Overview

About the Cisco Application Policy Infrastructure Controller Enterprise Module

The Cisco Application Policy Infrastructure Controller - Enterprise Module (APIC-EM) is Cisco's SDN Controller for Enterprise Networks (Access, Campus, WAN and Wireless).

The platform hosts multiple applications (SDN apps) that use open northbound REST APIs that drive core network automation solutions. The platform also supports a number of south-bound protocols that enable it to communicate with the breadth of network devices that customers already have in place, and extend SDN benefits to both greenfield and brownfield environments.

The Cisco APIC-EM platform supports both wired and wireless enterprise networks across the Campus, Branch and WAN infrastructures. It offers the following benefits:

  • Creates an intelligent, open, programmable network with open APIs

  • Saves time, resources, and costs through advanced automation

  • Transforms business intent policies into a dynamic network configuration

  • Provides a single point for network wide automation and control

The following table describes the features and benefits of the Cisco APIC-EM.

Table 1  Cisco APIC Enterprise Module Features and Benefits

Feature

Description

Network Information Database (NIDB)

The Cisco APIC-EM periodically scans the network to create a “single source of truth” for IT. This inventory includes all network devices, along with an abstraction for the entire enterprise network.

Network topology visualization

The Cisco APIC-EM automatically discovers and maps network devices to a physical topology with detailed device-level data. You can use this interactive feature to troubleshoot your network.

EasyQoS

The EasyQoS feature enables you to configure quality of service on the devices in your network that have been discovered by the Cisco APIC-EM.

Using EasyQoS, you can group devices and then define the business relevance of applications that are used in your network. The Cisco APIC-EM takes your QoS selections, translates them into the proper command line interface (CLI) commands, and deploys them onto the selected devices.

Cisco Network Plug and Play application

The Cisco Network Plug and Play solution is a converged solution that extends across Cisco's enterprise portfolio. It provides a highly secure, scalable, seamless, and unified zero-touch deployment experience for customers across Cisco routers, switches and wireless access points.

Cisco Intelligent WAN (IWAN) application

The separately licensed IWAN application for APIC-EM simplifies the provisioning of IWAN network profiles with simple business policies. The IWAN application defines business-level preferences by application or groups of applications in terms of the preferred path for hybrid WAN links. Doing so improves the application experience over any connection and saves telecom costs by leveraging cheaper WAN links.

Public Key Infrastructure (PKI) server

The Cisco APIC-EM provides an integrated PKI service that acts as Certificate Authority (CA) to automate X.509 SSL certificate lifecycle management. Applications, such as IWAN and PnP, use the capabilities of the imbedded PKI service for automatic SSL certificate management.

Path Trace application

The path trace application helps to solve network problems by automating the inspection and interrogation of the flow taken by a business application in the network.

High Availability (HA)

HA is provided in N+ 1 redundancy mode with full data persistence for HA and Scale. All the nodes work in Active-Active mode for optimal performance and load sharing.

Back Up and Restore

The Cisco APIC-EM supports complete back up and restore of the entire database from the controller GUI.

Audit Logs (IWAN)

The Cisco APIC-EM provides a direct link to the IWAN Audit Logs, which allows you to view Cisco APIC-EM- and IWAN-related log entries.

Primary Components

The following are the primary components required for a Cisco APIC-EM deployment:

  • The Cisco APIC-EM software provided as an ISO image downloaded from the Cisco website
  • Supported Cisco routing and switching platforms

The Cisco APIC-EM ISO image consists of the following components:
  • Ubuntu 14.04 LTS 64-bit

  • Open-VM-Tools

  • Cisco APIC-EM services

  • Grapevine Elastic Services Platform, consisting of a Grapevine root and client template


Note


Open-VM-Tools is only installed if the ISO image is installed within a virtual machine running on vSphere. The tools will not be installed if the ISO image is installed on a bare-metal or on a hypervisor from another vendor.


For this release, you can deploy and run the Cisco APIC-EM on the following:

  • Server (bare-metal hardware)—This is the recommended platform. The Cisco APIC-EM ISO image is installed directly on a server (bare-metal hardware) rather than within a host operating system (OS).


    Note


    Cisco also offers physical appliances that can be purchased with the Cisco APIC-EM ISO image pre-installed and tested.


  • Virtual machine—Cisco APIC-EM ISO image is installed within a virtual machine within a VMware vSphere environment.

The Cisco APIC-EM makes use of the Ubuntu operating system environment and Linux containers (LXC). The Grapevine root runs within the host's operating system. The Grapevine clients run in LXCs within the host. The Cisco APIC-EM services that run on the Grapevine Elastic Services Platform provide the controller with its core functionality. See Chapter 3, Cisco APIC-EM Services for additional information about the services.

IP Connectivity

The Cisco APIC-EM communicates with its supported platforms using the following protocols:

  • SNMPv2c or SNMPv3

  • Telnet or SSH


Note


Currently, the Cisco APIC-EM supports IPv4 only. IPv6 support is planned for a future release.


System Requirements

System Requirements—Server (Bare-Metal hardware)

The following table lists the minimum system requirements for a successful Cisco APIC-EM server (bare-metal hardware) installation. Review the minimum system requirements for a server installation. The minimum system requirements for each server in a multi-host deployment are the same as in a single host deployment, except that the multi-host deployment requires two or three servers and less memory for each individual server. Three servers are required for high availability and redundancy. All three servers must reside in the same subnet.


Caution


You must dedicate the entire server for the Cisco APIC-EM. You cannot use the server for any other software programs, packages, or data. During the Cisco APIC-EM installation, any other software programs, packages or data on the server will be deleted.


Table 2  Minimum System Requirements—Server

Server Option

Image Format

Bare metal/ISO

Hardware Specifications

CPU (cores)

6 (minimum)

Note   

6 CPUs is the minimum number required for your server. For better performance, we recommend using 12 CPUs.

Memory

64 GB

Note   

For a multi-host hardware deployment (2 or 3 hosts) only 32 GB of RAM is required for each host.

Disk Capacity

500 GB of available/usable storage after hardware RAID

RAID Level

Hardware-based RAID at RAID Level 10

CPU Speed

2.4 GHz

Disk I/O Speed

200 MBps

Network Adapter

1

Networking

Web Access

Required

Browser

The following browsers are supported when viewing and working with the Cisco APIC-EM:

  • Google Chrome, version 50.0 or later

  • Mozilla Firefox, version 46.0 or later

System Requirements—Virtual Machine

The following table lists the minimum system requirements for a successful Cisco APIC-EM VMware vSphere installation.

In addition to the minimum system requirements listed below, we recommend that you also configure specific resource pools for the virtual machine(s). For information about these additional recommended configurations, see Appendix B, Preparing Virtual Machines for Cisco APIC-EM.


Note


You must configure at a minimum 64 GB RAM for the virtual machine that contains the Cisco APIC-EM when a single host is being deployed. The single host server that contains the virtual machine must have this much RAM physically available. For a multi-host deployment (2 or 3 hosts), only 32 GB of RAM is required for each of the virtual machines that contains the Cisco APIC-EM. Three servers are required for high availability and redundancy. All three servers must reside in the same subnet.


Table 3 Minimum System Requirements—Virtual Machine

Virtual Machine

VMware ESXi Version

5.1/5.5/6.0

Image Format

ISO

Virtual CPU (vCPU)

6 (minimum)

Note   

6 vCPUs is the minimum number required for your virtual machine configuration. For better performance, we recommend using 12 vCPUs.

Datastores

We recommend that you do not share a datastore with any defined virtual machines that are not part of the designated Cisco APIC-EM cluster.

If the datastore is shared, then disk I/O access contention may occur and cause a significant reduction of disk bandwidth throughput and a significant increase of I/O latency to the cluster.

Hardware Specifications

Memory

64 GB

Note   

For a multi-host deployment (2 or 3 hosts) only 32 GB of RAM is required for each host.

Disk Capacity

500 GB

CPU Speed

2.4 GHz

Disk I/O Speed

200 MBps

Network Adapter

1

Networking

Web Access

Required

Browser

The following browsers are supported when viewing and working with the Cisco APIC-EM:

  • Google Chrome, version 50.0 or later

  • Mozilla Firefox, version 46.0 or later

Network Timing

To avoid conflicting time settings, we recommend that you disable the time synchronization between the guest VM running the Cisco APIC-EM and the ESXi host. Instead, configure the timing of the guest VM to a NTP server.

Important:

Ensure that the time settings on the ESXi host are also synchronized to the NTP server. This is especially important when upgrading the Cisco APIC-EM. Failure to ensure synchronization will cause the upgrade to fail.

Related Concepts
Preparing a VMware System for Cisco APIC-EM Deployment
Virtual Machine Configuration Recommendations
Related Tasks
Configuring Resource Pools Using vSphere Web Client
Configuring a Virtual Machine Using vSphere Web Client

Supported Cisco Platforms and Software Releases

For information about the supported Cisco platforms and software releases:

  • See the Supported Platforms for the Cisco Application Policy Infrastructure Controller Enterprise Module, Release 1.2.0.x for the list of supported platforms and software releases for the base controller applications (Discovery, Inventory, Topology,EasyQoS and Path Trace).

  • See the Release Notes for Cisco IWAN on APIC-EM for the list of supported platforms and software releases for the IWAN application.

  • See the Release Notes for Cisco Network Plug and Play for the list of supported platforms and software releases for the Cisco Network Plug and Play application.

Supported Northbound REST APIs

The Cisco APIC-EM provides northbound REST APIs that you can use to that you can use to issue requests to the controller and exchange data with the controller in a platform-agnostic way. For detailed information about supported northbound REST APIs, see the internal, interactive documentation located within the GUI itself. Click the API button at the top right of the GUI to view this documentation.