Does Cisco ACI Work With Docker Applications?

By: Kent Erickson>>

Zenoss participated in the Cisco DevNet press briefings on Day 1 at CiscoLive 16. Seven years of working closely with Cisco APIs, documentation, emulators, test labs, and validation suites makes for an interesting story.

During the briefings, Antone Gonsalves, director of News at TechTarget, asked me a really interesting question: Does Cisco ACI work with Docker applications? (Cisco ACI is short for Cisco Application Centric Infrastructure.)

 

Does Cisco ACI Work with Docker Applications

A great Docker application (like ours, cough cough) is composed of a bunch of services in containers. A typical Zenoss 5 installation might have 50 or more. This is a big change from Zenoss 4 where the same installation might be based on five or six servers.

The services in Zenoss 5 let us provide very granular horizontal scaling. You can add additional data collection capability for a single protocol by adding another instance of that protocol’s container, where previously you’d have to add an entire server. Here’s my 4-step prescription for an intelligent data center.

Containers communicate using secure http protocols, and each container exposes only the ports it needs to communicate within the application. When our orchestrator Control Center spins up a new container it configures the networking policy for the container. Essentially the communications between containers in a Docker application is essentially interprocess communications carried over standard IP protocols.

Any well-designed and orchestrated Docker application is going to run itself the same way. Tightly controlled access to containers, minimal exposed ports, point-to-point communications, all controlled by the orchestrator. No need for Cisco ACI, right?

Well, no. Cisco ACI controls the network the application connects to. It defines policy for the application but not within the application. A typical data center will define a monitoring end point group with narrow access policies and ensure that the services that devices need to expose to permit monitoring data collection will be accessed only by permitted application – not by everyone. This is great news!

Therefore, is Cisco ACI a replacement for a Docker orchestrator? No. But do Docker applications benefit from Cisco ACI? Yes!

Zenoss Trailer at CiscoLive

Stop by booth #1037 at Cisco Live US  Las Vegas and learn how Zenoss works with the Cisco Developers Network to build our product. Follow #CLUS for updates on the event and click here to see our full list of Zenpacks, which includes Cisco ACI.

Try Zenoss!