Cisco customers will gain consistency in fabric management outside of their private data centers with the upcoming release of a Cisco ACI controller for AWS.
The cloud Application Policy Infrastructure Controller (cAPIC), which Cisco could formally launch at Cisco Live in Barcelona at the end of the month, extends the ACI software-defined networking architecture from the data center to the largest cloud provider. The new cloud technology is the latest advancement in Cisco's goal of eventually providing the tools for building a network fabric on the three leading public clouds -- AWS, Microsoft Azure and Google Cloud Platform.
According to a presentation given last October at the Cisco Connect conference in Toronto, a significant element of the latest Cisco ACI controller is its ability to translate ACI network and security policies into equivalent instructions on AWS. Cisco plans to release cAPIC this quarter, according to the slide deck used in the presentation.
Cisco has been relatively quiet lately in releasing ACI updates. The company launched version 4.0 without a major marketing push in the fourth quarter of 2018. Version 4.1 is scheduled for release in the first quarter of this year, along with cAPIC, according to the Connect presentation.
Cisco's cAPIC would provide consistency between policies governing a company's ACI-managed network in the data center with its leased AWS infrastructure, such as virtual switches and firewalls. That should simplify control over AWS Virtual Private Clouds (VPCs).
A VPC lets developers create a virtual network for connecting AWS resources, such as storage and computing, to applications running on an isolated section of the cloud provider's platform. The isolation enhances the security of application data and transactions.
Developers can build cAPIC clusters to support any number of VPCs they have running on AWS. Cisco has already released an ACI multisite orchestrator that pushes out configurations to network components running on multiple sites.
Strategy behind the Cisco ACI controller
Cisco's strategy of supporting cloud network infrastructure in ACI tools used in the data center today is what customers want, analysts said.
"All forms of data center [software-defined networking] must respond to the requirements occasioned by multi-cloud," said Brad Casemore, an analyst at IDC. "In practical terms, that means data center SDN offerings, including Cisco ACI, must be extended to public cloud environments."
The security cAPIC brings to applications on AWS is particularly crucial to ACI customers, said Shamus McGillicuddy, an analyst at Enterprise Management Associates, based in Boulder, Colo.
"EMA research has found that network teams are especially challenged by security when setting up transport between clouds," McGillicuddy said. "They struggle with building effective security controls."
Cisco is not alone in its pursuit of a single networking architecture for multiple environments. VMware has a similar vision for its NSX network virtualization product, Juniper Networks with its Contrail Enterprise Multicloud and Nuage Networks with its Virtualized Services Platform, which provides policy-based automation of cloud deployments.
VMware is Cisco's biggest rival in cloud networking. Both companies dominate the data center in their respective markets -- server virtualization for VMware and switching and routing for Cisco.
Cisco's current ACI strategy is aimed at keeping data center customers as they move applications to public clouds, Casemore said.
Companies buy ACI as a software option on Cisco's Nexus 9000 switches. Roughly 30% of Nexus customers have ACI licenses, according to Andrew Lerner, an analyst at Gartner. That percentage hasn't changed since 2017, but the number of ACI users is higher because the overall number of Nexus buyers has increased.
"There are many more people using it," Lerner said of ACI.