As part of its recently launched Application Centric Infrastructure (ACI) initiative, Cisco introduced an Application Policy Infrastructure Controller (APIC) Enterprise Module for extending
high-performing applications from the data center to wide-area networks (WAN) and local access networks (LAN). The goal is to provide enterprises with complete visibility into their networks, automating network and policy configuration while managing applications across the WAN and access networks.
The Cisco APIC serves as the single point of automation and fabric element management in
both physical and virtual environments.
The Cisco APIC Enterprise Module is constructed of three elements: a consolidated network information database, policy infrastructure and automation.
To address security concerns, Cisco APIC automates network-wide rapid threat detection and mitigation by integrating and automating Cisco Sourcefire security solutions. For compliance management across branches and headquarters, Cisco APIC also provides network-wide Quality of Service (QoS), and accelerates Intelligent WAN (IWAN) deployments. It can also be used with third-party solutions to provide an end-to-end WAN orchestration and management.
Cisco said its APIC frees up time for IT that would otherwise be spent configuring networking equipment and updating policy changes device by device. It automates many IT functions enabling configuration and policy changes to be pushed out to the individual components of the network instead of requiring IT to update each one manually. It also enables policies to automatically adapt to network changes which would be very difficult to set otherwise.
Cisco APIC supports both new and existing network infrastructures via a selection of network Application Programming Interfaces (APIs), including OpenFlow, Cisco onePK and Command Line Interface (CLI). The Cisco APIC Enterprise Module also supports both new SDN-ready devices as well as older Cisco network equipment, enabling the same IT automation as with Cisco ACI for a large existing installed base that eliminates the need to rip and replace existing networking equipment to take advantage of this new functionality.
The Cisco APIC Enterprise Module leverages the Glue Networks' "Gluware Intelligent Orchestration Engine"
The Cisco APIC Enterprise Module will be available at the end of the first half of 2014 and at no additional cost for existing and new Cisco SMARTnet customers.
In a press event in New York, John Chambers described ACI as the next big transformation of the IT industry driven by imperatives of the application economy.
ACI is a step beyond virtualization and software-defined networks (SDN), said Chambers, because it brings agility and automation with full visibility and integrated management of both physical and virtual networked IT resources at the system, tenant, and application levels. The architecture promises a pay-as-you-grow mode scaling to over 100,000 switch ports and capable of supporting more than one million IP end points in a data center spine with 60 Tbps capacity. A key premise is that the network should adapt to application requirements through dynamic insertion and chaining of physical and virtual L4-7 network services including firewalls, application delivery controllers, and intrusion detection systems. The new architecture is designed for multi-tenant cloud environments by providing real-time view of per tenant and per application health, statistics, and troubleshooting. Real-time analytics will be used to drive intelligent application placement decisions.
The foundation for ACI is an Application Policy Infrastructure Controller (APIC), enhanced versions of the NX-OS data center switching operating system, and a new line of Nexus 9000 data center switches based on technology from Insieme Networks, the Cisco spin-in start-up that is being acquired and re-integrated into the company.
The Cisco APIC is a centralized clustered controller that is responsible for tasks ranging from fabric activation, maintenance of switch firmware, network policy configuration and instantiation. Cisco APIC is
completely removed from the data path. The APIC exposes a northbound API through XML and JSON and provides both a command-line interface (CLI) and GUI that use this API to manage the
fabric. It will be delivered as an appliance.
The new Nexus 9000 platforms will be able to run both optimized NX-OS and an ACI-mode of NX-OS via the addition of APIC. Cisco said this dual capability provides investment protection and a migration path to ACI though a software upgrade.
The new switches will use custom ASICs for scalable and merchant silicon for addressing time to market issues. Cisco said its platforms will support 1/10/40G ports with support for future 100G transitions in existing and next generation data centers. Another innovation in the Nexus 9000 portfolio is a backplane-free modular switch design that promises more efficient power and cooling. Both the Cisco Nexus 9500 and 9300 platforms support VXLAN and NVGRE bridging and routing functions in hardware.