Experian is a global leader in consumer and business credit reporting and marketing services. A constituent of the United Kingdom’sFinancial Times Stock Exchange (FTSE) 100 Index, the company generates total revenue of more than US$4.3 billion annually.Experian supports clients in more than 80 countries and employs approximately 17,000 people in 37 countries.
• Implemented the network foundation for global data center connectivity
• Aligned the visibility and control of physical and virtual environments
• Standardize network architecture and policies across dozens of data centers
• Improve the visibility and control of infrastructure systems and traffic
“ACI Virtual Edge will eliminate the need of VLAN management. It will allow us to configure once and deploy everywhere, which will save a ton of time and cost.” - Robert Abner, Senior network engineer, Experian
Challenge: Standardizing network operations around the world
“Data is our product,” says Robert Abner, senior network engineer at Experian. “We gather information from a variety of sources, and then we analyze, process, and package it for our customers. There’s a lot of data coming in and going out at all times, and our services need to be available at all times.” This is difficult to accomplish when the services are managed, secured, and delivered from dozens of disparate data centers and colocation sites in multiple regions. So Experian launched a global data center innovation initiative.
“We have 50 to 60 sites around the world, and we needed them to be more alike,” says Abner. “We wanted a standardized network architecture with consistency for how applications are deployed and managed and how data is transported.”
“We’re putting more workloads onto ACI, we’re implementing more automation, and we’re extending the fabric to our other data centers. It’s different, and it’s very exciting.” Robert Abner,Senior network engineer, Experian
Experian also sought network automation, allowing changes to be made universally instead of one switch, one data center, one region at a time.
As the foundational elements of its data center innovation initiative, Experian deployed Cisco ACI— the industry’s leading software-defined network fabric—in tandem with the Intel® Xeon® processorbased Cisco UCS.
Connecting data centers in key regions
Before Experian connects its data centers around the globe, it is using Cisco ACI Multipod functionality to link the data centers within three key regions.
“Cisco ACI has given us the ability to do things we couldn’t do before,” Abner claims. “Using ACI Multipod, we’ve been able to logically connect multiple sites within the U.S., the U.K., and Brazil, which allows them to be managed as one big data center in each of those regions.”
These unified fabrics have led to a number of benefits, he explains. Regional resources are now managed collectively. Workloads have been spread among multiple sites for greater redundancy. Spanning tree issues that caused service interruptions have been eliminated. And a significant portion of north-south traffic has been turned into east-west traffic using contracts and filters, reducing the load on the company’s firewalls and improving overall performance.
“We have much more granular traffic, policy, and security control,” Abner notes. “We can make a change to a single tenant or server with contracts and filters, for example, instead of making changes to the firewalls. It’s easier, less risky, and doesn’t impact the entire environment.”
Aligning virtual and physical environments
To further extend data center consistency and operational efficiency, Experian is now testing and preparing to deploy the new Cisco ACI Virtual Edge. The next generation of the Cisco Application Virtual Switch (AVS), ACI Virtual Edge is a hypervisor-independent virtual appliance that pushes the functionality and control of Cisco ACI into virtual environments.
“ACI Virtual Edge will eliminate the need of VLAN management,” Abner says. “It will allow us to configure once and deploy everywhere, which will save a ton of time and cost.”
Experian is also planning to utilize the distributed firewall capability of ACI Virtual Edge as well as Cisco Tetration for greater visibility and management of its workloads and traffic flows— spanning both virtual and physical environments. The distributed, stateful firewall built into ACI Virtual Edge will allow the company to track the communications between virtual and physical machines. And Cisco Tetration will enable Experian to fully map its legacy applications, including data flows, rules, and dependencies.
“As we port our legacy applications to the new fabric, we don’t want to move all of the old rules and ACLs (access control lists) with them,” Abner states. “We want to optimize the applications and get rid of the ports and rules that are no longer needed. Tetration will automate much of that work and provide additional visibility moving forward.”
Increasing flexibility and control
In addition to standardizing its network architecture and provisioning policies, Experian is utilizing the segmentation capabilities of Cisco ACI to attain additional control over its data resources.
“We have the flexibility to take our legacy environment, move it onto the new fabric, and then segment the subnets into multiple endpoint groups,” Abner explains. “Those endpoint groups are locked by default and can’t talk with others, even in the same IP space.”
Cisco ACI is also relieving the headache of managing a multitude of subnets, VLANs, ACLs, and logs.
“We have a lot of very large ACLs, and if one is built incorrectly, it can cause a number of problems,” Abner says. “With ACI and Tetration, we can clean them up and better understand what traffic is needed and what isn’t.”
Experian is now in the process of evaluating Cisco ACI Multi-Site capability to logically and securely connect additional data centers around the world. With a standardized and connected network fabric, the company will be able to manage data center policies and maintain architectural consistency globally instead of regionally.
“We’re putting more workloads onto ACI, we’re implementing more automation, and we’re extending the fabric to our other data centers,” says Abner. “It’s different, and it’s very exciting.”