The “new normal” for cloud services today means supporting everything from dynamic web 2.0 applications to bare metal workloads and 24×7 availability while meeting rising expectations to deploy, scale, and recover faster than ever. OpenStack has played a critical role in bringing cloud computing across compute, storage, and networking resources. But it still requires a lengthy, complex process to translate application requirements in to fully configured infrastructure resources.
For many infrastructures, once application and security teams define high-level application policies, they must then write and test countless lines of device-specific configuration scripts. These scripts translate those policies into detailed infrastructure design – all before automated provisioning can start. Cisco proposes a simpler, policy-driven approach using Group-Based Policy (GBP) and Application Centric Infrastructure (ACI).
In this video and white paper, Cisco highlights GBP abstractions for OpenStack, an intent-driven, declarative policy model that offers simplified application-oriented interfaces for users. The video provides a quick highlight of GBP within an application-centric infrastructure while the white paper takes a closer look at how the framework is designed to offer a new set of API extensions to more easily manage OpenStack infrastructure.
GBP uses a simple, abstract API to capture user/application intent. This is then directly translated by ACI to infrastructure topology using the same declarative policy model. The policy model is based on the following concepts:
- Groups: GBP introduces the concept of a group that represents a collection of network endpoints with the same rules and properties for communication with other groups. Every host, storage, or client in the same group must be treated the same way, meaning they follow the same policy.
- Reusable policy rule sets: Reusable rule sets describe secure connectivity between groups. Rule sets may imply switching or routing behaviors, but they offer a simple way to describe how sets of machines can communicate in non-networking terms.
- Policy layering: Policies may be layered based on different roles in an organization. Policies can coexist and be described using nested primitives.
- Network services: The GBP model supports a redirect operation that allows application developers to specify requirements for a combination of groups rather than through switching or routing configuration.
Why are these characteristics important? Because a top to bottom policy model helps to drastically reduce the time taken to implement application requirements in the infrastructure as well as enforce policies even as they change.