Thursday, June 4, 2015

Citrix NetScaler and Cisco ACI: How it all Works

It’s an exciting week ahead at Cisco Live in San Diego.

Citrix is pleased to be a key Cisco ACI ecosystem partner through the integration of the Citrix NetScaler ADC with the Cisco APIC controller.

There are several interesting technologies being leveraged to deliver this joint solution and I thought would be interesting to take a look at how it is implemented. Cisco APIC addresses the two main requirements for achieving the application centric data center vision:

Policy-based automation framework

•Policy-based service insertion technology

A policy-based automation framework enables the APIC to dynamically provision and configure resources according to application requirements.

As a result, core services such as firewalls and Layer 4 through 7 switches can be consumed by applications and made ready to use in a single automated step.

Being application-centric, the APIC allows the creation of application profiles, which define the Layer 4 through 7 services consumed by a given data center tenant application. As a key ADC partner in the ACI ecosystem, Citrix NetScaler provides L4-L7 services such as load balancing, application acceleration, and application security.

Cisco ACI and Citrix NetScaler ADC Solution

Figure 1. Cisco ACI and Citrix NetScaler ADC Solution

Device Package Integration
Integration between the Cisco APIC controller and the NetScaler ADC is achieved through a NetScaler “Device Package”. Imported by the APIC controller, the device package enables REST-based API integration and allows the APIC controller to perform detailed feature level configuration of the NetScaler.

Through the joint work of the Cisco and Citrix teams, the list of NetScaler features that can be automated by the APIC controller spans the extensive set of ADC services offered by the NetScaler, and includes over 15 key functions and capabilities such as authentication, firewalling, caching and compression, and more. Citrix has the most complete device package with Cisco APIC for an ADC with NetScaler.

Citrix NetScaler Device Package

Figure 2. Citrix NetScaler Device Package

Policy Based Service Insertion
The second key technology of the ACI architecture is Policy-based Service Insertion. The Cisco APIC solution automates the steps of routing network traffic to the correct services based on application policies. This enables L4-L7 resources to be dynamically provisioned and configured according to application requirements on a per tenant basis.

The Cisco APIC offers a graphical drag and drop GUI to easily create L4-L7 Service Graphs that specify network traffic routing; any of the L4-L7 ADC features available in the NetScaler device package can be included in a Service Graph definition, allowing comprehensive NetScaler integration with the Cisco APIC.

Cisco APIC Service Graph, with Citrix NetScaler ADC and Cisco ASA Firewall Routing

Figure 3. Cisco APIC Service Graph, with Citrix NetScaler ADC and Cisco ASA Firewall Routing

Policy-based service insertion automates the steps of routing network traffic to the correct services based on application policies. The automated addition, removal, and reordering of services allows administrators to quickly change the resources that an application require without the need to rewire and reconfigure the network or relocate the services. For example, if the business decision is made to use an application firewall found in a modern ADC as a cost-effective way of achieving PCI compliance, administrators would simply need to redefine the policy for the services that should be used for the related applications. The Cisco APIC can dynamically distribute new policies to the infrastructure and service nodes in minutes, without requiring the network be manually changed.

Once created, a Service Graph can be assigned to an Application Profile and contracted to a data center tenant, thereby defining the network traffic flow for that specific application and tenant.

APIC Service Graph and Application Profile for Tenant

Figure 4. APIC Service Graph and Application Profile for Tenant

NetScaler and ACI Solution Benefits
The unique joint Cisco ACI and Citrix NetScaler solution improves data center operations and application deployment, using the Cisco APIC as the central policy control and management station and Cisco ACI service-insertion technology to direct traffic to the appropriate service nodes.

The main benefits include:

•Central point of network control with ADC service policy coordination and automation: The Cisco APIC acts as a point of configuration management and automation for NetScaler SDX, MPX, and VPX appliances; tightly coordinates the ADC service delivery with the network automation; and provides end-to-end telemetry and visibility of service-aware applications and tenants.

•Scalable and elastic architecture for physical and virtual appliances: Cisco ACI defines a policy-based service insertion mechanism for both physical and virtual ADC appliances, providing full lifecycle service management based on workload instantiation and decommissioning.

•Investment protection: Cisco ACI and Cisco APIC are fully compatible with existing ADC networks, preserving existing service operation models and using open standards protocols.

•Open ecosystem for service integration: Cisco and Citrix are guiding the IETF standard for the Network Service Header (NSH) Protocol, with the promise of agile and elastic service delivery capable of supporting the movement of service functions and application workloads.

Citrix NetScaler Platforms Supported
Cisco APIC is capable of orchestrating services deployed on all Citrix NetScaler ADC appliance form factors and models – the VPX virtual appliance, multi-tenant SDX appliance, and high performance MPX appliance. The Citrix NetScaler NS1000V, a virtual NetScaler appliance sold and supported by Cisco, is also supported by Cisco APIC.

Why Cisco and Citrix
As businesses quickly move to make the data center more agile, application centric automation and virtualization of both hardware and software infrastructure become increasingly important. Cisco ACI builds the critical link between business-based requirements for applications and the infrastructure that supports them. The Citrix NetScaler ADC connects infrastructure and applications and makes that insight available to the Cisco APIC though deep integration.

For additional information about ACI, and Citrix NetScaler/Cisco integrations, listen to Citrix VP of Product Management, Steve Shah, and Cisco Director, Harry Petty discuss the benefits of the Cisco ACI-Citrix NetScaler joint solution, and how it improves services velocity and preserves existing investments through an open Cisco ACI model.

Citrix’ VP Steve Shah talks about the benefits of a centralized L2-L7 management for SDN

Visit the Citrix – Cisco Partner Page.

No comments:

Post a Comment