The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.
The pace of digital innovation is surging across the digital ecosystem in the post-pandemic era, resulting in a sharp expansion of applications and cloud usage. Experiences such as 8K ultra-high-definition video streaming, immersive Virtual Reality (VR) and Augmented Reality (AR) applications, gaming, self-driving vehicles, high-frequency stock trading, automation driven by AI/ML systems, IoT and cases with 5G networks are expected to be agile and secure by enterprises. In response, organizations are adopting hybrid-cloud and multicloud frameworks in order to attain the benefits of cloud networking and improve their business outcomes.
The network has been and continues to be the foundation of the internet that underpins cloud services and capabilities. Today, networking is also the foundation for modern applications, connecting microservices, functions, and data into mission-critical business services.
How does Cisco® Application Centric Infrastructure (Cisco ACI®) play into this cloud-networking continuum? Cisco ACI is part of our Nexus® Dashboard Platform for cloud networking, enabling agility and resiliency in hybrid-cloud and multicloud environments. It captures higher-level business and user intent in the form of a policy and translates this policy into the network constructs necessary to dynamically provision the network, security, and infrastructure services.
Cisco ACI, the industry’s most secure, open, and comprehensive Software-Defined Networking (SDN) solution, enables automation that accelerates infrastructure deployment and governance, simplifies management to easily move workloads across a multi-fabric and multicloud frameworks, and proactively secures against risk arising from anywhere. It radically simplifies, optimizes, and expedites the application deployment lifecycle.
Modern data centers are dynamic. IT operations must meet the expectations of quality-of-service business needs in a rapidly changing environment. Cisco ACI transforms IT operations from reactive to proactive with a highly intelligent set of software capabilities that analyze every component of the data center to ensure business intent, guarantee reliability, and identify performance issues in the network before they happen.
As applications have become more pervasive across the enterprise network, IT professionals are looking to build solutions for consistent policy and encryption from the campus to the cloud.
To keep up with the massive influx of data and the increased demands on the network for speed and agility, networking professionals are learning to broker, connect, build, and govern their networks not only in the data center, but also across a vast cloud landscape.
Cisco ACI was built to simplify the IT infrastructure and operations by automating the network, providing pervasive security, and helping accelerate businesses to move to a cloud or multicloud environment.
With Cisco ACI, customers can manage complexity, maximize business benefits, and deploy workloads in any location, small and large, on premises and remote locations, in private and public clouds, satellite data centers, and 5G-enabled telecom edges.
The main benefits of Cisco ACI include the following:
Accelerate network operations
Cisco ACI provides a flexible and yet highly available network that allows agile application deployment within a site, across sites, and across global data centers while removing the need for complex Data Center Interconnect (DCI) infrastructure
● Operational simplicity, with common policy, management, and operation models across application, network, and security resources
● Centralized network management and visibility with full automation and real-time network health monitoring
● Seamless integration of underlay and overlay networks
● Open northbound APIs to provide flexibility for DevOps teams and ecosystem partner integration
● A cloud-ready SDN solution
● Common platform for managing physical and virtual environments
● Automation of IT workflows and application deployment agility
Securely expand to multicloud
● Create business continuity and provide disaster recovery
● Inherent security with a zero-trust allow-list model and innovative features in policy enforcement, microsegmentation, and analytics
● Integrated security with Cisco security products and ecosystem partners
● Consistent security posture at scale across a multicloud environment
Deliver superior application experience
● Single policy and seamless connectivity across any data center and public cloud
● Through any hypervisor, for any workload, at any location, using any cloud
● Cloud automation enabled by integration with VMware vRealize, Azure Pack, OpenStack, OpenShift, Kubernetes, and Cisco UCS® Director
● Open APIs and a programmable SDN fabric, with 65+ ecosystem partners
Cisco Nexus Dashboard provides a single automation platform to access operational services and tools for the data center and network. You can deploy policy and connectivity automation, visibility and analytics tools, and traffic aggregation capability using the Cisco Nexus Dashboard platform. It becomes even more of a collaborative focal point with the inclusion of operations-critical, third-party applications and tools. From the Nexus Dashboard, you can cross-launch any of your sites’ controllers, including Cisco® Application Policy Infrastructure Controller (APIC), Cloud APIC, and Nexus Dashboard Fabric Orchestrator fabrics. The platform drives the adoption of cloud-native application practices providing the following benefits:
● Easy to use
◦ Customizable role-based UI view to provide a focused view on network operators' use cases
◦ Single Sign-On (SSO) for a seamless user experience across operation services
◦ Single console for health monitoring and quick service turnup
● Easy to scale
◦ High availability, scale-out operations from a single dashboard
◦ Scale use cases, leveraging flexible deployment options
◦ Operations that span across on-premises, multicloud, and edge networks
● Easy to maintain
● Seamless integration and lifecycle management of operational services
● Onboarding and managing operational services across on-premises, cloud, and hybrid environments
● Single point of integration for critical third-party applications and tools
Cisco Nexus Dashboard visibility and analytics
Cisco Nexus Dashboard gives customers the ability to monitor and analyze their fabric in real time to identify anomalies, to provide root-cause analysis and capacity planning, and to accelerate troubleshooting. By tracking historical context, collecting and processing hardware and software telemetry data, and correlating customer designs with Cisco best-practices, customers can get excellent visibility and awareness of issues affecting their environment and take corrective actions.
Cisco Nexus Dashboard policy and connectivity automation
Cisco Nexus Dashboard provides a single point of provisioning for multiple Cisco ACI fabrics operating in a coordinated way. When this solution is combined with the latest networking enhancements of Cisco ACI, organizations can manage extension network elements such as Virtual Routing and Forwarding (VRF) instances, bridge domains, and subnets across multiple fabrics. It enables centralized policy and security controls across geographically distributed fabrics and very large scaled-out fabrics with automation and operations from a common point, allowing for a global cloud-scale infrastructure.
Cisco ACI and architectural solutions are built with the following building blocks:
● Cisco Application Policy Infrastructure Controller (APIC)
● Cisco Nexus 9000 Series spine and leaf switches for Cisco ACI
The infrastructure controller is the main architectural component of the Cisco ACI solution. It is the unified point of automation and management for the Cisco ACI fabric, policy enforcement, and health monitoring. The APIC appliance is a centralized, clustered controller that optimizes performance and unifies the operation of physical and virtual environments. The controller manages and operates a scalable multitenant Cisco ACI fabric.
The main features of the Cisco APIC include the following:
● Application-centric network policies
● Data-model-based declarative provisioning
● Application and topology monitoring and troubleshooting
● Third-party integration
◦ Layer-4 through Layer-7 (L4-L7) services
◦ VMware vCenter and vRealize
◦ Microsoft Hyper-V, Microsoft System Center Virtual Machine Manager (SCVMM), and Azure Pack
◦ Open vSwitch (OVS) and OpenStack
● Image management (spine and leaf)
● Cisco ACI inventory and configuration
● Implementation of a distributed framework across a cluster of appliances
● Health scores for critically managed objects (tenants, application profiles, switches, etc.)
● Fault, event, and performance management
New features in Cisco ACI Release 6.0 (Cisco ACI 6) include the following:
● Increased scalability in hardware and network pods per fabric
● New innovations in remote leaf capabilities
● Enhanced Precision Time Protocol and Sync-E support in ACI Leaf
● Cisco ThousandEyes® integration
The controller framework enables broad ecosystem and industry interoperability with Cisco ACI. It enables interoperability between a Cisco ACI environment and management, orchestration, virtualization, and L4-L7 services from a broad range of vendors.
Cisco Nexus 9000 series spine and leaf switches for Cisco ACI
Cisco Nexus 9300, 9500, and the new 9800 platform switches support Cisco ACI. Organizations can use them as spine or leaf switches to take full advantage of an automated, policy-based, systems-management approach.
Cisco Nexus 9000 Series Switches include modular and fixed 1 to 400 Gigabit Ethernet, and now 800 Gigabit Ethernet, switch configurations that are designed to operate either in NX-OS mode for compatibility and consistency with the current Cisco Nexus switches (using Cisco NX-OS Software) or in ACI mode to take full advantage of Cisco ACI application-policy-based services and infrastructure automation features. This dual-function capability provides customers with investment protection and ease of migration to Cisco ACI through a software upgrade.
Cisco ACI consists of the following architectural solutions:
● Cisco ACI Multi-Pod
● Hybrid and multicloud
● Cisco ACI physical remote leaf
● Cisco Mini ACI Fabric
Cisco ACI Multi-Pod
Cisco ACI Multi-Pod is part of the “single APIC cluster / single domain” family of solutions; a single APIC cluster is deployed to manage all the different ACI networks that are interconnected. These separate ACI networks are called “pods,” and each of them looks like a regular two-tier, spine-leaf topology. The same APIC cluster can manage several pods, and, to increase the resiliency of the solution, the various controller nodes that make up the cluster can be deployed across different pods.
Hybrid and multicloud
IT organizations approach their multicloud strategy by breaking it down into three pieces:
● First: Take stock and make a plan across their teams and technologies. Optimize what they have, adopt new skills, and modernize to meet new requirements. Establish the connections, security, and processes to create a highway for rapid change and delivery of new services.
● Second: Extend the data center where it needs to go. IT can become the one-stop-shop for private and public resources and to make them secure, consistent, and seamless for their environment.
● Third: Optimize, because “good multicloud starts at home.” For those workloads and data to land securely and efficiently on premises they need private and hybrid cloud platforms that offer self-service consumption and the ability to move workloads seamlessly from private cloud to public cloud and the edge.
How Cisco ACI can help:
Cisco ACI occupies a unique position in a cloud ecosystem because clouds ultimately depend on the network that uses them. For cloud builders, we make complete automation with a software-defined physical infrastructure in ACI. ACI, as a multicloud software solution, puts people in control of their public and private cloud resources in a secure way using single pane of glass management. IT teams can easily connect and manage infrastructure anywhere from core-to-edge.
● Increase value of IT team. DC I&O teams become builders and brokers of services that can offer the right mix of performance, security, cost, location to LOB stakeholders, on premises in the core DC or at remote sites, or in the public cloud. Developers and application architects can operate with a consistent development and run-time environment whether on premises or in the cloud.
● Accelerate change while protecting the business. The connections, security, and processes are established to create the highway for rapid change and agile delivery of new services.
● Multicloud continuity. Infrastructure resources are managed at any location at any scale to support new initiatives in IoT and mobility, and AI/ML technology is taken out of the equation so that application deployment is driven by business needs and cost considerations, not by technology limitations.
Cisco ACI physical remote leaf
With Cisco ACI physical remote leaf, customers can place a regular leaf switch in a remote or satellite location and connect back to the spine switch in the main (on-premises) location and, in turn, extend Cisco ACI policy into the remote or satellite location. By doing so, customers can also take advantage of all the benefits of the physical remote leaf, from diverse interfaces to superior performance, and scale and built-in encryption.
Cisco ACI physical remote leaf
Cisco Mini ACI Fabric
With the introduction of Cisco ACI Mini Fabric, customers can now leverage an optimized Cisco ACI solution for their small-scale deployments. This solution comprises APIC-CLUSTER-XS (one physical and two virtual controllers) along with two spines and a minimum of two and a maximum of four leaves.
Utilize Cisco Infrastructure-as-Code (IaC) integrated solutions with HashiCorp and Red Hat Ansible
Infrastructure as Code (IaC) is an innovative approach to building application and software infrastructure with code. IaC enables automated provisioning and management of the full technology stack by translating manual, repetitive tasks into reusable, robust, and distributable code. IaC relies on practices that have been successfully used for years in software development, such as versioning, automated testing, release tagging, continuous delivery, etc.
Cisco Data Center Network (DCN) IaC solutions cover integrations with common third-party tools from HashiCorp and Red Hat Ansible. These solutions enable customers to empower application services to define network and security requirements at the infrastructure layer in an automated and fully synchronized manner. With this approach, you can embrace a DevOps model by accelerating applications deployment and optimize network compliance in a safe and predictable manner.
Benefits of IaC
● Scalability and reliability
● Automation and agility
● Higher ROI and lower TCO
Cisco ACI and Cisco SD-WAN integration
Cisco offers ACI and SD-WAN integration for branch offices (network edge). This is an integral component of customers’ cloud journey, which requires secure, policy-driven interconnects between the data center and branch offices that are a cost-efficient alternative to provisioning dedicated connections. Through this integration, customers can now automate a WAN path selection between the branch office and the on-premises data center based on application policy.
For example, traffic from a stock trader in a branch office in Chicago can be automatically sent over the fastest possible WAN link to access the trading application hosted in a data center in New York, based on the application policies and SLAs configured.
Cisco ACI and AppDynamics assurance integration
Digital transformation is a complex team effort across business and IT, requiring end-to-end application management and awareness. AppDynamics® provides IT teams with the application-layer visibility and monitoring required in an intent-based architecture to validate that IT and business policies are being implemented across the network. Cisco ACI and AppDynamics integration provides dynamic correlation between application and network constructs. This combined solution provides high-quality application performance monitoring, a richer diagnostic capability for application and network performance, and faster root-cause analysis of problems, with fast triage, sent quickly to appropriate team members – for example, whether a given problem pertains to an application or to the network.
This integration does the following:
● Dynamically maps the application and service components to the Cisco ACI network elements, thus providing a shared view of the application and infrastructure across teams
● Provides a dynamic view of application use in the infrastructure for the network operations team
● Provides a cross-launch for application teams to correlate network and application fault and performance data
● Baselines application health status in AppDynamics by correlating the Cisco ACI network health and faults
Customers are on a continuous quest to correlate application service-level management with infrastructure monitoring. This new integration will significantly reduce the time it takes to identify and troubleshoot end-to-end application performance issues.
Cisco ACI and Cisco SD-Access integration
Hyper-distributed applications and highly mobile users, increased cybersecurity threats, and increased regulatory requirements make network segmentation a must for reducing risk and achieving better compliance. Policy integration between Cisco ACI and Cisco SD-Access allows the marrying of Cisco ACI’s application-based microsegmentation in the data center with Cisco SD-Access’s user-group-based segmentation across the campus and branch. This integration automates the mapping and enforcement of segmentation policy based on the user’s security profile as they access resources within the data center. It enables security administrators to manage segmentation seamlessly from end to end, user to application. A common and consistent identity-based microsegmentation capability is provided from the user to the application. As a result of this integration, the attack surface is greatly reduced, and any unauthorized or suspicious access to resources and potential threats can quickly be controlled and remediated. The solution is fully qualified for up to 25,000 Cisco SD-Access campus users, with plans to expand scale as needed by our customers.
Cisco ACI and ServiceNow
Enterprises are increasingly embracing a multicloud strategy to deliver applications with the intent to accelerate innovation and reduce costs. However, this strategy brings in its wake inherent challenges in application agility and security. Enterprises demand business services to be up and running rapidly to serve their end users. End users often demand that IT departments quickly and flexibly offer services that can help them get their jobs done. This goal leaves many IT teams struggling to maintain the business services needed to help ensure that end users remain productive. Some of the challenges they face in helping ensure the uptime of critical business services include:
● A manual service mapping process that can take weeks or months, depending on service complexity
● Lack of correlation between infrastructure changes and the business services they support
● Disconnected infrastructure tools and portals for change management and troubleshooting
● Inefficient root-cause analysis for service outages as a result of inaccurate service maps
Cisco Application Centric Infrastructure (Cisco ACI) integration with ServiceNow automates the discovery, application to business service mapping, firmware management, and provisioning of the Cisco ACI fabric from the ServiceNow instance.
Integrating Cisco ACI with ServiceNow delivers visibility and automation from the application tier down to the physical infrastructure, improving the speed and efficiency of IT provisioning, management, and troubleshooting, including
● Faster troubleshooting and root-cause analysis
● Improved operational efficiency
● Reduced TCO
Cisco ACI and Kubernetes Anywhere
Cisco ACI is designed to offer policy-based automation, security, mobility, and visibility for application workloads regardless of whether they run on bare-metal servers, hypervisors, or Linux containers. The Cisco ACI system-level approach extends the support for Linux containers by providing tight integration of Kubernetes, a popular container orchestration platform, and the Cisco ACI platform.
This integration allows Cisco ACI to provide a ready-to-use, secure networking environment for Kubernetes. The integration maintains the simplicity of the user experience in deploying, scaling, and managing containerized applications while still offering the controls, visibility, security, and isolation required by an enterprise.
The Cisco ACI and Kubernetes solution offers the following benefits:
● Flexible approach to policy
● Automated, integrated load-balancing services
● Secure multitenancy
● Visibility and telemetry information
Table 1. Features of the Cisco ACI open ecosystem
Third-party integration enabled by open APIs
Avoid vendor lock-in and expand choice and flexibility to build your own data center solution
Jointly certified software solutions with ecosystem partners
Employ a best-in-class SDN ecosystem with more than 65 technology partners, with partners publishing a certification matrix to guide customers to install and upgrade compatible software versions
L4-L7 service integration through service chaining
Deploy multivendor service graphs with a Cisco ACI integration mode of your choice to meet your operational and organizational needs.
These L4-L7 integrations are supported through NB REST API with respective ADC/firewall vendors or applications on Cisco ACI App Center
Cisco ACI App Center
Cisco ACI applications help you get the best applications for Cisco ACI in an efficient way. The Cisco ACI App Center:
● Accelerates innovations related to the Cisco ACI open ecosystem
● Enables Cisco internal partners, customers, and third-party developers to add value to Cisco ACI networks
● Allows customers to efficiently extract value from their networking investments
Flexible payment solutions to help you achieve your objectives.
Cisco Capital® makes it easier to get the right technology to achieve your objectives, enable business transformation and help you stay competitive. We can help you reduce the total cost of ownership, conserve capital, and accelerate growth. In more than 100 countries, our flexible payment solutions can help you acquire hardware, software, services and complementary third-party equipment in easy, predictable payments. Learn more.
Use the following links for additional information: