Building upon its software-defined networking vision, Cisco has announced a module for its SDN controller that provides functionality in the LAN and WAN.
The Application Policy Infrastructure Controller (APIC) Enterprise Module extends Cisco's Application Centric Infrastructure (ACI) platform beyond the data center -- where SDN has been previously focused -- to provide policy-based automation and configuration for end-user applications across the enterprise.
Cisco emphasized that applying the principles of SDN to the distributed network can greatly reduce the burden of network operations, estimating that an average network administrator could save 36% of his/her time by using Cisco APIC.
The enterprise module supports existing network hardware for rapid deployment, Jeff Reed, vice president and general manager of SDN at Cisco, said in an interview. The module will be available as a hardware appliance or virtual appliance. It will support new and existing APIs and protocols including OpenFlow, Cisco onePK, and command-line interface to support new programmable Cisco devices as well as legacy infrastructure.
The APIC module is constructed of three elements: a consolidated network information database, policy infrastructure, and automation. "The controller acts like a Swiss army knife," said Reed. That allows IT to define application policy and automate functions like configuration changes and QoS across the network, he added.
The module integrates with Cisco Sourcefire security for threat detection and mitigation. Third-party applications can provide end-to-end WAN orchestration and management, according to Cisco. IT can also link the controller to higher-level orchestration systems through northbound APIs with the included software developer kit.
[Read Greg Ferro's take on why customers should be cautious with Cisco's SDN platform in Cisco ACI: Proceed At Your Peril.]
Cisco expects the APIC Enterprise Module to be available at the end of the first half of 2014, around the same time as its data center controller. Therein lies the problem with all of this -- it is still in the "concept" phase.
While in theory, extending Cisco ACI to distributed networks makes a whole lot of sense, it would make a lot more sense if ACI were already successfully running in customer data centers. The fact that it's still just an idea that Cisco is drumming up support for makes it a little difficult to swallow. After all, the idea of automating and managing applications through the network is not a new one, and always ends up being much more difficult than we'd hoped (Application-Oriented Networking, anyone?)
There is unmistakably a need for increased automation and programmability in enterprise networks. Many networking teams are finding themselves in the unfortunate position of playing catch-up with the rest of the enterprise in terms of performance and agility. But they need proven products and services they can phase in over time to help them adapt their environments. It's up to our networking vendors to deliver on that.