Many organizations are undergoing a significant shift towards cloud-based resources and a geographically dispersed workforce. This presents a major challenge as legacy network architecture may not be up to the task. These outdated systems often struggle to securely grant remote access and integrate seamlessly with today’s private cloud networks.

Here’s where modern approaches like microsegmentation come into play. Businesses are ensured their networks are adaptable, secure, and can support their evolving needs in the digital age. Let’s explore how businesses can rethink their network strategy to unlock greater agility and security.

Network Security And Agility At Top Of Mind

In today’s hybrid cloud world, networks are the foundation for modern applications, connecting everything from microservices to AI. Recent developments over the past few years have exposed the need for a holistic digital transformation with secure networking at its core.

To support these demands, software-defined networking (SDN) tackles network management challenges by offering a centralized, application-centric policy framework that streamlines data center network management. This allows for automated configuration, boosting agility across data centers and private clouds.

The framework extends seamlessly to private clouds, enterprise hybrid clouds, and even WAN environments, unlocking several key benefits:

• Microsegmentation cybersecurity: Granular policy control safeguards workloads, minimizes the attack surface, and strengthens an enterprise’s overall security posture.
• Dynamic network provisioning: Automated network provisioning streamlines application deployment to accelerate digital transformation initiatives.
• Consistent security across clouds: Consistent enforcement of security policies across multi-cloud environments ensures a secure foundation for any workload, regardless of location.

By rethinking networks with a focus on security and automation, organizations can unlock a new era of agility, enhance security, and improve efficiency, paving the way for a successful digital transformation journey.

A Policy-Based Approach

Traditional, manual network configuration is a complex and error-prone process, which hinders agility in today’s enterprise hybrid cloud environments. Cisco Application Centric Infrastructure (ACI) offers a comprehensive SDN solution: policy-driven automation for microsegmentation in private cloud networks and beyond. Here’s how Cisco ACI simplifies network management:

1. Business-Driven Network Policy: Cisco ACI bridges the gap between business goals and network infrastructure. IT teams and stakeholders define high-level requirements, such as secure access to a CRM application. ACI translates this intent into a comprehensive network policy, including security measures, performance needs, and configuration details.
2. Automatic Provisioning: The policy becomes the blueprint for the network. Cisco ACI automatically provisions and configures network components (switches, firewalls, VLANs) and security services, eliminating manual configuration and streamlining deployment.

These benefits fuel faster application deployment, simplified management, and flexibility to ensure the network adapts to changing application requirements.

Building Secure And Agile Networks

Cisco ACI is designed to build data center networks around specific application requirements. This approach fosters microsegmentation cybersecurity, which is particularly valuable for private cloud networks and enterprise hybrid cloud deployments, enabling seamless application mobility across different environments.

Cisco ACI’s core architecture separates the data plane (packet forwarding) from the control plane (configuration and policy enforcement). This decoupling delivers enhanced agility for businesses by enabling rapid definition and application of network policies, which translates to faster application deployment and streamlined network changes. Additionally, the architecture inherently offers scalability to accommodate the growing data center needs of an ACI cloud environment. Let’s look at the components that drive Cisco ACI to empower your data center goals.

1. Centralized Policy Management with Cisco APIC

The Cisco Application Policy Infrastructure Controller (APIC) acts as the central brain of the ACI fabric. It offers:

• Unified Point of Automation and Management: The APIC simplifies network operations within the multi-tenant, scalable ACI fabric. It acts as a single point for policy configuration, automation, and health monitoring across physical, virtual, and private cloud network infrastructure.
• Policy Enforcement and Optimization: The APIC enforces network security policies (including microsegmentation) and optimizes overall network performance. This ensures consistent operations across enterprise hybrid cloud environments.
• Broad Ecosystem Interoperability: The APIC integrates seamlessly with various management, orchestration, and virtualization tools from diverse vendors and networks, including L4-L7 services.
• Open Programmability: An open, standards-based API exposes the ACI policy engine to external applications and orchestration tools, allowing for deep integration with existing workflows and automation frameworks.
• Web-Based User Interface: While automation is a core strength, the APIC also provides a user-friendly web interface for manual configuration and monitoring tasks when needed.

2. High-Performance Fabric with Nexus 9000 Series Switches

The Cisco Nexus 9000 Series switches are designed to be the cornerstone of high-performance data centers, private cloud networks, and enterprise hybrid clouds – particularly within Cisco ACI cloud deployments.

These switches deliver wire-rate switching speeds of up to 400 Gigabit Ethernet (GbE) and are future-proofed for 800 GbE architectures. Moreover, the Nexus 9000 Series utilizes a “fat-tree” architecture to achieve low-latency, high-bandwidth connections between leaf and spine switches.

Offering both fixed-configuration and modular switch options, the also provides flexibility for deployment, scalability, and redundancy.

• Each leaf switch directly connects to all spine switches to create multiple efficient data paths.
• Leaf switches act as Top-of-Rack (ToR) switches, providing connectivity between servers and external networks. They are fully programmable to support specific application requirements and offer Layer 2/Layer 3 capabilities, Quality of Service (QoS), security features, and virtualization support.
• Spine switches function as Layer 3 aggregation points, interconnecting leaf switches and ensuring high-bandwidth data flow throughout the network. Like leaf switches, they are fully programmable and support all Layer 2/Layer 3 protocols.

The Nexus 9000 Series, furthermore, offers deployment flexibility through two modes:

• NX-OS Mode to ensure compatibility with existing network environments.
• ACI Mode to provide full access to Cisco ACI features for microsegmentation cybersecurity within private cloud or hybrid cloud deployments.

This modular architecture provides the following deployment options:

• On-premises for policy-driven management of existing data centers
• Cloud-based (including public, private, and hybrid) for consistent policy enforcement across the entire IT infrastructure
• SD-WAN edge for managing and securing branch office connectivity with the same policy-driven approach.

Policy-based automation streamlines operations, strengthens control and security, and empowers businesses to build agile and scalable enterprise hybrid cloud infrastructure. Businesses, especially IT teams, can then shift its focus to driving innovation and growth, while developers benefit from a consistent development experience across all environments, including private cloud networks and ACI cloud deployments.

Final Thoughts

The digital revolution has ushered in an era where adaptable and secure IT infrastructures are crucial. Businesses should re-evaluate their network design to remain competitive. A modern network foundation with microsegmentation cybersecurity principles in mind should seamlessly integrate with cloud environments. This streamlines operations and frees your IT team to focus on strategic initiatives.

Choosing the right Cisco ACI solutions provider is critical. WEI is a leader with a deep technical bench capable of understanding of your business goals. Our proven expertise in Cisco ACI unlocks the platform’s full potential, empowering you to harness the power of your enterprise hybrid and private cloud networks. This translates to seamless integration, robust security, and enhanced operational efficiency across your entire network landscape. Contact us today to get started.

Next steps: As businesses undergo digital transformation, the need for updated corporate networks and IT architectures becomes critical. Cisco ACI aids this shift by providing a network foundation that integrates with cloud environments and adapts to changing business needs.

It offers policy-driven automation to streamline infrastructure deployment and management, facilitates workload transfers across various frameworks, and enhances security. This technology simplifies and speeds up the application deployment process, helping organizations manage digital transformation complexities and prepare for future challenges.

Download our free white paper, to find out more about this proven solution.

The post What Does Microsegmentation In The Enterprise Hybrid Cloud Era Look Like? appeared first on IT Solutions Provider - IT Consulting - Technology Solutions.

Companies live in an environment today in which the “time to value” is diminishing constantly. In order to attain continuous profitability, IT managers and their staffs must focus on strategic value added projects rather than dissipate their time with routine maintenance of the existing infrastructure. Multiple studies point out that routine maintenance is currently consuming as much as . Simply put, IT Managers must find a new paradigm that can deliver their organization to the promised land.

Enter: Software Defined Networking

Software defined networking (SDN) is a buzzword today the same as virtualization was a decade ago. SDN is about virtualizing hardware and centralizing control of it as software at the application layer. SDN is about simplifying the network infrastructure of the enterprise by centralizing the control of all of its many devices such as switches and routers, into the software layer, making it application centric rather than hardware centric. Its goal is to deliver self-service network configurations, allowing applications to dynamically route network traffic, reconfigure, and even create additional network resources based on user initiated demand.

SDN sets out to make the switch and router infrastructure as agile and as flexible as the virtual server and its corresponding data are today within modern-day network data centers. Switches and routers can be provisioned and then decommissioned as easily as virtualized servers and workstations. This packaging of device virtualization and network infrastructure allows users to implement a complete network experience.

But SDN is much more than just automated deployment of end-to-end network computing environments. It’s also about delivering packets across the network more efficiently and effectively. In today’s legacy based network, the firmware of the switch or network device determines how frames and packets are forwarded and ultimately delivered to their destinations. Various types of traffic can be prioritized according to QoS rules, but identical traffic destined for the redundant endpoints are treated identically. removes the responsibility of managing network traffic from the device itself and puts it in the hand of a centralized controller that can make forwarding decisions based on network variances and conditions. With SDN, the total network can work in total synchronization with user and application demand.

Time is money for Enterprise Applications

The term “application” can be misleading as we often think of a single application that resides on our personal device. Enterprise applications are usually far more complicated. A web application for instance is many times composed of three tiers:

1. Web tier (where the users connect to a web server)
2. Application tier (which may reside on the web server or another server)
3. Backend tier (which usually hosts some type of database in which the application integrates)

Each of these web component devices will need IP addresses, DNS records and possible NAT assignments. On top of this, the application traffic may require a separate VLAN throughout the switch network along with QoS assignments. Routers may have to have access control lists and routing tables may be modified as well. Traditionally, this type of undertaking within a large enterprise could consume weeks if not months and in today’s global hyper competitive economy, time is money.

It’s not just the dynamic implementation of new applications that needs to be automated, but the decommissioning of applications as well. Application specific VLANs and routing entries need to be erased from the devices they were robotically created on in the first place, minimizing the footprint of these devices in order to maximize both security and performance. To sum it up, enterprise infrastructures must become application aware and more agile to support dynamic application instantiation and removal.

Imagine the following scenario for the implementation of a highly complex enterprise application such as an ERP system. Relying on your IT staff to configure the network for such a mammoth software implementation would be highly time consuming and hiring an outside consulting team would be expensive. But what if the application vendor provided you with an SDN ready configuration that could simply be pushed out onto all of your data plane devices? Imagine how much time and money that would save. Believe it or not, this scenario is completely plausible with SDN solutions that are readily available today such as Cisco ACI.

Overview of Cisco Application Centric Infrastructure

Cisco ACI stands for Automation is built from the ground up with Cisco ACI. Their design efforts were directed under a mandate of simplicity and as a result, Cisco developed a fresh approach to networking that completely streamlines the application deployment process.

At the core of ACI is the Application Policy Infrastructure Controller or APIC. The APIC is a centralized clustered controller that provides the programmability and centralized management that in term governs the network fabric in order to provide an optimized ecosystem for desired applications. Underneath the APIC lies a simple two tiered switch architecture rather than the traditional three-layer system embraced by traditional networks. Though well suited for the traditional client-server traffic of yesteryear, the traditional 3-layer switch design is poorly suited for the east-west traffic flow patterns that are typical of today’s data center. Cisco’s two layered approach, referred to as a leaf-and-spine architecture, creates a redundant and highlight efficient mesh fabric that allows for nearly unlimited scalability. Spine switches are the core devices, but instead of being a large, chassis-based switching platforms (as is characteristic of traditional core switches), the spine is composed of many high-throughput Layer 3 switches with high port density. Leaf switches make up the access layer; providing network connection points for servers, as well as uplink to the spine switches.

The real genius of ACI lies in what Cisco refers to as the Network Application Profiles which they describe as an automated deployed Cisco validation design. The NAP contains all of the configuration information required by the app for the supporting network devices such as VLAN, ACL and firewall settings. Essentially the application network profile is the end to end connectivity and policy requirements for an application. Once created, the NAP can be deployed within minutes. What’s more, complicated application vendors can simply supply you a preconfigured NAP as part of your application package. Implementation can be completed the day of purchase.

What is Group-Based Policy?

Cisco describes it as:

“(GBP) is an API framework for OpenStack that offers an intent-driven model intended to describe application requirements in a way that is independent of the underlying infrastructure. Rather than offering network-centric constructs, such as Layer 2 domains, GBP introduces a generic “Group” primitive along with a policy model to describe connectivity, security, and network services between groups. While GBP has focused on the networking domain, it can be a generic framework that extends beyond networking.”

describes group-based policy as “an application-centric policy model” that separates information about application connectivity requirements from information about the underlying details of the network infrastructure.”

This approach offers a number of advantages, including:

• Improved automation: Grouping constructs allow higher-level automation tools to easily manipulate groups of network endpoints simultaneously.
• Easier, application-focused way of expressing policy: By creating policies that mirror application semantics, this framework provides a simpler, self-documenting mechanism for capturing policy requirements without requiring detailed knowledge of networking.

• Consistency: By grouping endpoints and applying policy to groups, the framework offers a consistent and concise way to handle policy changes.

• Extensible policy model: Because the policy model is abstract and not tied to specific network implementations, it can easily capture connectivity, security, Layer 4 through 7, QoS, etc.

Cisco ACI makes extensive use of group-based policy in its application-centric policy model, in which connectivity is defined by consolidating endpoints (physical or virtual) into endpoint groups (EPGs). Connectivity is defined when the end user specifies a contractual relationship between one EPG and another. The end user does not need to understand the protocols or features that are employed to create this connectivity. Figure 1 provides an overview of this model.

Differences between traditional and Application centric infrastructure (ACI)

1. Automation: ACI allows to automate configuration through a servers network.
2. Time: In traditional structures, an IT admin would need weeks to deploy a new app, while in ACI structures it’s faster because the IT admin works at the application level.
3. Efficiency: Without ACI there is no shared architectural model, causing many problems when implementing the app. With ACI there is a shared model for policy automation that enables less people do more.
4. Security: managing only one policy for many servers decreases the probability of error, thus granting a higher level of security.
5. Scale: amplifying the scope of your network is easier, being able to implement new hardware in less time.
6. Openness: With this structure, centralizing all the access to data helps to deliver more connectivity.

Cisco ACI is a Game Changer for the Digital Business

The IT industry is going through a significant transformation, with BYOD, big data, cloud computing, Software Defined Data Center, IT as service, and security now prominent concerns. At the same time, companies increasingly want to reduce overall IT spending and provide much-improved levels of service to business units by increasing overall IT agility. Many in the networking industry have cited SDN as the model to move the industry forward. Cisco ACI is a catalyst to help promote the adoption of SDN throughout the IT industry: in essence, as an enabler of the SDN vision.

DID YOU KNOW?
WEI is Cisco ACI certified and is one of the very few IT solutions providers worldwide with experience implementing Cisco ACI in production environments. Want to learn more about our experience with Cisco ACI? Contact us today to start a discussion.

The post Cisco ACI: An SDN Solution for Digital Transformation appeared first on IT Solutions Provider - IT Consulting - Technology Solutions.

Data center architectures have continually evolved to meet the needs of mobile, social, big data, and cloud applications–and enterprise security solutions have evolved as well to support the new security needs of these applications in

Attacks on data centers are increasing, and physical security appliances aren’t sufficient to stop them. Independent research shows that successful attacks are occurring with growing regularity, and at increasing costs to enterprises. Seventy-five percent of all attacks begin stealing data in a matter of minutes, and may not be detected for quite a while. Additionally, after an attack has been discovered, full containment and repair can take weeks. There is no question that a new model for data center security is needed before these attacks become unstoppable.

Micro-Segmentation adds additional security

Micro-segmentation is a method of creating secure zones in data centers and cloud deployments that allows companies to isolate workloads from one another and secure them individually. It’s aimed at making network security more granular.

While traditional firewalls, intrusion prevention systems, and other security systems are designed to inspect and secure traffic coming into a data center from outside, micro-segmentation gives enterprises greater control over the growing amount of lateral communication that occurs between servers. This communication bypasses perimeter-focused security tools and has traditionally been vulnerable to attack.

Cisco lists the following goals for micro-segmentation:

1. Programmatically define segments on an increasingly specific basis, achieving greater flexibility (for example, limit the lateral movement of a threat or quarantine a compromised endpoint within a broader system)
2. Automatically program segments and policy management across the entire application lifecycle (from deployment to decommissioning)
3. Enhance security and scalability by enabling a zero-trust approach for heterogeneous workloads.

3 Security Solutions for micro-segmentation

Here are three networking security solutions enterprises should consider.

Cisco ACI

uses a new application-aware construct called an endpoint group that allows application designers to define the endpoints that belong to the EPG regardless of their IP addresses or the subnets to which they belong. The endpoint can be a physical server, virtual machine, Linux container, or even traditional mainframe computers.

With Cisco ACI’s highly specific endpoint security enforcement, customers can dynamically enforce forwarding and security policies, quarantine compromised or rogue endpoints based on virtual machine and network attributes, and restore cleaned endpoints to the original EPG.

Additionally, while data center micro-segmentation can provide enhanced security for lateral traffic within the data center, its true value lies in its integration with application design and holistic network policy, and it must interoperate transparently with a wide variety of hypervisors, bare-metal servers, L4-L7 devices, and orchestration platforms.

VMware NSX

micro-segmentation meets security recommendations made by the National Institute of Standards and Technology (NIST) in providing the ability to utilize network virtualization-based overlays for isolation, and distributed kernel-based firewalling for segmentation through ubiquitous centrally managed policy control. It also uses higher-level components or abstractions in addition to the basic 5-tuple for firewalling.

, NSX based micro-segmentation goes beyond NIST recommendations and enables the ability for fine-grained application of service insertion where they are most effective: as close to the application as possible in a distributed manner while residing in separate trust zones outside the application’s attack surface.

Finally, for physical to physical communication, NSX can tie automated security of physical workloads into micro-segmentation through centralized policy control of those physical workloads through the NSX Edge Service Gateway or integration with physical firewall appliances. This allows centralized policy management of your static physical environment in addition to your micro-segmented virtualized environment.

Illumio 

The Illumio Adaptive Security Platform (ASP) makes the invisible visible by mapping out connections between workloads in a single application, as well as connections between the applications themselves. This may reveal connections between systems that you weren’t aware of before and helps identify risks that weren’t immediately obvious.

Illumio uses this map of network traffic to automatically generate micro-segmentation policies for every workload and application running anywhere, on any computer platform, and analyze them in seconds – saving security teams critical time, reducing the risk of human error and improving policy consistency across the network.

The Takeaway

Micro-segmentation offers significantly more visibility and policy granularity than network or application segmentation, including the ability to fully visualize the environment and define security policies with process-level precision. This added granularity is increasingly important as growing use of cloud services renders traditional network-based security boundaries ineffective and elevates the urgency of detecting and stopping lateral movement

Are you looking for additional information on how to up your security game to meet the needs of your organization? Contact the network security experts at WEI for an unbiased perspective to solving your enterprise’s security challenges. 

NEXT STEPS
Software defined networking represents an unparalleled innovation for IT network professionals managing enterprise networks. It’s flexible, smart, and highly automated. If you’d like to learn more about SDN, why you need it and the promises it delivers to a modern enterprise, we invite you read our white paper, “Software Defined Networking – The Next IT Paradigm of Promise.”

The post Defend Your Enterprise Network with Micro-Segmentation appeared first on IT Solutions Provider - IT Consulting - Technology Solutions.

This week we will discuss three challenges that can be associated with Cisco Tetration, along with some suggestions on how to avoid or lessen the impact of these factors. We will also look at three benefits of incorporating Cisco Tetration into your infrastructure strategy.

The post 3 Challenges and Benefits of Cisco Tetration appeared first on IT Solutions Provider - IT Consulting - Technology Solutions.

Writer’s note: Every Thursday in November and December, this blog will highlight the SDN solution, Cisco ACI. As market acceptance and adoption increases for SDN, IT professionals can count on WEI to fairly evaluate the market leading SDN solutions available today.

Several analysts have predicted a rise in the adoption of SDN and software-defined technologies in the years ahead. We stand by the prediction as our networking solution engineers often get asked about our experience implementing the market leading available today. Read through this example of how WEI assisted its customer with a data center relocation and consolidation project that was enhanced by the implementation of Cisco ACI — which presents a new networking model that leverages policy-based networking.

Challenge

A Fortune 100 Communications company was faced with a data center relocation initiative as their building lease was about to expire. The company saw this relocation as an opportunity to consolidate their existing data center and build a new state-of-the-art data center with infrastructure built for today, and for the future.

The customer was faced with the following challenges:

• The building lease expiration posed a tight deadline, especially for relocating a data center of this size
• This data center housed the customer’s VDI environment, Telecom equipment and Business Applications, making it critical to minimize downtime and impact to employees
• could not be compromised

Given WEI’s vast experience managing data center relocations coupled with experience implementing software defined networking solutions, the customer brought in WEI to manage the data center consolidation, relocation, and integration of net new infrastructure, as well as the implementation of the

Solution

As a supplier of the customer’s data center components (servers, storage, and networking), WEI already understood the existing IT environment and was able to get started quickly. WEI’s project management team brought together the three stakeholder groups, the Data Center Infrastructure Manager, and the Server and Networking teams, to understand business goals and requirements. The Data Center Infrastructure Manager required the new data center to run on DC power. Since WEI is the only in the region with DC power options available, WEI staged all the equipment in our Data Center Demo Lab over an 8-week period replicating the customer’s environment with servers, storage, and software defined networking with Cisco ACI.

The hardware and software configuration was done collaboratively among WEI, Cisco and the customer’s networking team during a week-long testing and training session in WEI’s Knowledge Transfer Center. This was a huge time-saver for the customer because they did not have to wait for the new data center install to be complete in order to start testing Cisco ACI in their updated environment.

WEI also led the data center build and played a major role in the physical install with the Rack and Stack of 70 cabinets by WEI integration and engineering teams.

Outcome

The decision to implement Cisco ACI was a key factor in the success of the consolidation and relocation because its backbone infrastructure allowed the data center to be set up quickly. ACI features automatic fabric deployment and configuration with single point of management by the . Only one rack had to be configured and then the APIC pushed the configuration to the 70 racks in the new data center, which saved a significant amount of time.

Cisco ACI allows for:

• More portability for applications across different data centers
• Automation of IT tasks, such as switch configuration and deployment
• Policy-based networking with no limitations on the number of VLANS
• More secure network with built-in microsegmentation
• Accelerated data center application deployment

Cisco ACI and the engineers from WEI transformed the customer’s traditional data center networking model to one that is policy-based. As new applications are developed or added, the customer has the infrastructure in place to allow for security and connectivity to be built around the application, rather than the network.

“WEI is Cisco ACI certified and is one of the very few IT solutions providers worldwide with experience implementing Cisco ACI in production environments.”

– Greg LaBrie, WEI Director of Technology Solutions and Services

This project was the largest Cisco ACI implementation in a production environment in the United States. The goal of this data center relocation was to build an efficient, secure data center that can scale, and it gave the customer a new greenfield production environment. The success of this implementation will be mirrored and rolled out in the customer’s data centers across the country.

Next Steps

Ask us about and how it fits into your roadmap of IT priorities and projects.

The post Cisco ACI Case Study: Data Center Relocation and Innovation appeared first on IT Solutions Provider - IT Consulting - Technology Solutions.

Writer’s note: Every Thursday in November and December, this blog will highlight the SDN solution, Cisco ACI. As market acceptance and adoption increases for SDN, IT professionals can count on WEI to fairly evaluate the market leading SDN solutions available today.

Networks are continuously undergoing some level of transformation and conversion to new technologies and bandwidth capabilities. It is the nature of the beast and one that data center managers are all too familiar with. However, IT leaders are facing increasing levels of required network alterations and conversions today due to several emerging trends:

• Continued virtualization of server resources resulting in 10 GB server connectivity requirements
• Network traffic congestion that now warrants continuous 10 GB infrastructure
• Highly virtualized computer environments that demand continuous network availability
• Birth of that allow for automated provisioning and policy enforcement
• A shift to network architectures that can simplify operations and accommodate efficient and fluid programmable infrastructure for DevOps
• The shifting direction of data center traffic from a traditional north-south stream to the east-west current that is typical of multi-tiered web application environments

Achieving these objectives will require a new type of underlying network infrastructure consisting of devices that are designed for these demands, as well as a more efficient type of network topology to organize them.

The majority of are built around a three-layer hierarchical design which has served us well up to now. This design consists of an access layer, aggregation layer and core. This topology was designed around the traditional client-server traffic patterns we have grown accustomed to. A typical device that has served as the work horse of this design is the Cisco Catalyst 6500. Although it can be found within all three layers, it is more commonly utilized in the access layer where it can accommodate servers with 1 GB connections.

Traditional devices such as the Cisco Catalyst 6500 were originally designed to make forwarding decisions in the supervisor engine. Although this was well suited for the traffic levels of yesteryear, the 10 GB traffic of today requires that forwarding decisions be distributed to the line cards to increase performance and to reduce the amount of traffic required to flow through the supervisor engine.

A New Networking Model

In order to meet the new challenges of today, data centers must transition to a new switch topology called the Leaf-Spine. The leaf-spine is a two-layer network topology composed of leaf switches and spine switches. Servers and storage connect to leaf switches which in turn connect to high port capacity spine switches. Think of leaf switches as the access layer and spine switches as the core. One of the key concepts of the is the fact that a server has to cross the same number of devices every time it connects to another server which ensures greater efficiency and is ideally suited for today’s east-west traffic flows.

A new topology requires a new type of switch and the Cisco Nexus 9000 series is specifically designed to take the data center to the next level in both . The 9000 comes in both modular and fixed configuration and can serve in both traditional and leaf spine architectures. It is ideally suited for virtualized and non-virtualized server environments and can provide the underlying network structure for virtualized, bare-metal and cloud computing environments.

The support two modes of operation: NX-OS standalone mode and Cisco Application Centric Infrastructure (Cisco ACI) fabric mode. In standalone mode, the switch performs as a traditional switch but with greater port density, reduced latency and 40 GB connectivity. It can accommodate an astounding 1,024 10 GB connections. In ACI fabric mode it supports the new SDS paradigm which combines hardware forwarding, software and automation into a single package by separating the controller from the data plane.

Innovation is at the very core of the 9000 series which is designed to achieve greater power and cooling efficiencies. The Cisco Nexus 9000 Series power supplies are more than 90 percent efficient at 20, 50, and 100 percent of load (platinum rated), providing industry’s lowest watts per port. As power and cooling expenditures are very real costs for any data center, cost savings are incurred regardless of the ecosystem that the 9000 supports.

In summary, the Cisco Nexus 9000 switch series provides the innovation, bandwidth and feature capabilities to hasten the transition of your data center to meet the challenges of today.

and how this SDN solution can help accelerate your organization’s digital transformation.

The post Cisco ACI Takes your Data Center to the Next Level with Nexus 9000 Switches appeared first on IT Solutions Provider - IT Consulting - Technology Solutions.

There’s a lot of talk about SDN solutions today such as Cisco’s Application Centric Infrastructure. In fact, Cisco ACI is the industry’s most comprehensive software defined networking (SDN) architecture to date. By integrating ACI into , IT now has the ability to align IT services with business objectives and policy requirements.Achieving this organizational transformation can be a game changer for most any organization, allowing them to streamline their services at large and gain greater efficiencies and profit margins. Instead of serving its traditional role as a cost bucket, IT can become a leader, introducing and initiating value added projects that recognizably add to the profitability and success of the business.

All of that is wonderful, that is as long as IT is taking care of the most important facet of all – keeping the network secure. Having the agility and responsiveness to allow users to easily access the analytical information they need or to provision desired resources in a matter of minutes is all well and good, but if the integrity of those resources are compromised then it all doesn’t really matter. Having an infrastructure that provides an elastic fertile ecosystem for application developers is great, but if that innovation is accessed in an unauthorized manner, then all of those benefits are instantly nullified.

To put it simply, security is job #1! That’s why provides embedded security and policy-based automation to ensure that your provisioned resources are secured through an evolutionary process called microsegmentation. The idea of segmenting the network is nothing new. Your firewall segments areas of your network such as LAN, DMZ, Internet, etc. Think of Ransomware and how it seeks out connected drives. Some new strains of it can even seek out a company’s backups if they exist on the same segment as the infected device.

How exactly does microsegmentation with Cisco ACI work?

is about separating segments from the broadcast domain by creating policy definitions. It uses a new application-aware construct called the endpoint group, or EPG, that allows application designers to define the endpoints that belong to the EPG regardless of their IP addresses or the subnets to which they belong. An endpoint can be a physical server, a virtual machine, a Linux container or a mainframe computer. ACI provides microsegmentation support for VMware vSphere Distributed Switch, Microsoft Hyper-V virtual switch, and bare-metal endpoints, the type of endpoint is irrelevant. You just need all of them secured regardless of IP address, MAC address, endpoint type or network location.

This idea of microsegmentation is then compounded with the core principle of conducting a zero-trust approach to each and every device. ؛£½اض±²¥ can be provisioned on a grand scale and in quick fashion, but they aren’t trusted upon boot up. A device is inaccessible until it has been issued a preconfigured policy which then, and only then, allows it the ability to communicate with other devices in the network. IT personnel can quarantine compromised or rogue endpoints or limit the lateral movement of a threat quickly and easily. With ACI, there is no window of vulnerability during the provisioning process.

Policy-based automation is the embedded security that is at the very core of . An EPG by definition is a microsegment, and its security enforcement policy is defined by a contract that consists of a built-in stateless whitelist firewall and Layer 4 through Layer 7 (L4- L7) service insertion policy that supports a robust ecosystem of L4-L7 partners for next-generation firewall (NGFW) and next-generation intrusion prevention system (NG-IPS). You can make your policies as granular as necessary, creating a unique policy model for within one policy model for networks, servers, storage and services.

By instilling this protected means of microsegmentation, complimented by automated granular policies, Cisco ACI helps lower TCO of your infrastructure investments, on top of all of the other means through which it reduces costs and adds value as well. Cisco ACI is the complete package, which is why it is the premier SDN solution in the market today. Interested in learning more? Check out our white paper titled

The post Cisco ACI Secures Your Enterprise through Microsegmentation appeared first on IT Solutions Provider - IT Consulting - Technology Solutions.