AI Ops and the Self-Optimization of Resources

AI Ops includes the ability to dynamically optimize infrastructure resources through a holistic approach. Cisco Workload Optimization Manager is an important component in our strategy of delivering enhanced customer benefits through AI Ops.

Our Strategy for Delivering the Benefits of AI Ops

Cisco is executing a strategy to consistently enhance the customer benefits we deliver through AI-driven Operations (AI Ops). This blog is the latest in a series that describes our strategy, our open architecture, and how we are implementing each of the benefits. In the first blog in this series we defined four categories of benefits from AI Ops:

1. Improved user experience
2. Proactive support and maintenance
3. Self-optimization of resources
4. Predictive operational analytics

Multi-Dimensional AI Ops Strategy

Vendors use the terms AI, machine learning and AI Ops in a variety of ways. Their focus is primarily on hardware. Our strategy for delivering the customer benefits of AI Ops is a broader architectural vision. This vision includes infrastructure, workloads, and enhanced customer support in on-premises and cloud environments. Cisco’s strategy incorporates an open API framework and integrations with Cisco and partner platforms.

Infrastructure management is one dimension of AI Ops, and Cisco Intersight is an integral component of Cisco’s strategy. Managing workloads is another essential dimension, so Cisco Workload Optimization Manager (CWOM) is also an important component of this strategy.

AI Ops Portfolio Working Together

In a prior blog we explained how Intersight delivers an AI-driven user experience through our open API framework. We posted two blogs in this series to explain how Intersight delivers benefit #2, AI-driven proactive support and proactive maintenance. The proactive support is enabled through the Intersight integration with the Cisco service desk digital intelligence platform. This AI platform (internally referred to as BORG) is  used by the Cisco Technical Assistance Center. It includes AI, analytics, and machine learning. In this blog, I explain how we deliver benefit #3, the self-optimization of resources, through monitoring and automation with Cisco Workload Optimization Manager.

Self-Optimization of Resources

The self-optimization of resources includes both on-premises and public cloud infrastructure. You need to monitor and automate across a variety of virtualized environments, containers and microservices.

In order to ensure that your applications continuously perform, and your IT resources are fully optimized, you need full visibility across compute infrastructure and applications, across networks and clouds…. and you need all this intelligence at your fingertips, so you can quickly and easily make the right decisions, in real-time to assure application performance, operate efficiently and maintain compliance in your IT environment.

Cisco Workload Optimization Manager is an AI-powered platform that delivers this functionality through integrations with Cisco’s multicloud portfolio, ACI, UCS management, HyperFlex, and a broad ecosystem of partner solutions that will continue to grow over time.  CWOM continuously analyzes workload consumption, costs and compliance constraints and automatically allocates resources in real-time.

How Does AI Ops Work?

Resource allocation, workload scheduling and load balancing are concepts that have been critical to efficient IT operations for decades. Workload Optimization Manager uses AI and advanced algorithms to manage complex multicloud environments. It views on-premises resources and the cloud stack as a supply chain of buyers and sellers. CWOM looks for the options for running workloads and manages the resources as “just in time” supply to cost-effectively support workload demands, helping customers maintain a continuous state of application health.

CWOM showing cost analysis of pending actions

Many AI Ops solutions are complex to deploy, and they require require a significant amount of time to accumulate information before they can be effective for analysis. Workload Optimization Manager is easy to install, and the agentless technology will instantly begin to detect all the elements in your environment from applications to individual components. The unique decision engine curates workload demand, so it can generate faster, accurate recommendations after collecting data for a short period of time. CWOM uses three categories of functionality to optimize the use of available resources:

Abstraction: All workloads (applications, VMs, containers) and infrastructure resources (compute, storage, network, fabric, etc.) are abstracted into a common data model, creating a “market” of buyers and sellers of resources.

Analysis: A decision engine applies the principles of supply, demand, and price to the market. There are costs associated with on-premises infrastructure resources, and cloud providers price their resources based on utilization levels. The analytics ensure the right resource decisions are made at the right time.

Automation: Workloads are precisely resourced, automatically, to optimize performance, compliance and cost in real-time. The workloads become self-managing anywhere, spanning on-premises to public cloud environments.

These combined capabilities enable IT to assure application performance, at the lowest cost, while maintaining compliance with policy – from the data center to the public cloud and edge.

Continue reading

Accelerating Enterprise AI with Network Architecture Search

AI/ML is a dominant trend in the enterprise. While AI/ML is not fundamentally new, the ubiquity of large amounts of observed data, the rise of distributed computing frameworks and the prevalence of large hardware-accelerated computing infrastructure has lead to new wave of breakthroughs in AI in the last 5 years or so. Today enterprises are rushing to apply AI in every part of the organization for a wide range of task, from making better decisions, to optimizing their processes.

However, to reap the benefit of AI, one needs significant investments into teams who understand the entire AI lifecycle, especially how to understand, design and tune the mathematical models that apply to their use cases. Often these models use bespoke techniques that are known to a select few who are highly trained in the field. Without this tuning, an enterprise can spend lots of opex running models by following the canonical models. How can we help the enterprise accelerate this step? One way is AutoML

AutoML is a broad class of techniques that help to solve the pain of iterative designing and tuning of models without the personnel investment. It ranges from tuning an existing model (e.g. in hyper parameter search) to designing new network models automatically. For those leveraging Deep Learning, one way is to use Neural Architecture Search (NAS), which aims to find the best neural network topology for a given task, automatically.

In recent years, several automated NAC  methods have been proposed using techniques such as evolutionary algorithms and reinforcement learning. These methods have found neural network architectures that outperform bespoke, human designed architectures on problems such as image classification and language modeling and have improved the state of the art on accuracy.  However, these methods have been largely limited by the resources needed to search for the best architecture.

We present a method for NAS called Neural Architecture Construction (NAC) – it is a automated method to construct deep network architectures with close to state of art accuracy, in less than 1 GPU day — faster than current state of the art neural architecture search methods.  NAC works by pruning and expansion of a small base network called an EnvelopeNet. It runs a truncated training cycle and compares the utility of different network blocks and prunes and expands the base network based on these statistics.  Most conventional neural architecture search methods iterate through a full training cycle of a number of intermediate networks, comparing their accuracy, before discovering a final network. The time needed to discover the final network is limited by the need to run a full training and evaluation cycle on each intermediate network generated, resulting in large search times. In contrast, NAC speeds up the construction process because the pruning and expansion can be done without needing to wait for a full training cycle to complete.

Figure 1: Results comparing our NAC with other state of the art work. Note the search time for both the dataset. The NAC numbers for ImageNet are preliminary.

Interestingly, our NAC algorithm mirrors theories on the ontogenesis of neurons in the brain. Brain development is believed to consist of neurogenesis, where the neural structure initially develops, gradually followed by apoptosis, where neural cells are eliminated, hippocampal neurogenesis, where more neurons are introduced, and synaptic pruning, where synapses are eliminated. Our NAC algorithm consists of analogous steps run in iterations: model initialization with a prior (neurogenesis), a truncated training cycle, pruning filters (apoptosis), adding new cells (hippocampal neurogenesis), and pruning of skip connections (synaptic pruning). Artificial neurogenesis has been previously studied as, among others, a method for continuous learning in neural networks.

We also open sourced a tool called AMLA, an Automated Machine Learning frAmework for implementing and deploying neural architecture search algorithms.  AMLA is designed to deploy these algorithms at scale and allow comparison of the performance of the networks generated by different AutoML algorithms. Its key architectural features are the decoupling of the network generation from the network evaluation, support for network instrumentation, open model specification, and a microservices based architecture for deployment at scale. In AMLA, AutoML algorithms and training/evaluation code are written as containerized microservices that can be deployed at scale on a public or private infrastructure. The microservices communicate via well defined interfaces and models are persisted using standard model definition formats, allowing the plug and play of the AutoML algorithms as well as the AI/ML libraries. This makes it easy to prototype, compare, benchmark, and deploy different AutoML algorithms in production.

To help users incorporate NAS into their regular AI/ML workflows, we are working on integrating our NAS efforts into Kubeflow, an opensource platform to simplify the management of AI/ML lifecycles on Kubernetes based infrastructure. Once integrated, these NAS tools will help users optimize network architectures in addition to hyper parameter optimization (e.g. Katib tool within Kubeflow).

We believe that this is just the tip of the iceberg (of AutoML and NAS in particular). However these early results have given us confidence that we can design better mechanisms for AutoML that require less resources to operate, in a step towards accelerating the adoption of AI in the enterprise.

Continue reading

Agentless threat detection for Microsoft Azure workloads with Cisco Stealthwatch Cloud

Detecting threats, such as malware, rogue insiders, and credential abuse, within public cloud environments can be a major challenge. Traditionally, organizations have tried to solve this problem by overlaying a patchwork of agents across the cloud surface to detect bad activity. This approach requires significant costs and effort to deploy, maintain, and manage in dynamic environments such as the cloud.

Instead organizations need a quick, automated, and easy security solution to monitor their cloud environments. Cisco Stealthwatch Cloud can now deliver behavioral security analytics, comprehensive visibility, and effective threat detection in Microsoft Azure environments in minutes.

With the support of network security group (NSG) flow logs version 2 in Azure, Stealthwatch Cloud can deploy in as little as 10 minutes via API with no need for an agent. The update to Flow logs v2 is currently being rolled out to Azure public regions. It is currently available in the Azure West Central US region, with deployment continuing over the next coming weeks.

Here are a few key benefits of Stealthwatch Cloud:

Low-noise, effective threat detection

One of the most resource-draining problems for a security team is false alerts. According to the Cisco 2018 Annual Cybersecurity Report, only 56 percent of security alerts are investigated, and of those, only 34 percent are deemed legitimate alerts. A noisy security solution consumes security analysts’ time, and even worse, may lead to real threats going undetected or uninvestigated.

Stealthwatch Cloud was purpose-built to be a low-noise, valuable security solution. Every time a customer closes an alert, they see the most important dialog window in Stealthwatch Cloud:

To date, 94 percent of Stealthwatch Cloud alerts are rated “helpful” by customers. In other words, when Stealthwatch Cloud asks for your attention, there is a good chance you will be glad you investigated it.

Easy, agentless deployment

With NSG flow logs version 2, which is currently being rolled out, Stealthwatch Cloud can now be deployed in Azure environments without the need for agents or sensors. This allows for quick and easy deployment. In many cases, Stealthwatch Cloud can be deployed in 10 minutes or less with minimal setup or configuration. In addition, this allows Stealthwatch Cloud to keep up with highly dynamic environments and maintain a record of resource activity even after they have been torn down.

Low-configuration needs

Organizations adopt the cloud because it is cost-efficient, highly available, and automated. Security solutions that require heavy management and oversight can undercut these benefits. If a solution requires someone to manually classify resources and configure analytics, it can quickly become a full-time job in the ever-changing environment of the public cloud.

Stealthwatch Cloud is a cloud-native solution that requires minimal oversight and management to be valuable. Using entity modeling technology, Stealthwatch Cloud automatically determines what role each resource plays on the network and how it normally behaves. It then uses this model to identify suspicious and known-bad behaviors. For instance, if a cloud resource never communicates with outside hosts on the Internet, but one day starts sending a large amount of data to a never-before-seen server, it could be a sign of data exfiltration. Stealthwatch Cloud would detect this information in real time and trigger an alert on it.

In addition, Stealthwatch Cloud is a software as a service (SaaS). There is no need to maintain hardware or apply patches, and new features are added monthly. It is available in subscription usage-based or term-based licenses.

Continue reading

How to Turn Customer Obsession into Customer Success

If you are older than about 30 years old, you will probably remember the VCR—or video cassette recorder. When they first came out these devices were big, bulky and difficult to use. In order to program your VCR you had to consult the manual (400 pages long and written in poor English), press a multitude of buttons in the correct sequence, and hope for the best. Often, you would return home to find that your unmissable TV show or sports match had failed to record.

In those days, you might have taken this as your own technical inadequacy and blamed yourself. Today, we would blame the brand.

Expectations have changed so much in consumer technology that companies now know that their products must be simple, straightforward and even fun to use.

The same shift has happened in business technology. Years ago, in the early days of multiprotocol networking, Cisco equipment was notoriously hard to use. Engineers built it for engineers, with a lot of technical bells and whistles, but not a lot of user friendliness. Today, it’s a different story. You can pretty much take a Cisco Telepresence unit out of the box, plug it in and use it. Our “Network Intuitive” largely configures itself based on how you intend to use it. And connecting to a new wireless network is virtually automatic.

Technology vendors have made huge investments in usability because, as in consumer products, when something doesn’t work right, customers no longer blame themselves, they blame the brand.

That is why “customer obsession” has become such an industry buzzword.

But in order to meet a customer’s needs we first have to have a more nuanced and granular understanding of who the customer is.

In most enterprises, the decision maker for big technology purchases is the CIO or CTO. But is that the “customer”? What’s important to the CIO might be completely different from what’s important to the system engineer who has to pull the equipment out of the box and install it, or the person who uses it. Today, the customer is not just the buyer, and not just the installer, but all the different people who touch the product—the people who benefit from using it, the people who administer and support it, the people who secure it. If our “customer obsession” doesn’t extend past the person who signs the check, we miss opportunities to delight our customers—the full range of them!

Taking a much broader view of who the “customer” is and how they might interact with our products must be a guiding principle of innovation. For the past three years, I’ve led an innovation team at Cisco that develops technologies and business ideas in partnership with some of our largest customers—a process we call CHILL (Cisco Hyperinnovation Living Labs). When creating a new innovation, we always bring together everyone who might touch or interact with the product—from the CEO to the warehouse worker—and include them in the process.

For example, a CHILL lab focused on healthcare included industry leaders and corporate executives from major healthcare companies and corporate benefits providers. But it also included cancer patients and their immediate caregivers—because the solutions we developed had to work for both provider and recipient.

During this process, patients themselves gave us some invaluable feedback. They told us that, wherever possible, they would prefer to find ways of managing their own care and utilizing the support of their extended network of friends, family, and caregivers rather than relying solely on more frequent hospital visits and medical intervention. This insight caused us to dramatically change direction, and we created CircleOf, a startup that provides an integrated solution for enterprises, benefits providers, patients, and their caregivers.

These kinds of direct conversations with customers often yield insights that are surprising and counter-intuitive. And it is these insights that have the potential to bring the most value for Cisco and the most success for its customers.

Continue reading

Cisco Empowers Partners to Accelerate Their IoT Business

There’s no better time to be in IoT than now! I’m thrilled to be here in Las Vegas at Cisco Partner Summit to share stories I hear from our customers about how IoT is changing their businesses. And to tell you – our partners – what we are doing here at Cisco to accelerate those IoT opportunities.

Let me start by announcing the exciting news that IoT is now a recognized architecture at Cisco. What does that mean for you? Now, Cisco offers you a dedicated IoT specialist team, with more engineering support and a dedicated sales force. It also means comprehensive training, certifications, and resources to help our partners thrive. It’s a clear indication of Cisco’s commitment to the IoT business – for customers, Cisco, and our partners.

We’ve also unveiled focused sales plays and resources to help you sell Cisco IoT solutions.

More for IT

As customers look to extend their connectivity beyond office spaces to warehouses, parking lots, roadways and transportation hubs, Cisco is likewise extending Intent-Based Networking (IBN) into these non-carpeted spaces with purpose-built gear for IoT connectivity and use cases. Both you and your customers can take the “Extended Enterprise”– your familiarity and knowledge of our networking and security products– into these new spaces.

We’ve been hearing more and more from our partners who are leveraging the Extended Enterprise approach. Logicalis, a Cisco UK-based partner specializing in managed services and global IT solutions, offers Cisco IoT solutions to help grow business with existing customers. According to Rüdiger Rath, Head of Europe, Logicalis Group, “Many customers need to connect things at warehouses, transportation hubs, and plant floors. They are excited that Cisco has a full suite of switches and routers purpose-built for this need – and that they can simply extend their enterprise network into these new spaces – and administer these new connections with the same management tools and security policies they use now.”

A Bridge to Operational Technology (OT)

Our IoT solutions open the door to new opportunities within your accounts – specifically the OT sides of your customers’ businesses. Our bundled solutions help enable customers to securely connect their remote and mobile assets.

A great story of delivering OT results comes from Swisscom, a Cisco partner and the largest service provider in Switzerland.  Swisscom is responsible for the operation of the St. Gallen Police Department’s network.  The St. Gallen Police Department has extended their network and deployed an integrated IoT solution so officers can now access Wi-Fi from their police vehicles and seamlessly connect to critical business applications. Whether police officers are working in an office, in the department, or out of their police vehicle, they get the same level of secure connectivity to perform their operational duties.

Computing at the IoT Edge

Increasingly customers want to leverage the telemetry and data that their assets generate at the network’s edge to improve their business operations. With this in mind, Cisco has a rich portfolio of IoT edge-ready productsand an edge compute software framework to help ISVs and partners to enable real-time data collection and action at the edge.

A great example comes from OSIsoft, who have tested and validated their Pi Connectors running on Cisco’s edge compute framework and IR829 with great results. Tim Johnson from OSIsoft said, “The Cisco edge computing platform is a great complement to OSIsoft’s operational data infrastructure as it provides our mutual customers the ability to securely install, update and manage our real-time data connectivity software running on Cisco devices in the field and manage the devices from a centralized, cloud-based dashboard.”

Training and Certification

To help our partners maximize these opportunities, we’ve built an all-new IoT training and certification program for partners designed to help you accelerate your IoT practice with the skills you already have.

Italtel, a multinational information and communication technology Cisco partner based in Italy, utilizes the integrated combination of Cisco IoT hardware and software to help customers securely connect devices and help get the data where it needs to go. According to Ascione Camillo, VP of Strategic Alliance & CTO of Italtel, “Our customers are eager to derive real value from their industrial sensor data to increase efficiency, reduce costs, and accelerate their growth. Cisco’s IoT portfolio provides the foundation we need to support their IoT initiatives – and grow our own business.”

Development and Integration Resources

We have also introduced a dedicated IoT DevNet site with more advanced software development resources and new data practices. As you continue to grow and innovate alongside your customers, you can leverage the rich set of resources at the DevNet site to integrate network and software into IoT solutions for them.

Winning Together with IoT

Cisco remains committed to helping our partners succeed in selling IoT solutions. I encourage you to leverage the skills and knowledge you already have to extend your customers’ enterprises now. Enroll in our new IoT certification and training program to gain new skills and uncover new opportunities from OT buyers. Learn about our new IoT offerings so you can show customers how to deliver real business value with IoT. Together we can continue to capitalize on this huge IoT opportunity! Here’s to a great end of year and 2019!

Continue reading

Digital Communications in India: Global Aspirations, Local Economics

When I left India to work in the US (1997), little did I realize that I would reconnect with her in a way unimaginable then!

At the time, less than 1% of India’s population had access to the Internet at home.  Since then, Internet connectivity in India has exploded, growing to 426 million users as of January 2018.  And it’s only going to get bigger. India’s country rank in mobile broadband data consumption jumped from 150th to 1st in the world between 2016 and 2017. If we look at IPv6 deployment today (IPv6 is the most recent standard to send information over the Internet), almost half of the world’s users are in India—more than any other country in the world.

India’s economy is gaining huge momentum from this digital intensification.  Gross domestic product has grown from $350B in the 1990s to more than $2.8T today, and this is having a significant socio-economic impact. Every second, three Indians experience the Internet for the very first time. This means a great deal to a farmer or a student—it’s an equalizing opportunity and it’s empowering them. Digital growth will help create jobs, promote innovation, positively influence the GDP, and enable citizen welfare.

Source: Asia Pacific Network Information Centre

From a global perspective, we can characterize the last two decades as an era where we worked relentlessly to scale the internet—scaling to connect the unconnected and to connect everything beyond that requires cost-effectiveness and automation at a level never achieved before. And that requires innovation.

While one school of thought in the industry is that the networking space (routers and switches especially) is mature, innovation has only accelerated in this space. Over the last three to four years of internet build-out, especially in the mobile broadband space, India’s Digital Communication Sector has pushed the envelope in terms of scale and cost (effectiveness), providing world class internet access to the masses over mobile connections.

I would like to share a few important observations. First, it is critical to understand a very important aspect about India. The aspirations of the Indian consumer are no less than the global consumer of digital communication services. However, the economics are radically different. This implies building networks and infrastructure that is second to none.

Second, delivering and operating this requires vision, execution, and courage. My salute to the digital communication providers in India, especially their technology teams, for driving significant innovation and delivering mass-scale, cost-effective networks.

Third, this requires delivering network technology that is better, faster, a lot cheaper, and ruthlessly automated to successfully serve more than 1 billion people.

Cisco has been fortunate to be a part of the rapid scaling of the Internet in India, and during this journey, we have created products, tools, and organizational models that have relevance across the globe. At Cisco, we focused on helping providers in India achieve scale in a way that was difficult to imagine just three years ago.

Some of the important capabilities that Cisco developed to enable IP network scaling in India include:

1. Driving the lowest possible cost per gigabit innovation in silicon, systems, and optics.

2. Enabling flexible consumption of bandwidth in the right form factors – from very small to very large.

3. Delivering environmentally hardened systems to cover the length and breadth of this vast country with ecological challenges and variations.

4. Creating a consistent network architecture (end2end IP/MPLS) followed by building and operating some of the largest scale IP networks in the world.

5. Developing total and complete automation, from the initiation of a network element to deploying a complete network service and its monitoring.

6. Reducing layers and hops in networks to bring users as close as possible to content. Eliminating separate optical networks in high density metro areas.

7. Distributing subscribers to reduce blast radius and improve resilience—using virtualization only where it makes economic sense.

8. Integrating services and product teams on site to deliver automation capabilities at the speed and scale of India.

9. Listening continuously to and innovating in a rapidly evolving market.

Cisco’s participation in the mobile Internet boom in India has many positive spinoffs. The capabilities and ideas developed here have global relevance and are being leveraged beyond India and across the world today.

As the digital communication and services space evolves and scales further within India, we can look forward to the next round of innovation. While connectivity will continue to expand, we will see the network be even more relevant as the whole country and its citizens experience a digital revolution. New services will reach every home, every office, and every premise, and with these new services will come new opportunities for economic development and new challenges.

Moving forward from secure connectivity at scale to secure services at scale over these connections will be an exciting adventure. Cisco is ready to help build this bridge to the future, and India, of course, is!

Continue reading

Modernization of the Workforce Experience Journey

Collaboration technology is innovating at its fastest pace with more options than ever to increase productivity and empower workforces across the globe. CIOs are doing well in thinking about how they can use collaboration technology to their advantage, but there’s a drawback. Investments don’t always go as planned.

One of the main limitations we see is that organizations get caught in a vicious cycle, which traps them almost like quicksand (Figure 1).

Figure 1: Collaboration Investment Cycle

To break this cycle and create a truly integrated work experience, companies first need to think about collaboration investments in terms of continually aligning three aspects: people and the culture, technology, and organizational vision (Figure 2).

Figure 2: Collaboration Investment Alignment

Ideally all three aspects will carry equal weight because any breakdown will cause disruption to employee productivity. Figure 2 begins with organizational vision, in which investments are made from the bottom-up, rather than top-down, and driven by strong use-cases that highlight the need for specific change. Companies need to see how all the collaboration technology should work together in tandem to bolster productivity:

◈ People start work in documents and can share their content in real-time using a built-in Teams messaging application. They can easily choose who to share their content with (on their web browser, the application itself or their devices, or through email), as directories and Content Management Systems (CMS) are fully integrated

◈ When it’s time to join a meeting, employees can meet instantly with a “Join Now” option or simply use their email, which seamlessly links company directories and calendars

◈ Then people go into meetings in which they share their work to colleagues (both audibly and visually). People on-the-go can see and hear everything in high-quality format

◈ When the meeting ends, people can continue working in their documents and across Teams

Once an integrated vision is complete, organizations invest in the technology that will help turn this vision into a reality. However, this is where the disconnect between expectations and results often begins. Many companies purchase the collaboration products necessary for the integration but overlook the fact that they need services to truly tie everything together.

Cisco Services is the glue that helps customers with Cisco Collaboration products adapt and convert to a fully digitized collaboration environment, both efficiently and cost-effectively. We help organizations proactively solve issues ahead of time, such as network deficiencies that cause video quality issues, and reduce complexity with machine learning (ML) and artificial intelligence (A.I.) that can automate workflows for employees. We can even custom design a solution built around an organization’s unique needs and integrate with Content Management Systems for easy workflows with Webex Teams. The best part is, we can work with our partners to develop a hybrid go-to-market strategy for our customers, in which each party contributes a specialized portion of the solution.

We recently did this with a large global service provider who was able to ultimately lower its operational costs. Cisco helped the company create an enterprise-wide collaboration strategy and timeline through our “Strategy & Roadmap” service and devised an implementation plan through our Advise & Implementation service. One of our partners was brought in to enhance the collaboration solution through AI, natural voice recognition, and improved customer experience metrics while the other partner served as a systems integrator. This hybrid solution helped to ultimately win over the client with everybody’s combined credibility and experience. Cisco’s products and services, along with partner expertise, help our customers realize the value of their Collaboration technology investments more easily.

Throughout our experience, we’ve found that companies generally need help with digital integration in one or more different areas, which we call phases (Figure 3).

Figure 3: Digital Transformation Phases

Phase 1 engages all employees and helps businesses deliver a seamless meeting experience – from scheduling to joining to fully experiencing video and audio quality at scale. At this stage, customers often use our Webex [and Webex Teams] Advise & Implement service to get expert help and guidance on planning, designing, and deploying a full collaboration solution that minimizes the time and expense needed to achieve success. Before we even begin, we verify a network’s ability to support the proposed Cisco solution, analyze gaps and address likely risks, and provide remediation steps to quickly “nip problems in the bud.” This will help support an integrated collaboration environment that provides seamless collaboration (i.e. calling, meeting, messaging, and Teams content sharing) and user experience.

Phase 2 helps customers evolve their work by enabling video-first meeting experiences and integrating team collaboration with existing workloads, workstyles, and systems. The goal is to tap the collective intelligence of the enterprise and speed decision making among employees. At this stage, customers usually rely on us for our “Hybrid Media Services,” which can help them migrate to the cloud slowly while delivering consistent user experiences at infinite scale, and our Business Critical Services,  which help to reduce complexity and costs through analytics, automation, and ML/AI. The real benefit from Business Critical Services is that they can help customers move to a more proactive IT model that can predict and fix problems automatically before reaching the end-user. Future corrective action could be as easy as fine-tuning the automation or additional configurations and could be as complex as predicting a crash that could render the network (and thus collaboration efforts) useless.

Finally, Phase 3 empowers teams by integrating the workflows from 3rd party applications, such as Office365, Box, ServiceNow, Microsoft Exchange and Active Directory, etc. Customers rave about our Custom Application Development &. Integration (CADI) service, which provides API integration for third party application. For one global financial institution, Cisco Services used its CADI service to combine Webex Teams with an automated assisted bot program powered by A.I. Ultimately, we were able to virtually eliminate manual, repetitive, time-consuming tasks that not only reduced OpEx by saving the organization thousands of man hours but also helped assemble packages for portfolio reviews and ensured quality, standardization, and better service for its customers. Other popular services at this stage include “Webex Teams Archival and eDiscovery” service, which enables storage, search, and retrieval of eDiscovery documents, and our “CloudLock” service, which helps to secure cloud communications.

Once customers are able to strongly link products and services for their collaboration technology, as well as successfully map out an organizational vision, the last step, as outlined in Figure 2, is to ensure that all employees are adopting the collaboration tools and using them to the best of their advantage. Businesses at this stage rely on Cisco Services for our Adoption (User Solution Empowerment (USE)) services, which provide customized processes, tools, and techniques from certified change management professionals that help end users adopt your collaboration products and technology with greater speed and effectiveness. Getting an organization’s employees to consistently use, and rely on, an integrated set of collaboration technologies is the final key to avoid the common disconnect between collaboration investment, expectations, and results (see Figure 1).

Continue reading

Bridging the Gap between Data Scientists and IT

The Golden Gate Bridge was built to connect San Francisco and Marin County using a suspension bridge over a mile long.  It was built during the Great Depression and took over 4 years to construct with over 1.2 million rivets.

When I talk to data scientists and IT teams in the same room, I often feel that the distance between the 2 teams is much more than the mile that Golden Gate Bridge covers.  They have very different expertise and vocabulary making effective communication difficult.  The speed of execution for delivering machine learning projects has a huge financial impact.  Data scientists often work with data pipelines, and IT teams are focused on the infrastructure.  So, naturally, there may be some communication gaps between the two teams.  Recently, when I show data scientists and IT teams that Cisco Validated Designs are able to provide a scalable architecture supporting data pipelines, the dynamics of the room changed from one of indifference to that of tight collaboration.

What is a Data Pipeline?

First let’s talk about data pipelines.  As an example, the diagram below shows a data pipeline for a single data source. The data scientist has to collect, clean, and correlate the data before sending it for machine learning training.  Eventually, a good model emerges, enabling new data to be fed to the model for updated inference results.

Data Pipeline for Single Data Source

But increasingly, customers are working with much more sophisticated data pipelines.  As shown in the diagram below, often times, data scientists are working with multiple data sources, each with their own pipeline for collection, cleansing, and correlation.  The inferred data from each of these data sources is then fed to a second stage of learning gathering the information from multiple data sources.  In fact, this type of data pipeline with multiple data sources can be found in many verticals, from security to targeted marketing campaigns.  On any given day, data scientists can be focused on issues related to any part of the pipeline.  In fact, he or she is probably also wondering whether additional data sources, such as structured data, live news feed, geolocation data, and other sources, should be added to the mix to gain deeper insights into the business problem at hand.  Note that the focus on the data and its operations prevents the data scientists from focusing on the infrastructure that is needed to run the data pipelines.

Data Pipeline for Multiple Data Sources

What Tools are Available to Implement Data Pipelines?

There are many tools available to implement data pipelines. Each data scientist will have preferences depending on familiarity, data type and software package  A small sample of tools is listed in the diagram below.  At the end of the day, these sophisticated data pipelines are still software running on servers:  It’s NOT rocket science.

Data Pipeline Software Tools

Infrastructure Solutions for Date Pipelines

As Cisco works with customers from different verticals, some patterns start to emerge. While not all customers will have the same architecture, we see that many customers end up having a combination of

◈ Data Ingestion Infrastructure: For storing, staging, and streaming the information before going to the next part of the data pipeline.  Often, this can be a Hadoop layer where the data is close to the compute enabling high parallel processing of the data.

◈ Compute Intensive Infrastructure:  For compute intensive workloads like machine learning and deep learning training, a dedicated cluster can be used to accelerate the processing

◈ Storage Infrastructure:  At some point, the raw and processed data needs to be stored.  Having a dedicated storage infrastructure makes it easier to provide scalable storage capable of delivering proper backup and ease of management.

Infrastructure Solutions for the Data Pipeline

While not every customer will have separate clusters for each of the functions cited above, we do find that many customers do have the various functions such as data ingestion, storage, etc.  For example, the Cisco Validated Design with Cloudera Data Science Workbench, incorporates data ingestion and storage as part of the Hadoop cluster that includes Apache Spark and Hadoop File System.  In addition, Cloudera Data Science Workbench creates a compute-intensive cluster capable of using servers with GPUs running deep learning frameworks, such as TensorFlow.

Building a Bridge between Data Science and IT through the Artificial Intelligence and Machine Learning Partner Ecosystem

Cisco is continuing to work with machine learning ecosystem partners to help bridge the gap between data scientists and IT.  In fact, Cisco is delighted to see Google adding Kubeflow Pipelines to the Kubeflow open source project.  This latest contribution expands TensorFlow’s capability to compose a data pipeline with reusable components accelerating the work of data scientists.  Cisco is also contributing code to the Kubeflow project, ensuring a consistent hybrid cloud architecture for machine learning.

Cisco is also participating in NVIDIA’s new NGC-Ready program, ensuring that Cisco servers, such as the recently announced UCS C480 ML, can take advantage of the NGC container registry and its large repository of pre-built and optimized containers with the latest machine learning and deep learning frameworks.

“Powerful software benefits from powerful systems,” said Kari Briski, Sr. Director, Accelerated Computing Software and AI Product, NVIDIA. “With NGC-Ready, users of the Cisco UCS C480 ML, with its 8 NVIDIA Tesla V100 GPUs interconnected with NVLink, can leverage NGC containers to create an ideal solution for large-scale deep learning workloads.”

In working with the artificial intelligence and machine learning ecosystem, Cisco is bridging the gap between data scientist and IT.  At the end of the day, Cisco’s goal is to accelerate your the machine learning deployment and refine the mining of your data.

Where are you in your journey to adopt artificial intelligence and machine learning?  Check out some of the Cisco Validated Designs to help you accelerate.  Reach out to your Cisco account team, and we can have a deeper conversation.  If you are attending SC18 in Dallas, Texas, stop by the Cisco Booth, #2803.

Continue reading

Get Started with the Whole of Branch Provisioning – Virtual and Physical

Earlier blogs have covered PnP use cases for simple deployments of a single switch.  This blog covers the design and automated deployment of a complete branch infrastructure. There will be no need to connect to the Command Line Interface (CLI) of any device.

Topology

In this example, Enterprise Network Compute Server (ENCS) is used to host the virtual network function(s).  This simple example has only a single function, an ISR router (ISRv).  This could easily be extended to include Cisco and third party virtual network functions.

The example shows automated provisioning of both virtual (ISRv) and physical (Catalyst 9300).  There are two connections between the ISRv and the 9300.  This could be simplified, but the two connection model provides all choices of connections between the ENCS running ISRv and the 9300 (L2, L3, PortChannel, ECMP etc).

Process

DNA Center provides the automation tools for this deployment. There are three main steps illustrated below:

1. Design phase. This is where IP address pools, site specific settings like credentials, DNS, AAA are defined.  In addition a network profile is defined, which include the “design” of the ENCS network functions and their internal network connectivity.  Finally, the network profile is mapped to one or more “sites.”  Site hierarchy is also defined in this phase.

2. Once the device is connected to the network, it uses PnP to discover the DNAC and will appear as an “unclaimed” device. The “claim” process simply assigns the device to a site.

3. Once the device is assigned to a site, it can be provisioned. This step places any device specifc settings (for example interfaces).  Most of this information has already been defined in the design, so cannot be changed.   The ISRv is also provisioned, but there is very little to change.  Once the WAN services are up, the Catalyst 9300 automatically uses PnP to obtain it’s configuration.

Example

This example assumes the design has been complete (just to show how simple it is).  I will come back to the design later on.

Claim Step

This example assumes a new ENCS device has been connected to the WAN, and it is able to discover DNA Center.  It will appear as an unclaimed device under the provisioning workflow.  Provision -> Unclaimed Devices

Next step is to select the nfvis device (nfvis is the default name for the device), and claim it.  All that is required is a site, in this example “Brisbane”.  Click Apply.

Click on the inventory tab, and you will soon see the device added to inventory, but in the “unprovisioned” state.

Provision Step

Now to provision the ENCS based on the network profile in the design phase.

Select the device, then go up to the “Actions” menu and select “provision”.  This will begin the provisioning workflow.

In the first step, there is little to do, unless you are provisioning multiple devices at once.  The main thing to remember is the “Next” button at the bottom of the screen to progress to the next step.

Step 2 (router WAN) is where the WAN interface for the ISRv is done.  Click on the small circle that links the ENCS to the WAN.  Then fill in details for the IP address, WAN interface on ENCS, and bandwidth.

Step 3 is the Integrated Switch configuration. ENCS has built in switch with up to eight ports.   In this example there are internal networks map to the two vlans.  In this example,  vlan 20 (service) is mapped to the service-net on ISRv and exposed on interface GigabitEthernet1/0 on the ENCS switch.  Similarly, vlan 10 mapps to mgmt-net and interface GigabitEthernet1/1 on the ENCS switch.

The final step is to review and deploy.

After a short period of time, the ENCS will be provisioned, which will create all of the internal networking and spin up the ISRv, and add it to the inventory.  You can check on the status of the provisioning by clicking on the hotlink on the far left of the ENCS entry.  Note also the ISRv is added, but not yet provisioned.

Provisioning ISRv

The same workflow is followed for configuring the ISRv. In this example a pre-defined configuration template will be applied.  The template was defined and applied during the design phase.  This is exactly the same workflow as with the ENCS.

Firstly, select the ISRv, goto actions and select provision.

Step 1 is just a preview.

Step 2 is the router WAN configuration.  Again there is nothing to configure here as WAN configuration was done in the ENCS workflow.

Step 3 is the Router LAN configuration.  In this deployment, the router has a layer three connection (routed, OSPF) to the downstream Cat 9300, so this is not really required.  In this case Gig3 appears in the dropdown menu as it has a “LAN” tag.  Just select DHCP and the single address pool.  These come from the ENCS configuration.

Due to the deployment model (the service network is going to be used to connect to the switch, rather than the LAN network), these settings do not really matter.  In other deployment models, they are.

Step 4 is the custom configuration template.  In this example, there are no device specific variables in the template.  If there were, they would be filled in here.

Final step is to review and deploy.

Once deployment starts, it can be monitored in the same way as ENCS.

The end result is the ISRv will be deployed, and due to the DHCP configuration on the device, the Catalyst  9300 will also use PnP to automatically provision based on a pre-defined rule.   There are now three devices in the inventory.  You will notice the ISRv is “Out of date” as I made some changes to the configuration template post-deployment.  The 9300 is not fully provisioned as it has a day 0 configuration.

I now have a fully deployed branch.

Details

This section shows the detailed configuration and how to define the network profile, along with ENCS/ISRv templates.  The templates augment the base configuration.

There are options where a single connection can be used to connect the 9300 and the ENCS.  In this scenario, there are limitations around topology (for example port channel will not auto-negotiate).  Using the management interface to PnP provision the switch, means any configuration can be applied to the front panel ports, without needing to establish connectivity first.

For example in the L3 connection, there is no default route provided to the 9300. It can only communicate to the outside world once OSPF is configured and comes up via the front panel ports.

In this case the service network and the management networks are being used and the LAN network is not required.  When other services such as firewall are used, the services network would link the router and the firewall and the LAN interface connect to the firewall.

The complete topology is configured via a network profile, and fully automated by DNA Center.

Design

IPAM

Three IP address pools are required for provisioning. They are:

◈ LAN for the LAN network.Typically this will be the connection to the end user devices.  As I am using a L3 link to the 9300 switch, the Lan networks will be terminated on the 9300, and this network is not being used.

◈ Service for the service network.In this example this will be a L3 connection to the 9300 switch.  In other topologies it will be used to link services such as Firewall into a chain.

◈ Management for the management network.Note, the management IP address is used to discover the ISRv router, so there needs to be reachability to it.

The current subnet masks are very generous, and would be optimized depending on the deployment scenario.

Templates

While most of the ENCS configuration is automated, extra configuration can be supplied in a template.  This allows capabilities that are not supported in the design workflow to be implemented. For example PortChannel on the switch ports. Currently, the switch vlan are used, but not defined via the design.  The ‘encs’ template contains these extra commands.

switch vlan 10

switch vlan 20

This template is used to configure the ISRv router. This is an extension to the base configuration, which includes everything to make the router discoverable by DNA Center. Although ospf is configured on the router, we need to change the networks that are advertised. DHCP scopes to allow PnP for the switch and the service interface for the 9300 switch are also defined.

router ospf 100

network 10.10.2.0 0.0.0.255 area 0

no network 192.168.200.0 0.0.0.255 area 0

network 192.168.200.0 0.0.1.255 area 200

   

ip dhcp excluded-address 192.168.200.129 192.168.200.180

!

ip dhcp pool PnP-mgmt

 network 192.168.200.128 255.255.255.128

 default-router 192.168.200.146

 option 43 ascii "5A1N;B2;K4;I10.10.10.181;J80"

   

ip dhcp excluded-address 192.168.200.1 192.168.200.60

!

ip dhcp pool PnP-service

 network 192.168.200.1 255.255.255.128

This is the configuration template for the 9300 switch. This template will be used in a PnP rule.

hostname $hostname

vtp mode off

enable password cisco

username cisco privilege 15 password 0 cisco123

interface Loopback0

ip address 1.1.1.1 255.255.255.255

ip routing  

router ospf 100

network 192.168.200.0 0.0.0.255 area 200

int vlan1

  no shut

  ip address dhcp

snmp-server community public RO

line vty 0 15

login local

Site Profile

To create a site profile, Design->Network Profiles -> Add Profile

Select the type as “Routing & NFV”.  The first step  will be to choose the type of device and the WAN connections.  Service Provider Profile is defined under Design -> Network Settings -> SP Profiles.

You will also need to configure the WAN connection from the device to the WAN cloud.

Finish by editing the  services.

Editing services is where you add the VNF (ISRv) and configure the internal networking.   Make sure you have uploaded an ISRv image into the image repository first, so you can chose the VNF profile for the ISRv.

Next step is to click on the service-net and the mgmt-net and add a vlan tag, as well as make it an access network.

In my case, service-net = vlan 20 and mgmt-net = vlan 10

Step two is to configure the connection between the ISR and the switch.  In this case it is L3.  The protocol is OSPF and the number is 100.

Third step is to configure the VLAN on the switch. In this case, both vlan 10 and 20 are used.

Finally, review the summary and save.

The only thing required to do is to add a site to the profile.

Validation

Once the desing and deployment is completed, the design can be verified by connecting to the 9300 router.  The OSPF peering has been established between the 9300 and the ISRv.

encs-9k#show ip ospf ne

Neighbor ID     Pri   State           Dead Time   Address         Interface

192.168.202.17    1   FULL/DR         00:00:36    192.168.200.16  Vlan1

The 9300 and ISR are connected over an L2 link with the peering point on an SVI – vlan 1. It is very simple to change g1/0/1 to a routed interface, or to run an etherchanel underneath, depending on requirements.

encs-9k#show ip int br | inc up

Vlan1                  192.168.200.3   YES DHCP   up                    up      

GigabitEthernet0/0     192.168.200.183 YES DHCP   up                    up      

GigabitEthernet1/0/1   unassigned      YES unset  up                    up      

Loopback0              1.1.1.1         YES TFTP   up                    up   

Continue reading