xy - Fotolia
County government redesigns data center around Cisco ACI fabric
Durham County, N.C., had a traditional data center. But it also had forward-thinking employees looking at Cisco ACI fabric to lay the groundwork for tech innovation.
Durham County, N.C., shares a technology hub with the likes of Duke University and Research Triangle Park, so it is little wonder its network administrators strive to be technologically strategic, as well. The county's latest move: a redesigned data center -- slated to go into full production in the summer of 2017 -- based on Cisco ACI fabric.
Joel Bonestell, network services manager for Durham County, said officials began contemplating new data center designs around 2015, when he worked as an IT manager at the sheriff's office. At that time, the county was using a Cisco Catalyst 6509 switch for its core, with Nexus 2000 and 5000 fabric extender switches. Most of the designs floating around for the new data center stuck with a traditional model, he said.
In August 2015, Bonestell hired Seth Price as senior network engineer for the county. Price, a network engineer for more than 20 years, was familiar with Cisco products and had been keeping track of software-defined networking (SDN) and its developments over the years. So, when he and Bonestell began discussing the vision for Durham County's new data center, Price presented a software-defined alternative.
"Seth is a forward-thinking person," Bonestell said. "One day, he came to my office and said, 'Hey, we need to talk about Cisco ACI.'"
So, they talked. Cisco Application Centric Infrastructure (ACI) is the vendor's version of SDN. In contrast to other approaches that rely primarily on software, Cisco ACI is grounded in the vendor's Nexus 9000 series switches, managed by Application Policy Infrastructure Controllers (APICs). Among other things, Cisco ACI automates data center services and policies, which, Bonestell said, allows engineers to spend less time managing the data center network and focus on other areas. Cisco said more than 2,700 companies have migrated to Cisco ACI since its introduction in 2013.
During their discussions, Price said there were some key factors in their decision: They wanted the best brand for the equipment and a good vendor support system.
"We wanted to build a solution where, not only would we have good hardware and good software-defined controllers, but we would also have good support from the vendor," Price said.
After investigating options that included Cisco alternatives, Bonestell and Price took a closer look at ACI. The Cisco 9000 series, they said, far from being too expensive, offered a powerful foundation with a good price point per port, especially for the scale needed as a governmental entity. In fact, Price said going with Cisco ACI was about the same cost, if not cheaper, than staying with a traditional data center design.
Bonestell and Price talked with upper management, presenting data that showed potential benefits of a data center using Cisco ACI fabric. They talked with Cisco reps, asking detailed questions to get the data center design they wanted and needed. Over a six-month period, they went through quotes, meetings, discussions and drawings until they found the right design to put into production.
Plans for the new design
According to Bonestell, the new network supports the county's strategic plan to provide its approximately 280,000 residents with new web-based services and applications. It's also expected to pay other dividends, among them improved data security, faster disaster recovery and more robust application development.
Third-party services, such as the Palo Alto firewalls and F5 load balancers the county now uses, will be integrated with the Cisco ACI fabric, incorporating rules within the policies created. Network monitoring will be handled by features within the APIC that keep tabs on network health, in combination with the SolarWinds monitoring infrastructure now in place, Price said.
"From my perspective -- as a management perspective -- we're going to be able to spend a lot less time maintaining this data center network," Bonestell said. "We have a greater visibility into its health. We're going to be able to give our platform team templates and policies to where, if they need to, they can publish their own [service] and create a more efficient way of doing business. It's going to be a game changer for our entire department."
Seth Pricesenior network engineer, Durham County, N.C.
This automation, according to Price, will help create a DevOps framework, taking teams out of silos and breaking down the lines between departments.
A key element of the county's new infrastructure is a 40 Gb Dark fiber ring, which will run to various services buildings housing Durham County's public health and social services divisions. Through this loop, the Cisco ACI fabric will extend to a new library, a judicial building that will house Durham County's security operations center -- encompassing 600 to 700 video surveillance feeds funneling through it -- and to a disaster recovery location.
"We, as an organization, are really taking ACI to limits that I don't think anyone else out there is," Price said. "We are integrating all our of wide area network to ACI."
Migrating to Cisco ACI fabric
Price said it wasn't possible for the county to simply tear down its current data center and rebuild. Instead, officials are building the Cisco ACI fabric parallel to the current data center infrastructure and slowly migrating services to the new foundation. About a third of the county's services have currently been moved to the Cisco ACI fabric, with full migration expected to be complete by June 2017. A parallel project calls for the implementation of a Cisco Unified Computing System, which will also be meshed within the ACI fabric.
Price said the change in concepts SDN brings with it is a big challenge. But he stuck with it and eventually saw the benefits the technology could bring.
"I think one thing that kind of scares people about software-defined networking, in general, is it feels like a bit of control is being taken away from you," Price said. "You know, we've done the same thing for so long, [and] network engineers don't like a lot of change. We have a certain terminology and a certain way of programming that we do things, and the change in concept -- the change in terminology -- takes a little time. It takes some personal investment. So, that's been a challenge. But, in reality, it simplifies things. It makes things more efficient and opens the opportunities for more innovation."