Cisco Cisco Intercloud Fabric for Provider Design Guide
Page 6
●
Placement—Restricting VM placement in accordance with the business requirement; for example, a policy for
VMs that have a sensitive workload and therefore cannot run in the public cloud.
VMs that have a sensitive workload and therefore cannot run in the public cloud.
●
Provisioning—The ability to establish the number of VMs per user or project.
With a Cisco ICF management system in place, these kinds of decisions, implemented from policies set by the
enterprise, allow for functionality within multiple clouds as a contiguous environment, while implementing
consistent, business-relevant placement decisions.
enterprise, allow for functionality within multiple clouds as a contiguous environment, while implementing
consistent, business-relevant placement decisions.
The Cisco ICF management system connects to Cisco ICFD via the available northbound API integrating upstream
portal and orchestration systems to the resources that Cisco ICF provides.
portal and orchestration systems to the resources that Cisco ICF provides.
Cisco Intercloud Fabric Provider Platform Architecture
When to Deploy Cisco ICFPP?
Cisco ICFPP should be deployed by all service providers that interface with Cisco ICFD platforms. The only
exceptions to this are Amazon EC2 and Windows Azure, which are available to Cisco ICF through their native
public Cloud APIs.
exceptions to this are Amazon EC2 and Windows Azure, which are available to Cisco ICF through their native
public Cloud APIs.
Cisco ICFPP Deployment Network Topology
To access a service provider’s cloud resources, Cisco ICFD must access the Cisco ICFPP virtual appliance from
the public network. Therefore, the public network interface of the virtual appliance must be deployed on a provider
network that is exposed to the service provider edge router. The private network interface of the virtual appliance
can connect to the private provider network that accesses the service provider cloud platform (such as vCloud
Director).
the public network. Therefore, the public network interface of the virtual appliance must be deployed on a provider
network that is exposed to the service provider edge router. The private network interface of the virtual appliance
can connect to the private provider network that accesses the service provider cloud platform (such as vCloud
Director).
The Cisco ICFPP deployment topology can vary for different service providers and cloud platforms. The Cisco
ICFPP virtual appliance uses HTTPS connections to communicate with Cisco ICSE and the service provider cloud
platform. As a result, no additional firewall rules need to be deployed in the network path between Cisco ICSE and
the Cisco ICFPP virtual appliance, or the Cisco ICFPP virtual appliance and cloud platform end-points.
ICFPP virtual appliance uses HTTPS connections to communicate with Cisco ICSE and the service provider cloud
platform. As a result, no additional firewall rules need to be deployed in the network path between Cisco ICSE and
the Cisco ICFPP virtual appliance, or the Cisco ICFPP virtual appliance and cloud platform end-points.
Single-Node Deployment Topology
The following diagram illustrates a single-node deployment with a VMware vCloud Director platform in a service
provider environment:
provider environment:
Figure 3 - Cisco ICFPP Deployment Network Topology – Single Node