I'm Artem Klavdiev, technical leader of the hyperconverged cloud HyperCloud project at Linxdatacenter. Today I will continue the story about the Cisco Live EMEA 2019 global conference. Let's immediately move from the general to the specific, to the announcements presented by the vendor at specialized sessions.
This was my first participation in Cisco Live, the mission is to attend the events of the technical program, immerse myself in the world of advanced technologies and solutions of the company and gain a foothold in the forefront of specialists attached to the ecosystem of Cisco products in Russia.
It turned out to be difficult to implement this mission in practice: the program of technical sessions turned out to be super-saturated. All round tables, panels, master classes and discussions, divided into many sections and starting in parallel, cannot be visited simply physically. Absolutely everything was discussed: data centers, network, information security, software solutions, hardware - any aspect of the work of Cisco and vendor partners was presented in a separate section with a huge number of events. I had to follow the recommendations of the organizers and draw up a kind of personal program for events, having booked seats in the halls in advance.
I will dwell in more detail on the sessions that I managed to attend.
Accelerating Big Data and AI/ML on UCS and HX (Acceleration of AI and machine learning on UCS and HyperFlex platforms)
This session was devoted to an overview of Cisco platforms for the development of solutions based on artificial intelligence and machine learning. Semi-marketing event interspersed with technical issues.
The bottom line is this: IT engineers and data scientists today spend a significant amount of time and resources designing architectures that combine legacy infrastructure, multiple stacks to provide machine learning, and software to manage this complex.
To simplify this task, Cisco serves: the vendor focuses on changing the traditional patterns of managing data centers and workflows by increasing the level of integration of all the components necessary for AI / ML.
As an example, a case of cooperation between Cisco and : Companies are combining UCS and HyperFlex platforms with industry-leading AI/ML software products like to create a comprehensive on-premise infrastructure.
The company described how KubeFlow, deployed on UCS/HX in combination with the Cisco Container Platform, allows transforming the solution into something that the company's employees called "Cisco/Google open hybrid cloud" - an infrastructure in which it is possible to implement the symmetrical development and operation of the working environment under AI tasks simultaneously based on on-premise components and in Google Cloud.
Internet of Things (IoT) session
Cisco is actively promoting the idea of ββthe need to develop IoT based on its own network solutions. The company talked about its product Industrial Router - a special line of small-sized LTE switches and routers with increased fault tolerance, moisture resistance and the absence of moving parts. Such switches can be built into any objects of the surrounding world: transport, industrial facilities, commercial buildings. Key Idea: "Deploy these switches in your facilities and manage them from the cloud with a centralized console." The line is powered by Kinetic Software to streamline remote deployment and management. The goal is to increase the manageability of IoT systems.
ACI-Multisite Architecture and Deployment (ACI or Application Centric Infrastructure, and network microsegmentation)
Session devoted to the concept of infrastructure focused on micro-segmentation of networks. It was the most complex and detailed session that I managed to attend. The general message from Cisco was the following: traditional elements of IT systems (network, servers, storage, etc.) used to be connected and configured separately. The task of the engineers was to bring everything into a single working controlled environment. UCS changed the situation - the network part was separated into a separate area, and server management began to be carried out centrally from a single panel. It does not matter how many servers - 10 or 10, any number is controlled from a single control point, both control and data transfer take place on one wire. ACI allows you to bring both networks and servers into one management console.
So, micro-segmentation of networks is the most important function of ACI, which allows you to granularly separate applications in the system with different levels of dialogue between themselves and with the outside world. For example, two virtual machines running ACI cannot communicate with each other by default. Interaction with each other is opened only by opening the so-called "contract", which allows you to describe in detail access-lists for detailed (in other words, micro) network segmentation.
Microsegmentation allows you to achieve a point setting of any segment of the IT system by isolating any components and linking them together in any configuration of physical and virtual machines. Computational Finite Element Groups (EPGs) are created to which filtering and traffic routing policies are applied. Cisco ACI allows existing applications to group these EPGs into new micro-segments (uSegs) and configure network policies or VM attributes for each specific micro-segment element.
For example, you can assign web servers to an EPG in order to apply the same policies to them. By default, all compute nodes in an EPG are free to communicate with each other. However, if the web EPG includes web servers for the development and production phases, it might make sense to prevent them from communicating with each other in order to guarantee against failures. Micro-segmentation with Cisco ACI allows you to create a new EPG and automatically apply policies to it based on VM name attributes such as "Prod-xxxx" or "Dev-xxx".
Certainly, it was one of the key sessions of the technical program.
Effective evolution of a DC Networking (Evolution of a data center network in the context of virtualization technologies)
This session was logically connected with the session about network micro-segmentation, and also touched upon the topic of container networking. In general, it was about migration from virtual routers of one generation to routers of another - with architecture diagrams, connection diagrams between different hypervisors, etc.
Thus, the ACI architecture - VXLAN, micro-segmentation and a distributed firewall, which allow you to configure the firewall for conditional 100 virtual machines.
The ACI architecture allows these operations to be carried out not at the virtual OS level, but at the virtual network level: it is safer to configure for each machine a certain set of rules not from the OS, manually, but at the virtualized network level, safer, faster, less labor-intensive, etc. Better control of everything that happens - on every segment of the network. What's new:
- ACI Anywhere allows you to distribute policies to public clouds (currently AWS, in the future - to Azure), as well as on-premise elements or on the web, simply by copying the necessary configuration of settings and policies.
- Virtual Pod - a virtual instance of ACI, a copy of the physical control module, its use requires a physical original (but this is not accurate).
How it can be applied in practice: extending network connectivity into large clouds. Multicloud is coming, more companies are using hybrid configurations, faced with the need for disparate network configurations in each cloud environment. Now ACI Anywhere gives the chance to spread networks with the uniform approach, protocols and policies.
Designing Storage Networks for the Next-decade in an AllFlash DC (SAN)
An interesting session about SAN networks with a demonstration of a set of best practices for setting up.
Top content: overcoming slow drain on SANs. It occurs when any of two or more data arrays is upgraded or replaced with a more productive configuration, and the rest of the infrastructure does not change. This leads to "braking" of all applications running on this infrastructure. The FC protocol does not have the window size negotiation technology that the IP protocol has. Therefore, with an imbalance in the amount of information sent and the bandwidth and computing areas of the channel, there is a chance to catch a slow drain. Recommendations to overcome - to control the balance of bandwidth and speed of the host edge and storage edge in such a way that the speed of link aggregation is greater than in the rest of the factory. We also considered ways to detect slow drain, such as traffic segregation using vSAN.
Much attention was paid to zoning. The main recommendation for setting up a SAN is to follow the β1 to 1β principle (1 initiator is registered for 1 target). And if the network factory is large, then this generates a huge amount of work. However, the TCAM list is not infinite, so Cisco's SAN management software solutions have smart zoning and auto zoning options.
HyperFlex Deep Dive Session
Find me in the photo π
This session was devoted to the HyperFlex platform as a whole - its architecture, data protection methods, various application scenarios, including new generation tasks: for example, data analytics.
The main message is that the capabilities of the platform allow today to customize it for any task, scaling and distributing its resources between the tasks facing the business. Platform experts presented the main advantages of the platform's hyper-converged architecture, the main of which today is the ability to quickly deploy any advanced technology solutions with minimal infrastructure configuration costs, reducing IT TCO and increasing productivity. Cisco delivers all of these benefits through advanced networking solutions and management and control software.
A separate part of the session was devoted to Logical Availability Zones, a technology that allows you to increase the fault tolerance of server clusters. For example, if there are 16 nodes assembled in a single cluster with a replication factor of 2 or 3, then the technology will create copies of servers, blocking the consequences of possible server failures by sacrificing space.
Results and conclusions
Cisco is actively promoting the idea that today absolutely all the possibilities for configuring and monitoring the IT infrastructure are available from the clouds, and these solutions need to be switched to as soon as possible and in droves. Simply because they are more convenient, eliminate the need to solve a mountain of infrastructure issues, and make your business more flexible and modern.
As the performance of devices increases, so do the risks associated with them. 100-gigabit interfaces are already real, and you need to learn how to manage technologies in relation to business needs and your competencies. IT infrastructure deployment has become simple, but management and development has become much more complicated.
At the same time, there seems to be nothing radically new in terms of basic technologies and protocols (everything is on Ethernet, TCP / IP, etc.), but multiple encapsulation (VLAN, VXLAN, etc.) makes the overall system extremely complex. Superficially simple interfaces today hide very complex architectures and problems, and the price of one mistake is increasing. Easier to manage - easier to make a fatal miss. You should always remember that the policy you change is applied instantly and applies to all devices in your IT infrastructure. Going forward, the introduction of the latest technological approaches and concepts such as ACI will require a radical upgrade in training and development of processes within the company: simplicity will come at a high price. With progress, risks of a completely new level and profile appear.
Finale
While I was preparing an article about Cisco Live technical sessions for publication, my colleagues from the cloud team managed to visit Cisco Connect in Moscow. And here's what they heard there.
Panel discussion on the challenges of digitalization
Speech by IT managers of the bank and the mining company. Summary: if earlier IT specialists came to the management for approval of purchases and achieved it with difficulty, now the opposite is true - the management runs after IT as part of the digitalization processes of the enterprise. And here two strategies are noticeable: the first one can be called βinnovativeβ - to find new products, filter, test and find practical application for them, the second, βthe strategy of early adoptersβ, involves the ability to find cases from Russian and foreign colleagues, partners, vendors and use them in your company.
Booth "Data centers with the new server Cisco AI Platform (UCS C480 ML M5)"
The server contains 8 NVIDIA V100 chips + 2 Intel CPUs up to 28 cores + up to 3 TB of RAM + up to 24 HDD/SSD drives all in one 4-unit chassis with a powerful cooling system. Designed to run applications based on artificial intelligence and machine learning, in particular TensorFlow delivers a performance of 8x125 teraFLOPs. On the basis of the server, a system for analyzing the routes of conference visitors was implemented by processing video streams.
New Nexus 9316D Switch
In a 1-unit case, 16 400 Gb ports are placed, this is a total of 6.4 Tbps.
For comparison, I looked at the peak traffic of the largest traffic exchange point in Russia MSK-IX - 3.3 Tbit, i.e. a significant part of the Runet in the 1st unit.
Able to L2, L3, ACI.
And finally: a picture to attract attention with our presentation on Cisco Connect.
First article:
Source: habr.com