Wishing you all a very Happy New Year and thanks to you all for considering ACI as your SDN solution to simplify your data center operation and automation. This is a follow on to my last blog to provide details on how we have delivered a true disruption in networking and opened the gate for agility of your applications where-ever they are.
The ACI's policy model allows a consistent way of managing your infrastructure. For people new to ACI, let me step back and describe what I mean by policy model.
With traditional networks, application teams put in requirements for their infrastructure teams who then translate it into networking constructs like VLANs, subnets, ports, and routes often times using spreadsheets. The following picture depicts a very simple case for a three tier application. As you can see, the workflow for how application requirements get translated which can be slow, labor intensive, and vulnerable to manual errors.
Now imagine adding security, load balancing for the web tier, and any other L4-L7 services into this diagram. The problem quickly gets out-of-hand and this explains why it takes days to weeks to deploy a new application. Now that you appreciate the complexity of configuration, but what about day to day operational challenges such as:
ACI Policy Model
This brings in the context the ACI policy model. You indicate the intended state of your application to the APIC controller as follows:
The application owner specifies tiers, security constraints between these tiers, how web-server connects to outside world, and as needed firewall, load balancer, and any other L4-L7 services. The APIC takes these inputs and provisions the entire application automatically. All the questions cited above for traditional networks are no longer a constraint with the ACI architecture.
Under the covers, APIC handles all the complexity of diverse network infrastructure and mapping to the physical or virtual elements. Since APIC already knows the relation of an Application's Policy Model to the real infrastructure elements, it automatically correlates infrastructure events and failures to each tenant and application.
Just to give you a sense of visibility and troubleshooting, let's imagine today's situation with a network link failure. For most customers, an event/failure is logged in some management system. The network administrator may, at best, know the server and/or set of servers affected. The application owner has no clue of what happened, perhaps can only see degraded performance. In APIC, as soon as the link is down, the impact will be reflected on the health score of the application as shown in example below:
What we delivered so far under the ACI Model
Based on ACI's unique and flexible architecture, we first shipped ACI with support for bare metal and for ESX through integration with vCenter. But soon we extended it to shipping the following combinations today. Note the customers still operate using the same high level Application Policy Model with the choice of workload type -Bare-metal, VMware ESX, Microsoft Hyper-V, KVM, Xen, containers, and L4-L7 services. The result is:
The Sky's the Limit with the ACI Policy model
Now that we are on the same page with the ACI policy model. Let's stretch our imagination to provide the same consistent policy model for your entire infrastructure. Here are some of the thoughts we have and customers requested:
Conclusion
With ACI, I am humming my favorite song by R. Kelly, 1998:
If I can see it, then I can do it
If I just believe it, there's nothing to it
I believe I can fly
I believe I can touch the sky
For More Information: