The Cisco ACI SDN platform plays an important role in positioning Cisco as the leader in the Gartner Magic Quadrant for Data Center and Cloud Networking from June 2020, for the sixth consecutive year. Cisco ACI, a software-defined, hypervisor-independent network solution that works consistently with all types of datacenter or cloud infrastructure, has recently reached version 5.0 and brings a set of enhancements that are presented in this material.

 

Organizations operating in hybrid environments, which integrate on-premises datacenter infrastructure with cloud environments, face three major challenges:

  • Limitations on the uniform application of security policies, which raise compliance issues;
  • Complex operational processes due to the use of several configuration, management and monitoring tools, which makes it difficult to identify and remedy problems;
  • Difficulties in ensuring end-to-end security of connections, applications and data in hybrid architectures.

To solve these problems, Datanet specialists recommend the Cisco ACI (Application Centric Infrastructure) solution. ACI is one of the market leaders in SDN solutions, with native compatibility with many non-Cisco technologies and products, allowing it to uniquely manage complex distributed topologies.

The Cisco solution is mature, delivers solid gains, and is constantly updated with new features. The latest version of ACI (5.0) brings important improvements in several key areas:

 

End-to-end segmentation in the datacenter infrastructure

 

Cisco ACI simplifies the segmentation process by introducing the Endoint Group (EPG) model – equipment groups created based on common security policies (More details on how EPG works can be found here. Equipment in one group can communicate with the other) only if administrators set up contracts that allow this. Also, to prevent the spread of infections through lateral movements, ACI applies additional segmentation called Intra-EPG Isolation and allows micro-segmentation by creating micro-EPGs based on attributes.

In version 5.0, Cisco ACI supports Segment Routing MPLS (SR-MPLS) and EVPN capabilities that allow telecom service providers to integrate cloud environments with 5G network infrastructure, benefiting from end-to-end segmentation. In addition, with the help of ACI Multisite Orchestrator (MSO), SR-MPLS routing policies can be automatically applied to all vendor sites.

 

Cisco ACI Extension for Public Cloud Services

 

The Cisco solution simplifies the integration between datacenter infrastructure and cloud environments, ensuring uniform application of security policies, as well as reducing management effort. Cloud ACI extends on-premises capabilities with the help of Cloud Application Policy Infrastructure Controller (cAPIC), ensuring automatic connectivity, policy translation, and extended visibility over Cloud workloads. With the help of the ACI Multi-Site architecture, Datanet specialists can help you cover more work scenarios, such as:

– scaling the datacenter infrastructure;

– the disconnection between the datacenter infrastructure and the Disaster Recovery site;

– extension of the ACI factory to the Cloud with the help of ACI MSO.

In version 5.0, Cisco has improved support for Amazon Web Services – which now supports Transit Gateway (TGW) automation – and Microsoft Azure, which will soon support VNET Peering, deployment of shared services, and L4-L7 service automation features. native and third-party (non-Cisco firewalls, load balancers, etc.).

 

Simplifies the use of the SDN solution in hybrid architectures

 

The new version of Cisco ACI also brings a number of important improvements to the operational area:

– centralized viewing of the cloud resource inventory in AWS and Microsoft Azure;

– expanding support for containerization technologies;

– integration with AppDynamics for detecting, locating and troubleshooting application connectivity issues;

– improving security by introducing Role Based Access Control (RBAC) functionality in multi-tenant architectures of the dual authentication system (by integrating with Cisco Duo);

– a new group model – Endpoint Security Group (ESG), which allows the grouping of equipment based on L3 attributes and the creation of specific contracts, etc.

 

Test Cisco ACI in Datanet Systems’ Lab

 

If you want to test a specific usage scenario – Multi-Pod, Multi-Site, L3Out, Transit routing, interconnection with a Public Cloud service provider – our specialists are at your disposal, in a dedicated laboratory where you can simulate specific configurations the IT environment you operate.

If you want more details on how you can take advantage of the solution, we invite you to read and how Raiffeisen Bank Romania uses Cisco ACI, and for technical and commercial details contact us.