Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Cisco SDN user says just pick what you need

Jim Duffy | Oct. 26, 2015
Don't bite off more Application Centric Infrastructure than you can chew.

cloud security ts

You don’t have to go all in on Cisco’s SDN to reap many of its benefits.

That’s what Danish cloud provider Venzo A/S found with its implementation of Cisco’s Application Centric Infrastructure (ACI). Venzo turned up a new point of presence with ACI and an underlay of Cisco Nexus 9000 switches a year ago to handle increased subscriber capacity and automate network configuration.

Venzo provides software-, platform- and infrastructure-as-a-service based on Microsoft products, such as Office 365, Hyper-V, Azure, Lync and Exchange. The cloud provider is availing itself of ACI’s group-based policy and contract capabilities, which assign and enforce policies based on groups of inter-communicating endpoints.

ACI features Venzo is bypassing for now include service graphing, or chaining, in which ACI configures Layer 4-7 services devices such as firewalls and load balancers. Venzo is also not using ACI’s Application Virtual Switch for VMware vSphere workloads, or Cisco’s Nexus 1000v virtual switch at the present time though with the microsegmentation features Cisco is adding to them, use may become imperative.

For now though, all Venzo needs from ACI is a resilient, scalable and reliable fabric.

“We needed to buy something that we could run in production right away,” says Thomas Raabo, principal infrastructure engineer at Venzo Hosting. “We needed to do something different, through APIs. But we didn’t need to enable all of the features Day One.”

The new PoP supports 1,000 virtual machines and 400 users. The ACI fabric includes eight leaf switches and two spines but Venzo plans to support 32 leaves and 240 hosts in each ACI pod, Raabo says.

And after discounting, customers can get up and running on ACI for under $100,000, he says.

ACI serves as an orchestration layer on top of Nexus 9000 switches, Raabo says. All of the provisioning is done from scripts interfacing with ACI’s APIC through a REST API.

Venzo is using ACI as a way to automate the configuration of VLANs and then add services to them.

“We wanted to scale without adding cost or losing agility,” Raabo says. “We wanted to grow the network without having to grow our networking team.”

Venzo configured storage and network infrastructure tenants in the ACI fabric for separation and control. Venzo can grant access to storage via endpoint groups (EPGs) in those tenants.

The cloud provider is also using ACI microsegmentation to divide the PoP into smaller, more protected zones than can be configured through perimeter defense. Through ACI microsegmentation, each server or application is put into an EPG with context within and between them.

This is not as easy as it is in VMware’s NSX, Raabo says, because NSX adds a firewall to each VM.


1  2  Next Page 

Sign up for CIO Asia eNewsletters.