Chris Swan's CloudExpo Europe presentation "Keeping control when moving applications to the cloud"
Chris Swan's CloudExpo Europe presentation originally given 27 Feb in the Cloud Management, Services and Applications Theatre.
Keeping control when moving applications to the cloud
6. copyright 2014
Providers and Customers
have different concerns
Layer
0
Layer
4
Layer
3
Layer
2
Layer
1
Layer
5
Layer
7
Layer
6
Virtualization
Layer
Hardware
Ownership
Layer
Limits of access, control, & visibility
UserControl
Service Provider SDN starts at the
bottom of the network with the
"device" and network flows.
Application SDN (using NFV)
begins at the top of the network
with the enterprise application, its
owner and their collective technical
and organizational demands.
6
7. copyright 2014 7
Extend enterprise network to the cloud
Customer Data CenterCustomer Remote Office
NFV
Overlay Network
Subnet: 172.31.0.0/22
Overlay IP: 172.31.1.1 Overlay IP: 172.31.1.5 Overlay IP: 172.31.1.9 Overlay IP: 172.31.1.13 Overlay IP: 172.31.1.17 Overlay IP: 172.31.1.21
Cloud Server ACloud Server B Cloud Server C Cloud Server D Cloud Server E Cloud Server F
Active IPsec
Tunnel
Active IPsec Tunnel
Failover IPsec
Tunnel
192.168.4.0/24 -
172.31.1.0/24
192.168.3.0/24 -
172.31.1.0/24
Firewall / IPsec
Cisco 5505
Firewall / IPsec
Cisco 5585
Data Center
Server
Data Center
Server
LAN IP:
192.168.4.50
LAN IP:
192.168.4.100
User Workstation
LAN IP:
192.168.3.100
User Workstation
LAN IP:
192.168.3.50
Chicago, IL USA
Remote Subnet:
192.168.3.0/24
London, UK
Remote Subnet:
192.168.4.0/24
Public IP:
184.73.174.250
Overlay IP:
172.31.1.250 Public IP:
54.246.224.156
Overlay IP:
172.31.1.246
Public IP:
192.158.29.143
Overlay IP:
172.31.1.242
Peered Peered
US EMEA
NFVNFV
APAC
8. copyright 2014 8
Using a networking Swiss Army knife
Firewall
Dynamic &
Scriptable
SDN
Protocol
Redistributor
IPsec/SSL VPN
concentrator
Router Switch
NFV
Hybrid
virtual
device
able to
extend to
multiple
sites
Application SDN (Software Defined Network) Appliances
• Allow control, mobility & agility by separating network location
and network identity
• Control over end to end encryption, IP addressing and network
topology
10. copyright 2014 10
Extend enterprise network to the cloud
Customer Data CenterCustomer Remote Office
NFV
Overlay Network
Subnet: 172.31.0.0/22
Overlay IP: 172.31.1.1 Overlay IP: 172.31.1.5 Overlay IP: 172.31.1.9 Overlay IP: 172.31.1.13 Overlay IP: 172.31.1.17 Overlay IP: 172.31.1.21
Cloud Server ACloud Server B Cloud Server C Cloud Server D Cloud Server E Cloud Server F
Active IPsec
Tunnel
Active IPsec Tunnel
Failover IPsec
Tunnel
192.168.4.0/24 -
172.31.1.0/24
192.168.3.0/24 -
172.31.1.0/24
Firewall / IPsec
Cisco 5505
Firewall / IPsec
Cisco 5585
Data Center
Server
Data Center
Server
LAN IP:
192.168.4.50
LAN IP:
192.168.4.100
User Workstation
LAN IP:
192.168.3.100
User Workstation
LAN IP:
192.168.3.50
Chicago, IL USA
Remote Subnet:
192.168.3.0/24
London, UK
Remote Subnet:
192.168.4.0/24
Public IP:
184.73.174.250
Overlay IP:
172.31.1.250 Public IP:
54.246.224.156
Overlay IP:
172.31.1.246
Public IP:
192.158.29.143
Overlay IP:
172.31.1.242
Peered Peered
US EMEA
NFVNFV
APAC
12. copyright 2014 12
Extend enterprise network to the cloud
Customer Data CenterCustomer Remote Office
NFV
Overlay Network
Subnet: 172.31.0.0/22
Overlay IP: 172.31.1.1 Overlay IP: 172.31.1.5 Overlay IP: 172.31.1.9 Overlay IP: 172.31.1.13 Overlay IP: 172.31.1.17 Overlay IP: 172.31.1.21
Cloud Server ACloud Server B Cloud Server C Cloud Server D Cloud Server E Cloud Server F
Active IPsec
Tunnel
Active IPsec Tunnel
Failover IPsec
Tunnel
192.168.4.0/24 -
172.31.1.0/24
192.168.3.0/24 -
172.31.1.0/24
Firewall / IPsec
Cisco 5505
Firewall / IPsec
Cisco 5585
Data Center
Server
Data Center
Server
LAN IP:
192.168.4.50
LAN IP:
192.168.4.100
User Workstation
LAN IP:
192.168.3.100
User Workstation
LAN IP:
192.168.3.50
Chicago, IL USA
Remote Subnet:
192.168.3.0/24
London, UK
Remote Subnet:
192.168.4.0/24
Public IP:
184.73.174.250
Overlay IP:
172.31.1.250 Public IP:
54.246.224.156
Overlay IP:
172.31.1.246
Public IP:
192.158.29.143
Overlay IP:
172.31.1.242
Peered Peered
US EMEA
NFVNFV
APAC
14. copyright 2014 14
Extend enterprise network to the cloud
Customer Data CenterCustomer Remote Office
NFV
Overlay Network
Subnet: 172.31.0.0/22
Overlay IP: 172.31.1.1 Overlay IP: 172.31.1.5 Overlay IP: 172.31.1.9 Overlay IP: 172.31.1.13 Overlay IP: 172.31.1.17 Overlay IP: 172.31.1.21
Cloud Server ACloud Server B Cloud Server C Cloud Server D Cloud Server E Cloud Server F
Active IPsec
Tunnel
Active IPsec Tunnel
Failover IPsec
Tunnel
192.168.4.0/24 -
172.31.1.0/24
192.168.3.0/24 -
172.31.1.0/24
Firewall / IPsec
Cisco 5505
Firewall / IPsec
Cisco 5585
Data Center
Server
Data Center
Server
LAN IP:
192.168.4.50
LAN IP:
192.168.4.100
User Workstation
LAN IP:
192.168.3.100
User Workstation
LAN IP:
192.168.3.50
Chicago, IL USA
Remote Subnet:
192.168.3.0/24
London, UK
Remote Subnet:
192.168.4.0/24
Public IP:
184.73.174.250
Overlay IP:
172.31.1.250 Public IP:
54.246.224.156
Overlay IP:
172.31.1.246
Public IP:
192.158.29.143
Overlay IP:
172.31.1.242
Peered Peered
US EMEA
NFVNFV
APAC
16. copyright 2014 16
Extend enterprise network to the cloud
Customer Data CenterCustomer Remote Office
NFV
Overlay Network
Subnet: 172.31.0.0/22
Overlay IP: 172.31.1.1 Overlay IP: 172.31.1.5 Overlay IP: 172.31.1.9 Overlay IP: 172.31.1.13 Overlay IP: 172.31.1.17 Overlay IP: 172.31.1.21
Cloud Server ACloud Server B Cloud Server C Cloud Server D Cloud Server E Cloud Server F
Active IPsec
Tunnel
Active IPsec Tunnel
Failover IPsec
Tunnel
192.168.4.0/24 -
172.31.1.0/24
192.168.3.0/24 -
172.31.1.0/24
Firewall / IPsec
Cisco 5505
Firewall / IPsec
Cisco 5585
Data Center
Server
Data Center
Server
LAN IP:
192.168.4.50
LAN IP:
192.168.4.100
User Workstation
LAN IP:
192.168.3.100
User Workstation
LAN IP:
192.168.3.50
Chicago, IL USA
Remote Subnet:
192.168.3.0/24
London, UK
Remote Subnet:
192.168.4.0/24
Public IP:
184.73.174.250
Overlay IP:
172.31.1.250 Public IP:
54.246.224.156
Overlay IP:
172.31.1.246
Public IP:
192.158.29.143
Overlay IP:
172.31.1.242
Peered Peered
US EMEA
NFVNFV
APAC
18. copyright 2014 18
Applications can lose context when moved to the
cloud and separated from enterprise security,
management and monitoring
Extend the enterprise network to the cloud using
NFV to get control over:
Security
Topology
Addressing
Protocols
Summary
19. copyright 2013 19
The CloudCamp Team 'Fireside
Chat' - why is it still called cloud?
19
12:45 - 13:10 in Management, Services and
Applications Stream