On January 13, 2015, Cisco will celebrate a year of industry adoption of Application Centric Infrastructure (ACI), a ground breaking SDN architecture. It will include a public webcast with ACI customers and ecosystem partners describing a range of new solutions that dramatically simplify data center and cloud deployments . One of these inaugural partners was Red Hat, the leading provider of open source solutions for enterprise IT . Since the ACI launch, Cisco and Red Hat have been working on extending the application policy model, at the heart of Application Centric Infrastructure, to OpenStack. Here is a preview of the Red Hat solution.
Cloud deployments of new mobile, social, and big data applications need a dynamic infrastructure to support higher demand peaks, more distributed users, varying performance needs, 24x7 global usage, and changing security vulnerabilities. These applications need a mix of virtualized and dedicated “bare-metal” resources, to run economically at scale with performance and availability.
To meet these needs, Cisco, Red Hat and other companies, have jointly developed Group Based Policy – a common open policy language that expresses the intent of business and application teams separately from the language of the infrastructure. Group Based Policy offers continuous policy governance while applications are deployed, scaled, recovered and managed for threats. It is ideal for rapidly deploying elastic, secure applications through OpenStack such as CRM, eCommerce, big data, financial reporting, and corporate e-mail.
IT organizations can get several benefits:
o Dramatically accelerate deployment of business applications and services through OpenStack.
o Maintain enforcement of business and application policies during frequent changes to scale, tenants, and the infrastructure.
o Simplify DevOps Release Automation – moving application changes to production.
o Ideal for hybrid cloud -- Preserve user-intent and business policies across different infrastructures.
o Prevent shadow IT – empowers internal IT to match the agility of the public cloud while complying with corporate controls .
Network administrators can get additional benefits when Group Based Policy is combined with the full capabilities of Cisco Application Centric Infrastructure, including seamless management of heterogeneous infrastructure, policy based network automation, real-time troubleshooting and performance optimization.
Group Based Policy (GBP) is implemented through a new APIC Group Based Policy plug-in for OpenStack Neutron, the networking service. Since networking connects all compute and storage end points in the data center, it is possible to define groups of endpoints through Neutron that share the same application requirements, regardless of how they are connected. In addition, GBP:
Captures dependencies between applications, tiers and infrastructure so that respective teams can evolve underlying capabilities independently.
Works with multiple SDN controllers and extensible to multi-hypervisor infrastructures.
Brings application policy-based provisioning to existing networking plug-ins.
Group Based Policy will be available and supported in the upcoming release of Red Hat Enterprise Linux OpenStack Platform 6. Learn more about Group Based Policy here. And register for Cisco’s webcast on January 13th.
[Note: This is the second of a four-part series on the OpFlex protocol in Cisco ACI, how it enables an application-centric policy model, and why other SDN protocols do not. Part 1 | Part 3 | Part 4]
Following on from the first part of our series, this blog post takes a closer look at some of these architectural components of Cisco ACI and the VMware NSX software overlay solution to quantify the advantages of Cisco’s application-centric policies and demonstrate how the architecture supports greater scale and more robust IT automation.
As called for in the requirements listed in the previous section, Cisco ACI is an open architecture that includes the policy controller and policy repository (Cisco APIC), infrastructure nodes (network devices, virtual switches, network services, etc.) under Cisco APIC control, and a protocol communication between Cisco APIC and the infrastructure. For Cisco ACI, that protocol is OpFlex.
OpFlex was designed with the Cisco ACI policy model and cloud automation objectives in mind, including important features that other SDN protocols could not deliver. OpFlex supports the Cisco ACI approach of separating the application policy from the network and infrastructure, but not the control plane itself. This approach provides the desired centralization of policy management, allowing automation of the entire infrastructure without limiting scalability through a centralized control point or creating a single point of catastrophic failure. Through Cisco ACI and OpFlex, the control engines are distributed, essentially staying with the infrastructure nodes that enforce the policies.
[Note: This is the first of a four-part series on the OpFlex protocol in Cisco ACI, how it enables an application-centric policy model, and why other SDN protocols do not. Part 2 | Part 3 | Part 4]
IT departments and lines of business are looking at cloud automation tools and software-defined networking (SDN) architectures to accelerate application delivery, reduce operating costs, and increase business agility. The success of an IT or cloud automation solution depends largely on the business policies that can be carried out by the infrastructure through the SDN architecture.
Through a detailed comparison of critical architectural components, this blog series shows how the Cisco Application Centric Infrastructure (ACI) architecture supports a more business-relevant application policy language, greater scalability through a distributed enforcement system rather than centralized control, and greater network visibility than alternative software overlay solutions or traditional SDN designs.
Historically, IT departments have sought out greater automation as device proliferation has accelerated to overcome the challenges of applying manual processes for critical tasks. About 20 years ago the automation of desktop and PC management was an imperative, and about 10 years ago server automation became important as applications migrated to larger numbers of modular x86 and RISC-based systems. Today, with the consolidation of data centers, IT must address not only application and data proliferation, but also the emergence of large scale application virtualization and cloud deployments, requiring IT to focus on cloud and network automation.
The emergence of SDN promised a new era of centrally managed, software-based automation tools that could accelerate network management, optimization, and remediation. Gartner has defined SDN as “a new approach to designing, building and operating networks that focuses on delivering business agility while lowering capital and operational costs.” (Source: “Ending the Confusion About Software-Defined Networking: A Taxonomy”, Gartner, March 2013)
Furthermore, Gartner, in an early 2014 report (“Mainstream Organizations Should Prepare for SDN Now”, Gartner, March 2014), notes that “SDN is a radical new way of networking and requires senior infrastructure leaders to rethink traditional networking practices and paradigms.” In this same report, Gartner makes an initial comparison of mainstream SDN solutions that are emerging, including VMware NSX, and Cisco ACI. There has been some discussion whether Cisco ACI is an SDN solution or something more, but most agree that, in a broad sense, the IT automation objectives of SDN and Cisco ACI are basically the same, and some of the baseline architectural features, including a central policy controller, programmable devices, and use of overlay networks, lead to a useful comparison.
This blog series focuses on the way that Cisco ACI expands traditional SDN methodology with a new application-centric policy model. It specifically compares critical protocols and components in Cisco ACI with VMware NSX to show the advantages of Cisco ACI over software overlay networks and the advantages of the ACI application policy model over what has been offered by prior SDN solutions. It also discusses what the Cisco solution means for customers, the industry, and the larger SDN community.
After countless brainstorming sessions, code reviews, lab trials, scores of NDAs and nearly two years of intense speculation from media, analysts and the internet community – it is finally here! Today, Cisco is pulling back the curtains to reveal details of the vision of Application Centric Infrastructure (ACI) announced in June 2013. With shipping products as part of the announcement today, Cisco is also taking the first steps in making this vision a concrete reality. In the process, Insieme networks also returns to become a wholly owned subsidiary of Cisco.
For those tuning into the press conference and webcast today , you will see John Chambers, Rob Lloyd and Insieme executives get into the specifics of ACI, with the event being hosted out of the historical Waldorf Astoria in New York. You will also see Cisco’s partners and customers share both the stage as well as a common vision.
So, after months of silence, there will be quite a bit of information sharing, perhaps Information overload even. This is an announcement with innovation at multiple levels, and even for the tech savvy it will take time to fully understand and appreciate the architecture and the benefits it brings.
I wanted to share a few key concepts, innovations, and highlights of the announcement today. We will delve into additional details and dissect these pieces over the next few weeks on this blogging platform as well the public www.cisco.com/go/aci website, which will host a lot of the structured content.
1. The concept of Application Centric Infrastructure
We put together a short video to distill the concepts of ACI. It encompasses a lot of what existing networks today, as well as emerging SDN concepts (regardless of what the definition of SDN is), and goes quite beyond what anyone else is offering out there today. You will see some critical differentiators here:
De-coupling of application and policy from IP infrastructure
Ability to define application network profiles and apply them
Integration of physical and virtual infrastructure elements with end-to-end visibility
The Application Policy Infrastructure Controller (APIC) is a new appliance that will be the heart of the ACI fabric. While the actual product will ship around Q2 of next calendar year. An APIC simulator will also be made available on a controlled basis for customers and partners to get familiar and additional information will continue to be made available. Unlike most software-only controllers in the market today that have little ability to exploit the capabilities of hardware, APIC provides a holistic system level view and an ability to tap into the capabilities of the underlying infrastructure. While it will initially be paired with the Nexus 9000, the APIC will be expanded to support other parts of the portfolio as well as other infrastructure building blocks.
The APIC utilizes a centralized policy-model with an application network profile and open architecture that allows for the application needs to be defined and mapped to infrastructure, to make it application-aware.
3. Nexus 9000 – Expanding the Nexus switching family
We’re expanding the highly successful Nexus family with the next “big bad boy” -- the Nexus 9000. This will initially come in two models – the Nexus 9500 and the Nexus 9300, with the former shipping now. It has a variety of innovations for all of the “5 Ps” – (i) an extremely attractive Price point , optimized for 1G to 1/10G in the access, and for 10G to 40G migration in the aggregation layer. In addition (ii) It brings in Industry leading Performance with 1.92Tbps per line card and is 100G ready. (iii) Has significantly higher non-blocking Port-density (iv) Flexible programmability with JSON/XML API with a Linux container for customer apps and (v) Power efficiency – with an innovative design that has no mid-plane/backplane resulting in 15% greater power and cooling efficiency.
The kaon shows the “see-through” design of the Nexus 9500 without the traditional mid-plane design. To see the 3D design of the Nexus 9500 click here
The Nexus 9000 is designed from ground-up to be ACI ready with a combination of merchant silicon and Cisco custom ASICs to deliver the “5 Ps”.
As customers migrate to 10/40G over the next few years, the cost of laying new fiber and overhauling the optics is a tremendous drag and raises barriers for 40G adoption. I wrote about multi-layered innovations – this is one of them at a component level. The 40G BiDi lets customers preserve their existing 10G cables, resulting in tremendous time savings, cost savings (labor and fiber) as well as improved time to market for the upgrade. Bandwidth upgrades is one of the top reasons that drive network refreshes, and this innovation (a Cisco exclusive) produces remarkable results
5. The Partner Ecosystem
It is not possible for one company to address all the challenges manifesting in the data center on its own, no matter how revolutionary the architecture is or how radical the innovations are. This is where a rich ecosystem of partners have stepped in(see the technology leaders rally here), each of them market and innovation leaders respective domains, to make the vision of ACI all the more real and consumable.
Their vision and commitment is reflective both of the shared vision and commitment to transform the data center infrastructure, as well as reflective of the open architecture of the ACI approach in general, building on the principles of the Cisco Open Network Environment (Cisco ONE), but also taking it to other aspects of the infrastructure. You may expect to see a lot of the demos as the APIC becomes generally available next year, even as services offerings around ACI become much richer, as evidenced by Scott’s blog link below.
Please stay tuned to this blog space and the www.cisco.com/go/aciwebsite for additional information over coming weeks and months. As always we would like your comments and constructive criticism as we together help redefine the power of IT.
(*) Click on the Infographic to enlarge or download it
Revolutions are usually led by challengers, not incumbents. But Cisco’s Nov. 6th mega-launch of Application Centric Infrastructure (ACI) is sounding revolutionary as described by some experienced industry watchers. Any revolution must transform the experience of its participants – in this case , the Application development teams, DevOps and CloudOps that are provisioning new applications in many mid-to-large Enterprise Data Centers. As John Chambers said at Interop “The ability to create an infrastructure that is agile, simplified, automatically programmable and able to scale on demand is critical to enabling the application model”. In this blog, we’ll zoom in on “Agility” as an experience.
The growing agility gap
In the last decade, Cisco and other equipment providers have greatly improved the agility of data center infrastructure – the ability to respond quickly to new demands for scale, performance and security. Technologies such as a unified fabric, virtualization and infrastructure controllers augmented by intelligent Automation and Governance have greatly simplified the management of the infrastructure.
But there is strong evidence that the demand for agility is increasing even faster – creating a growing agility gap.
Compared to traditional backoffice applications, new Mobile, Social and Big Data applications are much more dynamic due multi-tenancy, higher demand peaks, more distributed users, broader device support, varying performance needs, 24x7 global usage, and changing security vulnerabilities. Furthermore, to run economically at scale with performance and availability, these applications need a mix of virtualized and dedicated, “bare-metal” resources. And the reality is that only 40% of workloads are virtualized anyway in most enterprise data centers.
These factors are driving more distributed workloads and storage across the data center, more frequent changes to ports, LANs and subnets, more re-configurations of security and load-balancing, more application and flow optimizations and more monitoring and diagnostics to ensure application metrics.
Data center teams are getting overwhelmed. IDC’s 2011 research showed that total Data Center spend has shifted to these type of management and administration tasks – and that was just for virtualized servers. New bare metal workloads will increase this spend further as they move to scale, unless something is done.