More From Cisco Architect

More From Cisco Architect & DE Discussions Connected Life Exchange Digital and Social Emerging Countries High Performance title check Computing Networking Inside Cisco IT Open at Cisco Perspectives TechWiseTV Corporate/News The Platform Corporate Social Responsibility High Tech Policy title check Inclusion and Diversity Internet of Everything
Countries and Regions Asia Pacific Belgium Dutch French Canada English French France Réseaux Data Center Green IT IPv6 Collaboration Sécurité Smart Cities Germany Italy Italia PartnerIT Last week was a memorable one for me in more ways than one. First, the unveiling of Cisco s Application Centric Infrastructure title check (ACI) specifics by John Chambers and his Executive Management team via a public webcast on Nov 6. The announcement was a big success and received broad endorsement and support from a big eco-system of Partners, customers, Press and Analysts.
Second, personally it is special to me, as I became part of the ACI Marketing team two weeks ago, to join life in fast lane. In this blog I want to share my excitement with you, and focus on nuances of ACI that do not overlap with blogs already title check posted by Shashi Kiran and Harry Petty .
The excitement started with an ACI boot-camp, I attended last week. In 2 days, I got a good overview on the architectural advantages of Cisco ACI and the Datacenter pain-points it addresses. By now, many of you would have learnt that ACI is all about Datacenter agility and automation. Sounds easy, but you may be wondering how to attain this goal. I will give examples from my career as a software engineer in the 90 s, when I worked for Sun Microsystems. Those days, I wrote code for 2 tier and three-tier enterprise software applications that required global deployment and access by users on the company-wide WAN.
My problem started as I went from the Application Development phase to Test/QA phase. I had to run from pillar to post coordinating title check my application title check deployment needs with security, network and database/storage admins to identify the best rollout strategy. There was no collaboration between Dev and Ops teams. The alpha and beta test phases required testing title check on multiple subnets, across geographies, via multiple protocols like to establish proper SLA/functioning of the application. If my application had to open say, a firewall port to allow a particular traffic type (non http) it was next to impossible to get security ops to agree. title check Opening non-http ports were considered a security risk. In addition, tight coupling of network constructs like subnets, VLAN, security, network services, IP addresses title check etc with one another, further impacted the network flexibility and application deployment process. (Refer to Figure-1 below for details)
Cisco ACI comprises two major components, one the Application Policy Infrastructure controller (APIC) and the other the Cisco Nexus 9000 series Datacenter class switches. APIC helps application developers, and network and security operations to work together and separate the connectivity and security policies related to application deployment from the underlying title check network. For the first time, we see an opportunity to unify Development and Operations while preserving the ability to prescriptively apply policies dynamically. The Policies encoded in an Application Network Profile (ANP) can be created on the APIC tool and instantly pushed to the underlying Nexus 9000 based network for implementation. For your comparison, the ANP, is conceptually similar to the Service profile concept in Cisco UCS . Just like Cisco UCS service profiles implement title check stateless computing, intelligently re-purposing title check UCS servers to run and teardown applications on demand, the ANP likewise creates network connectivity and L4-L7 services for Applications, based on policies to push down on stateless network infrastructure. When the application moves from a Dev to Test to production title check phase, it is just a matter of applying the same or a different profile, and the application communication policies across web, app and Database tiers are executed per the profile. This solution automates title check the entire application title check deployment title check process and makes the network application centric. The Nexus 9000 is inherently secure, connections must be allowed by an ANP in contrast title check with traditional networks where anything can connect to anything unless blocked by an ACL. My security ops example above would not have been an issue if we had had ACI.
There are two other ACI innovations I want to briefly title check touch upon. The first one is the hardware based VXLAN implementation in Cisco Nexus 9000 Series switching platform. VXLAN is fast gaining industry adoption and acceptance, and is designed to address the scale limitations and L2 extension related pain-points of VLAN. What is unique and an industry-first with Cisco Nexus