Cisco Adds ACI Security Features and Docker Support

Cisco announced a new software release for its Application Centric Infrastructure (ACI) that adds microsegmentation for both physical (bare metal) applications and multivendor virtualized applications (VMware VDS, Microsoft Hyper-V). New features extend ACI across multi-site environments to deliver policy-driven automation across multiple data centers. The update also adds support for Docker containers through contributions to open source.

Cisco said its ACI now supports automated service insertion for any third party layer 4-7 service and cloud automation tools like VMware vRealize Automation and OpenStack, including open standards-based Opflex support with Open vSwitch (OVS).

“Customers tell me that only five to ten percent of their networks are automated today,” said Soni Jiandani, SVP at Cisco. “They are eager to adopt comprehensive automation for their networks and network services through a single pane of management, while improving security for east-west traffic, multi-cloud traffic and bare metal applications in a consistent manner. Policy-based automation, consistent network security and central compliance support are critical for IT efficiency, business agility, and competitive advantage. Several ACI customers have achieved full automation of the network and are focusing on automation across their Layer 4-7 network services, security and application groups as the next step.”

Cisco ACI Software Release highlights:

Docker Container Support: Cisco delivers support for both physical and virtual endpoints, and now extends support for Docker container endpoints through integration with the Cisco Application Policy Infrastructure Controller (APIC) and Project Contiv. Project Contiv is an open source project defining infrastructure operational policies for container-based application deployment. ACI’s unified policy model enforces policy via endpoint groups (EPG), a collection of network endpoints that includes a wide range of entities, including bare-metal servers, virtual machines, and containers.  Docker offers an open source platform for running distributed applications in Linux containers.

Enhanced security: Cisco ACI now provides micro-segmentation support for VMware VDS, Microsoft Hyper-V virtual switch, and bare-metal applications, which allows granular endpoint security enforcement. Customers can dynamically enforce forwarding and security policies and quarantine compromised or rogue end points based on virtual machine attributes (such as Name, Guest OS, VM Identifier) or network attributes (such as IP address.) Organizations can also isolate workloads within the same policy group. For example, communication between all endpoints within the same web tier can be disabled through policy-based automation, which prevents security threats from moving laterally within the data center.

Support for multiple data centers: Cisco ACI now delivers consistent policy-driven automation across multiple data centers to enable application mobility and disaster recovery through the new multi-site application in the ACI toolkit.

Cisco ACI now also supports service insertion and chaining for any service device, without the need for a device package for policy coordination with the Cisco APIC. Customers can now seamlessly configure and manage all their existing network services, while automating network services connectivity.

Increased operational flexibility: Additional software capabilities provide:  support for NX-OS style Command Line Interface (CLI) for APIC, Basic and Advanced GUI modes, Simple Network Management Protocol (SNMP) support for APIC, and trouble-shooting wizard enhancements such as Heat Map. General availability is Q4 CY 2015.

Cloud automation tools: Adding to its support for Microsoft AzurePack for private cloud, Cisco now offers full policy-based cloud automation with VMware vRealize Automation and also OpenStack deployments. Cisco is extending ACI policy directly to the hypervisor using Opflex on Open vSwitch (OVS). OpFlex provides the policy-based integration between OpenStack and APIC. These will be generally available in Q4 CY 2015.

ACI Ecosystem expands to 47 members: In addition to CliQr, DataTorrent, and Vnomic, four new members that expand complete application and cloud services for ACI deployments have joined the ACI ecosystem: Apprenda, KillerIT, One Convergence and ScienceLogic.

Cisco also noted that it now has over 5000 Nexus 9000 ACI-ready customers using its open platform.

http://newsroom.cisco.com/press-release-content?type=webcontent&articleId=1732204