This is a quick summary of my interlocks with Cisco IT organization and some key takeaways on their drive to increase automation and orchestration in running their cloud enabling network.
Size of Cisco IT deployment
A Large network needs a powerful orchestration engine to automate and coordinate all the different elements. For such a massive scale infrastructure deployment Cisco IT heavily leverages Cisco NSO as the automation and orchestration engine. Multi-vendor and multi-domain capabilities of Cisco NSO play a major role to enable automation and delight the network professionals.
Cisco IT Cloudport implementation leveraging automation with NSO
Typically, the enterprise applications and data is hosted in data centers and accessed by employees and partners from either the campus network or in these times of lockdown remote access VPNs. Increasingly, most enterprise applications are moving to public clouds mostly in the form of public SaaS but also public IaaS.
Essentially Cisco Cloudport enables access to to Cloud Vendors (eg GCP / AWS / Azure) and SaaS application vendors via secure cloud exchange point delivering Carrier and Cloud Neutrality. End user is able to take advantage of colocation facility & cloud economics to access application and services running on the cloud.
Cloud Services Exchange with NSO automation
The visual below showcases how NSO is being leveraged for the Cisco IT Cloudport deployment, primarily two use cases:
- Site to site provisioning: Backbone / IP/MPLS backhaul provisioning
- Instantiation and activation of network services and applications
Cisco SAE solution architecture
Cisco Cloudport leverages technology that NSO enables in the Secure Agile Exchange (Cisco SAE) solution. Technical information on SAE can be found here:
- Cisco NSO based service orchestration
- Fully provisioned and flow optimized deployment of infrastructure
- Secure cloud connectivity to IaaS Google Cloud, Amazon AWS and SaaS environments.
- CNF(Carrier Neutral Facility) based platform to host virtualized network services with a switching fabric to allow scalable and flexible provisioning of services
- Out of box deployment and Cisco validated solution
Other Cisco IT NSO Deployment and trials:
- Cloud and DC: Compliance config deployment in IOS, NX and XR devices
- Cloud and DC: Transition config model to services (AAA, DNS, NTP, Syslog etc.)
- Branch Office as a Service Experience & Automation (services such as new office, change VLAN/subnet, capacity upgrade, fleet upgrade, modify QoS etc.)
- Administrative and UI Experience (configuration life cycle management, ACL management, topology based config changes, services based compliance assessment, remediation etc.)
- Zero-Touch Deployment using PnP service (pnp service validation, home office/CVO config automation)
Benefits that Cisco IT sees with NSO
Transactional & Policy Enforcement:
- Only required change lines and to only the devices requiring them
- Easy rollback
- Allow us to define and enforce policies before configuration deployment
- Easy compliance assessment & remediation
Flexibility through DevOps approach:
- Allows us to wrap required business logic around orchestration quickly
- Strong API support and user customizable components
- More flexibility than current tools
- True programmable interface to network device
- Allow to build our own User Experience (UI)
- Good network device specific simulation environment
Strong Partnership & Product Support:
- Good breadth of product support (IOS, NX-OS, ASA, Citrix, APIC-DC)
- Multi-vendor
- Good support from the BU on NED enhancements (2 weeks SLA) :-)