osorioartist - Fotolia

News Stay informed about the latest enterprise technology news and product updates.

Texas school district finds unusual tech niche for Cisco ACI

A Texas school district has invented a tech niche for Cisco ACI that protects the network from clever students testing their hacking skills.

A central Texas school district has found an offbeat use for Cisco's software-defined networking platform. Rather than use the technology for data center management chores, the Hutto Independent School District has deployed it for network access control.

Creating a NAC system out of Cisco's Application Centric Infrastructure required turning the ACI switching fabric into the core router for the district of eight schools, 6,600 students, and 900 teachers and staff. The district IT staff then went a step further and made ACI the security checkpoint for the 3,000 Chromebooks used as learning tools.

"This is exactly why we chose ACI," Travis Brown, director of technology at Hutto, said of the tech niche. "We saw that we could do with it things that were outside of Cisco's use case."

Also, the district spent less using ACI to replace two 10-year-old Cisco Catalyst 4507 core routers. Other architectures reviewed by the district would have cost 50% to 75% more than ACI, Travis said. "In the end, we saved quite a bit of money."

"We were able to bring [ACI] in by intelligent design, rather than just making purchases in a more traditional sense," Travis said.  "We actually thought about it."

Hutto district is not the typical enterprise

The district's IT operation is not as wide-ranging and complex as enterprises', so there's more room for creativity and discovery of a tech niche. Hutto dedicates 70% of the computing power in its data center, located in the district's administration building, to running virtual desktops and educational software, such as Istation, Imagine Learning and Discovery Education.

The ACI fabric, deployed last December, comprises two spine and four leaf Nexus 9000 switches, and three ACI controllers. Hutto evenly split the Cisco hardware between the administration building and the district's high school in a leaf-spine network topology. At the edge of the districtwide network are Catalyst switches, which handle Chromebook traffic.

To connect the Catalyst hardware to the ACI fabric, Hutto uses an encapsulation protocol, called VXLAN. The technology is used to run an overlay network on Layer 3 infrastructure. Arista Networks, VMware and Cisco developed VXLAN to help engineers build larger cloud computing environments.

Hutto's IT staff uses the ACI controllers to build and push out to the Nexus leaf switches policies that define the ports Chromebook traffic can use. The switches drop traffic that deviates from approved patterns.

"This is a novel use of ACI in a campus network to do policy enforcement at the edge," said Dan Conde, an analyst at Enterprise Strategy Group Inc., in Milford, Mass.

Hutto's IT team built the security tech niche for ACI to keep mischievous students out of trouble. "We have a lot of students who want to be hackers," said Keith Reynolds, the district's network administrator.

Would-be hackers will bring laptops equipped with tools that can scan the network for vulnerabilities in Windows computers, Reynolds said. The ACI-deployed policies ensure that a student running a scan can't see anything.

ACI to manage personal devices

The long-term goal for ACI is to turn the tech niche into a key security component in letting students and staff use personal laptops and mobile devices on the network. "Our ultimate goal is to finalize our preparations for a very robust and very secure bring-your-own-device environment, " Brown said.

ACI won't be right for every school district. Cisco built the technology for an enterprise data center, so adapting it for a school network won't be easy. Brown's advice is "to get a really talented team first, and then look at buying [ACI]."

Brown has assembled the talent, so the district is reaping the rewards.

Next Steps

Cisco ACI as application-aware infrastructure

Cisco, VMware take starkly different approaches to SDN

Microsegmentation to secure VMware NSX, Cisco ACI

Dig Deeper on SDN security applications

PRO+

Content

Find more PRO+ content and other member only offers, here.

Join the conversation

1 comment

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.

What novel uses has your organization found for Cisco ACI?
Cancel

-ADS BY GOOGLE

SearchNetworking

SearchEnterpriseWAN

SearchCloudProvider

SearchUnifiedCommunications

SearchSecurity

  • Passive Python Network Mapping

    In this excerpt from chapter two of Passive Python Network Mapping, author Chet Hosmer discusses securing your devices against ...

  • Protecting Patient Information

    In this excerpt from chapter two of Protecting Patient Information, author Paul Cerrato discusses the consequences of data ...

  • Mobile Security and Privacy

    In this excerpt from chapter 11 of Mobile Security and Privacy, authors Raymond Choo and Man Ho Au discuss privacy and anonymity ...

SearchDataCenter

Close