Wins, Accomplishments, Fast Action, welcome to the world of Cisco ACI. In this blog, I want to take you closer to the core of ACI excitement. Cisco Insieme Business Unit and Cisco’s premier Partner, World Wide Technology Inc (WWT) have come together in developing an ACI based Business Continuity/Disaster Recovery (BC/DR) solution for the next generation Data Centers. This blog specifically addresses the Disaster Recovery ACI use case implemented in WWT’s Advanced Technology Center (ATC). I will present highlights of how ACI has been implemented at ATC as two fabrics, across two Data Centers with federated controllers implementing an autonomous infrastructure and with replicated tenant configurations that will provide for disaster recovery.
This BC/DR use case couples the storage replication solution by Zert0 on NetApp storage and with a completely integrated and consistent ACI network solution on the primary and secondary sites to enable rapid application bring up on the remote site. Network and security policies are replicated, compute resources are virtualized and synchronized, and storage is continuously replicated. This integrated architectural approach addresses one of the major challenges enterprise customers have in deploying BC/DR solutions – aligning the configuration and deployment of network infrastructure in a simple process with the storage and application teams to achieve the Recover Point and Recover Time Objectives.
Network architecture: The ACI based network architecture is comprised of two independent fabrics with L3 connectivity between them. Each data center has a unique IP addressing namespace scheme and connects to the WAN. In the operational model per diagram-1, the “East” Data Center is termed primary and the “West” Data Center termed the backup (disaster recovery). Each Application Policy Infrastructure Controller (Cisco APIC) controller cluster is identified as the primary or secondary instance, and changes, additions or deletions to the application tenants, are replicated from the primary to the backup controller. Application tenant configurations are managed through a special Python module developed by WWT that programmatically synchronizes the two fabrics.
External WAN connectivity for each Data Center is provided through the common tenant in respective ACI fabrics. By using the common tenant for external connectivity, the network and security administrator can assign the appropriate network configuration policy, security contracts and as well as firewall and load balancing services for the fabrics in each data center. The application (DevOps) teams will reference the common configuration and configure application connectivity for intra- and inter-tanant communications through the Application Network profile (ANP). F5 Gobal Traffic Manager (GTM) allows holistic management of multi-data center application delivery via intelligent DNS.
This ACI based Disaster recovery solution has several other facets like storage replication, orchestration software (developed in-house by WWT) among other solution components. Please watch the YouTube Video for a demo illustration and the whitepaper for design details.
In closing, some key takeaways. Cisco ACI’s innovative architecture enables enterprise apps to treat the Data center as a dynamic, shared resource pool. This pool of resources is managed through a central controller (Cisco APIC) exposing all configuration and management components through a northbound REST API. WWT exploits this programmatic interface of ACI to develop business continuity/disaster recovery solutions for customers.
Tags: APIC Policy Replication, BC, Cisco ACI, DR, Federated ACI Fabrics, WWT
A couple weeks ago, I had the opportunity to travel to China and South Korea to meet with Cisco customers and partners. The meetings went well, but it was clear that these countries share what seems like a universal condition afflicting so many cities all over the world: traffic.
I know what you’re thinking, “Traffic? Really?” Fair enough, but bear with me on this one.
Admittedly, the traffic may have been top of mind for me because of a recent advertising campaign Cisco unveiled foreshadowing the last traffic jam. The irony is that sitting in bumper-to-bumper traffic in Hong Kong gave me time to think about this in a more critical way.
Why, in today’s modern, technology-advanced era, have we not yet discovered a way to avoid traffic or at least control it? Sitting idle in traffic for many is an accepted daily annoyance, but it can also present serious consequences to the welfare and economy of many people and organizations. In the U.S. alone, it’s estimated that traffic costs $124B in lost productivity, fuel waste and higher prices for goods as a result of higher transportation costs. Multiply this by a global factor, and you begin to get the enormity of this so called “annoyance.”
At Cisco, we’re focused on creating solutions that deliver business outcomes for our customers: faster decision-making, lowering costs, increasing productivity, etc. Being close to Cisco’s data center solutions and the company’s Internet of Everything vision, I got to thinking how we’re not that far off from leaving the traffic jam in the dust.
Read More »
Tags: Cisco ACI, Cisco UCS, data center, Fast IT, Frank Palumbo, IoE
Interested in learning more about Cisco Application Centric Infrastructure and Nexus 9000? We are hosting a myriad of activities here at Cisco Live Milan 2015! With Meet the Expert sessions and Demos at the World of Solutions, DevNet Zone labs, a plethora of breakout sessions, and customer whisper suite sessions, there is a wide range of content available throughout the week at the MiCo. Check out the highlights below.
- “Let’s Discuss: Cisco’s Controllers – Why, What, How, When”
Wednesday, January 28 • 2:30pm – 3:30pm
Monday, January 26 • 3:30 PM – 4:30 PM
- “API Deep Dive: APIC DC APIs”
Thursday, January 29 • 11:00 AM – 12:00 PM
1.TECACI-2009 – Intermediate – Application Centric Infrastructure (ACI) – The Policy Driven Data Center
2.BRKAPP-9000 – Introduction to Application Centric Infrastructure.
3.BRKACI-2001 – Intermediate – Integration and Interoperation of existing Nexus networks into an ACI architecture
4.TECDCT-2002 – Intermediate – Next Generation Data Center Infrastructure
5.BRKAPP-9004 – Intermediate – Data Center Mobility, VXLAN & ACI Fabric Architecture
6.BRKACI-3456 – Advanced – Mastering OpenStack and ACI
7.TECDCT-2002 – Intermediate – Next Generation Data Center Infrastructure
8.BRKACI-2006 – Intermediate – Integration of Hypervisors and L4-7 Services into an ACI Fabric
9.LTRDCT-1224 – Intermediate – Implementing VXLAN in Datacenter
10.BRKDCT-1302 – APIC and Nexus 9000: Network Programmability and Automation
11.BRKVIR-2931 – Intermediate – End-to-End Application-Centric Data Center
Cisco ACI/N9K Whisper Suites
Please visit https://cisco.jifflenow.com/livedcmilan2015 to register a request. Please note a Cisco domain name is required.
Whisper suites are being held offsite at:
Melia Milano Hotel
Via Masaccio, 19
We hope you will enjoy the show.
Tags: Breakout sessions, Cisco ACI, Cisco Live Milan, DevNet Zone Labs, meet the expert, Nexus 9000, whisper suite sessions, world of solutions
Cisco is announcing another important strategic partner to its list of ACI-compliant vendors with the addition of the Check Point Next Generation Security Gateway to the ecosystem. A couple months ago I wrote about the inherent security architecture in ACI (Security for an Application Centric World), and now the Check Point solutions fit right into that framework as an alternative to Cisco security solutions. Essentially, this means that the ACI controller, APIC, can now configure the application network to include the insertion and provisioning of Check Point virtual and physical security gateways as it does other Layer 4-7 application services and security appliances. The availability of the Check Point solutions will offer customers greater choice and flexibility while underscoring the open, multi-vendor approach of ACI.
[Note: Check Point will be participating in our upcoming ACI Webcast event: “Is Your Data Center Ready for the Application Economy”, January 13, 2015, 9 AM PT, Noon ET, featuring ACI customers and several other key ACI technology partners. Register here.]
In scalable, multitenant cloud environments with flexible resource placement, almost every workload must be secured from every other workload, with detailed security policies enabled between workloads in an application network: a concept called micro-segmentation. This level of security policy detail can become tedious to manage on an application-by-application basis. It also can potentially restrict workload mobility and the ways that applications can be deployed in the cloud.
Cisco ACI policies abstract the network, devices, and services into a hierarchical, logical object model. In this model, administrators specify the Layer 4 through Layer 7 services (firewalls, load balancers, etc.) that are applied, the kind of traffic to which they are applied, and the traffic that is permitted. These services can be chained together and are presented to application developers as a single object with simple input and output. Connection of application-tier objects and server objects creates an application network profile (ANP). When this ANP is applied to the network, the devices are told to configure themselves to support it. Tier objects can be groups of hundreds of servers, or just one device; the same policies are applied to all the objects in a single configuration step (see below).
The Application Profile Defines Security and Application Policies for Application Networks, and Cisco APIC Manages and Provisions Security Resources in the Fabric, Such as a Check Point Firewall, with the Right Policies for Each Application, at the Right Location
The integration with Check Point Next Generation Security Gateway provides automated security provisioning and a full range of security protections and threat-prevention capabilities in a highly dynamic and agile Cisco ACI environment. Check Point Security Gateways can be deployed as physical or virtual solutions and address today’s ever-changing threat landscape with a modular and dynamic security architecture.
Read More »
Tags: APIC, application centric infrastructure, Check Point, Cisco ACI, IPS, Nexus 9000, security
#CiscoChampion Radio is a series by Cisco Champions as technologists. We’re kicking off Season 2 with Cisco Senior Architect Azeem Suleman, who is talking about Cisco ACI. Lauren Friedman (@lauren) moderates and Scott Morris and Jason Benedicic are this week’s Cisco Champion guest hosts.
Listen to the Podcast.
Learn about the Cisco Champions Program HERE.
See a list of all #CiscoChampion Radio podcasts HERE.
Azeem Suleman, Cisco Senior Architect
Scott Morris, (@ScottMorrisCCIE), Senior Instructor
Jason Benedic, (@jabenedicic), Technical Architect
Benefits of ACI
Use case examples
Why ACI is different (from an SDN perspective)
Best practices for implementing ACI
ACI “WOW” factors Read More »
Tags: #CiscoChampionRadio, ACI, application centric infrastructure, Cisco ACI, Cisco Application Centric Infrastructure