Offering an Internal Cloud Service

Published: September 2018

Since 2011, Cisco developers have used our private cloud infrastructure, called Cisco IT Elastic Infrastructure Services (CITEIS), to access the compute, storage, and networking resources needed by their applications. CITEIS has been well accepted by developers due to the speed and flexibility it offers for provisioning and releasing application infrastructure. These benefits have also reduced operational costs for Cisco IT.

We are now extending the concepts behind CITEIS to an expanded internal Cisco IT Cloud’s Compute and Storage service. This service is built upon a new private-cloud infrastructure utilizing Cisco Unified Computing System™ (Cisco UCS®) C-series servers and Cisco Application-Centric Infrastructure (ACI), as well as OpenStack and other open-source software.

“Our new internal Cloud Compute and Storage service can host a broader range of applications because it offers simplified onboarding through our Multicloud Management Platform to a complete infrastructure stack, from virtual machines to application containers, cloud databases, storage, and network types. And everything is based on the latest Cisco technology and open source software,” says Rob Douglas, program manager, Cisco IT.

“Developers will access these resources through an API, similar to how they would work with an external cloud provider.”

The first offering available in the Cloud Compute and Storage service is OpenStack Project. Table 1 shows the resources and services available to our application developers from this service in OpenStack Project:

The OpenStack Project offering supports a choice of two networking models. The first model is designed for traditional, IT-managed workloads where virtual machines are attached directly to the Cisco network. The second model is designed for self-managed, cloud-native workloads where virtual machines use an OpenStack router that connects to the Cisco network with floating IP addresses.

We have focused on simplifying the onboarding experience for application developers to use the cloud service. A unified onboarding, training, and support portal allows developers to set-up their projects quickly and easily, with minimal approvals.

Cisco developers also have the option to host some workloads on public clouds, when appropriate, based on business need. A centralized API and a management platform provide consistent tools for monitoring and managing application resources across the multicloud environment.

Resilient infrastructure design

The internal cloud service is designed to offer a resilient infrastructure and is hosted across separate regional data centers. The resources are configured in three OpenStack availability zones within each data center and each zone has nodes deployed in separate cabinets in the data center. This configuration offers three primary benefits for Cisco IT and application developers:

  • Allows cloud resiliency for any localized failures
  • Maintenance can be performed on individual availability zones without impacting the others
  • Developers can incorporate the availability zones into their application design, giving them full flexibility for deploying virtual machines

The diagram shows the infrastructure design for the Cisco IT internal cloud service.

Empowered by Cisco ACI

The combination of the Cisco ACI with OpenStack enables Cisco IT to offer application developers direct, programmatic API access to standardized fabric infrastructure resources while enforcing security and governance requirements. The entire ACI fabric is accessible through an open REST API, enabling end-to-end orchestration of the complete application stack, including compute and network resources.

Desh Shukla, member of technical staff and lead design engineer for OpenStack cloud in Cisco IT, explains, “With ACI, application developers no longer need to request infrastructure resources before they start writing code. Instead, they can access and scale the resources as needed within the application itself.”

Cisco IT benefits by applying several ACI capabilities to the cloud service, including:

  • Ability to consolidate all OpenStack environments into one and use OpenStack software to dynamically orchestrate the infrastructure resources
  • Support for multiple tenant applications, with each tenant’s resources isolated into buckets for better security
  • Greater linear scaling of network resources to support higher traffic levels
  • Optimized network traffic by performing local dynamic handshake control protocol (DHCP) and metadata services on each OpenStack hypervisor, instead of running central network nodes
  • Support for multiple workloads types (DMZ and internal) on the same OpenStack environment through ACI policy enforcement
  • Ability to extend ACI capabilities to the use of OpenShift for hosted containers

Benefits of an internal cloud service

With the Cisco IT internal cloud service, our application developers receive many of the same benefits offered by external cloud providers, including:

  • Budget charges based on actual resource usage along with transparent billing
  • Private-cloud option for applications as part of their multicloud footprint
  • Infrastructure resources that can be scaled on-demand
  • Availability of IT support and management for the virtual machines used by application teams
  • Service-level objectives (SLOs) and robust change management processes for high levels of cloud service delivery

With the goal of giving developers more self-service capabilities, we now require fewer approvals for requests to activate infrastructure resources and deliver an overall experience that is 10-20 times faster than before. Additionally, more of the infrastructure can be provisioned automatically with a 99 percent success rate, which saves time and work for IT staff.

For More Information