Upgrade at deeply discounted prices to help ensure secure network transformation.
Product overview
The Cisco® Application Policy Infrastructure Controller Enterprise Module (APIC-EM) is our Software-Defined Networking (SDN) controller for enterprise networks (in the campus or branch and the WAN). It delivers an elastic platform for policy-based automation that simplifies and abstracts the network. It can enable transformation of business intent to network control. The platform is built to host multiple, easy-to-use SDN applications that use open, northbound Representational State Transfer (REST) APIs and drive core network automation solutions. The platform also supports a number of southbound protocols that enable it to communicate with the breadth of network devices customers already have in place, and extend SDN benefits to both greenfield and brownfield environments, immediately from the start. The goal of the APIC-EM platform is to power next-generation SDN applications that will dramatically lower operational expenditures and increase network agility to align with business needs.
The APIC-EM platform supports both wired and wireless enterprise networks across the WAN, and access and wireless infrastructures. It offers superior investment protection, and works with both existing and new infrastructure. The APIC-EM platform delivers many significant benefits. For example, it:
● Creates an intelligent, open, programmable network with open APIs
● Can help customers save time, resources, and costs through advanced automation services
● Can transform business-intent policies into dynamic network configuration
● Provides a single point for network-wide automation and control
Table 1 describes the features and benefits of the Cisco APIC-EM in general availability release 1.5.
Table 1. Cisco APIC-EM features and benefits
Feature |
Description and benefits |
Network Information Database (NIDB) |
APIC-EM periodically scans the network to create a “single source of truth” for IT. This inventory includes all network devices, along with an abstraction for the entire enterprise network. The NIDB allows applications to be device-independent, so configuration differences between devices aren’t a problem. |
Network topology visualization |
APIC-EM auto-discovers and maps network devices to a physical topology with detailed device-level data. With its auto-visualization feature, it presents a highly interactive mechanism for viewing and troubleshooting the network. You can also easily customize its GUI. |
Plug and Play application |
Cisco Network Plug-and-Play provides a highly secure, scalable, seamless, and unified zero-touch-deployment experience for customers across Cisco's entire enterprise network portfolio of wired and wireless devices. It reduces the burden on enterprises by greatly simplifying the deployment process for new devices, which can significantly lower Operating Expenditures (OpEx) as well. For more details, refer to Plug and Play Application data sheet. |
Cisco Intelligent WAN (IWAN) application |
The separately licensed IWAN application for APIC-EM greatly simplifies the provisioning of IWAN network profiles with simple business policies. The IWAN application defines business-level preferences by application or groups of applications. It then translates that priority into the network configuration that drives Quality of Service (QoS), preferred path routing over hybrid WAN links, secure overlay, performance visualization, and more. This advanced Software-Defined-WAN (SD-WAN) capability guarantees delivery of application experience over any connection using otherwise inactive or backup links. For more details, refer to IWAN App data sheet. |
Enterprise Service Automation (ESA) application |
The separately licensed ESA application for APIC-EM centrally orchestrates and manages network services, making it simple to deploy and manage them. ESA provides a standardized site design, zero-touch deployment, and automated monitoring of network services, regardless of platform. It helps ensure optimal performance of Virtual Network Functions (VNFs) running on the Cisco Enterprise Network Functions Virtualization Infrastructure Software (NFVIS) by monitoring and managing the health and lifecycle of the services. |
Public Key Infrastructure (PKI) certificate |
The PKI service provides an integrated authentication server for automated key management. It automates the lifecycle management of issuing, renewing, and revoking the PKI X.509 certificate for apps such as IWAN. This service greatly simplifies the process of establishing and maintaining trust in the network. |
Path Trace application |
Inspection, interrogation, and remediation of network problems rely on manual techniques today, which may not only be slow and inaccurate, but also quite expensive. Given a five-tuple description, the Path Trace application solves this problem by automating inspection and visualization of the path taken by a flow between two endpoints in the network. |
High availability |
High availability is provided in N+1 redundancy mode with full data persistence for high availability and scale. All the nodes work in active-active mode for optimal performance and load sharing. |
Backup and restore |
APIC-EM supports complete backup and restore of the entire database for added protection. The network database can now be easily backed up and restored in a user-friendly way with a few clicks from the controller UI. |
Integrity Verification |
The Integrity Verification application leverages the capabilities provided by APIC-EM to collect integrity measurements from monitored devices, evaluates these measurements for correctness and unexpected changes, and provides visibility into the results, with the objective of identifying a compromise quickly to minimize its impact. |
Active Advisor |
Cisco Active Advisor simplifies network discovery and finds security alerts that apply to your devices. It also analyzes contract coverage and end-of-life status and can compare your network against Cisco Validated Designs. |
SD-Bonjour |
Cisco SD-Bonjour App enables policy-based Apple Bonjour discovery and distribution across a user-defined network. In this distributed architecture, the next-generation Cisco Catalyst® switches perform Service Discovery Gateway (SDG) agent functions. |
Platform support
The Cisco APIC-EM platform provides broad-based coverage of the Cisco enterprise switching, routing, and mobility product portfolio. Refer to Table 2 for more details.
Table 2. Platforms that APIC-EM supports in general release 1.5
Device type |
Device series |
Switches |
Catalyst 2960-X/XR Series Switches |
Catalyst 2960-S Series Switches |
|
Catalyst 2960 Series Compact Switches |
|
Catalyst 3560 Series Compact Switches |
|
Catalyst 3650 Series Switches |
|
Catalyst 3850 Series Switches |
|
Catalyst 3750-X Series Switches |
|
Catalyst 3560-X Series Switches |
|
Catalyst 4500 Series Switches |
|
Catalyst 4500x Series Switches |
|
Catalyst 4900 Series Switches |
|
Catalyst 6500 Series Switches |
|
Catalyst 6800 Series Switches |
|
Cisco Nexus 7000 Series Switches |
|
Cisco Nexus 5000 Series Switches |
|
Ether Switch Modules for Integrated Services Routers: SM-E22-16-P, SM-ES2-24-P, SM-D-ES2-48, SM-ES3-16-P, |
|
Industrial Ethernet 2000 Series Switches |
|
Industrial Ethernet 3000 Series Switches |
|
Routers |
4000 Series Integrated Services Routers |
Integrated Services Routers Generation2 |
|
ASR 1000 Series Aggregated Services Routers |
|
ASR 9000 Series Aggregated Services Routers |
|
Cisco Cloud Services Router 1000v |
|
Cisco Integrated Services Virtual Router |
|
Wireless |
Wireless LAN Controllers (IOS XE & AireOS) |
Application Programming Interfaces (API)
APIC-EM supports both northbound and southbound APIs.
The northbound APIs are REST-based and can enable applications to discover and control your network elements using the HTTPs protocol with HTTPs verbs (for example, GET, POST, PUT, and DELETE) with JavaScript Object Notation (JSON) syntax. It is function-rich, highly secure, and can provide you with easy-to-use, programmatic control of your network elements, interfaces, and hosts.
The southbound interface speaks to network elements using Command-Line Interface (CLI) and Simple Network Management Protocol (SNMP). The use of CLI and SNMP can ensure that APIC-EM works with your existing Cisco products. Future versions of APIC-EM will take full advantage of other southbound technologies and device APIs as they are implemented.
For more information about available northbound APIs, refer to controller documentation or the API Reference under the APIC-EM section on DevNet.
System requirements
The APIC-EM platform and its hosted applications can run as a virtual appliance when installed on a hypervisor or a bare-metal server. It is also available as a hardware appliance. System resources to run these two different form factors follow.
Physical appliance specifications:
● Server: 64-bit x86
● CPU (cores): 6
● CPU speed: 2.4 GHz
● RAM: 64 GB (Single Node), 32 GB (Per Host for Multi-Node)
● Storage: 500 GB of available or usable storage after hardware RAID
● RAID level: Hardware-based RAID at RAID level 10
● Disk I/O speed: 200 MBps
● Network adapter: 1 or more
● Browser: Chrome (44.0 or later)
● Web access required: Outbound secure web (HTTPS) access from the Cisco APIC-EM to the Internet for automatic updates of the controller software
Virtual appliance requirements:
● VMware ESXi Version: 5.1/5.5
● Server: 64-bit x86
● Virtual CPU (vCPU): 6
● CPU speed: 2.4 GHz
● RAM: 64 GB (Single Node), 32 GB (Per Host for Multi-Node)
● Storage: 500 GB of available or usable storage after hardware RAID
● RAID level: Hardware-based RAID at RAID level 10
● Disk I/O speed: 200 MBps
● Network adapter: 1 or more
● Browser: Chrome (44.0 or later)
● Web access required: Outbound secure web (HTTPS) access from the Cisco APIC-EM to the Internet for automatic updates of the controller software
Note: If using the IWAN application, you also must have an HTTP or secure HTTP (HTTPS) proxy to connect the APIC-EM plug-and-play service to the public cloud. This proxy can be a commercial standard HTTP or HTTPS proxy.
Licensing
The Cisco APIC-EM is accessible with a click-through license when you download or install the product.
Ordering information
The Cisco APIC-EM is available in two form factors: virtual appliance and hardware appliance. The virtual appliance can be downloaded free of charge from Cisco Software Central or Cisco’s DevNet community service. The hardware appliance can be purchased directly from Cisco or through our resellers (SKU numbers are listed below).
Virtual appliance SKUs
R-APICEM-SW-K9 |
Cisco APIC-EM Controller Software |
R-APICEM-SW-K9= |
Cisco APIC-EM Controller Software (Spare) |
Hardware appliance SKUs
APIC-EM-APL-R-K9 |
Cisco APIC EM Controller Appliance 10C-64G-2T |
APIC-EM-APL-R-K9= |
Cisco APIC EM Controller Appliance 10C-64G-2T (Spare) |
APIC-EM-APL-G-K9 |
Cisco APIC EM Controller Appliance 20C-128G-4T |
APIC-EM-APL-G-K9 |
Cisco APIC EM Controller Appliance 20C-128G-4T (Spare) |
Cisco Capital
Financing to help you achieve your objectives
Cisco Capital® can help you acquire the technology you need to achieve your objectives and stay competitive. We can help you reduce CapEx. Accelerate your growth. Optimize your investment dollars and ROI. Cisco Capital financing gives you flexibility in acquiring hardware, software, services, and complementary third-party equipment. And there’s just one predictable payment. Cisco Capital is available in more than 100 countries. Learn more.
For more information
To learn more about the Cisco APIC-EM, visit: https://www.cisco.com/go/apicem.
Join us for a live demo of Cisco DNA Center capabilities and ask questions of Cisco experts. See examples of software image management, network and client health, and proactive troubleshooting.