We address the topic of network policies for hybrid applications that need to run over a heterogeneous mix of end points such as containers, VMs and bare metal hosts. Even as many applications transition to a containerized implementation, not all components will be containerized at the same time.
We cover the networking and segmentation policies for such hybrid scenarios and present an application centric view of network policy definition and demonstrate a unified enforcement architecture that spans heterogeneous environments. A key component is an integration of open source Contiv container networking policies with policies enforced on VMs and bare metal hosts using Cisco ACI and OpenStack Group Based Policy. This provides a rich networking policy model with multi-tenancy at its core, and support for multiple VM and container platforms. We will cover the technical architecture and demos of integrated policies in operation on heterogeneous platform comprised of Docker and OpenStack.