New Cisco APIC ZenPack — The “Day 2” Plan You Need for Cisco Application Centric Infrastructures

BannerV1.0

The unifying point of automation and management for the Cisco Application Centric Infrastructure (Cisco ACI) fabric is the Cisco Application Policy Infrastructure Controller (Cisco APIC). The Cisco APIC is the policy controller component of the Cisco ACI solution and is always deployed in a redundant cluster. It provides centralized access to all fabric information stores policy definitions for applications, supports flexible application network provisioning across physical and virtual resources, and centrally tracks network health.

For the last several years, Zenoss and Cisco have been partnering around a common goal of giving enterprises and service providers a way to ensure reliable service delivery. This collaboration has resulted in the creation of solutions uniquely tuned to meet the demands of Cisco integrated infrastructure. These solutions provide our joint customers with the Unified Service Insight they need to identify and resolve service issues before users are impacted.

Over the last several months, the Zenoss engineering team has been hard at work developing a new Cisco-oriented ZenPack, the Cisco APIC ZenPack. This ZenPack has been designed specifically to help with Cisco ACI “Day 2” operations — running your new ACI infrastructure, managing faults, identifying and correcting capacity issues, and more.

Here, we’d like to share with you some additional information about this new ZenPack and how the Unified Service Insight provided by the Cisco APIC ZenPack can help you improve service quality and reduce operational costs.

An Introduction to Cisco ACI and APIC

Cisco ACI forms the core of Cisco’s software-defined networking (SDN) offering. Cisco ACI is a holistic architecture with centralized automation and policy-driven application profiles. ACI delivers software flexibility with the scalability of hardware performance.

Cisco ACI consists of:

  • The new Cisco Nexus 9000 series switches
  • A centralized policy management and Cisco Application Policy Infrastructure Controller (APIC)
  • A Cisco Application Virtual Switch (AVS) for the virtual network edge
  • Software and hardware innovations
  • Integrated physical and virtual infrastructure
  • An open ecosystem of network, storage, management, and orchestration vendors

Cisco ACI is a policy-driven systems approach to automation for the data center network. We see this as very similar to what Cisco did with Cisco UCS. That’s a big statement – the introduction of UCS transformed the server market. Six years ago who would have guessed that Cisco would be the number one blade server vendor?

Cisco ACI allows you to design simpler architectures that are scalable and secure with an open, extensible policy model changing the focus of the network from device- to application-centric. Cisco believes this will help solve some of their customers’ biggest operational challenges – speeding application deployment, raising application security, and eliminating configuration errors.

Cisco believes that if you look across the infrastructure landscape, you’ll see a shift toward policy management, particularly toward declarative models like ACI’s that describe desired state without explicitly defining the configuration steps needed to achieve this state. This approach already has taken root in the DevOps world with tools like Puppet and CFEngine, and Cisco is carrying some of those same concepts forward with ACI. By using a common policy model supported over a scalable physical and virtual network, Cisco believes they will be able to meet their customers’ needs while enabling them to embrace the cloud — both on-premise private and hybrid.

The Cisco APIC device, in conjunction with the Cisco Nexus 9000 series switches, delivers on the ACI vision of unified operations of physical and virtual infrastructure. Features and capabilities provided by Cisco APIC include:

  • Centralized application-level policy store and deployment engine for physical, virtual, and cloud infrastructures
  • Detailed visibility, telemetry, and health scores by application and by tenant
  • Designed around open standards and open APIs and so extensible beyond Cisco branded equipment
  • Robust implementation of multi-tenant security, quality of service (QoS), and high availability
  • Integration with management systems such as VMware, Microsoft, and OpenStack

New Cisco APIC ZenPack

The new Cisco APIC ZenPack for Zenoss Service Dynamics was designed specifically to help you with Cisco ACI “Day 2” operations.

Discovery

The Cisco APIC ZenPack discovers tenants, applications, application endpoint groups, contracts, including contracts provided and contracts consumed, bridge domains, fabric pods and fabric nodes, line cards, aggregate interfaces, and CPUs. Also discovers low level details like CPU cores or individual fabric ports, as well as high level information, such as which tenants or customers are deployed on your networking fabric.

For discovery, simply add the APIC cluster for an ACI pod to Zenoss Service Dynamics. Zenoss automatically discovers pod network hardware (Nexus 9000s, and individual APIC devices), virtual hardware (software firewalls and load balancers), and policy elements (contracts, bridge networks, etc.). Following the initial discovery, Zenoss tracks pod changes, device health and availability, and fault information continuously.

Performance Monitoring

For all discovered components, the Cisco APIC ZenPack monitors and thresholds on the overall health score of the component. Health scores are a simple metric, calculated by the APIC, that provide an indication of capacity, performance, availability, and fault conditions in on number.

Zenoss treats ACI health scores as a standard performance metric, collecting, graphing, and evaluating against thresholds. For example, if the health of a line card, fabric port, or tenant goes below a score of 95, Zenoss can notify you of the issue.

Thresholds vary based on the type of component and component statistics provided. For example, port health will threshold based on network throughput, while hardware like line cards and fabric nodes will threshold based on environmentals such as temperature.

Event Management

Zenoss monitors APIC devices for faults events, and adds ACI faults into the Zenoss event management system. The Zenoss event lifecyle process closely mirrors the event lifecycle approach used by the APIC, which means that as events change over time and clear, these changes are tracked and displayed in real time in the Zenoss web interface. Event aggregation and de-duplication occur automatically, and the real-time time model of resource relationships and dependencies means that Zenoss can parse through thousands of events in seconds to determine which event is the most likely root cause of a service degradation or failure.

Service Impact

Zenoss supports both infrastructure and application service impact graphs. When you add a Cisco APIC device to Zenoss, Zenoss takes the top-level tenant and application services defined in the APIC and automatically creates a network infrastructure graph that shows the network devices and components in the Cisco ACI, along with their relationships.

If you are also using Zenoss to monitor the compute, storage, virtualization, and converged infrastructure in a Cisco ACI environment, Zenoss will automatically combine the network model information from the APIC with the information it already has from the compute, storage, virtualization, and converged infrastructure components it monitors to create application service impact graphs. These graphs show all of the underlying infrastructure devices, components, and relationships that support the application.

For example, if you are an MSP and want to see what the state is for all of the infrastructure and application services you provide for a specific customer, you can see this by adding a tenant service to Zenoss. If you are a customer and want to see what the state is for a particular application, you can add an application service to Zenoss and then see the state of the application in its entirety, including the state of all the underlying infrastructure that supports the application.

Zenoss automatically receives updates from the APIC and all of the other dynamic components it monitors, such as Cisco UCS converged infrastructure and VMware vSphere virtual machines, and automatically updates its infrastructure and application service impact models whenever anything changes. This ensures that your infrastructure and application service impact graphs are always up-to-date, even in highly dynamic, virtualized cloud environments.

Reporting and Analytics

All data collected from the APIC is available for analysis and ad-hoc report creation.

Sample Use Cases

The following sample use cases illustrate how the Cisco APIC ZenPack helps you with Cisco ACI “Day 2” operations:

  • Use Case #1: Service-Level View of Network Infrastructure
  • Use Case #2: Service-Level View of Applications

Use Case #1: Service-Level View of Network Infrastructure

Cisco ACI uses a spine and leaf architectural design.

In a traditional network, if all of your boxes are Nexus 9000 switches connect to individual servers in Cisco UCS domains, you have one spine connected to one set of downstream components, or you have two layers, where the first spine supports one set of leaves, the second spine supports a different set of leaves, and so on. A big expensive central switch sits up above the spines, and data is transmitted across the network using multiple hops up and down.

Cisco APIC ZenPack Use Case 1

However, with Cisco ACI, you can have much more efficient data flow across the network, as well as use much more affordable switches as your spine nodes. With Cisco ACI, each spine nodes is connected to each leaf node. Data can flow through any of the spine nodes to any of the leaf nodes, based on the rules or policies that have been configured. However, as the following figure illustrates, configuring the relationships between all of these spines and leaves can quickly become very complicated.

Cisco APIC Use Case 1 Continued

Fortunately, this is where Cisco ACI shines. Cisco ACI automates the configuration of the dataflow between spines and leaves.

Where Zenoss shines is by taking all of the infrastructure and infrastructure configuration information from the APIC and displaying each tenant’s application resources in a graphical, easy-to-understand infrastructure view that shows the impact of network policy across contracts, bridge networks, virtual firewalls and load balancers, and your spines and leaves. This means you can quickly and easily see how each tenant application is using ACI resources, identifying through health scores which ones are working and which ones have issues. To get this service-level infrastructure view, simply add the Cisco APIC into Zenoss. Once you do this, you will automatically have a single, always-accurate view of the health of the spine and leaf nodes in your Cisco ACI.

Cisco APIC Service Impact Graph

Service Impact Graph Showing ACI Resources Supporting One Tenant’s Single VM Application

Use Case #2 — Service-Level View of Applications

A major hurdle organizations face when trying to define business services and take a service-level approach to managing their IT infrastructure is that in most organizations, there is no central location for application service definitions. This means that building and maintaining service definitions is a manual, difficult, time-consuming process — so difficult that it’s almost never done.

However, the combination of the unique capabilities provided in Cisco ACI and Zenoss essentially solves this long-standing problem.

In Cisco ACI, tenants, applications, and endpoint groups defined for the Cisco APIC device create high- level models that tie tenants and applications to the network infrastructure that supports them. But how do you expand your view from the network to encompass compute, storage, virtualization, and converged infrastructure?

When you add a Cisco APIC to Zenoss for monitoring, Zenoss adds the tenant policy definitions from the Cisco APIC and adds them to its Live Model. The ACI definitions start at the network and end at the virtual machine. When you add virtualization, compute, and storage systems to the Live Model, Zenoss automatically combines the network model information from the APIC with the relationship and dependency information it already has from the compute, storage, virtualization, and converged infrastructure components it is monitoring. Zenoss then uses all of this information to automatically build out and display application service models.

This means that you now finally have the service-level view of applications you need, including detailed information about the underlying infrastructure that supports the applications, the overall health of your application services, and the health of all of the underlying device components in your infrastructure. Zenoss also automatically maintains these service-level views of application as configuration changes, so no more fighting to manually build and maintain application service models.

For a demonstration of the Zenoss support for ACI-based applications, see the following demon video: “Day 2 in the Cisco ACI Datacenter with Zenoss“.

Start Planning for “Day 2” Now

Don’t start your “Day 1” planning for Cisco ACI without knowing what your “Day 2” plan is.

By using the Cisco-specific monitoring capabilities that Zenoss Service Dynamics provides, you can make sure that your IT operations team has the monitoring solution they need in place for “Day 2” monitoring of Cisco ACI and Cisco APIC devices.

Cisco monitoring, including Cisco APIC monitoring, is a natural fit for us here at Zenoss. Zenoss Service Dynamics already provides unified monitoring support for Cisco networking devices, including Nexus 9000 switches, in physical, virtual, or cloud infrastructures via our Cisco Devices ZenPack.

For IT shops running Cisco integrated infrastructures, Zenoss also provides the Cisco UCS ZenPack, which makes it possible for organizations with Zenoss Service Dynamics to quickly integrate their Cisco UCS monitoring into a single, end-to-end view of their service delivery infrastructure. Using a combination of the existing Cisco UCS ZenPack, the Cisco Devices ZenPack, and the VMware vSphere ZenPack, and either the NetApp ZenPack or EMC ZenPack, you can monitor your complete Cisco UCS stack today using a single pane of glass.

For organization adopting ACI, Zenoss has expanded its Cisco monitoring support even further. With Zenoss Service Dynamics and the new Cisco APIC ZenPack, you now also have the unified monitoring solution you need for your Cisco ACI “Day 2” operations — one that helps you quickly view and manage faults, identify and correct capacity issues, ensure service quality, and reduce your IT operational costs.

New to Zenoss?

If you’re new to Zenoss, check out the following links, which provide more information about Zenoss and the Zenoss Service Dynamics platform: