Cisco Blogs


Cisco Blog > Data Center and Cloud

The Benefits of an Application Policy Language in Cisco ACI: Part 3 – Group Policies

October 17, 2014 at 5:00 am PST

[Note: This is the third a four-part series on the OpFlex protocol in Cisco ACI, how it enables an application-centric policy model, and why other SDN protocols do not. Part 1 | Part 2 | Part 4]

The Cisco ACI fabric is designed as an application-centric intelligent network. The Cisco APIC policy model is defined from the top down as a policy enforcement engine focused on the application itself and abstracting the networking functions underneath. The policy model unites with the advanced hardware capabilities of the Cisco ACI fabric underlying the business-application-focused control system.

The Cisco APIC policy object-oriented model is built on the distributed policy enforcement concepts for intelligent devices enabled by OpFlex and characterized by modern development and operations (DevOps) applications such as Puppet and Chef.

At the top level, the Cisco APIC policy model is built on a series of one or more tenants, which allows the network infrastructure administration and data flows to be segregated. Tenants can be customers, business units, or groups, depending on organization needs. Below tenants, the model provides a series of objects that define the application itself. These objects are endpoints and endpoint groups (EPGs) and the policies that define their relationships (see figure below). The relationship between two endpoints, which might be two virtual machines connected in a three-tier web application, can be implemented by routing traffic between the endpoints to firewalls and ADCs that enforce the appropriate security and quality of service (QoS) policies for the application and those endpoints.

Endpoint Group Policy

Endpoints and Application Workloads Along with Tenants and Application Network Profiles Are the Foundation of the Cisco ACI Policy ModelEndpoints and Application Workloads Along with Tenants and Application Network Profiles Are the Foundation of the Cisco ACI Policy Model

For a more thorough description of the Cisco ACI application policy model, please refer to this whitepaper, or this one more specifically on Endpoint Groups.

For this discussion, the important feature to notice is the way that Cisco ACI policies are applied to application endpoints (physical and virtual workloads) and to EPGs. Configuration of individual network devices is ancillary to the requirements of the application and workloads. Individual devices do not require programmatic control as in prior SDN models, but are orchestrated according to the centrally defined and managed policies and according to application policies.

This model is catching hold in the industry and in the open source community. The OpenStack organization has begun work on including group-based policies to extend the OpenStack Neutron API for network orchestration with a declarative policy-based model based closely on EPG policies from Cisco ACI. (Note: “Declarative” refers to the orchestration model in which control is distributed to intelligent devices based on centralized policies, in contrast to retaining per-flow management control within the controller itself.)

Read More »

Tags: , , , , , , , ,

Top 10 ISV challenges with Cloud, Analytics, Mobile and Social Transformation

In my previous blog, I highlighted the need in ISV’s business transformation due to various changes in the market. Although ISVs are bound to face challenges as they shift their approach to application development, they must also be weary of the challenges that can come with other technological avenues, including cloud, analytics, mobile and social networks. The following are the top 10 challenges that I have seen ISVs struggling with in today’s market:

  • Domain 1 -- Infrastructure & Environment
    • In today’s cost-sensitive market with tight budgets, ISVs have to decide if there is a business case to build a Cloud to run their production software or host SaaS solution in a public Cloud or hosted Cloud. There are many qualitative and quantitative factors to consider. Qualitative analysis can include new or existing software solution, security, compliance, availability, global reach requirements, IP protection, existing IT resources in-house or lack there-of, etc. Quantitative analysis can include cost per user considering cost of compute, network, storage, support, training, software license, third party integration, human resource cost for development and support, etc.
    • It is easier to do the above analysis for Test environments, where you would need a large number of resources for a short period of testing time. Hence, public IaaS providers can be cost effective if there are no major concerns on Security, Compliance or IP-Protection. In such situations, ISVs can develop software using in-house environments and use public Cloud (or hybrid Cloud) for test environments.
    • ISVs should consider Cattle and Pet strategy (just like a cow in a cattle where if one cow dies, it gets replaced without any big impact to cattle, a server or a VM instance in cloud should be treated the same where if one server goes down, there should not be any impact on the functionalities of the cloud solution. This is unlike a pet -- or a traditional server in legacy environment -- where a pet requires care and create impact if something happens to it) in architecting the software for Cloud to reach higher availability. One should not have a Pet instance that cannot go down. Instead software solution should have failover capabilities and also load balancing capabilities so any server should be replaceable just like a cow in a Cattle. Following are some generic statistics of reliability in Cloud compare to Legacy environments:
      • Legacy has 99.9% reliability for Applications and 99.999% reliability for Infrastructure
      • Cloud has 99.0% reliability for Infrastructure and 99.999% reliability for Application
  • Domain 2 -- Virtualization & Abstraction
    • Evaluating if your software can live on a virtualized server or if it requires bare-metal server, can be the starting point in the Cloud journey. Not every software solution is designed to be on a virtualized server. In this case, it is a critical decision if one should redesign the software or develop it from the scratch or use container technology.
    • Questions, such as: “can (and should) your software do multi-tenancy?”are also very important. This decision can lead to overall impact on how you architect your software solution and evaluate price. Ability to do multi-tenancy can lead to reduced infrastructure to run your solution and hence, possibly reduced price to end customer. One should also evaluate impact of multi-tenancy on security that is required for ISV’s vertical industry. When a SaaS application handles sensitive data, ISVs must know and document how enterprise’s sensitive data is isolated from other tenants’ data. This analysis includes data at rest and data in-transit within the ISV’s SaaS environment, as well as in-transit across other untrusted networks.
  • Domain 3 -- Automation and Orchestration
    • Selecting the right tools for automation of policy-based orchestration, deployment and provisioning can lead to less manual steps, reduced time to setup new customers and enhanced speed to market.
    • Utilizing automation for release management can lead to less errors and smaller numbers of business interruption.
    • As high availability and less time between interruptions for disaster recovery are critical to keep customers in Cloud space, ISVs should have automation tools to do regular testing with simulated disaster situations to verify high availability.
  • Domain 4 -- Customer Interface
    • Since late 1990s, with introduction of Web, ISVs are forced to decide if software should have thick client or thin client or both. Now, with ubiquitous smart phones, popularity of mobile applications and with speedier releases of upgrades on popular mobile platforms such as Google Android, Apple IOS, etc., maintaining and upgrading mobile client can be substantial additional investment.
    • ISVs also need to make decisions on what should be the scope of the mobile client –
      • Should it be an independent software with full feature functionality of software solution, or
      • Should it be a hybrid solution where some feature functionalities are available on Mobile client while the rest is accessed remotely via web and executed in Cloud, or
      • Should Mobile client just be an additional device with remote web client?
    • In addition, with market trends towards integrating third party APIs to expand the feature functionalities of the software, role based identity management is critically important. Additional challenge is that ISVs have to develop flexible solution so they can adjust to different interpretation of different roles by different API providers.
  • Domain 5 -- Service Catalog
    • With SaaS, ISVs have to plan on how to price their software solution per user but also think about how to package the software solution and make it available using web based catalog. This catalog needs to have clear use cases that are easy to understand, aligned to vertical industry needs and price competitive to match customer’s willingness to pay. Moreover, though, any inclusion of third party software solution needs to be transparent to the user; it needs to be clearly defined in the legal language to reduce liability.
    • Development of such price & package is not a simple task. It is an art as one should create unique value perception for all use cases, be competitive, as well as make it easy for the user to decide and differentiate from competition to avoid price discussion instead of value. Moreover, this catalog may need to change regularly based on competitive forces and customer needs.
    • In addition to developing their own catalog, ISVs must also consider how their software solution can be integrated in Partner’s catalog so they can reach broader audience.  This requires considerations, such as how to price it to the value given by partner solution. This may require rethinking on the price as partner based use of ISV’s software solution may not include full feature functionalities.
  • Domain 6 -- Financial
    • Pricing software solution using Pay-per-use model is a challenge that is different from pricing for perpetual license. Pricing needs to be based on the market’s willingness to pay, as competition is just a click away. It also requires considerations and clear understanding that ISVs may not have many months to recover R&D cost due to competitive threats. Hence, it requires clear planning on how fast ISV can get enough customers to reach a breakeven point to cover R&D, customer acquisition & operation cost.
    • Compared to one-time billing for perpetual license, monthly or quarterly ongoing billing for pay-per use is a challenge and it has larger number of collection issues.
    • With the popularity of social media, even clarity and simplicity of regular bill-to-customer is important. Otherwise, ISV runs the risk of having a critical blogger targeting ISV billing practices and impacting reputation and moving customer’s opinion away from ISV. Such customer opinion also provides additional ammunition to competition. Hence, a bill should have enough details that are easy to understand, yet forces customers to see the value and possibly avoid easy comparison with competition.
    • In pay-per-use licensing, ISVs have to develop new strategy for revenue recognition and that can lead to impact on how sales compensations are designed.
    • If software solution includes third party vendors, ISVs need to do appropriate ongoing reporting to the vendor and also understand appropriate impact for tax purposes.
    • How long should ISVs let customer try software solution for free or have a promotional package is based on software solution maturity, market trends and direct competition. This decision alone can lead to high cost of customer acquisition and promotion.
    • Maximizing social networks such as Facebook and Twitter to understand market trends and develop appropriate reports for business impact is critical for today’s success and require additional skills and resources.
    • ISVs needs to develop intelligent reporting for customers, partners and its own management using analytics tools based on software solution. Moreover, making sense out of structured and non-structured data with variety, volume and velocity of data requires different reporting solutions such as use of Big Data Analytics. Each customer click that can span across ISV’s multiple systems and possibly multiple Cloud provider partners that are part of the solution can execute multiple transactions and produce multiple logs. Some of the key analysis that companies could consider based on business maturity to develop correlations and to make future business decisions are: log analysis (web, applications, transactions, database, IT Infrastructure, System Tracking, Errors, Intrusion detection logs), process analysis, user interaction analysis, real time alert & action analysis and historical event analysis. These solutions are not free and require appropriate in house resources such as Data scientists & Business analysts, infrastructure & software planning and investment.
  • Domain 7 -- Platform
    • With growth of Cloud, Linux has become a very popular OS to develop solutions on. One can find many IaaS and PaaS providers offering Linux offers on cost effective bases. That said, though Linux is popular, Windows is not too far away with support from Microsoft’s Azure and few other Cloud Providers. But other Unix flavors are becoming less and less popular day by day. Hence, ISVs have to consider if their software should be migrated to Linux or Windows if they are not developed on them.
    • Based on OS, one also needs to consider existing resource’s familiarity with popular application development platforms, frameworks and libraries. For example, ISVs may be able to find many resources that are familiar with Eclipse compared to other alternatives.
    • Similar to OS, database plays an important role in the stability, performance and cost of the software solution. Per CPU core pricing of Oracle may require additional look when open source database like MySQL has become very stable and popular for many use cases. Many ISVs have found it to be an acceptable alternative. By the way, such consideration may lead to redesign of the software and may not be appropriate for all conditions.
  • Domain 8 -- Application
    • ISVs have to develop a clear strategy that customers get hooked on by providing customers free or cost-effective training, or easy API based integration points for logging, reporting, identity integration, such that customers would not easily consider competition that is just a click away.
    • Decide if ISV should consider languages such as C#, C++, VB, Java or consider light weight scripting language such as Perl, Java Script, PHP, Ruby or Python or both is based on familiarity of existing development team, current code, modularity of the solution and available resources.
    • Large amount of source code is available via open source, and ISVs have to evaluate if it is appropriate for their development team to use it for faster time to market and also consider copy-right issues related to using such open source code.
    • ISVs have to revisit their software solution to understand that it has modular design to take advantage of heterogeneous components offered by the Cloud and also leads to appropriate planning for high availability.
  • Domain 9 -- Security and Compliance
    • As mentioned by Cloud Security Alliance for Application Security, there are four key metrics that apply for Cloud applications -- Compliance and Governance, Identity and Access,  Vulnerabilities and Patching, and Data Security. ISVs must ensure that needed metrics are available for Enterprise customers for their SaaS platform.
    • A good hacker can take advantage of the weakness in the development language for the software. Therefore, ISV needs to establish good coding practices such as input validation, authentication, authorization, configuration management, session management, cryptography, parameter manipulation,  exceptional management, appropriate protection of in-memory data, and audit & logging.
    • ISV should also document following key things for their Enterprise customers:
      • What Web application security standards (input validation, encoding output, preventing request forgery and information disclosure) are being followed by the ISV?
      • What application and infrastructure controls are in place to isolate the enterprise’s data from that of other tenants?
      • How many denial of service attacks were attempted and how were they  handled?
      • How do they manage identity?
      • How do they encrypt data (logs, between multiple application modules, between application and database and between application and third party API based use, etc)?
  • Domain 10 -- Organization, Governance and Process
    • Historically, software vendors are responsible for application development, feature and functionalities while customers are responsible for managing them in their own environment. With SaaS, operating and supporting is also part of ISV’s responsibilities. ISVs capability for continuous software development and with upfront considerations for operations and delivery of that software can allow capture of market opportunity faster and reduce time to get customer feedback. This DevOps software development methodology and considerations for operations is an important evolution compared to historically popular Waterfall or Agile methodologies. It is stated that DevOps methodology of software development reduces approximately 50% time as well as cost for long term operations support.
    • Impact of social network is tremendous and questions such as how are ISVs reaching out to potential target customers with social networking, how to support software online, how to maintain reputation online in the face of a crisis.
    • Many established ISVs have a sales force with tendency to hunt for the customers, transact the deal and leave. SaaS solution with pay-per-use licensing requires farming of the customers. In many ISV’s environment, this ongoing relationship building takes much more effort than sales is trained for, and would want to spend time per customer based on their quota size. Hence, ISVs have to plan appropriate sales strategy to keep sales force motivated.
    • For many ISVs, changing Sales compensations and training sales teams to sell pay-per-use license with minimal upfront revenue have been the most difficult part of this transformation. Established ISVs have to juggle to make sure that bottom line is not impacted too much and they can achieve good growth in subscription revenue for top line growth.
    • In this fast moving market with no permanent friends or foes, relationships for cooperation or competition, ISV has to continuously think who to partner with and how to structure partnership that is based on Customer value and aligned with ISV’s short & long term business strategy.
    • The need to move fast to improve software and remain a step ahead of the competition has lead  established ISVs to develop hybrid solutions while others SaaS based ISVs have become core business services in Cloud(i.e. Workday, Salesforce.com, google app engine etc.), and they are replacing traditional on-premises software vendors. Some ISVs have expanded their reach and capabilities using third party SaaS vendors echo systems, such as Salesforce.com.
  • Existing System Integration
    • Once ISV develops SaaS based solution, system integration with other ISV’s solutions, reporting needs requires modularized thinking and possibly different developer resources as not all integrations are based on simple solution such as REST API. Some still require custom API integrations that may be based on Java or C++. Moreover, such integration should also consider higher availability and scale needs for SaaS solutions.  Hence, ISV builds versus what ISV integrates into using third party API has become an important question of business decisions.
    • Success of ISVs does not only rely on the direct customers but also equality important are echo system partners. So ISVs also need to consider organic approach of today’s fast moving market environment and develop APIs for their key feature functionalities for partner’s to take advantage of. This is one of the very important considerations for DevOps methodology to address needs of development, operations and integration.  This ability to allow someone to integrate to your software using your API (possibly REST based) as part of echo system can offer immense opportunities for ISVs, as it automatically enables you to reach a wider customer base.

In short, it the pressure to continuously adding value when competition is one click away leads to a challenge of existence for ISV and a –poses the question: should ISV continue to be an ISV, or not? Small, agile and nimble ISVs can turn fast with the market trend but that can lead to not having sufficient time to develop efficient processes and procedures. Large and established ISVs have advantage of existing customers and well-oiled operations but changing faster with the time is always a challenge. This Ying and Yang of agility to meet market demand and efficiency to run the business is core to many ISV challenges.

After saying all of the above, not everything is bad for ISV business, as more and more ISVs are coming to market with their unique flavor of SaaS solution. There are many ways to make money in today’s market, such as faster customer reach due to internet, analytics, mobile and social networks as well as , enthusiastic responses from venture capitalists to invest in “good” SaaS based solutions. ISVs that understand the challenges explained and are weary of them will surely experience a positive change in their results.

Visit Cisco Services to learn more about how converging technology trends are shaping the way IT operates and delivers services. Be sure to join the conversation, #CiscoServices.

Additional Sources:

 

Tags: , , , , , , , , , , , , , , ,

Why ISVs Must Transform In SMAC Environment

In today’s era of SMAC – Social, Mobile, Analytics and Cloud based solution, Pay-Per-Use licensing and Dev Ops software development methodology, Independent Software Vendors (ISV) are facing major challenges on many fronts. ISVs strive to differentiate from their competitors and gain new customers, as well as retain existing customers and generate additional revenue from them. This shift is happening throughout the software developer market and has surfaced technological and business changes for ISVs.

Read More »

Tags: , , , , , , , , , , , , , , ,

Application Enablement and Innovation Leveraging Linux Containers

Linux containers and Docker are poised to radically change the way applications are built, shipped, deployed, and instantiated. They accelerate application delivery by making it easy to package the dependencies along with the application. That means that a single containerized application can operate in different development, test and production environments and platforms (physical and virtual). While the concept of containerization is not new, the benefit of using containers to pull together all the application components (including dependencies and services) into a package for application portability is. As continuous integration and delivery require a very agile Software Development Lifecycle (SDLC) process to move from development to production, containers provides the perfect abstraction to deploy and test across the various platforms. Application containers make it very easy for applications to be deployed on bare metal servers, virtual machines, and public clouds. The reason why containers are relevant Read More »

Tags: , , , , , , ,

OpenStack Gains Momentum with Users at Recent Summit

Cisco highlighted its support for OpenStack at the recent OpenStack Summit in Atlanta, which hosted 4500+ attendees and included many more users, in addition to the developers and operators that have dominated past conferences.  A common theme among keynote presentations was the speed and flexibility of IT required to support the clouds that will soon dominate commerce and communication worldwide.  The effort underway to improve stability was also a recurring discussion topic.

OpenStack Summit, May 12-15 in Atlanta

OpenStack Summit, May 12-15 in Atlanta

From its beginning as an open source project at NASA, the OpenStack movement has grown as an open alternative to propriety cloud services and applications.  The Summit serves as a forum for those interested in hashing out the direction and adoption of the model and standards, as well as a learning opportunity for those ready to build and deploy on them.

Keynote speakers from Wells Fargo and Disney helped transition the Summit from an academic exercise to a forum for learning how innovative companies are taking control of their cloud environments.

Glenn Ferguson, Head of Private Cloud Enablement for Wells Fargo, described the compliance, auditing and governance Wells requires in its private cloud, that aren’t available in public cloud offerings.  Wells has designated OpenStack their “cloud infrastructure model” to facilitate rapid deployment of infrastructure to meet application developers’ needs and requires all IT vendors to work within the OpenStack specifications. “This is something we have to do to remain agile and competitive in this environment,” Ferguson said.  “Our infrastructure needs to keep pace with the software.”

Chris Launey, Disney’s Director of Cloud Architectures and Services, was blunt in how he described the value of speed.  “If you’re a business that deals in any kind of information, you need speed (to thrive.)  “If you give (developers) their own ‘fast’, they’ll make their own ‘cheap’ by getting their product to market quickly and responding to customer demands.  And (they’ll) make their own ‘good’ by shrinking development cycles and introducing improvements more often, until they reach a virtual continuous cycle of improvements.”

The OpenStack Foundation divides the work into individual projects focused on the various cloud components: servers, object-based storage, networking infrastructure, security, etc.  Proponents are excited about the innovation that can be unleashed when developers are freed from having to worry about the complexities associated with underlying infrastructure and can focus on the innovation of cloud services and applications.

Cisco was highly visible at the Summit, drawing standing-room-only crowds to sessions in the Networking Track,  as network stability and scalability are top-of-mind for users deploying critical applications and services to an open source cloud.

Lew Tucker, Cisco Vice President and CTO for Cloud Computing and Vice-Chair of the OpenStack Foundation, painted a picture of what is possible in his presentation “Open Stack and the Transformation of the Data Center.”  He described how the data center is becoming a large, highly automated “fabric” consisting of interconnected physical systems and virtualized services.  In this environment, OpenStack acts as a platform for building a highly efficient cloud, providing management of diverse infrastructure “below” and orchestration of a vast set of application services “above”.

Lew Tucker, Cisco VP and CTO of Cloud Computing

Lew Tucker, Cisco VP and CTO of Cloud Computing

Cisco’s key contribution to OpenStack has been participation in the development of Neutron, the OpenStack Networking Service.  There is clearly a need to have the same level of visibility and management flexibility that Cisco has been offering its customers in an open source cloud model.  In addition to driving connectivity generally, Cisco has received approval on blueprints for plugins to integrate VPN- and Firewall-as-a-Service as part of OpenStack networking.  (Referred to as Network Function Virtualization (NFV) plugins.)  Cisco is also working on the integration of OpenStack Neutron with OpenDaylight, a separate project started to focus specifically on network programmability.  Cisco’s extensive work in the open source community will bring even greater value to its existing customers by extending the ecosystem of solutions integrated with Cisco products.

In the Expo Hall, Cisco highlighted the integration of its networking, compute and management products with OpenStack APIs, demonstrating:

If you missed the Summit, check out the Session Videos and Slides to deep-dive presentations by Cisco contributors, presented at the Atlanta Summit 2014:

Tags: , , , , , , , , ,