Cisco® Application Centric Infrastructure (Cisco ACI®) is part of our intent-based networking framework to enable agility and resiliency in the data center. It captures higher-level business and user intent in the form of a policy and translates this policy into the network constructs necessary to dynamically provision the network, security, and infrastructure services.
Built on top of the industry-leading Cisco Nexus® 9000 platform, Cisco ACI uses a holistic, systems-based approach, with tight integration between hardware and software and between physical and virtual elements, an open ecosystem model, and innovative Cisco Application-Specific Integrated Circuits (ASICs) to enable unique business value for modern data centers.
Cisco ACI is the industry’s most secure, open, and comprehensive Software-Defined Networking (SDN) solution.
Cisco ACI enables automation that accelerates infrastructure deployment and governance, simplifies management to easily move workloads across a multifabric and multicloud framework, and proactively secures against risk arising from anywhere. It radically simplifies, optimizes, and expedites the application deployment lifecycle.
Modern data centers are dynamic. IT operations must meet the expectation of quality of service business needs in a rapidly changing environment. Cisco ACI transforms IT operations from reactive to proactive with a highly intelligent set of software capabilities that analyzes every component of the data center to ensure business intent, guarantee reliability, and identify performance issues in the network before they happen.
As application usage gets more pervasive across the enterprise network, IT professionals are looking to build solutions for consistent policy and encryption from the campus to the data center. For example, Cisco ACI integrations with Cisco® Software-Defined Access (SD-Access) /Cisco DNA Center and Cisco SD-WAN allow customers to automate and extend policy, security, assurance, and insights across their entire networking ecosystem.
To keep up with the massive influx of data and the increased demands on the network for speed and agility, networking professionals are learning to broker, connect, build, and govern their networks not only in the data center, but also across a vast multicloud landscape.
Cisco Application Centric Infrastructure (Cisco ACI) was built to simplify the IT infrastructure and operations by automating the network, providing pervasive security, and, if required, accelerate businesses to move to a multicloud environment.
With Cisco ACI, customers can manage complexity, maximize business benefits, and deploy workloads in any location, small and large, on premises and remote, in private and public clouds, satellite data centers, and 5G-enabled telecom edges.
With Cisco ACI, you can build a better network anywhere.
Cisco ACI differentiated business benefits
Digital transformation and business resiliency
Applications are at the center of the drive to modernize traditional businesses and the foundation of their digital transformation. The current discussion is about how applications have changed the very nature of data – how the data is generated, how it is analyzed, and how it is delivered. These are fundamentally new classes of applications that need to be considered in order to enhance the overall resiliency and agility of a business. These new applications have the following characteristics. They are.
● Modular and distributed across the enterprise. Applications follow the data. Now organizations need—and can get—data from everywhere, from every device and at any time to answer questions about their markets and customers. As a result, monolithic applications are dissolving rapidly into interconnected agile microservices that are delivered through a variety of virtual and physical workloads, including containers, across the entire enterprise.
● Built continuously and rapidly. The decentralization of application development enables companies to build new applications and services at vastly faster speeds and greater scales than were possible in the old centralized, “waterfall development” methods. Today, new applications are custom built, are updated by the minute, and often have a shelf-life of only a few days.
● Increasingly ML-enabled, AI-powered. The emergence of AI-powered and Machine Learning (ML)―enabled applications for both business and consumer use will lead to a whole new world of connected, intelligent, and automated devices that are deployed everywhere.
The main benefits of Cisco ACI include the following:
Accelerate network operations
A flexible and yet highly available network that allows agile application deployment within a site, across sites, and across global data centers while removing the need for complex Data Center Interconnect (DCI) infrastructure.
● Operational simplicity, with common policy, management, and operation models across application, network, and security resources
● Centralized network management and visibility with full automation and real-time network health monitoring
● Seamless integration of underlay and overlay
● Open northbound APIs to provide flexibility for DevOps teams and ecosystem partner integration
● A cloud-ready SDN solution
● Common platform for managing physical and virtual environments
● Automation of IT workflows and application deployment agility
Securely expand to multicloud
● Create business continuity and provide disaster recovery
● Inherent security with a zero-trust whitelist model and innovative features in policy enforcement, microsegmentation, and analytics
● Integrated security with Cisco security products and ecosystem partners
● Consistent security posture at scale across a multicloud environment
Deliver superior application experience
● Single policy and seamless connectivity across any data center and public cloud
● Through any hypervisor, for any workload, at any location, using any cloud
● Cloud automation enabled by integration with vRealize, Azure Pack, OpenStack, OpenShift, Kubernetes, and Cisco UCS® Director
● Open APIs and a programmable SDN fabric, with 65+ ecosystem partners
Cisco ACI and architectural solutions are built with the following building blocks:
● Cisco Application Policy Infrastructure Controller (APIC)
● Cisco Nexus 9000 Series spine and leaf switches for Cisco ACI
Cisco ACI building blocks
Cisco Application Policy Infrastructure Controller (APIC)
The infrastructure controller is the main architectural component of the Cisco ACI solution. It is the unified point of automation and management for the Cisco ACI fabric, policy enforcement, and health monitoring. The APIC appliance is a centralized, clustered controller that optimizes performance and unifies the operation of physical and virtual environments. The controller manages and operates a scalable multitenant Cisco ACI fabric.
The main features of the Cisco APIC include the following:
● Application-centric network policies
● Data-model-based declarative provisioning
● Application and topology monitoring and troubleshooting
● Third-party integration
◦ Layer 4 through Layer 7 (L4-L7) services
◦ VMware vCenter and vRealize
◦ Microsoft Hyper-V, Microsoft System Center Virtual Machine Manager (SCVMM), and Azure Pack
◦ Open vSwitch (OVS) and OpenStack
● Image management (spine and leaf)
● Cisco ACI inventory and configuration
● Implementation on a distributed framework across a cluster of appliances
● Health scores for critical managed objects (tenants, application profiles, switches, etc.)
● Fault, event, and performance management
Cisco Nexus 9000 series spine and leaf switches for Cisco ACI
Cisco Nexus 9300 and 9500 platform switches support Cisco ACI. Organizations can use them as spine or leaf switches to take full advantage of an automated, policy-based, systems management approach.
Cisco Nexus 9000 Series Switches include modular and fixed 1, 10, 25, 40, 50, 100 and 400 Gigabit Ethernet switch configurations that are designed to operate either in NX-OS mode for compatibility and consistency with the current Cisco Nexus switches (using Cisco NX-OS Software) or in ACI mode to take full advantage of Cisco ACI application-policy-based services and infrastructure automation features. This dual-function capability provides customers with investment protection and ease of migration to Cisco ACI through a software upgrade.
New features in Cisco ACI Release 5.2 include the following
● APIC cluster connectivity to fabric over Layer 3 network
◦ Supports deployment of APIC clusters in remote locations (for example, a DMZ network) and connects the clusters to the fabric (spine and leaf) over an IP network
◦ Provides flexibility and improves ease of deployment
● Software maintenance upgrade support
◦ Capability to upgrade APIC or a fabric switch using a patch
◦ Provides flexibility and improves usability of the product
● Support for back-to-back link between remote leaf pairs
◦ East-west traffic between nodes behind a pair of remote leafs now can leverage the physical links between the remote leaf pairs instead of hair-pinning
◦ Improves ease of deployment and TCO
● Endpoint Security Group (ESG) enhancements
◦ Provides support for additional classifiers (MAC and VM tags)
◦ Provides tag-selector support, which enables migration of EPGs to ESGs
◦ Improves ease of use and deployment
● Policy based routing enhancements
◦ Provides support for PBR on L3Out
◦ Provides dynamic MAC learning on Layer 3 PBR
◦ Provides inter-EPG contract support on L3Out with permit, deny, and PBR actions
◦ Improves ease of use and deployment
The controller framework enables broad ecosystem and industry interoperability with Cisco ACI. It enables interoperability between a Cisco ACI environment and management, orchestration, virtualization, and L4-L7 services from a broad range of vendors.
Cisco ACI consists of the following architectural solutions:
● Cisco ACI MultiPod
● Cisco Nexus Dashboard Orchestrator
● Cisco Cloud ACI
◦ Cloud ACI extended to AWS and Microsoft Azure
◦ Cloud-only solutions
◦ Cisco Cloud APIC
◦ Cisco Cloud Service Router (CSR) 1000v Series
◦ Cisco Nexus Dashboard Orchestrator
● Cisco ACI Physical Remote Leaf
● Cisco ACI Mini Fabric
Cisco ACI MultiPod
Cisco ACI MultiPod is part of the “single APIC cluster/single domain” family of solutions; a single APIC cluster is deployed to manage all the different ACI networks that are interconnected. These separate ACI networks are called “pods,” and each of them looks like a regular two-tiers spine-leaf topology. The same APIC cluster can manage several pods, and, to increase the resiliency of the solution, the various controller nodes that make up the cluster can be deployed across different pods.
Cisco ACI MultiPod
Cisco Nexus Dashboard Orchestrator
The Cisco Multi-Site Orchestrator (MSO) has become the Nexus Dashboard Orchestrator. The Nexus Dashboard Orchestrator provides a single point of provisioning for multiple Cisco ACI fabrics operating in a coordinated way. When this solution is combined with the latest networking enhancements of Cisco ACI, organizations can manage extension network elements such as Virtual Routing and Forwarding (VRF) instances, bridge domains, and subnets across multiple fabrics. It enables centralized policy and security controls across geographically distributed fabrics and very large scaled-out fabrics with automation and operations from a common point, allowing for a global cloudscale infrastructure.
The main features of Cisco Nexus Dashboard Orchestrator include the following:
● Single point of administration for multiple Cisco ACI fabrics
● Capability to map tenants, applications, and associated networks to specific availability domains within the Cisco ACI multisite
● Change control across multiple fabrics, allowing staging, testing, and if required, clean backout of any policy changes
● Automatic configuration and management of fabric network interconnects across an IP backbone
Cisco Nexus Dashboard Orchestrator
Cisco Cloud ACI
Cisco Cloud Application Centric Infrastructure (Cisco Cloud ACI) is a comprehensive solution for simplified operations, automated network connectivity, consistent policy management, and visibility for multiple on-premises data centers and public clouds or multicloud environments. The solution captures business and user intents and translates them into native policy constructs for applications deployed across various cloud environments. It uses a holistic approach to enable application availability and segmentation for bare-metal, virtualized, containerized, or microservices-based applications deployed across multiple cloud domains. The common policy and operating model drastically reduces the cost and complexity of managing multicloud deployments. It provides a single management console to configure, monitor, and operate multiple disjoint environments spread across multiple clouds. Cisco Cloud ACI is available on AWS and Microsoft Azure; future availability for Google Cloud has been announced.
What’s new in Cloud ACI for Cisco ACI Release 5.2:
● Brownfield VNet import on Azure: This feature will enable Azure Cloud customers to view existing brownfield VNets from within the Cloud APIC purview and connect their greenfield VNets to the brownfield VNets imported into Cloud ACI.
● AWS Transit Gateway Connect: Using this feature, customers will be able to auto-configure their AWS Transit Gateway Connect through a Cloud APIC to support dynamic routing between Cisco Cloud Service Routers (CSRs) and AWS Transit Gateway.
● Private IP Address for Cloud APIC and CSRs on AWS: This will enable customers to deploy their Cloud ACI solution with a private backbone network between their on-premises and AWS data centers.
● VNet Peering across Azure Active Directories: This feature enables operational flexibility for customers who want to use multiple Azure subscriptions to manage their application segments within Azure cloud.
Cisco Cloud ACI
Cisco offers, with a Cisco Cloud ACI, a cloud only approach, which uncouples the solution from the on-premises data center and allows you to securely connect and segment workloads not only in the public cloud, but also across public clouds.
Cisco Cloud ACI: required components
● Cisco Cloud APIC
Manage multiple cloud regions and Cisco Cloud Services Routers (CSR) 1000v Series from a single instance of Cisco Cloud APIC and enable consistent policy, security, and operations through secure interconnect for a multicloud environment.
● Cisco Nexus Dashboard Orchestrator
Responsible for provisioning, health monitoring, and managing the full lifecycle of Cisco ACI networking policies and stretched tenant policies across Cisco ACI sites around the world, both on premises and in the cloud. It is the single source of truth for policies.
● Cisco Cloud Services Router 1000v Series
Cloud ACI uses the Cisco Cloud Services Router (CSR) 1000v Series as the cloud router for connectivity between on-premises and cloud environments.
Cisco ACI Physical remote leaf
With Cisco ACI Physical Remote Leaf, customers can place a regular leaf switch in a remote/satellite location and connect back to the spine switch in the main (on-premises) location and, in turn, extend Cisco ACI policy into the remote/satellite location. By doing so, customers can also take advantage of all the benefits of the Physical Remote Leaf, from diverse interfaces to superior performance and scale and built-in encryption.
Cisco ACI Physical Remote Leaf
Cisco ACI Mini fabric
With the introduction of Cisco Mini ACI Fabric, customers can now leverage an optimized Cisco ACI solution for their small-scale deployments. This solution comprises APIC-CLUSTER-XS (one physical and two virtual controllers) along with two spines and a minimum of two and a maximum of four leaves.
Cisco ACI Mini Fabric
Cisco Nexus Dashboard provides a single automation platform to access operational services and tools for the data center and network. Using the Cisco Nexus Dashboard platform, customers can deploy Cisco Nexus Dashboard Orchestrator (NDO), Cisco Nexus Dashboard Insights, and Cisco Nexus Dashboard Data Broker. The Cisco Nexus Dashboard becomes even more of a collaborative focal point with the inclusion of operations-critical, third-party applications and tools. From the Nexus Dashboard, you can cross-launch any of the sites’ controllers, including APIC, Cloud APIC, and Cisco Data Center Network Manager (DCNM) fabrics, which drives the adoption of cloud-native application practices. Cisco Nexus Dashboard provides the following benefits.
● Easy to use
◦ Customizable role-based UI view to provide a focused view on network operators use cases
◦ Single Sign-On (SSO) for a seamless user experience across operation services
◦ Single console for health monitoring and quick service turnup
● Easy to scale
◦ High availability, scale-out operations from a single dashboard
◦ Scale use cases, leveraging flexible deployment options
◦ Operations that span across on-premises, multicloud, and edge networks
● Easy to maintain
◦ Seamless integration and lifecycle management of operational services
◦ Onboarding and managing of operational services across on-premises, cloud, or hybrid environments
◦ Single point of integration for critical third-party applications and tools
Cisco Nexus Dashboard
Cisco Nexus Dashboard Insights
Cisco Nexus Dashboard Insights gives customers the ability to monitor and analyze their fabric in real time to identify anomalies, to provide root-cause analysis and capacity planning, and to accelerate troubleshooting. By tracking historical context, collecting and processing hardware and software telemetry data, and correlating customer designs with Cisco best-practices, customers can get excellent visibility and awareness of issues affecting their environment and take corrective actions. Nexus Dashboard Insights is a microservices-based application designed to be hosted on Cisco Nexus Dashboard.
Utilize Cisco Infrastructure-as-Code (IaC) integrated solutions with HashiCorp and Red Hat Ansible
Infrastructure as Code (IaC) is an innovative approach to building application and software infrastructure with code. IaC enables automated provisioning and management of the full technology stack by translating manual, repetitive tasks into reusable, robust, and distributable code. IaC relies on practices that have been successfully used for years in software development, such as versioning, automated testing, release tagging, continuous delivery, etc.
Cisco Data Center Network (DCN) IaC solutions cover integrations with common third-party tools from HashiCorp and Ansible. These solutions enable customers to empower application services to define network and security requirements at the infrastructure layer in an automated and fully synchronized manner. With this approach, you can embrace a DevOps model by accelerating applications deployment and optimize network compliance in a safe and predictable manner.
Benefits of IaC
● Scalability and reliability
● Automation and agility
● Higher ROI and lower TCO
Cisco ACI and Cisco SD-WAN integration
Cisco offers an ACI and SD-WAN integration for branch offices (network edge). This is an integral component of customers’ cloud journey, which requires secure, policy-driven interconnects between the data center and branch offices that are a cost-efficient alternative to provisioning dedicated connections. Through this integration, customers can now automate a WAN path selection between the branch office and the on-premises data center based on application policy.
For example, traffic from a stock trader in a branch office in Chicago can be automatically sent over the fastest possible WAN link to access the trading application hosted in a data center in New York, based on the application policies and SLAs configured.
Cisco ACI to Cisco SD-WAN integration
Cisco ACI and AppDynamics integration
Digital transformation is a complex team effort across business and IT, requiring end-to-end application management and awareness. AppDynamics® provides IT teams the application-layer visibility and monitoring required in an intent-based architecture to validate that IT and business policies are being implemented across the network. Cisco ACI and AppDynamics integration provides dynamic correlation between application and network constructs. This combined solution provides high-quality application performance monitoring, richer diagnostic capability for application and network performance, and faster root-cause analysis of problems, with fast triage, sent quickly to appropriate team members – for example, does a given problem pertain to an application or to the network?
Cisco ACI and AppDynamics integration
This integration does the following:
● Dynamically maps the application and service components to the Cisco ACI network elements, thus providing a shared view of the application and infrastructure across teams
● Provides a dynamic view of application use in the infrastructure for the network operations team
● Provides a cross-launch for application teams to correlate network and application fault and performance data
● Baselines application health status in AppDynamics by correlating the Cisco ACI network health and faults
Customers are on a continuous quest to correlate application service-level management with infrastructure monitoring. This new integration will significantly reduce the time it takes to identify and troubleshoot end-to-end application performance issues.
Cisco ACI and Cisco SD-Access integration
Hyper-distributed applications and highly mobile users, increased cybersecurity threats, and increased regulatory requirements make network segmentation a must for reducing risk and achieving better compliance. Policy integration between Cisco ACI and Cisco SD-Access allows the marrying of Cisco ACI’s application-based microsegmentation in the data center with Cisco SD-Access’s user-group-based segmentation across the campus and branch. This integration automates the mapping and enforcement of segmentation policy based on the user’s security profile as they access resources within the data center. It enables security administrators to manage segmentation seamlessly from end to end, user to application. A common and consistent identity-based microsegmentation capability is provided from the user to the application.
Cisco ACI and Cisco SD-Access integration
As a result of this integration, the attack surface is greatly reduced, and any unauthorized or suspicious access to resources and potential threats can quickly be controlled and remediated. The solution is fully qualified for up to 25,000 Cisco SD-Access campus users, with plans to expand scale as needed by our customers.
Cisco ACI and ServiceNow
Enterprises are increasingly embracing a multicloud strategy to deliver applications with the intent to accelerate innovation and reduce costs. However, this strategy brings in its wake inherent challenges in application agility and security. Enterprises demand business services to be up and running rapidly to serve their end users. End users often demand that IT departments quickly and flexibly offer services that can help them get their jobs done. This goal leaves many IT teams struggling to maintain the business services needed to help ensure that end users remain productive. Some of the challenges they face in helping ensure the uptime of critical business services include:
● A manual service mapping process that can take weeks or months, depending on service complexity
● Lack of correlation between infrastructure changes and the business services they support
● Disconnected infrastructure tools and portals for change management and troubleshooting
● Inefficient root-cause analysis for service outages as a result of inaccurate service maps
Cisco Application Centric Infrastructure (Cisco ACI) integration with ServiceNow automates the discovery, application to business service mapping, firmware management, and provisioning of the Cisco ACI fabric from the ServiceNow instance.
Integrating Cisco ACI with ServiceNow delivers visibility and automation from the application tier down to the physical infrastructure, improving the speed and efficiency of IT provisioning, management, and troubleshooting, including
● Faster troubleshooting and root-cause analysis
● Improved operational efficiency
● Reduced TCO
Cisco ACI and Kubernetes Anywhere
Cisco ACI is designed to offer policy-based automation, security, mobility, and visibility for application workloads regardless of whether they run on bare-metal servers, hypervisors, or Linux containers. The Cisco ACI system-level approach extends the support for Linux containers by providing tight integration of Kubernetes, a popular container orchestration platform, and the Cisco ACI platform.
This integration allows Cisco ACI to provide a ready-to-use, secure networking environment for Kubernetes. The integration maintains the simplicity of the user experience in deploying, scaling, and managing containerized applications while still offering the controls, visibility, security, and isolation required by an enterprise.
The Cisco ACI and Kubernetes solution offers the following benefits:
● Flexible approach to policy
● Automated, integrated load-balancing services
● Secure multitenancy
● Visibility and telemetry information
Kubernetes anywhere integrated with Cisco ACI
Table 1. Features of the Cisco ACI Open Ecosystem
Third-party integration enabled by open APIs
Avoid vendor lock-in and expand choice and flexibility to build your own data center solution
Jointly certified software solutions with ecosystem partners
Employ a best-in-class SDN ecosystem with more than 65 technology partners, with partners publishing a certification matrix to guide customers to install and upgrade compatible software versions
L4-L7 service integration through service chaining
Deploy multivendor service graphs with a Cisco ACI integration mode of your choice to meet your operational and organizational needs
These L4-7 integrations are supported through NB REST API with respective ADC/firewall vendors or applications on Cisco ACI App Center
Cisco ACI App Center
Cisco ACI applications help you get the best applications for Cisco ACI in an efficient way. The Cisco ACI App Center:
● Accelerates innovations related to the Cisco ACI open ecosystem
● Enables Cisco internal partners, customers, and third-party developers to add value to Cisco ACI networks
● Allows customers to efficiently extract value from their networking investments
Flexible payment solutions to help you achieve your objectives.
Cisco Capital® makes it easier to get the right technology to achieve your objectives, enable business transformation and help you stay competitive. We can help you reduce the total cost of ownership, conserve capital, and accelerate growth. In more than 100 countries, our flexible payment solutions can help you acquire hardware, software, services and complementary third-party equipment in easy, predictable payments. Learn more.
Use the following links for additional information: