February 5, 2015
To be clear, when we are talking about Cisco’s Application Centric Infrastructure (ACI) we are really talking about the data center and the management/deployment of applications within that data center.
The sole purpose of the data center is to publish applications for a company’s end users or customers to consume. The manner in which we have deployed applications over the past 25 years has changed a lot:
- Started with a single tier/single server model
- Moved to a multi-tier/multi-server model
- Transitioned to a model in which we deploy some of our business critical applications into the cloud via services, such as Microsoft Azure or Amazon AWS,
- The current model leverages new types of applications for meta data analytics, such as Hadoop, that function on the network in a very different fashion from a traffic pattern perspective (east/west traffic patterns) than in the past, with more traditional models (north/south).
With all these changes at the application layer, the one area that has remained pretty stagnant in terms of how it needs to operate is the actual network construct or network infrastructure itself. Meaning that we still configure policies on the network via a command line interface (CLI) that dictate things like:
- How a packet gets routed through the network
- The quality of service policy at layer 2/3
- Spanning-tree protocol
- Layer 3/layer 4 access control lists on firewall etc.
Additionally, to configure these policies via the CLI, it requires engineers with significant skills or experience, and it can take significant time (sometimes weeks) to get these policies implemented. Unfortunately, what this has done is create a layer of complexity between the network team and the application team/business side of the house. This ultimately causes IT departments to be slower to react to the demands of the business or application units and makes it difficult to provide the application team with the necessary metrics or visibility to see how well an application is behaving on the network.
We have tried to address this layer of complexity with technologies such as a software defined networking (SDN) which, at its core, brought to the table the abstraction of the control plane from routers/switches/firewalls/etc. onto a centralized management controller, so that you can implement configurations to manage from a centralized pane of glass. A great example of this is OpenFlow. There’s no denying that this is good. In theory, with this model, we no longer have to manage devices on an individual level, and we are now more efficient because we are managing the environment from a centralized place. The emergence of SDN also brought some automation capabilities, in that if an IT department has some repeatable tasks from a configuration perspective on the network infrastructure, we can now push out scripts to deploy the configuration across several disparate devices in seconds. We also introduced network virtualization at the application layer with layer 4 – 7 services and virtual switches. The only issue with all of this is that it doesn’t really cure the disease, which in this case, is the complexity, and we aren’t really giving the application team a deep level view of the health of their application. We are only really treating the symptoms of the disease (i.e. complexity) but not providing the actual cure. Essentially, we have just shifted the complexity down stream.
What does Cisco’s Application Centric Infrastructure (ACI) do?
What Cisco’s Application Centric Infrastructure (ACI) does is really look at the data center and the application as a whole. For a simple example, let’s take a common application that is typically composed of three tiers:
Actually interfaces with the end user or consumer for applications like CRM, ERP, e-commerce sites, etc.
Responsible for feeding data into the web tier so that we can format into whatever format the application dictates.
Where the actual raw data exists; for instance a cluster of SQL databases.
So what’s missing from this in any data center network?
The answer is the policies in between these tiers of applications.
- The network requires a complex policy for the end users hitting the web tier as we will need to do things like policy-based routing, layer 3/2 quality of service, layer 3 or 4 firewall rules and layer 4 through 7 load balancers
- We will also require another set of policies in between the web and application tiers
- And potentially another set between application/database tiers
The problem with this is not only does it take time to implement the policies because of the complexity, but also these aren’t terms that make sense to an application developer or development team. What we need is an approach that makes sense to both the application team and the network team. Cisco’s approach is to abstract these complex policies that were formally configured in complex CLI interfaces or GUI’s into what is called an Application Network Profile (ANP). An application network profile is essentially a logical GUI-driven connectivity graph composed of any of the given tiers of an application for how you want your application to operate, connect and be treated on the network while being deployed down to the network in a manner of seconds to a stateless fabric. This is the core of Cisco’s approach to Application Centric Infrastructure.
A key approach to Cisco’s Application Centric Infrastructure (ACI) is that with Application Network Profile there is a new level of complete transparency between the network team and the application team.
With this architecture, we can grant application developers access to the system via an intuitive portal so that they can see exactly how well the application is performing and its health. Specifically, any user (utilizing strict Role-Based Access Control (RBAC) will be able to log into the system and immediately see a relevant and meaningful health score for the critical line of business applications while being able to definitively see if any of the issues the application may be experiencing are network-caused.
So, in summary, the key business value that Cisco is trying to provide with its Application Centric Infrastructure is:
- Provide an architecture that lends itself well to the east/west traffic patterns in today’s data centers,
- Abstraction of the complexity between the network team and application teams via logical object orientated application network profiles, and
- The deep level telemetry/application health scores to see exactly how healthy that application is within your network.
Please contact Mindsight if you have any questions or wish to learn how to prepare your organization to leverage Cisco’s Application Centric Infrastructure.
Like what you read?
Mindsight, a Chicago IT consultancy and services provider, is an extension of your team. Our culture is built on transparency and trust, and our team is made up of extraordinary people – the kinds of people you would hire. We’ve always prided ourselves in delivering the full spectrum of IT services and solutions, from design and implementation to support and management. Our highly-certified engineers and process-oriented excellence have certainly been key to our success. But what really sets us apart is our straightforward and honest approach to every conversation, whether it is for a local business or global enterprise. Our customers rely on our thought leadership, responsiveness, and dedication to solving their toughest technology challenges.