Home SDNCisco Software-Defined Networking — Cisco APIC Enterprise Module

Automate network configuration and setup. Cisco APIC Enterprise Module (APIC-EM) is a central part of Cisco Digital Network Architecture and Cisco ACI. It delivers software-defined networking to the enterprise branch, campus, and WAN. Its simple user interface lets you automate policy-based application profiles. With this module, IT can respond rapidly to new business opportunities. Deploy network devices faster. Automate device deployment and provisioning across the enterprise. Enable developers to create new applications that use the network to fuel business growth. Increase productivity. Offer a great application experience. Real time network assurance helps ensure a consistent application experience. Service automation includes knowledge packs that are prepackaged within the system, providing users with validated topology designs. This helps reduce the load on the user, who otherwise would need to understand the nuances of service chaining.

Automate deployment and provisioning of physical and virtual network services on any platform. Cisco Enterprise Service Automation reduces IT operating expenses by simplifying and automating the processes involved in multi branch deployments. Cisco APIC Enterprise Module helps IT organizations automate and standardize IT processes across their networks to align with both company and Cisco best practices. Through its GUI, Cisco APIC Enterprise Module provides intuitive ways of designing cookie cutter profiles that enable IT to bring up multiple branches in no time. Cisco Enterprise Service Automation essentially reduces the operational expenses of an IT organization by rapidly automating the processes involved in branch provisioning and rolling out services. The Cisco Intelligent WAN (Cisco IWAN) is prescriptive of the Cisco Validated Design and provisioning of its core pillars for a large number of sites from a centralized location.

Cisco Digital Network Architecture

With Cisco APIC Enterprise Module build a digital-ready network that is simple, automated, intelligent, and secure. Navigate your digital journey with Cisco DNA. Deliver applications 17% faster and use network insights to drive better user experiences. Deter 99.2% of network breaches by using the network as both a sensor and an enforcer. Make network operations 28% more efficient using automation to manage policy and change at scale. Enable app and device awareness with 8 times faster roaming and views of more than 1200 applications. Build the foundation for your digital transformation with the latest technology innovations. Deploy network services in minutes on any platform — branch, collocation, or public cloud. Give freedom to your network. Connect users to applications with one seamless network using Cisco Digital Network Architecture (DNA) Virtualization. Deploy virtual network services in minutes, instead of weeks. Reduce CAPEX by moving to virtual services and consolidate hardware.

Cisco APIC Enterprise Module

Industry-leading Cisco Enterprise Service Automation aids with orchestration, automation of processes, and service chaining of virtual and physical branches, drastically reducing the time required to provision multiple branches simultaneously from months to just minutes. Use Cisco Enterprise Service Automation, along with the Cisco APIC Enterprise Module and Cisco Prime Infrastructure, allows IT to design, provision, manage, and monitor the hardware, hosting platforms, and software services required to successfully get a new branch up and running. With Cisco Enterprise Service Automation workflows align with ITIL processes, providing ways for users to create network designs for initial provisioning and service upgrades. It goes through an approval process when there is a change, and the supply of common network attributes for configuring the devices is based on the region, location, or type of branch.

Cisco Intelligent WAN

Automate branch router configuration and management with software-defined WAN technology. Cisco Intelligent WAN Application for the Cisco Application Policy Infrastructure Controller Enterprise Module allows you to accelerate the deployment of Cisco IWAN. And align to business priorities based on applications and user needs. The Cisco IWAN Application simplifies WAN deployments by providing a highly intuitive, policy based interface that helps IT abstract network complexity and design for business intent. The business policy is automatically translated into network policies that are propagated across the network. This solution enables IT to accelerate the transition to hybrid WAN, and quickly realize the benefits of software-defined WAN. Lower costs, simplified IT, increased security, and optimized application performance. Cisco Intelligent WAN Application for the Cisco Application Policy Infrastructure Controller Enterprise Module allows you to accelerate the deployment of Cisco IWAN. And align to business priorities based on applications and user needs.
Cisco APIC Enterprise Module


The Cisco Application Policy Infrastructure Controller (Cisco APIC) is the unifying point of automation and management for the Application Centric Infrastructure (Cisco ACI) fabric. The Cisco APIC provides centralized access to all fabric information, optimizes the application lifecycle for scale and performance, and supports flexible application provisioning across physical and virtual resources. Designed for automation, programmability, and centralized management, the Cisco APIC itself exposes northbound APIs through XML and JSON. It provides both a Command-Line Interface (CLI) and GUI which utilize the APIs to manage the fabric holistically. OpFlex is a new open and extensible southbound protocol that supplies policy directly to data center networks.

Unlike commonly used SDN protocols, it supplies application policy, not low-level configuration, to network devices. This allows devices to self-configure and freely expose new innovation. By centralizing policy but distributing control, networks can become much more scalable, resilient, and interoperable. Cisco and partners are submitting OpFlex to the IETF for standardization to OpenDaylight for open source SDN implementations. An OpFlex agent will be available free from Github for leading hypervisors, switches, and Layer-4 to Layer-7 services. A reference implementation on OVS will be available. Cisco APIC is completely removed from the data path. This means the fabric can still forward traffic even when communication with the Cisco APIC is lost.


Cisco ACI, a industry-leading Software-Defined Networking (SDN) solution, offers a unique blend of mapping hardware and software capabilities through a unified application-based policy model. Cisco ACI increases business agility and lowers TCO by automating IT tasks, enhancing security, and increasing operational efficiency. Automate IT workflows and help organizations shorten app deployment from weeks to minutes. Secure applications through whitelist model, policy enforcement, and micro-segmentation. Build programmable SDN fabrics leveraging open APIs and over 65 Cisco ACI global partner ecosystems.

Deploy, scale, and migrate applications seamlessly across multiple hybrid data centers. Cisco Application Policy Infrastructure Controller (APIC) provides single-click access to all Cisco ACI fabric information, enabling network automation, programmability, and centralized management. Integrate virtual and physical workloads in a programmable, multihypervisor fabric to build a multi service cloud data center. Smoothly transition from a traditional data center to SDN with a common, policy-enforced approach. Migrate to Cisco ACI and build on your existing Cisco NX-OS infrastructure.


For organizations implementing Cisco Application Centric Infrastructure fabric architecture, the updated Cisco ASA 5585-X and Cisco Adaptive Security Virtual Appliance (ASAv) solutions can be fully integrated into the Cisco Application Centric Infrastructure fabric. Cisco Adaptive Security Device Manager — this no cost GUI based single device management option can be used for configuring, monitoring, and troubleshooting the virtual and physical appliances. Cisco Security Manager — you can use this solution for comprehensive multi device deployment and management of both the virtual appliance and the physical Cisco ASA 5500-X appliances.

Command line interface — a flexible command based management interface uses scripting for quick provisioning and automation of the appliances. The virtual appliance, along with the physical Cisco ASA 5500-X next generation firewalls can be managed by security administrators as a pool of resources that scale on demand. It provides programmable automation for deployment and management and uses a common policy based operational model across physical and virtual environments, reducing cost and complexity.

Intercloud Fabric

The Cisco Intercloud Fabric And Hybrid Cloud installation documentation and videos go a long way to get you started, however we wanted to provide a bit more information to help you prepare for Cisco Intercloud Fabric installation, configuration and connection to either AWS or Azure or both. First you’ll need an account at the cloud provider, the account needs and capabilities are different for each provider. Amazon AWS — standard AWS account, account policy requirements.

You will need full Amazon EC2 access policy, full AWS S3 access policy — if you are going to deploy Windows images, full AWS Marketplace — if you are going to deploy Intercloud Cisco Fabric Router, and to deploy the Intercloud Fabric Router in Amazon AWS Market Place you will need to accept the terms for the image. Cisco Intercloud Fabric Router and Cisco Intercloud Fabric Firewall are not yet deployable in Azure, download the presentation on Cisco’s website for a step by step guide to getting an AWS or Azure account. Cisco Intercloud Fabric And Hybrid Cloud — Cloud Access Keys.


Reduce risks and contain threats by dynamically controlling network access. Cisco ISE Identity Services Engine can assess vulnerabilities and apply threat intelligence. It can also contain a suspicious device for remediation. We call this Cisco Rapid Threat Containment. Get answers fast about threats on your network and stop them even faster. Cisco Rapid Threat Containment uses an open integration of Cisco’s security products, technologies from Cisco security partners, and the network control of the Cisco Identity Services Engine (ISE). In addition, you can protect critical data through the solution’s Cisco Threat Centric NAC feature, Dynamically change your users’ access privileges when their threat or vulnerability scores go up.

Cisco ISE transforms the network from a simple conduit for data into a security enforcer that accelerates the time to detection and time to resolution of threats. The Cisco pxGrid (Platform Exchange Grid) is an open, scalable, and IETF standards driven data sharing and threat control platform. Now your multiple security products can work together. With Cisco pxGrid, security operations teams can also automate to get answers and contain threats faster.

Network Automation

To meet its growth demands for applications, hosting and cloud services, a client became the first telecom company in the world to deploy Cisco Application Centric Infrastructure (ACI) and Cisco Nexus 9000 series switches as the foundation for its next-gen data center. A client used the expertise of end-to-end Cisco Services to deploy Cisco ACI, which provided a turnkey approach that was agile, cost-effective, and scalable.

The client used the expertise of end-to-end Cisco Services to deploy Cisco ACI, which provided a turnkey approach that was agile, cost-effective, and scalable. Increasing its competitive advantage, Du now has an application-focused fabric and a foundation for cloud automation and orchestration that supports an extensible, highly secure multitenant environment based on open standards.