® Application Centric Infrastructure (ACI) integrates Cisco ASA Adaptive Security Appliances firewall solutions (physical and virtual) to deliver application centric security automation in existing and next-generation data centers.
In today's data centers, networking and Layer 4 through 7 application services typically require manual processes and management tasks, with little or no automation. To make applications and data centers much better aligned with business activity and more responsive to changing requirements, automation based on predefined policies and on-demand, user-controlled updates to applications and infrastructure are needed.
Cisco ACI provides an innovative application and security service insertion framework, with the Cisco Application Policy Infrastructure Controller (APIC) as a central point of network service automation and policy control.
The Cisco APIC allows IT administrators to automate the insertion and provisioning of security services in application networks, thus eliminating the complexity of traffic-steering techniques and the topology constraints of traditional networks, and enabling application mobility and cloud readiness.
Service policy automation is achieved through open RESTful APIs, with JSON and XML data format.
The integration of the Cisco ACI architecture with the Cisco ASA solutions provides automated, policy-based security provisioning, management, and security policy updates, for firewall, intrusion prevention, virtual private network (VPN) services, and more. Cisco ASA and ACI enable transparent security services insertion anywhere in the network fabric, centralized management, automated security policy lifecycle management, and elastic scaling of Cisco ASA services for high-performance and on-demand provisioning (Figure 1).
Figure 1. Cisco ACI and ASA Solution
The integration of Cisco ACI and Cisco ASA solutions offers a number of benefits:
• Transparent integration with Cisco ACI data center fabric enforces security anywhere in the data center, with consistency across physical and virtual workloads.
• Centralized management and automation through Cisco APIC simplifies the operation complexity associated with pervasive security policy enforcement and provides system-wide visibility of security-aware applications and tenants.
• Built-in security policy lifecycle management enables business agility by rapidly responding to application network and security requirements.
• Elastic scaling of appliances through clustering provides high performance (up to 640 Gbps) and resiliency.
• On-demand scale-up and scale-down capabilities on the new virtual Cisco ASA solution provide flexibility in virtual environments.
Cisco ACI security infrastructure encompasses the following components:
• Cisco ASA 5585-X appliances: Cisco ASA 5585-X software enhancements enable transparent integration of the security appliance into the Cisco ACI network fabric.
• Cisco Virtual Adaptive Security Appliance Firewall: The new Cisco Virtual Adaptive Security Appliance (ASAv) Firewall helps customers extend proven, full-featured, industry-leading Cisco ASA firewall and VPN functions to virtual environments in their data centers and private, public, and hybrid clouds. Unlike the Cisco ASA 1000V Cloud Firewall, Cisco ASAv has the flexibility to work in conjunction with a diverse set of hypervisors and virtual switches while maintaining the full Cisco ASA feature set.