云優先企業的自動化和編排策略.pdf

《云優先企業的自動化和編排策略.pdf》由會員分享，可在線閱讀，更多相關《云優先企業的自動化和編排策略.pdf（68頁珍藏版）》請在三個皮匠報告上搜索。

1、#CiscoLive#CiscoLiveDave Malik,Cisco Fellow,CTO&Chief ArchitectCustomer Experience(CX)Americasdmalik2BRKCLD-1444Automation&Orchestration Strategies for the Cloud-First Enterprise 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveEnter your personal notes hereCisco Webex App

2、Questions?Use Cisco Webex App to chat with the speaker after the sessionFind this session in the Cisco Live Mobile AppClick“Join the Discussion”Install the Webex App or go directly to the Webex spaceEnter messages/questions in the Webex spaceHowWebex spaces will be moderated by the speaker until Jun

3、e 9,2023.1234https:/ 2023 Cisco and/or its affiliates.All rights reserved.Cisco PublicBRKCLD-14443Agenda 2023 Cisco and/or its affiliates.All rights reserved.Cisco PublicIndustry LandscapeAutomation&Orchestration BaseliningMulti-cloud NetworkingSASEData Center/Cloud OrchestrationCloud SecurityFull S

4、tack Observability Key TakeawaysBRKCLD-14444 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveDigital ExperiencesAutomation&OrchestrationInternet as primary connectivityHybrid CloudOperations IntelligenceRising expectations demand a paradigm shiftLead with Cloud Principlest

5、oDevelop CONTROL POINTS 2023 Cisco and/or its affiliates.All rights reserved.Cisco PublicIdentity and Zero TrustBRKCLD-14445 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveService as CodeE2E Automation&OrchestrationLeverage programmable infrastructure to automate and orch

6、estrate service intent to provide optimized application experiencesObservabilityVisibility&InsightsInfrastructure and application stack real-time intelligence to enable self-optimizing actionsContinuous XCI/CD/CTIntegrated lifecycle management with automated testingAppsInfraCI -Continuous Integratio

7、nCD-Continuous DeliveryCT-Continuous TestingSECURITYFoundational Components of ANY ArchitectureAPI as the Primary InterfaceBRKCLD-14446 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveAutomation/OrchestrationAutomationThe ability to perform individual,repetitive tasks.“I n

8、eed to deploy new services quicker;customer demand is drowning me.”“I have repetitive tasks we are doing manually I need to free up people to do other value-added work”“I need to capture intent which can be converted into IP leveraging automated workflows.”“I have to minimize operational risk”Why do

9、 customers want to orchestrate?Why do customers want to orchestrate?OrchestrationThe arrangement and coordination of automated and non-automated tasks,ultimately resulting in a consolidated business/IT process or workflow.“I want to integrate my systems together to achieve an end-to-end workflow tha

10、t reflects our service life-cycle request,implementation,sustainment,modification,decommissioning.”“Vendors offer many management tools some do provisioning of services,others do monitoring why cant they be integrated together as a solution?”Why do customers want to automate?Why do customers want to

11、 automate?BRKCLD-14447 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveWorkflow and Process AutomationWorkflowsWorkflowsWorkflowsWorkflowsSample Workflow 2022 Cisco and/or its affiliates.All rights reserved.Cisco PublicBRKCLD-14448 2023 Cisco and/or its affiliates.All righ

12、ts reserved.Cisco Public#CiscoLiveBusiness Process AutomationWorkflow Workflow Task SequencingTask SequencingIntegrationsIntegrationsUse case Use case automationautomationSingle Pane of Single Pane of GlassGlassBRKCLD-14449Hybrid Cloud Networking 2023 Cisco and/or its affiliates.All rights reserved.

13、Cisco Public#CiscoLivePublic cloudPublic cloudSaaSMobile UsersPrivate DCPrivateDCEnterpriseUsersBranch/Campus/Edgeregional|global networkglobal networkglobal networklocalfabricHybrid Cloud architectures require a more INTEGRATED approachConnectivityConsistent IntentThe need forConsistent IntentHybri

14、d Cloud Networking EssentialslocalfabricBRKCLD-144411 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLivegermany1221SDWAN Multi-Controller Deployments with RBACvManageBPAOrchestration and AutomationApplicationsSite ID Range1222spain2221Site ID Range2222Country ResourcesResour

15、ce Groupstemplatespoliciessite idRegional ControllerControllers,Users and Groupsusa121vManageSite ID Range122canada221Site ID Range222Site IdentifiersWAN Edge DevicesBusiness Process Automation LDAP/ADDevice ActivationGolden Config TemplateOS UpgradeGlobal and Market VarianceWorkflow ManagerBRKCLD-1

16、44412 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveBranch Activation Automation FlowTransportWAN EdgeBranch SWMultiple instancesMultiple instances12Migrate configuration to TemplatesImport Device-,Feature Templates and WAN devicesAttach Template to WAN Device in region

17、instanceMigrate configuration to template or intend service(SDA)Discover LAN deviceAssign Site and provision template/SDACustomer DatabaseBring Up WANcEdge(s)Bring Up LANvManageDNA CenterActivate WirelessWLC,AP Onboarding,SSIDAPBRKCLD-144413 2023 Cisco and/or its affiliates.All rights reserved.Cisco

18、 Public#CiscoLiveExtend SDWAN into the Public CloudAutomated provisioning of SDWAN Transit VPC and TGW,route exchange for site to cloud and site to site traffic over AWS backboneFull Visibility into inter-regional transit traffic and telemetry with TGW Network ManagerConsistent Policy and Segmentati

19、on across branch and cloud for enterprise class securityEnhanced end-to-end visibilityBranch siteAWS Transit GatewayCisco SDWANCisco SDWANIPsec VPNIPsec VPNAWS VPCAWS VPCAWS VPCCisco SDWAN FabricCisco vManageAWS TGW Network ManagerWAN/Event TelemetryBranch Site DataBRKCLD-144414 2023 Cisco and/or it

20、s affiliates.All rights reserved.Cisco Public#CiscoLiveCloud OnRamp Automation Seamless Access to ANY CloudAWS VPCVPC AttachmentINETMPLSSDWANTGWVPN Attachment to TGWStandard IPSec+BGPFrom Service VPNSingle UI vManage Workflow:1.have two CSR ready2.define AWS Account3.discover host VPCs4.tag host VPC

21、s as needed5.enter TGW details6.deploy and verifyvManage will do the following:1.Bring up Transit VPC with two CSR running SDWAN image2.Create TGW3.Connect TGW and CSR4.Connect host VPCsDirect ConnectVGWCisco CSRTransit VPCIGWCisco CSRAWS VPCBRKCLD-144415 2023 Cisco and/or its affiliates.All rights

22、reserved.Cisco Public#CiscoLiveAlternative to SDWAN extension into cloud:Standard IPsec from Branch to AWSCustomer BenefitsNetwork Automation from branch to AWS Cloud via Cloud OnRampCisco WAN Edge router for mutlicloudnetworking with programmatic APIsSolution OverviewManagement Plane Integration be

23、tween vManage and TGW-NM ServicevManage shares branch device data with TGW-NM using APIs callsvManage orchestrates branch site router to Transit Gateway(TGW)connectionIPsec VPNCisco WAN Edge RouterAWS Transit Gateway(TGW)Branch Site DataBranch Site DataManagement Plane IntegrationNetops UserNetops U

24、servManagevManageUSUS-WestWest-2 2AWS TGWEUEU-WestWest-1 1AWS TGWAWS Global BackboneEU Branch SiteEU Branch SiteEU DCEU DCUS Branch SiteUS Branch SiteUS DCUS DCAWS Direct Connect SDWANSDWANSDWANSDWANData Plane IntegrationAWS TGW Network AWS TGW Network ManagerManagerAWS VPCAWS VPCAWS VPCAWS VPCBRKCL

25、D-144416 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveOn-Prem Data CenterPublic Cloud Data CenterUser VPC 2 or VNet 2 instancesCloud gateway Cloud gateway User VPC 1 or VNet 1 instancesNative Cloud Router ModeUser VPC 2 or VNet 2 instancesCloud gateway Cloud gateway Use

26、r VPC 1 or VNet 1 instancesOverlay Cisco Router ModePublic Cloud Data CenterIP Network(BGP and IPsec)Overlay Network(VXLAN and IPsec)Cisco Cloud RouterNative Cloud RouterCisco Nexus Dashboard(Orchestrator)Hybrid Cloud Networking Deployment ModelSeparating Connectivity from Security PoliciesCisco Rou

27、ter or Native Cloud Router OptionTwo Different Cloud Integration ModesBRKCLD-144417 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveASN:65091TGWus-west-1NDFCCloud Network ControllerASN:65084ASN:65080Leaf1Leaf2VXLAN fabricExternal fabricInfra VNetASN:65092Cloud Network Cont

28、rollerOrchestratorTGW ConnectNLB172.16.10.0/24East USInfra VPCBuilding Hybrid Cloud ConnectivityBuilding UnderlayC8KVBorder Gateway SpineBRKCLD-144418 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveASN:65091TGWus-west-1NDFCCloud Network ControllerASN:65084ASN:65080Leaf1Le

29、af2VXLAN fabricExternal fabricInfra VNetCloud Network ControllerOrchestratorTGW ConnectNLB172.16.10.0/24East USInfra VPCBuilding Hybrid Cloud ConnectivityProvision On-Prem to Cloud&Cloud to Cloud ConnectivityASN:65092C8KVBorder Gateway SpineBRKCLD-144419SASE 2023 Cisco and/or its affiliates.All righ

30、ts reserved.Cisco Public#CiscoLiveCloud Experiences are driving major architecture shiftsUsers,devices,and apps are everywhereRemote usersPersonal and mobile devicesIoT devicesHybrid infrastructureCloud infrastructureCloud applicationsEvolvingperimeterBRKCLD-144421 2023 Cisco and/or its affiliates.A

31、ll rights reserved.Cisco Public#CiscoLiveCisco+Secure ConnectBranchesSDWANTraffic AcquisitionSecure Connect FabricRemote Access ConnectorInternet/SaaSIPsec/AutoVPNBGPBranchBranchBranchRemote UserUS West(DC2)SASE Inter-ConnectBranchArchitecture:Cloud Traffic AcquisitionUS-West(DC1)Cloud Security Serv

32、ices 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveSecure Connect Public API Early Access23BRKCLD-1444*CRUD*CRUD Create,Read,Update,and Delete*R*R Read(only)API End PointDescriptionOfficial DocumentationExample Use-CasesExample CodeprivateApplicationsManage Secure Connec

33、t Private Applications via API(CRUD support*)API Reference Bulk creation and modification Reports NotificationsBulk creation of Private Applications using a CSV fileprivateApplicationGroupsManage Secure Connect Private Applications Groups via API(CRUD support*)WIP Bulk creation and modification Repo

34、rts NotificationsWIPremoteAccessLogDisplay a valuable set of records about remote access connections made to a network or specific devices within it via API(RO support*)API Reference Data Analytics Reports Smart AlertsFetch and analyze Remote Access Logs and generates statistics for selected columns

35、 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveCisco Umbrella Choose per siteFlexible security optionsAutomated SD-WAN fabric integration Competitive differentiatorMeraki MX and Umbrella integration optionsOption I Meraki dashboard and user interface simplify tunnel crea

36、tion Option IIAuto VPN extends Merakis SD-WAN fabric into the Umbrella cloud Internet/SaaSSIG e.g.critical traffic MX IPS/AMP DNS Proxy e.g.guest traffic Internet/SaaSSIG e.g.critical traffic MX IPS/AMP DNS Proxy e.g.guest traffic SD-WAN fabricMeraki Umbrella SD-WAN Connector Cisco Umbrella SD-WAN f

37、abric integration IPSEC tunnel connectivity 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveCisco SDWAN integrated with UmbrellaCisco SDWAN+UmbrellaCisco SDWANDNS-layer securitySecure Web GatewayCloud-delivered firewallCloud-delivered security broker(CASB)Interactive threa

38、t intelAutomationAutomation:Deploy cloud security and connectivity across thousands of branches in minutes Instant protectionInstant protection:defend against threats at the branch with leading real-time threat intelligenceCentralized managementCentralized management:Single pane of glass across all

39、offices and usersDevOpsDevOps:Integrate into popular toolsBRKCLD-144425 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveAuto-Registration to Cisco Umbrella with SDWAN EdgeBased on Smart Account credentials on both Umbrella and SDWANRegistration of Edge Devices to Umbrella

40、is done automaticallySecure API key is automatically provisioned on the Edge Device through HTTPS sessionNo need to add manual API keysUMBRELLA Edge DeviceHTTPS sessionBRKCLD-144426 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveCisco SDWAN InterconnectRemote Access Users

41、 connecting to Private Applications behind Viptela FabricViptela FabricBranchBranchBranchViptela Branch SitesvManageGlobal InterconnectSecure Connect DashboardMFADevice postureand healthSecure web gatewayCloud-access security broker(CASB)CD L3/4/7 firewallDNS securityHub SiteIPsecDTLSAnyConnect BRKC

42、LD-144427 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveSDCI DetailSoftware Defined Cloud Interconnect(SDCI)Embedded Automation:Embedded Automation:Hosted SDWAN service at SDCI datacentersRegional Aggregation to Cloud and SaaSProvisioning of all Cloud direct connections

43、in vManageSingle portal for service creationUse Cases:Use Cases:Site-to-SiteSite-to-CloudBackbone-on-DemandEnterprise site Enterprise site Enterprise site Internet Backup Path=Cisco SD-WAN on-premises router=Cisco SD-WAN virtual router hosted at mid-mile providers colocation/PoPBRKCLD-144428 2023 Ci

44、sco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveSecure Connect Cloud OverviewEnables Auto VPN connectivity with Meraki SDWAN and IPSEC connectivity for private access with Cisco SDWAN.Dynamically handles bandwidth per Meraki SDWAN network integrating with Cisco+Secure ConnectStre

45、amlined region based SDWAN fabric integration.Organizations can connect to their closet cloud regionsEliminates the need for scaling horizontally deploying additional CloudHubs/Connectors.Decreases the need for large configuration templates.Supports both RFC 1918 and Public IPs for private accessBRK

46、CLD-144429Data Center and Cloud Orchestration 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveCross-domainorchestration with workflow designerSimple drag-and-drop workflow authoringCustomizable TemplatesCreate your own custom automation and integration tasksAccelerate hybr

47、id IT delivery with an extensive library of ready-to-use tasks and workflowsBRKCLD-144431Out of the Box 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveOrchestrating Kubernetes Clusters DeploymentSimplified workflows for K8s cluster managementAutomate tasks Orchestration o

48、f complex worklflows and accessible via Intersight APIsIntegration with DevOps tools for release management methodologiesBRKCLD-144432 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveIntersight Infrastructure Automation with TerraformCreate moduleCreate Terraform execution

49、 planValidation in IntersightBRKCLD-144433 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveHybrid Cloud with automation and app insightsCommon automation and DevOps tools used to safely and efficiently provision and manage service lifecycle with proper release managementMu

50、lticloud compliance and management to securely provision any workflow to any cloud with workload optimizationOn-demand elastic infrastructure provisioned through portal and/or APIs for self-service business requirementsInfrastructure as codeInfrastructure as codeGovernance and complianceGovernance a

51、nd compliancePersonalized service Personalized service Observability frameworkObservability frameworkCorrelation of deep application insights to infrastructure impact to drive proactive remediation by leveraging event-driven actionsNETWORK NETWORK BRKCLD-144434SECURITYSECURITYSegmentationSegmentatio

52、nApplicationcomponentsApplicationgroupsApplicationzonesApp groupDB groupWeb groupDev zoneTest zoneProd zoneSales appsHR apps 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveHybrid Cloud Workload OrchestrationUserPrivate CloudPrivate CloudAWS workloadFormsTemplatesScriptsCo

53、llaboration of DevOps ToolsCollaboration of DevOps Tools123456Request for resource1Pull scripts from Git2Process Payloads3Invokes Terraform scripts and Ansible playbook4Provision resource5Deploy656VMware workloadBRKCLD-144435Cloud Security 2023 Cisco and/or its affiliates.All rights reserved.Cisco P

54、ublic#CiscoLiveOrchestrate policy to other enforcement pointsKafka brokerNorthbound consumersNorthbound consumersMessage publishPublish normalized micro-segmentation policy over the Kafka interfaceUpdates to the policy are also sent through the same interface in real-timeNorthbound systems can consu

55、me this policy and render it in other infrastructure elements such as:Firewall orchestration platformsLoad balancers(F5/Citrix)Secure WorkloadKafkaBRKCLD-144437 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveXDR-Orchestration Workflow SequenceThe orchestration engine runs

56、 workflows to execute atomics on the target systems,which returns results and statusstatus,then the next step in the workflow begins.Atomic:Atomic:REST call,Run terminal,Send email etc.Target System:Target System:The host/endpoint that executes an activityExecute until last activity in a workflowOrc

57、hestration engineAtomicsTarget SystemInvokeRun Activity on this TargetResultsUpdate StatusEnd End workflowworkflowTimeTime12nClientClientTriggersTriggersStart Start workflowworkflowResultsInvokeUpdate StatusResponseOrchestration UISchedulesEmail eventsWebhookRun Activity on this TargetBRKCLD-144439

58、2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveActivity GroupAtomic Action(Activity)Drag n Drop UILogical ConstructsDetails PaneValidate&SaveRun&AuditVariablesCreates Atomic ActionDrag n Drop UITags Workflow“Stacked Activities”indicates Atomic Action XDR Orchestration Can

59、vas for Developing WorkflowsBRKCLD-144440 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveSecure Cloud Analytics with Auto-RemediationRemediation Workflow Mitigation of unauthorized access to EC2 instances on AWSGeographically Unusual Remote Access AlertSecure Cloud Analyt

60、ics and AWSIntegration Workflow Create Forensic Incident Investigation Casebooks with XDR(SecureX)and Network Detection and Response(NDR)dataAMP and Secure Cloud Analytics BRKCLD-144441 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveTrust Analytics for Continuous Trusted

61、AccessContinuous evaluation of endpoint security posture3 3Trust ScoreSecure authentication and Posture Impersonation attacksLow reputation IP ConnectionsVulnerability/Threat Metrics Continuously monitor anomalies and threats Evaluate Trustworthiness and restrict accessUnauthorized ports and weak cr

62、edentialsBRKCLD-144442 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveCisco Secure Cloud Native for DevSecOpsNaming and User IdentityNetwork-based securityContainer securityIn-app securityApplication and API NetworkingNetwork-based insightsAPI reputation&securityServerles

63、s securityAppSec in CI/CDApplication and Service IdentityAPI-data securityObservability&InsightsDevSecOps toolingSecurity for various infrastructure ways of building an app using traditional monolithic methods to cloud native cloud native methodsIntegration of security insights into the CI/CD pipeli

64、nesCI/CD pipelinesAPI-layer scoring,reputation and security,across any cloud and internally consumable APIsAPIsSecurity insights Security insights at the App and API layerControl CenterElements of data security related to APIAPI-APIAPI and APIAPI-Data Data accessesaccesses,Tokenization,and dependenc

65、y graph visualizationIdentity for Applications and Services and associate with user identity and policiesidentity and policiesBRKCLD-144443Observability 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveOptimize application experiencesTurn insights into action with Full-Stac

66、k ObservabilityBRKCLD-144445 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveApplication Performance OptimizationIntersight and AppDynamics Integration IntersightIntersight Workload Optimizer Workload Optimizer(IWO)provides the application specific supply chain view based

67、on the data provided by AppDynamics AppDynamics AppDynamics adds Business Application,Business Transaction,Service,Application Component,and Database entities to the IWO supply chain IWOIWO recommends actions to improve application performance(e.g.suspend/provision VMs)IWO builds Application Supply

68、ChainIWO recommended ActionsBRKCLD-144446 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveThousandEyes+AppDynamics IntegrationAlertsAlertsDashboardsDashboardsSnapshotsSnapshotsCorrelated DataCorrelated DataPublish ThousandEyesAlerts to AppDynamicsEmbed ThousandEyeswidgets

69、on AppDynamics dashboardsTrigger ThousandEyessnapshots from AppDynamics alert policies Make AppDynamics aware of ThousandEyestraffic for correlation BRKCLD-144447 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveAIOps:Predictive Path Recommendations Ingest Telemetry:Collect

70、 network telemetry thru vAnalytics123Data Analysis:Predictive modeling to forecast issues&make path recommendationsFeedback Loop:Fine-tune SD-WAN policies to make path changes to improve App experienceRecommends the path to switch toCurrent&Recommended Path QualityEstimated%GainForecast issues and m

71、ake policy recommendationsTransforming IT operations from a reactive to a predictive modelCiscoSD-WAN123vManagevAnalyticsBRKCLD-144448 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveEstablish a perpetual optimization cycle Avoid issues before impacting usersPredictive Pat

72、h RecommendationsWith Closed-Loop automationCisco Predictive NetworkCisco Predictive NetworkvAnalyticsThousandEyesThousandEyesMigrate to a predictive operating modelUsersCatalyst SDCatalyst SD-WANWANRecommendForecast issuesModelingIngest dataTelemetryvManageAutomateWAN InsightsSaaS/IaaSSDWAN fabricC

73、ampus/BranchDC/Private cloudSimplify operations with Simplify operations with closedclosed-loop automation*loop automation*Apply or Revert recommendation through simple click actionsAutomation available for Applications defined through Application-aware Routing(AAR)policy.(Not available for Out-of-t

74、he-box Apps with no equivalent entries in AAR policy).ConsiderationsConsiderationsManual edits to PPR-controlled policy will revert all recommendations.Closed-loop automation is currently available only when recommended path is a tunnel-bound path 2023 Cisco and/or its affiliates.All rights reserved

75、.Cisco Public#CiscoLiveClosed-Loop Integrated Actionable AlertingPublish ThousandEyes Alerts to AppDynamics dashboards Trigger ThousandEyes snapshots to capture incident and allow data sharing across teamsBRKCLD-144450 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveApplic

76、ation and Infrastructure Event CorrelationWAN/Internet InsightsApplication InsightsBRKCLD-144451 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveDev and DevOps teamsInfra and OpsEdgeIntegrate with DevOps to accelerate application deliveryAPI as the Leading InterfaceIntersi

77、ght and Terraform Cloud provide end-to-end,cross domain coverage for the management,orchestration and consumption of your private and public cloud environments Intersight is a next-generation,hybrid cloud operations platform that visualizes,optimizes,and automates applications and infrastructureAcce

78、lerate CI/CD processes and extend infrastructure as code(IaC)workflows by integrating Intersight into your DevOps toolchainsBRKCLD-144452Data centerC I S C O I N T E R S I G H TPublic CloudColo 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveManagementUser EnvironmentInter

79、netClientAir-Gapped EnvironmentCiscoCiscoBPABPACiscoCiscoMatrixMatrix Configuration management(Device/App)GitLab Any Code GitLab Image packaging(Platform+NED+SP)Jenkins Pipeline Compliance Automate checks on open CVE(s)in package raises flag to take action Monitoring and Alerting Nagios,Prometheus,G

80、rafana Vulnerability Management Scanning of container images in registries and serversDevSecOps Pipelines for Service Release ManagementAccelerate Infrastructure LifecycleBRKCLD-144453 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveUserUserIntroduceChangeChangeChangeManag

81、ementManagementVersion Control SystemVersion Control SystemTemplates+ScriptsTriggerPipelineTest AutomationTest AutomationSA ScanSec ScanSecurityAnalysisSource Of TruthSource Of TruthDynamic InventoryTrigger BackupTrigger UpgradeScripts/Playbooks/JobsExecuteUSD ToolFetchSoftwareCI/CD EngineCI/CD Engi

82、neExecuteArtifact Repository ManagerArtifact Repository ManagerDeploy SoftwarePipelineExecutionRun pre/post Test CasesPerform prechecks,post-checks,&change validation checksPublishArtifactsArtifactRepositoriesAutomated Pipeline for Device Software UpgradeExampleBRKCLD-144454 2023 Cisco and/or its af

83、filiates.All rights reserved.Cisco Public#CiscoLiveUserUserIntroduceChangeVersion Control SystemVersion Control SystemTemplates+ScriptsTriggerPipelineTest AutomationTest AutomationSA Scan Sec ScanSecurityAnalysisApply Config(netconf)GenerateConfigCI/CD EngineCI/CD EngineExecuteArtifact Repository Ar

84、tifact Repository ManagerManagerPipelineExecutionRun Validation Test CasesPerform pre-checks,post-checks,&change validation checksPublishArtifactsArtifactRepositoriesPipeline for Configuration DeploymentExampleBuildBRKCLD-144455 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#Cisco

85、LiveConfig Change Pipeline AutomationBRKCLD-144456 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveService Release Management FlowExampleBuildLab deployment and TestingReleaseProduction Deployment and TestingDEVPull RequestVariable file for configAnsible or Terraform Scrip

86、tPipeline Deploymentbuildspec.ymlapp:repo:sdwanIactag:5.6.3 Login CredentialsDeploy InfraUpdate ConfigOn prem DatacenterDeploy InfraUpdate ConfigDEVTag for releasingVariable file for configAnsible or Terraform ScriptAdd release metadatabuildspec.ymlapp:repo:sdwanIactag:5.6.3-5.6.4 Login CredentialsD

87、eploy InfraUpdate ConfigOn-prem DatacenterDeploy InfraUpdate ConfigDevOpsNotificationMessageNotificationMessageBRKCLD-144457 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveService ReleaseService ReleaseVersionVersionDescriptionDescriptionBranch activation1.0.Wired network

88、,security,Wi-FiSegmentation for Finance group1.1Create Finance segment from Campus SD-WAN Data Center-CloudAWS Cloud Connectivity2.0Data Center-SD-WAN-AWS landing zone,ThousandEyesWeb-tier migration to AWS2.1Install/configure load balancer,firewall,AppD agentService as Code-Release ManagementBranch

89、ActivationSoftware ComplianceSegmentationHybrid Cloud ConnectivityApp MigrationSecure WorkloadUse CasesUse CasesService CatalogService CatalogIntake form,Configurations,Templates,Packages Pipeline runner and Security analyzerTriggers PipelineCode Software Composition Analysis Static AnalysisBuild Co

90、mpile parameterized templates Software audit(SBOM)Create ArtifactsOrchestrate Blueprint for Cross Domain SegmentationTest Dynamic Testing Simulated TestingDeployConfig applied and verified on Controllers.Web PortalChatOpsOrchestration EngineExample:Orchestration Pipeline Orchestration Pipeline Autom

91、ated Testing58 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveLets Have a Conversation!BRKCLD-144459ZeusZeusChatbotCollaboration AppInfrastructureInfrastructure 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveSite Reliability EngineeringMeeting

92、SLOMeeting SLOSignalingSignalingAlertingAlertingObservabilityObservabilityFormulate workflowFormulate workflowCodify as neededCodify as neededRun AutomationRun AutomationTest/Verify solution Test/Verify solution BRKCLD-144460 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiv

93、eIncident Management1Ticketing System2Issue Postmortem4Automation backlog5Create Automation workflows and operationalize6Remediation3Incident Remediation Codify to Improve Resilience61 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveIncident Remediation Codify to Improve R

94、esilienceExampleIssue identification VNF performance degradation1Ticket Opened2Incident management team Identifies the issues and constructs Root Cause Analysis 4User story for automation pushed to development backlog5Automation team identifies packet drop metric for linksCondition to trigger for sw

95、itch overAutomation for executing the switchoverConduct post-checks and push the changes to respective systems6Remediation382%60%30%SLOSLOLatencyLatencyErrorsErrorsOut of Error BudgetOut of Error Budget99%1%1%SLOSLOLatencyLatencyErrorsErrorsWithin Error BudgetWithin Error BudgetBRKCLD-1444BRKCLD-144

96、462Key Takeaways 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveKey TakeawaysAutomation&Orchestration establish control points Cloud-First MindsetSpeed with SafetyFull-Stack ObservabilityNetwork intelligence enables visibility and insights for actionDevSecOps and CloudOps

97、 practices are embedded in service deliveryBRKCLD-144464 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveFill out your session surveys!Attendees who fill out a minimum of four session surveys and the overall event survey will get Cisco Live-branded socks(while supplies las

98、t)!65BRKCLD-1444These points help you get on the leaderboard and increase your chances of winning daily and grand prizesAttendees will also earn 100 points in the Cisco Live Challenge for every survey completed.2023 Cisco and/or its affiliates.All rights reserved.Cisco PublicContinue your educationV

99、isit the Cisco Showcase for related demosBook your one-on-oneMeet the Engineer meetingAttend the interactive education with DevNet,Capture the Flag,and Walk-in LabsVisit the On-Demand Library for more sessions at www.CiscoL you#CiscoLive#CiscoLive 2023 Cisco and/or its affiliates.All rights reserved

100、.Cisco Public#CiscoLive69Gamify your Cisco Live experience!Get points Get points for attending this session!for attending this session!Open the Cisco Events App.Click on Cisco Live Challenge in the side menu.Click on View Your Badges at the top.Click the+at the bottom of the screen and scan the QR code:How:123469 2023 Cisco and/or its affiliates.All rights reserved.Cisco PublicBRKCLD-1444