L4 ACI Engineer

Hi,

Hope you're doing well!!

Please find the requirement below. If you find yourself comfortable with the requirement please reply back with your updated resume or call me back at

Position: L4 ACI Engineer
Location: Remote
Duration: 6+ Months
Visa: Client won't be able to sponsor any visa
LinkedIN ID

About the job

Looking for a solution to solve its client's problem. So whichever combination of skills/people we think would accomplish that. They are open/looking at a non-deliverable based more t&m approach. Has a request to provide ACI skills to enable SAP teams to operate the ACI infrastructure by themselves. It is primary about trainings and automation of the ACI infrastructure.

GCS PlusOne organization must reduce the Total Cost of Ownership (TCO) whilst also increasing the network infrastructure stability and resilience. To accomplish this the PlusOne Network Engineering requires to increase ACI automation, observability infrastructure and upskill the workforce to effectively manage the Cloud ACI infrastructure, supporting SAP corporate strategies and goals.

Duties/ Day to Day overview

SAP Cloud Network has an automation strategy using Ansible, GitHub, AWX, Prometheus and Netbox to configure and manage their Cisco ACI fabrics.

SAP wishes to fully implement ACI fabric management using ACI infrastructure as code, integrating into the standard tooling within SAP GCS PlusOne organization, e.g. Automation 2.0.

Ansible Roles - ACI functional blocks (create, modify, delete, config monitoring & audit)

There are two types of ACI roles.

The first one is aci_main_role which is meant to be an operational role to interact with APIC via REST API as well as to compare intended and running configurations. It could be considered a provider of common functions to other roles.

The second type are ACI object specific roles which are consumers of ACI main role but their purpose is mainly to render configuration using Jinja2 templates and interact with the data model. The following are a high-level use of the type two roles.

Ansible roles for Tenants (fvTenant) 'common' and 'cc-mgmt'

Ansible roles for 'mgmt' Tenant

Ansible roles for 'infra' Tenant

Ansible roles for Fabric Nodes provisioning

Ansible roles for Fabric Access (infra) Policies

Ansible roles for Fabric (fabric) Policies

Ansible roles for System

Ansible roles for Admin

Ansible Playbooks - Day 0-2 operational & build tasks

SAP uses Ansible playbooks to organize scripts the defines the tasks involved in managing a ACI configuration to ensure a coherent and consistent configuration across the fabric.

A playbook must be created and integrated into AWX to ensure proper ACI configuration that is adheres to the SAP implemented design.

Ansible vars configs defined in YAML format

Each configuration file is a YAML format file and must have a schema file refence on the first line like this: #!schema: aci/vrf where the value aci/vrf refers to file vars/schema/aci/vrf.yaml.

The files are validated using a python script ci/validate_vars.py every time a new PR is opened but the user can also run it localy on demand.

All the schema files are located under vars/schema/ directory and to build the schema file you must comply with the rules defined in the official documentation.

For ACI objects the schema/structure of the configuration file mimics the original ACI object structure defined in JSON format with a little adjustments.

Monitoring of ACI is challenging due to its Cisco proprietary implementation, which has no cost effective way to manage the alert notification and remediation in an effective manner. In order to overcome this SAP has decided to use Open Metrics (e.g. Prometheus & Alert Manager) and Plutono (Grafana fork) to identify ACI faults that are critical to the health and reliability of the infrastructure.

As there are around 25000 fault codes in ACI the uses cases that are relevant to SAP will need to be identified, uses cases defined and implemented as part of the deliverable, based on the number of faults and importance based on industry best practices and SAP implemented design.

To achieve maximum value-add, SAP utilizes Agile methods to deliver in short increments, therefore the Professional Service supplier needs to be familiar with the Agile Values and Principles and familiar working using Scrum methodologies.

The delivery model will use 2-week sprints, whereas the "Product Owner" will be an provided by SAP. The supplier will provide a Scrum Master and experts that will implement based on the "Product Owner" prioritization.

Furthermore, the Team will include additional SAP workforce to participate in the development of the automation and observability sprints.

To enable SAP to effectively in-house the ACI operational support, as part of the transitioning from the current managed service provider to the SAP workforce. Following is a brief overview of the areas to be reviewed:

Physical ACI Fabric design

IPN configuration and connection redundancy

Logical tenant design

Fabric configuration check for best practices including:

Fabric wide system settings

Tenant policy configurations

Access policy configurations

Integration with other systems (e.g. VMware vCenter)

Software version and update recommendation

Operation processes

Disaster recovery

Automation

Monitoring & troubleshooting

Backup concept

Top Requirements/Must Haves

1. Implement ACI automation for effectively manage the infrastructure and reducing overall TCO
2. Implement ACI observability to increase transparency in the ACI infrastructure health and proactively mitigate ACI faults which can potentially increase risk of outages impacting SAP business to provide cloud services.
3. Upskill the SAP workforce to effectively managing the ACI infrastructure by evaluating, preparing, and execute training based on SAP implementation, including:
   1. Basic ACI (design & concepts)
   2. Advanced ACI (operating & troubleshooting

• ACI Automation with Ansible

Thanks & Regards:

Amar Pratap

Senior Technical Recruiter
VISION INFOTECH INC
Phone: ext 531
Direct:
Email:
368 Main Street, st #3, Melrose MA 02176

E-Verified Company