News Release

Cisco Extends SDN Leadership with new ACI Capabilities

Cisco delivers new ACI security features and expands customer choice with Docker support
Dec 03, 2015

SAN JOSE, Calif. – December 3, 2015 – Cisco today announced a new software release for its Application Centric Infrastructure (ACI) to enhance its comprehensive SDN portfolio built on open APIs, open standards and a broad ecosystem for customer choice and flexibility. New software capabilities enhance ACI with microsegmentation for both physical (bare metal) applications and multivendor virtualized applications (VMware VDS, Microsoft Hyper-V) and extend ACI across multi-site environments to deliver policy-driven automation across multiple data centers.

Cisco also added integration of Docker containers through contributions to open source, offering customers a consistent policy model and greater deployment flexibility using the Cisco Application Policy Infrastructure Controller (APIC).

Expanding customer choice through a broad ecosystem, open APIs and contributions to open source, ACI now supports automated service insertion for any third party layer 4-7 service. Cisco also added new support for cloud automation tools like VMware vRealize Automation and OpenStack, including open standards-based Opflex support with Open vSwitch (OVS).  New members of the ACI ecosystem enable the automation of entire application suites, including Platform as a Service (PAAS) and Software as a Service (SAAS), helping organizations to automate across their application and infrastructure teams.

Cisco now has over 5000 Nexus 9000 ACI-ready customers using its open platform that  supports any hypervisor, any cloud management platform, and any workload whether physical, virtual, or container.  

“Customers tell me that only five to ten percent of their networks are automated today,” said Soni Jiandani, SVP at Cisco. “They are eager to adopt comprehensive automation for their networks and network services through a single pane of management, while improving security for east-west traffic, multi-cloud traffic and bare metal applications in a consistent manner. Policy-based automation, consistent network security and central compliance support are critical for IT efficiency, business agility, and competitive advantage. Several ACI customers have achieved full automation of the network and are focusing on automation across their Layer 4-7 network services, security and application groups as the next step.”

Cisco SDN News Highlights: New ACI Software Release

·        Docker Container Support:
Cisco delivers support for both physical and virtual endpoints, and now extends support for Docker container endpoints through integration with the Cisco Application Policy Infrastructure Controller (APIC) and Project Contiv. Project Contiv is an open source project defining infrastructure operational policies for container-based application deployment. ACI’s unified policy model enforces policy via endpoint groups (EPG), a collection of network endpoints that includes a wide range of entities, including bare-metal servers, virtual machines, and containers.  Docker offers an open source platform for running distributed applications in Linux containers.  

·        Enhanced security:
Cisco ACI now provides micro-segmentation support for VMware VDS, Microsoft Hyper-V virtual switch, and bare-metal applications, which allows granular endpoint security enforcement. Customers can dynamically enforce forwarding and security policies and quarantine compromised or rogue end points based on virtual machine attributes (such as Name, Guest OS, VM Identifier) or network attributes (such as IP address.)

Organizations can also isolate workloads within the same policy group. For example, communication between all endpoints within the same web tier can be disabled through policy-based automation, which prevents security threats from moving laterally within the data center.

·        Support for multiple data centers:
Cisco ACI now delivers consistent policy-driven automation across multiple data centers to enable application mobility and disaster recovery through the new multi-site application in the ACI toolkit. 

·        Cisco ACI now also supports service insertion and chaining for any service device, without the need for a device package for policy coordination with the Cisco APIC. Customers can now seamlessly configure and manage all their existing network services, while automating network services connectivity.

·        Increased operational flexibility:
 Additional software capabilities provide:  support for NX-OS style Command Line Interface (CLI) for APIC, Basic and Advanced GUI modes, Simple Network Management Protocol (SNMP) support for APIC, and trouble-shooting wizard enhancements such as Heat Map. General availability is Q4 CY 2015.

·        Customer choice in cloud automation tools:
As organizations continue their journey to the cloud, Cisco provides the industry’s most comprehensive support for cloud automation tools. Adding to its support for Microsoft AzurePack for private cloud, Cisco now offers full policy-based cloud automation with VMware vRealize Automation and also OpenStack deployments. Cisco is extending ACI policy directly to the hypervisor using Opflex on Open vSwitch (OVS). OpFlex provides the policy-based integration between OpenStack and APIC. These will be generally available in Q4 CY 2015.

“At Sungard Availability Services, we provide a highly scalable OpenStack-based cloud platform offering managed network services using Cisco Application Centric Infrastructure and Group-Based Policy,” said Prasad Dorbala, Vice President of Network Transformation, Sungard Availability Services. “With the new open source support for OpFlex and Open vSwitch, we can now extend these capabilities directly into the KVM hypervisor to help customers realize the promise of physical plus virtual integration. This solution allows organizations to rapidly deploy applications through policy automation, easily insert multiple network services, and efficiently operate and manage their OpenStack cloud with APIC’s telemetry, analytics, and troubleshooting capabilities.” 

·        ACI Ecosystem expands to 47 members:
In addition to CliQr, DataTorrent, and Vnomic, four new members that expand complete application and cloud services for ACI deployments have joined the ACI ecosystem: Apprenda, KillerIT, One Convergence and ScienceLogic. These new ecosystem members  provide Platform as a service (PAAS) and are helping organizations to automate across their application and infrastructure teams. Together, Cisco and a broad ecosystem of industry leaders are delivering on the vision of SDN for end-to-end automation of the digital enterprise.


Learn more about: Application Centric Infrastructure (ACI)

Read InfoWorld’s in-depth product review of ACI: “Cisco ACI shakes up SDN”

Read IDC Report: Symantec Delivering on Its Strategic Vision with Next-Generation Secure Datacenter Powered by Cisco ACI

View video: “Applications Leaders Embrace ACI”

View ACI animated videos: “One Day at a Large Financial Institution”, “Fixing an Application with Cisco ACI”, “Upgrading an Application with Cisco ACI”, “Cisco ACI and IT Security Automation Saves the Day

Learn How Cisco ACI delivers business outcomes

Learn more on Cisco Data Center Services

About Cisco

Cisco (NASDAQ: CSCO) is the worldwide leader in IT that helps companies seize the opportunities of tomorrow by proving that amazing things can happen when you connect the previously unconnected. For ongoing news, please go to

# # #

Cisco and the Cisco logo are trademarks or registered trademarks of Cisco and/or its affiliates in the U.S. and other countries. A listing of Cisco's trademarks can be found at Third-party trademarks mentioned are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company.

Availability Disclaimer: Many of the products and features described herein remain in varying stages of development and will be offered on a when-and-if-available basis. This products and features are subject to change at the sole discretion of Cisco, and Cisco will have no liability for delay in the delivery or failure to deliver any of the products or features set forth in this document.

Media Contacts

Lee Davis