VNPT Account Planning Key Projects Review
Download
Report
Transcript VNPT Account Planning Key Projects Review
Technology Horizons
- Innovation and investment focus for the next 2 years
Lee Kok Keong
Consulting Systems Architect
Cisco Systems
[email protected]
•
Budget Constraints
•
Asset Management
•
Speed of Change in Technology
•
Qualified Personnel and Management
•
Aging population of COBOL staff
•
Conflicting Priorities on Projects
•
Customer Privacy Issues
•
Internal Security
•
Extending DECNet
•
Business Line Expansion
•
Technical Divide
•
External Access to Internal Data
•
Technology for Labor Substitution Path
•
Internal Understanding of Technology
•
Control versus Creativity
© 2010 Cisco and/or its affiliates. All rights reserved.
Consumer IT driving Business IT
External Intrusion Threats
Speed of technological Transition
Customer Expectations for Access to
Data
Customer Verification/Identification
Customer Knowledge of Technology
Industry Competition
Outsourcing/Insourcing
Stability of Some Industry Sectors
Internet Viability/Universal Connectivity
Industry Professionalism/Skill
Market/Economy Concerns
Analysts’ Expectations
Regulation and Legal Challenges
Continuing Improvements in
Technology
Patent Standards/Infringements
Cisco Confidential
2
•Smart devices outsold PC
•Windows 8 adds ARM microprocessor support
•3G/LTE finally taking off – no, not video-call, but data
•Mobile Technology – LTE, IP-RAN, WiFi Offload
•IPv6
•Virtualization – Network, Storage, Compute, Desktop
•Commercial Cloud is taking off (finally)
•Service Providers transforming their business model
•National effort in building high speed broadband
© 2010 Cisco and/or its affiliates. All rights reserved.
Cisco Confidential
3
© 2010 Cisco and/or its affiliates. All rights reserved.
Cisco Confidential
4
Is my end users embracing these changes
How does it change their behavior, interactions with our services
How does it affect security/regulatory policies
How can we capitalize/take control on these changes
How does it help in addressing new requirement/Cost control
How long is the runway to get there
How do we build expertise around these changes
Fundamental Change to Application delivery
Fundamental Change to IT infrastructure
© 2010 Cisco and/or its affiliates. All rights reserved.
Cisco Confidential
5
Data Center
Network
End Points
IP/MPLS/Internet
3G /LTE
Cloud Service Orchestration++
++
++
++
++
++
++
Customer Management
Chargeback
Portal Dashboard
Infrastructure Service
SLA
Management Delivery Management
++
++
People
Virtual
Apps
Virtual
Apps
OS
OS
OS
Thin
Client
Mobile
Client
++
Quality
Cost
Federated
Management
Management CMDB
Tools
Virtual
Apps
IPv6
Process
VDI
© 2010 Cisco and/or its affiliates. All rights reserved.
Cisco Confidential
6
Great Benefits…but also New Challenges
New Paradigm
Virtual Machine is the New “Atomic Unit”
Dynamic Movement of VMs / Applications
New Options: Clouds, Workload Portability
Infrastructure
Per-Virtual Machine services required
Network, storage virtualization
New emphasis on Security, Trust, QoS
Organization
Breaks Current Organizational Model
Reduces Visibility into ‘Hidden’ Resources
Requires Continuous Availability/Provisioning
© 2010 Cisco and/or its affiliates. All rights reserved.
Cisco Confidential
7
Virtualization – it’s not new
1972
•VM/CMS – VM stands for Virtual Machine
•Used in IBM mainframe System/370, System/390
•First release 1972
•Control program is called a Hypervisor – provides full virtualization of
system I/O
•Each mainframe runs hundreds of thousands of VMs
© 2010 Cisco and/or its affiliates. All rights reserved.
Cisco Confidential
8
Modern Day Virtualization
- Reduces CapEx/OpEx through Consolidation
Typical
Consolidation: 10:1
Typical Cost Savings:
•
•
•
•
Reduce H/W and OpEx costs
Reduce energy costs
Reduce provisioning time up
Save $ / yr per server workload
Virtualization
Decouples software from
hardware
Encapsulates Operating
Systems and applications into
“Virtual Machines”
© 2010 Cisco and/or its affiliates. All rights reserved.
Aggregates Servers, Storage
and Network—Foundation for
Internal and External Cloud
Infrastructure
Cisco Confidential
9
Scaling DC Bandwidth with FabricPath
Example: 2,048 X 10GE Non-blocking Server Design
•
16X improvement in bandwidth performance
•
From 74 managed devices to 12 devices
•
2X+ increase in network availability
•
Simplified IT operations
Traditional Spanning Tree Based Network
FabricPath Based Network
Blocked Links
Network Fabric
4
Pods
8 Access Switches
64 Access Switches
2, 048 Servers
2, 048 Servers
© 2010 Cisco and/or its affiliates. All rights reserved.
Cisco Confidential
10
1. vMotion moves VMs across
physical ports—the network
policy must follow vMotion
2. Must view or apply
network/security policy to
locally switched traffic
Port
Group
Security
Admin
Server
Admin
Server Admin
3. Need to maintain segregation
of duties while ensuring nondisruptive operations
Network
Admin
© 2010 Cisco and/or its affiliates. All rights reserved.
Cisco Confidential
11
Virtual Security Gateway
-Compare this to traditional 3-Tier enterprise design
Virtual
Security
Gateway
(VSG)
Virtual
Network
Management
Center
(VNMC)
© 2010 Cisco and/or its affiliates. All rights reserved.
Context aware
Security
VM context aware rules
Zone based
Controls
Establish zones of trust
Dynamic, Agile
Policies follow vMotion
Best-in-class
Architecture
Efficient, Fast, Scale-out SW
Non-Disruptive
Operations
Security team manages security
Policy Based
Administration
Designed for
Automation
Central mgmt, scalable deployment,
multi-tenancy
XML API, security profiles
Cisco Confidential
12
Data Center
Network
End Points
IP/MPLS/Internet
3G /LTE
Cloud Service Orchestration++
++
++
++
++
++
++
Customer Management
Chargeback
Portal Dashboard
Infrastructure Service
SLA
Management Delivery Management
++
++
People
Virtual
Apps
Virtual
Apps
OS
OS
OS
Thin
Client
Mobile
Client
++
Quality
Cost
Federated
Management
Management CMDB
Tools
Virtual
Apps
IPv6
Process
VDI
© 2010 Cisco and/or its affiliates. All rights reserved.
Cisco Confidential
13
OTV delivers a virtual L2 transport over any L3 Infrastructure
O
T
V
Overlay - A solution that is independent of the infrastructure
technology and services, flexible over various inter-connect
facilities
© 2010 Cisco and/or its affiliates. All rights reserved.
Transport - Transporting services for layer 2 and layer 3
Ethernet and IP traffic
Virtualization - Provides virtual stateless multi-access
connections, which can be further partitioned into VPNs, VRFs,
VLANs
Cisco Confidential
14
Data Center A
Data Center B
LD VMotion
OTV Ethernet Extension
Any Transport
A significant advancement for virtualized environments by simplifying and
accelerating long-distance workload migrations
© 2010 Cisco and/or its affiliates. All rights reserved.
Cisco Confidential
15
• Today: IP Address = Identity + Location bundled together
• LISP decouples Identity (Host IP) from Location (Gateway IP)
• ID to Location mappings are kept in an ‘out-of-band’ Directory
• Traffic is routed in the core based solely on location
Traffic is IP in IP encapsulated
• LISP Benefits
Internet & Intranet Scalability
Reduction of Routing Table IP state
Directory
Flexible Routing Policy
Prefix Portability
Seamless Mobility
VPN semantics (multi-tenancy)
IPv4/IPv6 co-existence
Resolution & Registration
Data Path
© 2010 Cisco and/or its affiliates. All rights reserved.
Cisco Confidential
16
Asia Pacific area has run out of IPv4 address
- New connections have to be put on IPv6
It’s not about the technology
- it’s about Business Continuity
- it’s about compliance
What is your IPv6 transition plan ?
How does it affect your IT infrastructure ?
© 2010 Cisco and/or its affiliates. All rights reserved.
Cisco Confidential
17
IPv4 Addresses
© 2010 Cisco and/or its affiliates. All rights reserved.
Population
Cisco Confidential
18
• Government agencies should expect their users, partners, and remote
employees to have a mix of connectivity
Public IPv4-only
Public IPv4 and IPv6
Shared IPv4-only
Shared IPv4 and IPv6
IPv6 only
Every agencies must be ready for this mix
(it cannot select the Service Providers of its end users)
The days of one public IPv4 for each Internet user are over.
© 2010 Cisco and/or its affiliates. All rights reserved.
Cisco Confidential
19
IPv6
Internet
IPv4
Internet
ISP
Dual stack Core
IPv4 core
ISP
dual stack Core
ISP
dual stackCore
The idea of crossing a bridge is – to get to the other end
P
P
NAT44
6rd RG
Subscriber
Network
Subscriber
Network
Automatic Tunnel:
6RD or L2TP
© 2010 Cisco and/or its affiliates. All rights reserved.
PE
NAT64
PE
NAT44 or PRR
IPv4 over IPv6
CPE
NAT44
6RD or L2TP
PE
PE
Translator: NAT444
Dual stack
Access/Core
IPv6 Access
Network
IPv6 Access
Network
PE
PE
PE
CPE
CPE
IPv4 Access
Network
IPv4 Access
Network
CPE
6rd BR
Subscriber
Network
Dual Stack: IPv6 Native
(Dual Stack)
Subscriber
Network
Translator: AFT
CPE
NAT44
Subscriber
Network
Automatic Tunnel:
DS-Lite
Cisco Confidential
20
Ref : http://sixy.ch/
© 2010 Cisco and/or its affiliates. All rights reserved.
Cisco Confidential
21
Data Center
Network
End Points
IP/MPLS/Internet
3G /LTE
Cloud Service Orchestration++
++
++
++
++
++
++
Customer Management
Chargeback
Portal Dashboard
Infrastructure Service
SLA
Management Delivery Management
++
++
People
Virtual
Apps
Virtual
Apps
OS
OS
OS
Thin
Client
Mobile
Client
++
Quality
Cost
Federated
Management
Management CMDB
Tools
Virtual
Apps
IPv6
Process
VDI
© 2010 Cisco and/or its affiliates. All rights reserved.
Cisco Confidential
22
Compliance Ops:
•
How do I ensure corp
compliance (SOX, HIPAA,
etc.)?
Security Ops:
•
•
How do I protect my network
and data assets from
unauthorized access, malware,
attacks, DLP, device
loss/theft, etc.?
Which users are using what
devices? How do I implement
multiple security policies
per user, device, etc.?
Network Ops:
•
•
•
What devices are on my
networks?
Which users are using
what devices?
What apps are being
accessed?
What are the real-time app
perf metrics?
Network Eng:
•
•
•
How do I troubleshoot
Access problem?
How do I separate
device issues from network
and policy issues?
How do I ensure user
experience?
Applications Team:
•
•
•
How do I ensure consistent App experience on
all devices?
How do we troubleshoot App vs. Network vs. Device
problems?
How do we ensure Application interoperability?
© 2010 Cisco and/or its affiliates. All rights reserved.
Endpoint Team:
How and what do I support?
How do I handle asset
management?
Cisco Confidential
23
Platform
iPhone
iPad
BlackBerry
Android
Others
Total
July 2010
July 2011
5,895
17,337
22%
40%
677
5,933
2%
14%
14,910
13,917
55%
32%
209
3,822
1%
9%
5,433
2,049
20%
5%
27,124
43,058
Smartphones and Tablets
at Cisco, July 2011
32%
40%
Cisco’s total mobile device count grew 59% in 12 months.
© 2010 Cisco and/or its affiliates. All rights reserved.
Cisco Confidential
24
27.9% of users today have > 1 device (24.2% in Aug)
8,017 iPads
10.9% Growth
Tablet based devices
20,078
iPhones
5.3% Growth
6,534
12,617
Android Devices
BlackBerry Devices
22% Growth
-3.2% Growth
Mobile Smartphone Devices
2,632
Other Devices
4.7% Growth
Desktop Landscape
85,460
Windows PC’s
© 2010 Cisco and/or its affiliates. All rights reserved.
16,000
Apple Mac’s
7,175
Linux Desktops
2000 (Pilot)
Desktop Virtualization
Cisco Confidential
25
25
Taking BYOD heads on
Broad Mobile Support
•
Fixed and semi-fixed platforms
•
Mobile platforms
Corporate
Office
Mobile
User
Home
Office
Persistent Connectivity
•
Always-on connectivity
•
Optimal gateway selection
•
Automatic hotspot negotiation
•
Seamless connection hand-offs
Wired
Wi-Fi
Cellular/
Wi-Fi
Next-Gen Unified Security
•
User/device identity
•
Posture validation
•
Integrated web security for
always-on security (hybrid)
•
Clientless and desktop virtualization
Secure,
Consistent
Access
Voice, Video, Apps, Data
© 2010 Cisco and/or its affiliates. All rights reserved.
Cisco Confidential
26
Connect to
1 Connection
Broker
2 Identify
target
VM
3 Query for
user policy
4
Start
target
VM
5
Return
VM to
endpoint
6
Connect
VM to
endpoint
Successful
7 connection
Thin Client
Active Directory
Smartdevices
Connection Broker
Virtual Infrastructure
Authentication
Zero Client
© 2010 Cisco and/or its affiliates. All rights reserved.
Virtual
Infrastructure
Management
Display Protocol
Cisco Confidential
27
Business Agility
Consolidation, Virtualization, Automation
COMPUTE
EVOLUTION
Data Center
Storage Consolidation
Consolidation
Data Center
Virtualization
WEB 2.0
BYOD
Data Center
Networking
Client/
Server
Mainframes
IPv6
Internet
1. Consolidation
2. Integration
3. Virtualization
4. Automation
TCP/IP
SNA/DecNet/IPX
1960
1980
© 2010 Cisco and/or its affiliates. All rights reserved.
2000
NETWORK
EVOLUTION
2010
Cisco Confidential
28
Thank you.