Cisco Extends SDN Portfolio With New Software Release for Its Application Centric Infrastructure (ACI)

Cisco has announced a new software release for its Application Centric Infrastructure (ACI) to further enhance its SDN portfolio. New software capabilities enhance ACI with micro-segmentation for both physical (bare metal) applications and multivendor virtualized applications (VMware VDS, Microsoft Hyper-V). It also extends ACI across multi-site environments to deliver policy-driven automation across multiple data centers.

Cisco ACI now supports automated service insertion for any third party layer 4-7 service. Cisco also added new support for cloud automation tools like VMware vRealize Automation and OpenStack, including open standards-based Opflex support with Open vSwitch (OVS).

“Customers tell me that only five to ten percent of their networks are automated today,” said Soni Jiandani, SVP at Cisco. “They are eager to adopt comprehensive automation for their networks and network services through a single pane of management, while improving security for east-west traffic, multi-cloud traffic and bare metal applications in a consistent manner.”

“Policy-based automation, consistent network security and central compliance support are critical for IT efficiency, business agility, and competitive advantage,” added Mr. Jiandani. “Several ACI customers have achieved full automation of the network and are focusing on automation across their Layer 4-7 network services, security and application groups as the next step.”

Integration of Docker Containers

cisco-cloudCisco has also extended support for Docker container endpoints through integration with the Cisco Application Policy Infrastructure Controller (APIC) and Project Contiv. Docker offers customers an open source platform for running distributed applications in Linux containers. Project Contiv is an open source project defining infrastructure operational policies for container-based application deployment. ACI’s unified policy model enforces policy via endpoint groups (EPG), a collection of network endpoints that includes a wide range of entities, including bare-metal servers, virtual machines, and containers.

Cisco ACI now provides micro-segmentation support for VMware VDS, Microsoft Hyper-V virtual switch, and bare-metal applications, which would allow granular endpoint security enforcement. Customers can dynamically enforce forwarding and security policies and quarantine compromised or rogue end points based on virtual machine attributes (such as Name, Guest OS, VM Identifier) or network attributes (such as IP address.)

Organizations can also isolate workloads within the same policy group. For example, communication between all endpoints within the same web tier can be disabled through policy-based automation, which would prevent security threats from moving laterally within the data center.

Multiple Data Center Deployments

Cisco ACI would now deliver consistent policy-driven automation across multiple data centers to enable application mobility and disaster recovery through the new multi-site application in the ACI toolkit.

cisco-intercloudThe Cisco ACI platform would now also support service insertion and chaining for any service device, without the need for a device package for policy coordination with the Cisco APIC. Customers would now be able to seamlessly configure and manage all their existing network services, while automating network services connectivity.

Cloud Automation Tools

Additional software capabilities provide support for NX-OS style Command Line Interface (CLI) for APIC, Basic and Advanced GUI modes, Simple Network Management Protocol (SNMP) support for APIC, and trouble-shooting wizard enhancements such as Heat Map. General availability is Q4 CY 2015.

As organizations continue their journey to the cloud, Cisco provides comprehensive support for cloud automation tools. Adding to its support for Microsoft AzurePack for private cloud, Cisco now offers full policy-based cloud automation with VMware vRealize Automation and also OpenStack deployments. Cisco is extending ACI policy directly to the hypervisor using Opflex on Open vSwitch (OVS). OpFlex provides the policy-based integration between OpenStack and APIC. These will be generally available in Q4 CY 2015.

Furlow consulting