By Jesse Drake and Rosalia Villegas
It used to be that you had applications, and you had the network.
Then in 2013, Cisco announced an ambitious data center strategy that centered around the idea of Application Centric Infrastructure (ACI).
Configuring networks the old way was complicated, time-consuming, and prone to human error. The big change with ACI is it makes the network application-centric and programmable, from top to bottom, by combining traditional high-performance switching technologies with advanced management and automation capabilities.
UIT is in the beginning stages of converting the University's Downtown Data Center (DDC) to an ACI environment.
Why the change? There are several reasons.
An ACI data center:
- Integrates cloud computing and data center management
- Supports higher speeds
- Reduces oversubscription of core links
- Accelerates application deployment
- Automates IT tasks
- Represents a lifecycle upgrade: 50% of DDC switches will exceed vendor support in November 2017
- Improves network and server visibility for IT teams sharing common tools
- Security policies are white-listed between security zones by default
- Allows for auto-provisioning of the network
“The ability to auto-provision the network makes it like an Amazon experience,” said Tim Urban, senior engineer in UIT's Network & Core, referring to Amazon Web Services (AWS), an on-demand cloud computing platform with features similar to ACI.
Phase 1 (January 2017 to March 2018)
This phase involves racking network equipment, cable installation at the DDC, building the Application Policy Infrastructure Controller (APIC) and fabric, connecting the exisitng network to the new one, and moving routing and servers to the ACI fabric, a total of 1,800 ports.
“Now until the end of January, we’re pretty much keeping everything status quo,” Urban said. “Security policies that we have today will remain the same as we migrate servers from the old to new hardware and integrate [Virtual Machine] software into ACI environment. That lets us start to safely automate things and clean up some existing network configurations.”
Phase 2 (January 2018 to March 2020)
This phase focuses on tasks like application dependency mapping, in which automated tools discover the network, server, SAN, application components and their interconnection paths. This phase also requires the creation of ACI Endpoint Groups (EPGs), which are essentially security zones.
“EPGs provide security segmentation in the data center so that appropriate things can talk to each other, and things that shouldn’t can’t,” Urban said.
This major multi-year undertaking involves a variety of entities, including UIT’s Enterprise Architecture, Network Team, Hardware Platform Services, and Information Security Office (ISO), in addition to vendor partners Cisco, ConvergeOne and INVITE Networks.
“This is a major effort,” Urban said. “Until you get into it, you don’t necessarily know the entire scope, and things generally take longer than you anticipate. What we do know is there’s quite a bit of work and coordination ahead of us, but it will all be worth it in the end.”