Connected Grid - Rapid Endpoint Development Infrastructure-as-a-service (CG-REDI)
The Connected Grid Rapid Endpoint Development Infrastructure-as-a-service or CG-REDI, is a collection of cloud-based network infrastructure services, that are hosted at Cisco's DMZ facility and are available to partner members of the Cisco-Enabled Grid Devices development center.
You will create a Starter Kit at your premises and connect to the CG-REDI infrastructure to obtain hosted services to enable development of your Cisco Connected Grid Endpoints (CGE) and perform Compatibility Verification Testing (CVT).
You can connect up to 100 CGE devices and 1 CGR to the CG-REDI services. And we will allocate a dedicated instance of Cisco's Connected Grid NMS (CGNMS) for you to manage your devices.
The following diagram illustrates the connection of the Starter Kit at vendor premises to the CG-REDI infrastructure.
The following are the VPN connection types from partner premises back to CG-REDI infrastructure:
- IPv6 GRE over IPSec VPN: This connection is created between the FAR (CGR 1000) on partner premises and the ASR1K hosted at the CG-REDI. This connection is REQUIRED for the partner developed CGE to pass the IVT/CVT and be "Cisco Certified". Establishing this connection will require a static globally-routable IP address for the FAR.
- SSL VPN: This connection is created between an Application Server hosted at the partner premises (or alternately at a third party SaaS/PaaS infrastructure) and terminates at an ASA at the CG-REDI. This requires the client server to install AnyConnect VPN software client. This connection is OPTIONAL for IVT/CVT and Cisco certification, but required if the partner wishes to communicate from their Application Server(s) to their CGE.
- IPv6 GRE over IPSec VPN for Application Server (Optional): This is an alternate VPN service available when AnyConnect based SSL VPN is not an option. This is typically the case, where a non-supported OS is being used or the Application Server is hosted as a platform running customized embedded software. This connection is OPTIONAL for IVT/CVT and Cisco certification, but required if the partner wishes to communicate from their Application Server(s) to their CGE.
- Clientless SSL VPN Connection: This connection can be established using a secure browser connection to the ASA appliance. This connects the user to the CG-REDI hosted CG-NMS (Connected Grid Network Management Service) instance. This connection is OPTIONAL for IVT/CVT and Cisco certification, but required if the partner wishes to use the hosted CGNMS to manage their endpoints.
Once the appropriate VPN connections are established, the following can take place:
- The Connected Grid Endpoints can access the network infrastructure services like NTP, PKI, DHCPv6 Server, AAA/NPS via the IPSec GRE VPN Tunnel.
- The partner's Application Server(s) can connect to the CGE via a tunnel to CG-REDI and then back again through the IPSec GRE VPN connection to their premise-based FAR.
- A user at the partner premises (or anywhere) can open a session with their hosted CGNMS instance.
The following services are hosted on CG-REDI on a shared basis:
NTP, DHCPv6, DNS, AAA/NPS, Certificate Authority (CA), Active Directory Services, Active Directory Certificate Services.
CG-REDI also hosts one CG-NMS per partner for endpoint management.