Cisco Blogs


Cisco Blog > Data Center and Cloud

The Benefits of an Application Policy Language in Cisco ACI: Part 3 – Group Policies

October 17, 2014 at 5:00 am PST

[Note: This is the third a four-part series on the OpFlex protocol in Cisco ACI, how it enables an application-centric policy model, and why other SDN protocols do not. Part 1 | Part 2 | Part 4]

The Cisco ACI fabric is designed as an application-centric intelligent network. The Cisco APIC policy model is defined from the top down as a policy enforcement engine focused on the application itself and abstracting the networking functions underneath. The policy model unites with the advanced hardware capabilities of the Cisco ACI fabric underlying the business-application-focused control system.

The Cisco APIC policy object-oriented model is built on the distributed policy enforcement concepts for intelligent devices enabled by OpFlex and characterized by modern development and operations (DevOps) applications such as Puppet and Chef.

At the top level, the Cisco APIC policy model is built on a series of one or more tenants, which allows the network infrastructure administration and data flows to be segregated. Tenants can be customers, business units, or groups, depending on organization needs. Below tenants, the model provides a series of objects that define the application itself. These objects are endpoints and endpoint groups (EPGs) and the policies that define their relationships (see figure below). The relationship between two endpoints, which might be two virtual machines connected in a three-tier web application, can be implemented by routing traffic between the endpoints to firewalls and ADCs that enforce the appropriate security and quality of service (QoS) policies for the application and those endpoints.

Endpoint Group Policy

Endpoints and Application Workloads Along with Tenants and Application Network Profiles Are the Foundation of the Cisco ACI Policy ModelEndpoints and Application Workloads Along with Tenants and Application Network Profiles Are the Foundation of the Cisco ACI Policy Model

For a more thorough description of the Cisco ACI application policy model, please refer to this whitepaper, or this one more specifically on Endpoint Groups.

For this discussion, the important feature to notice is the way that Cisco ACI policies are applied to application endpoints (physical and virtual workloads) and to EPGs. Configuration of individual network devices is ancillary to the requirements of the application and workloads. Individual devices do not require programmatic control as in prior SDN models, but are orchestrated according to the centrally defined and managed policies and according to application policies.

This model is catching hold in the industry and in the open source community. The OpenStack organization has begun work on including group-based policies to extend the OpenStack Neutron API for network orchestration with a declarative policy-based model based closely on EPG policies from Cisco ACI. (Note: “Declarative” refers to the orchestration model in which control is distributed to intelligent devices based on centralized policies, in contrast to retaining per-flow management control within the controller itself.)

Read More »

Tags: , , , , , , , ,

The Napkin Dialogues: Nexus Programmability, Part II

July 9, 2014 at 8:48 am PST

When last we left our hero, he (that is, me, or I) was getting a crash course in Nexus programmability and trying to understand what all of this stuff meant. I had plied Jim* with beer in order to get him to explain to me – using the available napkins in the bar – what the technology was, what it meant, and why I should care. Read More »

Tags: , , , , , ,

#EngineersUnplugged S5|Ep7: How Data Becomes Information

April 16, 2014 at 10:31 am PST

In this week’s episode, Nils Swart (@NLNils) and Stace Hipperson (@stacehipperson) discuss how data becomes information via Open Daylight. Have they whiteboarded network engineer nirvana? Watch and see. More data!

This is in fact unicorns in a distance. Foiled again:

Stace Hipperson and Nils Swart own their unicorns.

Stace Hipperson and Nils Swart own their unicorns.

This is Engineers Unplugged, where technologists talk to each other the way they know best, with a whiteboard. The rules are simple:

  1. Episodes will publish weekly (or as close to it as we can manage)
  2. Subscribe to the podcast here: engineersunplugged.com
  3. Follow the #engineersunplugged conversation on Twitter
  4. Submit ideas for episodes or volunteer to appear by Tweeting to @CommsNinja
  5. Practice drawing unicorns

Join the behind the scenes by liking Engineers Unplugged on Facebook.

Tags: , , , , , , , ,

Move Past Survival and Thrive

Every area of your business has a stake in the way IT delivers services. Each one needs speed, agility, efficiency, and a clear definition of its relationship with all of the other areas and the business as a whole. In order to get there and create an agile and efficient organization that flows, you need to unify IT with all areas of the business. There is no way around it.

If your company is one of the four out of ten companies moving to a private cloud by the end of 2014, then you know you need a solution that does more than dispense virtual machines in minutes. You need a solution to deliver diverse services across an entire solution stack. You need a cloud partner that can align with the demands of your business today, tomorrow, and well into the future. Always keep in mind that your cloud technology choices are major decisions with business-critical impact.

Selecting a cloud management solution is a strategic decision for your organization. In a previous blog, I wrote about Cisco Intelligent Automation for Cloud (IAC) receiving the highest score in the Forrester Private Cloud Wave Report for cloud vision and strategy. What we presented to Forrester, and even more, is now available for your organization through the latest release of Cisco IAC.

How does vision and strategy translate into IT better aligning with your business? Sit back and watch this informative, short video to find out.

Every day customers tell me what keeps them up at night is not how to reduce costs but how to survive. Just as in nature, survival for business depends on intelligence and fast and agile execution of processes. To make these capabilities part of your organization’s genetic composition, so that they are intrinsic, almost intuitive, you need a cloud management solution that sees, understands, and manages your whole environment: physical and virtual, networks, applications, and more – whatever comprises your stacks.

Plus, you need cloud efficiencies to extend beyond your data center securely and encompass business functions such as delivery of development environments within minutes, the ordering of a new laptop or virtual desktop, onboarding of a new employee, or even the ordering of office supplies. And you want to be able to do all of these things from a unified user interface.

That’s exactly what the latest release of Cisco IAC brings to the table:

• The integration of Cisco IAC and Cisco UCS Director delivers a comprehensive private cloud, which frees you to focus on creating differentiated services instead of building your cloud.
• A unified self-service portal and catalog covers your enterprise, providing a modern online shopping experience across all data center and workplace functions.
• Advanced cloud governance offers the ability to manage demand, suppliers, and service consumption tracked to specific budgetary or resource thresholds.

But wait, there’s more. There’s the network. Any NOC expert will tell you that delivering network services in the cloud is a manual, trouble-ticket-based grind. At a time when your business needs speed and agility, manual network service delivery slows down IT and your business.

Unchain your business with Cisco IAC’s out-of-box templates that automate the delivery of VPNs, firewalls, and load balancers. We’re not talking about a single configuration applied to every organization, but the ability for each tenant to define its own unique network service configuration.

Cisco understands that cloud management is more than dispensing virtual machines. The latest release of Cisco IAC allows IT to align with your business, so that you’re free to not just survive, but to thrive.

Take the next step and watch this technical video overview of Cisco IAC.

Tags: , , , , , , , , , , , , , , ,

Automated Provisioning of Application Stacks

Whether working with bare-metal servers or virtual machines; provisioning applications and infrastructure traditionally are independent tasks that are completed by different data center teams. Infrastructure is usually provisioned manually. Applications are customarily provisioned via golden templates. As customers look to move automation beyond infrastructure to include applications, the maintenance complexity and manual “last mile” configuration associated with application golden templates is no longer a sustainable solution.

The situation has made Puppet and Chef popular. Both assist with automating the infrastructure life cycle as well as rapid application deployment. But some system admins prefer to use Puppet. Some prefer Chef. Cloud admins want to use Amazon, vCloud Director or OpenStack. What to do?

Cisco lets you use either or both and makes it easier to automate application delivery thanks to the Cisco Application Stack Accelerator for Intelligent Automation for Cloud (IAC). With this cloud accelerator, those “last mile” deficiencies are practically eliminated.

Bringing together the knowledge of infrastructure and application specialists, this solution automates the design and configuration of application stack components. The result is an application blueprint that consistently delivers applications within minutes, across multiple cloud platforms, to the exact design and specification of the application architect.

Watch these two videos to better understand application blueprints as well as how they can be consumed by Cisco IAC.

Video #1 clarifies what an application blueprint does and how to design and configure them

Video #2 walks you through how to deliver fully configured multi-tier cloud applications with Cisco IAC

Why is this important? Customers tell us that they struggle with multiple requests for virtually the same application. One particular customer, discovered that they had 250 requests for the same application in a two month period. Each one of these requests took IT four to six weeks to deliver before the project could begin. This not only shows down IT but your business as well.

Using Cisco IAC and the Application Stack Accelerator, you can automate the design, configuration and consumption of applications via the Cisco IAC portal. The result? Customers get their application within 30-40 minutes instead of four to six weeks resulting in projects starting sooner. IT spends less time spinning up multiple versions of virtually the same application allowing them to focus on new innovative services. Bottom line: your business experiences agility, speed, and efficiency.

Industry analysts forecast that four out of every 10 companies will be utilizing a private cloud by the end of 2014. With cloud automation becoming this prevalent, you owe it to yourself to learn how Cisco IAC and the Application Stack Accelerator can speed up the design, configuration and consumption of applications within your organization.

Together, this solution can help you deploy applications efficiently; reduce complexity and ensure that applications are deployed to the architect’s exact design and specification.

Tags: , , , , , , , , , , , ,