Cisco Blogs


Cisco Blog > Data Center

Hosting Provider Zitcom Accelerates Time to Market with Cisco ACI

Recently I had an opportunity to sit down with Thomas Raabo, Network Operations Manager of Zitcom, a premier partner-driven hosting company based out of Denmark. Thomas and his team address companies and applications of various sizes, and were one of the early adopters of Cisco’s Application Centric Infrastructure (ACI). At the time of my conversation, they had this architecture in production for almost 10 months.

Thomas’s take on it was quite interesting. When I asked him to compare the before vs. after scenarios with Cisco ACI, he shared some insights –

  • Time to market dropped from hours to minutes (applications, VMs were deployed much faster)
  • Making firmware upgrades (usually a challenge for any NetOps person), became “kid’s play”.
  • Application teams are better integrated with the network team and have access to the Application Policy Infrastructure Controller (APIC) if they want to. This helps reduce silos.
  • Interestingly, programmers without network knowledge are able to program into networks rapidly deploying new services

Read More »

Tags: , , , ,

Micro-segmentation: Enhancing Security and Operational Simplicity with Cisco ACI

(This blog has been developed in association with Praveen Jain, VP, Engineering of Cisco’s Application Policy Infrastructure Controller, Juan Lage, Principal Engineer and others)

Security is top of mind in today’s data center and cloud deployments and security architectures have continued to evolve even as new threats manifest themselves in the digital world. Today’s security administrator requires a variety of “tools” to deal with the sophisticated attacks. One such tool is the ability to segment the network.

Traditionally network administrators have allocated subnets for different applications and mapped them to VLANs as a means of providing network segmentation, partitioning and isolating domains.  This classic approach was relatively easy to implement and facilitated policy definition using Access Control Lists (ACLs) between subnets at the L3 boundary, usually the first hop router or perhaps a physical firewall.

However, this approach led to the undesired mapping of IP subnets to applications. Over time, it also led to an explosion of ACLs when subnet based policies were not sufficient (for instance, by requiring ACLs that match on specific IP Addresses). This in turn made it difficult to perform garbage collection of ACL entries when applications were decommissioned, complicating the ACL management problem.

So, while the broad constructs of segmentation are still relevant, today’s application and security requirements mandate increasingly granular methods that are more secure and operationally simpler.

This has led to the evolution of what we call as “micro-segmentation”.  Broadly, the goals of micro-segmentation are as follows

  • Programmatically define segments on an increasingly granular basis allowing greater flexibility (e.g. to limit lateral movement of a threat or to quarantine a compromised endpoint  in a broader system)
  • Leverage programmability to automate segment and policy managent across the entire application lifecycle (instantiation through de-commissioning)
  • Enhance security and scale by enabling a Zero-Trust approach for heterogeneous workloads

Micro-segmentation with Cisco’s Application Centric Infrastructure  

Cisco’s Application Centric Infrastructure (ACI) takes a very elegant approach to micro-segmentation with policy definition separating segments from the broadcast domain. It uses a new application-aware construct called End-Point Group (or EPG) that allows application designers to define the group of endpoints that belong to the EPG regardless of their IP address or the subnet they belong to.  Further, the endpoint can be a physical server, a virtual machine, a Linux container or even legacy mainframes – i.e. the type of endpoint is normalized and therefore irrelevant, thereby offering great simplicity and flexibility in their treatment.

ACI still preserves the traditional segment, now called a Bridge Domain (or BD). IP subnets can still be assigned to Bridge Domains. This approach helps preserve any existing operational models, if required, allowing for creation of Bridge Domains with a single EPG that maps to the concept of a traditional VLAN.

The ACI architecture takes these even further.  Multiple EPGs can belong to the same Bridge Domain, and EPGs can be provisioned programmatically (in fact, just like everything else within ACI) via an open API made available through Cisco’s Application Policy Infrastructure Controller (APIC). Simply put, the EPGs in the ACI architecture are “micro-segments” of a Bridge Domain.

The figure below illustrates this approach:

Microsegmenation-1

Read More »

Tags: , ,

F5 Agility 2015: Next Stop Down Under

In a few weeks Spring season will set in, and it’ll be a Ripper Down Under. For the Data Center technology geeks there is plenty of action in store to celebrate the onset of Aussie spring. I am talking about F5 Agility that is getting ready to rock Melbourne (Aug 18) and Sydney (Aug 20)

aus1

Just last week, I was at F5 Agility, Washington DC. It was an electrifying experience meeting customers and partners of Cisco and F5 and culminating in a powerful guest keynote by Colin Powell, the legendary American statesman and retired four-star general. Colin’s passion to help youth and transform the globe is totally extra-ordinary and most of us attendees were privileged to listen to him that day. That speech has super charged me to last for a long time, and in that mindset, let me switch context to F5 Agility, Melbourne Aug 18, and Sydney Aug 20. The agenda for both these events are identical. We have a packed set of activities from early morning till late evening. We are going to hear F5’s leaders, customers, and partners share how the latest solutions from F5 are transforming what’s possible for today’s organizations. In about a year’s time Cisco ACI and F5 partnership has demonstrated significant success in our joint solution momentum and customer adoption. I am pleased to invite you all to attend this premier industry event and get insights on how F5 and Cisco are bringing the power of cloud, data centers, converged systems, and as-a-Service together to enable fast, efficient, and secure application delivery in today’s challenging hybrid environments.

aus2

The keynote by Julian Eames, F5 EVP of Business Operations, centers on “Innovate, Expand and Deliver” and lays the foundation for your business to innovate new paths to success, expand through barriers to growth, and deliver the applications your customers need to succeed. Julian will take you a tour of current market trends, how F5 has grown under John McAdam’s tenure, the evolution of the F5 Platform from simple load balancer to ADC to support Cloud based business models, the growing importance of enterprise security, recent F5 acquisitions, and last but not the least the growing eco-system of Partners. I recommend getting started with Julian’s keynote.

aus3

Following the keynote, Cisco Exec Shashi Kiran is hosting the Plenary, Platinum Sponsor session titled “Deliver Application Agility with Cisco Application Centric Infrastructure (ACI)”, 10.30 am local time. What’s unique about this Breakout Session? You will get the opportunity to hear Shashi eloquently walk you through the role of Cisco ACI in today’s Application-Oriented Economy, also see a key partner join him on stage and share their success stories with ACI. Shashi will discuss how emerging applications are placing huge demands on Data Center Infrastructure and how grossly unprepared they are to meet the same. Shashi will then introduce Cisco ACI, an open, scalable, programmable SDN solution that helps address these infrastructure challenges. Shashi will illustrate how Cisco’s open architecture enables seamless integration of F5 into ACI’s policy framework and how the joint solution brings unprecedented agility and end-end L2-L7 accelerated application delivery.

Shashi is also doing the Plenary Panel Session in the evening jointly with F5 Execs and the Guest Customer speaker. The topic centers around global trends and themes around Cloud adoption and drivers, SDN, Security etc. This session will be invigorating and sets the stage for a lively evening solutions expo tour.

For the technically oriented among you, we also have a number of technical breakout sessions hosted by F5 and its Partners. These sessions cover Security, Cloud in detail along-with other emerging Data center topics.

That is not all. Cisco ACI brings you additional customer engagement opportunity in the solutions expo hall. We are featuring cool demos showcasing our joint solutions namely, ACI -F5 BIG-IP and ACI – BIG-IQ on both Aug 18 and 20, during the expo hours. Stop by the Cisco booth where product experts are available to engage in white-board sessions and to compliment the demos, we also run short duration presentations in the Cisco theatre at periodic intervals. Should you desire, we are happy to meet you in 1-1 meetings, so let us know how we can enrich your experience at the event

For all the hard work we all do at the event, there is plenty F5 offers to let us relax and enjoy. The networking event at the solutions expo in the evening (5 – 7 PM) provides drinks and prize draws in addition to an exciting showcase of state of art technology innovations and demos. Network with your fellow attendees while enjoying tasty food and drink, knowledgeable guides, and more are awaiting you.

I am eager to see you all in Australia next week. There are some useful links for you to check out before your visit on how Cisco ACI and F5 work together on the innovation front.

For more information, Visit www.cisco.com/go/acif5

Join our Community discussions on ACI and find outWhat is your SDN Spirit Animal?”

Take the quiz and find out! 

Tags: , , , , ,

Pulsant Accelerates Business Transformation with Cloud solutions from Cisco and F5

Data Centers and Clouds are all about applications. The efficacy of a data center or cloud deployment is a function of how quickly applications can be stood up, scaled or de-commissioned as required. As new architectures continue to evolve, data center and cloud architects are constantly on the lookout for innovative ways to further simplify operations, lower costs, increase responsiveness and provide flexibility of consumption models.

In this context, I’d like to take the opportunity to profile Pulsant – a cloud service provider from the United Kingdom. They provide colocation services across 10 data centers with managing hosting and innovative hybrid services that are continually evolving.

A short while ago, I had the pleasure of having Martin Lipka who heads the Pulsant network architecture team participate in a talk with me sharing deployment insights with customers at the F5 conference in Edinburgh. He talked about the simplicity of Cisco’s Application Centric Infrastructure (ACI), and the synergy with F5’s BigIP and BigIQ offerings down the line. For the benefit of the broader humanity that was not in the room with us, I requested him to sit down again and distill some of his views. Martin was kind enough to oblige and shared his insights on diverse topics including how he expects data center architectures to evolve, candidly confessing why he was wrong about automation trends and how he feels the job roles will morph in the coming years. Interestingly, some of his sentiments were also echoed by Stefaan Hinderyckx, Network and Security Director of Dimension Data Europe. Stefaan is not in this video, but he had joined our session as well and it was good to see everyone excited about the possibilities of network, security and data center transformation.

A fresh case study from Pulsant is also posted here.

Also, at the same conference, I was invited to sit down with F5 EVP Dave Feringa and SVP Calvin Rowland along with my colleague Patrick Schmidt who’s the Managing Director overseeing the EMEA region, where we discussed the partnership, momentum with Cisco ACI and scaling our joint marketing activities.

Read More »

Tags: , , , , , , , , , ,

F5 Agility 2015, Washington DC – Exciting week awaits us

Only a few weeks remain for the Fall season to officially set in, and it’s still quite hot in Washington DC. The fast approaching F5 Agility event is further adding a sizzle to the conference scene at the Gaylord National resort and convention center in DC.

Usagility1

During Aug 4-7, we are going to hear F5’s leaders, customers, and partners share how the latest solutions from F5 are transforming what’s possible for today’s organizations. In about a year’s time Cisco ACI and F5 partnership has demonstrated significant success in our joint solution momentum and customer adoption. I am pleased to invite you all to attend this premier industry event and get insights on how F5 and Cisco are bringing the power of cloud, data centers, converged systems, and as-a-Service together to enable fast, efficient, and secure application delivery in today’s challenging hybrid environments.

Usagility2

The keynote by F5 CEO Manny Rivelo centers on “Innovate, Expand and Deliver” and lays the foundation for your business to innovate new paths to success, expand through barriers to growth, and deliver the applications your customers need to succeed. Manny will take you on a tour of current market trends, how F5 has grown under John McAdam’s tenure, the evolution of the F5 Platform from simple load balancer to ADC to support Cloud based business models, the growing importance of enterprise security, recent F5 acquisitions, and last but not the least the growing eco-system of Partners. I recommend getting started with Manny’s keynote.

Usagility3

Following Manny, Dean Darwin, Marketing SVP of F5 will deliver F5’s forward looking vision.  Dean’s session aligns well with Manny’s keynote in that he will address Innovation, thought leadership, expanding business models (like As a Service) and strategies to increase customer satisfaction and financial excellence.

In the afternoon, we have two guest keynotes. Colin L. Powell the well-known statesman and retired General and Chris Tarbell, one of the most successful cyber security law enforcement officials of all time are going to entertain you. Do not miss the opportunity to listen to these legends.

Cisco Exec Shashi Kiran is joining F5 Exec Calvin Rowland and fellow Cisco exec Matt Smorto in a panel session Aug 5. For those of you not familiar with ACI, this panel session is a great opportunity to learn how Cisco and F5 are expanding their partnership, how their combined thought leadership is advancing the SDN landscape, and customer successes and momentum experienced by Cisco ACI, F5’s BIG IP & BIG IQ in the marketplace. The panellists are seasoned industry experts and I promise it will be a treat to the attendees.

If you somehow missed the panel session, there is room to cheer. Shashi is hosting a breakout session titled “Deliver Application Agility with Cisco Application Centric Infrastructure the” next day, Aug 6, 10.30 am EST.  What’s unique about this Breakout Session? Well, you will get to not only hear Shashi eloquently walk you through the role of Cisco ACI in today’s Application-Oriented Economy, but also see customers and partners join him on stage and share their success stories with ACI.  Shashi will discuss how emerging applications are placing huge demands on Data Center Infrastructure and how grossly unprepared they are to meet the same. Shashi will then introduce Cisco ACI, an open, scalable, programmable SDN solution that helps address these infrastructure challenges. Shashi will illustrate how Cisco’s open architecture enables seamless integration of F5 into ACI’s policy framework and how the joint solution brings unprecedented agility and end-end l2-L7 accelerated application delivery.

Shashi’s breakout as I said earlier, also features a unique Partner segment towards the end. Mark Wall, Chief Architect from WWT, will join Shashi on stage to share their ACI experiences. How often do you get this comprehensive experience in a breakout session, one that is devoid of a sales pitch.  Sounds great, doesn’t it?

For the technically oriented among you, we also have a technical breakout session by Ravi Balakrishnan (Cisco) and Payal Singh (F5) Aug 3.30 PM ETA. This session covers the integration architecture, value-props, and openness of the platform that the joint Cisco ACI-F5 solution brings to customers and partners.

That is not all. Cisco ACI brings you additional customer engagement opportunity in the solutions expo hall. We are featuring cool demos showcasing our joint solutions namely, ACI-BIG IP and ACI-BIG IQ on both Aug 5 and 6, during the duration of the expo hours. Stop by the Cisco booth where are product experts are available to engage in white-board sessions and to compliment the demos, we also run short duration presentations in the Cisco theatre at periodic intervals. Should you desire, we are happy to meet you in 1-1 meetings, so let us know how we can enrich your experience at the event

For all the hard work we all do at the event, there is plenty F5 offers to let us relax and enjoy. The evening event on Aug 6 provides entertainment by Vince Neil (Motley Crew fame) allows attendees to step back and enjoy and get a prelude to their farewell tour “All Bad Things Must Come to An End” through December 31, 2015 in Los Angeles.

Usagility4

Network with your fellow attendees while enjoying tasty food and drink, entertaining music, knowledgeable guides, and more are awaiting you on Aug 6.

I am eager to see you all in Washington DC next week. There are some useful links for you to check out before your visit on how Cisco ACI and F5 work together on the innovation front.

For more information, Visit www.cisco.com/go/acif5

https://f5.com/about-us/events/event/f5-agility-conference

Join our Community discussions on ACI and find outWhat is your SDN Spirit Animal?”

Take the quiz and find out! 

 

Tags: , , , ,