Cisco recently acquired Embrane. I tried to dig deep to answer some questions I had and this blog is a result of that.
What does Embrane do?
Embrane provides L3-L7 Network services and lifecycle management of L3-L7 Network services. Embrane has their own version of Firewall, Load balancers etc and they also partner with vendors like F5, Citrix, A10 to manage their Network Services. Based on my understanding, Embrane’s focus is more on Network service lifecycle management rather than selling Network services itself.
What are Virtual L3-L7 services?
L3-L7 services like Firewall, Load balancers, VPN, Security are traditionally provided with physical boxes. With advances in computing, they can be achieved using a virtual appliance running as VM.
What is Network service lifecycle management?
The analogy I see is compute lifecycle management. Initially, we had physical compute resources with baremetal servers. Then we got virtualized computing with VMs and we have VM Orchestration tools like Vcenter, Openstack. These compute orchestration tools manage lifecycle of the VMs including creation, deletion, migration, high availability etc. Embrane’s ESM(Elastic services manager) manages lifecycle of the L3-L7 virtual appliance like creation, deletion, networking, licensing, HA etc.
How does Embrane work with Openstack, Vcenter?
There is a Openstack Embrane plugin to talk to Embrane ESM to create L3-L7 services. Embrane currently works with ESX, Xen, KVM hypervisors. As per my understanding, Embrane’s ESM can directly talk to the hypervisor or they can talk through Vcenter to talk to ESX.
How does Embrane integrate with ACI?
From the beginning, Embrane has been working closely with Cisco, so there is a very tight integration with Cisco’s ACI solution. APIC has policies in terms of how EPG(End point groups) talk to each other. The policy can specify L3-L7 services and APIC talks to ESM to manage the L3-L7 services.
Why cant we manage Network services using VM Orchestration tools or by extending them?
I do not have a clear answer for this one. VMs have a lifecycle similar to Virtual network service appliances. The question here is why cant we spin up VM with L3-L7 image using Vcenter/Openstack? Part of the answer could be that L3-L7 services have specific characteristics like Licensing, HA, Networking, Service chaining that are specific to them and its difficult to extend generic compute orchestration tools to suit this. Its not clear if VMWare is already working on this. The other approach to this is something like Openstack using Embrane plugins to manage L3-L7 services.