© 2019 Cisco and/or its affiliates. All rights reserved.

La Poste

NameGroupe La Poste

Sector Public Sector

CitySaint Quentin en Yvelines, France

Employees 253 000

The company

The French Postal Service is reshaping its Information System and select Cisco ACI

The French Postal Service migrates to a new Software Defined Networking solution to run 2 datacenters for mailing and parcels services

© 2019 Cisco and/or its affiliates. All rights reserved.

• Automation and native programmability• Independence between the two data centers

Why Cisco ACI ?• Open API’s to third party solutions• Cisco ACI and Red Hat Openshift integration• Cisco ACI and VMware integration• L4-L7 services integration• Application centric with multi-site capabilities

First results• 45 applications and 1500 virtual servers connected and protected by Cisco ACI

• Centralized management of the 2 data centers of Marcoussis and Clayes-Sous-Bois

Context

Project’s originBSCC decided to divide its 360 existing applications in 5 domains. For example, contracting and invoicing for the Customer Relationship Domain, Transport Routing and delivery for the Logistics and Services section of the Producer Domain, or 40 technical applications foundations such as Hosting and Resilience, ItaaS Cloud Infrastructure, PaaS within the Technical Domain. This architecture must guarantee interconnection between all applications but also facilitate creation of new services between the different foundations.

Technical specifications

• Matrix organization, agile/SAFe mode

Bruno MercierProjects DirectorDatacenter Infrastructure and Cloud

Each foundation manager is accountable for its architecture’s choice. As a pillar of the functional domains, the technical domain covers from the datacenter and network to the dev factory.

“ We are aiming for a99.8% availability ofinformation. A service like ‘Watch over myparents’ must bereliable. The loved ones rely on our Information System which becomes a critical element. The breakdown isn’tpossible. ”

In 2017, the second edition of the “Trophées de la Transformation Numérique” (Trophies of digitaltransformation) crowned the French Postal Service and rewarded the way they have reinvented themselves in order to transform theirproducts, services and business model. At a time where they experience a severe decrease of the volume of mails, La Poste has sought to generate new revenues related to its services: preventing isolation of the elderly, establishing reports for insurance companies, or informing road services in case of potholes. Board management ofService-Mail-Parcel (BSCC) quickly understood that the Information System should be at the service of its customers, but also of its postal workforce to gain fluidity and help them with these new tasks. Behind the scenes, BSCC has developed a strategic plan to rewrite the entire InformationSystem.

© 2019 Cisco and/or its affiliates. All rights reserved.

Case Study Public Document

Team building and first orientationsNo transformation without reorganization ?

“ We built our teams so that they will be autonomous, remembers Bruno Mercier. I looked for people who could work either on the Data Center, the WAN or LAN. We always had expertise in LAN and physical design in Châlons-en-Champagne, but we also integrated a network architect from Nantes with a good knowledge of WAN topics. And also a virtualization architect as well as other administrators ”

Native automation

The project lead, Lionel Chaine, Mail and Parcel CIO, shared his intention to transform a hierarchical organization into a horizontal agile matrix organization aligned with new work models of modern digital companies. Within each domain, a SAFe (Scaled Agile Framework) train operation is set up around new teams according to their themes. As an exemple, Technical Area SAFe train brings together around 18 different teams, including those in charge of "Hosting and Resilience" and "Cloud Infrastructure, ITaaS,PaaS" application foundations.

Two days of training were enough to teach the group to work together using scrum agile methodology. Later, we became a shared services center and the implementation of the agile matrix organization shown strong benefits, especially from a human resources perspective. "When you start this kind of project, you need to share skills. A network administrator with interest for datacenter technologies took over the datacenter urbanisation surfing between traditional network admin role as well as virtualization.” Given the fact that building a shared services datacenter may rebuild some silos, strong efforts were used to help focus on freshly acquired skills as well as more “standard” ones.

The second ask for the CIO is related to technology solutions. The chosen solution will need to support any type of applications (at least 99.9% of them), be automated and available to anybody who would like to deploy his application. This is a loud and clear message, the solution needs to be cloud native. From a datacenter perspective, this is Software Defined Networking (SDN).

Independent datacenters

“Application Centric architecture is the only choice to allow network to be accessible from anyone”

Bruno MercierProjects directorDatacenter Infrastructure and Cloud

During the latest benchmark with a non-Cisco solution, The customer experienced a major network outage for 3 days related to a databasecorruption. For Pierre Devigne, head of datacenter infrastructure and cloud, next gen datacenter needs to be independent from each other. This outage was strongly visible: to avoid outage on 2 different datacenters, The French Postal Service wanted to prevent network extensions between both sites : Marcoussis (91) and Clayes-Sous- Bois (78). Each site will have its own network fabric as well as own Red Hat OpenShift PaaS.

© 2019 Cisco and/or its affiliates. All rights reserved.

Selection and deploymentOur choice of Cisco ACI

From a Multi-Pod Architecture to a Multi-Site Architecture

Application-Centric deployment with Micro-Segmentation

“In application-centric mode, our administrators initiate a movement toward new tasks. We manipulate objects and no longer IP addresses. It's far more interesting for them.”

Bruno MercierProjects directorDatacenter Infrastructure and Cloud

Geographic footprint17 000 sites and 72 000 postmen

La Poste in numbers

Originally, the project progressed towards a multi-pod architecture which guaranteed network service even in case of an application corruption. This Architecture is composed by storage clusters accross the two data centers. As explained below, during the network cut-off test bench from a competitor solution, a major application corruption occurred. The customer decided to take the safest route and leverage the multi-site approach which allow best of both worlds : DCI and datacenters continuous operations.

At the heart of the solution, the Cisco ACI Multi-Site Orchestrator (MSO) monitors the integrity and health of the various ACI sites, transmitting rules to several data centers around the world in one step. They consider two data centers (and fabrics) independent, but are open to the possibility of an interfabric connection, the link being dedicated for the infrastructure needs but also for the databases having strong latency constraints (ex:Cassandra), never for the applications.

The Service-Mail-Parcels management believes that applications must also carry a degree of resilience. The service availability is not just about the datacenter but the new applications must integrate into their design the ability to operate in active/active or active/passive mode within thedatacenters.

The French Postal Service was interested in a deployment of Cisco ACI in an “application-centric mode” with a flat IP addressing scheme considering the highly dynamic environment. In this scenario, the difficulty was to identify workloads to IP address association. The fact that Cisco ACI is open to third-party security solutions allows us to reach the service of any Firewall and apply the correct tagging so that the appropriate rules are tied to the correct IP address. The choice of an “application-centric” architecture also demonstrates its interest in terms of human resources as it involves a new vision of the network administrators.

Jobs253 000 employees in 2018

Metrics1.5 Billions parcels delivered in 230 countries

The French Postal Service understood quickly it was necessary adding new switches as part of its development. The company validates the interest of combining both hardware and software as a global solution, in order to guarantee the performances and to provide the flexibility required. They had a Cisco Nexus installed base, therefore Cisco ACI has naturally been considered for this project. Within the underlay, the possibility to add new switches and integrate them natively into the fabric is attractive and facilitates automation.

• Multi-Site Orchestrator (MSO)

© 2019 Cisco and/or its affiliates. All rights reserved. Cisco and the Cisco logo are trademarks or registered trademarks of Cisco and/or its affiliates in the U.S. and other countries. To view a list of Cisco trademarks, go to this URL: www.cisco.com/go/trademarks. Third-party trademarks mentioned are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company. (1110R)

Technical implementation

Learn more

• APIC controllers clusters

• Cisco Nexus 9500 series spines • Cisco Nexus 9300 NXOS IPNs• Cisco Nexus 9300 series leaves

• Out of band Nexus 3000 switches

• Bidirectionnal optics

Find the business case presented by Bruno Mercier during the Cisco ACI Days (PDF)

• Cisco ACI Multi-Site Architecture (Whitepaper)

• Cisco ACI Multi-Pod and Multi-Site: Benefits and Differences Explained(Video)

• ACI sur cisco.com : cisco.com/go/ACI

ProductsIntegration between Cisco ACI and Red Hat OpenShiftAs explained by Lionel Chaine, the goal of the project is to guarantee access for developers to the resources and infrastructures they need. The "Hosting and Resilience” teams initiated the movement by proposing a portal allowing users to create their virtual machines as well as securityrules. They worked together with the PaaS teams to have a single SDN allowing access to all of these services. The collaboration between the customer and Cisco allows us to move forward to the next step : Openshift integration with ACI. The goal is to orchestrate natively OpenShift containers into Cisco ACI. The project is under review to have this done at the end of the year to integrate OpenShift v4 with the ACI CNI plugin.

The choice of a multi-site architecture combined with an application-centric approach was a key factor regarding the selection of Cisco ACI. The implementation of the Multi-Site Orchestrator(MSO) allowed us to rethink the design. “Our original design was probably not appropriate. We chosed to move from a multi-pod architecture to multi-site, which led to few challenges” says Bruno Mercier.

The Cisco Account team provided continuous support to Bruno’s team to reassess the design, facilitate the implementation, and answer any questions raised: how to manage potential application migrations between two independent data centers? What is the proper level of integration from the firewall to thefabric? How to extend the application view outside the fabric ?