Overview

About the Cisco Application Policy Infrastructure Controller Enterprise Module (APIC-EM)

The Cisco Application Policy Infrastructure Controller - Enterprise Module (APIC-EM) is Cisco's Software Defined Networking (SDN) Controller for Enterprise Networks (Access, Campus, WAN and Wireless).

The platform hosts multiple applications (SDN apps) that use open northbound REST APIs that drive core network automation solutions. The platform also supports a number of south-bound protocols that enable it to communicate with the breadth of network devices that customers already have in place, and extend SDN benefits to both greenfield and brownfield environments.

The Cisco APIC-EM platform supports both wired and wireless enterprise networks across the Campus, Branch and WAN infrastructures. It offers the following benefits:

  • Creates an intelligent, open, programmable network with open APIs

  • Saves time, resources, and costs through advanced automation

  • Transforms business intent policies into a dynamic network configuration

  • Provides a single point for network wide automation and control

The following table describes the features and benefits of the Cisco APIC-EM.

Table 1. Cisco APIC Enterprise Module Features and Benefits

Feature

Description

Network Information Database

The Cisco APIC-EM periodically scans the network to create a “single source of truth” for IT. This inventory includes all network devices, along with an abstraction for the entire enterprise network.

Network topology visualization

The Cisco APIC-EM automatically discovers and maps network devices to a physical topology with detailed device-level data. The topology of devices and links can also be presented on a geographical map. You can use this interactive feature to troubleshoot your network.

EasyQoS application

The EasyQoS application abstracts away the complexity of deploying Quality of Service across a heterogeneous network. It presents users with a workflow that allows them to think of QoS in terms of business intent policies that are then translated by Cisco APIC-EM into a device centric configuration.

Cisco Network Plug and Play (PnP) application

The Cisco Network PnP solution extends across Cisco's enterprise portfolio. It provides a highly secure, scalable, seamless, and unified zero-touch deployment experience for customers across Cisco routers, switches and wireless access points.

Note 

This application is not bundled with the Cisco APIC-EM controller for this release. You need to download, install, and enable this application to use it. For information about these procedures, see the Cisco Application Infrastructure Controller Enterprise Module Upgrade Guide.

Cisco Intelligent WAN (IWAN) application

The separately licensed IWAN application for APIC-EM simplifies the provisioning of IWAN network profiles with simple business policies. The IWAN application defines business-level preferences by application or groups of applications in terms of the preferred path for hybrid WAN links. Doing so improves the application experience over any connection and saves telecom costs by leveraging cheaper WAN links.

Note 

This application is not bundled with the Cisco APIC-EM controller for this release. You need to download, install, and enable this application to use it. For information about these procedures, see the Cisco Application Infrastructure Controller Enterprise Module Upgrade Guide.

Cisco Active Advisor application

The Cisco Active Advisor application for APIC-EM offers personalized life cycle management for your network devices by keeping you up-to-date on:

  • End-of-life milestones for hardware and software

  • Product advisories, including Product Security Incident Response Team (PSIRT) bulletins and field notices

  • Warranty and service contract status

Note 

This application is not bundled with the Cisco APIC-EM controller for this release. You need to download, install, and enable this application to use it. For information about these procedures, see the Cisco Application Infrastructure Controller Enterprise Module Upgrade Guide.

Cisco Integrity Verification application

The Cisco Integrity Verification (IV) application provides automated and continuous monitoring of network devices, noting any unexpected or invalid results that may indicate compromise. The objective of the Cisco IV application is early detection of the compromise, so as to reduce its impact. The Cisco IV application operates within the Cisco Application Policy Infrastructure Controller Enterprise Module (APIC-EM) as a beta version for this release.

Note 

This application is not bundled with the Cisco APIC-EM controller for this release. You need to download, install, and enable this application to use it. For information about these procedures, see the Cisco Application Infrastructure Controller Enterprise Module Upgrade Guide.

Cisco Remote Troubleshooter application

The Cisco Remote Troubleshooter application uses the Cisco IronPort infrastructure to create a tunnel that enables a support engineer to connect to an APIC-EM cluster and troubleshoot issues with your system. The app uses outbound SSH to create a secure connection to the cluster through this tunnel.

As an administrator, you can use the Remote Troubleshooter application to control when a support engineer has access to a particular cluster and for how long (since a support engineer cannot establish a secure tunnel on their own). You will receive indication that a support engineer establishes a remote access session, and you can end a session at any time by disabling the tunnel they are using.

Public Key Infrastructure (PKI) server

The Cisco APIC-EM provides an integrated PKI service that acts as Certificate Authority (CA) or sub-CA to automate X.509 SSL certificate lifecycle management. Applications, such as IWAN and PnP, use the capabilities of the embedded PKI service for automatic SSL certificate management.

Path Trace application

The path trace application helps to solve network problems by automating the inspection and interrogation of the flow taken by a business application in the network.

High Availability (HA)

HA is provided in N+ 1 redundancy mode with full data persistence for HA and Scale. All the nodes work in Active-Active mode for optimal performance and load sharing.

Back Up and Restore

The Cisco APIC-EM supports complete back up and restore of the entire database from the controller GUI.

Audit Logs

The audit log captures user and network activity for the Cisco APIC-EM applications.

Logging into the Cisco APIC-EM

You access the Cisco APIC-EM GUI by entering its network IP address in your browser. The IP address was configured for the Cisco APIC-EM network adapter during the initial setup using the configuration wizard. This IP address connects to the external network.

Procedure


Step 1

In your browser address bar, enter the IP address of the Cisco APIC-EM in the following format:

https://IP address

Step 2

On the launch page, enter your username and password that you configured during the deployment procedure.

The Home page of the APIC-EM controller appears. The Home page consists of the following three tabs:

  • DASHBOARD

  • SYSTEM HEALTH

  • SYSTEM INFO

Figure 1. SYSTEM INFO Tab

What to do next

Click on each tab and review the data provided in the GUI.

Cisco APIC-EM GUI

First GUI Window

When you log into the Cisco APIC-EM, the GUI appears. See the following tables for descriptions of the GUI elements.

Table 2. Cisco APIC-EM GUI Elements

Name

Description

Navigation pane

At the left side of the window, the Navigation pane provides access to the Cisco APIC-EM functions and additional applications, such as EasyQoS, Path Trace, IWAN, and Network Plug and Play.

Global toolbar

At the top of the window, the Global toolbar provides access to tools, such as API documentation, settings, and notifications. For a full explanation of the icons on the Global toolbar, see the Global Toolbar Options table below.

Application or Function Pane

In the main window area, the application or function pane displays the interface of the application or function. When you click an option in the Navigation pane or from the Global toolbar, the corresponding application or function opens in this pane.

I wish this page would... feedback link

At the bottom of the window, the I wish this page would... feedback link opens a preaddressed email in your email application, where you can provide input about your experience using the Cisco APIC-EM and suggestions for improvements.

Navigation Pane Options

The Navigation pane provides options to access the major Cisco APIC-EM features and applications.

Table 3. Navigation Pane Options

Icon

Name

Description

Hide/Unhide Navigation

Allows you to hide and unhide the Navigation pane.

Home

Provides information about the APIC-EM, such as its network status, system health, and system information.

Discovery

Allows you to configure discovery options for scanning the devices and hosts in your network.

Device Inventory

Provides access to the inventory database, where you can display, filter, and sort tabular information about the discovered devices in your network.

Host Inventory

Provides access to the inventory database, where you can display, filter, and sort tabular information about the discovered hosts in your network.

Topology

Presents the devices and links that the Cisco APIC-EM discovers as a physical topology map with detailed device-level data. The topology of devices and links can also be presented on a geographical map. You can use this interactive feature to troubleshoot your network.

IWAN

Simplifies the provisioning of IWAN network profiles with simple business policies. The IWAN application defines business-level preferences by application or groups of applications with preferred paths for hybrid WAN links. Doing so improves the application experience over any connection and saves telecommunication costs by leveraging cheaper WAN links.

EasyQoS

Enables you to configure quality of service on previously discovered Cisco network devices that support the EasyQoS feature. Using EasyQoS, you can group devices and then define the business relevance of applications that are used in your network. The Cisco APIC-EM takes your QoS selections, translates them into the proper command line interface (CLI) commands, and deploys them onto the selected devices.

Path Trace

Helps to solve network problems by automating the inspection and interrogation of the flow taken by a business application in the network.

Network Plug and Play

Provides a highly secure, scalable, seamless, and unified zero-touch deployment experience for customers across Cisco routers, switches and wireless access points.

Active Advisor

Provides information about devices in your Cisco APIC-EM inventory that have hardware End-of-Life warnings and vulnerabilities that have been identified by the Cisco Product Security Incident Response Team (PSIRT), Cisco Active Advisor provides Software End-of-Life, Field Notice, warranty, and service contract coverage information about those devices.

Integrity Verification

Provides automated and continuous monitoring of network device integrity measurements, noting any unexpected or invalid results that may indicate compromise. The objective of the IV application is early detection of a compromise to reduce its impact.

Remote Troubleshooter

Utilizes the Cisco IronPort infrastructure to create a tunnel that enables a support engineer to connect to an APIC-EM cluster and troubleshoot issues. The application uses outbound SSH to create a secure connection to the cluster through this tunnel.

Wide Area Bonjour

Provides controller functions in the network, as it enables discovery and distribution of policy-based Apple Bonjour services independent of network boundaries.

Global Toolbar Options

The Global toolbar provides access to API information, administrative functions, system notifications.

Table 4. Global Toolbar Options

Icon

Option

Description

API

Displays the automatically generated documentation for the northbound REST APIs.

System Notifications

Opens the System Notifications dialog box, which provides information about system notifications that have occurred.

The icons at the top provide a total of the number of notifications in each of the following categories:

  • Minor (yellow triangle icon)

  • Major (orange triangle icon)

  • Critical (red octagon icon)

If notifications have occurred, they are listed below the icons. For example, any notifications about software updates or security certificates updates appear in this window.

Click the Notification History link to open the Notifications window. This window provides information about the notification, such as its severtiy, source, timestamp, and status.

You can perform the following actions in this window:

  • Acknowledge a notification.

  • Filter notifications by status or security level.

  • Sort notifications by source, detail, description, timestamp, or status.

Administrative Functions

Opens a menu of options. From this menu, you can choose the following administrative options:

  • Settings—Allows you to configure controller settings, such user profiles, discovery credentials, network security settings, backup and restore, and other controller settings.

  • App Management—Allows you to individually upload and enable Cisco and third-party applications, backup and restore the controller data, and update the Cisco APIC-EM software.

  • System Administration—Allows you to manage and troubleshoot controller services.

    Important 

    Only advanced users should access the System Administration console to attempt to troubleshoot the controller services.

  • Audit Logs—Provides information to help you monitor policy creation and application.

  • About APIC-EM—Displays the installed Cisco APIC-EM software version.

You can perform the following user functions:

  • Change Password—Allows you to change your own password.

  • Sign Out—Logs you out of the Cisco APIC-EM.