osorioartist - Fotolia
A central Texas school district has found an offbeat use for Cisco's software-defined networking platform. Rather than use the technology for data center management chores, the Hutto Independent School District has deployed it for network access control.
Creating a NAC system out of Cisco's Application Centric Infrastructure required turning the ACI switching fabric into the core router for the district of eight schools, 6,600 students, and 900 teachers and staff. The district IT staff then went a step further and made ACI the security checkpoint for the 3,000 Chromebooks used as learning tools.
"This is exactly why we chose ACI," Travis Brown, director of technology at Hutto, said of the tech niche. "We saw that we could do with it things that were outside of Cisco's use case."
Also, the district spent less using ACI to replace two 10-year-old Cisco Catalyst 4507 core routers. Other architectures reviewed by the district would have cost 50% to 75% more than ACI, Travis said. "In the end, we saved quite a bit of money."
"We were able to bring [ACI] in by intelligent design, rather than just making purchases in a more traditional sense," Travis said. "We actually thought about it."
Hutto district is not the typical enterprise
The district's IT operation is not as wide-ranging and complex as enterprises', so there's more room for creativity and discovery of a tech niche. Hutto dedicates 70% of the computing power in its data center, located in the district's administration building, to running virtual desktops and educational software, such as Istation, Imagine Learning and Discovery Education.
The ACI fabric, deployed last December, comprises two spine and four leaf Nexus 9000 switches, and three ACI controllers. Hutto evenly split the Cisco hardware between the administration building and the district's high school in a leaf-spine network topology. At the edge of the districtwide network are Catalyst switches, which handle Chromebook traffic.
To connect the Catalyst hardware to the ACI fabric, Hutto uses an encapsulation protocol, called VXLAN. The technology is used to run an overlay network on Layer 3 infrastructure. Arista Networks, VMware and Cisco developed VXLAN to help engineers build larger cloud computing environments.
Hutto's IT staff uses the ACI controllers to build and push out to the Nexus leaf switches policies that define the ports Chromebook traffic can use. The switches drop traffic that deviates from approved patterns.
"This is a novel use of ACI in a campus network to do policy enforcement at the edge," said Dan Conde, an analyst at Enterprise Strategy Group Inc., in Milford, Mass.
Hutto's IT team built the security tech niche for ACI to keep mischievous students out of trouble. "We have a lot of students who want to be hackers," said Keith Reynolds, the district's network administrator.
Would-be hackers will bring laptops equipped with tools that can scan the network for vulnerabilities in Windows computers, Reynolds said. The ACI-deployed policies ensure that a student running a scan can't see anything.
ACI to manage personal devices
The long-term goal for ACI is to turn the tech niche into a key security component in letting students and staff use personal laptops and mobile devices on the network. "Our ultimate goal is to finalize our preparations for a very robust and very secure bring-your-own-device environment, " Brown said.
ACI won't be right for every school district. Cisco built the technology for an enterprise data center, so adapting it for a school network won't be easy. Brown's advice is "to get a really talented team first, and then look at buying [ACI]."
Brown has assembled the talent, so the district is reaping the rewards.
Cisco ACI as application-aware infrastructure
Cisco, VMware take starkly different approaches to SDN
Microsegmentation to secure VMware NSX, Cisco ACI