Cisco Enhances Security, Flexibility in ACI Platform

The vendor expands micro-segmentation, increases virtualization capabilities and adds Docker support to its SDN offering.

Cisco logo

Cisco Systems is bringing improved flexibility, openness and security to is Application Centric Infrastructure network virtualization offering.

The company on Dec. 3 unveiled a new software release for Application Centric Infrastructure (ACI)—its software-defined networking (SDN) effort—that allows for micro-segmentation for not only physical (bare metal) but also for applications running on virtual servers based on VMware's vSphere Distributed Switch (VDS) and Microsoft's Hyper-V technologies. In addition, Cisco is adding support for Docker containers in its Application Policy Infrastructure Controller (APIC).

The expanded micro-segmentation capabilities and Docker support enable ACI to better fit into environments that are running a mix of physical and virtual systems that may be running multiple hypervisors as well as containerized workloads. Cisco already offers micro-segmentation in its own Application-centric Virtual Switch.

Along with the greater flexibility and reach the expanded micro-segmentation gives ACI, it also brings in greater security, including enabling users to isolate infected or virtual machines (VMs) within the same endpoint group, Srini Kotamraju, director of product management at Cisco, told eWEEK.

The new features are part of the new release of the APIC 1.2(1x) software for ACI and the NX-OS 11.2 (1X) software.

Cisco is looking to differentiate itself in a highly competitive SDN market which analysts with IHS expect to grow to $13 billion by 2019, up from $781 million last year. The market not only includes other established vendors like Juniper Networks, Hewlett Packard Enterprise (HPE) and VMware, but also a growing number of smaller companies like Big Switch Networks, Midokura and Pica8. With its ACI effort, Cisco is offering a combination of hardware and software that is easily interoperable and designed to ensure that applications have the data center resources they need.

Cisco has more than 5,000 customers using its Nexus 9000 ACI-ready switch and more than 1,100 ACI customers. The latest features in the API and NX-OS software are designed to ensure that ACI works across a broad array of platforms, cloud management offerings, hypervisors and workloads, is secure and can reach across multiple data centers.

"We're trying to give [users] operational choice," Mike Cohen, director of product management at Cisco, told eWEEK.

The micro-segmentation support in ACI for VMware's VDS, Microsoft's Hyper-V virtual switch and bare-metal applications brings users flexibility and improved security, enabling customers to enforce security policies and separate infected endpoints from healthy ones based on such VM attributes as name, guest operating system or VM identifier, or network attributes such as IP addresses.

The support for Docker containers comes via integration with APIC and Project Contiv, an open-source project aimed at defining policies around infrastructure operations for container-based deployment, officials said. The unified policy model in ACI enforces policy through a collection of network endpoints called endpoint groups, which can include bare metal servers, VMs and containers, they said.

In addition, Cisco is now enabling customers to extend ACI networks across multiple data centers for increased application mobility and disaster recovery.

"We're giving you the ability to sync policies across multiple data centers," Kotamraju said.

In addition, the company is supporting service insertion and chaining in ACI for any service device without having to coordinate policies with APIC. Customers can configure and manage their existing network services while also automating connectivity, officials said.

Other software capabilities include enabling customers to use NX-OS-style command line interface (CLI) for APIC, as well as Basic and Advanced GUI modes, SNMP support for APIC and additions to the troubleshooting wizard, such as a heat map.

Cisco also is expanding choice in cloud automation tools. The company already supports Microsoft's AzurePack for private clouds. Now Cisco also supports VMware's vRealize Automation and OpenStack deployments, and is extending ACI policy into the hypervisor using Opflex on Open vSwitch (OVS).