ACI and Virtual Machine Manager Integration, what makes it work?

Summary

One of our major airline customers needed to evaluate how Cisco ACI and VMware vCenter could potentially operate together utilizing Virtual Machine Manager (or VMM) integration. Was it possible to have Cisco ACI and VMware vCenter operate more cohesively in production? This really was the question. This customer had dueling teams (network team and compute/vmware team with traditional responsibilities) that were very curious how integration between their two "spheres of influence" could actually work in harmony.

The GOOD NEWS is that whatever side of the fence you sit on (Network or Compute or Both), we showed our customer that Cisco ACI and VMware vCenter could absolutely be integrated together into a workflow that they could use in a production IT infrastructure environment. This was accomplished by using the Cisco ACI vCenter Plug-in.

Disclaimer: As of a 9-9-2019 document on VMware's knowledge base website they state "Any API level integration implemented outside of a certified partner program is a customer's responsibility and is not supported by VMware. Cisco ACI VMM/AVE leverages the vSphere APIs but was developed outside of any formal partner program and therefore is not supported by VMware."

Additionally, this ATC Insight from World Wide Technology does not endorse or recommend the use of this integration. Although, we expose the fact (via the ATC Insight) that even today many customers are still asking us to show them how it works.

ATC Insight

How could we help our customer (airline company) truly evaluate this integration between Cisco ACI and VMware vCenter using Virtual Machine Manager (VMM)?

Our Proof of Concept (or POC) focused on showing both groups (Network team and Compute/VMware team) the integration between Cisco ACI and VMware vCenter. We did this effectively by mimicking how BOTH teams would interact with this specific use case.

For the sake of time in this specific ATC Insight, we re-created this specific use case that we demonstrated to our customer, and put a video together so you can follow along. See below for the details.

Actors in the Video

John Thompson (goes by JT) who is an WWT ATC Lab Manager and full stack architect by trade works in the Advanced Technology Center on WWT's Tech Campus. He played the part of a VMware Admin.

Tom Davis, who was a veteran of WWT and has extensive network stack architect knowledge as an network architect played the part of a Network Admin.

What do they Cover?

In the video, both of these gentlemen do a great job of playing off each other to really articulate the realities of managing configuration and operation from a Network admin perspective and Compute/VMware perspective.
They give REAL examples of what admins on both sides should know about Cisco ACI and VMware in order be successful in an operational workflow.
They walk through ACTUAL configuration in the Cisco ACI APIC as well as VMware vSphere and demonstrate a REAL use case that our customers ask us for in Proof of Concepts around expansion of an ESXi environment already in production.
What Compute/VMware admins need to know about Cisco ACI to be effective in an ACI and VMM integration workflow
What Network engineers or Network admins need to know about VMware to be effective in an ACI and VMM integration workflow
What is built already in demo environment (pre-built configs)
Specific Use Case: Server team needs to expand their ESXi environment and requests the Network Admin to perform the networking related task
Physical HLD of Demo Lab Environment
Logical LLD of Demo Lab Environment
Live ACI/APIC Login
vCenter Login and review
APIC steps add server to ACI
Add new ESX Host to vCenter and connect to VDS
Add ACI Plugin into VMware/vCenter
Use the new ACI Plugin from vCenter to create new Bridge Domain and EPG
Modify vNIC settings on VM to validate the additions made with the ACI Plugin
Create Contracts in EPG's to allow ping tests, then confirm from the VM's
Review the changes made via the HLD and Object LLD for this demo use case now that it is completed
Summary review at high level for ACI workflow and vCenter workflow
Review the same steps made with the VMWare but using only the Cisco APIC GUI
Observation made when using the Cisco ACI Plugin when using vSphere Web Client to build a bridge domain and scope to Private VRF

Test Plan

What are some things that VMware admins need to know about ACI that can help them with the ACI and VMM integration workflow?

End Point Group's (EPG's) = Port Groups (when doing VMM integration)
- VLAN ID assigned = existing VLAN/Subnets
Servers Connect to ACI Leafs only
- Pre-Configured ACI Leaf Ports
Ensure you are adding the host to the vCenter instance that is already physically integrated with ACI
- This applies when you have multiple vCenter instances.

What are some of the things that Network Engineers need to know about VMware that can help with the ACI and VMM integration workflow?

Virtual Networking
- vNIC = Port Groups = EPG
- DvS
- vCenter

Technology

VMWare

vCenter Instances
ESX Hosts
Distributed Virtual Switches (DvS)

Cisco

ACI (Application Centric Infrastructure)
APIC (Application Policy Infrastructure Controller
ACI Spine and Leaf Nodes (Nexus 9k's in ACI Mode)

Figures

Below HLD referenced at 13:00 in the Video

**High Level Diagram of Lab Demo Environment in the ATC BEFORE use case execution**

Below HLD referenced at 34:32 in the Video

**High Level Diagram of Lab Demo Environment in the ATC AFTER use case execution**

Below Object LLD referenced at 13:32 in the Video

**Low Level Diagram of Logical Object depiction of connectivity in the ATC BEFORE use case execution**

Below Object LLD referenced at 35:03 in the Video

**Low Level Diagram of Logical Object depiction of connectivity in the ATC AFTER use case execution**

Observation of Bridge Domain Build using vSphere and the Cisco ACI vCenter Plug-In Referenced at 38:20 of Video

**Depiction of Bridge Domain in Cisco APIC UI showing Private VRF mapping default when creating from vSphere via Cisco APIC vCenter Plug-in**

Video

Timestamps

03:42 -What Compute/VMware admins need to know about Cisco ACI to be effective in an ACI and VMM integration workflow

08:57 -What Network engineers or Network admins need to know about VMware to be effective in an ACI and VMM integration workflow

11:12 -What is built already in demo environment (pre-built configs)

12:00 -Specific Use Case: Server team needs to expand their ESXi environment and requests the Network Admin to perform the networking related task

13:00 -Physical HLD of Demo Lab Environment

13:32 -Logical LLD of Demo Lab Environment

15:44 -Live ACI/APIC Login performed by Network Admin Tom Davis

19:21 -vCenter Login and review performed by VMware Admin JT

23:50 -APIC steps add server to ACI performed by Network Admin Tom Davis

25:23 -Add new ESX Host to vCenter and connect to VDS performed by VMware Admin JT

29:30 -Add VMWare ACI Plugin into VMware/vCenter performed by Network Admin Tom Davis

29:52 -Use the new ACI Plugin from vCenter to create new Bridge Domain and EPG performed by Network Admin Tom Davis

31:45 -Modify vNIC settings on VM to validate the additions made with the ACI Plugin performed by VMware Admin JT

33:30 -Create Contracts in EPG's to allow ping tests, then confirm from the VM's performed by Network Admin Tom Davis

34:30 -Review the changes made via the HLD and Object LLD for this demo use case now that it is completed

35:55 -Summary review at high level for ACI workflow and vCenter workflow

37:58 -Review the same steps made with the VMware Plugin but using only the Cisco APIC GUI performed by Network Admin Tom Davis

38:20 -Observation made when using the Cisco ACI Plugin when using vSphere Web Client to build a bridge domain and scope to Private VRF performed by Network Admin Tom Davis