Introduction: In this blog, I am covering a customer success story featuring the Cisco ACI and Fortinet joint solution. Axians AB is a leading Swedish IT sourcing company, with multiple offices in the Nordics and employees across the globe. Axians offers hybrid IT services from datacenters and the public cloud to a diverse set of customers spanning private, government and service providers.
Axians’ Requirements: With a rapidly growing customer base, Axians had a pressing need for a scalable and flexible infrastructure, one that would provide high utilization rates, simplified management and reduced costs. In particular for networking, Axians required an SDN architecture with programmability, accelerated application security delivery and time-to-market advantages. Further, Axians’ Service Provider business needed support for multi-tenancy and hybrid-cloud integration.
Axians uses a single ACI fabric that stretches across 40 kilometers, spanning two datacenters in Skondal and Haga. Customers are virtually separated and placed as Tenants in the solution. UCS B-series is the server platform running vSphere 6.0 with Cisco AVS integration to VMware, with support for local switching mode. Integration with the Axians internal platform, as well as integration with documentation systems and the legacy network are other characteristics of the environment.
Current ACI Deployment: The Axians deployment environment is a scalable, flexible one with two spines and three leafs in each datacenter (Skondal and Haga), forming a single ACI fabric, with the APIC management cluster at the Haga location. Fortinet’s FortiGate enterprise firewall is deployed in the Axians production environment for L3 (Routed) traffic flows among EPGs.
Each customer in this design is set up as an independent tenant with distinct security functions using Fortinet’s Virtual Domain (VDOM). Depending on the maturity of a customer, the setup can be implemented using an application-centric or a traditional EPG to vLAN mapping. FortiGate adds stateful inspection with advanced functions and better visibility beyond stateless ACLs.
To provide effective security, the security and data elements across the deployment must be well-integrated and able to share intelligence. FortiGate is part of the Fortinet Security Fabric which provides broad, powerful and automated security capabilities that span the entire attack surface. Looking ahead, the possible integration of Cisco ACI with FortiGate and the Fortinet Security Fabric can deliver the following benefits to Axians:
- Consistency and transparency across physical and virtual application workloads
- Single-pane-of-glass management enablement with full visibility on security policy enforcement
- Predefined security policies deployed rapidly through the complete application deployment lifecycle
- Scale on-demand with automation
- Broad, powerful and automated security via the Fortinet Security Fabric and ACI.
”The integration of Cisco ACI and Fortinet can deliver accelerated software-defined security, enabling transparent security services insertion anywhere in the network through single-pane-of-glass management. The Fortinet Security Fabric’s integrated, collaborative and adaptive architecture can deliver security without compromise to address our security needs. The joint solution provides enhanced visibility and security, lower TCO and increased efficiency in service provisioning and network security segmentation,” said Erik Sohlman, Sr Manager Infrastructure, at Axians.
Buoyed by 2 years of production success with ACI, Axians is moving forward with advanced integration plans in their ACI environment. East-West traffic has become predominant, and security has become very critical. Perimeter security alone does not suffice anymore. Axians is looking to further enhance their networking and security services to further automate and secure their datacenter infrastructure. With an ever-increasing customer base and demands for application agility, Axians is embarking on orchestration as a key initiative. And they are looking to Cisco ACI and Fortinet as a key foundation to meet these enterprise-wide objectives.