Cisco Application Centric Infrastructure (Cisco ACI) the Infrastructure focused on the application

The ACI factory consists of the Nexus 9000 switches and managing Application Policy Infrastructure Controller (APIC) controllers. There is a connectivity of Cisco Nexus 2000 as extenders of port capacity of FEX. At the heart of the solution – flexible architecture of Spine-Leaf (Clos Network) which allows to increase network performance horizontally depending on requirements of the customer.

The solution has a number of basic innovations and differences from analogs. Let's note the most important of them. The architecture of ACI gives the chance to define requirements of annexes to DPC network in terms simple abstract and reused the politician which are not tied to a configuration of network devices in any way. It allows to simplify and automate management process and also to lower time expenditure as at initial setup, and in use.

ACI has the potential for scaling. The factory supports thousands of the logical organizations, tens of thousands of connections and to one million IPv4 and IPv6 of hosts. It is especially important, for example, for owners of cloud services with big client network. The solution also automatically optimizes traffic distribution in network that considerably accelerates operation of applications and allows to involve all communication channels, thereby increasing efficiency of use of DPC network.

The network factory ACI is selected from a number of similar products by an opportunity to define requirements of annexes to DPC network in terms simple abstract and reused the politician which are not tied to a configuration of specific network devices. In the solution the model allowing to transfer data only if the administrator sets the corresponding rules and politicians is by default used. ACI also allows simultaneous use of several different hypervisors, allows to implement flexibly different services and to organize service chains of traffic handling which include both physical, and virtual devices.

Development History

2018: Cisco ACI 4.0

On October 23, 2018 the Cisco Systems company provided updating of the solution Cisco ACI of version 4.0. Main feature of the solution: the approach to a configuration based on intentions of users and requirements of applications and also automation of all routine transactions. All this allows the companies to reduce operating costs of network.

Among the systems capabilities which became available to the Russian customers in version 4.0: functionality of virtual DPC (vPOD) and emergence partially virtualized ACImini controllers. The virtual DPC allows customers to connect to network factory a part existing DPC, constructed on the equipment other than a line switches Nexus 9K. As a result customers have an opportunity to expand structure of the systems working under control of ACI without the need for updating of the equipment.

Partially virtualized ACImini factory allows to lower for customers a threshold of entry by replacement of a part of physical servers of the controller of ACI by virtual machines. Eventually, this innovation approach allows customers to develop the IT infrastructure and to apply essentially new business models.

2017: Cisco ACI 3.0

The Cisco company provided on November 13, 2017 updating of the solution Application Centric Infrastructure (Cisco ACI). Using version 3.0 software customers will be able to increase maneuverability of business thanks to automation of network, simplification of management and optimization of security at any combination of the tasks which are carried out in containers, on virtual machines and not virtualized servers in private clouds and local DPCs.

As explained in Cisco, functionality of ACI, pozvolyayushchiy to manage several websites, automates using the DPCs centralized the politician the main IT operations on a set and facilitates to operators the centralized movement and control of loadings that became an important step on the way of implementation of Cisco of strategy ACI Anywhere.

Number of the ACI 3.0 functions:

• Management of the DPCs distributed (multi-site).
  • Using a uniform management portal users can connect seamlessly the different geographically distributed ACI factories and manage them, providing increase in availability thanks to isolation of domains of failure, and global vision network the politician through a uniform management portal. At the same time problems of disaster tolerance and horizontal scaling of applications become simpler.

• Integration with Kubernetes.
  • Customers had an opportunity to develop the tasks as microservices in containers, to define for them network politicians of ACI by Kubernetes and to create the unified network structures for containers, virtual machines and hardware servers. Thus, now in ACI the large-scale integration level of containers, as well as for different hypervisors is reached so.

• Increase in operational flexibility and improvement of visualization.
  • The ACI interface of the next generation became more convenient. Ordered arrangement schemes and the simplified representations of topology and also the master of fault finding are offered users. Besides, ACI supports technology of safe adding and removal, different operating systems and management of quotas and also measurement of a delay between termination points of factory for the purpose of fault finding now.

• Security.
  • For reflection of such attacks as substitution of the IP-/MAC-addresses, in ACI 3.0 functions of ensuring network security using First Hop Security technology, automatic authentication of network connections of servers and their premises are provided in the entrusted groups of security and also with support of detailed implementation the politician for termination points within one group of security.

2016: Cisco ACI supported integration of PT Application Firewall

On July 13, 2016 the companies Positive Technologies also Cisco announced creation of support firewall of the application layer PT Application Firewall in a management system for software-defined network for data processing centers (DPC) to Cisco Application Centric Infrastructure (ACI).

Integration of two products allows to automate deployment of protected applications in infrastructure of DPC. The compatibility with Cisco ACI simplifies installation and the PT Application Firewall setup, reduces labor costs on service of data centers and provides protection of new applications against the hacker attacks "from a box".

Security of the applications as soon as set, and constantly finished is the most serious problem for data processing centers. Between configuring, an application tuning and system implementation of protection passes, as a rule, a progressive tense. And to protect the services developed on methodology of Agile gaining popularity in recent years in general very difficult adequately as the functionality of a system can change every day. Malefactors know about this feature of service of infrastructures of DPC and watch closely new services and applications. Dmitry Horoshikh, the top manager of Cisco on business development in the field of DPC

The solution Cisco ACI is intended for automation of IT tasks and the accelerated deployment of applications. It is reached using the technology of software-defined networks (SDN) providing the automated delivery of applications on demand, consolidation of management and scalability.

For optimization of creation of protected applications, the companies Positive Technologies also Cisco concluded technology partnership and organized support PT Application Firewall in DPC Cisco ACI management system. If network infrastructure DPC of the company is organized using Cisco ACI, then installation of protected applications and setup of network, including configuring PT Application Firewall, is executed automatically.

Interaction of two diverse platforms is executed by means of the REST API protocol (Representational State Transfer application programming interface) − the most widespread type of communications like "machine machine". The Mashinoponyatny PT Application Firewall interface helped to automate configuration management of the firewall with by means of such solutions as Cisco ACI.

2015: There was a release of ACI

On December 7, 2015 Cisco announced release of release of a software version for the infrastructure of Application Centric Infrastructure (ACI) focused on applications.

The upgraded program functionality added to ACI microsegmentation for physical (equipment rooms) and the multivendor virtualized applications (VMware of VDS, Microsoft Hyper-V), expands possibilities of ACI in the distributed configurations, implementing automation on a basis the politician in a set of data processing centers.

Representation of Cisco Application Centric Infrastructure (ACI) (2015)

Integration of Docker-containers using the open source software and the Cisco Application Policy Infrastructure Controller (APIC) controller is added, the approved model the politician and big flexibility of implementation is offered to these.

ACI include support of the automated input of services (service insertion) for any third-party services of levels 4-7. Support of means of cloud automation is added: VMware vRealize Automation and OpenStack, including support of Opflex for Open vSwitch (OVS) on the basis of open standards.

Elements of infrastructure of ACI (2015)

In structure of an ecosystem of ACI additional participants were connected, it allowed to automate all complex of applications, including PaaS (Platform as a Service) and SaaS (Software as a Service) that will help the organizations to implement the automation equipment in groups of application development and support of infrastructure.

Support of Docker-containers

Supporting, both physical, and virtual termination points, now thanks to integration into the APIC controller and the Contiv project, Cisco organized support of termination points on the platform of Docker-containers. The open Contiv project defines operational politicians of infrastructure for deployment of container applications.

In the unified model the politician of ACI implementation the politician is provided using groups of termination points (endpoint groups, EPG), i.e. a set of network termination points including a broad spectrum of such objects as hardware servers, virtual machines and containers. Docker offers the platform with the open code for accomplishment of the distributed applications in Linux containers.

Increase in level of information security

The upgraded Cisco ACI provides support of microsegmentation for VMware of VDS, the virtual switchboard Microsoft Hyper-V and also for hardware applications. It allows to implement thin setup of security policies of termination points. Customers can dynamically implement politicians of a forvarding and security, placing the compromised or harmful termination points in a quarantine on the basis of attributes of virtual machines (such as name, guest OS, identifier VM) or network attributes (such as IP address).

The organizations can also isolate tasks within one group the politician. For example, it is possible automatically, using policy, to prohibit communication between all termination points within one web level (web tier) for prevention of horizontal distribution of threats in borders of DPC.

Support of a set of DPC

By means of the distributed application in a tool set by Cisco ACI the politician in a set of data processing centers supports automation on a basis, providing mobility of applications and disaster recovery.

The politician with Cisco APIC is supported input and concatenation of services for any service device without the need for existence on the device of means of coordination. Now customers, automating communications between network services, can create a seamless configuration of the available network services and manage them.

Operational flexibility

Additional opportunities of software: support of the command interface for APIC similar to NX-OS, the basic and expanded modes of the graphical user interface, support of the SNMP protocol for APIC and also functions of the master of fault finding - the thermal card.

The general availability — the 4th quarter 2015.

2014: Release of ACI

The ACI technology was released by Cisco company in 2014.