SOLUTION BRIEF

FORTIADC CONNECTOR FOR CISCO ACIUnified Application Policy and Orchestration

Software-defined application delivery provides the agility and high availability needed in a workload-driven data center, so IT can respond quickly to changing business requirements. Evolving applications in the cloud now ask for on-demand and 13x9s always-on reliability, which is highly dependent on the infrastructure they are running on. By providing an orchestration, abstraction, and transparent infrastructure for application deployment, data-center operators can have the control and visibility to manage and address application delivery policies as new workloads are introduced. Existing data centers and private cloud environments generally have a mixture of physical and virtual appliances, which come from various appliance vendors. To avoid time-consuming policy control silos and manual hair-pinning rulesets, modern IT needs a new process to deploy and scale applications quickly.

Cisco Application Centric Infrastructure (ACI) offers the software-defined platform for Layer 4-7 service function automation and policy management framework. Data-center IT can use Cisco Application Policy Infrastructure Controller (APIC) as the enforcement point for application policies to configure application-specific network requirements. FortiADC Connector for Cisco ACI is an XML device package that serves as a plugin running on APIC directly. IT can configure the FortiADC without actually touching the physical or virtual appliance. By exposing L4 service functions of FortiADC, the joint solution offers a single point of efficient application delivery automation and management.

SOLUTIONS HIGHLIGHTS

nn Automates Layer 4 application service insertion, policy updates, and optimization within the ACI-enabled fabric with FortiADC

nn Seamlessly integrates topologies in FortiADC physical and virtual appliances

nn Reduces operating spending on provisioning application workflows through consistent policy-driven delivery

nn Supports Fortinet’s patented virtual domains across multiple tenants

2

SOLUTION BRIEF: FORTIADC CONNECTOR FOR CISCO ACI

FIGURE 1: FORTIADC ORCHESTRATION IN CISCO APIC

The joint solution helps transform the data center to adapt effectively with application-centric workloads and significantly improves application provisioning and agility. The architecture provides a common management framework for network, application, security, and virtualization teams, making IT more agile while reducing application deployment time.

In Cisco ACI, network segmentation and security policies are enforced consistently whenever a new application is deployed in the network. This joint solution supports Go-To (Transparent) and Go-Through modes.

Go-Through Mode (Layer 2)

Devices in Go-Through or Transparent mode are considered Layer 2 devices to affect traffic. These devices are not referred to by the packet’s destination MAC or IP address. In most cases, these devices will only have an address for the purposes of management.

Go-To Mode (Layer 3)

This support helps route traffic and references the destination in a packet’s destination MAC address or destination IP address.

Multitenant, Multidevice Support

• Multitenant and multidevice are typical in the use cases of FortiADC integration with Cisco ACI. When the FortiADC device is added, a tenant’s L4 services and multicontext aware can be enabled. This indicates to the device package that the L4 device is going to be a virtual device that shares resources with other tenants on the FortiADC. In FortiADC implementation, this virtual device is represented by a virtual domain (VDOM). Under each tenant, multiple virtual devices can be configured. A VDOM name is the virtual device ID that can be generated by APIC when a virtual device is added.

• From a Cisco ACI perspective, each tenant sees available interfaces and can share interfaces (ports) with other tenants if it is multicontext aware. For a physical appliance under L3 Routed (Go-To) mode, the tenant can share the physical interface as VLAN to isolate the physical interface.

Fortinet’s VDOMs provide a truly unique differentiation in the domain of multitenancy. Designed for efficient device usage and configuration management, VDOMs work extremely well with Cisco’s ACI Ecosystem.

3

SOLUTION BRIEF: FORTIADC CONNECTOR FOR CISCO ACI

FIGURE 2: L4-L7 SERVICE AUTOMATION

FIGURE 3: DEVICE PACKAGE ARCHITECTURE

IT administrators define service policies like high availability, virtual IP, and port forward for different applications in APIC and create service graphs to identify the set of network or service functions that are needed by the applications. When a security policy is triggered during an application deployment life cycle, Cisco APIC will force the packages to route through the Fortinet FortiADC for application delivery controls without manual configuration.

SOLUTION BRIEF: FORTIADC CONNECTOR FOR CISCO ACI

Copyright © 2017 Fortinet, Inc. All rights reserved. Fortinet®, FortiGate®, FortiCare® and FortiGuard®, and certain other marks are registered trademarks of Fortinet, Inc., and other Fortinet names herein may also be registered and/or common law trademarks of Fortinet. All other product or company names may be trademarks of their respective owners. Performance and other metrics contained herein were attained in internal lab tests under ideal conditions, and actual performance and other results may vary. Network variables, different network environments and other conditions may affect performance results. Nothing herein represents any binding commitment by Fortinet, and Fortinet disclaims all warranties, whether express or implied, except to the extent Fortinet enters a binding written contract, signed by Fortinet’s General Counsel, with a purchaser that expressly warrants that the identified product will perform according to certain expressly-identified performance metrics and, in such event, only the specific performance metrics expressly identified in such binding written contract shall be binding on Fortinet. For absolute clarity, any such warranty will be limited to performance in the same ideal conditions as in Fortinet’s internal lab tests. Fortinet disclaims in full any covenants, representations, and guarantees pursuant hereto, whether express or implied. Fortinet reserves the right to change, modify, transfer, or otherwise revise this publication without notice, and the most current version of the publication shall be applicable. Fortinet disclaims in full any covenants, representations, and guarantees pursuant hereto, whether express or implied. Fortinet reserves the right to change, modify, transfer, or otherwise revise this publication without notice, and the most current version of the publication shall be applicable.

GLOBAL HEADQUARTERSFortinet Inc.899 Kifer RoadSunnyvale, CA 94086United StatesTel: +1.408.235.7700www.fortinet.com/sales

EMEA SALES OFFICE905 rue Albert Einstein06560 ValbonneFranceTel: +33.4.8987.0500

APAC SALES OFFICE300 Beach Road 20-01The ConcourseSingapore 199555Tel: +65.6513.3730

LATIN AMERICA HEADQUARTERSSawgrass Lakes Center13450 W. Sunrise Blvd., Suite 430Sunrise, FL 33323Tel: +1.954.368.9990

August 7, 2017 3:53 PM

Macintosh HD:Users:mbunnell:Documents:Egnyte:Shared:CREATIVE SERVICES:Team:Michael-Bunnell:SB-FortiADC-Connector-Cisco-ACI:sb-fortiadc-connector-cisco-aci_080717_353pm

107352-0-0-EN

Cisco APIC integrates with Fortinet FortiADC appliances for the private cloud to simplify network security deployment. To connect the FortiADC appliance to the Cisco ACI fabric, the virtualization administrator simply needs to associate the predefined application policy with the virtual machine networks created by Cisco APIC. The Cisco ACI fabric is designed to provide overlay independence and can bridge frames to and from in the heterogeneous environments.

The physical or virtual FortiADC appliances integrate into the Cisco ACI policy and orchestration model for better application agility, automation, and lower total cost of ownership. The FortiADC XML device package can be downloaded from

https://support.fortinet.com/. For more information on FortiADC product features, please visit https://www.fortinet.com/products/

application-delivery-controllers/fortiadc.html. For more information on Cisco ACI, please visit http://www.cisco.com/go/aci.