Data center networking: extending constructs and policies to the clouds and beyond

No longer confined within the four walls of a data center, applications, data, tenant environments, and the networks that bring them together are increasingly distributed across multiple clouds and colocation sites.

Managing those domains separately—each with its own constructs, policies, and interfaces—is not only complex and inefficient, but also risky from a security standpoint.

To simplify and accelerate data center operations while protecting users and data, IT teams need the network equivalent of a universal remote control. One that works across disparate cloud, colocation, and on-prem environments, translating a single set of policies into the syntax of each domain into which the policies are extended.

Leading construction company Skanska deployed a Cisco ACI network in 2018, in part because of its ability to integrate with public cloud environments.  

“We wanted the same model for managing on-prem and cloud resources,” said Eric Nilsson, senior network engineer for Skanska.

Increasing visibility, agility, and speed

Using Cisco Nexus Dashboard and Cisco Cloud Network Controller (formerly Cloud ACI/APIC), the company was able to stretch its network and associated policies to Microsoft Azure. Skanska now has simplified network operations with policy consistency across multiple domains.

“We're using the Cisco Cloud Network Controller to extend the application policies and constructs we have on-prem into the cloud,” Nilsson explained. “And because the controller is directly integrated with Azure, we don’t have to use a separate GUI when configuring, deploying, and managing workloads in the cloud. It saves us a ton of time.”

It also provides more protection, with a zero-trust access model and microsegmentation that are automatically applied wherever the company places its workloads. Tenant environments, virtual routing and forwarding (VRF), border domains, and even endpoint groups containing databases, applications, and edge devices can all be segmented and isolated. And the company determines who can access each one.

With this type of universal control and translation, IT teams don’t have to learn a different syntax and operating model for every domain. They don’t have to recreate application and access policies and manage them in bespoke fashion. They can more easily move workloads between various environments. They can leverage APIs and third-party solutions to establish full infrastructure-as-code. And they can attain greater visibility, agility, and speed by orchestrating multiple domains through a single pane of glass.

To learn more about Skanska’s cloud-integrated network, read the full case study and testimonial.