Federated ACI Fabrics for Dual Data Center Deployments – A Disaster Recovery ACI use-case
Wins, Accomplishments, Fast Action, welcome to the world of Cisco ACI. In this blog, I want to take you closer to the core of ACI excitement. Cisco Insieme Business Unit and Cisco’s premier Partner, World Wide Technology Inc (WWT) have come together in developing an ACI based Business Continuity/Disaster Recovery (BC/DR) solution for the next generation Data Centers. This blog specifically addresses the Disaster Recovery ACI use case implemented in WWT’s Advanced Technology Center (ATC). I will present highlights of how ACI has been implemented at ATC as two fabrics, across two Data Centers with federated controllers implementing an autonomous infrastructure and with replicated tenant configurations that will provide for disaster recovery.
This BC/DR use case couples the storage replication solution by Zert0 on NetApp storage and with a completely integrated and consistent ACI network solution on the primary and secondary sites to enable rapid application bring up on the remote site. Network and security policies are replicated, compute resources are virtualized and synchronized, and storage is continuously replicated. This integrated architectural approach addresses one of the major challenges enterprise customers have in deploying BC/DR solutions – aligning the configuration and deployment of network infrastructure in a simple process with the storage and application teams to achieve the Recover Point and Recover Time Objectives.
Network architecture: The ACI based network architecture is comprised of two independent fabrics with L3 connectivity between them. Each data center has a unique IP addressing namespace scheme and connects to the WAN. In the operational model per diagram-1, the “East” Data Center is termed primary and the “West” Data Center termed the backup (disaster recovery). Each Application Policy Infrastructure Controller (Cisco APIC) controller cluster is identified as the primary or secondary instance, and changes, additions or deletions to the application tenants, are replicated from the primary to the backup controller. Application tenant configurations are managed through a special Python module developed by WWT that programmatically synchronizes the two fabrics.
External WAN connectivity for each Data Center is provided through the common tenant in respective ACI fabrics. By using the common tenant for external connectivity, the network and security administrator can assign the appropriate network configuration policy, security contracts and as well as firewall and load balancing services for the fabrics in each data center. The application (DevOps) teams will reference the common configuration and configure application connectivity for intra- and inter-tanant communications through the Application Network profile (ANP). F5 Gobal Traffic Manager (GTM) allows holistic management of multi-data center application delivery via intelligent DNS.
This ACI based Disaster recovery solution has several other facets like storage replication, orchestration software (developed in-house by WWT) among other solution components. Please watch the YouTube Video for a demo illustration and the whitepaper for design details.
In closing, some key takeaways. Cisco ACI’s innovative architecture enables enterprise apps to treat the Data center as a dynamic, shared resource pool. This pool of resources is managed through a central controller (Cisco APIC) exposing all configuration and management components through a northbound REST API. WWT exploits this programmatic interface of ACI to develop business continuity/disaster recovery solutions for customers.