Cisco ACI and HashiCorp Terraform Joint Innovations Introduce Cloud-native Network Automation
Available Languages
Bias-Free Language
The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.
Increase productivity, reduce human error, and create self-service infrastructure and networks using Terraform Cloud and Cisco ACI®.
As business needs demand faster responses, customers are embracing the DevOps model to accelerate application deployment and achieve higher efficiency in operating their data centers as well as public-cloud deployments. Furthermore, the business needs of customers can extend beyond having infrastructure respond faster: they may also require considerations pertaining to performance, cost, resilience, and security. This has led to customers adopting multi-cloud architectures. Multi-cloud architectures require network connectivity between application workloads running in different environments.
To address some of these challenges, especially in multi-cloud networking, Cisco and HashiCorp have worked together to deliver the ACI Provider for Terraform. The joint solution combines the power of Terraform, the provisioning tool for building, changing, and versioning infrastructure safely and efficiently, with the power of Cisco ACI, which allows application requirements to define the network using a common policy-based operational model across the entire ACI-ready infrastructure. This architecture simplifies, automates, optimizes, and accelerates the entire application deployment lifecycle across the data center, WAN, access, and cloud.
The Cisco ACI and HashiCorp Terraform solution
Terraform’s open-source solution manages both existing, popular services and custom in-house solutions, offering more than 100 providers. With a vision to address some of the challenges listed earlier, especially in multi-cloud networking, Cisco and HashiCorp have worked together to deliver the ACI Provider for Terraform. The ACI Provider supports more than 90 resources and data sources. A complete list with examples can be found here.
While the Terraform open-source solution allows operators to manage hundreds of cloud providers with a single workflow, Terraform Cloud provides the remote operations, collaborative features, and governance required to use Terraform across an entire organization.
Self-service networking solutions
With our joint solution, operation teams can now create self-service networking solutions for one or many teams across an organization. Using a private module registry in Terraform Cloud, these teams can create a single Terraform template that expresses not just the configuration of the services from the core cloud platform, but also the services from Independent Software Vendors (ISVs). That module can be provisioned once or numerous times and can have specific read-only permissions so it can be safely provisioned by other teams. It includes not just the services of the cloud provider and Cisco® networking solutions, but those of all the monitoring agents, the Application Performance Management Systems (APMs), the security configurations, and the various ISVs that are described in that template.
Its provider ecosystem, even more than its multi-cloud aspect, has caused Terraform to become the lingua franca for provisioning across public and private clouds. The decoupling of the module creation process and the provisioning process greatly reduces the time it takes for any application to go live. This self-service model means that developers no longer need to wait for the operation teams’ approval, as long as they use a preapproved module.
Ultimately, the reason for the shift to cloud is to accelerate the application delivery process for new systems of engagement. The goal is to provide the lowest possible friction model for development teams to deploy those applications as often as possible to different cloud platforms, but have the necessary sign-off from operation, security, and networking teams. This is the essence of “DevOps.” Those teams are very comfortable with the Continuous Integration and Continuous Deployment (CI/CD) process of deploying those applications to static environments, but are less comfortable with the cloud model.
Proactive security and compliance
Ensuring that every infrastructure change is secure and compliant within an organization can often reduce agility among DevOps teams. Terraform Cloud allows operators to establish guardrails and best practices for any network or infrastructure as code. Just as infrastructure can be defined as code, these policies are also defined as code by using the framework Sentinel. By using Sentinel, operators can proactively define hard security and compliance rules and suggestions for any change made to Cisco networks.
Solution key value propositions
Key benefits of the Cisco ACI and Terraform Cloud solution
1. Cloud-native network automation (Infrastructure as Code (IaC) for operators)
Network operators can take advantage of Terraform’s ability to express Infrastructure as Code (IaC) in a simple, human-readable language called HashiCorp Configuration Language (HCL). Rather than manually configuring resources through a user interface, a practice that takes time and dedication at every instance, network operators now manage an infrastructure in a file or set of files. Cisco and HashiCorp have worked together to deliver the ACI Provider for Terraform, using Terraform’s plug-in extensibility and supporting more than 90+ resources and data sources.
In addition, the Cisco Multi-Site Orchestrator (MSO) provider is publicly available and will deliver a powerful automation framework for provisioning across the data center and public cloud infrastructure. As Cisco MSO implements an abstracted and uniform policy model across heterogeneous platforms, Terraform users will be able to leverage a unified set of resources to deliver a plethora of new cloud-native functions, from SDN overlay extension in the cloud to Kubernetes Federation, including GitOps, DevSecOps, etc.,
Terraform provides its users with a simple workflow to manage both public and private infrastructure. Using the Terraform CLI and remote operations available with Terraform Cloud, it’s easy to start creating some configuration intent on Cisco ACI. See Figure 2 for an illustration of the workflow steps.
Sample workflow steps for creating configuration intent using Terraform Cloud.
2. Cisco DevNet’s ACI Provider for Terraform resources as a route to developer community
Cisco DevNet is a big differentiator for customers interested in ACI Provider for Terraform. Cisco DevNet offers free code samples and workflows for customers to use, CI/CD pipelines to push infrastructure changes to either the on-premises data center or the cloud, or showing a complete Virtual Private Cloud (VPC) or Administrative Zone (AZ) standup to a cloud ACI through a full, declarative workflow. Cisco DevNet offers a full journey to customers from a given starting point all the way to the construction of a composable infrastructure in the cloud using the industry-leading data-center-networking solution (Cisco ACI), and do so using Cisco products and/ or open-source tooling to build these workflows (Terraform, GitLab, etc.). Cisco DevNet’s half-million developers share code; its strong community and wide reach give customers an unparalleled “learn before you deploy” experience. Other compelling features include free DevNet express training, social media outreach, webinars, and easy accessibility to DevNet subject-matter experts to get their recommendations to attain success.
3. GitOps-CI/CD pipelines
GitOps control CI/CD pipelines from a single source of truth. With the advent of containers and immutable infrastructures, it has become prevalent in modern enterprises to develop a universal approach to operations. This is commonly referred to as the GitOps model, where Continuous Integration (CI) pipelines are controlled from a single source of truth and where application and infrastructure components can be rolled back or updated using standard Git operations.
Cisco ACI amplifies GitOps and CI/CD pipelines by providing a software model that can rapidly adapt to automation-framework evolution. This ensures that our customers can rely on a robust, flexible, and extensible network and security API that can support bleeding-edge automation and cloud-native use cases, such as Kubernetes operators, application-level visibility, and multi-cloud security.
Terraform Cloud integrates with version control systems, allowing operators to provision and change their infrastructure with the simple merge of a pull request.
The Cisco advantage
As the worldwide leader in IT, networking, and cybersecurity solutions, Cisco has the power to help companies of all sizes transform how they connect, communicate, and secure their information. Cisco Application Centric Infrastructure, the industry-leading SDN solution, facilitates application agility and data center automation. Working with HashiCorp, the leader in infrastructure automation for multi-cloud environments, Cisco has created a joint solution that automates networking infrastructure provisioning, dramatically increasing DevOps productivity, minimizing risks by practically eliminating human error, and accelerating overall DevOps lifecycles.
ACI URL: www.cisco.com/go/aci
Hashicorp URL: www.hashicorp.com