At World Wide Technology we have a number of training and demonstration fabrics in our Advanced Technology Center to educate our customers and help them deploy ACI in their data centers. We are working on a project called, ACI xStart, which demonstrates the capabilities of ACI outside the network infrastructure teams. Recently I posted a video which uses Ansible to automate deploying a virtual machine from a template, configuring an F5 load balancer and installing and initiating an application in a Docker container.
Our goal in developing these automation solutions is maximize the value of automation while minimizing the effort. While we can configure the tenant for this application from Jinja templates of the underlying XML files, it can be time consuming. Why not create a library of common tenant configuration templates and clone the tenant in the same manner a virtual machine is cloned from a template? Once the tenant is cloned, we can automate additions or deletions from the template configuration.
This demonstration also illustrates how the security operations and network operations can collaborate, yet maintain a separation of responsibilities. We show how the workflow can move from the requester, to security operations to network operations and use Git for version control of the policy applied to the tenant template. This workflow is illustrated below and demonstrated in the video.
We have simplified the deployment of ACI tenant configurations to satisfy end-user requests, while both collaborating and separating the responsibilities between network and security operations. The Ansible playbook and configuration files are available on GitHub and the video demonstration is on youtube.