Software-defined networking (SDN) is a critical component in modernizing your data center to meet new and growing customer expectations and demands.
Citrix and Cisco share a common vision for applying the concepts of SDN to simplify and automate data center and application networking to help their customers succeed. Using an application-centric approach to solve customer challenges, the two companies bring together Cisco’s IT leadership in connecting people, processes, data, and things and Citrix’s expertise in securely delivering apps and data to enable people to work better.
Cisco and Citrix have partnered to develop a leading SDN solution using the Citrix NetScaler application delivery controller (ADC) and Cisco ACI. This integrated solution automates application infrastructure, streamlines management, and improves scalability, security, flexibility. The result is faster application delivery, reduced deployment complexity, and better alignment between applications and dynamic business requirements for both existing and next-generation datacenters.
Citrix is a proud gold sponsor of Cisco Live Melbourne. Visit us at Booth #6 March 7 – 10 to see NetScaler with Cisco ACI in action and enter for a chance to win a prize.
Introducing Cisco ACI Service Manager Mode
Recently, Cisco introduced Service Manager Mode (also known as hybrid mode), a third way of managing service devices, such as NetScaler, with Cisco ACI. Hybrid mode allows the service device to directly provide its functionality to the network without the need for a device package on the APIC, as was required in Service Policy Mode (or managed mode) or for manual stitching of the network connections between the APIC and the service device, as was required in Network Policy Mode (or unmanaged mode). Unlike those modes, hybrid mode enables customers to more rapidly deploy service devices in the network with Cisco ACI and get the full functionality from their devices with a minimum of setup.
When ACI first launched with the concept of L4-L7 service automation, it went to market with Service Policy Mode (also known as managed mode). The approach at that time was to have one source of management — the Cisco APIC — to fully automate the entire L2-L7 stack. This was done through a device package uploaded to the APIC, which contained a list of features and policies to configure the service device (NetScaler ADC, for example). You can think of the device package as a plugin with a list of features presented to configure your service device. The device package was provided by the ecosystem vendor partners who owned the service device and they decided which features were exposed or hidden instead of going directly to the device as with hybrid mode.
Customers have deployed managed mode and had good results. Even so some customers were not yet ready for the APIC to be in full control of their service devices. So, a second mode was brought to market called Network Policy Mode (also known as unmanaged mode – since the service device is not being managed by the APIC). In this mode ACI is still automating the network for you until the traffic gets to the service device like the ADC.
Using NetScaler MAS in Cisco ACI’s Service Manager Mode
The Service Manager Mode, also known as the hybrid mode, is the third model of managing your service devices. Hybrid mode enables L4-L7 service devices to be jointly managed through Cisco APIC and a service device controller like the NetScaler Management and Analytics System. It enables L2-L3 network configuration of service devices through APIC. With hybrid mode, more nuanced L4-L7 feature configuration can be done through a specialized service device controller. Hybrid mode requires a simple device package. The key difference here between Service Policy Mode and Service Manager Mode is the function of device package with the service device controller, NetScaler MAS in this case.
Service Manager Mode allows the device package developer to customize and manage a subset of L4-L7 features through the APIC. To keep things simple, the APIC has a version of a device package that enables it to communicate with the service device controller, and there can be many different flavors. The configuration command comes from the APIC to the service device controller and then it is pushed down to the service device with the full configuration. This allows simplicity on the device package side and management through the APIC while keeping the full native functions and customizable parameters available for the 3rd party vendors like Citrix. Hybrid mode enhances security devices like firewalls, IPS, IDS etc., management through the APIC. It allows the security administrator to manage security policies through a dedicated security controller, while configuring the network parameters and associating security policies to a network through APIC.
Service Manager Mode is available in ACI version 1.3
Cisco introduced support for Service Manager Mode in version 1.3 (2f) of ACI. In Service Manager Mode, you perform network automation through the APIC while delegating the L4-L7 configuration to the service device controller, in this case NetScaler Management and Analytics System (MAS), which acts as a Device Manager in the APIC.
The NetScaler Service Manager Mode solution is supported by a hybrid mode device package and NetScaler MAS. For it to work you need to upload the hybrid mode device package in the APIC. This package provides all network L2-L3 configurable entities from NetScaler.
Application parity is mapped by a StyleBook from NetScaler MAS to the APIC. In other words, a StyleBook acts as reference between L2-L3 and L4-L7 configurations for a given application. The admin must provide a StyleBook name while configuring the network entities from the APIC for NetScaler.
The one thing that is common in all hybrid Modes is that the network portion is still fully automated through the APIC. In other words, don’t worry about L2-L3, but the ADC is configuring L4-L7 directly and providing its full feature set without the need for a device package or translation of commands.
Diagram: Service Manager Mode (ACI with MAS)
Workflow for Service Manager Mode
Instead of NetScaler and its management platform being housed within the ACI fabric, the new SDN approach will simply have two controllers: the Cisco APIC and the NetScaler Management and Analytics System (MAS). The APIC will be responsible for policies related to the Data Link and Network layers of the OSI model. The MAS will then be responsible for the Transport, Session, Presentation, and Application layers.
In Hybrid Mode, the NetScaler configuration is performed in the following two phases:
- Network stitching is done from the Cisco APIC
- Configuration is done from the NetScaler MAS
For any given application, a network administrator has to provide network specific details, such as IP addresses, port, VLAN (automated) and so on, as part of the service graph creation and deployment in the Cisco APIC. These configuration details are then pushed to NetScaler MAS through the device package, and NetScaler MAS internally processes them and configures the NetScaler ADC. An application administrator creates the application’s ADC related configuration by using StyleBook in NetScaler MAS, and these configurations are then pushed from NetScaler MAS to the NetScaler ADC. The Cisco APIC and NetScaler MAS communicate with the ADC through the management network.
Diagram: NetScaler workflow in the hybrid solution
Benefits to deploying in Service Manager Mode
The Service Manager Mode device package is a lightweight package compared to a fully managed mode. Only L2-L3 network parameters are delivered through the Device Model. The Device Model has only one generic ADC function defined in it, and four function profiles based on the NetScaler deployment in the fabric. Service Manager Mode helps segregate the work of application deployment between the network and application teams. Network teams calibrate the APIC policy template. The application development team then receives those requirements and finishes the complete policy in the Citrix NetScaler MAS.
What customers can look forward to
Customer can look forward to ease of use, full features, quicker configuration, and better application performance. As the industry moves closer towards the software defined data center, integrations like this are going to become necessary. The evolution of information technology has been a journey of simplification and consolidation. Today that means virtualization, and if a virtualized data center means we are left using fifteen different administration applications just to manage our network, we are sure to fall short of the convenience promised by a SDDC.
For more information the Citrix NetScaler and Cisco ACI solution see, the Citrix and Cisco Partnership page.