Cisco Blogs


Cisco Blog > Data Center and Cloud

Software Defined Networks with L4-L7 ADC Policy Automation

It appears only a short time ago we introduced Cisco ACI to the market, but it is already the one-year anniversary time. In this one-year period, we have seen tremendous momentum on customer adoption and partner eco-system for both the Nexus 9k hardware platform and the ACI software. To date there are more than 1,000 plus Nexus 9k hardware customers and 200 plus ACI software customers. And don’t forget the growing eco-system of partners that now stands at an impressive 34.

To commemorate this one-year anniversary of ACI and its success, we have planned a grand Data Center Webcast to be broadcast on Jan 13 at 9 AM PST. Click here to register for the webcast. Attendees of the webcast will have the opportunity to hear from our ACI ecosystem partners how their solutions integrate to help customize and extend ACI deployments. The audience will also hear from Cisco customers all over the world about the benefits they’ve discovered with our ACI architecture. Check out Cisco exec Shashi Kiran’s blog for more details on the webcast.

For the remainder of this blog I am going to focus on the ACI L4-L7 partner eco-system momentum. Since August 2014, major L4-L7 Application Delivery Controller (ADC) vendors have collaborated with our Insieme Business Unit to build, test, certify joint integrated solutions and introduce publicly downloadable device packages for customers to seamlessly deploy ACI in existing ADC deployments.

servicechainnew

What makes the ACI integration with L4-L7 ADC vendors’ devices so seamless and easy? Well, the answer lies in the flexible and open service policy management inherent in ACI. The highly open and programmable nature of Cisco APIC and the ability to selectively associate service chains with specific applications and data flows, and the flexibility of applying application delivery policies to different applications (Figure-1). This far exceeds that of a traditional network based ADC. To date F5, Citrix, A10 Networks have built FCS versions of device packages for Cisco ACI. I want to take you on a quick tour of each of these ACI joint solutions, and the benefits they uniquely bring to existing customer deployments.

The exciting L4-L7 eco-system ramp began in August 2014 when ADC market leader F5 announced the availability of its device package for ACI. Since then, our partnership has clicked into high gear. We had a very successful F5 Agility event at Copenhagen (June) and New York (early August) showcasing the Cisco ACI-F5 BIG-IP joint solution in breakout sessions, world of solutions Expo, and in keynotes Panels. Cisco also published a jointly written technical whitepaper, a solutions brief and a Design guide with F5. In the webcast planned for Jan 13, we have an exclusive partner panel session featuring F5 exec, Calvin Rowland, and Cisco Exec, Soni Jiandani. I urge you to tune in to this webcast to get the low-down on the customer traction and how customers are benefiting from the policy based automation and application centric approach of our joint solution.

The Citrix and Cisco strategic partnership dates back to early 2010 with a strategic alliance on the UCS-Citrix Desktop Virtualization front. Since then, our alliance has expanded to other technology areas, and in August we introduced the ACI-Citrix NetScaler joint solution to market with the availability of the Citrix device package for Cisco ACI. Citrix and Cisco ACI engineering teams are also actively working in IETF and ODL standards efforts to create thought leadership around NSH and the OpFlex protocols. I can vouch that it will be a rewarding experience for you to listen to Steve Shah of Citrix at the Jan 13 webcast, and get insights on how customers are benefiting from our joint solution featuring open policy model and a programmable infrastructure. Check out the solutions brief and whitepaper from our joint website to gather more details.

A10 Networks is the new kid on the ACI eco-system block. ACI’s SDN paradigm is a natural fit for A10 Networks’s vision and strategy to expose L4-L7 networking features programmatically. As a first step, A10 Networks has successfully certified their device package for ACI and is now available for download. The A10 device package is open source, and can be easily enhanced by customers to create custom value with near ubiquitous programmability. Exciting near term joint engagements include potentially collaborating on an OpFlex and NSH standards effort as well as some advanced ADC features such as WAF, SSL offload, GSLB, and device partitions among others. I do not want to steal all of the webcast’s thunder, so tune in on Jan 13 to get a 360 degree view from A10 CTO Raj Jalan.

As I am writing this blog there is more exciting news. Yes, Radware is also testing their ACI device package with the Insieme Business Unit now. Stay tuned to hear more outcomes on this engagement. The L4-L7 ACI eco-system momentum is truly on a fast track. In closing, I want to re-iterate, do not forget to register for Cisco’s ACI webcast set for Jan 13.

Related Links

http://blogs.cisco.com/datacenter/citrix-netscaler-device-package-for-cisco-aci-goes-fcs

http://blogs.cisco.com/datacenter/f5-device-package-for-cisco-apic-goes-fcs

http://blogs.cisco.com/datacenter/aci_webcast

 

Tags: , , , ,

A New Generation of Cisco UCS Power Calculator

We are proud to announce the new Cisco UCS Power Calculator and Estimation Tool. It features an all new User Interface (UI) and is currently live at http://ucspowercalc.cisco.com

The tool contains many new features, including the ability to create templates and projects where configuration data is stored. Templates and projects improve agility as well as enable collaboration among users through exporting and importing user-specific  configuration data.

powercalcimage

Additionally, the new power calculator offers a powerful RESTful API, which allows third party applications to connect and generate power estimations by simply passing through actual configuration data.  This architecture provides a single source for all power estimates.

powercalcconnect

Common to the Cisco UCS management tool portfolio, the API-driven architecture for the new power calculator enables integration opportunities with a number of Cisco tools. One example is tighter integration with Cisco Commerce Workspace (CCW) power calculator widget – for real-time estimation of solution power while building out configurations.  Third-party, non-Cisco tools (e.g. DCIM) can also now connect directly to the power calculator and assist users with data center infrastructure planning. For questions on how to integrate your application with the new power calculator and estimation tool’s REST API, please contact Roy Zeighami or Jeffrey Metcalf at (ucs-power-calc-dev@cisco.com).

Previous versions of the Cisco UCS Power Calculator will be retired with redirects to the new Cisco UCS Power Calculator.

Cheers and Thanks! to Intel for the collaboration!

UCS Power Calculator: http://ucspowercalc.cisco.com
UCS Communities: http://communities.cisco.com/ucs
UCS Platform Emulator:  http://communities.cisco.com/ucspe
UCS Developed Integrations:  http://communities.cisco.com/ucsintegrations

Tags: , , , , ,

Disaster Recovery Oversights

It can be challenging and expensive to design an efficient network and data center that minimizes downtime.  Yet, even if you’ve put together a bulletproof solution, there’s always the possibility of disaster to consider.

Developing a robust disaster recovery plan involves much more than just installing redundant resources.  There are so many factors to consider, and so many that are easily overlooked.  For example, a comprehensive disaster recovery plan includes not only redundant electrical systems; it ensures electricity sources are redundant as well.

Disaster recovery is an example of an application that is well-suited for the cloud.  Certainly you can take on the challenge – and expense – of putting together a complex, in-house solution.  Alternatively, you can leverage the expertise and up-to-date solutions available from cloud providers.  Cloud-based disaster recovery services can also be put in place must faster and at substantially lower cost.

Partnering with a cloud provider can greatly simplify implementing a comprehensive disaster recovery plan. Not every cloud provider offers enterprise-class service.  Nor do they all guarantee their promises with written service level agreements. Choosing the wrong service or the wrong provider can put the reliability of your recovery strategy at risk.

In Shopping List for Cloud Recovery Services, cloud provider Sungard AS reviews key factors to consider when evaluating disaster recovery cloud services.   They offer many service levels, such as the speed with which different infrastructure and applications are restored.  Properly balancing your plan with your business requirements leads to the best price.  The right provider can also help you understand your vulnerabilities and different approaches to address them.

Cloud-based disaster recovery services provide a cost-effective approach to enable you to ensure the safety of your organization’s data and continuity of operations.  Learn more about how industry leaders like Cisco, Sungard AS, and Allstream are working together to manage risk in the cloud.

Tags: , , ,

Red Hat and Cisco bring Application Policy to OpenStack environments

On January 13, 2015, Cisco will celebrate a year of industry adoption of Application Centric Infrastructure (ACI), a ground breaking SDN architecture. It will include a public webcast with ACI customers and ecosystem partners describing a range of new solutions that dramatically simplify data center and cloud deployments . One of these inaugural partners was Red Hat, the leading provider of open source solutions for enterprise IT . Since the ACI launch, Cisco and Red Hat have been working on extending the application policy model, at the heart of Application Centric Infrastructure, to OpenStack. Here is a preview of the Red Hat solution.

Cloud deployments of new mobile, social, and big data applications need a dynamic infrastructure to support higher demand peaks, more distributed users, varying performance needs, 24×7 global usage, and changing security vulnerabilities. These applications need a mix of virtualized and dedicated “bare-metal” resources, to run economically at scale with performance and availability.

To meet these needs, Cisco, Red Hat and other companies, have jointly developed Group Based Policy – a common open policy language that expresses the intent of business and application teams separately from the language of the infrastructure. Group Based Policy offers continuous policy governance while applications are deployed, scaled, recovered and managed for threats. It is ideal for rapidly deploying elastic, secure applications through OpenStack such as CRM, eCommerce, big data, financial reporting, and corporate e-mail.

IT organizations can get several benefits:

o   Dramatically accelerate deployment of business applications and services through OpenStack.

o   Maintain enforcement of business and application policies during frequent changes to scale, tenants, and the infrastructure.

o   Simplify DevOps Release Automation – moving application changes to production.

o   Ideal for hybrid cloud – Preserve user-intent and business policies across different infrastructures.

o   Prevent shadow IT – empowers internal IT to match the agility of the public cloud while complying with corporate controls .

Network administrators can get additional benefits when Group Based Policy is combined with the full capabilities of Cisco Application Centric Infrastructure, including seamless management of heterogeneous infrastructure, policy based network automation, real-time troubleshooting and performance optimization.

RHATOSP GBP

Group Based Policy (GBP) is implemented through a new APIC Group Based Policy plug-in for OpenStack Neutron, the networking service. Since networking connects all compute and storage end points in the data center, it is possible to define groups of endpoints through Neutron that share the same application requirements, regardless of how they are connected.  In addition, GBP:

  • Captures dependencies between applications, tiers and infrastructure so that respective teams can evolve underlying capabilities independently.
  • Works with multiple SDN controllers and extensible to multi-hypervisor infrastructures.
  • Brings application policy-based provisioning to existing networking plug-ins.

Group Based Policy will be available and supported in the upcoming release of Red Hat Enterprise Linux OpenStack Platform 6. Learn more about Group Based Policy here. And register for Cisco’s webcast on January 13th.

 

 

 

 

Tags: , , , , ,

Cisco Adds Check Point Next-Gen Security Gateway to Growing List of Strategic ACI Partners

Cisco is announcing another important strategic partner to its list of ACI-compliant vendors with the addition of the Check Point Next Generation Security Gateway to the ecosystem. A couple months ago I wrote about the inherent security architecture in ACI (Security for an Application Centric World), and now the Check Point solutions fit right into that framework as an alternative to Cisco security solutions. Essentially, this means that the ACI controller, APIC, can now configure the application network to include the insertion and provisioning of Check Point virtual and physical security gateways as it does other Layer 4-7 application services and security appliances. The availability of the Check Point solutions will offer customers greater choice and flexibility while underscoring the open, multi-vendor approach of ACI.

[Note: Check Point will be participating in our upcoming ACI Webcast event: “Is Your Data Center Ready for the Application Economy”, January 13, 2015, 9 AM PT, Noon ET, featuring ACI customers and several other key ACI technology partners. Register here.]

In scalable, multitenant cloud environments with flexible resource placement, almost every workload must be secured from every other workload, with detailed security policies enabled between workloads in an application network: a concept called micro-segmentation. This level of security policy detail can become tedious to manage on an application-by-application basis. It also can potentially restrict workload mobility and the ways that applications can be deployed in the cloud.

Cisco ACI policies abstract the network, devices, and services into a hierarchical, logical object model. In this model, administrators specify the Layer 4 through Layer 7 services (firewalls, load balancers, etc.) that are applied, the kind of traffic to which they are applied, and the traffic that is permitted. These services can be chained together and are presented to application developers as a single object with simple input and output. Connection of application-tier objects and server objects creates an application network profile (ANP). When this ANP is applied to the network, the devices are told to configure themselves to support it. Tier objects can be groups of hundreds of servers, or just one device; the same policies are applied to all the objects in a single configuration step (see below).

Check Point Integration

The Application Profile Defines Security and Application Policies for Application Networks, and Cisco APIC Manages and Provisions Security Resources in the Fabric, Such as a Check Point Firewall, with the Right Policies for Each Application, at the Right Location

The integration with Check Point Next Generation Security Gateway provides automated security provisioning and a full range of security protections and threat-prevention capabilities in a highly dynamic and agile Cisco ACI environment. Check Point Security Gateways can be deployed as physical or virtual solutions and address today’s ever-changing threat landscape with a modular and dynamic security architecture.

Read More »

Tags: , , , , , ,