How Does Cisco Application Centric Infrastructure (ACI) Work?
Cisco ACI is an SDN solution that defines its network infrastructure based upon network policies. To make this possible Cisco has created the ACI Fabric OS, which is run by all systems within the ACI network. This shared OS makes it possible for the various switches within the ACI network to translate policies into infrastructure designs.
Cisco Application Centric Infrastructure (ACI) Architecture
A Cisco ACI environment is built with two main components:
- Cisco Application Policy Infrastructure Controller (APIC): APIC is the SDN controller for Cisco ACI. It creates the policies that define the data center’s network infrastructure.
- Nexus 9000 Switches: Nexus 9000 switches use the ACI Fabric OS to communicate with APIC and create infrastructure based on policies. They can be either Spine (distribution) or Leaf (access) switches.
All endpoints, including APICs, connect to the network via Leaf switches. These Leaf switches are connected together using Spine switches in the backend.
Using these components, ACI can be deployed under a variety of different models. This includes support for on-site, cloud-based (including public, private, and hybrid clouds), and SD-WAN edge environments. This enables organizations to use policy-based network management throughout their corporate WANs.
Key Features and Benefits of ACI
Cisco ACI enables organizations to easily create a software-defined data center, which provides several benefits, including:
- Flexibility: With a SDN solution like Cisco ACI, all of an organization’s network infrastructure is implemented as code. This makes it easy to update configurations to meet evolving business needs.
- Consistent Infrastructure: Cisco ACI abstracts away the details of the underlying infrastructure. This makes it easier to design and configure network environments.
- Automation and Orchestration: Cisco ACI makes heavy use of automation to develop network infrastructure based on network policies. This makes changes easy to make and increases scalability.
- Support for Hybrid Environments: Cisco ACI supports both on-prem and cloud-based infrastructure, making it possible to deploy ACI environments across multiple different environments.
Augmenting Cisco ACI Security with Check Point
Cisco ACI provides a number of built-in security solutions. A partnership with Check Point enhances these protections to provide advanced threat prevention for ACI environments.
How Cisco ACI Integrates with Other Products
Cisco ACI is built using the Cisco ACI Open Ecosystem. This Open Ecosystem is designed to provide a number of different options for connecting third-party tools to Cisco ACI, including:
- Open APIs: Cisco ACI’s APIs are open, enabling other products to connect and interact with a Cisco ACI environment.
- Jointly-Certified Solutions: Cisco has partnered with over 65 technology providers to build an SDN ecosystem. These joint solutions are certified by each organization, and information is provided by both parties to ensure compatibility of pre-built solutions.
- Service Chaining: Cisco ACI solutions support service chaining, enabling organizations to build the solutions that they need to meet their networking and security requirements.
Check Point CloudGuard and Cisco ACI
Check Point CloudGuard Network Security provides consistent policy management and enforcement of advanced security protections, is automatically deployed and dynamically orchestrated into software-defined data center environments. CloudGuardfor Cisco ACIprovides industry-leading security for ACI environments. CloudGuard provides the following capabilities to improve customers’ Cisco ACI security:
- Cloud Network Visibility and Visualization: CloudGuard implements microsegmentation for ACI environments, providing deep insight into both north-south and east-west traffic flows. This granular visibility aids in understanding data flows within a corporate network and enforcing corporate security policies.
- Advanced Threat Prevention: CloudGuard’s advanced threat prevention capabilities combine a full security stack – including a firewall, intrusion prevention system (IPS), antivirus, and anti-bot protections – with secure remote access, threat extraction and sandbox-based threat emulation .
- Automation and Orchestration: Cisco ACI enables network infrastructure to be defined based upon network policies. The integration between Check Point CloudGuard and Cisco ACI means that an organization can automatically insert and provision CloudGuard security gateways into ACI environments for security policy enforcement.
- Policy and Compliance Enforcement: CloudGuard receives context from Cisco’s APIC, which enables policy information defined within the ACI environment to be used to quickly define security policies. These security policies can then be easily enforced in ACI using CloudGuard gateways.
- Data Protection: CloudGuard’s integration with ACI enables it to apply data loss prevention (DLP) to ACI environments. This helps to protect an organization’s sensitive data from being lost or stolen.
- Centralized Security Management: Using CloudGuard with ACI enables the security of the ACI ecosystem to be monitored and managed from the same console as the rest of an organization’s network infrastructure. This makes it easier for security analysts to detect and respond to potential threats within their public, private and on-prem networks.
Check Point and Cisco’s integrated solution enables organizations to easily create and secure a software-defined data center and improves Cisco API security. To learn more about this solution, check out this webinar. For more information about securing your cloud-based infrastructure, schedule a discussion with a cloud security expert. Also, you’re welcome to sign up for a free demonstration to see the power of Cisco ACI and CloudGuard for yourself.
