Open-Stack SDN vs Cisco ACI: Enabling DevOps with a Trusted Solution
Cisco
How long does it take you to complete network-specified functions? A few hours, a day, a week?
At Russmedia, our answer was: Way too long.
Some years ago, our server density was decreasing rapidly due to the virtualization layer.
With the implementation of container technics for our microservices, our datacenter 'IP stack' was increasing again and network management was becoming, well, unmanageable.
For every kind of routine task, we had to put in tickets to the various technical teams. These requests would then be rerouted to the appropriate department—one to the network environment team, another to the windows environment team, and another to Linux. And they all needed to work in tandem. If we were to launch a portal with a new layer of security between the different resources, it took wrangling members of many different teams just to accomplish one task.
As these requests piled up, it was evident that we just couldn’t handle the workload without making a fundamental change to the network. Delays were eating away at the timeline of every project, resulting in a cost of weeks of personnel resources just to get the network set up to handle increases in traffic or a new application stack.
We had reached our tipping point and had to figure out a way to make essential changes to our web stack without requiring the resources, and the subsequent time costs, of many different departments. We just wanted to build something and have it work.
Open-Stack SDN vs. Commercial Solution
As we began to research how we could get rid of this siloed, complex system, it became quite clear that we needed a software-defined network (SDN) to achieve the agility to scale up (or down) in minutes, not weeks. Coming from a very open-minded organization, we lean heavily on open source, so we did a quick search for open-source products on the market. But after our investigation, we concluded that if we went with a white-label open-source solution, we’d have to deploy a department just to handle the SDN stack and all that comes with it. That would’ve put us right back where we started—requiring the resources of one more department to write the stack and maintain it, exacerbating our original problem.
For many organizations, cost is the main benefit of an open-source solution, but when we factored in the additional personnel, the time spent learning and adapting the open-source solution to our needs, going in this direction would’ve ended up costing us more in the long run. After all, time is money.
With a commercial solution, it works right out of the box, so to say. Plus, we wouldn’t need to build up a workforce to handle the new load. When it came to choosing an SDN that would be responsible for the foundation of our entire company, we knew we needed to find a vendor we could trust. One that had a long history of success and innovation.
On the technical side, I wanted a solution that would allow us to isolate every workload inside the data center, from IP to MAC or even hypervisior attributes like VM names, so that we could define everything we do.
We needed it to work on the SDN side because if we had to filter classic 'east/west' application traffic, we didn’t want to have to buy a 10 gig firewall and incur that huge cost, just to limit access to simple services.
Russmedia also has a large campus network that has access to the datacenter network, so we thought it would be great if the SDN could always interact with the campus environment so we could grant specific permissions to each employee.
Cisco ACI
Like many enterprise companies, Russmedia grew up with a Cisco environment, so after evaluating the various SDN vendors, having the history, and more importantly, the working knowledge of Cisco’s reliability and ease of use, our decision was a rather simple one. Now, although the choice to go with Cisco ACI was simple, that isn’t to say the transition was as well.
With any major change comes new challenges. We discovered workflows that had never been defined, and we had to learn how each datacenter in the company could work together. But after we defined these processes, something extraordinary happened: now everyone in our different teams can work with the network layer.
If someone wants to deploy a web server, they can do it; they don’t need to wait on the network team. With definable permissions, each member of every team has the ability to actually do their job. The whole technical department has the knowledge and tools to manage their tasks, and we have a roadmap of knowledge to refer to if something goes wrong.
Now that we have the agility of Cisco ACI, every team has a deeper understanding of how everything works, not just their individual focus. A spark is rising, and it is producing accountability across departments when it comes to deploying an application. Before, someone would build something new, but then, how it would run or who could access it would become 'someone else’s problem.' Today, everyone has to care; they have ownership of their work, from start to end.
As the sole engineer responsible for deploying this technology, I have the huge benefit of being able to easily debug and trace any issues. If something isn’t working, I can go directly into the network layer and investigate. I don’t have to go through a web of routers or switches. I can debug everything—on my own—without having to chase down problems or pull in members of the network team. In the event of a critical bug or attack, these minutes and hours I save by being able to handle the issues myself is extremely important.
Empowered Evolution
This ownership is paving the way for us to evolve into DevOps, and because we have our own data center, we don’t want to put everything onto the cloud. Since we have the network environment and server capacity, we want to deploy on premise.
We want to isolate the container environment and integrate it into the new fabric, but we also have to integrate all our legacy applications as well. To accomplish this, we’re deploying the contiv project into the environment on the datacenter side so we can have a highly new environment with legacy applications and our new DevOps and semi deployed environments.
Every new advancement comes with its own set of unique challenges, but equipped with Cisco ACI, I’m confident we have the resources to succeed. This feeling of empowerment, of ownership, is priceless. If I had the opportunity to go back and do it all over again, the only change I would make would be to buy Cisco ACI a year earlier.
