dcappcenter.cisco.com no longer supports IE 11.
For an optimal experience, please update to a modern browser .

Cookies policy

Like many companies, Cisco uses cookies and other technologies, some of which are essential to make our website work. Others help us improve services and the user experience or to advertise. In using our site, you consent to the use of these cookies and other technologies. Learn more about cookies and other technologies we use.

Cisco DC App Center Cisco DC App Center
My Account Register Log in

 

Cisco App Center Development Principles and Guidelines

 

Introduction

Cisco App Center® invites the developer and Cisco’s partner community to build the applications leveraging Cisco’s application aware and programmable network infrastructure that can help our customers attain their business goals. The infrastructure component includes industry-leading solution such as Cisco ACI (Application Centric Infrastructure) – which delivers a transformational operating model for next-generation data center and cloud applications. You can find more details about Cisco ACI here.

Focusing on Ecosystem Expansion

Our goal is to expand Cisco ACI ecosystem by engaging with SDN development community and create unprecedented value for our customers. Cisco App Center® is the realization of the very same vision. We want to help you understand App Center development guidelines so you can be assured your app will get through our review process relatively quickly. Additionally, for us to create a greater value for our customers, we are asking you to act in accordance with the principles and guidelines outlined in this document. Our guiding principle is simple – we want to provide a rewarding experience to our customers and offer you – the developer and partner community the opportunities to be successful.

Remember,

• Cisco deeply cares for its customers and partners. Therefore, through your apps we ask you to make an attempt to enhance our customer experience (and not diminish it).
• We will not accept the apps that do not meet Cisco’s App Center development guidelines and violate the principles upon which ACI ecosystem is envisioned.
• We will not accept any app that is trying to cross the limit, cheat the network or system or is built with secretive, malicious intent.

Table of Content

a) App Development Guidelines

1. Integrity
2. Quality
3. Safety and Security
4. Performance
5. Hardware and Software Compatibility
6. Monetization
7. Authenticity
8. Legal
9. Content

b) App Development Guidelines
c) App Review Procedure
d) What to Expect after App’s Review for Submission

a) App Development Guidelines

1. Integrity

In this digital world, our customers and partners expect integrity from Cisco and we expect the same from you. We understand that software applications might not be defect free. However, the key is in minimizing the defects and transparently communicating the known caveats to our customers. Acting with honesty and integrity about the capabilities of your app and what all it intends to do is vital for long term success to all the parties involved with your app. It should be made clear to customers what they are downloading from the App Center. Therefore, make sure the app logo, description, name, supporting screenshots, notes in App Center communicates what customer can expect from your app.

2. Quality

We ask you to build a quality app that you can stand by. We recommend verifying it thoroughly in your physical deployment setting before submitting for formal review to Cisco. Know that our customers might deploy your app(s) in their production network setting which might be running mission critical services. Thereby, we ask that you do your part in making sure that the app is production quality in terms of performance, functionality, conformance, serviceability, security, reliability and scale. Ensure it does not crash and cause any catastrophic failures when in use. Use fault isolation and limitation techniques by following the best practices in software development and verification area. Contain the core and peripheral effects of failure as much as possible. Do not try to exploit the known defects or limitations of Cisco and other vendors’ products or even inject faults and failures of any sort.

3. Safety and Security

Safety and Security is paramount to Cisco, its customers and partners. When user downloads and installs the App Center apps in their network environment, we aim to provide the safe and secure experience. An app should serve to offer highly reliable business or technical solution for our customers. We ask you to not misuses, collect, transport, distribute or upload any sort of data from customer’s system(s) off customer premises without explicit agreement from Cisco Systems Inc. and the customer. Please en sure that your app does not compromise any security aspects of Cisco products and customer’s other system by making the products vulnerable to cyber security attacks or similar.

4. Performance

You need to ensure that the application is 100% complete with respect to source code, verification, code comments and mandatory notes when submitted for review. It is your responsibility to ensure that the app is verified on real device under test (DUT) and is not just tested in virtual environment. For example, for Cisco ACI’s APIC (Application Policy Infrastructure Controller) apps, you need to sanitize the app for defects on real APIC hardware with underlying physical network in place. We are going to disqualify the app that has obvious technical, performance and usability issues. In addition, app installation should not require any reboot of existing devices already running in the ecosystem. Any upgrade or downgrade to a different version of your app must be seamless.

5. Hardware and Software Compatibility

If your app is verified/supported/qualified for specific software versions and hardware product combination, it is best to clearly outline hardware and software compatibility matrix along with your app in the App Center’s notes section. Not disclosing this information will be considered misguiding the customers and is against our principle.

6. Monetization

We are working with our partners and developer community to help monetize the apps. At present Cisco App Center accepts only the apps that are FREE for use. You may expect us to provide more details around monetization approach when we start accepting the PAID apps through Cisco App Center. When available, you will be required to abide by payment and other guidelines that relate to monetization of your apps.

7. Authenticity

We need you to be authentic and come up with the innovative ideas of your own and not simply develop the apps that are merely copycats. You should be transparent in communicating the app features you provide. Make sure your app includes minimum valuable functionality any user would expect in your app. Moreover, an app should be “standalone” and not require the installation of any other app or connection to an external service or other external resource.

8. Legal

Every Cisco App Center app must comply with all requirements outlined in the App Center Development Guide. Your license terms must comply with the requirements of the Developer Agreement. In addition:

Privacy: Our customers expect that the privacy of their data, intellectual property and the information related to their infrastructure deployments will be maintained. Your Apps must comply with the following requirements in connection with the handling of customer data:

1. Personally Identifiable Information. Apps submitted to the App Center may not collect and share personally identifiable information derived from a customer beyond the customer’s domain. In other words, in no event will your App collect personally identifiable information and transmit that to you or to anyone outside of the customer’s control.

2. Consent for Other Information Shared. If your Apps use or transmit a customer’s business and infrastructure information (other than personally identifiable information), you will ensure that the App does so only after the customer has expressly agreed to both the scope of information collected and the use to be made of such information. You will protect the confidentiality of customer information and ensure that it is used only in the manner consented to. You agree to take reasonable precautions (e.g. by confidentiality or other agreements) to ensure that those within your control (e.g. employees, contractors and third-parties) who may gain access to any such customer information will also maintain its confidentiality and limit its use in such manner.

Export Compliance; Limited Encryption Permitted: Initially Cisco will reject any App for App Center that contains or calls upon encryption capabilities in a manner that would require export review. Developers will be required to complete and certify the questions below as part of your App submission. If any of the answers are affirmative, Cisco may not accept your App.

Export Questions

1. Does your App contain encryption of any type such as SSL, SSH, HTTPS, VPN, IPSEC, AES, 3DESetc.)?

2. Does your App contain, use or make calls to encryption for any purpose other than authentication or anti-virus protection (such as encryption used for secure network management, HTTPS, VPN, or wireless security)?

3. Does your App contain, use or make calls to encryption for any purpose other than piracy and theft prevention for software?

4. Does your App contain, use or make calls to encryption greater than 64-bit symmetric or greater than 1024-bit asymmetric algorithms?

5. Does your App contain, use, or access encryption for protection of data or information security purposes?

5.a. Please describe the encryption used in your App and the type of information it secures, e.g. network management data, user data, __Blob Field _________________________________________________

6. Do any of the following describe your App or a feature or function of your App? Check all that apply.

? A) App that provides or performs “non-standard cryptography” such as WAPI, or other proprietary encryption means
? B) An application-specific software development kit using cryptography.
? C) A cryptographic library, development kit or toolkit
? D) App that provides or performs vulnerability analysis, network forensics, or computer forensics
? E) App that provides or performs investigation of data leakage, network breaches, and other malicious intrusion activities through triage of captured digital forensic data an example is CALEA

? F) App providing secure Wide Area Network (WAN), Metropolitan Area Network (MAN), Virtual Private Network (VPN), satellite, digital packet telephony/media (voice, video, data)

? G) App designed, modified, adapted or customized for government end-user(s) or with cryptographic functionality that has been modified or customized to customer specification;

? H) App with cryptographic functionality or encryption components (except encryption software that is publicly available) that is user-accessible and can be easily changed by the user;

? I) App with an open cryptographic interface or a means for a user to insert cryptographic functionality without assistance;

? J) App providing cryptanalysis or cryptanalytic functions;

? K) None of the above criteria apply.

If any of Q.6 A-J applies to your app:
The use of encryption in your Application requires an Encryption Registration Number (“ERN”) from the U.S. Dept. of Commerce as well as a formal review and classification (“CCATS”) by the U.S. Department of Commerce. At this point, Cisco’s current policy denies the acceptance of such apps. We encourage you to not submit the app for further review. You will have the opportunity to resubmit your app when we change our policy. At that point, you will be required to resubmit your Application and upload a copy of your ERN and CCATS now. To obtain an Encryption Registration Number, please see https://www.bis.doc.gov/index.php/all-articles/15-policy-guidance/encryption/560-encryption-faqs or consult the U.S. Bureau of Industry and Security at 202-482-0707 or your trusted legal advisor. To receive a CCATS, you must submit a Commodity Classification Request to the U.S. Department of Commerce. More information can be found here: https://www.bis.doc.gov/index.php/policy-guidance/encryption/4-reports-and-reviews/c-encryption-review-ccats, or in part § 740.17b.3, 740.17b.2 and 742.15 (b)(3) of the U.S. EAR.
Note: Apps implementing strong encryption functionality classified under ENC §742.15, §740.17b.3 or §740.17b.1 may be posted to Cisco App Headquarters. Apps classified under ENC §740.17b.2 are more tightly controlled and cannot not be posted to Cisco App Headquarters

If Q.6 K applies to your app:
Your App requires an Encryption Registration Number (“ERN”) from the U.S. Dept. of Commerce. To obtain an Encryption Registration Number, please see https://www.bis.doc.gov/index.php/all-articles/15-policy-guidance/encryption/560-encryption-faqs
or consult the U.S. Bureau of Industry and Security at 202-482-0707 or your trusted legal advisor. Please upload your ERN number on your company’s letterhead and list the Export Control Classification Number (“ECCN”) for your item.]

Developers posting to Cisco App Headquarters are responsible for obtaining required government approvals. Export laws require that apps containing encryption be properly authorized for export. Failure to comply could result in severe penalties. For further information, click here. Along with your app submission package, you are required to submit the responses to export compliance questionnaire listed above on your company letterhead with authorized signature and date.

9. Content

It is your responsibility to ensure that your app includes or uses the content that is created by you or possess the license to use. We reserve the right to remove your app should we find your app violating this condition, using the unauthorized content.

By any means, we are not endorsing your app regarding its proper functioning or quality. Hence, you are not allowed to publicize that the app is endorsed or verified or supplied by Cisco.

Exercise caution when using third party data. Do not use the third party source code or any form of patented material or copyrighted data (including but not limited to logos, trademarks, patented ideas).

For Cisco’s app review committee, any subsequent update in your app is a new review process. And it will go through the same review cycle. Hence, it’s a best practice to limit number of updates.

10. Category

b) App Review Submission Checklist

? I have tested my app for defects, high severity and critical bugs including but not limited to crashes.

? My app follows Cisco’s App Center development guideline outlined in this document.

? I have provided my contact information

? I have provided the details of my verification environment.

? I have followed industry standard coding and verification guidelines including comments where necessary.

? I have attached the responses to export compliance questionnaire on my company letterhead with authorized signature and date.

c) App Review Procedure

Once submitted, your App will go through technical and export compliance review. Below are some of the checks we have put in place. Please note that this is not the complete list.

1. Does App’s functionality adhere to the use-case and specification/description as provided by app developer?
2. Does App use updated and secure software components as part of its package and is free from vulnerable software components?
3. Does App have “Readme” file, appropriate icons, snapshots and other helping material that allows app users to be able to use app?
4. Does App package adhere to developer’s guideline outlined in this document?
5. Does App belong to appropriate category?
6. Is the App built using Cisco provided packager utility? (This ensures app’s package has a valid metadata and structure. App must have a valid metadata and valid package structure for acceptance)

d) What to Expect After App’s Submission for Review

Cisco App Center App review committee will review your app for quality and compliance. Our review will be holistic. We will apply both qualitative and quantitative criteria to evaluate. We will adopt both automated and manual verification methodologies.

If we have any questions or concerns regarding your app, we will reach out to you.
If you have any questions or a need to expedite the review, please use App Center portal to contact us.

We look forward to your partnership in helping our customers attain their business goals.