Reference Architecture

Cisco Hybrid Cloud Solution:

Deploy an E-Business Application with
Cisco Intercloud Fabric for Business Reference
Architecture

© 2015 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 1 of 13
 Contents
What You Will Learn ........................................................................................... 3
Audience.............................................................................................................. 3
Introduction ......................................................................................................... 3
Cisco Intercloud Fabric Overview ..................................................................... 4
Intercloud Fabric Director ................................................................................. 4
Cisco Prime Network Services Controller ........................................................ 5
Secure Cloud Extension .................................................................................. 5
Intercloud Fabric Extender ............................................................................... 5
Intercloud Fabric Switch ................................................................................... 5
Intercloud Fabric Agent .................................................................................... 6
E-Business Application Overview ..................................................................... 6
System Components .......................................................................................... 7
Application Deployment and Cisco Intercloud Fabric Architecture ............... 8
Design Requirements ...................................................................................... 8
Network Design ................................................................................................... 9
Application Deployment Across Hybrid Cloud .............................................. 11
Application-Tier Deployment .......................................................................... 11
Creating a Virtual Machine Template in the Cloud ......................................... 11
Migrating the Virtual Machine to the Cloud .................................................... 12
Application Operation ..................................................................................... 12
Conclusion ........................................................................................................ 13
For More Information ........................................................................................ 13

Figures
Figure 1. Cisco Intercloud Fabric Architecture ............................................... 4
Figure 2. osCommerce Sample Website ......................................................... 7
Figure 3. osCommerce Deployment Overview ............................................... 8
Figure 4. Application Network Design ............................................................. 9
Figure 5. Cisco Intercloud Fabric Data Center Network Configuration ...... 10
Figure 6. Application Deployment Across Hybrid Cloud ............................. 11
Figure 7. Cisco Intercloud Fabric Director Cloud Virtual Machine
Catalog Item .................................................................................... 12

Tables
Table 1. Firewall Ports for Cisco Intercoud Fabric Communication ........... 10

© 2015 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 2 of 13
 What You Will Learn
This document describes the architecture and design details for deploying and scaling an e-business application
using Cisco Intercloud Fabric™ for Business. With Cisco Intercloud Fabric for Business, you can extend your data
center or private cloud to the public cloud, allowing you to acquire the additional capacity you need with no border
between your internal cloud and the external cloud. This document discusses deployment of an open-source
reference application, osCommerce, in a VMware-based internal data center and describes how to scale this
application by using resources in Amazon Web Services (AWS).

Audience
The audience for this document includes sales engineers, field consultants, professional services, IT managers,
partner engineers, and customers who want to take advantage of an infrastructure that is built to scale on demand
while maintaining consistent security and control policies.

Introduction
Industry trends indicate a growing movement among organizations to hybrid cloud designs. Organizations are
choosing these designs to acquire additional on-demand computing and storage resources, thereby eliminating the
need to build for peak capacity within their own data centers. Public clouds do not require the initial capital
investments necessary to build out a company’s own private data center. In addition, a public cloud can better
absorb a company’s need for elasticity by providing almost unlimited pay-as-you-grow expansion. Although hybrid
cloud models are conceptually and financially very attractive, customers are often reluctant to place their
applications in the public cloud, away from their own premises. When an organization deploys an application or
part of an application in the public cloud, it wants to be sure that the transition from the private data center to a
hybrid model is not only operationally feasible, but also that the company retains data access and control in the
new architecture.

Cisco Intercloud Fabric facilitates secure hybrid cloud creation, helping enable customers to scale applications
securely and conveniently. Using Cisco Intercloud Fabric, customers can access additional computing power while
extending their security and other control policies to the public cloud. Cisco Intercloud Fabric also allows customers
to place workloads across heterogeneous environments in multiple provider clouds.

Some of the main benefits of the Cisco Intercloud Fabric solution are:

● A single point of management and control for virtual workloads across multiple provider clouds
● A choice of cloud providers, such as AWS and Microsoft Azure, or multiple intercloud fabric provider–based
clouds
● Highly secure and scalable connectivity to extend private clouds to service provider clouds
● Enforcement of consistent network and workload policies throughout the hybrid cloud
● Workload mobility to and from service provider clouds for virtual workloads

Cisco Intercloud Fabric architecture provides the following two product configurations to address enterprise and
service provider customers:

● Cisco Intercloud Fabric for Business

● Cisco Intercloud Fabric for Providers

© 2015 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 3 of 13
 Cisco Intercloud Fabric for Business is intended for enterprise customers who want to be able to transparently
extend their private clouds to provider cloud environments. Cisco Intercloud Fabric for Providers is intended for
provider-managed cloud environments, to allow the service provider’s enterprise customers to transparently extend
their private cloud environments into the provider's cloud.

This document focuses on an enterprise customer deployment model in an e-commerce environment and therefore
discusses only Cisco Intercloud Fabric for Business.

Cisco Intercloud Fabric Overview

Cisco Intercloud Fabric is deployed as a set of virtual machines in both private and provider clouds. The Cisco
Intercloud Fabric solution consists of the following components (Figure 1):

● Cisco Intercloud Fabric virtual machine: This virtual machine contains the intercloud fabric director (ICFD)
and Cisco Prime™ Network Services Controller (NSC).
● Cisco Intercloud Fabric virtual supervisor module (VSM): This virtual machine is the management interface
for the secure cloud extension component.
● Cisco Intercloud Fabric secure cloud extension: This component contains the intercloud fabric extender
(ICX) and intercloud fabric switch (ICS).

Figure 1. Cisco Intercloud Fabric Architecture

Intercloud Fabric Director

The intercloud fabric director is the single point of management and consumption for hybrid cloud solutions for end
users as well as IT administrators. It offers a single console so that end users and IT administrators can provision
workloads and associated policies. The director also exposes northbound APIs, which allows customers to
programmatically manage their workloads in the hybrid cloud environment or integrate with other cloud
management platforms.

© 2015 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 4 of 13
 Cisco Prime Network Services Controller
Cisco Prime NSC software is a major element in many Cisco enterprise networking solutions, including Cisco
Intercloud Fabric. Through a single pane, you can automate virtual network management to make configuration
changes quickly and consistently.

Cisco Prime NSC supports greater scalability along with standardization and adherence to policies in complex
environments. In a Cisco Intercloud Fabric environment, the director communicates with Cisco Prime NSC using
the controller’s northbound API, and customers and IT staff do not need to access the controller directly for
workload creation or deployment.

Secure Cloud Extension

The secure cloud extension forms the basis for the core switching and services infrastructure in the Cisco
Intercloud Fabric solution. This extension provides the following features:

● Secure Layer 2 network extension from a private cloud to the provider cloud
● Advanced switching features for applications running in the provider cloud
● Support for services such as zone-based firewalls and routing in the provider cloud

The secure cloud extension consists of several components working together to provide these functions. The
private cloud is connected to the provider cloud through a highly secure tunnel that is established between a pair of
virtual appliances: the intercloud fabric extender and intercloud fabric switch. The extender runs in the private
cloud, and the switch runs in the provider cloud, and these appliances can be deployed in a high-availability pair to
provide redundancy. Virtual services can also be deployed in this environment to provide firewall and routing
support in the provider cloud.

Intercloud Fabric Extender

The intercloud fabric extender is a virtual machine that runs in the private cloud and provides the following
functions:

● Establishes a secure site-to-site tunnel to interconnect with the intercloud fabric switch in the provider cloud
● Interacts with the virtual switch at the private cloud

Intercloud Fabric Switch

The intercloud fabric switch is a virtual machine that runs in the provider cloud and provides the following functions:

● Establishes a secure site-to-site tunnel to interconnect with the intercloud fabric extender in the private
cloud
● Establishes secure access tunnels to connect all of the cloud virtual machines
● Monitors and reports statistics for virtual in the cloud
● Monitors and reports any component failures in the cloud

The embedded virtual Ethernet module (VEM) in the switch is responsible for the following:

● Communicates with the VSM function that runs at the private cloud to retrieve virtual machine–specific
network policies such as port profiles
● Switches the network traffic between cloud virtual machines

© 2015 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 5 of 13
 ● Switches the network traffic between cloud virtual machines and the private cloud network
● Applies network policies and collects and reports VEM-related statistics

Intercloud Fabric Agent

The intercloud fabric agent (ICA) provides the network overlay for the virtual machines in the cloud. The agent is
deployed in the provider cloud virtual machines as a secure tunnel driver.

The agent provides the following functions:

● Establishes a secure tunnel to connect cloud virtual machines to the intercloud fabric switch
● Collects secure overlay-related statistics

E-Business Application Overview

Rapid changes in e-commerce application requirements make designing a data center to meet these requirements
a challenge. Several factors influence capacity planning decisions, but the following two factors make determining
the amount of capacity needed almost impossible:

● Unpredictable seasonal increases in customer load: for example, increased load during holiday seasons
● Unexpected product successes, resulting in unforeseen increased customer demand

Although not an optimal approach, increased seasonable demand can be managed by overprovisioning the
computing and storage resources to handle the projected load spikes. Unanticipated customer demand due to
factors such as product success, however, requires the IT department to not only acquire but also configure and
deploy computing and storage resources in a very short time, making the deployment financially stressful and
potentially prone to operational errors.

Both these aspects of e-commerce make an e-business application an excellent candidate for a hybrid cloud
environment. An e-business application can be deployed on premises with adequate resources to support typical
customer demand. For occasional (seasonal or otherwise) and unexpected load spikes, one or more tiers of the
application can be deployed (or burst) in the public cloud. To make this solution operationally viable, you can use
Cisco Intercloud Fabric to provide the communication between the various application tiers.

To demonstrate the applicability of Cisco Intercloud Fabric in an e-commerce environment, an open source
application called osCommerce Online Merchant was configured and deployed across private and public clouds.
osCommerce is an open-source e-business application providing customers with the features and tools required to
setup an e-commerce site in a short time. osCommerce contains both a catalog front end and an administration
tool back end that can be installed and configured through a web-based installation procedure (Figure 2).

osCommerce Online Merchant is built with the PHP web scripting language and uses the MySQL database server
for storing data.

Although osCommerce Online Merchant can be installed on any web server with PHP installed and with access to
a database server, a typical installation includes the following:

● One CentOS server running Apache and PHP modules acting as a web front end and catalog server
● A second CentOS server running the MySQL database and used for authentication and as a data source

© 2015 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 6 of 13
 With two different server tiers, you have several options for deploying the application in a hybrid cloud environment.
The validated scenario is discussed later in this document.

Figure 2. osCommerce Sample Website

System Components
The Cisco Intercloud Fabric solution can be deployed in a wide variety of data center and cloud configurations. The
supported configurations and versions are listed in the Cisco Intercloud Fabric release notes:
http://www.cisco.com/c/en/us/td/docs/cloud-systems-management/cisco-intercloud-fabric/cisco-intercloud-fabric-
for-business/2-2-1/release-notes/b_Cisco_Intercloud_Fabric_Release_Notes_Release_2_2_1.html

This document covers validation using the following data center, cloud, and application configurations:

● Cisco Intercloud Fabric for Business Release 2.2.1

● VMware vSphere–based private cloud
◦ VMware vSphere 5.5 Update 2
◦ VMware virtual device switch (VDS)
◦ Cisco UCS® blade servers
● Amazon Web Services (AWS) as the public cloud
● osCommerse e-business application
◦ CentOS 6.4 64-bit system with Apache and PHP (front end)
◦ CentOS 6.4 64-bit system with MySQL database (back end)

Figure 3 shows the high-level design of the application deployment. In this design, the application servers are
deployed in two different network segments (VLANs). A Cisco® router (physical or virtual) provides the routing
between the two application tiers. The backend MySQL servers are deployed only on premises, and the front-end
Apache and PHP servers are deployed in both the private and public clouds. Cisco Intercloud Fabric is configured
to securely extend the front-end network segment across the two clouds.

© 2015 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 7 of 13
 Figure 3. osCommerce Deployment Overview

Application Deployment and Cisco Intercloud Fabric Architecture

This section discusses the deployment requirements and the resulting design decisions for the application
deployment.

Design Requirements
To deploy the e-business application in a hybrid cloud environment, the following design requirements were
considered crucial for a successful deployment:

● One or more application tiers should be partially or completely deployed in the public cloud.
● Application should be accessed only from the enterprise data center, and any cloud virtual machines
(deployed for increased capacity) must not be accessed directly from the public cloud.
● Data and authentication services should stay in the private data center, but should be easily accessible from
all the local and remote application virtual machines.
● Any new virtual machine in the cloud should be deployed without the need to move large amounts of data
across the cloud.
● A server running in the private data center should be easy to migrate to the cloud and back if capacity in the
private data center becomes a concern.

These application demands can be translated to following technical requirements:

● Capability to position appropriate virtual machine templates in the public cloud

● Automatic virtual machine format conversion when migrating virtual machines to and from the cloud

© 2015 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 8 of 13
 ● Secure tunneling between the private and public cloud environments
● Capability to maintain IP address and gateway settings
● Routing between various VLANs across both clouds

The following section describes a Cisco Intercloud Fabric design to support an e-business application.

Network Design
The e-business application, osCommerce, is deployed in two tiers: the front-end Apache and PHP server, and the
back-end MySQL database server. Figure 4 shows the network configuration used to deploy this application in the
private data center.

Figure 4. Application Network Design

The front-end and the back-end servers are placed in two different VLANs (101 and 103 in the example in Figure
4) to isolate the application tiers. The communication between the two tiers is enabled by routing. A firewall can
optionally be deployed to further enhance the security of the database servers.

To deploy Cisco Intercloud Fabric in this setup, an addition management VLAN (11) is used to host the
management interfaces of the fabric components, as shown in Figure 5.

© 2015 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 9 of 13
 Figure 5. Cisco Intercloud Fabric Data Center Network Configuration

This management address space in VLAN 11 is also used as the tunnel source for intercloud fabric extender, and
therefore the WAN router or firewall should be configured to apply Network Address Translation (NAT) to the
management addresses to provide a public-routable IP address.

In addition, to establish successful communication between extender and the switch, the ports listed in Table 1
should also be opened in the firewall. These ports are described in more detail in the Cisco Intercloud Fabric
release notes:
http://www.cisco.com/c/en/us/td/docs/cloud-systems-management/cisco-intercloud-fabric/cisco-intercloud-fabric-
for-business/2-2-1/release-notes/b_Cisco_Intercloud_Fabric_Release_Notes_Release_2_2_1.html -
topic_64DD9A49D03E4769B3045C7C4ED1E63A

Table 1. Firewall Ports for Cisco Intercoud Fabric Communication

Port Description
22 TCP

80 HTTP
443 HTTPS
843 Adobe Flash

6644, 6646 TCP and UDP

© 2015 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 10 of 13
 Application Deployment Across Hybrid Cloud

Application-Tier Deployment
Data and authentication servers (the MySQL back end) are configured to stay in the private data center, and
therefore the intercloud fabric extender trunk is configured to carry VLAN 101 only. The front-end Apache and PHP
server will be deployed in both the private and public clouds; hence, VLAN 101 is configured to be extended to the
public cloud. Because traffic will enter only through the private data center, the solution requires just a Layer 2
extension of VLAN 101 to the public cloud (Figure 6).

In this configuration, front-end servers deployed in the cloud will access the MySQL database server using the
Cisco Intercloud Fabric link. These cloud virtual machines will have their default gateway set to the router on the
enterprise data center, hence enabling routing between all the virtual machines. To load balance customer traffic
onto multiple front-end servers, a load balancer can also be deployed.

Note: For test purposes, a load balancer installation can be avoided by accessing the front-end server URLs
directly.

Figure 6. Application Deployment Across Hybrid Cloud

Creating a Virtual Machine Template in the Cloud

The intercloud fabric director gives customers several ways to deploy a virtual machine in the cloud. One of the
most common methods is to create a virtual machine template and then upload this template to the public cloud.
When the template resides in the public cloud, deploying a new virtual machine directly in the public cloud helps
customers avoid uploading large amounts of data from their private data center to the cloud. When the template is
uploaded using the director, the director performs the appropriate conversion to the cloud virtual machine format
and exposes the new template as a catalog item available in director GUI, as shown in Figure 7.

© 2015 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 11 of 13
 Figure 7. Cisco Intercloud Fabric Director Cloud Virtual Machine Catalog Item

Migrating the Virtual Machine to the Cloud

In addition to providing the capability to deploy a virtual machine in the cloud directly, the director allows
customers to move an existing virtual machine from their private cloud to the public cloud. In the case of the e-
business application under discussion in this document, this feature is useful when:

● Migrating a CPU-intensive virtual machine to the cloud to free local data center resources
● Migrating all the virtual machines in the Apache and PHP tier to the cloud and allowing customers to access
the application directly from the cloud

During migration, the director exports, converts, uploads, and powers on the virtual machine in the cloud and
inserts the intercloud agent and encryption keys. By default, the local data center virtual machine is shut down
when the migration is initiated and can remain in the private cloud in a powered-off state or be removed. This
behavior can be modified if needed.

Application Operation
Assume that an application is deployed using the configuration parameters discussed previously, and that
application servers are positioned in a customer data center so that the end users access the application directly
through the customer data center. When the load on the existing front-end Apache and PHP servers increases, the
application administrator can log into the director and bring up additional front-end servers using the predeployed
template in the public cloud. The intercloud fabric extender and switch provide a secure Layer 2 extension enabling
communication between the front-end and back-end servers using the router at the data center. If the administrator
chooses to release the resources in the local data center, all the front-end virtual machines can be migrated to the
cloud.

© 2015 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 12 of 13
 After the customer demand diminishes and the application computing requirements go down, the additional servers
configured in the cloud can be shut down or deleted, so that the application returns to its original installed state.
The intercloud director provides the single GUI to manage the resources in both the private and public clouds.

Conclusion
Cisco Intercloud Fabric for Business facilitates creation of a secure hybrid cloud, providing customers the capability
to scale applications securely and conveniently. Using Cisco Intercloud Fabric, customers can access additional
computing power while maintaining security and control of their applications. This fabric is well suited for e-
business applications, allowing customers to place complete or partial front-end application tiers in public cloud
while maintaining transparent access to on-premises authentication and database servers. The intercloud director
also allows you to upload virtual machine templates to cloud for instant application server deployment and provides
the capability to migrate customer workloads between the private and public clouds.

For More Information

For additional information, see:

● Cisco Intercloud Fabric 2.2.1 Release Notes:

http://www.cisco.com/c/en/us/td/docs/cloud-systems-management/cisco-intercloud-fabric/cisco-intercloud-
fabric-for-business/2-2-1/release-notes/b_Cisco_Intercloud_Fabric_Release_Notes_Release_2_2_1.html
● Cisco Intercloud Fabric getting-started guide:
http://www.cisco.com/c/en/us/td/docs/cloud-systems-management/cisco-intercloud-fabric/cisco-intercloud-
fabric-for-business/2-2-1/getting-started-
guide/Cisco_Intercloud_Fabric_Getting_Started_Guide_Release_2_2_1.html

Printed in USA C11-734799-00 06/15

© 2015 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 13 of 13