Cisco announces plans to integrate Cloud ACI with AWS Control Tower and AWS Gateway Load Balancer

These are unprecedented times. Changes in workplace and workforce are driving businesses to do more with less resources and accelerate change. There is an urgency for enterprises to digitize every process, initiative, and value chain as they journey to the next normal. Remote productivity solutions are becoming the norm and secure access anytime and anywhere is putting tremendous pressure on our customers’ infrastructure. Responding to these demands requires firms to leverage all their assets on-premises or in the cloud intelligently, to deliver a secure, highly available and scalable experience to their customers.

Cisco and Amazon Web Services (AWS) are dedicated to delivering innovative and best-in-class solutions for our Hybrid cloud customers whose infrastructure assets range from on-premises to the public cloud. Since the advent of the Cloud ACI on AWS integration, customers have been able to extend their intent-based networking infrastructure all the way to public clouds such as AWS. A common policy model to drive networking automation in on-premises and AWS infrastructures allowed our customers to have a consistent security posture and uniform operational processes across their hybrid cloud infrastructure. Over the course of that journey, in addition to automating secure interconnect between the data center and AWS cloud sites, Cloud ACI has continued to integrate with AWS innovations to provide best in class networking automation “within” the cloud, including, AWS Transit Gateway automation and integration with AWS Direct Connect. With Cloud ACI on AWS customers are truly able to experience the best of both worlds, tagging AWS organizations to Cloud ACI tenants, consuming cloud native services such as AWS Application Load Balancer while using ACI service-graph based networking automation.

Today we are announcing the next wave of Cloud ACI and AWS networking integrations including:

  1. General availability of Cisco ACI Network Management blueprint for AWS Control Tower
  2. Cisco ACI with AWS Gateway Load Balancer

Read AWS blog

“We’re pleased to announce that Cisco is participating in two new integrations with AWS Gateway Load Balancer and AWS Control Tower that benefit our joint customers. Network orchestration solutions such as Cisco ACI will be able to augment the deployment of AWS Gateway Load Balancer, simplifying deployment of networking appliances. Additionally, the Cisco ACI solution for AWS Control Tower helps customers configure, manage, and scale network resources automatically, thereby enabling a consistent blueprint across large enterprise deployments with multiple AWS accounts,” said Dave McCann, Vice President of Migration, Marketplace & Control Services, Amazon Web Services, Inc. “Having the Cisco ACI solution also available in AWS Marketplace makes it easily discoverable and available for procurement and provisioning by millions of builders working on AWS globally.”

Cloud ACI to integrate with AWS Gateway Load Balancer

Enterprises continue to adopt AWS Cloud infrastructure for mission critical workloads to take advantage of the agility and availability of the public cloud infrastructure. Traditionally using intent based networking semantics in the on-premises infrastructure to secure their workloads, enterprises want to use the same trusted model in the public cloud infrastructure as well, relying on approved offerings across their hybrid cloud infrastructure.

AWS has introduced Gateway Load Balancer to enhance the availability and horizontal scalability of third-party appliances in the cloud. Cisco Cloud ACI will integrate with Gateway Load Balancer, enabling customers to deploy their third-party appliances in an intent based manner.

Customers today have to manage overlap in security, networking and DevOps administrative domains when deploying and consuming these L4-L7 services Cloud ACI automates the integration of fleets of appliances with Gateway Load Balancer, enabling the networking teams to provide transparent connectivity to the L4-L7 services. SecOps and DevOps teams can consume these services in an X-aaS model (for example: Firewall as a Service) without any changes to their stacks, while maintaining a separation of concerns for their administrative domains.

The major benefits of the integration include:

  • Intent based networking automation of third-party appliances.
  • Horizontal scaleout of appliance fleet without any connectivity changes to consumer stacks.
  • High availability of appliance fleet without any changes to application level consumers.
  • X-aaS model enablement for Firewall and ADC vendors.

Deploy and manage networking at scale – Cloud ACI with AWS Control Tower

Customers demand best-in-breed integration options into and within their public cloud environments. However, for customers who are early in the cloud adoption journey, the lack of in-house cloud expertise significantly slows the overall execution of their cloud strategy. In addition to acquiring new expertise, there is the lack of familiarity in operating native cloud environments.

Our larger customers have to balance across, maintaining best practices in all their cloud accounts and simultaneously maintaining velocity on new deployments. Cisco Cloud ACI extends the intent based semantics of the on-premises infrastructure into AWS Cloud environments, enabling customers to maintain a single policy posture while automating for agility.

Today, we are taking the next step in collaborating with AWS to solve additional customer pain-points in their cloud migration journey. The Cisco Cloud ACI integration with AWS Control Tower automates the setting up of the overall cloud environment for our customers. With AWS Control Tower, customers ensure that accounts in their organization are compliant with established policies and best practices while dev-ops teams can onboard new AWS accounts quickly.

Cisco ACI on AWS is truly a solution that embodies the best of both worlds- intent based networking automation and a world class public cloud infrastructure on AWS. Cisco continues to invest in this collaboration with AWS by integrating with the AWS Control Tower and AWS Gateway Load Balancer. The new Cisco Cloud ACI on AWS integrations will provide best-practice intent based networking as part of a standard deployment blueprint while simplifying the deployment of networking appliances. We expect this solution to benefit the customer by providing operational simplicity and networking automation at scale,“ said Thomas Scheibe, VP, Product and Marketing, IBNG, Cisco.

Control Tower automates the best practices of setting up accounts, users, roles and IAM policies, and the integration with Cloud ACI ensures that the best practices in the networking domain are also automated with the overall Control Tower workflow. Customers now have the “easy button” to setup their multi-account cloud environments.

Customer benefits include:

  • Policy based deployment all through the stack from accounts to users, to roles and all the way through to networking setup.
  • Leveraging the intent based Cloud ACI semantics to ensure that hybrid, multi-account, multi-site environments are compliant with a predefined set of networking and segmentation best practices.
  • Faster, secure cloud environment setup and deployment.
  • Ability to deploy, manage, and scale networking seamlessly.
  • Consistent operational model and governance from a single source of truth.

Operating these complex hybrid cloud environments at scale and consuming networking services in the AWS environments has never been easier. Cisco Cloud ACI on AWS brings together best in class solutions across the cloud stack to make our customers’ operational models simple and easy to govern.

Learn more about the integrations at:


Srini Kotamraju

Vice President, Data Center Networking

Cisco Networking