sdn & apic-em tech-update - cisco › c › dam › assets › global › dk › seminarer ›...
TRANSCRIPT
SDN & APIC-EM TECH-Update August 2015
René Andersen System Engineer Cisco DK
Cisco and/or its affiliates. All rights reserved. Presentation_ID Cisco Public
Why SDN, programming and APIC?
2
Cisco and/or its affiliates. All rights reserved. Presentation_ID Cisco Public
Manual Automated
Box-Centric Network-Wide
Provision in Months Hours
Closed Systems Open and Programmable
Network Data Business Intelligence
New Installations Existing + New Installations
Fast IT: IT Agility at the Speed of Business
Cisco and/or its affiliates. All rights reserved. Presentation_ID Cisco Public
Design Point for Cisco APIC-EM Solution
4
Low Risk Minimal to NO programming
Low Complexity
Brownfield Support
Start with few solvable problems
Cisco and/or its affiliates. All rights reserved. Presentation_ID Cisco Public
But uses controller
to mask complexity
NETWORK
Why controllers helps us all, admin still has the power.
5
Cisco and/or its affiliates. All rights reserved. Presentation_ID Cisco Public
APIC APIC-EM
DC WAN Access
ODL
Open
Source
Cisco SDN Controller Technologies
1 2 3
Different controllers different purposes
Cisco and/or its affiliates. All rights reserved. Presentation_ID Cisco Public
Abstracting Conventional Policy Complexity
Conventional Model
The What
“Security Policy for Branch A”
The How
“Change ACLs in the Following
Elements”
The What
“Security Policy for Branch A”
The How
“Change ACLs in the Following
Elements”
ACI Constructs
Admin
Driven
Admin Driven
Northbound APIs
APIC EM
ACI Policy Model
ACI Abstracts System Management and Enables Programmable Driven Policies
7
Cisco and/or its affiliates. All rights reserved. Presentation_ID Cisco Public
What is Policy?
WHAT HOW
Policy way to simplify how we do things via abstraction 8
Cisco and/or its affiliates. All rights reserved. Presentation_ID Cisco Public 9
Cisco APIC Enterprise Module Architecture
Abstracts Network Devices to Mask Complexity
Treat Network as a System
Exposes Network Intelligence
For Business Innovation
Cisco APIC Enterprise Module
Cisco and Third Party Applications
Network Devices Catalyst, ASR, ISR
Network Info Database
Policy Infrastructure
Automation
REST API
Southbound Interface: CLI
Security QoS IWAN Network PnP
Masking Network Complexity, Exposing Network Intelligence .
Cisco and/or its affiliates. All rights reserved. Presentation_ID Cisco Public
Intent Policies
High Level Constructs
Translation
Network Control Functions
QoS ACL Configuration
UI:: BradWebAllow: brad http allow
Policy Manager:: Business Policy -> Network Policy
Policy Programmer:: Network Policy-> Network Cmds
Scanner-Service:: Network Commands -> device
Policy engine – Business Intent
Translation of high level constructs to
network control functions reduces skills
gaps and clarifies policy procedures
10
Cisco and/or its affiliates. All rights reserved. Presentation_ID Cisco Public
{"policyName":"bradweballow","policyOwner":"Admin","policyPriority":4095,”
networkUser":{"userIdentifiers”:["brad"]},"resource":{"applications":["80,80,tcp"]}
,"actions":["PERMIT"]}
UNDER THE COVERS – YOU DON’T SEE THIS!
CompositeNetworkPolicy [networkPolicy=NetworkPolicy [policyId=902000be-adaf-4f41-bfb7-
d1d9ee01e0f8,
creatorUserId=Admin, policyName=bradweballow, policyPriority=4095,
businessPolicyId=10d7e374-c1e0-4190-b3f8-58b3a49b4a90,
flowId=7ba2034a-3cb0-4877-ae14-4a6c33aac312,
actionId=70fb3b4c-ccf8-4561-b49c-684e5dc8d3cd, ],
flow=Flow [flowId=7ba2034a-3cb0-4877-ae14-4a6c33aac312,
srcIp=10.10.30.2, srcIpMask=32, dscp=-1, protocol=tcp, srcTptPortLower=0,
srcTptPortUpper=0, dstTptPortLower=80, dstTptPortUpper=80], flowAction=FlowAction
[actionId=70fb3b4c-ccf8-4561-b49c-684e5dc8d3cd, action=permit, actionPropDscp=-1, ]]
CLI = config t, ip access-list extended User-Acl--8653840507576742282,
10 permit tcp host 10.10.30.2 any eq 80,
interface GigabitEthernet1/0/4, ip access-group User-Acl--8653840507576742282 in, end
20:22:28.992 EST DEBUG c.c.c.qos.acl.AclPolicy - Acl Policy Created Successfully on the
Device : d29d175f-aacc-4c9c-a290-2392fc80a0e3
11
Cisco and/or its affiliates. All rights reserved. Presentation_ID Cisco Public
First we need to check the APIC-EM User Interface
12
Cisco and/or its affiliates. All rights reserved. Presentation_ID Cisco Public
APIC-EM User Interface App: Device Inventory
13
Cisco and/or its affiliates. All rights reserved. Presentation_ID Cisco Public
APIC-EM User Interface App: Topology
14
Cisco and/or its affiliates. All rights reserved. Presentation_ID Cisco Public
APIC-EM User Interface App: **possible** future services
Cisco and/or its affiliates. All rights reserved. Presentation_ID Cisco Public
Use Case: Path Visualization
• No efficient method to troubleshoot IP voice and video sessions traversing the network on demand
• Lack of network visibility creates large OPEX to diagnose and find problem sources
• Path computation service provides a fast and accurate method for rapidly identifying/isolating paths causing problems
• Low risk use case for SDN
16
Cisco and/or its affiliates. All rights reserved. Presentation_ID Cisco Public
Path Trace Visualizer 5-Tuple Input
17
Cisco and/or its affiliates. All rights reserved. Presentation_ID Cisco Public
Path Trace Visualizer Wireless to Wired
18
Path Visualization (Trace) For Your Reference
Cisco and/or its affiliates. All rights reserved. Presentation_ID Cisco Public
Key Milestones to SDN Led Management Evolution 2015
Q1 2015 Q4-2015 Q1- 2016
APIC-EM CA
Path Visualization application for
network path tracing
APIC-EM GA
Scalable controller foundation
supporting multiple use case / apps
APIC-EM Updates
Expanded application support across
multiple enterprise use cases
APIC EM Apps
IWAN App GA with dynamic QoS
changes; BSA app EFT
APIC-EM Apps
Multiple apps across Wireless, Access,
Collab, Security and Automation
APIC-EM Apps
IWAN app EFT with policy based provisioning of Secure WAN
20
Cisco and/or its affiliates. All rights reserved. Presentation_ID Cisco Public
APIC-EM Policy App
21
Cisco and/or its affiliates. All rights reserved. Presentation_ID Cisco Public
APIC-EM Policy App Under the hood
22
Cisco and/or its affiliates. All rights reserved. Presentation_ID Cisco Public
Branch
SourceFire
Defence Center
SDN Controller
ISR Sensor
X
SourceFire Sensor
Sensor
1. BYOD Malware/Javascript Attack
2. SF Sensor detects threat
3. SF DC notifies Controller
4. Remediation API event
5. Policy installed on Access switch port by Controller.
6. Block or quarantine end-point
WAN
ISR
Internet
HQ
Malware Attack
Defense Center Alert!!!!
Controller Notification
Remediation Policy Enforcement
Host Quarantined
How to use Policy Programming for Network Threat Defense Policy Programming outside the User Interface
23
Cisco and/or its affiliates. All rights reserved. Presentation_ID Cisco Public
Branch
SourceFire
Defence Center
SDN Controller
ISR Sensor
X
Sensor
WAN
ISR
Internet
HQ
Controller Notification
Host Quarantined
How to use Policy Programming for Network Threat Defense Policy Programming outside the User Interface
24
Defense Center
/api/v0/policy POST
{"actions": ["DENY"],
"policyOwner":"admin”,
"policyName": "deny_all”,
"networkUser":
{"userIdentifiers”:["10.1
0.20.7"]}}
Cisco and/or its affiliates. All rights reserved. Presentation_ID Cisco Public
EasyQoS App No More Individual, Box-by-Box Configuration
Config.
Cisco Validated
Design- Based Templates
Contr
ol
Tra
nsa
cti
on
al D
ata
R
ealtim
e
Best
Effort
Cisco Validated Design {CVD}
25
Cisco and/or its affiliates. All rights reserved. Presentation_ID Cisco Public
Easy QoS App Cisco Validated Design (CVD) classification and marking
26
Cisco and/or its affiliates. All rights reserved. Presentation_ID Cisco Public
Easy QoS Easy customization of policies
27
Cisco and/or its affiliates. All rights reserved. Presentation_ID Cisco Public
Use Case: Dynamic QoS Classification for Jabber Video
Enterprise Network
3945/ISRG2 3945/ISRG2
EN
Controller
3945/ISRG2
Cat 3750
Cat 3750
Single policy request produces automated change
across all network elements enabling high quality user
experience
QoS Changes
Collaboration
App
Session
Policy
AP
Pre-QOS change – Default Classification
Post QoS change - Video
28
Cisco and/or its affiliates. All rights reserved. Presentation_ID Cisco Public
Application Driven Network Dynamics Dynamic Policy Management for Jabber Audio/Video
Client A
calls Client
B
Calls Ends
CUCM calls
APIC-EM to
setup Policy
QoS Policy
enabled on
network device
APIC
EM
REST API
QoS Policy
removed from
network device
APIC
EM
REST API
CUCM calls
APIC-EM to
Delete Policy
29 (*) Roadmap
Cisco Confidential 30 © 2013-2014 Cisco and/or its affiliates. All rights reserved.
NG Plug-N-Play - Simple Secure Scalable
Unskilled
Installer GUI Based
Consistent for devices &
PIN(Campus/Branch) Secure
RMA Use
Case
Greenfield
& Brownfield
Pre Provision Projects/Sites • Policies • Match Rules • Configs/Image • IP Addressing
Network Admin
1
• Network Admin remotely monitors status of install while in progress.
• Booting devices call out to PnP Server, requesting instructions
3
Campus-
Bldg-2
Smart Install Proxy
PnP Agent
Smart Install-Client
PnP Agent
PnP Agent
PnP Agent
PnP Server
Installer
Remote Installer • Mount and cable devices • Power-on
2 APIC EM
Cisco Confidential 31 © 2013-2014 Cisco and/or its affiliates. All rights reserved.
NG PnP – Components
PnP Agent: An embedded agent on the ISR
and Catalyst to automate deployment process
PnP Server: A central server that manages deploy
devices (images, configurations, files and licenses)
for the devices being deployed.
APIC EM PnP Server provides a north bound
interface for management applications.
PnP Server communicates with the Agents using an
open PnP protocol.
PnP Protocol: Protocol between the
Agent and the PnP server. This is an
open schema allowing third-party
development of PnP servers
Cisco Cloud Redirection Service
https://devicehelper.cisco.com/device-
helper
PnP Helper Applications:
Applications on smart phones and
personal computers that facilitate
deployment
Deliver Boot Strap config when
needed
Cisco Confidential © 2011 Cisco and/or its affiliates. All rights reserved. 32
Example Branch Automated Deployment
Pre Provision Projects/Sites • Policies • Match Rules • Configs/Image • IP Addressing
Network
Admin
Installer
Day 0
Day 1
Day 1
PnP Server
Network Admin
Internet
Deliver bootstrap
IT Admin remotely monitors
status of install while in
progress.
PnP Server site Device list
Installer on site • Mount and cable
devices • Power-on
PID Serial # Hostname IP address
ISR-2951 FOX23zxcd ISR-main 192.168.15.1
ISR-2951 FOX23zxcb ISR-bakcup 192.168.15.2
C3850 FOC123dfg Dist1 192.168.16.3
C3560C FOC443asd ACC-sw1 192.168.16.4
C3560C FOC443asa ACC-sw2 192.168.16.5
C3560C FOC443asg ACC-sw3 192.168.16.6
C3560C FOC443asx AC-sw4 192.168.16.7
Booting
devices
contact PnP
Server
requesting
instructions
Cisco Confidential 33 © 2013-2014 Cisco and/or its affiliates. All rights reserved.
APIC EM Component: PnP/ZTD Manageability Pre-provisioning and Day0
Cisco Devices Catalyst, ISR, ASR
Cisco ONE Enterprise APIC Controller - EM
CLI, OpenFlow, OnePK API, PNP Protocol
REST API
Zero Touch Deployment (ZTD)
App
Enterprise Applications & Orchestration Layer
Image & Config.
Policy Definition
Pre-
Provisioning
ZTD component
Scripts based on REST API
ZTD
component
First GUI based
PnP Server from
Cisco
ZTD App
Available Q4
2015
Security QOS Mobility
Cisco Confidential 34 © 2013-2014 Cisco and/or its affiliates. All rights reserved.
NG PnP: Installer App
No CLI by installer
Why an Installer App for Deployment
Delivers boot strap
Troubleshooting tool: ie: device status
Communicates with Server
3G/4G/Wifi
Provides device install status & progress
Provide project install notes/documents
Optional: the Installer App is not required for solution
Bootstrap and installer aid only
Supported Devices: Iphone, Ipad, laptop
Uses special Serial/console cable
Special App
Console
cables
Cisco Confidential 35 © 2013-2014 Cisco and/or its affiliates. All rights reserved.
NG PnP Server Discovery: precedence 1) DHCP Response with Options 60 & 43 – consistent with Cisco LWAP
Option 60 – Vendor Class ID matching Networking Device– optionally configured on DHCP Server
Option 43 – IP Address of PnP Server
2) pnpserver.localdomain – customer configures their DNS server to resolve
3) Cloud redirection https://devicehelper.cisco.com/device-helper
4) Neighbor assisted – when no DHCP
DNS Server
DNS response: 192.168.1.1
AGent
Resolve DNS “pnpserver.localdomain”
2 1
PnP Server
Contact PnP Server directly using option 43
“192.168.1.1”
Cisco Confidential 36 © 2013-2014 Cisco and/or its affiliates. All rights reserved.
APIC-EM ZTD: pre-provision site process
Site Workflow
- Serial # and PID create rule to match the device
- Operational Config and/or IOS image for each device
- Bootstrap config optional
- Import/Export to use table driven data entry
Cisco Confidential 37 © 2013-2014 Cisco and/or its affiliates. All rights reserved.
Platform PnP Agent Support on Products Supported
Release
Release
Timelines
Access
Switches
Cisco Catalyst 4500E Switches (Sup8-E, 7-E/7L-E, 6-E/6L-E)
Cisco Catalyst 4500-X, 4900 Series Switches
Cisco Catalyst 3850, 3650, 3750-X, 3560-X Series Switches
Cisco Catalyst 2960-C, 3560-C Series Compact Switches
Cisco Catalyst 2960-S/SF/X/XR Series Switches
Cisco 5700 Series Wireless Controller
IOS 15.2(2)E,
IOS-XE 3.6.0E July 2014
Core Switches Cisco Catalyst 6500 Series Switches: Sup2T/Sup720
Cisco Catalyst 6880-X, 6807-XL Series Switches IOS 15.2(1)SY Dec 2014
Access Routers
Cisco 4451-X Integrated Services Router
Cisco ASR 1000 Series Aggregation Services Routers
Cisco Cloud Services Router 1000V Series
Cisco 800, 1900, 2900, 3900 Series Integrated Services Routers
IOS-XE 3.12/
IOS 15.4(2)T July 2014
Industrial
Ethernet
Switches
Cisco Industrial Ethernet 2000 Series Switches
Cisco Industrial Ethernet 3000 Series Switches IOS 15.2(2)E July 2014
Firewall, Data-
Center Switches
Cisco ASA Firewalls, Cisco Nexus Series Switches Roadmap Q4CY15
NG Plug-N-Play – Supported Platforms
Cisco and/or its affiliates. All rights reserved. Presentation_ID Cisco Public
Cisco Solution: APIC EM + IWAN
Single policy management domain Seamless LAN and WAN interoperability
Better Resource Utilization
Central point of control for multiple services Simplified Management
Lower Operational Complexity
One click implementation of business context policies Easier Deployment
Centralized end to end network level view Greater control of Service Level Objectives for critical Apps
Complete service location and form factor
transparency Higher Agility
Smarter Branch, Simpler Operations, Faster Service Delivery
IOS FW WAAS PfR
AVC
DMVPN
Cisco and/or its affiliates. All rights reserved. Presentation_ID Cisco Public
Cisco Intelligent WAN App for APIC-EM
Business Policy Dictates Network Action
IT Admin
Business
Policy:
App SLA
APP DMVPN
SLA
QoS
Security
Path
Selection
Access Application
Network Profile
NETWORK
SDN
Simple Workflow
Templates
Zero Touch
Provisioning Business
Level Policies
Open
Architecture
Network, Applications
Monitoring
39
Cisco and/or its affiliates. All rights reserved. Presentation_ID Cisco Public
APIC-EM IWAN App Dashboard and Site Configuration
40
Cisco and/or its affiliates. All rights reserved. Presentation_ID Cisco Public
Site topology choices in IWAN app
Cisco and/or its affiliates. All rights reserved. Presentation_ID Cisco Public
Link type selection in
IWAN app
Cisco and/or its affiliates. All rights reserved. Presentation_ID Cisco Public
Application priority policy setting in
IWAN app
Cisco and/or its affiliates. All rights reserved. Presentation_ID Cisco Public
Cisco Prime and APIC-EM
Control Layer
Device Layer
Operational Automation
Policy and Service Definition
Automated Assurance Provisioning
Visualization, Trending and Analytics
Network Intelligence
Device Layer Abstraction
Network Control
Policy Enforcement & Network Change
Management & Orchestration Layer
Cisco Devices Enterprise Networks, Data Center
Cisco APIC Common ACI Architecture
APIC for datacenter APIC Enterprise Module
CLI, OpenFlow, OnePK API
REST API (ONE DevKit)
Catalog / Provisioning
Fault / Events
User / Data Management
Performance Monitoring
Reporting / Analytics
Cisco IAC
UCSD
APIC-EM App (IWAN)
PRIME INFRASTRUCTURE & NAM
44
Cisco and/or its affiliates. All rights reserved. Presentation_ID Cisco Public
System of record vs. system of change
Prime Infrastructure APIC - EM
System of Record System of Change
• Policy definition
• Historical reporting on
events & performance
• Configuration archive
• Troubleshooting workflows
• Capacity Trending
• Predictive Analytics
• Policy enforcement
• Discovery (for change)
• Topology (for change)
• PnP
• Network state monitoring
• Device abstraction
• Network Control
45
Cisco and/or its affiliates. All rights reserved. Presentation_ID Cisco Public
Policy Maturity to Cover Enterprise System of Change
policy
traditional configura
tion
traditional
policy policy
Controller-based Automation ACI Today
traditional
Policy based
Configuration:
Dynamic, able to
be automated,
managed by the
controller;
Policy grows,
static shrinks
Cisco and/or its affiliates. All rights reserved. Presentation_ID Cisco Public
Cisco Controller and Management System Portfolio for the Campus/Branch in 12-24 Months
Common Controller Layer
for Campus/ Branch
Policy
Prescriptive
Provisioning
Feature
Configurable
Provisioning
Common Monitoring / Assurance
Common Automation Layer System of
Automation
System of Record
System of Change
NE NE NE NE NE
APIC-EM
Multiple APIC-EM
Apps
Prime
Infrastructure
Prime Infrastructure
Branch Service Automation
NE NE NE NE NE
Cisco Confidential 48 © 2013-2014 Cisco and/or its affiliates. All rights reserved.
Traditional Management to SDN led Management (1 of 5)
Prime Infra (NMS) NW (LF, AS)*, UCS
NE NE NE NE
Customer developed
provisioning tools, manual CLI
changes, and run book
automation for IT Operations
support
Traditional Management
NE NE NE NE
Controller
(APIC-EM)
Automation (Workflow / Orchestration)
Customer input on business /
service intent
Prime Infra (NMS) (Provisioning and Assurance)
SDN Led Management
* LF: Lifecycle, AS: Assurance
Cisco Confidential 49 © 2013-2014 Cisco and/or its affiliates. All rights reserved.
Traditional Management to SDN led Management (5 of 5) Prime Infra + APIC EM (w/ Foundation Apps, Solution Apps, Advanced Apps)
Prime Infra (NMS) NW (LF, AS)*, UCS
NE NE NE NE
Customer developed
provisioning tools, manual CLI
changes, and run book
automation for IT Operations
support
Traditional Management SDN Led Management
NE NE NE NE
Controller (APIC-EM)
…. APIC-EM Foundation Apps ($0) Ex: Inv., Topo., PnP..
APIC-EM Controller SW ($0)
(Opt) UCS HW Platform($$)
...
MGMT 3.x Lic. ($$) • PI 3.x
• Solution Apps Ex. IWAN App, etc
Advanced Apps ($$) Ex: BSA*, Prime Insight
Customer input on
business / service intent
Automation
...
... PI 3.x (NMS)
*BSA: Branch Services Automation
Cisco and/or its affiliates. All rights reserved. Presentation_ID Cisco Public
Add an APIC-EM Controller to Prime 3.0
Cisco and/or its affiliates. All rights reserved. Presentation_ID Cisco Public
In Prime – Enable APIC-EM Next-Gen PnP server for Plug and Play globally
Cisco and/or its affiliates. All rights reserved. Presentation_ID Cisco Public
APIC-EM Controlled Availability – Supported devices
52
What you get for CA2 APIC-EM ver. 0.9
Single ISO Image:
Containing one Linux Machine
Ubuntu 14.04 64-bit
Grapevine bits
APIC-EM Service Catalog
Client Container
Service Catalog
Operating System
Container
Bins / libs
Client Root
Virtual Machine
How APIC-EM can be deployed !
Hardware
Operating System
Container
Bins / libs
Client
Container
Bins / libs
Client Root
Hardware
Container
Bins / libs
Client
Container
Bins / libs
Client Root
Hypervisor
Operating System
Bare Metal Hypervisor Agnostic
C
u
s
t
o
m
e
r
a
s
k
!
!
!
Before you deploy… General Requirements:
• CPU: 2-4 cores or more
• RAM: 8-64GB or higher (for scaling)
• HDD: 40-150GB
• Bare Metal or ANY Hypervisor !
• Multiple Physical Machines for HA
• NTP server
• Internet access (for automatic updates)
Minimum Number of IP Addresses
Required = 1 (external Phy Interface)
Depending on the customer’s environment:
• Add +1 for access to NTP server network if separated (needed all times!)
• Add +1 for access to Internet (if not routable from above networks)
Custom made Apic-EM Apps
Cisco and/or its affiliates. All rights reserved. Presentation_ID Cisco Public
DevNet Forums | Sandbox | API Index | Documentation
Cisco and/or its affiliates. All rights reserved. Presentation_ID Cisco Public
Self-Service Sandboxes
Select environment
Verify availability
Reserve
Setup Conduct activities
Collaborate
Teardown
Cisco and/or its affiliates. All rights reserved. Presentation_ID Cisco Public
Building the Partner Ecosystem: Advanced Apps
Cloud Hosted WAN Management
Threat Detection & Mitigation
Network Performance Management
VDI & Load Balancing
More Partners are in Pipeline
Homemade Apic-EM Apps
Cisco and/or its affiliates. All rights reserved. Presentation_ID Cisco Public
Scope : Ensure IT is not preventing business from
growing and Lower TCO by right sizing switching
infrastructure
2 functions
• List amount of unused ports for a given time period,
suggest replacements when valid
• Predict growth and expand before problems arise
“RightSize App Goal”
Cisco and/or its affiliates. All rights reserved. Presentation_ID Cisco Public
APIC-EM
Database Switch infrastructure
Admin workstation 1. RIGHTSIZING-APP polls
APIC-EM rest API
2. APIC-EM polls southbound switches using CLI
3. RIGHTSIZING-APP saves data in database
4. RIGHTSIZING-APP check growth parameters and creates events is Threshold exceeding
5. RIGHTSIZING-APP sends events using email to procurement department
1
3
4
2
Procurement
5
“RightSize App”
Cisco and/or its affiliates. All rights reserved. Presentation_ID Cisco Public
Cisco and/or its affiliates. All rights reserved. Presentation_ID Cisco Public
Cisco and/or its affiliates. All rights reserved. Presentation_ID Cisco Public
Cisco and/or its affiliates. All rights reserved. Presentation_ID Cisco Public
Cisco and/or its affiliates. All rights reserved. Presentation_ID Cisco Public
Cisco and/or its affiliates. All rights reserved. Presentation_ID Cisco Public
Cisco and/or its affiliates. All rights reserved. Presentation_ID Cisco Public
SkyConnect 4.0 Lufthansa Systems global WAN platform
Reference customer on APIC EM
Is the All in One – iWAN – LAN and Voice solution”
Cisco and/or its affiliates. All rights reserved. Presentation_ID Cisco Public
APIC-EM Apps a.k.a how can the controller help my customer simplify their environment?
Path Visualization
Path Visualization + Integration with CUCM (via MapCollab)
ACL Trace
ACL Analysis
Security Policy Programming (Per User/Group)
Policy Programming for Network Threat Defense
Easy QoS via User Interface
Dynamic Policy for video soft clients
IWAN App
Network Plug and Play Server
Applications
Released in
phases
Just a few
examples,
there’s
much more
APIC-EM for free Get Apps with Cisco ONE
Cisco and/or its affiliates. All rights reserved. Presentation_ID Cisco Public
What Is Cisco ONE Software? A More Valuable and Flexible Way to Consume Cisco Software
A La Carte, Separately Priced Items
Current Model
Licensing Tied to Hardware
Perpetual for the
Lifetime of the Box
Software Suites
Offered as a Solution
Software License Portability
Access to Ongoing Innovation
Perpetual, Subscription, & ELA Options
Cisco ONE
Cisco and/or its affiliates. All rights reserved. Presentation_ID Cisco Public
Cisco ONE Software
Note: Not represented is the Base Software Platform (e.g., operating system) included with each device. These are not sold as a Cisco ONE bundle, but included with the device
Foundation
Security
Applications
Cisco ONE for Data Center
Threat Defense for Data Center
Multi-Tenant Converged
Fabric
Intercloud Fabric
Foundation for Networking
Foundation for Compute
Networking Compute
ASA, ASAv
Nexus 3K, 5K, 6K, 7K,
9K, MDS 9000
X86, UCS
Cisco ONE for Access
Identity Services for Access
Campus Fabric Advanced Mobility Services
Foundation for Switching
Foundation for Wireless
Switching Wireless
ISE, ISEv
Catalyst 2K, 3K,
4K, 6K
WLC, MSE, AP
Cisco ONE for WAN
Threat Defense for WAN
WAN Collaboration
Foundation for WAN
ASA, ASAv, Cloud
ISR, ASR, CSR
WAN
Products
Suites
Cisco and/or its affiliates. All rights reserved. Presentation_ID Cisco Public
Some References
75
APIC-EM
Session PDF http://www.cisco.com/web/DK/seminarer/mate
rialer.html
APIC-EM Demo Video’s incl. Audio https://www.youtube.com/watch?v=mUY5Er-
fjOs
APIC-EM on Facebook https://www.facebook.com/groups/apicem/
German Blog http://gblogs.cisco.com/de/category/apic-em/
DevNet and Download https://developer.cisco.com/site/apic-em/