objects, with an intuitive point-and-click interface, clients can automate and orchestrate application aware snapshots and instantly use them for data protection, test-dev, disaster recovery and analytics operations. Additionally, the power of IBM Spectrum Virtualize FlashCopy ensures that the tasks are completed in seconds without losing any drop in performance.
The orchestration and automation in IBM Spectrum Copy Data Management copy data management solution involves two operations, Backup Jobs and Restore Jobs. Figure 29 shows the orchestration workflow in detail.
The Backup jobs enable application consistent in-place snapshots and array based replications. The first step in backup job is the injection of a lightweight agent into the servers running the database instances. The next step is to identify the mappings between the databases and the underlying storage volumes. Then the database is placed in a hot backup mode temporarily and a FlashCopy is created on the VersaStack Storage array. The application is then taken out of hot backup mode and the lightweight agent is removed. Additional options, like log backup, RMAN catalog (for Oracle), data masking, scripting, etc. can be added to the workflow. Templates can be customized with storage workflows feature. Storage workflows define the operations performed on the storage array driven by API calls from IBM Spectrum Copy Data Management. Templates for Storage arrays include in-place FlashCopy, Global Mirror with Changed volumes, storage quotas, etc. Replication relationships and target storage provisioning are automatically created.
Restore jobs leverage these copies of production data and make them available instantly for multitude of use-cases including disaster recovery, dev-test automation and improved DevOps. Restore jobs can be created for individual databases or multiple databases and assigned to end users based on Roles Based Access Control (RBAC).
Figure 29 IBM Spectrum Copy Data Management Orchestration Workflow
This section describes a workflow to deploy applications on VersaStack for test and development automation. Cisco CloudCenter and IBM Spectrum Copy data management work closely to automate the deployment of test or development environments instantly. Cisco CloudCenter can provision application profiles and deploy virtual machines templates that include the applications instances. Through a simple script driven policy Cisco CloudCenter can leverage the near-production copies of the data cataloged in IBM Spectrum Copy Data Management to orchestrate the provisioning of data volumes to these virtual machines. The combination of Cisco CloudCenter and IBM Spectrum Copy Data Management provides a powerful test/dev automation that not only creates the appropriate application profiles instantly but also enables developers and QA engineers to perform their jobs more efficiently.
When the Application instance has been created using Cisco CloudCenter Application profile, the data can be mounted manually using IBM Spectrum CDM GUI or optionally through simple scripts that call IBM Spectrum CDM orchestration engine. The automated workflow is as follows:
1. Cisco CloudCenter deploys the requested Application Profile in VersaStack.
2. Cisco CloudCenter passes the information of the VM like hostname or IP address to register it in IBM Spectrum Copy Data Management.
3. When the Application server is registered, Cisco CloudCenter will run a scripts and request to restore the data volumes of a particular database or just mount a specific file system volume.
4. The script searches for the database name and/or File system name and automatically create a Restore job in Spectrum Copy Data Management.
5. The job leverages the latest FlashCopy of the production database and mount it to the Application server that was deployed using Cloud CloudCenter Deployed application template.
Table 2 lists the hardware and software versions used for the solution validation. It is important to note that Cisco, IBM, and VMware have interoperability matrices that should be referenced to determine support for any specific implementation of VersaStack. See the following links for more information:
· IBM System Storage Interoperation Center
· Cisco UCS Hardware and Software Interoperability Tool
Table 2 Hardware and Software Revisions Validated
Layer |
Device |
Image |
Comments |
Compute |
Cisco UCS Fabric Interconnects 6200 Series, Cisco UCS B-200 M4, Cisco UCS C-220 M4 |
3.1(2b) |
Includes the Cisco UCS-IOM 2208XP, Cisco UCS Manager, and Cisco UCS VIC 1340 |
Cisco ESXi enic |
2.3.0.10 |
Ethernet driver for Cisco VIC |
|
Cisco ESXi fnic Driver |
1.6.0.28 |
FCoE driver for Cisco VIC |
|
Network |
Cisco Nexus Switches |
12.0(2h) |
iNXOS |
Cisco APIC |
2.0(2h) |
ACI release |
|
Cisco MDS 9396S |
7.3(0)D1(1) |
FC switch firmware version |
|
Storage |
IBM SVC |
7.7.1.3 |
Software version |
IBM FlashSystem 900 |
1.4.5.0 |
Software version |
|
IBM Storwize V5030 |
7.7.1.3 |
Software version |
|
Software |
VMware vSphere ESXi |
6.0 update 2 |
Software version |
VMware vCenter |
6.0 update 2 |
Software version |
|
Cisco AVS |
5.2(1)SV3(2.2) |
Software version |
|
|
CloudCenter |
4.7.3 |
Software version |
|
IBM Spectrum Copy Data Management |
2.2.6 |
Software version |
Deploying OpenCart application in a multi-cloud environment validated the VersaStack for Hybrid Cloud solution. The system was validated for successful application deployment across the clouds and data protection and availability for VersaStack On-premises. The types of tests executed on the system are as follows:
· Secure communication across the VersaStack to IBM Bluemix VPN tunnel
· Application deployment using Cisco CloudCenter
· Application security and access using ACI contracts
· Application deployment on VersaStack Private Cloud with data protection and management using IBM Spectrum Copy Data Management
· Application deployment using Cisco CloudCenter
· Production data replication to application instance running in Cloud
Hybrid Cloud and Converged Infrastructure are currently two of the most effective and active IT solution domains in the marketplace. Global IT industry leaders, IBM and Cisco, have responded to this skyrocketing customer demand by offering VersaStack for Hybrid Cloud. A Hybrid Cloud model gives organizations the flexibility to leverage the right blend of public and private cloud services, while addressing the availability, performance, and security challenges.
VersaStack for Hybrid Cloud from IBM and Cisco delivers a validated design that combines the advantages of converged infrastructure and hybrid cloud into one new solution. This new VersaStack solution allows customers to utilize resources in the public cloud based on the organization workload deployment policies or when the workload demand exceeds the available resources in the Datacenter. This new VersaStack solution also allows customers automate the creation and use of copy data on existing storage infrastructure within VersaStack environments, such as snapshots, vaults, clones and replicas for various application needs.
Cisco Unified Computing System:
http://www.cisco.com/en/US/products/ps10265/index.html
Cisco UCS 6200 Series Fabric Interconnects:
http://www.cisco.com/en/US/products/ps11544/index.html
Cisco UCS 5100 Series Blade Server Chassis:
http://www.cisco.com/en/US/products/ps10279/index.html
Cisco UCS B-Series Blade Servers:
Cisco UCS C-Series Rack Servers:
http://www.cisco.com/c/en/us/products/servers-unified-computing/ucs-c-series-rack-servers/index.html
Cisco UCS Adapters:
http://www.cisco.com/en/US/products/ps10277/prod_module_series_home.html
Cisco UCS Manager:
http://www.cisco.com/en/US/products/ps10281/index.html
Cisco Nexus 9000 Series Switches:
Cisco Application Centric Infrastructure:
VMware vCenter Server:
http://www.vmware.com/products/vcenter-server/overview.html
VMware vSphere:
https://www.vmware.com/tryvmware_tpl/vsphere-55_evalcenter.html
IBM SAN Volume Controller
http://www-03.ibm.com/systems/storage/software/virtualization/svc/
IBM FlashSystem 900:
http://www-03.ibm.com/systems/storage/flash/900/
IBM Storwize V5000:
http://www-03.ibm.com/systems/storage/disk/storwize_v5000/overview.html
Cisco CloudCenter
http://www.cisco.com/c/en/us/products/cloud-systems-management/cloudcenter/index.html
IBM Spectrum Copy Data Management
https://www.ibm.com/us-en/marketplace/spectrum-copy-data-management
IBM Bluemix
https://www.ibm.com/cloud-computing/bluemix/
Cisco UCS Hardware Compatibility Matrix:
VMware and Cisco Unified Computing System:
http://www.vmware.com/resources/compatibility
IBM System Storage Interoperation Center:
http://www-03.ibm.com/systems/support/storage/ssic/interoperability.wss
Sreenivasa Edula, Technical Marketing Engineer, Cisco UCS Data Center Solutions Engineering, Cisco Systems, Inc.
Sreeni has over 18 years of experience in Information Systems with expertise across the Cisco Data Center technology portfolio, including DC architecture design, virtualization, compute, network, storage and cloud computing.
Prashant Jagannathan, Technical Director, Catalogic
Prashant has 10 years of experience in the IT industry. He is part of the Business Development team at Catalogic and is responsible for working with the technical teams of strategic business partners and identifying joint solutions and potential integration in products. Prior to Catalogic, Prashant was a APAC Team lead in Syncsort Inc., where he managed the technical sales operations in the Asia-Pacific region.
For their support and contribution to the design, validation and creation of this Cisco Validated Design (CVD), the authors acknowledge:
· Haseeb Niazi, Technical Marketing Engineer, Computing Systems Product Group, Cisco Systems, Inc.