Cisco ACI uses a
holistic systems-based approach, with tight integration between physical and
virtual elements, an open ecosystem model, and innovation-spanning application-specific
integrated circuits (ASICs), hardware, and software. This unique approach uses
a common policy-based operating model across ACI-ready network, and security
elements (computing, storage in future), overcoming IT silos and drastically
reducing costs and complexity.
Cisco ACI
redefines the power of IT, enabling IT to be more responsive to changing business
and application needs, enhancing agility, and adding business value. As an innovative
architecture, Cisco ACI radically simplifies, optimizes, and accelerates the
entire application deployment lifecycle.
Problems Addressed by Cisco ACI
Cloud, mobility, and big data applications are causing a shift in the data center model. New applications are
placing demands on the infrastructure in new ways. Distributed applications
(for example, Big Data and Hadoop), database applications (such as those from
Oracle and SAP) that run on bare metal, virtualized applications running in
multi-hypervisor environments, and cloud-based applications that are available
on demand all impose different demands on infrastructure.These demands include:
•Infrastructure
must become application aware and more agile to support dynamic application
instantiation and removal
•The non-virtual
nature of new emerging applications means that the infrastructure must support
physical, virtual, and cloud integration with full visibility
•Infrastructure-independent
applications treat the data center as a dynamic shared resource pool
•Scale-out models
promote more east-west traffic, with a need for greater network performance and
scalability
•Multi-cloud
models require the infrastructure to be secure and multitenant aware
These changes
are increasing operation complexity and limiting business agility and
responsiveness. Cisco ACI delivers an agile data center with simplified operations
and increased application responsiveness to support a new generation of distributed
applications while accommodating existing virtualized and non-virtualized environments.
Cisco ACI Solution
Cisco ACI
delivers a transformational operating model for next-generation data center and
cloud applications.
In the Cisco ACI
framework, applications guide networking behavior, not the other way around.
Predefined application requirements and descriptions (policy profiles) automate
the provisioning of the network, application services, security policies,
tenant subnets, and workload placement. By automating the provisioning of the
complete application network, Cisco ACI helps lower IT costs, reduce errors,
accelerate deployment, and make the business more agile.
The new Cisco
ACI model uses a fabric-based approach that is designed from the foundation to
support emerging industry demands while maintaining a migration path for
architectures already in place. This focus allows both traditional enterprise applications
and internally developed applications to run side by side on a network infrastructure
designed to support them in a dynamic and scalable way. Network policies and
logical topologies, which traditionally have dictated application design, are
instead applied based on the application needs. The fabric is designed to
support the move to management automation, programmatically defined policy, and
dynamic workloads on any device anywhere. Cisco ACI accomplishes this with a
combination of hardware and software tightly coupled to provide advantages not
possible in other models.
Cisco Application Policy Infrastructure
Controller, Application Network Profile and Fabric That Supports Cisco ACI
Main Cisco ACI Components
Cisco Application Policy Infrastructure Controller
The Cisco
Application Policy Infrastructure Controller (APIC) is the main architectural component
of the Cisco ACI solution. It is the unified point of automation and management
for the Cisco ACI fabric, policy enforcement, and health monitoring. The Cisco
APIC is a centralized clustered controller that optimizes performance, supports
any application anywhere, and unifies operation of physical and virtual
environments. The controller manages and operates a scalable multitenant Cisco
ACI fabric.
The Cisco APIC
is responsible for tasks ranging from fabric activation, maintenance of switch
firmware, network policy configuration and instantiation. Cisco APIC is
completely removed from the data path. This means that the fabric can still
forward traffic even when communication with the APIC is lost. The APIC itself is
delivered as an appliance and will typically be run as three or more appliances
for performance and availability.
The Cisco APIC is designed
from the foundation for programmability and centralized management. The Cisco
APIC exposes a northbound API through XML and JSON and provides both a
command-line interface (CLI) and GUI that use this API to manage the fabric. The
system also provides an open source southbound API that allows third-party
network service vendors to implement policy control of supplied devices through
the Cisco APIC.
Application Network Profiles
An Application
Network Profile within the fabric is a collection of the endpoint groups (a
logical grouping of similar endpoints representing an application tier or set
of services that require a similar policy), their connections, and the policies
that define those connections. Application Network Profile is the logical
representation of all components of the application and its interdependencies
on the application fabric.
Application
Network Profiles are designed to be modeled in a logical way that matches the
way that applications are designed and deployed. The configuration and
enforcement of policies and connectivity are then handled by the system through
the Cisco APIC rather than an administrator.
Cisco ACI Fabric: Cisco Nexus Portfolio
Cisco is
expanding the Cisco Nexus switching portfolio with the introduction of the
Cisco Nexus 9000 Series Switches for both traditional and Cisco ACI data center
deployments. The Cisco Nexus 9000 Series offers modular and fixed 1/10/40
Gigabit Ethernet switch configurations that are designed to operate either in
Cisco NX-OS mode for compatibility and consistency with the current Cisco Nexus
switches or in Cisco ACI mode to take full advantage of Cisco ACI application
policy–based services and infrastructure automation features. This
dual-function capability provides customers with investment protection and ease
of migration to Cisco ACI through a software upgrade.
Benefits of Cisco ACI
Cisco ACI helps
dissolve IT silos for application deployment, security, network services, and
network configuration personnel by enabling all of them to collaborate through
a common platform. The main benefits include:
² Application velocity - any
application, anywhere
² Systems architecture that
enables a holistic view of applications, with centralized application-level
integrated visibility and real-time application health monitoring across
physical and virtual environments
² Common platform for
managing physical, virtual, and cloud-based environments
² Secure multi-tenancy with
detailed control for applications and tenants
² Scalable performance
combining software flexibility and hardware performance
² Superior application
performance, improving application flow completion time by up to 80 percent
² Operation simplicity, with
common policy, management, and operation models across application, network,
and security resources (and computing and storage resources in the future)
² Open APIs, open standards,
and open source elements enable software flexibility for development and
operations (DevOps) teams and ecosystem partner integration
Cisco Services for ACI
“Is my data center ready for transformation?”
“How do I know my initiative will have the desired impact?”
“How do I get started?” Cisco
Services can help you with the answers. Cisco offers a range of professional
services to support your transition to ACI and to secure your infrastructure,
including:
Cisco Business Strategy capabilities
help you articulate the strategy and develop the business case and an
architectural-led master plan for ACI. We assess the specific benefits of ACI
for your environment, and identify and prioritize business-impacting scenarios
into an overall plan, using tools and frameworks that we have developed and
tested internally and with others.
Cisco Readiness Planning capabilities
help transform your data center networks to an ACI by identifying risks and
opportunities; analyzing operational elements; and recommending detailed
migration plans to enable a smooth and successful transition to ACI.
Cisco Data Center Services for Operations Enablement are existing services which can prepare your environment for ACI
while addressing all stages of the operations lifecycle.
Cisco Services to Secure the Data Center
Infrastructure
Cisco Data Center Security Design Assessment Service helps you understand your security infrastructure design and how it
aligns with your security policy. The resulting comprehensive assessment report
includes risk analysis and recommendations based on industry best practices.
Cisco Data Center Security ASA Migration Service helps you migrate your third party or Cisco Adaptive Security Appliance (ASA) platform—including configurations
and firewall rules—to a virtualized environment.
Cisco Data Center Optimization Service improves, supports, and maintains your overall data center,
including security support in data center devices.
Cisco Security Optimization Services address specific security needs, such as an annual data center
security posture assessment or data center security design development support.
More Cisco ACI Topics