Connected Grid - Rapid Endpoint Development Infrastructure-as-a-service (CG-REDI)

Document created by mathaker on Aug 22, 2014Last modified by adewanga on Sep 15, 2014
Version 2Show Document
  • View in full screen mode

The Connected Grid Rapid Endpoint Development Infrastructure-as-a-service or CG-REDI, is a collection of cloud-based network infrastructure services, that are hosted at Cisco's DMZ facility and are available to partners signed up in the Cisco-Enabled Grid Devices development center.

A partner will create a Starter Kit at their premises and connect to the CG-REDI infrastructure to obtain hosted services to enable development of their Cisco Connected Grid Endpoints (CGE) and perform Compatibility Verification Testing (CVT).

The following diagram illustrates the connection of the Starter Kit at vendor premises to the CG-REDI infrastructure.

 

 

The following are the VPN connection types from partner premises back to CG-REDI infrastructure:

  1. IPv6 GRE over IPSec VPN: This connection is created between the FAR (CGR 1000) on partner premises and the ASR1K hosted at the CG-REDI. This connection is REQUIRED for the partner developed CGE to pass the IVT/CVT and be "Cisco Certified".  Establishing this connection will require a static globally-routable IP address for the FAR.
  2. SSL VPN:  This connection is created between an Application Server hosted at the partner premises (or alternately at a third party SaaS/PaaS infrastructure) and terminates at an ASA at the CG-REDI. This requires the client server to install AnyConnect VPN software client.  This connection is OPTIONAL for IVT/CVT and Cisco certification, but required if the partner wishes to communicate from their Application Server(s) to their CGE.
  3. IPv6 GRE over IPSec VPN for Application Server (Optional): This is an alternate VPN service available when AnyConnect based SSL VPN is not an option. This is typically the case, where a non-supported OS is being used or the Application Server is hosted as a platform running customized embedded software.  This connection is OPTIONAL for IVT/CVT and Cisco certification, but required if the partner wishes to communicate from their Application Server(s) to their CGE.
  4. Clientless SSL VPN Connection: This connection can be established using a secure browser connection to the ASA appliance. This connects the user to the CG-REDI hosted CG-NMS (Connected Grid Network Management Service) instance.  This connection is OPTIONAL for IVT/CVT and Cisco certification, but required if the partner wishes to use the hosted CGNMS to manage their endpoints.

Once the appropriate VPN connections are established, the following can take place:

  1. The Connected Grid Endpoints can access the network infrastructure services like NTP, PKI, DHCPv6 Server, AAA/NPS via the IPSec GRE VPN Tunnel.
  2. The partner's Application Server(s) can connect to the CGE via a tunnel to CG-REDI and then back again through the IPSec GRE VPN connection to their premise-based FAR.
  3. A user at the partner premises (or anywhere) can open a session with their hosted CGNMS instance.

The following services are hosted on CG-REDI on a shared basis:

NTP, DHCPv6, DNS, AAA/NPS, Certificate Authority (CA), Active Directory Services, Active Directory Certificate Services

CG-REDI also hosts one CG-NMS per partner for endpoint management.

Currently, we allow up to 100 CGE devices and up to 2 CGRs per partner to connect to the CG-REDI services.

Attachments

    Outcomes