Cisco Blogs

Cisco Blog > Data Center

5 Top Challenges of SAN Design: View from our SAN Design Experts – Part 1

SAN Engineer

Look after your SAN experts!

One of the aspects I really enjoy about my job is that I get to learn from some of the world’s top network and data center design engineers, and I get to hear about technology adoption challenges across the world. If there is a complex network or data center design being worked by our customers, if our customers are under time pressure, or if our customers are facing key business or technical challenges, Cisco Services’ consultants are often called in to help.  Globally then, they experience first hand the challenges of deploying advanced technologies.  In this blog, in the same spirit as my OpenStack Deployment Challenges blog, I’d like to share their experiences on some of the most common challenges and misconceptions faced by our customers when building Storage Area Networks (SAN).  I’ll publish this in 2 parts – so look out for the concluding part next week.

Before continuing, I’d like to thank two of our SAN expert consultants, Barbara Ledda and Wolfgang Lang, for sharing their experiences and challenges.

Read More »

Tags: , , , , , , , , , ,

Micro-segmentation: Enhancing Security and Operational Simplicity with Cisco ACI

(This blog has been developed in association with Praveen Jain, VP, Engineering of Cisco’s Application Policy Infrastructure Controller, Juan Lage, Principal Engineer and others)

Security is top of mind in today’s data center and cloud deployments and security architectures have continued to evolve even as new threats manifest themselves in the digital world. Today’s security administrator requires a variety of “tools” to deal with the sophisticated attacks. One such tool is the ability to segment the network.

Traditionally network administrators have allocated subnets for different applications and mapped them to VLANs as a means of providing network segmentation, partitioning and isolating domains.  This classic approach was relatively easy to implement and facilitated policy definition using Access Control Lists (ACLs) between subnets at the L3 boundary, usually the first hop router or perhaps a physical firewall.

However, this approach led to the undesired mapping of IP subnets to applications. Over time, it also led to an explosion of ACLs when subnet based policies were not sufficient (for instance, by requiring ACLs that match on specific IP Addresses). This in turn made it difficult to perform garbage collection of ACL entries when applications were decommissioned, complicating the ACL management problem.

So, while the broad constructs of segmentation are still relevant, today’s application and security requirements mandate increasingly granular methods that are more secure and operationally simpler.

This has led to the evolution of what we call as “micro-segmentation”.  Broadly, the goals of micro-segmentation are as follows

  • Programmatically define segments on an increasingly granular basis allowing greater flexibility (e.g. to limit lateral movement of a threat or to quarantine a compromised endpoint  in a broader system)
  • Leverage programmability to automate segment and policy managent across the entire application lifecycle (instantiation through de-commissioning)
  • Enhance security and scale by enabling a Zero-Trust approach for heterogeneous workloads

Micro-segmentation with Cisco’s Application Centric Infrastructure  

Cisco’s Application Centric Infrastructure (ACI) takes a very elegant approach to micro-segmentation with policy definition separating segments from the broadcast domain. It uses a new application-aware construct called End-Point Group (or EPG) that allows application designers to define the group of endpoints that belong to the EPG regardless of their IP address or the subnet they belong to.  Further, the endpoint can be a physical server, a virtual machine, a Linux container or even legacy mainframes – i.e. the type of endpoint is normalized and therefore irrelevant, thereby offering great simplicity and flexibility in their treatment.

ACI still preserves the traditional segment, now called a Bridge Domain (or BD). IP subnets can still be assigned to Bridge Domains. This approach helps preserve any existing operational models, if required, allowing for creation of Bridge Domains with a single EPG that maps to the concept of a traditional VLAN.

The ACI architecture takes these even further.  Multiple EPGs can belong to the same Bridge Domain, and EPGs can be provisioned programmatically (in fact, just like everything else within ACI) via an open API made available through Cisco’s Application Policy Infrastructure Controller (APIC). Simply put, the EPGs in the ACI architecture are “micro-segments” of a Bridge Domain.

The figure below illustrates this approach:


Read More »

Tags: , ,

Latest additions to the Cisco UCS M-Series Modular Server Portfolio

Cisco UCS M-Series Modular Servers deliver exceptional value for online content delivery like gaming, web serving, transcoding, and HPC. Built around Cisco’s virtual interface card (VIC) technology and the policy-based management of UCS Manager, this new design brings the award-winning architecture and management of Cisco Unified Computing to the world of parallelized workloads.

Read More »

Tags: ,

F5 Agility 2015: Next Stop Down Under

In a few weeks Spring season will set in, and it’ll be a Ripper Down Under. For the Data Center technology geeks there is plenty of action in store to celebrate the onset of Aussie spring. I am talking about F5 Agility that is getting ready to rock Melbourne (Aug 18) and Sydney (Aug 20)


Just last week, I was at F5 Agility, Washington DC. It was an electrifying experience meeting customers and partners of Cisco and F5 and culminating in a powerful guest keynote by Colin Powell, the legendary American statesman and retired four-star general. Colin’s passion to help youth and transform the globe is totally extra-ordinary and most of us attendees were privileged to listen to him that day. That speech has super charged me to last for a long time, and in that mindset, let me switch context to F5 Agility, Melbourne Aug 18, and Sydney Aug 20. The agenda for both these events are identical. We have a packed set of activities from early morning till late evening. We are going to hear F5’s leaders, customers, and partners share how the latest solutions from F5 are transforming what’s possible for today’s organizations. In about a year’s time Cisco ACI and F5 partnership has demonstrated significant success in our joint solution momentum and customer adoption. I am pleased to invite you all to attend this premier industry event and get insights on how F5 and Cisco are bringing the power of cloud, data centers, converged systems, and as-a-Service together to enable fast, efficient, and secure application delivery in today’s challenging hybrid environments.


The keynote by Julian Eames, F5 EVP of Business Operations, centers on “Innovate, Expand and Deliver” and lays the foundation for your business to innovate new paths to success, expand through barriers to growth, and deliver the applications your customers need to succeed. Julian will take you a tour of current market trends, how F5 has grown under John McAdam’s tenure, the evolution of the F5 Platform from simple load balancer to ADC to support Cloud based business models, the growing importance of enterprise security, recent F5 acquisitions, and last but not the least the growing eco-system of Partners. I recommend getting started with Julian’s keynote.


Following the keynote, Cisco Exec Shashi Kiran is hosting the Plenary, Platinum Sponsor session titled “Deliver Application Agility with Cisco Application Centric Infrastructure (ACI)”, 10.30 am local time. What’s unique about this Breakout Session? You will get the opportunity to hear Shashi eloquently walk you through the role of Cisco ACI in today’s Application-Oriented Economy, also see a key partner join him on stage and share their success stories with ACI. Shashi will discuss how emerging applications are placing huge demands on Data Center Infrastructure and how grossly unprepared they are to meet the same. Shashi will then introduce Cisco ACI, an open, scalable, programmable SDN solution that helps address these infrastructure challenges. Shashi will illustrate how Cisco’s open architecture enables seamless integration of F5 into ACI’s policy framework and how the joint solution brings unprecedented agility and end-end L2-L7 accelerated application delivery.

Shashi is also doing the Plenary Panel Session in the evening jointly with F5 Execs and the Guest Customer speaker. The topic centers around global trends and themes around Cloud adoption and drivers, SDN, Security etc. This session will be invigorating and sets the stage for a lively evening solutions expo tour.

For the technically oriented among you, we also have a number of technical breakout sessions hosted by F5 and its Partners. These sessions cover Security, Cloud in detail along-with other emerging Data center topics.

That is not all. Cisco ACI brings you additional customer engagement opportunity in the solutions expo hall. We are featuring cool demos showcasing our joint solutions namely, ACI -F5 BIG-IP and ACI – BIG-IQ on both Aug 18 and 20, during the expo hours. Stop by the Cisco booth where product experts are available to engage in white-board sessions and to compliment the demos, we also run short duration presentations in the Cisco theatre at periodic intervals. Should you desire, we are happy to meet you in 1-1 meetings, so let us know how we can enrich your experience at the event

For all the hard work we all do at the event, there is plenty F5 offers to let us relax and enjoy. The networking event at the solutions expo in the evening (5 – 7 PM) provides drinks and prize draws in addition to an exciting showcase of state of art technology innovations and demos. Network with your fellow attendees while enjoying tasty food and drink, knowledgeable guides, and more are awaiting you.

I am eager to see you all in Australia next week. There are some useful links for you to check out before your visit on how Cisco ACI and F5 work together on the innovation front.

For more information, Visit

Join our Community discussions on ACI and find outWhat is your SDN Spirit Animal?”

Take the quiz and find out! 

Tags: , , , , ,

The Puppet Labs Integration With NX-OS Is Here

As we continue our journey of openness that is summarized by ZK Research: Cisco’s Data Center Strategy is Built on Openness, we announced the Open NX-OS at Cisco Live San Diego in June 2015 that runs on Nexus 3K and Nexus 9K platforms.

The Open NX-OS extensibility supports:

  • Object store and model-driven NX-API enhancements. NX-API enables common programmatic approach across entire Nexus switch portfolio (Nexus 2000 through Nexus 9000 switches)
  • Built-in third party DevOps automation tools like Puppet
  • Secure SDK enabling third party and custom application development running natively on NX-OS

The new programmability features in Open NX-OS, such as the bash shell environment, python interpreter and NX-API access, it enables the built-in DevOps Puppet tool to be extended to automate anything on the platform. Cisco and Puppet Labs are excited to make available the Puppet Cisco [NX-OS agent]


and Cisco [Puppet Forge Module]


Companies are embracing software defined networking (SDN) and DevOps practices to deploy network changes repeatedly and consistently. Customers who run mega scale data centers like Web2.0/OTT and fortune 100 are looking to do more with less, increase “device:admin” ratio and agility, and respond faster to business needs in a world where continuous application update grows by the hour without breaking infrastructure operation.

Using Puppet Enterprise, you can not only realize those SDN benefits, but you also extend DevOps practices to network administration across mega scale data centers, commercial and  large enterprises by defining your desired network configuration with infrastructure as code.  Using infrastructure as code enables cross-team change collaboration, automated infrastructure testing, and automated application deployments that span compute, storage, and network.

Tags: , , , , , ,