Palo Alto Networks integrates as a service with Cisco Application-Centric Infrastructure (ACI). ACI is a software-defined networking (SDN) solution for easily deploying new workloads and network services. Using an SDN controller called the Cisco Application Policy Infrastructure Controller (APIC), you deploy the firewall service between Endpoint Groups (EPGs). EPGs act as a container for applications or application tiers. When you place a firewall between EPGs, security policy configured on the firewall secures the traffic between the EPGs. The APIC provides a single pane of glass for managing the network topology, network policies, and connectivity for the entire data center and supports inserting L4 - L7 devices, such as a hardware-based or VM-Series firewall. Panorama is required for centralized security management.