cancel
Showing results for 
Search instead for 
Did you mean: 
cancel

Getting Started With Service Containers

7196
Views
7
Helpful
0
Comments
Beginner

Introduction

An interesting BBC article about barcodes shows how IT relevance can dramatically change retail and manufacturing. Although an early barcode was developed in the late 1940’s, it took engineers at IBM, in the 1970’s, to create modern day laser-scanned systems and the race for the development of the semiconductor laser diode within GE (led by Nick Holonyak and Bob Hall), all combined, to transform manufacturing and retail with barcodes. It wasn’t long into the early 1970’s that the larger retailers began hiring heads of Information Systems to make the best use of computers and networks. The early immediate applications were accounts related, sales analysis, even bad check number databases stored locally, to combat fraud. One large retailer at the time had massive issues with payables because they had various vendors supplying merchandise. The retailer had difficulties confirming quantities actually received and payments made. The desire to solve this single problem alone was enough to justify their entire IT infrastructure.

ibm_3653.jpg

IBM 3653 Point of Sale Terminal – source: IBM 3650 Retail Store System Introduction literature

Despite moving on from those times, traditionally branches have always needed a dedicated server for running day-to-day operations. Much of the IT resources resided in HQ sites and today in private or public clouds, but some tasks required local computers. Many applications were not designed to operate over the slower WAN at that time. Nowadays there are still requirements for print servers, data backup systems and store surveillance systems to run locally. Many of the retail stores in my town still have plenty of applications like stock management reports, delivery handling, stock checks, item label printing and click-and-collect all handled with software that runs locally.

Will the demand for local computing increase? The answer is ‘yes’ due to the rise in IoT and changes in retail and customer expectations about how they shop and what assistance and support they receive from technology. It is an exciting topic for another day.

So, the need for local computing exists, but there are difficulties with just inserting a traditional workstation or server in branches. The fact is, for some sites (especially retail) a physically large PC or server is a severe compromise. Customers tell us that consumer-grade PCs are cheap but unserviceable when components like motherboards become obsolete. They end up sitting on the floor, where they are easily kicked in the manager’s (inevitable) small office, clogging up with dust into their fans, or even worse, on the store counter; perhaps integrated into the monitor, simply because there isn’t space. Server-grade PCs may have a longer product life and better support options, but there isn’t room for a large rack full of multi-vendor gear. There could even be support implications if different-vendor equipment is inside a rack supplied by one of the vendors.

Enabling the Branch-in-a-Box with a Services Plane

The Unified Compute System (UCS) enterprise server technology allowed for development of server-grade compute cards, known as UCS-E, that made their way into routers such as the ISR G2, ISR 4300 and ISR 4400 series. They can out-perform many traditional servers. If you’ve ever looked inside a Cisco router you’ll not failed to have noticed how components like fans and ducts are placed, even down to the orientation of DRAM memory sticks, all intended to channel air where it is needed. Servers can run for longer, are cooler, and therefore clock faster when they are running inside such a router.

4331-inside.jpg

Inside an ISR 4331 router; fans are in the foreground and mSATA storage fits in the area visible on the right.

When it comes to smaller branches some scalability is needed to ensure that the same services can continue to run, but in a smaller size and lower price point. As branches grow, the UCS-E offers the full heavyweight processing capability, but for the smallest branches something else could be needed. There is in fact a solution available at zero cost provided that memory and storage is already present in the router (these can be available by default depending on what was purchased). It eliminates the need for a separate server in many branches and all the complications and costs associated with running a separate server.


All Cisco ISR 4300 and 4400 series routers contain additional processing cores built-in standard to allow full-featured services to run on-board. The technology is known as Cisco Service Containers and uses a standard hypervisor to allow x64 based applications to run.

isr4k-inside-diag.png

ISR 4000 series internal architecture


‘Full-featured’ services essentially means that full-blown server-grade applications can run; any operating system such as Linux can be used, and the processing cores have an x86-64 instruction set for compatibility with virtually all applications written today. I’ll explore some example apps and how to create a Service Container in an upcoming blog post.

What are some example applications available today?

Some example applications that can be deployed inside the routers to run on these additional processing cores include the full-featured Cisco WAAS engine that provides application acceleration and highly responsive virtual desktop experience (with Cisco ONE there is no additional charge for this, so no need for expensive WAN appliances in branches). Again, ‘full’ means the entire full-featured appliance version of Cisco WAAS. It is offered as a single file that can be deployed onto the ISR 4300/4400 series. It is called ISR-WAAS when it is running inside the router cores, and is very easy to deploy. ISR-WAAS can be found in the Operate->Service Catalogue menu option within Cisco Prime and can be deployed on a single router or multiple routers as desired.

Another example is the well-known Snort IPS (see PDF guide) which is an intrusion detection and intrusion prevention system that allows for PCI DSS (Payment Card Industry Data Security Standard) compliance with no additional appliance needed. Again, this is straightforward within Cisco Prime; go to Services->Network Services->Branch Threat Defence, choose your use-case and deploy Snort or Zone Based Firewall (ZBFW), Cloud Web Security (CWS) or Cisco Umbrella (also known as OpenDNS). Read more with this great Branch Security implementation guide (PDF).

It just needs a router with 8GB of memory and 8GB of Flash memory, and the security license. Signature subscriptions are available in 1-year and 3-year licenses (the Subscriber Ruleset includes the results from Cisco Talos organization – the Talos blog is here ).

How easy is it to deploy an app?

A cool app was very recently reported by Stefano Gridelli at NetBeez. It allows sensors (known as Beez) to be deployed in networks and these simulate real users, so that network issues can be identified proactively. The Beez sensors can run inside routers, eliminating the need for any additional servers or appliances. Stefano’s blog talks about why he used Service Containers, and how it took less than ten minutes to have the service up and running. The NetBeez documentation reports, in detail, how to install and deploy the Beez.

beezkeeper.png

The NetBeez controller, known (obviously) as the BeezKeeper!  Image source: netbeez.net

How much compute capability is there?

Virtually any app that works on a server is a good candidate for running as a Service Container. Even the smallest desktop-sized ISR 4300 series router, the ISR 4321, offers 4GB DRAM free space, 2vcpu-worth of horsepower and as much storage space as desired (internal mSATA, or hard disks and SSDs). This is sufficient to run a complete Linux virtual machine with multiple apps (either natively in Linux or inside Docker containers for instance). The larger ISR 4300/4400 series routers have 12GB free DRAM, and a total of 12vcpu – this is significant horsepower for multiple large virtual appliances. All of the platforms can be extended with NIM-sized compute modules, or full UCS-E server cards where there is an SM-X card slot (which most of the routers have).

How to create your own Service Container

There is often a learning curve with new features, but it has been rewarding to see that customers have found Service Containers easy to use. Developers have have picked up the tutorial material and installed Linux and their apps and found it straightforward. In general, the compute capabilities for these routers are very nicely executed. I’m currently working with a retail solution where, although I offered to help, the customer told me they would handle the software installation and deployment themselves – it makes my life easier!

In a nutshell to create the service container, a user just needs a Linux computer (or install Linux on their PC with something like VMware Workstation) and to create a VM inside containing Linux and any desired applications are installed as normal. Next, a script is run which bundles up the Linux VM into a .ova file. Put it on a USB memory stick and it is ready for deploying onto ISR 4300/4400 series routers!

container-nav.png

Get the tutorial and an example service container that is ready-to-run from Cisco Devnet


It is all described step-by-step in the tutorial (go to the Devnet site , hit Ctrl/Command-F and search for Docker to download a sample service container and the PDF guide), and it walks through how to create a Ubuntu Linux service container, install Docker and write a simple 15-line network troubleshooting app.

tutorial-content.png

The tutorial walks you through these steps


Also, check out the short 5-minute video walk-through showing how to install a service container.

Deploying Service Containers on the Cisco ISR 4000 Series - YouTube

What else can be run in Service Containers?

Anything is possible, but some of the typical applications that are envisaged are shown in the diagram here. I suspect a lot of IoT applications will rapidly be added to the list. At such low cost for branch compute, it makes sense to use the platform for connecting sensors and devices – especially since the routers support Power over Ethernet (PoE) across the entire range.

example-apps.jpg

Summary

The need for computing in branches will grow with the rise of IoT and in retail stores, growing customer expectations for an engaging shopping experience.  It is really easy to create and use Service Containers and it allows for scalable computing within branches. An example of how to deploy an app will be covered in my next blog! Keep an eye out for it soon.

Useful links

CreatePlease to create content
Content for Community-Ad
July's Community Spotlight Awards