CliQr is now part of Cisco Learn More About Cisco

ACI Integration

Overview

CloudCenter users can use out-of-the-box application profiles to create infrastructure-independent models of any application. Once modeled, the Cisco CloudCenter platform and Cisco Application Centric Infrastructure (ACI) can work together to provide automated, end-to-end provisioning of compute, storage, and network configuration of the application as well as its set of required components.

ACI Fundamentals

See the Cisco ACI Fundamentals Guide for additional details on the ACI policy model.

Availability

The CloudCenter – ACI integration is available for VMware cloud environments.

CloudCenter 4.6 supports the following APIC releases:

  • Cisco APIC, Release 1.0

  • Cisco APIC, Release 1.1

  • Cisco APIC, Release 1.2

  • Cisco APIC, Release 2.0 (only Distributed Virtual Switch – DVS mode)

  • Cisco APIC, Release 2.1 (effective CloudCenter 4.7)

Benefits

The CloudCenter – ACI integration provides the following benefits:

  • Use a fully automated creation of ACI policy objects.
  • Gain the security and efficiency of network microsegmentation without the need to program or modify application code, write cloud-specific scripts, or have special network expertise.
  • Users get self-service/on-demand deployment and management of applications with fully integrated Cisco ACI network policy and configuration.

Integration Requirements

The CloudCenter platform automates the end-to-end-provisioning of the overlay infrastructure and deployments of applications. On ACI, this includes the provisioning and management of the following resources:

Icon

Ensure that the APIC tenant being configured in the CloudCenter has the privileges to create these resources.

  • Application Network Profiles (ANP)
  • Endpoint Groups (EPG)
  • Contracts
  • Subjects/Filters

As a prerequisite for the CloudCenter platform to provision and configure the applications on APIC, first complete the following requirements to have a working Cisco ACI environment:

  • Leaf switch profiles, Switch Selectors, Interface Profile, and Policy Groups

  • VLAN Pool

  • VMware's Virtual Machine Manager (VMM) Domain

  • Routable IP subnet to a New Tenant and Bridge Domain(s) configured with L3 Out for external internet connectivity

  • Routing protocols

  • VRF

APIC Requirements

The Cisco Application Policy Infrastructure Controller (Cisco APIC) functions over both HTTP or HTTPS.

  • HTTPS: By default, Cisco APIC listens to HTTPS for both the UI and REST APIS. Ensure that the APIC is configured with a valid SSL certificate that corresponds to the APIC host name.
  • HTTP: Enable the HTTP access for APIC and ensure accessibility using either the host name or IP address

To ensure the sanity of the environment, follow this procedure.

  1. Using the APIC UI, manually add a new application network profile with one EPG.
  2. Verify that a new VMware Virtual Distribute Switch (vDS) port group is provisioned and displayed in the APIC UI.
  3. Using the vCenter UI, provision/clone a new VM with the network pointing to the created port group.
  4. If operating in Strict mode, you will not have SSH/RDP access to the VM:
    1. Create a Contract for Port 22/3389 with its provider being the EPG from Step 1.
    2. Create a new L3 out setting to be consumed by the Contract created in Step 4a.
  5. SSH/RDP into the VM launched in Step 3 and verify that you can access the CloudCenter Bundle repository and the AMQP server.

CloudCenter Requirements

The CCO being used in the ACI Extension should be able to access the corresponding APIC endpoint.

VMware vSphere Requirements

RequirementDetails
A working VMware vCenter 5.0/5.5/6.0 environment

The minimum VMware vSphere version is v5.0, but  vSphere v5.5 U2 is optimal.

The CloudCenter platform automates the provisioning of virtual machines into the VMware private datacenter.The CloudCenter platform requires access credentials to the vCenter setup.
All ESX host(s) must be physically connected to the ACI leaf switches.The prerequisite installation requirements for the datacenter are:
  • A physical ESX host capable of running at least 10 medium sized instances
  • An ESX cluster (cluster could comprise of just the one host)
  • A datastore (or datastore cluster for DRS support), at least 100gb of free space
If the ESXi hosts are Cisco UCS based
  • The VLANs for the CMM must be mapped to the vNIC template.
  • The uplinks from the Fabric must interconnect trunking VLANs to the leaf switches.

 

Using Extensions

You can create an ACI extension to extend the capabilities of the CCO to provision networks in an ACI environment. You can then use Extensions to configure the following CloudCenter resources:

  • Deployment Environment Flow: ACI Extensions are also integrated in the deployment environment and you can determine the extension to be used by each cloud account. CCMs do not need to make the request to the cloud provider. See Deployment Environment Defaults for additional context.
  • Application Deployment Level: Configure tenant and VMM domains to be populated into the application profile when Deploying an Application. You can configure the External Routed Network field (Layer 3 out) for your APIC setup and connect to that tenant network.
  • ACI as an External Service: When you Deploy an Application that contains an External Service, you can configure the ACI extension in the Advanced section for this service tier to use the APIC Service Graph Template.