Cisco Cisco UCS Director 4.0 White Paper
© 2015 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information.
Page 10
Application Infrastructure on Demand with Cisco UCS Director and Cisco Application Centric Infrastructure
March 2015
meet their service-level requirements. You can group resources into virtual pods
that pool together specific qualities of computing, network, and storage resources.
Applications can specify the quality of resources they need, and Cisco UCS Director
can match resources to applications when they are deployed in secure tenant
containers.
that pool together specific qualities of computing, network, and storage resources.
Applications can specify the quality of resources they need, and Cisco UCS Director
can match resources to applications when they are deployed in secure tenant
containers.
Define Application Profiles
Before allowing clients to deploy applications through the portal, application
administrators must get together to create application profiles that define the
application infrastructure that can be ordered through the portal. For example, you
may have one-, two-, and three-tier application profiles that can be used to support
most client requirements. Because every set of network connections is securely
isolated in its own VXLAN tunnel by Cisco ACI, multiple identical network containers
can be deployed using the same profiles with no risk of address space collisions.
Before allowing clients to deploy applications through the portal, application
administrators must get together to create application profiles that define the
application infrastructure that can be ordered through the portal. For example, you
may have one-, two-, and three-tier application profiles that can be used to support
most client requirements. Because every set of network connections is securely
isolated in its own VXLAN tunnel by Cisco ACI, multiple identical network containers
can be deployed using the same profiles with no risk of address space collisions.
Define Application-Centric Network Profiles
The process of creating an application profile starts with using Cisco UCS Director
to define the network tiers needed to support applications within a secure tenant
container. Network profiles define the endpoint groups (EPGs) that house the
application components. Contracts define the allowable communication between
layers. One of the main benefits of this approach is that it enables application
developers and network administrators to speak the same language, creating a
network architecture that is defined according to what the applications need.
The process of creating an application profile starts with using Cisco UCS Director
to define the network tiers needed to support applications within a secure tenant
container. Network profiles define the endpoint groups (EPGs) that house the
application components. Contracts define the allowable communication between
layers. One of the main benefits of this approach is that it enables application
developers and network administrators to speak the same language, creating a
network architecture that is defined according to what the applications need.
Figure 3 illustrates an application container with the following characteristics
• The public Internet is allowed to connect to the web EPG through the web
• The public Internet is allowed to connect to the web EPG through the web
contract
An
endpoint is a device that con-
nects to the network and is used as
an interface with other devices. An
endpoint can be a physical network
interface (network interface card
[NIC]) on a server, appliance, or
storage system, or it can be a virtual
interface (virtual NIC [vNIC]) on a
virtual machine.
An
An
endpoint group (EPG) is a col-
lection of endpoints with identical
behavior and that share common
properties, including connectivity,
security, access control, and QoS.
EPGs are used to establish collec-
tions of interfaces: for example, for
web servers, application servers, and
database servers. A physical server
or virtual machine can be a member
of multiple EPGs. For example, a
server can be connected to a man-
agement EPG, a storage EPG, and a
database server EPG.
Public
Internet
Web Contract
Web
EPG
Storage
EPG
Database
EPG
App
Server
EPG
App Contract
SQL Contract
St
orage Contract
ACL
Allow 22,
80, 443
from *
QoS
Class 5
Marking Gold
Redirect Load Balancer
Copy to None
Redirect Load Balancer
Copy to None
ACL
Allow 22,
8080,
from Web Servers
QoS
Class 5
Marking Gold
Redirect Firewall
Copy to None
Redirect Firewall
Copy to None
ACL
Allow 1443
from App Servers
QoS
Class 5
Marking Gold
Redirect None
Copy to None
Redirect None
Copy to None
Figure 3. Application-Centric Network Profiles Define EPGs and Contracts That Regulate
Communication Between Them
Communication Between Them