Westfield Malls Use Digital Transformation to Disrupt Industry in Need of Change

Today’s retailers understand that if they want to stand out from the pack, they must engage every shopper with a personalized, enjoyable experience. Westfield Corporation has been delivering superior retail experiences for more than 50 years. With 35 properties in the United States and the United Kingdom and more than $16 billion in annual retail sales, the firm is constantly employing new ways to learn more about its customers – and keep them coming back.

Westfield upgraded its Century City property in Southern California – easily the company’s busiest location at 20 million visitors a year – with innovative technology to transform the visitor experience. The goal was to set the brand apart for shoppers, while providing growth opportunities for its retail, entertainment, and hospitality partners, by getting to know their customers better.

A Springboard for innovation

Westfield’s strategy included collecting data and building user profiles to enable real-time engagement and applying these business insights to attract flagship-level tenants. In support of these efforts, Westfield also sought to digitize its advertising platforms, with location-based digital content delivery across fixed and mobile screens.

To bring its vision to life, Westfield partnered with Cisco to create a digital-ready foundation for its SmartCenter initiative. The blueprint employed Cisco UCS, Cisco networking, mobility, collaboration, analytics, and software solutions to help make the retailer’s IT more agile, and its innovation more accessible. The entire solution was based on a Cisco Digital Network Architecture (Cisco DNA™) for retail, which uses automation to simplify network management, analytics to provide customer insights, and embedded security everywhere.

In addition, Cisco wireless solutions support a public high-density Wi-Fi network that delivers a premium customer experience where visitors can enjoy wireless connectivity everywhere, taking advantage of applications such as self-service ordering and checkout, as well as easier customer returns. Using Wayfinding navigation tools, visitors can quickly find the retailer, dining, or entertainment for which they are looking, while the mall engages visitors with event-driven personalized messaging.

The Cisco Advantage

To gain better insight into its shoppers and operations, Westfield utilized Cisco Connected Mobile Experience (CMX)Advanced analytics. With a better understanding of customer behavior, the mall can now enhance the delivery and relevance of ads and promotions, as well as optimize the layout of its tenant locations and its lease rates.

Westfield also applied its end-to-end SmartCenter environment to non-retail operations, such as parking and energy management.

Future-Proofing

Knowing it needed to deploy the SmartCenter solution to its other flagship properties, Westfield also utilized the Cisco enterprise agreement to help simplify complex licensing, while including an allowance for growth and scalability.

“We couldn’t succeed without the right partners, and Cisco has been just amazing,” said Denise Taylor, Westfield CIO. “The enterprise agreement allowed us to be very agile. It became the building block of how we future-proofed our centers, enabling us to be nimble and flexible to make adjustments as necessary as our industry continues to evolve.”

From Shopping Center to Destination

Westfield defined new levels of retail innovation through digitization and Cisco’s support, replicating its SmartCenter model and employing it as a blueprint that it can apply to other properties around the globe in the future.

With Cisco’s help, the company is expecting a dramatic return on its investment (ROI) for the multiphase deployment, projecting a 100 percent increase in customer data capture and a 50 percent increase in digital advertising revenues. As it adds more digital value across its properties, the firm also anticipates a 10 percent increase in tenant revenue.

With a solid SmartCenter vision and an end-to-end data strategy across the entire shopper journey, Westfield continues to build a new business model that redefines the mall experience. Through digital transformation and a strong partnership with Cisco, Westfield is disrupting an industry in the midst of change.

Continue reading

Chipping Away at S/4 HANA Migration challenges

Gaining competitive advantage with digital transformation is a balancing act of value and cost.  Delivering incremental value at a high cost is not advantageous, and S/4 HANA business process migration can be expensive.

Cisco, Intel and SAP have partnered to deliver a solution that increases the value of the S/4 HANA migration while decreasing the cost, and potentially reducing the migration challenges.  We achieved by incorporating the Intel Optane Datacenter Persistent Memory into Cisco UCS solutions for SAP HANA.

Intel Optane Datacenter Persistent Memory and the SAP Value

The Intel Optane DC PMEM is a persistent memory device that sits directly on the memory bus of the server system board sharing the memory space with the existing dynamic memory.  This new device retains the data stored when the server power is turned off and is immediately available for usage when the server power is restored, and the SAP HANA database restarted.  The new persistent memory is available in three memory sizes; 128G DIMMs, 256G DIMMs and 512G DIMMs.

This new combination of dynamic memory and persistent memory provides three interrelated benefits which result in reduced total cost of ownership without impacting the in-memory performance.

Value #1: Realizing Real Cost Savings

First, the Intel Optane DC PMEM has a lower price per TB than industry standard dynamic memory.  A direct comparison of the 128G DRAM DIMM and the 128G PMEM DIMM results in an estimated 50% cost reduction when replacing DRAM with PMEM.  The value- a direct 25% reduction in the SAP HANA server acquisition cost.  This is a very real savings when you consider almost all S/4 HANA migrations have at least 3 SAP HANA servers.  This price comparison will vary as the volatile price of memory changes.

Value #2: Increased memory capacity without excessive costs

The Optane DC PMEM are available in larger capacity sizes ranging from 128G to 512G resulting in larger capacity without significantly increasing cost.  It is now possible to build a 4-socket UCS B480 server with 6T of Optane PMEM SAP HANA data tables space.  Before Optane PMEM this size of data table space required an expensive 8-socket server fully loaded with 96 128G DRAM DIMMs.  And the interesting fact is this increased capacity 4-socket server is almost the same price as a traditional 4-socket DRAM-only server with only 3T of SAP HANA data table capacity.  12T of SAP HANA data tables can also be supported on a 4S system for customers with deep pockets.

Value #3: Reduce planned downtime

A traditional 6T SAP HANA database can take over 65 minutes or more to reload into memory significantly increasing the time needed for planned downtimes.  The Optane PMEM saves the data in the memory devices and presents the data immediately when SAP HANA is restarted.  This decreases the restart time to well below the 65 minutes, many times decreasing the restart time by a factor of 12 or more.  System recovery for planned downtime can be significantly reduced resulting in less time needed for productive system maintenance.

Special S/4 HANA and BW/4 HANA Server Opportunity

Deciding when to migrate your workload to SAP HANA or to refresh your existing landscape is a difficult decision.  Cisco and Intel are announcing a short-term program to make that decision a little easier.  Cisco has created four unique SAP HANA server products that provide even more price value than just the Optane pricing.  These 4 servers enjoy not only the 25% cost savings associated with Optane PMEM pricing, but a nearly additional 20% special saving to help reduce the cost of SAP HANA migration and refresh programs.  Combine this SAP HANA server with the newly enabled S/4 HANA and BW/HANA Landscape bundles to create an end to end landscape solution for your S/4 HANA or BW/4 HANA migration program.

Migrating to SAP S/4 HANA presents challenges and risks.  Confidently accelerate SAP modernization and migration efforts with these new Cisco® SAP solution packages. Fast-track your SAP HANA andS/4 HANA projects by applying your realized CapEx infrastructure savings toward SAP migration services.

Now you can easily test drive Intel Optane DC persistent memory and discover Optane’s SAP HANA value.

Continue reading

Where’s my Endpoint?

Is there a way to know what endpoints are alive within your data center at this moment? Is it possible to continuously monitor the life of every endpoint – be it a Virtual Machine (VM), a physical host or even a container ? Enter Endpoint Locator or EPL!

With DCNM available as a manager for data center fabrics, we decided to incorporate EPL directly into DCNM. EPL has been shipping as a preview feature in DCNM since November 2016. General availability of this feature is now available with the DCNM 10.2(1) May 2017 release.

For a VXLAN BGP EVPN based data center fabric, Endpoint Locator provides near real-time tracking of every endpoint. Events such as endpoint coming up, endpoint going down, or endpoint move are now visible with a few simple clicks. EPL supports all kinds of endpoints, be it IPv4, IPv6 or Dual-Stack. In fact, EPL can literally locate anything with a MAC or IP address.

To provide context to the detected endpoint itself, additional information is gathered and correlated, resulting in a multitude of data points at your fingertips. Find your endpoints physical location with the reference to the associated switch and connected physical interface. Add in logical information such as VLAN, VRF or VNIs. The ease of access and visibility of such information within the data center is unprecedented for data center fabrics.

Once EPL is enabled via a simple wizard, it starts gathering information about existing endpoints and from then onward, all network events associated with the endpoint will be tracked.

Apart from a live endpoint dashboard, EPL also displays endpoint historical information for a time period specified in absolute or relative data ranges. The endpoints can be filtered by a variety of parameters including the VRF, network identifier, switch name, etc. Any search results are available for instant download.

In addition to the dashboard, EPL offers a set of Operational and Exploratory analytics views that are based on the collected endpoint data.

◉ Network Historical View – Displays daily historical information about endpoints, networks, and VRFs in terms of currently active endpoints, endpoint additions & deletions.

◉ Operational Heatmap – Displays holistic information on all the operations that have been occurring in the fabric on an hourly basis.

◉ Endpoint Life – Displays a timeline of a particular endpoint throughout its entire existence within the fabric showing where the endpoint was located and where it has moved.

Stay tuned for more innovations like these which drive operational simplicity and visibility into data center fabrics using DCNM.

A Special acknowledgement to Shyam Kapadia for being the primary development lead for EPL; our journey started with an innocent break room conversation about a customer problem with respect to workload visibility.

Continue reading

Do the Impossible: Deliver the Best Collaboration Experience and Secure Sensitive Data with Cisco’s Extended Secur …

Security is Paramount, and Cisco Webex is the Market Leader

Security is critical for any collaboration deployment because employees inevitably share sensitive data and intellectual property. Building out security is hard as it’s not a standalone feature that can be built in isolation. It is a platform-level capability that needs to be designed for every component and every feature support must comply with it to be effective.

Cisco has security in its DNA from the network to devices to the cloud. Cisco Webex was architected with a 360 approach to security. We looked at the full attack surface and possible threat vectors to build controls and mitigations while providing the best user experience, and enabling users to securely collaborate with users outside of their companies and support their personal devices.

Customer Challenges

Users are increasingly using collaboration tools to do their job – and it often involves sensitive data – whether it’s intellectual property, personally identifying information or financial information. Line of business executives and IT administrators are concerned about data loss especially when their users are collaborating externally. As an open platform, Webex has an events API and one of the largest compliance and Data Loss Prevention (DLP) partner ecosystems in the industry to address these concerns.

However, many of our customers do not have a central DLP solution deployed and this stalls rollout of modern collaboration tools. Even if some customers deploy these tools, IT admins end up blocking collaboration with external users and use of personal devices in order to mitigate these data loss risks.

Not only does this impact employee adoption of these tools, it increases data loss and malware exposure as users start using non-sanctioned consumer collaboration apps to get the job done.

Extended Security Pack Solution

I am thrilled to announce a new Collaboration Flex add-on offer – the Cisco Webex Control Hub Extended Security Pack – a Cisco-on-Cisco best of breed solution to this customer problem that packages full functionality Cisco Cloudlock for Webex Teams with native Webex anti-malware capabilities powered by Cisco Talos ClamAV in Webex Cloud.

The new Extended Security Pack is available now and enables our customers to safely and securely rollout modern collaboration with best user experience.

Cloudlock DLP policies follow your employees even when they collaborate with external users. And our anti-malware solution will block infected files from being downloaded and malicious URLs will not be expanded and clearly marked for end-users.

Peace of Mind Through Industry Leading Webex Teams Security

We firmly believe that every customer is different and there is “no one size fits all” security model, and therefore IT Admins can choose Webex Control Hub policies to match Webex security to their risk profile. We are announcing new controls to manage 3rd party integrations like JIRA, Box, and Smartsheet into Webex. The ability to manage bots and whitelist external domains for collaboration will be available in October. In addition, Control Hub now supports active directory groups for automatic license assignment based on your geography, role or other criteria.

We are very excited to partner with ThetaLake to support AI-based archiving, eDiscovery, and supervision for Webex Meetings recordings with automated detection of compliance risks in audio and visual content, including screenshares.

The new Control Hub search and extraction tool is available now and will support large lawsuits and investigations by allowing hundreds of users in one query. In addition, a simple EML export mechanism will allow faster integration into eDiscovery tools and quick viewing of extracted content for internal investigations.

Trust and Protection You Can Count on 

Webex has tight controls on privacy and personal identifiable information and supports various cross-border frameworks and is GDPR compliant. ISO 27018 is the first certification to focus on privacy and PII controls and Webex Meetings and Teams have passed the ISO27018 audit.

Webex is adding new built-in mobile application management (MAM) capabilities to set up a timeout for Teams mobile client with application PIN lock and an ability to block notifications with message content on lock screen. In addition, we are proud to announce a common mechanism for customers to wrap all Webex mobiles apps (Meetings, Teams and Jabber) using their favorite MAM SDK starting October 2019.

Continue reading

The 3 W’s in Zero Trust Security

Picture this scenario: you are a security guard at an office building. Today you are looking after a restricted area. A person you’ve never seen before walks straight past you into one of the rooms. Would you stop them or would you just assume they are allowed to be there?

In a physical world, trust is most commonly based on who you are, not where you are. A savvy security guard would ask you for your ID before allowing you in. Virtually, though, the situation is different: being in the right place is often enough. If you are inside of a company’s network perimeter, it is often assumed you have the right to be there. You gain access to the same data and tools that any other trusted user would. It’s clear that such an approach is no longer enough.

Zero trust security comes in as an alternative model, more in line with the current threat landscape.  It is based on the principle of “always check, never trust“, originally introduced by Forrester. It takes into account 3 main factors:

◉ Workforce: Employees are at risk of identity theft, which is one of the most widespread types of fraud today.

◉ Workload: New vulnerabilities in applications and their improper management open highways for cybercriminals.

◉ Workplace: With more and more connected devices, the workspace has extended far beyond the four walls of you company building.

Moving from a perimeter model to Zero Trust means assessing, adapting and implementing new security policies that address threats in a constantly changing environment. In this trust-centric approach access is granted to users and devices, not a network.

This means that policies now need to be calculated based on a vast number of data sources. All network activities must be continuously taken into account. Any indications of compromise or changes in the behaviour of apps, users and devices must be examined, validated and receive immediate responses.

How to apply a Zero Trust model

Cisco’s practical approach to Zero Trust includes six important steps.

1. Establish levels of trust for users and user devices (identity verification with multi-factor authentication and device status, which must be compliant and properly updated)

2. Establish levels of reliability for IoT and/or workloads (profile and baseline)

3. Establish SD perimeters to control access to the application (authorised access)

4. Establish SD perimeters to control access to the network (segmentation and micro-segmentation)

5. Automate the adaptive policy using normalisation (network, data centre and cloud)

6. Automate the adaptive policy using the response to threats (adapt the level of trust)

Zero Trust Security involves people, processes and technology in its adoption. It can provide a roadmap for a truly efficient and automated security infrastructure.

Continue reading

Ransomware in Education: How to use your Network to Stay Ahead of Attacks

Educational institution systems store a large amount of sensitive data, including student and employee records. They rely heavily on these systems for day-to-day operations. So any disruption or loss of access can be a game changer. But these same institutions also often have tight budgets and can’t afford to employ large security teams. That’s one reason they’re perceived as easy and lucrative targets by online adversaries.

A typical response may be to deploy multiple security technologies to block threats from entering your organization at various attack vectors, and you should continue to do so. However, just relying on these techniques isn’t enough since 100% prevention is not possible in today’s complex threat landscape. That’s where continuous monitoring of your network’s behavior comes in. By using this approach, you can help detect and respond to a ransomware attack more quickly and effectively.

How to stay ahead of cyber threats

Your network is a source-of-truth of every activity – normal or malicious. Adversaries must use your network in order to carry out their malicious objectives. Because of this, collecting and analyzing your network telemetry is an effective way of detecting advanced threats, like ransomware. Here’s how it helps you.

◉ Detect threats early by pinpointing suspicious behavior. Ransomware attacks are generally initiated through methods like a phishing email or exploitation of a vulnerability. It might involve behavior such as port scanning, command-and-control (C&C) communication back to the attacker network, etc. Whatever means the attackers use, the activity touches the network. By using behavioral modeling, this kind of activity can be easily detected. You can also create custom security policy alerts to detect restricted communications such as use of SMB protocol, or access to sensitive data servers from outside the network. So even if the ransomware is an unknown strain and has infected the organization, the anomalous behavior will give the attackers away.

◉ Correlate local alerts to global campaigns. Attackers often reuse ransomware strains to infiltrate multiple organizations. An effective network security analytics solution is powered by industry-leading threat intelligence that has the knowledge of all the malicious domains, servers, campaigns, and other indicators of compromise. Using multiple analytical techniques like statistical modeling and machine learning, billions of network sessions within your organization can be processed and correlated to global campaigns, in order to pinpoint attacks and then quickly remediate.

◉ Perform forensic analysis for incident response. Your organization has been infected, and you have been immediately notified through alerts of the ransomware attack. Now what? Time is of the essence and your security teams need to answer questions like what machines have been infected, what was the source of the attack, and where are communications occurring? Because you have a record of every network communication, you can begin from the alert and investigate back in time to conduct a thorough forensic analysis to answer those questions and contain the ransomware.

Industry-leading network visibility and security analytics

The capabilities described above are offered by Cisco’s network traffic analysis solution, called Cisco Stealthwatch. It provides enterprise-wide visibility, from the private network to the public cloud, and applies advanced security analytics to detect and respond to threats in real-time.

By using a combination of behavioral modeling, machine learning, and global threat intelligence, Stealthwatch can quickly (and with high confidence) detect threats such as:

◉ C&C attacks
◉ Ransomware
◉ DDoS attacks
◉ Illicit cryptomining
◉ Unknown malware
◉ Insider threats.

With a single, agentless solution, you get comprehensive threat monitoring across your data center, branch, endpoint, and cloud. Plus, it can also analyze encrypted traffic for threats, without any decryption, using our proprietary Encrypted Traffic Analytics technology.

Stealthwatch can detect ransomware hiding in encrypted traffic, and can also correlate it to global campaigns like WannaCry.

By deploying Stealthwatch, you can turn your network into a “threat sensor” by simply collecting telemetry such as NetFlow. And there is no need to deploy multiple agents. Stealthwatch can be deployed easily. Best of all, it scales automatically with your infrastructure, growing as your needs grow.

Continue reading

Using Automation with your Security Products

For network engineers, automation is changing the way we interact with the network devices that are a key part of our responsibilities. This is a fundamental change in the way that we’re used to controlling these devices. And if you’re a network engineer, it’s natural that you might be hesitant to use automation because you think it might reduce the number of engineers required to maintain devices. But I challenge you to think first about the increased efficiency that it will provide.

Three reasons to embrace network automation

It’s important to remember that network automation is not just another “flavor of the month” but the future of our industry. So now is a prime opportunity for you to lead rather than follow. I suggest you embrace it and by doing so become a better engineer. And as you begin, understand that there are three key reasons you should implement network automation:

◉ To reduce configuration errors. Automating the repetitive configurations used in the network will help reduce your error rates caused by manually configuring the devices.

◉ Improve network management. Many processes you perform regularly on your devices may not get done, or experience a delay, due to the manual nature of the tasks. Automating them is a great way to ensure they get done.

◉ Free up your IT Staff for critical tasks. By using automation for less critical tasks, it allows your team to focus on performing the critical tasks that ensure the network is running at peak efficiency.

Four tools for network automation

Now, let’s look at four tools you can use for automating your network:

◉ Python is quickly becoming one of the most used languages for automation. It’s a much more human readable language.

◉ Github is a great repository for code used for automation. Plus, there are numerous Cisco supported repositories on Github. So you can download these to jump start your automation journey.

◉ Postman is a great tool to get you going with interacting with your network devices.

◉ Ansible is a great network automation platform.

Cisco DevNet and network automation

Next we need to look to Cisco DevNet. Cisco has announced new certifications around network automation, and they’ve put countless hours into developing a world class training and development environment:

Plus, they continually host special events to help you grow your skills.

A closer look at the Security Dev Center

By visiting the site, you can check out all the API’s for the Cisco Security Products. You can also leverage the page as a long-term learning resource, and take a deeper dive on topics you’re interested in as time allows. Here you can learn about a variety of trending issues, like controlling threats with Firepower, Cisco’s NGFW, or automating your security with pxGrid.

Continue reading

Enterprise Networking in 2020: 5 Trends to Watch in Wireless, SD-WAN, More

Networking isn’t what it used to be. A few years ago, the epicenter of networking began to move. It shifted from company-owned datacenters, out to the cloud. For users, the focus of networking moved from computers connected with wires, to mobile devices connected over the air. These fundamental shifts, in where business processes run and how they’re accessed, is changing how we connect our locations together, how we think about security, the economics of networking, and what we ask of the people who take care of them.

So it is going to be an exciting year. Here’s how:

Wireless: It’s Wi-Fi, It’s 5G. It’s Both.

In 2020, Wi-Fi 6 will enter the enterprise, through the employee door and through enterprise access point refreshes. 5G will also appear, although in 2020, it will be mostly for consumers.

The latest smartphones from Apple, Samsung, and other manufacturers are Wi-Fi 6 enabled, and Wi-Fi 6 access points are currently shipping to businesses and consumers. 5G phones are not yet in wide circulation, although that will begin to change in 2020. We project that through 2020 more people will be using Wi-Fi 6 than 5G.

2020 will also see the beginning of a big improvement in how people use Wi-Fi networks. The growth of the OpenRoaming project will make joining participating Wi-Fi networks as easy as using a cell phone in a new town: Users won’t have to think about it.

While “5G” service will roll out in 2020 (some is already switched on today), almost none of it will be the ultra-high speed connectivity that we have been promised or that we will see in future years. With 5G unable to deliver on that promise initially, we will see a lot of high-speed wireless traffic offloaded to Wi-Fi networks.

2020 will also see the adoption of new frequency bands, including the beginning of the rollout of “millimeter wave” (24Ghz to 100Ghz) spectrum for ultra-fast, but short-range 5G; and of CBRS, at about 3.5Ghz, which may lead to the creation of new private networks that use LTE and 5G technology, especially for IoT applications. We will also see continued progress in opening up the 6 GHz range for unlicensed Wi-Fi usage in the United States and the rest of world.

Eventually, having even more pervasive, high-speed, secure wireless connectivity will open up new kinds of business opportunities in all industries, from healthcare to transportation. In combination with the improved performance of both Wi-Fi 6 and (eventually) 5G, we are in for a large – and long-lived – period of innovation in access networking.

The Network as Intelligent Sensor

Businesses have started to use their networks for more than data transmission. Now they’re being used to sense their environments as well. This is going to have big impacts on business – not just for network operators, but directly to the bottom line as well.

With software that is able to profile and classify the devices, end points, and applications (even when they are sending fully encrypted data), the network will be able to place the devices into virtual networks automatically, enable the correct rule set to protect those devices, and eventually identify security issues extremely quickly. Ultimately, systems will be able to remediate issues on their own, or at least file their own help desk tickets. This becomes increasingly important as networks grow increasingly complex.

Wireless networking equipment can also collect data on how people and things move through and use physical spaces – for example, IoT devices in a business; or medical devices in a hospital. That data can directly help facility owners optimize their physical spaces, for productivity, ease of navigation, or even to improve retail sales. These are capabilities that have been rolling out in 2019, but as business execs become aware of the power of this location data, the use of this technology will begin to snowball.

SD-WAN Plans Solidify in 2020

The workplace is becoming virtual, not physical. Businesses now hire talent wherever it is, and these dispersed employees are connecting to increasing numbers of cloud services. This dispersal of connectivity – the growth of multicloud networking – will force many businesses to re-tool their networks in favor of SD-WAN technology. IDC research shows that almost 95% of the enterprises they surveyed expect to be using SD-WAN within 24 months.

Meanwhile the large cloud service providers, like Amazon, Microsoft, and Google are connecting to networking companies (like Cisco), to forge deep partnership links between networking stacks and services.

When it comes to their own WAN solutions, each enterprise is different. Some enterprises, looking for security solutions that align with compliance regulations, need on-premise security. Smaller businesses often want their security solutions in the cloud. Many businesses will need hybrid solutions that combine elements of traditional on-premise control for compliance, with cloud-based solutions for flexibility and agility. Security, and workloads, have to be installed where they meet the needs of the business.

This is going to lead to a growth in business for managed service providers (MSPs), many more of which will begin to offer SD-WAN as a service. We expect MSPs to grow at about double the rate of the SD-WAN market itself, in line with IDC’s predictions. We also expect that MSPs will begin to hyper-specialize, by industry and network size.

Multidomain Needs Spur Controller-Based Integration

The intent based networking model that enterprises began adopting in 2019 is making network management more straightforward by absorbing the complexities of the network. However, networking systems are made up of multiple networks themselves (for example, campus networks and WANs), as well as domains of technology that are traditionally managed in their own domains (for example, security). For better management, agility, and especially for security, these multiple domains need to work together. Each domain’s controller needs to work in a coordinated manner to enable automation, analytics and security across the various domains.

Increasing network complexity fuels adoption of multidomain technologies.

The next generation of controller-first architectures for network fabrics allow the unified management of loosely-coupled systems using APIs and defined data structures for inter-device and inter-domain communication. With the way networks are changing, there is no other solution to keep ahead of system growth and complexity.

From Network Engineer to Network Programmer

The standard way that network operators work – provisioning network equipment using command-line interfaces like CLI – is nearing the end of the line. Today, intent-based networking lets us tell the network what we want it to do, and leave the individual device configuration to the larger system itself. We can also now program our updates, rollouts, and changes using centralized networking controllers, again not working directly with devices or their own unique interfaces. But new networks run by APIs require programming skills to manage. Code is the resource behind the creation of new business solutions.

If maximizing the value of these controllers means getting up to speed with programming them, there’s a big opportunity for the people who get ahead of this trend. But it will not be an easy change. Retraining yourself (or your team) is expensive, and not everyone will adapt to the new order. For those that do, the benefits are big. Network operators will be closer to the businesses they work for, able to better help businesses achieve their digital transformations. The speed and agility they gain thanks to having a programmable network, plus telemetry and analytics, opens up vast new opportunities.

It remains critical for individuals to validate their proficiency with new infrastructure and network engineering concepts. With training, network operators will be able to stay closer to the businesses they work for, providing value beyond maintenance and support. Networks in 2020 will become even more central to how businesses function. As always, CEOs will direct resources into infrastructure projects that directly generate revenue.       

2020 Will be Transformative

Together, new capabilities will make networks into even more important business assets, and companies will leverage them in ways that we have not imagined.

We just finished surveying over 2,000 network executives and operators on the future of networking.

Continue reading

Why Upgrade to MDS 9700

MDS 9500 family has supported customers for more than a decade helping them  through FC speed transitions from 1G, 2G, 4G, 8G and 8G advanced without forklift upgrades. But as we look in the future the MDS 9700 makes more sense for a lot of data center designs.  Top four reasons for customers to upgrade are

1. End of Support Milestones
2. Storage Consolidation
3. Improved Capabilities
4. Foundation for Future Growth

So lets look at each in some detail.

1. End of Support Milestones

MDS 4G parts are going End of Support on Feb 28th 2015. Impacted part numbers are DS-X9112, DS-X9124, DS-X9148. You can use the MDS 9500 Advance 8G Cards or MDS 9700 based design. Few advantages MDS 9700 offers over any other existing options are

a. Investment Protection – For any new Data Center design based on MDS 9700 will have much longer life than MDS 9500 product family. This will avoid EOL concerns or upgrades in near future. Thus any MDS 9700 based design will provide strong investment protection and will also ensure that the architecture is relevant for evolving data center needs for more than a decade.

b. EOL Planning – With MDS 9700 based design you control when you need to add any additional blades but with MDS 9500, you will have to either fill up the chassis within 6 months (End of life announcement to End of Sales) or leave the slots empty forever after End of Sale date.

c. Simplify Design – MDS 9700 will allow single skew, S/W version, consistent design across the whole fabric which will simplify the management. MDS 9700 massive performance allows for consolidation and thus reducing footprint and management burden.

d. Rich Feature Set – Finally as we will see later MDS provides host of features and capabilities above and beyond MDS 9500 and that enhancement list will continue to grow.

2. Storage Consolidation

MDS 9700 provides unprecedented consolidation compared to the existing solutions in the industry. As an example with MDS 9710 customers can use the 16G Line Rate ports to support massively virtualized workload and consolidate the server install base. Secondly with 9148S as Top of Rack switch and MDS 9700 at Core, you can design massively scalable networks supporting consistent latency and 16G throughput independent of the number of links and traffic profile and will allow customers to Scale Up or Scale Out much more easily than legacy based designs or any other architecture in the industry.

Moreover as shown in figure above for customers with MDS 9500 based designs MDS 9710 offers higher number of line rate ports in smaller footprint and much more economical way to design SANs. It also enables consolidation with higher performance as well as much higher availability.

3. Improved Capabilities

MDS 9700 design provides more enhanced capabilities above and beyond MDS 9500 and many more capabilities will be added in future. Some examples that are top of mind are detailed below

Availability: MDS 9700 based design improves the reliability due to enhancements on many fronts as well as simplifying the overall architecture and management.

◉ MDS 9710 introduced host of features to improve reliability like industry’s first N+1 Fabric redundancy, smaller failure domains and hardware based slow drain detection and recovery.

◉ Its well understood that reliability of any network comes from proper design, regular maintenance and support. It is imperative that Data Center is on the recommended releases and supported hardware. As an example data center outage where there are unsupported hardware or software version failure are exponentially more catastrophic as the time to fix those issues means new procurement and live insertion with no change management window. Cost of an outage in an Data Center is extremely high so it is important to keep the fabric upgraded and on the latest release with all supported components. Thus for new designs it makes sense that it is based on the latest MDS 9700 directors, as an example, rather than MDS 9513 Gen-2 line cards because they will fall of the support on Feb 28, 2015. Also a lot of times having different versions of the hardware and different software versions add complexity to the maintenance and upkeep and thus has a direct impact on the availability of the network as well as operational complexity.

Throughput:

With massive amounts of virtualization the user impact is much higher for any downtime or even performance degradation. Similarly with the data center consolidation and higher speeds available in the edge to core connectivity more and more host edge ports are connected through the same core switches and thus higher number of apps are dependent on consistent end to end performance to provide reliable user experience. MDS 9700 provides industries highest performance with 24Tbps switching capability. The Director class switch is based on Crossbar architecture with Central Arbitration and Virtual Output Queuing which ensures consistent line rate 16G throughput independent of the traffic profile with all 384 ports operating at 16G speeds and without using crutches like local switching (muck akin to emulating independent fixed fabric switches within a director), oversubscription (can cause intermittent performance issues) or bandwidth allocation.

Latency:

MDS Directors are store and forward switches this is needed as it makes sure that corrupted frames are not traversing everywhere in the network and end devices don’t waste precious CPU cycles dealing with corrupted traffic. This additional latency hit is OK as it protects end devices and preserves integrity of the whole fabric. Since all the ports are line rate and customers don’t have to use local switching. This again adds a small latency but results in flexible scalable design which is resilient and doesn’t breakdown in future. These 2 basic design requirements result in a latency number that is slightly higher but results in scalable design and guarantees predictable performance in any traffic profile and provides much higher fabric resiliency .

Consistent Latency: For MDS directors latency is same for the 16G flow to when there are 384 16G flows going through the system. Crossbar based switch design, Central arbitration and Virtual Output Queuing guarantees that. Having a variable latency which goes from few us to a high number is extremely dangerous. So first thing you need to make sure is that director could provide consistent and predictable latency.

End to End latency: Performance of any application or solution is dependent on end to end latency. Just focusing on SAN fabric alone is myopic as major portion of the latency is contributed by end devices. As an example spinning targets latency is of the order of ms. In this design few us is orders of magnitude less and hence not even observable. With SSD the latency is of the order of 100 to 200 us. Assuming 150 us the contribution of SAN fabric for edge core is still less than 10%. Majority (90%) of the latency is end devices and saving couple of us in SAN Fabric will hardly impact the overall application performance but the architectural advantage of CRC based error drops and scalable fabric design will make provided reliable operations and scalable design.

Scalability:

For larger Enterprises scalability has been a challenge due to massive amount of host virtualization. As more and more VMs are logging into the fabric the requirement from the fabric to support higher flogins, Zones. Domains is increasing. MDS 9700 has industries highest scalability numbers as its powered by supervisor that has 4 times the memory and compute capability of the predecessor. This translates to support for higher scalability and at the same time provides room for future growth.

4. Foundation for Future Growth:

MDS 9700 provides a strong foundation to meet the performance and scalability needs for the Data Center requirements but the massive switching capability and compute and memory will cover your needs for more than a decade.

◉ It will allow you to go to 32G FC speeds without forklift upgrade or changing Fabric Cards (rather you will need 3 more of the same Fabric card to get line rate throughput through all the 384 ports on MDS 9710 (and 192 on MDS 9706).

◉ MDS 9700 allow customers to deploy 10G FCoE solution today and upgrade without forklift upgrade again to 40G FCoE.

◉ MDS 9700 is again unique such that customers can mix and match FC and FCoE line cards any way they want without any limitations or constraints.

Most importantly customers don’t have to make FC vs FCoE decision. Whether you want to continue with FC and have plans for 32G FC or beyond or if you are looking to converge two networks into single network tomorrow or few years down the road MDS 9700 will provide consistent capabilities in both architectures.

In summary SAN Directors are critical element of any Data Center. Going back in time the basic reason for having a separate SAN was to provide unprecedented performance, reliability and high availability. Data Center design architecture has to keep up with the requirements of new generation of application, virtualization of even the highest performance apps like databases, new design requirements introduced by solutions like VDI, ever increasing Solid State drive usage, and device proliferation. At the same time when networks are getting increasingly complex the basic necessity is to simplify the configuration, provisioning, resource management and upkeep. These are exact design paradigms that MDS 9700 is designed to solve more elegantly than any existing solution.

Continue reading

Stealthwatch Enterprise and Cisco Threat Response: Bringing machine-scale analysis to human-scale understanding

From zero-day malware to cryptojacking, from man-in-the-middle attacks to spear phishing, from ransomware to distributed denial of service attacks (DDoS) attempts – businesses of all sizes and industries are the constant target of these attacks. It’s perfectly normal to find this barrage of threats overwhelming – and then there’s constant pivot between multiple security solutions required to detect, investigate and remediate.

Now imagine a world where disparate solutions do not exist. A world where there is no need to manually correlate information from various sources to build a complete picture of each potential threat. Where two clicks are all it takes to get situational awareness of the threat impact and potential scope of compromise, and the context needed to formulate an adequate response strategy.

Two clicks and done, you say?

What if you could get insights into everything going on across the network, and you could quickly baseline your environment’s normal behavior, no matter what your organization’s size or type? And what if this knowledge could also be correlated with alerts across your endpoints, firewall, web, etc. to make it easier to identify something suspicious and kick it off your network? With Cisco Threat Response, you can now convert this vision into reality. It is a key pillar of Cisco’s integrated security platform and is designed to give you the contextual awareness you need so you can see, investigate, and act on threats fast. Our obsession with connecting the dots within your network has already made Threat Response the Incident Response workbench of choice for SOCs across the world.

Get Answers, Not Alerts

An investigation can involve dozens or even hundreds of discrete data elements, multiple sources of threat intelligence and an armor of security products providing telemetry. Before Cisco Threat Response, each observable had to be investigated against each threat intel source and each network and security products individually and manually, which takes even seasoned experts a long time to do. With Threat Response, they can either simply paste all of those observables into Cisco Threat Response and it does the work for them. It brings all of that knowledge back from intel sources and security products, displaying results in seconds. From there, SOC teams can take action immediately or continue their investigation with the tools provided.

Cross-platform visibility and response powered by analytics

We all know that security analytics has become something of a buzzword, but it continues to gain positive momentum and sustain relevance. Cisco’s network security analytics solution, Cisco Stealthwatch Enterprise integration with Threat Response brings the power of each to the other.

How does this work?

Stealthwatch provides agentless enterprise-wide visibility, across on-premises, as well as in all public cloud environments. Using the power of behavioral modeling, multilayered machine learning, and global threat intelligence, Stealthwatch Enterprise produces alarms on critical threats by monitoring both north-south and east-west traffic. Stealthwatch sends those alarms directly to Cisco Threat Response’s Incident Manager feature, allowing users to see those alarms alongside prioritized security alerts from other products such as Firepower devices. This communication is handled via a secure intermediary cloud service called Cisco Security Service Exchange (SSE). No internal data is bulk uploaded to the cloud; sightings and the associated metadata are sent only in response to specific queries. In this way, investigations on all IP addresses are enriched with Stealthwatch insight, regardless of the catalyst for the investigation, all delivered in seconds and in an easy to read graphical format that helps you both intuitively understand what happened and respond quickly and effectively across your entire portfolio. These incidents can then be investigated with additional context from your other threat response-enabled technologies, all in one console, with one click. This lowers the time required to perform triage and response to these alarms.

Figure1- Ability to pivot and drill-down into the Stealthwatch Management Console or choose to investigate a directly in Threat Response

Figure 2-Enrichment of Stealthwatch alarms with context from other security technologies. Block suspicious files, domains, and more–without having to log in to another product first.

The Stealthwatch -Threat Response integration bring together a number of unique differentiators for the SOC workflow. Our Cisco Security customers are able to:

◉ Streamline Investigation Workflow

◉ Enhance Collaboration with Case Book

The  casebook browser plug in allows a Stealthwatch users to leverage all the power of their configured threat response modules, right from the Stealthwatch interface via built-in pivot menus. For example, you can use it to pull IP addresses or domains from Stealthwatch interface where there’s an observable and the casebook feature of Threat response will allow you to kick off an investigation directly from your browser.

◉ Accelerate Response with Incident Reporting to Threat Response

Stealthwatch automatically shares critical and major Alarms with Cisco Threat Response as Incidents which are then further enriched. You are able to tie independent product data and events together to uncover threats by investigating multiple observables across multiple data sets and products. The integration gives you the power to investigate with automated enrichment and respond with confidence directly from the Threat Response interface using products such as AMP for endpoint and Umbrella.

◉ Access the Power of Analytics ( for existing Threat Response users)

With the integration, Threat Response users can now investigate entity security events sent over from Stealthwatch in cases where the potential host can be the source or target of an event. This provides granular visibility on internal network activity for suspected hosts under investigation.

Simplify to Amplify

Threat Response is designed to get you more from your Cisco Security investments by automating integrations directly out of the box. It’s also designed to dramatically cut the time and effort needed to detect, investigate, and remediate – making your SOC operations more efficient and effective.

More than 6,700 customers today are reducing the time it takes to both investigate and respond to threats across multiple security technologies with Cisco Threat Response. And it’s included as part of the Cisco Security product licenses and take under 10 minutes to get up and running in your SOC. There’s nothing more to buy.

Overwhelmed to Empowered

At every RSA conference, 600 security vendors vie for the CISO’s mindshare with no shortage of vendors offering point solutions that offer miracles for your SOC.The reality is that most organizations already have an abundance of point products designed to address specific challenges, but most of these products can’t be easily integrated to fulfill a larger and more effective security strategy. Isn’t it time for the security industry to do better? At Cisco, we think it is. We’re building a platform that redefines security powered by integrations. At the heart of our platform approach is a simple idea: security solutions should be designed to act as a team. We invite you to come with us on this journey that simplifies your experience and reduces complexity, paves the path for an integrated and open platform that strengthens operations, stays out of the way, and gives your team time back.

Continue reading

Cisco and IBM: Solving Customer Challenges through the Power of Partnerships

Complexity is one of the top challenges our customers face today. CISOs not only want to enable their teams to detect and respond to threats faster, they want to simplify workflows and streamline operations at the same time. In our annual CISO surveys, we’ve been seeing a trend toward vendor consolidation, which tells us CISOs are looking for ways to make their solutions simpler.

Vendors typically work in siloes to solve these kinds of challenges. But at Cisco, we believe we can achieve more through collaboration. That’s why we’ve been working in partnership with IBM Security to provide joint customers an in-depth, end-to-end defense strategy while simplifying their vendor relationships.

The average organization juggles 45 different security vendors. Leveraging the breadth of Cisco and IBM’s security portfolios allows our customers to drastically reduce that number of vendors while still using best-in-class products. The reduction in vendor surface creates more than just technical efficiencies. By consolidating vendor relationships, customers can maximize their buying power through vehicles like Enterprise Agreements, as well as simplify contract management and support cases.

Leveraging Cisco and IBM strengths

At Cisco, we believe we have excellent technologies to help customers prevent threats to their businesses, and with products like Cisco Threat Response, we even speed up various elements of the technical response. With IBM, we have focused our initial integrations on QRadar and Resilient product lines to help customers further prioritize threats and better assist with their response both at a technical and business level.

Let’s say you had an insider attack. The Cisco/IBM integrated solutions enable faster investigations of suspicious behaviors that could compromise credentials or systems. For example:

◉ Cisco Stealthwatch looks for behavioral indicators of compromise in activity traversing the network, including encrypted traffic without the need to decrypt the data. IBM QRadar builds on that detection, as well as other Cisco solutions like Firepower Threat Defense, to correlate events from network traffic and logs to help security teams quickly prioritize threats.

◉ Cisco Identity Services Engine helps you associate malicious activity with specific user credentials, and you can quarantine the user and lock down network access right from QRadar.

Responding to the attack is not just about gathering the information. You also need to understand how the business responds to the threat — is this something that needs public release of information, do you need to involve law enforcement, will this result in employee termination, and so on. To help operationalize incident response, you can use investigation results from all the integrated solutions to create a report in Resilient.

Innovative solutions to address customer needs

Many of the Cisco/IBM collaborative solutions are unique for the industry, and they’re based on lessons Cisco and IBM have learned from our extensive customer bases and our threat intelligence teams, Cisco Talos and IBM X-Force.

To make breach response more efficient, earlier this year we integrated Cisco Advanced Malware Protection (AMP) for Endpoints with QRadar and IBM Resilient SOAR. These integrations enable security teams to do things like:

◉ Receive AMP for Endpoints telemetry directly in QRadar for a consolidated view of events across endpoints and ability to search, analyze, and correlate them.

◉ Pull AMP for Endpoints data into Resilient to investigate events, automatically bring the results into an incident, and get more details on detected threats, then quarantine detected malicious files.

Since threats evolve quickly, defenses can’t rely on one mechanism alone. We work together in various other ways to help you detect unknown threats like ransomware or speed up response time. For instance:

◉ Resilient customers can submit suspicious malware samples to Cisco Threat Grid to get detonated, with the hashes sent back to Resilient. This can stop malware or ransomware before it ever reaches the end user.

◉ IBM Resilient users can query Cisco Umbrella for a list of blocked domains, save them to a data table, and delete or add new ones — preventing end users from accessing risky internet connections.

We’re listening to your feedback

Because we’re invested in the results that this collaboration can produce for our customers, we’re continuously expanding and improving our integrated solutions based on your feedback. The latest examples are enhancements made to the Firepower Threat Defense and QRadar SIEM integration, which accelerate threat investigation and remediation by correlating events across network, applications, and users.

Our customers wanted to dig deeper than the top-level summaries previously available. We listened — and the new, enhanced Firepower app that we’re releasing provides a higher level of detail in the integrated dashboard.

With Firepower Threat Defense and QRadar, you can answer questions like:

◉ Which hosts in my network are potentially compromised?

◉ Which hosts are known to be compromised?

◉ What malware is most often observed in my network?

◉ Which hosts have sent the most malware?

This is just one of the new enhancements and expansions we’ve been making as part of our alliance, and more are on the roadmap. By reducing complexities, increasing visibility, and improving threat defenses, our collaboration is improving outcomes in areas that are top of mind for our customers.

Continue reading

Unpacking IoT, a series: The complexity challenge and what you can do about it

In this post, I cover the final of the top three challenges: complexity. For an IoT initiative to be successful, the deployment and management of connected devices must be made simplified.

The typical solution to address scalability is automation. Automation certainly helps expedite and scale out an IoT deployment, but it’s not enough. If you cut and paste, and deploy text-based device configurations, that will help speed up configuration, but it won’t simplify deployments. A network administrator still has to come up with an appropriate network configuration to meet the business needs, perform extensive testing and validation of these configurations on a platform-by-platform and software-image by software-image basis, and finally templatize these configurations to support device-specific variables (like device names, discrete interface IP addresses, location details, etc.). So, how do we make this entire process easier beyond just automation?

To simplify IoT deployments, Cisco has made a paradigm shift in terms of how we empower network operators to program network devices. This new approach is called intent-based networking. To realize the impact of this new way of thinking, you need to understand that there are essentially two main ways to “program”— that is, to provide a set of instructions. One way is called the imperative model and the other is called the declarative model. Any programmable thing — whether it’s a computer or a person being given instructions — can be programmed using one of these models. The best way to explain the difference between the two models is to use a simple analogy.

Imagine you’re taking a taxicab to the airport. One way you can ensure you get to your destination is by providing the driver explicit turn-by-turn directions: turn left at the first signal, go down three blocks, turn right on Main Street, etc. You break everything down into discrete, very easy to follow directions, but they’re very complex. This approach illustrates the imperative model of programming, where every instruction needs to be provided in detail. Additionally, it should be noted that the imperative approach may even be sub-optimal and inflexible. For example, what if a particular street was closed for repairs and you didn’t know how to detour around the affected area?

An alternative approach, the declarative model, is to leverage the knowledge of the taxi driver and simply declare your intent: take me to the airport. You don’t need to explain how to get there or which route to take. You just express your intent — the business result that you want to achieve — and then rely on the driver to deliver on that intent. This is the paradigm shift we made at Cisco and what intent-based networking is all about.

Intent-based networking for IoT

Cisco DNA Center is the equivalent of that cab driver who knows how to get you from point A to point B without detailed instructions. We’ve embedded 30 years of networking knowledge into our solutions, enabling network operators to express their intent at the business level. For example, in the case of network security policies, a network operator can indicate these devices can talk to those devices. These people can access thoseapplications. That’s business-level intent. There’s no need to specify all the rules of how that intent is delivered, which technology is utilized, what kind of access policy is applied, where it’s deployed, etc. The network operator allows the machine to translate that and then to scale that configuration using automation to the programmable physical and virtual network infrastructures.

But that’s not all. We close the loop by soliciting telemetry data from the infrastructure to confirm that indeed the stated intent was delivered. The system compares the data from the network with what was declared by the operator to make sure that the business intent is being delivered. Either it is, and you have confirmation and data to that effect. Or, it’s not and that’s very important to know because then you can launch a troubleshooting workflow to investigate the root cause and take remedial action.

Intent-based networking is not new. We’ve been doing it within our data center with our application-centric infrastructure for quite a few years now, and more recently in the past five years we’ve been doing it in our enterprise networking. The expression of that is Cisco DNA Center.

What’s important now is that we’ve extended intent-based networking capabilities to the IoT edge. All IoT switches, routers, and wireless access points that run Cisco IOS XE can be managed by the same pane of glass you use to manage the rest of your network via DNA Center. Furthermore, you can extend the enterprise network to your IoT edge — wherever that happens to be: your parking lots, warehouses, distribution centers, manufacturing facilities, airports, seaports, utilities, power grids, etc. All of these places can be extended to using the same toolset.

The result: one intent-based network architecture for a consistent end-to-end experience and one set of security policies. IoT deployment is simplified, but it’s also scalable and secure.

Continue reading

Optics: Fundamental to Build the Internet for the Future

The internet. Who knew what an impact it would have on our world? Two decades ago, the phrase “being connected” in the way we think of it today barely existed. Now, not only are our computers connected to the internet, but new inhabitants including phones, clothes, cars, homes – the list goes on – are connected. And more is coming, faster. In fact, in 2022, more internet traffic will be created than in the entire 30+ years since the internet started. [Source – Cisco VNI report]

At Cisco, when we think about those numbers, we think about what they mean to our customers and how we can help them navigate the internet of the future. The higher speeds required of the new internet won’t be achievable if the optics connecting the routers and switches can’t keep pace with the silicon that drives them. Therefore, as internet traffic and speeds continue to increase, optics has a critical role in driving architectural transitions.

Today, there are two distinct worlds where optics plays a role:

◉ Inside the data center, where fiber is plentiful and distances are short (<10km). Every router or switch port has its own dedicated fiber. If a new switch or router is added, additional fiber is added to terminate the new ports. We use pluggable “direct detect” technology for this.

◉ Outside the data center, where fiber is scarce and distances are long (>80km). Challenges in transmitting high bit-rate signals over long distances require Dense Wavelength Division Multiplexing (DWDM) coherent transmission technology.
There are trends, both inside and outside the data center, that are taking place.

Trends Inside the Data Center

The growth in within data center traffic accelerates the need for next-generation networking equipment to support higher port densities and faster bit rates. This in turn drives the requirements for large scale deployment of high-speed optics to connect the various layers of the networking equipment. As router/switch port speeds have increased, the cost/bit has steadily decreased from advances in silicon (ASICs). However, while the cost/bit for pluggable optics has also decreased, it has not come down quite as fast as the router/switch port cost.

The result is that as the bit rate increases, pluggable optics represent a larger fraction of the total hardware cost. For example, at 10G, optics represented about 10% of the total hardware cost of a data center network. As we progress to 400G and beyond, that equation flips, and optics will represent more than half of the total hardware cost. In order to break this imbalance between optics cost curves and silicon cost curves, Cisco is investing in technologies like silicon photonics, via the Luxtera and Lightwire acquisitions.

Trends Outside the Data Center – in the DCI, Metro, Long Haul and Subsea Distances

The primary challenges for cloud and service providers in Data Center Interconnect (DCI), Metro, Long Haul and Subsea networks are to:

◉ Increase the capacity on the “existing” fiber infrastructure

◉ Drive down the cost per bit

◉ Automate to lower opex and eliminate human error

The key trend that we see in this segment is a migration from chassis-based solutions to pluggables.

Functions that were traditionally delivered in separate chassis-based transponder solutions will now be available in a pluggable form factor. This has potentially significant benefits for network operators in terms of operational simplicity. The key tipping point for this transition is that the pluggable coherent optics impose no density penalty for the router/switches. Over time, with continued improvements in silicon and optics, we have no reason to believe this won’t extend to cover a wider range of applications.

Our customers increasingly want to consume technology in different ways – some want to consume fully integrated systems (for coherent applications in metro/long haul as an example). As this technology becomes available in pluggable form with things like 400G ZR/ZR+, customers will consider architectural shifts relying on pluggables. These transitions are on the horizon, and Cisco is investing to make sure we have the right technologies to support our diverse customer needs – both for those who continue to deploy chassis-based solutions, as well as those who migrate to pluggables to collapse layers and reduce operations complexity.

And, finally, we want to increase our relevance for customers purchasing pluggables today for short reach applications – even for non-Cisco hosts.  We are confident that we bring unique value to our customers who want to procure optics and can provide them with confidence that Cisco optics will work in any third-party host.

With the ownership of silicon and optics, Cisco is poised like no other in the industry to offer our customers solutions in the form they want to consume – whether that means discrete components or fully integrated solutions – for the new internet.

Continue reading