The company La Poste – Cisco

The French Postal Service is reshaping

its Information System and select Cisco ACI

The company

Name
Groupe La Poste

Sector

Public Sector

City
Saint Quentin en Yvelines, France

Employees
253 000

© 2019 Cisco and/or its affiliates. All rights reserved.

La Poste T
h
e

F
r
e
n
c
h

P
o
s
t
a
l

S
e
r
v
i
c
e

m
i
g
r
a
t
e
s

t
o

a

n
e
w

S
o
f
t
w
a
r
e

D
e
!
n
e
d

N
e
t
w
o
r
k
i
n
g

s
o
l
u
t
i
o
n

t
o

r
u
n

2

d
a
t
a
c
e
n
t
e
r
s

f
o
r

m
a
i
l
i
n
g

a
n
d

p
a
r
c
e
l
s

s
e
r
v
i
c
e
s

Each foundation manager is accountable for

its architecture’s choice. As a pillar of the

functional domains, the technical domain

covers from the datacenter and network to

the dev factory.

Technical specifications

• Automation and native programmability

• Independence between the two data centers

• Matrix organization, agile/SAFe mode

Why Cisco ACI ?

• Open API’s to third party solutions

• Cisco ACI and Red Hat Openshift integration

• Cisco ACI and VMware integration

• L4-L7 services integration
• Application centric with multi-site capabilities

First results
• 45 applications and 1500 virtual servers
connected and protected by Cisco ACI

• Centralized management of the 2 data
centers of Marcoussis and Clayes-Sous-
Bois

© 2019 Cisco and/or its affiliates. All rights reserved.

Context

Project’s origin
BSCC decided to divide its 360 existing
applications in 5 domains. For example,
contracting and invoicing for the Customer
Relationship Domain, Transport Routing and
delivery for the Logistics and Services section
of the Producer Domain, or 40 technical
applications foundations such as Hosting and
Resilience, ItaaS Cloud Infrastructure, PaaS
within the Technical Domain. This architecture
must guarantee interconnection between all
applications but also facilitate creation of new

services between the different foundations.

“ We are aiming for a

99.8% availability of

information. A service

like ‘Watch over my

parents’ must be

reliable. The loved

ones rely on our

Information System

which becomes a

critical element. The

breakdown isn’t

possible. ”

Bruno Mercier
Projects Director
Datacenter Infrastructure and Cloud

I
n

2
0
1
7
,

t
h
e

s
e
c
o
n
d

e
d
i
t
i
o
n

o
f

t
h
e

(cid:210)
T
r
o
p
h
(cid:142)
e
s

d
e

l
a

T
r
a
n
s
f
o
r
m
a
t
i
o
n

N
u
m
(cid:142)
r
i
q
u
e
(cid:211)

(
T
r
o
p
h
i
e
s

o
f

d
i
g
i
t
a
l
t
r
a
n
s
f
o
r
m
a
t
i
o
n
)

c
r
o
w
n
e
d

t
h
e

F
r
e
n
c
h

P
o
s
t
a
l

S
e
r
v
i
c
e

a
n
d

r
e
w
a
r
d
e
d

t
h
e

w
a
y

t
h
e
y

h
a
v
e

r
e
i
n
v
e
n
t
e
d

t
h
e
m
s
e
l
v
e
s

i
n

o
r
d
e
r

t
o

t
r
a
n
s
f
o
r
m

t
h
e
i
r
p
r
o
d
u
c
t
s
,

s
e
r
v
i
c
e
s

a
n
d

b
u
s
i
n
e
s
s

m
o
d
e
l
.

A
t

a

t
i
m
e

w
h
e
r
e

t
h
e
y

e
x
p
e
r
i
e
n
c
e

a

s
e
v
e
r
e

d
e
c
r
e
a
s
e

o
f

t
h
e

v
o
l
u
m
e

o
f

m
a
i
l
s
,

L
a

P
o
s
t
e

h
a
s

s
o
u
g
h
t

t
o

g
e
n
e
r
a
t
e

n
e
w

r
e
v
e
n
u
e
s

r
e
l
a
t
e
d

t
o

i
t
s

s
e
r
v
i
c
e
s
:

p
r
e
v
e
n
t
i
n
g

i
s
o
l
a
t
i
o
n

o
f

t
h
e

e
l
d
e
r
l
y
,

e
s
t
a
b
l
i
s
h
i
n
g

r
e
p
o
r
t
s

f
o
r

i
n
s
u
r
a
n
c
e

c
o
m
p
a
n
i
e
s
,

o
r

i
n
f
o
r
m
i
n
g

r
o
a
d

s
e
r
v
i
c
e
s

i
n

c
a
s
e

o
f

p
o
t
h
o
l
e
s
.

B
o
a
r
d

m
a
n
a
g
e
m
e
n
t

o
f
S
e
r
v
i
c
e
–
M
a
i
l
–
P
a
r
c
e
l

(
B
S
C
C
)

q
u
i
c
k
l
y

u
n
d
e
r
s
t
o
o
d

t
h
a
t

t
h
e

I
n
f
o
r
m
a
t
i
o
n

S
y
s
t
e
m

s
h
o
u
l
d

b
e

a
t

t
h
e

s
e
r
v
i
c
e

o
f

i
t
s

c
u
s
t
o
m
e
r
s
,

b
u
t

a
l
s
o

o
f

i
t
s

p
o
s
t
a
l

w
o
r
k
f
o
r
c
e

t
o

g
a
i
n

!
u
i
d
i
t
y

a
n
d

h
e
l
p

t
h
e
m

w
i
t
h

t
h
e
s
e

n
e
w

t
a
s
k
s
.

B
e
h
i
n
d

t
h
e

s
c
e
n
e
s
,

B
S
C
C

h
a
s

d
e
v
e
l
o
p
e
d

a

s
t
r
a
t
e
g
i
c

p
l
a
n

t
o

r
e
w
r
i
t
e

t
h
e

e
n
t
i
r
e

I
n
f
o
r
m
a
t
i
o
n
S
y
s
t
e
m
.
Case Study
Public Document

Team building and first orientations

No transformation without reorganization ?

The project lead, Lionel Chaine, Mail and Parcel CIO, shared his intention to

transform a hierarchical organization into a horizontal agile matrix

organization aligned with new work models of modern digital companies.

Within each domain, a SAFe (Scaled Agile Framework) train operation is set

up around new teams according to their themes. As an exemple, Technical

Area SAFe train brings together around 18 different teams, including those

in charge of “Hosting and Resilience” and “Cloud Infrastructure, ITaaS,

PaaS” application foundations.

“ We built our teams so that they will be autonomous, remembers Bruno
Mercier. I looked for people who could work either on the Data Center, the
WAN or LAN. We always had expertise in LAN and physical design in
Châlons-en-Champagne, but we also integrated a network architect from
Nantes with a good knowledge of WAN topics. And also a virtualization
architect as well as other administrators ”

Two days of training were enough to teach the group to work together using

scrum agile methodology. Later, we became a shared services center and

the implementation of the agile matrix organization shown strong benefits,

especially from a human resources perspective. “When you start this kind of

project, you need to share skills. A network administrator with interest for

datacenter technologies took over the datacenter urbanisation surfing

between traditional network admin role as well as virtualization.” Given the

fact that building a shared services datacenter may rebuild some silos,

strong efforts were used to help focus on freshly acquired skills as well as

more “standard” ones.

Native automation
The second ask for the CIO is related to technology solutions. The

chosen solution will need to support any type of applications (at least

99.9% of them), be automated and available to anybody who would like

to deploy his application. This is a loud and clear message, the solution

needs to be cloud native. From a datacenter perspective, this is Software

Defined Networking (SDN).

© 2019 Cisco and/or its affiliates. All rights reserved.

Independent datacenters

“Application Centric architecture is

the only choice to allow network to

be accessible from anyone”

Bruno Mercier
Projects director

Datacenter Infrastructure and Cloud

D
u
r
i
n
g

t
h
e

l
a
t
e
s
t

b
e
n
c
h
m
a
r
k

w
i
t
h

a

n
o
n
–
C
i
s
c
o

s
o
l
u
t
i
o
n
,

T
h
e

c
u
s
t
o
m
e
r

e
x
p
e
r
i
e
n
c
e
d

a

m
a
j
o
r

n
e
t
w
o
r
k

o
u
t
a
g
e

f
o
r

3

d
a
y
s

r
e
l
a
t
e
d

t
o

a

d
a
t
a
b
a
s
e
c
o
r
r
u
p
t
i
o
n
.

F
o
r

P
i
e
r
r
e

D
e
v
i
g
n
e
,

h
e
a
d

o
f

d
a
t
a
c
e
n
t
e
r

i
n
f
r
a
s
t
r
u
c
t
u
r
e

a
n
d

c
l
o
u
d
,

n
e
x
t

g
e
n

d
a
t
a
c
e
n
t
e
r

n
e
e
d
s

t
o

b
e

i
n
d
e
p
e
n
d
e
n
t

f
r
o
m

e
a
c
h

o
t
h
e
r
.

T
h
i
s

o
u
t
a
g
e

w
a
s

s
t
r
o
n
g
l
y

v
i
s
i
b
l
e
:

t
o

a
v
o
i
d

o
u
t
a
g
e

o
n

2

d
i
f
f
e
r
e
n
t

d
a
t
a
c
e
n
t
e
r
s
,

T
h
e

F
r
e
n
c
h

P
o
s
t
a
l

S
e
r
v
i
c
e

w
a
n
t
e
d

t
o

p
r
e
v
e
n
t

n
e
t
w
o
r
k

e
x
t
e
n
s
i
o
n
s

b
e
t
w
e
e
n

b
o
t
h

s
i
t
e
s

:

M
a
r
c
o
u
s
s
i
s

(
9
1
)

a
n
d

C
l
a
y
e
s
–
S
o
u
s
–

B
o
i
s

(
7
8
)
.

E
a
c
h

s
i
t
e

w
i
l
l

h
a
v
e

i
t
s

o
w
n

n
e
t
w
o
r
k

f
a
b
r
i
c

a
s

w
e
l
l

a
s

o
w
n

R
e
d

H
a
t

O
p
e
n
S
h
i
f
t

P
a
a
S
.
Selection and deployment
Our choice of Cisco ACI

From a Multi-Pod Architecture to a Multi-Site Architecture
Originally, the project progressed towards a multi-pod architecture which

guaranteed network service even in case of an application corruption. This

Architecture is composed by storage clusters accross the two data centers.

As explained below, during the network cut-off test bench from a

competitor solution, a major application corruption occurred. The customer

decided to take the safest route and leverage the multi-site approach which

allow best of both worlds : DCI and datacenters continuous operations.

At the heart of the solution, the Cisco ACI Multi-Site Orchestrator (MSO)

monitors the integrity and health of the various ACI sites, transmitting rules

to several data centers around the world in one step. They consider two

data centers (and fabrics) independent, but are open to the possibility of

an interfabric connection, the link being dedicated for the infrastructure

needs but also for the databases having strong latency constraints (ex:

Cassandra), never for the applications.

Application-Centric deployment with Micro-Segmentation
The Service-Mail-Parcels management believes that applications must also

carry a degree of resilience. The service availability is not just about the

datacenter but the new applications must integrate into their design the

ability to operate in active/active or active/passive mode within the

datacenters.

© 2019 Cisco and/or its affiliates. All rights reserved.

The French Postal Service was interested in a deployment of Cisco ACI in

an “application-centric mode” with a flat IP addressing scheme

considering the highly dynamic environment. In this scenario, the difficulty

was to identify workloads to IP address association. The fact that Cisco

ACI is open to third-party security solutions allows us to reach the service

of any Firewall and apply the correct tagging so that the appropriate rules
are tied to the correct IP address. The choice of an “application-centric”

architecture also demonstrates its interest in terms of human resources as

it involves a new vision of the network administrators.

“In application-centric mode, our
administrators initiate a movement
toward new tasks. We manipulate
objects and no longer IP addresses.
It’s far more interesting for them.”

Bruno Mercier
Projects director
Datacenter Infrastructure and Cloud

La Poste in numbers

Jobs
253 000 employees in 2018

Geographic footprint
17 000 sites and 72 000 postmen

Metrics
1.5 Billions parcels delivered in 230 countries

T
h
e

F
r
e
n
c
h

P
o
s
t
a
l

S
e
r
v
i
c
e

u
n
d
e
r
s
t
o
o
d

q
u
i
c
k
l
y

i
t

w
a
s

n
e
c
e
s
s
a
r
y

a
d
d
i
n
g

n
e
w

s
w
i
t
c
h
e
s

a
s

p
a
r
t

o
f

i
t
s

d
e
v
e
l
o
p
m
e
n
t
.

T
h
e

c
o
m
p
a
n
y

v
a
l
i
d
a
t
e
s

t
h
e

i
n
t
e
r
e
s
t

o
f

c
o
m
b
i
n
i
n
g

b
o
t
h

h
a
r
d
w
a
r
e

a
n
d

s
o
f
t
w
a
r
e

a
s

a

g
l
o
b
a
l

s
o
l
u
t
i
o
n
,

i
n

o
r
d
e
r

t
o

g
u
a
r
a
n
t
e
e

t
h
e

p
e
r
f
o
r
m
a
n
c
e
s

a
n
d

t
o

p
r
o
v
i
d
e

t
h
e

!
e
x
i
b
i
l
i
t
y

r
e
q
u
i
r
e
d
.

T
h
e
y

h
a
d

a

C
i
s
c
o

N
e
x
u
s

i
n
s
t
a
l
l
e
d

b
a
s
e
,

t
h
e
r
e
f
o
r
e

C
i
s
c
o

A
C
I

h
a
s

n
a
t
u
r
a
l
l
y

b
e
e
n

c
o
n
s
i
d
e
r
e
d

f
o
r

t
h
i
s

p
r
o
j
e
c
t
.

W
i
t
h
i
n

t
h
e

u
n
d
e
r
l
a
y
,

t
h
e

p
o
s
s
i
b
i
l
i
t
y

t
o

a
d
d

n
e
w

s
w
i
t
c
h
e
s

a
n
d

i
n
t
e
g
r
a
t
e

t
h
e
m

n
a
t
i
v
e
l
y

i
n
t
o

t
h
e

f
a
b
r
i
c

i
s

a
t
t
r
a
c
t
i
v
e

a
n
d

f
a
c
i
l
i
t
a
t
e
s

a
u
t
o
m
a
t
i
o
n
.

Integration between Cisco ACI and Red

Hat OpenShift

As explained by Lionel Chaine, the goal of the

project is to guarantee access for developers to

the resources and infrastructures they need. The

“Hosting and Resilience” teams initiated the

movement by proposing a portal allowing users to
create their virtual machines as well as security

rules. They worked together with the PaaS teams

to have a single SDN allowing access to all of

these services. The collaboration between the

customer and Cisco allows us to move forward to

the next step : Openshift integration with ACI. The

goal is to orchestrate natively OpenShift

containers into Cisco ACI. The project is under

review to have this done at the end of the year to

integrate OpenShift v4 with the ACI CNI plugin.

Technical implementation
The choice of a multi-site architecture combined

with an application-centric approach was a key

factor regarding the selection of Cisco ACI. The

implementation of the Multi-Site Orchestrator

(MSO) allowed us to rethink the design. “Our

original design was probably not appropriate.

We chosed to move from a multi-pod

architecture to multi-site, which led to few
challenges” says Bruno Mercier.

Products

• APIC controllers clusters

• Multi-Site Orchestrator (MSO)
• Cisco Nexus 9500 series spines
• Cisco Nexus 9300 series leaves

• Cisco Nexus 9300 NXOS IPNs
• Out of band Nexus 3000 switches

• Bidirectionnal optics

Learn more
Find the business case presented by Bruno

Mercier during the Cisco ACI Days (PDF)

• Cisco ACI Multi-Site Architecture

(Whitepaper)

• Cisco ACI Multi-Pod and Multi-Site:

Benefits and Differences Explained
(Video)

• ACI sur cisco.com : cisco.com/go/ACI

© 2019 Cisco and/or its affiliates. All rights reserved. Cisco and the Cisco logo are trademarks or registered trademarks of Cisco and/or its affiliates in the U.S. and other
countries. To view a list of Cisco trademarks, go to this URL: www.cisco.com/go/trademarks. Third-party trademarks mentioned are the property of their respective owners.
The use of the word partner does not imply a partnership relationship between Cisco and any other company. (1110R)

T
h
e

C
i
s
c
o

A
c
c
o
u
n
t

t
e
a
m

p
r
o
v
i
d
e
d

c
o
n
t
i
n
u
o
u
s

s
u
p
p
o
r
t

t
o

B
r
u
n
o
(cid:213)
s

t
e
a
m

t
o

r
e
a
s
s
e
s
s

t
h
e

d
e
s
i
g
n
,

f
a
c
i
l
i
t
a
t
e

t
h
e

i
m
p
l
e
m
e
n
t
a
t
i
o
n
,

a
n
d

a
n
s
w
e
r

a
n
y

q
u
e
s
t
i
o
n
s

r
a
i
s
e
d
:

h
o
w

t
o

m
a
n
a
g
e

p
o
t
e
n
t
i
a
l

a
p
p
l
i
c
a
t
i
o
n

m
i
g
r
a
t
i
o
n
s

b
e
t
w
e
e
n

t
w
o

i
n
d
e
p
e
n
d
e
n
t

d
a
t
a

c
e
n
t
e
r
s
?

W
h
a
t

i
s

t
h
e

p
r
o
p
e
r

l
e
v
e
l

o
f

i
n
t
e
g
r
a
t
i
o
n

f
r
o
m

t
h
e

f
i
r
e
w
a
l
l

t
o

t
h
e
f
a
b
r
i
c
?

H
o
w

t
o

e
x
t
e
n
d

t
h
e

a
p
p
l
i
c
a
t
i
o
n

v
i
e
w

o
u
t
s
i
d
e

t
h
e

f
a
b
r
i
c

?