In May and August of last year, Frank Palumbo outlined our commitment to innovation, choice and openness for virtual switching with next generation, hypervisor independent solutions for the Cisco Application Virtual Switch (AVS) and the Cisco Nexus 1000V. These next generation solutions would be totally free of any vSphere third-party Virtual Switch API dependencies, allowing customers to completely decouple the software lifecycle management of the hypervisor from the SDN technology.
ACI Virtual Edge, our latest innovation in the journey to ACI Anywhere, was shipped in December 2017 as part of the Cisco ACI 3.1 Release. Like the AVS before it, ACI Virtual Edge improves customer OpEx with simplified network configuration for Cisco ACI + VMware vSphere environments, particularly when used with legacy hardware involving multiple L2 hops and/or blade switches with fabric interconnects. The ability to extend the ACI policy model and connect ACI fabric with legacy hardware provides customers with increased investment protection and flexibility in deployment.
ACI Virtual Edge also delivers Distributed Firewall (DFW) capabilities with stateful inspection of TCP connections, dropping packets that that do match known active connections and preventing SYN-ACK and similar attacks. The ACI Virtual Edge telemetry capabilities extend network visibility into the host, facilitating troubleshooting and speeding up problem resolution.
We are seeing a rapid up-take of ACI Virtual Edge from customers moving to ACI 3.1. Experian, an early adopter of ACI Virtual Edge, particularly valued the seamless integration with its third-party server hardware environment. Troy Dechant, Vice President of Global Network Services at Experian, had this to say:
“At Experian, we are focused on gathering, analyzing, combining and processing data to better understand and meet the needs of our customers and our customers’ customers. One of our primary goals is to deliver the best and most secure experience, and Cisco ACI is a critical component of our strategy, providing us the ability to microsegment workloads where and when required. We are using Cisco ACI Virtual Edge to simplify the deployment and management of our multi-vendor server environment. With this tool, we gain visibility to the virtual network as well as the ability to maintain policy and operational consistency across both physical and virtual workloads. This allows us to have a safer and more seamless experience for our customers.”
ACI Virtual Edge is backward compatible to vSphere 6.0 onwards, allowing customers to migrate independently of their vSphere upgrade cycle. For those using KVM or Microsoft Hyper-V – don’t despair – support for these is on the ACI Virtual Edge roadmap.
ACI Virtual Edge is a key component of the journey to ACI Anywhere — a comprehensive strategy to enable customers to define and enforce fine-grained policy anywhere, whether on premises, off premises, in the cloud, or on a variety of endpoints. We have some exciting enhancements and expanded capabilities planned for ACI Virtual Edge, adding further value to ACI, so stay tuned!
For more information, visit us at: http://www.cisco.com/go/acivirtualedge
Great move, this does allow "real" microsegmentation for VMs… at last.