Cloud & Virtual Services

Question 1
What is Cisco Network Virtualization Architecture ?

Answer 
The concept of virtualization is not new and has been employed since the days of mainframe computers. It has been widely deployed as part of data center network designs and is seeing increasing adoption in campus networks. Network services virtualization within the campus helps IT focus on providing a unique set of policies to different network segments without having to deploy dedicated service nodes.

Question 2
Explain three components of Network virtualization architecture ?

Answer 

• Network access control and segmentation of classes of users: Users are authenticated and either allowed or denied into a logical partition. Users are segmented into employees, contractors and consultants, and guests, with respective access to IT assets. This component identifies users who are authorised to access the network and then places them into the appropriate logical partition. 
• Path isolation: Network isolation is preserved across the entire enterprise: from the edge to the campus to the WAN and back again. This component maintains traffic partitioned over a routed infrastructure and transports traffic over and between isolated partitions. The function of mapping isolated paths to VLANs and to virtual services is also performed in component.
• Network Services virtualization: This component provides access to shared or dedicated network services such as security, quality of service (QoS), and address management (Dynamic Host Configuration Protocol [DHCP] and Domain Name System [DNS]). It also applies policy per partition and isolates application environments, if required. 

Question 3

What Is Network Services Virtualization? 

Answer

Network services virtualization is a critical building block in network virtualization. Although all the building blocks can be deployed in isolation, network services virtualization is an excellent strategy for consolidating multiple appliances into one, simplifying network operations and reducing overall acquisition cost. Network services virtualization virtualizes a network service node such as a firewall module, for example, by partitioning the available hardware resources among different virtual firewalls. The service virtualization provides independent instances of name space, configuration, inspection engines, and other resources within each instance. Network services virtualization negates the need to acquire separate devices every time the network service is required by using the software instance on the same physical hardware. Some implementations such as the Cisco Catalyst® 6500 Series Firewall Services Module (FWSM) can support nearly 250 separate virtual firewall instances. 

Question 4

What are the benefits in this Network Services Virtualization ? Explain in short notes.

Answer

(a) Efficient utilization: Acquisition cost is reduced as network services delivery is removed from a physical device to a virtual context, extending its access without the need to deploy specialized hardware for every instance of the network service that is required. From an expense-management perspective, users see: 

i. Reduced total cost of ownership (TCO) and increased return on investment (ROI) through improved asset utilization, achieved by enabling additional capabilities within existing infrastructure 

ii. Pay-as-you-grow licensing model for the virtualized service, giving the end user greater flexibility in deploying the right number of virtual instances; further, it is easy to scale to a greater number of instances if future needs increase.

(b) Green: Reduced power consumption is achieved by consolidating multiple service instances into a single physical device without requiring deployment of dedicated hardware for each instance. Eliminating the need for additional physical devices effectively removes the need for additional power supplies, cooling, and rack space that would otherwise have been required. 

(c) Manageability: Virtual service instances offer simplified provisioning. To enable a particular service within existing siloed infrastructure requires addition of network infrastructure equipment and changes to network cabling. With the network service virtualization approach, a virtual service node instance can be created on the same physical infrastructure without the need for additional network cabling. The management interface becomes more flexible as many network service instances can be managed as one, or each instance can have its own, separate management interface. 

(d) Regulatory compliance: Compliance with regulations such as Health Insurance Portability and Accountability Act (HIPAA), Office of the Controller of the Currency (OCC) rules, and Sarbanes-Oxley require customers to segment their network services on a group basis. This segmentation of network services helps ensure that the security, QoS, and traffic path manipulation of one group is different from the other groups within the enterprise. 

Question 5

What will be the platforms available in this Network Services Virtualization in Cisco Catalyst 6500 ? 

Answer

Network Services Virtualization – Cisco Catalyst 6500 Virtualized network services available on the Cisco Catalyst 6500 series platform include: 

1. Network security virtualization through multicontext virtual firewall contexts, also called security contexts: Each security context is an independent firewall with its own security policy, interfaces, and administrators. The overall system resources within a single physical firewall can be administrated separated for other contexts. This system resource administration is required to make sure that no context inadvertently affects another context.

2.Virtual Route Forwarding (VRF) network services: VRF-aware network services include: 

i. VRF-Aware Address anagement services; VRF-aware DHCP helps enable pervasive DHCP policies for groups of geographically dispersed users. 

ii. Optimized traffic redirection using VRF-aware Policy-Based Routing (PBR) and PBR-set VRF ◦ Facilitating operational manageability with VRF-aware syslog and VRF Aware Telnet. , facilitating operational manageability.

Question 6

What are the 3 cloud supporting services cloud providers provide to customers ?

Answer

+ SaaS (Software as a Service): SaaS uses the web to deliver applications that are managed by a third-party vendor and whose interface is accessed on the clients’ side. Most SaaS applications can be run directly from a web browser without any downloads or installations required, although some require plugins.
+ PaaS (Platform as a Service): are used for applications, and other development, while providing cloud components to software. What developers gain with PaaS is a framework they can build upon to develop or customize applications. PaaS makes the development, testing, and deployment of applications quick, simple, and cost-effective. With this technology, enterprise operations, or a third-party provider, can manage OSes, virtualization, servers, storage, networking, and the PaaS software itself. Developers, however, manage the applications.
+ IaaS (Infrastructure as a Service): self-service models for accessing, monitoring, and managing remote datacenter infrastructures, such as compute (virtualized or bare metal), storage, networking, and networking services (e.g. firewalls). Instead of having to purchase hardware outright, users can purchase IaaS based on consumption, similar to electricity or other utility billing.