Avoid Wild Light Sabers & See How Pulsant Delivers Cloud Services Faster With ACI (Case Study)


Being fast is important this time of year.

X–Wing Fighters in “Star Wars: The Force Awakens” are fast.

Avoiding that overly excited light saber wielding fan in line requires you to be fast.

Holiday shoppers are snatching up deals fast.

Retailers with transaction spikes need to add infrastructure capacity fast.

Your customers want their IT Infrastructure services fast…and Application Centric Infrastructure (ACI) helps deliver that speed.

This IDC report shows how Pulsant – a UK based IT Infrastructure Services Provider – delivers services fast with ACI. It also quantifies the returns on that speed and other benefits. In some ways, their story is like that of many customers – they need to deliver IT services faster, they need to do more with less…you know the drill. And if you are using ACI, you also know how to address those issues. If not, take a couple minutes and check out the report. In it, Martin Lipka, Head of Connectivity Architecture at Pulsant, addresses a number of interesting issues and IDC helps to quantify them. Check out how Pulsant is:

  • Onboarding customers faster with the “simplified automation” ACI provides
  • Growing its customer base without needing to add a commensurate number of network engineers
  • Reducing the frequency of misconfigurations and improving the security of its services

In the report, Martin explains how “automation and repeatable processes enabled by Cisco ACI have benefited his company by reducing the time needed to provision network resources and speeding up deployment cycles.” For example, “Pulsant needed an average of 7–14 days before moving to Cisco ACI to deliver a bespoke cloud service to a customer, whereas it now needs only 2–3 days.” At the back end, when those services are no longer needed, “the network process of decommissioning a customer and cleansing the configuration has gone from taking hours to seconds thanks to Cisco ACI’s built-in automation.”

ACI helps Pulsant deliver services fast. ACI also delivered a return fast – ROI analysis showed a payback period of under 7 months.

In summary, if you are looking to deploy services fast, tear them down fast, get a return fast – check out the report and check out ACI.

And, oh yeah, as a public safety message, please let’s not swing those light sabers too fast tonight. May the force be with you…

Photo courtesy of commons.wikimedia.org

Tags: , , , , , ,

TPC-DS V2 – A new benchmark standard for SQL based Big Data systems

Announced today, TPCDS V2 is the Industry’s first standard for benchmarking SQL based big data systems.

Over the last two years, the Transaction Processing Performance Council (TPC), has reinvented itself in several ways – with new standard developments in Big Data, Virtualization, and the Internet of Things.

Foreseeing the demand for standards for characterizing big data systems, in August 2014, the TPC announced the TPC Express Benchmark HS (TPCx-HS) – the industry’s first standard for benchmarking big data systems. The TPCx-HS was designed to evaluate a broad range of system topologies and implementation methodologies related to big data. The workload is based on a ‘simple’ application that is highly relevant to Big Data, especially for Hadoop based systems. ‘Simple’ is great – historically the end user customers have adopted simple workloads and easy to understand metrics. (Look at TPC-C! One of the most successful industry standards, with over a thousand publications demonstrating the progress of application performance inline with Moore’s law for over a quarter century. Metric is – transactions per minute – can we think of anything simpler than that?). TPCx-HS has done well so far as a standard, giving verifiable performance and TCO, with over a dozen benchmark publications with products from more than six vendors definitely broke the records for standards since the TPC-H in 1999.

That said, there is an important play for ‘complex‘ workloads, especially in developer and researcher circles. One such example is TPC-DS, originally developed to evaluate complex decision support systems, based on relational database systems. There is a long and interesting history with TPC-DS, it took over ten years for the TPC to develop this standard. Though there have been several research papers and case studies, there has been no official results submission since it became a standard in 2011. There are several technical and non-technical reasons, top among them are (i) the complexity of the workload with 99 query templates and concurrent data maintenance, (ii) complex means uncertainty, vendors are concerned about “over exposure” of their technologies and products in terms of performance and price-performance. So its a successful benchmarks in terms of serving the academic and research community but a failure in terms of serving the customers (purchase decision makers).

Interestingly, in the last two years, the Hadoop community has adopted the TPC-DS workload for performance characterization; this is mainly due to the richness and broad applicability of the schema, data generation, and some aspects of the workload, and its non bias towards relational systems. And, not surprisingly, there have been several claims that are not verifiable and reproducible by the end users – and obviously in violation of the TPC’s fair use polices. To put an end to this in a positive way, the TPC stepped up and created a work stream to extend support for non relational (Hadoop etc.) systems, resulting in the creation of the TPC-DS 2.0. If you go through the specification, you will see well thought out changes to make it Hadoop friendly in ACID compliance, data maintenance, and metric.

I am most excited about it’s use in comparing SQL based systems – traditional relational systems vs. non-relational – in terns of performance and TCO – something on top of mind for many.

The TPC is not stopping here. We are developing another benchmark – TPC Express Benchmark BB (TPCx-BB), that shares several aspects of TPC-DS, which will be offered as an easy to run kit. TPCx-BB is currently available for public review. The TPC is encouraging interested parties to provide their reviews by January 4, 2016 by clicking here TPCx-BB. And, if benchmarking IoT is of interest to you please join the  IoT working group.

The of significant contributors to TPC-DS  include Susanne Englert, Mary Meredith, Sreenivas Gukal, Doug Johnson,  Lubor Kollar, Murali Krishna, Bob Lane, Larry Lutz, Juergen Mueller, Bob Murphy, Doug Nelson, Ernie Ostic, Raghunath Nambiar, Meikel Poess (chairman), Haider Rizvi, Bryan Smith, Eric Speed, Cadambi Sriram, Jack Stephens, John Susag, Tricia Thomas, Dave Walrath, Shirley Wang, Guogen Zhang, Torsten Grabs, Charles Levine, Mike Nikolaiev, Alain Crolotte, Francois Raab, Yeye He, Margaret McCarthy, Indira Patel, Daniel Pol, John Galloway, Jerry Lohr, Jerry Buggert, Michael Brey, Nicholas Wakou, Vince Carbone, Wayne Smith, Dave Steinhoff, Dave Rorke, Dileep Kumar, Yanpei Chen, John Poelman, and Seetha Lakshmi.


TPC-DS V2 Specification
TPC Press Release
Vendor-Neutral Benchmarks Drive Tech Innovation
The making of TPC-DS
Transaction performance vs. Moore’s law: a trend analysis


Snort your way to PCI compliance

When organizations look to secure their retail stores, branches, or points-of-sale, meeting the required mandates for Payment Card Industry (PCI) security compliance quickly becomes the number one prioritized focus area.  In fact, the 2015 Verizon PCI compliance report demonstrates this when it states that the number of companies that fully complied with the payment card industry (PCI) security standards during 2014 rose to 20 percent from about 11% in 2013. While this standalone increase in compliance is great, Verizon also notes that less than a third of the companies were fully compliant a year later after successful validation. The major takeaway here is that it is unfortunately easy to fall out of compliance if organizations don’t take the appropriate steps to maintain their security.  With 69% of consumers admitting that they will be less inclined to do business with a breached company, it is increasingly important for reaching and maintaining PCI compliance to be one of the highest priorities for organizations.

PCI Requirement 11 demands that organizations have a sustainable network and application vulnerability management program and that evaluates the overall effectiveness of security measures in place across the organization.  In a very telling sign, most organizations that suffered a breach were not compliant with Requirement 11.  Intrusion detection and prevention systems (hereafter, “IPS”) technology play a critical role in helping meet PCI compliance by monitoring all traffic in the cardholder data environment and issuing timely alerts to suspected compromises. Of course, simply having the technology is not enough.  Considering many organizations fall out of compliance due to maintenance, it is absolutely critical that IPS engines are updated with new signatures and rule sets to ensure that new threats are stopped.


Here, at Cisco, we’re happy to announce that our Cisco Integrated Services Router (ISR) 4000 Series  now come equipped with Snort IPS to help customers meet these PCI-compliance requirements at the branch. Snort IPS is an open source, signature-based  IPS that is capable of real-time traffic analysis and packet logging.  With over 4 million downloads and nearly 500,000 registered users, it is the most widely deployed IPS in the world.  Now, with Snort IPS on the ISR 4000 platform, retail stores, small businesses, home offices, and other organizations that process payments can turn on cost-effective IPS capabilities in their ISR 4000 branch routers without the need for an additional appliance.

To help organizations stay PCI-compliant, maintenance for Snort IPS is simple.  Rule set updates cultivated by Cisco Talos Security Intelligence and Research Group can be downloaded automatically to your ISR 4000 router. Cisco Talos network security experts work around the clock to proactively discover, assess, and respond to the latest trends in hacking activities, intrusion attempts, malware, and vulnerabilities. Snort IPS complements other integrated security features on the 4000 Series routers such as VPN, zone-based firewall, and connectors to Cisco Cloud Web Security (CWS) help you implement and maintain a cost-effective and secure PCI-compliant “one box” solution.

What are the benefits?

  • Save scarce rack space in the branch with an “all-in-one-box” solution that builds integrated security and threat protection into your Cisco ISR 4000.
  • More easily adhere to and maintain Payment Card Industry Data Security Standard (PCI-DSS) (and other regulatory) compliance at the branch
  • Halt malware and other threats at their entry point, before they can do damage and monopolize network bandwidth
  • Safely deploy direct Internet access (DIA) in remote locations for employees, customers, and guests

For those organizations who struggle with adhering to PCI mandates at their branch locations, Cisco Snort IPS for ISR 4000 series offers an easy and cost-effective way to not only reach compliance but continue maintaining compliance to protect (and keep) their customers.

More information is available on Cisco Router Security page

Tags: , , ,

A Year in Review. Big Data and Analytics 2015. 3rd Generation Platforms, World Record Performance, and Expanding Partnerships

My goodness… Were we ever busy in 2015! Our Cisco Big Data & Analytics teams executed and delivered a tremendous body of work with several key accomplishments these past 12 months. All of our activities – across all of our teams – was focused on delivering to you leading innovation, with industry leading performance & scalability, and offering flexibility via a variety of Big Data choices. Of course all of it based on Cisco UCS, Nexus, and ACI. Let’s take a look at some of the highlights:


We introduced throughout 2015 various versions of our 3rd generation Big Data architecture. The solution, Cisco’s UCS Integrated Infrastructure for Big Data, integrates our industry-leading computing, network, and management capabilities into a unified fabric-based architecture. Packaged as a Cisco Validated Designs (CVD) our architecture supports the leading Hadoop distributions: Cloudera, Hortonworks, IBM, and MapR. Our Big Data CVDs provide you peace of mind as they are tested, validated, and supported. Take a peak at our Big Data CVDs here and see how they can expedite your Hadoop projects and drive operational efficiency.


We started the year announcing the industry’s first ever standard based benchmark result for Big Data. Read Raghu Nambiar’s January 2015 blog post were he describes Cisco publishing not one but three results at 1TB, 3TB and 10TB Scale Factors.


We ended the year with more benchmark performance news. In November, Girish Kulkarni announced our newest TPC record where Cisco UCS delivered the first-ever 100-terabyte and best 3-TB and 30-TB Big Data benchmark results on the TPCx-HS benchmark.


In the world of Big Data our ecosystem of partners is quite large. We partner with leading strategic Big Data and Analytic firms so we can bring you open choices for your Big Data projects – all are based on our Cisco UCS Integrated Infrastructure for Big Data offering.

Two key partnerships new in 2015 were with IBM and Splunk. Our IBM efforts brought together Cisco UCS and IBM’s BigInsights technology. This September announcement delivered support for IBM BigInsights for Apache Hadoop on our Cisco UCS Integrated infrastructure for Big Data . The joint solution encompassed disruptive innovations in Cisco UCS and the robust and industry-compatible Apache Hadoop distribution from IBM.

Again in September we announced another new offering. This time it was with Splunk. Cisco and Splunk jointly introduced new reference architectures with Cisco UCS Integrated Infrastructure for Big Data, that delivered exceptional performance and massive scalability.

We did a ton of work with many of partners in 2015. Here we have just highlighted two. Please view the video below to learn about some of the other activities with our Partners:

We have had the pleasure of meeting many of you throughout the year at many events such as: Cisco Live!, various Strata-Hadoop shows, or regional partner seminars around the world.  We sincerely thank you for taking time out of your busy work life to meet with us. We very much appreciate it. In 2016 we look forward to continuing our discussions with you and continuing to bring you new innovations for Big Data.

To learn more on Cisco’s Big Data & Analytics Datacenter solutions please visit www.cisco.com/go/bigdata

Tags: , , , , , , , , ,

Composable Infrastructure Part 6: Understanding Infrastructure Options

Pathway OptionsThe IT industry is in a significant period of transition, and the infrastructure landscape has changed a great deal. There are many options today, and the number of options will grow over the next two years. Having more options can more lead to complexity and potential limitation.  As you assess your options you need more information and context, so you can make the right choices and avoid problems down the road.

Software defined infrastructure (SDI) has made it possible to create these new categories of products.  In addition to traditional rack and blade servers and SAN storage, there is converged infrastructure, hyper-converge infrastructure and now composable infrastructure. As you evaluate these new infrastructure options, one of the most important considerations is choosing the right management software to support these products.  You don’t want to add to complexity by creating islands of infrastructure that need to be managed separately.

Tags: , ,

Microsegmentation with Cisco ACI

Modern data centers are under unrelenting attack. East-west traffic security breaches are happening every day. According to Cisco, 75 percent of all attacks take only minutes to begin stealing data but take longer to detect.   Once discovered, several weeks may pass before full containment and remediation are achieved. Today’s data centers require a variety of “tools” to deal with sophisticated attack vectors. Network segmentation is a proven tool deployed in data centers.

While the broad constructs of segmentation are relevant, today’s application and security requirements mandate increasingly granular methods that are more secure and operationally simpler. This has led to the evolution of “microsegmentation” to address the following:

  • Programmatically define segments on an increasingly granular basis allowing greater flexibility using attributes
  • Automatically program segment and policy management across the entire application lifecycle (deployment to de-commissioning)
  • Quarantine compromised endpoints and limit lateral propagation of threats
  • Enhance security and scale by enabling a Zero-Trust approach for physical, virtual and container workloads.

Cisco’s Application Centric Infrastructure (ACI) takes a very elegant approach to microsegmentation with policy definition separating segments from the broadcast domain.

Figure 1useg image

It uses an application-aware construct called End-Point Group (EPG) that allows application designers to define the group of endpoints that belong to the EPG regardless of their IP address or the subnet they belong to (Figure 1).  Further, the endpoint can be a physical server, a virtual machine, a Linux container or even legacy mainframes – i.e. the type of endpoint is normalized, thereby offering great simplicity and flexibility in their treatment.

Cisco ACI provides consistent micro-segmentation support for VMware VDS, Microsoft Hyper-V virtual switch, KVM*and bare-metal endpoints and containers, which allows granular endpoint security enforcement.  Customers can dynamically enforce forwarding and security policies, quarantine compromised or rogue end points based on virtual machine attributes (such as Name, Guest OS, VM Identifier) and/or network attributes (such as IP address), and also remediation places cleaned end-points back to base EPG.

Key Benefits

ACI micro-segmentation allows users to create micro-segments across multiple VMM and physical domains in a consistent policy driven framework, that allows operational flexibility and choice for customers.

  • Micro-segmentation for any multi-tiered application with physical or virtual workloads across any hypervisors
  • Use the same policy model to isolate workloads for vSphere, Hyper-V, OpenStack, Containers, and bare metal servers.
  • Micro-segmentation classification can use workload attributes such as Virtual-machine attributes and Network (IP, MAC) attributes providing finer grained control at the individual virtual machine(s) level.
  • Hypervisor agnostic Intra-EPG isolation policy across VMs and bare metal
  • Simple, automatic creation of a quarantine security zone for a multi-tiered application when a rogue end point or threat is identified and automated remediation.

Use Cases

Cisco ACI micro-segmentation can provide enhanced security for east-west traffic within the data center. Its true value lies in its integration with application design and holistic network policy, and transparent interoperability with a wide variety of hypervisors, bare-metal servers, Layer 4 through 7 devices, and orchestration platforms.


Tags: ,

Tech Field Day Extra at ONUG – ACI, Docker, and OpenStack Group-Based Policy

A few weeks ago at the Open Networking User Group (ONUG) conference, Cisco hosted a session on ACI, Docker, and Group Based Policy for Tech Field Day Extra. ONUG is a two day conference which includes keynotes and panels providing opinions on open infrastructure deployment from IT business leaders.

And for those of you who haven’t heard of or seen the Tech Field Day sessions, a quick breakdown: Delegates (bloggers, speakers, podcasters, and influential leaders) come in for a session on Cisco technologies in which they are allowed to ask questions freely throughout the presentation.  Usually these presentations consist of a demo and/or a white boarding session.

For Tech Field Day Extra (#TFDx) at ONUG one of our principal engineers, Lucien Avramov, gave an hour presentation to 11 delegates at New York University.


In his first session Lucien discusses Cisco Application-Centric Infrastructure (ACI) and demonstrates the integration between ACI and OpenStack with F5 and Palo Alto components:

A few questions from delegate Jason Edelman @jedelman8 from Network to Code in that session (time stamps included):

(8:40) Would there have been a way to allow customers to install OVS (Open vSwitch) from source and then just install the OpFlex Agent separately to then manipulate forwarding and policy as necessary?

(21:55) If you have “x” number of tenants in your ACI environment and you have your APGs built out per tenant, would you want to use the same appliance across all tenants?

In the session, Lucien show cased how ACI enables seamless integration and provisioning of virtual machines and services with a Red Hat OpenStack environment, orchestrating ACI. The integration of ACI with OpenStack enables end users of OpenStack to not have to make configuration on the network infrastructure, as it’s automated. Second, the integration with F5 and Palo Alto, shows how ACI instantly is capable of configuring these service appliances to deploy within seconds a multi-vendor end to end environment. During the ONUG POC, Lucien also demonstrated the integration with bare-metal servers and multi-hypervisors, adding Microsoft Hyper-V, all in a live 5 minute demo.

Lucien then went on to discuss ACI Group-Based Policy and how it can be used to simplify networking configuration in OpenStack environments:

During that session he explained how the Group-Based Policy Project in OpenStack adds a layer of abstraction and enables end-users of OpenStack to use Policy instead of basic Network Constructs in order to achieve the network configuration in OpenStack. This Group Based Policy open-source project maps policy on par with ACI, making the configuration methodology consistent and easy to monitor and troubleshoot.

He ends the sessions with going over the Cisco ACI Docker integration demonstrating ACI with Docker containers and shows the provisioning of networking for the system:

A question on that session from delegate Drew Conry-Murray @Drew_CM from PacketPushers.net (time stamp included):

(12:15) Are you making the policies in Docker and then is that being communicated to ACI?

Tech Field Day Extra at ONUG was a great success for the delegates and Cisco alike. Tech Field Days are great opportunities for Cisco to share about our technologies but ultimately they are a great success because we get to hear the opinions of folks who use Cisco frequently.

Please feel free to comment, share and connect with us @CiscoEnterpriseFacebookLinkedIn and the Enterprise Networks Community.

If you would like to view all of the session videos they are now posted on YouTube.


Tags: , , , ,

Part 2: Ten Learnings and Observations from the 2015 London Gartner Data Center Conference

Last week I attended the 2015 London Gartner Data Center conference.

Shadow IT - Addressing the Challenges with the Cisco Cloud Consumption Services

Shadow IT – Addressing the Challenges with the Cisco Cloud Consumption Services

In my first blog (part 1) on this event,  I covered some of my main learnings and observations, #1 .. #5:

  • Bi-modal IT,
  • Anti-fragility,
  • Shadow IT (and how Cisco Cloud Consumption Services can help you here, SDN, and
  • Software asset management,

Let’s now go on and discuss #6 … #10 … on topics from buzzwords, to SDx, and on to Scotch Whisky!

Here are my observations #6 .. #10 :

  • Software Defined Anything – “SDx” – was shown to be a complex area with multiple potential pitfalls including lack of SDx compatibility between vendors. After a prediction that 60% of Enterprises will adopt SDx from a top-down perspective (e.g. considering the whole SDDC), as opposed to the primarily “bottom up” (e.g. considering individually technologies areas such as SDN and SDS) approach of today, I was more than disappointed when the final two words in the presentation were “business need”.  I wasn’t disappointed simply that these words were at the end, rather than in all the preceding tech-heavy discussion, “business need” didn’t appear at all! Business need should be consideration #1 in my view.
  • The session entitled “Predicting Service Outages” was one of my top 3 picks of this conference. Most outages in IT shops today are caused by failed changes.  Unfortunately this is the same as it was 10 years back when I travelled the world talking to various service provider network operations teams.  I began to wonder if we’ve really progressed.  A key point on outages, it was asserted, is how you track metrics around changes in your IT infrastructure (planned and un-planned), and how you track the relationship between outages and any preceding changes. It turns out most IT shops do not correlate trouble tickets to change events. Only 5% of poll participants said they “always” correlate incidents to past changes. This means that 95% are missing out on the real benefits of being able to use past change behaviour to predict the likelihood of outages in future events.  This is such an opportunity for improvement, that wouldn’t require any new tools, and that would only take a small amount of effort to achieve significant returns in future IT services stability.
  • White box” IT was discussed from time to time. As one presenter said, “It’s ok for Google with huge $10Bn+ R&D budget.” Can a typical enterprise afford the integration and support costs that come from white box IT, from initiatives like OpenCompute and so on?  Not many can at the moment, so let’s be realistic on how relevant white box switches and servers are to the majority of IT shops.
  • Thanks to Sumerian, an innovative developer of capacity management tools, I learned that the highest concentration of whisky distilleries is in the north east of Scotland. Hic  :-) !  [I knew it was in Scotland, however I had no idea of the number concentrated in this small region!]
The World's Whisky "Hub"

The World’s Whisky “Hub”

Wrapping up then, I hope you found this and part 1 interesting.  All in all, this was a good conference.  If you attended, or are attending the US “version” this week (w/c 7 December), what were your key takeaways?  I’d be keen to hear!

Tags: , , , , , , , , , , ,

ACI Applications Spotlight: Microsegmentation and New Application Partners

At Gartner’s Data Center Conference this year, everyone is talking about how Data Centers are evolving to meet the needs of mobile, social, Big Data, and cloud native applications. The Data Center, People, and Processes are the focus as IT organizations look at supporting their traditional core enterprise applications (Mode 1) and new cloud native (Mode 2) applications to become Digital Enterprises.  The organization transformation most often mentioned has been the integration of Development and Operations – creating DevOps processes, culture, and teams.

Applications, cloud, and security management stacks and architectures must evolve as well to support the needs of these distributed applications in distributed data centers.


To support cloud native and multi-tier applications, Cisco ACI takes an elegant approach to provide fine grained security with microsegmentation which uses policy-based automation for  enhanced security for east-west traffic within the data center. Its true value lies in its integration with application design and holistic network policy, and it interoperates transparently with a wide variety of hypervisor switches (VMware vSphere Distributed Switch (VDS), Microsoft Hyper-V virtual switch), bare-metal servers, L4-L7 devices, and orchestration platforms. Microsegmentation provides internal control of traffic within the data center and can greatly enhance a data center’s security posture. Cisco ACI is the only solution available today that enables true microsegmentation with the performance, scalability, and visibility that modern applications demand.

Application Leaders Embrace ACI

New ACI Ecosystem partners using the northbound open APIs of the Application Policy Infrastructure Controller in ACI allow the automation of entire application suites, Software-as-a-Service, and Platform-as-a-Service for application development teams creating applications to engage with their enterprise’s customers in new and valuable ways. These partners integrate or monitor applications, cloud management platforms, security and application policy across compute, network, and storage infrastructure for distributed applications.  Hear from some of these leaders directly in the video here.

app leaders embrace ACI

  • Apprenda uses ACI to provide security, agility, and visibility for its PaaS platform to deliver a policy based secure PaaS. Consumer facing applications need to have strong isolation from each other, and that isolation cannot be a slow (manual) DevOps process. Cisco ACI endpoint groups and microsegments provide the type of automation and dynamic isolation needed for applications with high risk profiles hosted on Apprenda.
  • CliQr CloudCenter and Cisco ACI produces a true application-defined management platform for users to model, migrate, and manage the entire lifecycle of new and existing applications—along with its full complement of required resources—onto any cloud or datacenter environment. With a joint integrated solution, customers are able to realize new levels of efficiency and security, with complete application isolation and true microsegmentation.
  • DataTorrent Real Time Streaming for Big Data analytics and Cisco ACI enables customers to automate and secure access to external data sources outside the Hadoop cluster in a dynamic way while meeting regulatory and compliance security requirements.
  • KillerIT integrates with Cisco ACI to map application dependencies to associated infrastructure and automatically create application network profiles and policies.
  • One Convergence Network Service Delivery (NSD) and Cisco ACI allows for high level of automation of all layers of the networking stack and enables enterprises and service providers to roll out a rich set of network services at scale in OpenStack cloud deployments. The solution uses a common policy model, which is a community driven standard in OpenStack called GBP, to automate all the layers of infrastructure networking in OpenStack.
  • ScienceLogic delivers Automatic Dependency Mapping of Cisco ACI and the IT elements that use it. ScienceLogic’s hybrid IT monitoring platform automatically discovers all of the elements making up your Cisco ACI system including spines, leafs, APICs, tenants, applications, EPGs, bridge domains, contracts, etc. and simplifies the operations of application troubleshooting and performance optimization.
  • Vnomic, SAP and Cisco are collaborating to dramatically accelerate and simplify the deployment and operation of large-scale SAP applications by using Cisco ACI.  The policy driven infrastructure solution enables SAP HANA and HANA VORA to shared resources as a unified cluster for Bimodal IT.

These northbound APIC integration partners are bringing application management and monitoring capabilities across compute, network, and storage to help application developers and IT managers to simplify operations, deliver more agile, programmable infrastructure-as-a-service, and with greater security from threats within the Data Center.

For More Information on Micro-Segmentation:

ACI Micro-segmentation Overview (New)

An Overview of Network Security Considerations for Cisco ACI Deployments

New Innovations for L4-7 Network Services Integration with Cisco’s ACI Approach

Micro-segmentation: Enhancing Security and Operational Simplicity with Cisco ACI

For More Information on Automating Application Suites, PaaS:

Application Leaders Embrace ACI

Apprenda – secure PaaS with Cisco ACI

CliQr CloudCenter and Cisco ACI Simplify Application Deployment Lifecycle

DataTorrent – Cisco ACI and Secure Big Data

KillerIT – Automatic Policy Creation and Cisco ACI

One Convergence – OpenStack Network Service Delivery for Cisco ACI

ScienceLogic – Visualization and Application Dependency Maps for Cisco ACI

Vnomic – Policy Driven Software Defined Everything and Cisco ACI


Tags: , ,

UCS M-Series and Citrix XenApp Bare Metal Deployments

If you are one of the 330,000 organizations using Citrix XenApp (or if you are considering it) you need to consider Cisco’s UCS M-Series modular servers.

What are M-Series modular servers? M-Series servers are composable infrastructure that disaggregates storage and networking from the CPU/memory complex allowing workloads to be optimally matched to resources. An ideal workload for the M142 compute cartridge is Citrix XenApp. The M142 cartridge has two Intel Xeon E3 servers meaning a single 2RU M4308 chassis has 16 servers!

Cisco recently published a CVD (Cisco Validated Design) for Citrix XenApp 7.6 on M-Series. A CVD is a tested, documented, reference architecture to provide a cookbook for customers. This allows customers faster, reliable, and predictable deployments.

Cisco UCS M-Series with Citrix XenApp 7.6 Physical Server Deployment features the Intel Xeon E3-1275L v3 processors with 32GB per server. Amazingly this modest processor / memory combination supports 60 remote desktop session users or 960 users in 2RU!

Sounds great but what about performance? Cisco recommends that the Login VSI Average Response and VSI Index Average should not exceed the baseline plus 2000 milliseconds to insure that end user experience is outstanding (full methodology in the CVD). This determines the per server recommendation of 60 sessions as is seen in the performance graph for a single server.

M-Series XenApp CVD - Figure 23 - Single Server - XenApp 7.6 RDS - VSI Score


This performance scales across all eight cartridges or 16 servers.

M-Series XenApp CVD - Figure 28 - 8 Cartridges - 960 Users - VSI Score


Join Cisco’s Jeff Nichols & Mike Brennan on December 10th for a BrightTALK webinar at 10am CT to discuss this solution.

I highly encourage to review the CVD and then talk with your Cisco account team or partner to see if the M-Series is the right solution for your Citrix XenApp deployment.

Tags: , , ,