Figure 9-6 Cisco ACI Tenant Policy Components
An application profile defines the policies, services, and
relationships between EPGs. An application profile
contains one or more EPGs. Applications typically
contain multiple components, such as a web-based front
end, an application logic layer, and one or more
databases in the back end. The application profile
contains as many EPGs as necessary, and these EPGs are
logically related to providing the capabilities of the
application.
The EPG is the most important object in the policy
model. An EPG is a collection of endpoints that have
common policy requirements, such as security, virtual
machine mobility, QoS, or Layer 4 to Layer 7 services. In
the Cisco ACI fabric, each endpoint has an identity
represented by its address, a location, and attributes, and
it can be physical or virtual. Endpoint examples include
servers, virtual machines, clients on the internet, and
network-attached storage devices. Rather than configure
and manage endpoints individually, you can place them
in EPGs and manage them as a group. Policies apply to
EPGs and never to individual endpoints. Each EPG can
only be related to one bridge domain.