Cisco's plan to make its Application Centric Infrastructure available on three of the largest public cloud providers...
addresses the growing demand for data center networking technology that can support hybrid cloud environments.
But just having the tools to build an ACI fabric in Amazon Web Services, Google Cloud Platform and Microsoft Azure won't create the killer use case needed to take the software-based networking technology out of the doldrums in the data center. Roughly seven in 10 companies buying Cisco Nexus 9000 switches, which come with ACI, do not turn on the technology, said Andrew Lerner, an analyst at Gartner. That number has remained consistent all year.
For those companies that use ACI, having it available in a public cloud means the network policies they create and send to infrastructure hardware in the data center can also be applied to virtual switches, firewalls and load balancers assisting cloud applications. Maintaining policy consistency in a hybrid cloud environment would be a big plus for an ACI fabric user.
"Not only would it save time, it would help to eliminate human error when trying to recreate internal policies on public clouds," said Andrew Froehlich, a network consultant and TechTarget contributor.
Those benefits, however, are theoretical, since the Cisco announcement did not provide technical details. Also, the company did not say when ACI would be available in the public clouds, other than "soon."
VMware NSX outpacing ACI
Meanwhile, companies can get hands-on experience today with rival VMware's hybrid cloud technology. Through a partnership announced late last year, enterprises can run the same VMware-powered virtualization infrastructure in Amazon and the data center.
Shamus McGillicuddyanalyst at Enterprise Management Associates
Within the data center, more companies are using VMware's software-defined networking (SDN) product, NSX, than Cisco ACI, analysts said. NSX is a network virtualization platform that abstracts network operations from the underlying hardware to allow virtual networking among hypervisors, which are the platforms for running virtualized applications.
A use case driving NSX adoption is its ability to have virtual firewalls enforce rules for communications between groups of virtual machines running business applications. Placing restrictions on communications between applications increases the difficulty for malware to spread across a network.
Compelling ACI fabric use case missing
Unlike NSX, ACI has yet to find its sweet spot in the data center.
"They [Cisco] need to give their customers reasons to not say no to ACI," said Shamus McGillicuddy, an analyst at Enterprise Management Associates Inc., based in Boulder, Colo. "It means finding the killer use cases and targeting the right IT initiatives."
EMA has identified three IT initiatives that have led companies to consider SDN products like ACI. They include running workloads in private and public clouds, disaster recovery strategies, and regulatory compliance and risk mitigation programs.
Whichever initiative Cisco gloms onto, the company has to raise ACI fabric use in the data center to be successful in the public cloud. "Unless premises-based use of ACI increases, there won't be any jumps in ACI adoption just because it now works in the cloud," said Will Murrell, a senior network engineer at UNICOM Systems Inc., which designs and develops software for large enterprises and is based in Mission Hills, Calif.
Hybrid cloud networking an immature market
In general, products that apply consistent networking and security policies from the data center to public clouds are immature. "It is a huge area of potential innovation in the networking space in the next several years," Lerner said.
Besides Cisco and VMware, startups are also developing tools to create a networking and security platform for hybrid clouds. Examples include Zentera and Aviatrix.
"There are multiple approaches ranging from basic management to advanced orchestration, and network overlays and agent deployments," Lerner said. "So, there is no single easy answer at this point and a lot of potential ways this could play out."
Bringing security to NSX, ACI through microsegmentation
Comparing the latest data center switch technologies
Finding what's real in software-defined networking