Driving Consistent Policy Everywhere with ACI Anywhere

October 24, 2018 - 6 Comments

Last year, Cisco announced its vision to extend ACI into the public cloud domain and introduce key attributes – unified security policy, single-pane-of-glass management, and visibility – for Amazon Web Services (AWS), Google Cloud Platform, and Microsoft Azure. These attributes would give customers the flexibility to run applications across public clouds of their choice while maintaining consistent network policies across their entire multicloud domain.

Today, Cisco announces the latest release of ACI, giving customers new deployment options and enabling them to extend ACI fabric into new multicloud locations with consistent policy and automation while maintaining cost efficiencies.

The latest release of ACI features several innovations, including:

  • ACI Virtual Pod (vPod)
  • ACI Mini Fabric
  • CloudSec VPNs
  • ACI integration with OpenShift Containers nested in OpenStack
  • Network Insights App
  • ACI and AppDynamics integration (beta)

ACI Virtual Pod (vPod)

With VPod, customers can now extend their on-premises ACI networks into remote locations, bare-metal clouds, co-location providers and brownfield environments. This software-only version of ACI allows customers to realize the power this leading SDN solution offers. Agility increases dramatically due to  reduced network provisioning. consistent policy, security and simplified management.

vPod is currently in limited availability and will be generally available by end of the calendar year.

ACI Mini Fabric

ACI Mini Fabric allows customers to start small then grow according to the needs of the business. This solution is targeted for customers with remote or satellite locations or for those who have limited physical space, power and cooling challenges. ACI Mini Fabric provides an optimized, 5 RU, small-scale deployment package. ACI Mini Fabric deployments can be expanded if desired to a full ACI network with no restrictions.

CloudSec VPNs

CloudSec increases security by creating encrypted VXLAN tunnels between sites using ACI’s Multisite orchestrator. Leveraging the native hardware-based line-rate encryption in our Nexus switches, CloudSec allows customers to secure data in transit and between sites.

ACI Integration with OpenShift Containers nested in OpenStack

ACI now offers customers the flexibility to manage workloads in OpenStack and Kubernetes environments, including the ability to deploy, automate and scale applications. Cisco ACI and RedHat worked together to offer customers a consistent policy for any application across any combination of container, virtual machine and physical network. This simplifies management across the entire network and allows for group-based policies to be enabled and enforced.

Network Insights App

Available in the ACI App Center, the New Network Insights App provides advanced flow telemetry along with fabric resource and event analytics. This app, based on operational use cases, will help customers proactively detect anomalies in the ACI fabric and report back to the network administrator. Additionally, the app monitors resource utilization and events within the ACI fabric and sends critical error alerts to the network administrator and suggest remedies for faults.

ACI and AppDynamics Integration (Beta)

An industry first, Cisco brings together an integrated solution for the data center network and application performance. This ACI – AppDynamics solution improves collaboration between the application and network teams, allowing correlation between application visibility and the network itself. Customers can quickly reduce time to root cause analysis and identify any issue in the network or application to quickly resolve issues proactively.

With this latest release, Cisco ACI increases flexibility for our customers to expand their networks and run their applications in any location and any cloud while delivering a highly available, automated and secure network.

Cisco engineers continue to work closely with our customers on the journey for ACI Anywhere: Any Workload. Any Hypervisor. Any Cloud.

ACI App Center button

ACI Solution Page buttonACI Customer Stories button





In an effort to keep conversations fresh, Cisco Blogs closes comments after 60 days. Please visit the Cisco Blogs hub page for the latest content.


  1. This is a boatload of innovations. Is it similar to VMware NSX?

    • Thank you. ACI can offload policy to hardware, support integrated underlay-overlay with nexus 9K and can also work in overlay fashion over Nexus 2K/5k/7k/9K. Also, for brownfield use case, we can extend ACI policy by adding physical remote leaf ( when you have the flexibility to put Nexus 9K) or put vPOD and extend the policy where you don't have flexibility to put world class, performant, cost effective Nexus 9K.

  2. Well done team

  3. Hello Ronak,
    I am glad to see you are executing on the roadmap items and enhancing operational excellence of ACI.
    I however do have one question regarding the Network Insights app
    is this a direct competitor of Cisco Network Assurance Engine, a complementing offer or an eventual replacement?
    For customers who have deployed CNAE – what would be the added value?
    for the rest of the items – congrats, and look forward to see more of the use cases
    thanks William

    • William

      Nice to hear from you. Hope all is well.

      Cisco NAE and Network Insights are complementary products and are operational tools for day to day operations.

      Cisco Network Assurance continuously verifies, that the network infrastructure is operating as per policy intent and it leverages the power of mathematical models to reason on behalf of the operator at policy, configuration and dynamic state level. It is able to transform operations from reactive to proactive and does so without using any packet data. It can predict impact of changes, verify network wide behavior, assure network security and compliance and assist with optimizing resources. NAE Smart Events offer root cause and remediation steps.

      Network Insights Resources is aligned towards detection and recovery from operational issues. NIR leverages packet data, flow telemetry, faults, events to perform control & dataplane troubleshooting, monitoring, and capacity planning. Examples – Exact point and reason of packet drop in ACI fabric with detailed flow telemetry statistics for the particular flow. Anomaly detection and suggested remediation for symptoms such as slowness of web application. Corelation and suggested remediation of faults or operational events such as NTP server becomes unreachable.

      Please note – examples above are for ease of understanding. Both deliver exhaustive value than what is described above. You are encouraged to try both :).