Tuesday 31 March 2020

Cisco DNA Center with Cisco 1800S Active Sensors: Better than Helpdesk Tickets Alone

As the networking director of San Jose State University – or rather, a small city of about 40K people where the wireless network is the most visible service – I have always struggled with the gap between what my network management tools tell me about the wireless network and what the actual user experience is.

For some time, I have argued that just because my network assurance solution shows all green, it doesn’t mean that zero users are having a dismal wireless experience. I have to ask myself, are the four service tickets we get a week on average representative of the wireless network issues as a whole or are they a proxy indicator? Let’s face it, some users don’t open helpdesk tickets, they just vent on social media. These have been my user experience pickles!

Measuring the user experience has been something I have been trying to get my hands around – for me it is the proverbial pot of gold at the end of the rainbow. Probably one of the reasons I have been so intrigued with wireless sensors is because they are not a synthetic client, they’re a “real” client with vast automation. My initial attempts at leveraging wireless sensors proved to be quite time consuming. For me, the 30 sensors required 4-6 hours of setup time before the actual testing could commence. Both sensors and test setup consuming the better part of a day really isn’t conducive to measuring the highly dynamic fluctuations of a wireless network.

Happily, things changed markedly for the better when we upgraded our sensors and our Cisco DNA Center to version 1.3.3. Our Cisco DNA Advantage for Wireless software subscription includes upgrades to the latest innovations and any new capabilities (like new sensor software and workflows) developed within the IBN (intent-based networking) framework and the assurance platform within DNA Center.

From Hours to Minutes

With the new workflows in Cisco DNA Center 1.3.3, those same 30 sensors are automatically discovered and easily onboarded in about 20 minutes. Once the sensors are onboarded, the complete wireless sensor test setup from beginning to end takes less than 10 minutes. Now we’re getting somewhere and we can easily measure our user’s experience! Additionally, the sensors themselves are integrated into the issues dashboard for real time monitoring.

Cisco DNA, Cisco Tutorial and Material, Cisco Exam Prep, Cisco Learning, Cisco Guides

Wireless Network Assessment Using Sensor Tests

With the new software and workflow, we test and measure onboarding, DHCP performance, DNS response time and Web site performance. There are some additional tests which don’t apply to us such as FTP, radius, e-mail and more. Some of the test options we use are pictured below:

Cisco DNA, Cisco Tutorial and Material, Cisco Exam Prep, Cisco Learning, Cisco Guides

Cisco DNA, Cisco Tutorial and Material, Cisco Exam Prep, Cisco Learning, Cisco Guides

One particular capability that we rely on: Each sensor can now run a test against a preset number of access points in the “neighborhood”. Meaning a single sensor can target and validate multiple access points in the area assuming a minimal level of RSSI (we prefer -70dBm). This has helped us identify problematic APs in our network and zero in on wireless channel interference.

Consolidated Test Result Dashboard

So now for the smile moment: Inside the Cisco DNA Center Assurance under dashboards, the “Wireless Sensor” page paints the user experience picture very quickly. This dashboard provides summarized results and also contextual location results based on sites, buildings or floors. As I had hoped, the speed tests were working consistently; this is an important measurement point as this is a common wireless complaint (slow wireless).

Cisco DNA, Cisco Tutorial and Material, Cisco Exam Prep, Cisco Learning, Cisco Guides

The dashboard also indirectly provides guidance on where not to place sensors (see the two red locations in the below screenshot). As you can see, we placed two sensors in locations that were convenient for us (in a data closet for easy POE access), but not optimal for wireless testing. Think about what you are trying to test and where to test it. The dashboard showed us that we needed to relocate those two sensors to areas closer to where our users congregate.

Cisco DNA, Cisco Tutorial and Material, Cisco Exam Prep, Cisco Learning, Cisco Guides

I would like to encourage readers who are planning on using the sensors to keep a subset of sensors to move around to monitor special events or install them in reported trouble areas. This is immensely important for high profile meetings where measuring after the fact is pointless. When moving or relocating the sensors, all you have to do is assign their new location in the Provision Devices section and the test suite will “automagically” start testing in that area.

Overall, I am very happy with the new workflow and capabilities of the sensor and how Cisco DNA Center has provided me with a true user experience measurement capability. I am planning on adding many more sensors – in classrooms, meeting spaces and study spaces on campus – to provide us with an even more holistic and granular view of our users’ experience (and get me even closer to that pot of gold!).

Monday 30 March 2020

Navigating supply chain disruptions for agile retail

Cisco Prep, Cisco Exam Prep, Cisco Tutorial and Material, Cisco Learning

Business continuity is so important for retailers that face disruption to their supply chain. Between overseas shipments decreasing and physical stores closing, it’s no secret that the retail industry is coming face to face with the changing business landscape. Retailers that have solely relied on in-store offerings are now looking to quickly take their business to the web with a secure network. Luxury brands that rely heavily on global supply chains are particularly looking to creatively pivot their business model. Some sectors of retail are experiencing an uptick, particularly those leveraging delivery services and curbside pickup (such as quick service restaurants). The surge in remote workers and the need for visibility across both the network and across business operations, calls for agility for all retailers alike.

Cisco Prep, Cisco Exam Prep, Cisco Tutorial and Material, Cisco Learning

The largest question for retail brands around COVID-19 quickly becomes how to manage resources when they see interruptions to their supply chain. The best way to combat these disruptions is to engage employees, associates, suppliers and consumers with the right digital solutions. The goal of course being to find business continuity and a rhythm across the value chain, however manageable. Here’s a look at what how retailers can leverage the power of IT, and even look ahead to the increasingly evolving end consumer.

◉ Information and communication Real-time insight around product availability levels is especially important, as the continuous flow of updates requires up-to-the-minute inventory management. Retailers that can leverage a unified communication platform to support timely product information is key for all workers across the distribution center, to the customer service centers, to those managing stock in stores, and newly remote workers supporting retail operations from home.  For broader internal communications, collaboration and video conferencing enables retailers to ensure alignment around priorities and company strategy. Ramping up additional licenses to scale efforts aimed at helping organizations move as a unit has become top of mind as well.

◉ A whole new network A timely approach to setting up virtual firewalls is another beneficial move for retailers. A newly mobile workforce that can leverage a VPN connection allows workers to more effectively help customers in their online purchase journey while keeping transactional data secure. That in mind, threat detection and protection for an increasingly remote workforce is the best way to not only protect customer information but, to keep integrated retail systems secure as well across the network.

◉ Lock down on secure data Increased online presence for shoppers who are no longer visiting physical stores means online retail platforms may have to support a higher volume of traffic. An agile IT infrastructure and the right data storage for your network can up-level digital capabilities to grow that ecommerce channel and improve overall customer sentiment.

◉ Unified commerce The right contact center solution can help get customers the answers to their delivery or pickup questions more quickly, and location awareness can speed up the pickup process. From an omni-channel perspective, direct to consumer communication such as click to chat features can improve that customer experience and awareness around their order. This simply pushes the envelope around click-and-collect fulfillment methods that the industry has seen consumers gravitate to for years. What was a convenience has just become more of a necessity. Retailers that can support unified commerce are able to remain fluid during dynamic and uncertain times, as the consumer behaviors continue to evolve.

Sunday 29 March 2020

Remote Working: Endpoints Have Left the Building

Got DNS?

So, my first answer to address this challenge often surprises them; does your agency have DNS for your remote workforce? Talking it over, most agree that many remote employees consume web and cloud applications without turning on their VPN. This means that roaming users will likely be at the mercy of a random, unknown DNS provider. Why would anyone accept this risk?

Enhancing your agency’s endpoints with DNS security should be a no-brainer. Cisco Umbrella Roaming protects employees when they are off the enterprise VPN by:

◉ Blocking malicious domain requests and IP responses while DNS queries are resolved

◉ Enforcing security at the DNS-layer so malicious connections cannot be established and malicious files will not be downloaded

◉ Preventing malware from infecting laptops and command & control (C2) callbacks, or phishing from exfiltrating data over any port

◉ Plus, any infected laptop that exhibits any C2 activity can be immediately identified.

Hence, with an integrated, security-minded approach to DNS, Cisco Umbrella protects users from malicious Internet destinations whether they are on the enterprise VPN or roaming off the network. Delivered from the cloud, Umbrella makes it easy to protect users everywhere in minutes – without any performance degradation. Even better, Umbrella Roaming is fully integrated into AnyConnect client for Windows or Mac OS X.

Cisco Prep, Cisco Tutorial and Material, Cisco Learning, Cisco Exam Prep

How to secure endpoint access

After my friends pull me down off my soapbox about needing DNS for your remote workforce, our discussion changes to what you should expect from your VPN. It’s one thing for a VPN to simply enable an employee to work outside the office and provide the means to securely connect to the corporate network. However, any modern, security-minded VPN should enable a wide range of security services—to include functions such as remote access, posture enforcement, web security features, and roaming protection.

For government customers whose endpoints must maintain a level of posture compliancy, advances in VPN technology now enable security checks to be conducted on endpoints to ensure they meet posture requirements before connecting to the enterprise.

Cisco Prep, Cisco Tutorial and Material, Cisco Learning, Cisco Exam Prep

In the context of Department of Defense (DoD) Comply-to-Connect (C2C) efforts, I have previously discussed the need to think “bigger picture” in terms of adopting a Zero Trust lifestyle. Much more than a VPN, Cisco AnyConnect VPN Client, among its security capabilities, contains an endpoint compliance module that includes significant functionality essential to Federal C2C efforts and taking a Zero Trust approach. The Federal government can take advantage of a Remote Access VPN that enables the very foundation of C2C endpoint compliance and an essential Zero Trust capability via the same desktop application.

Simply put, far more than a VPN, Cisco AnyConnect Secure Mobility Client empowers remote working from anywhere on government laptops or mobile devices; whether connected to the enterprise or when needing roaming DNS protection. It also provides visibility and control for Federal agency enterprise operators and security teams to identify who (what devices and the compliance status of those devices) is accessing the enterprise infrastructure.

Remote working needs multi-factor authentication

It almost goes without saying, but multi-factor authentication is a must these days, especially for remote working. It is a must to verify the identity of all users with effective, strong authentication (two-factor authentication) before granting access to your agency’s enterprise VPN, applications and data resources.

Cisco Prep, Cisco Tutorial and Material, Cisco Learning, Cisco Exam Prep

Duo Security enables agencies to verify users’ identities and establish device trust before granting access to applications and data. By employing a Zero Trust model, Duo decreases the attack surface and reduces risk by helping to define and enforce policies that limit access to the users and devices according to a Federal agency’s risk tolerance levels.

Cybersecurity for remote working

Although it may sound daunting, when it comes to remote working, Federal agencies must be able to defend against threats, no matter where they are and no matter where their employees are working. This can be done using:

◉ Duo’s adaptive multi-factor authentication (MFA) provides the means for verifying user identities in order to gain secure remote access

◉ Cisco Umbrella Roaming, extends protection when employees are roaming off the enterprise VPN

◉ Integrated with Cisco AnyConnect Secure Mobility Client, employees can not only securely access enterprise resources, but network security teams can also prevent noncompliant devices from accessing the network in accordance with C2C Policy and according to a Zero Trust lifestyle.

Saturday 28 March 2020

Cisco Announces Kubeflow Starter Pack

Recently the Kubeflow Community released Kubeflow 1.0. Kubeflow brings together features such as TensorFlow, PyTorch, and other machine learning capabilities into a cohesive tool – from data ingestion to inferencing. Cisco is one of the top contributors to Kubeflow, helping to make operationalizing machine learning for large scale deployments easier for everyone. As a result, we are announcing Cisco Kubeflow Starter Pack.

Here are are the major components of Kubeflow 1.0:

Jupyter Notebook

Many data science teams live on Jupyter notebook since it allows them to collaborate and share their projects, with multi-tenant support. Personally, I use it to develop Python code because I like its ability to single step my code, with immediate results. Within the data science context, Jupyter becomes the primary user interface for data scientists, machine learning engineers.

TensorFlow and Other Deep Learning Frameworks

Originally designed to only support TensorFlow, Kubeflow version 1.0 now supports other deep learning frameworks, including PyTorch. These are two of the leading deep learning frameworks that customers are asking about today.

Model Serving

Once a machine learning model is created, the data science team often must create an application or web page to feed new data and execute the trained model.  With Kubeflow, there are built-in capabilities with TFServing enabling models to be used without worrying about the detailed logistics of a custom application.  As you can see in the screen shot below, the data pipeline enables data model to be served.  In fact, the model can be called through a URL.

Cisco Prep, Cisco Tutorial and Materials, Cisco Learning, Cisco Kubeflow, Cisco Certifications

Kubeflow Data Pipeline. Note the Deploy Stage for Trained Model Serving

Cisco Prep, Cisco Tutorial and Materials, Cisco Learning, Cisco Kubeflow, Cisco Certifications

Kubeflow Model Serving. Note the “Service endpoint” URL where the trained model can be accessed

Other Components

There are many other components to Kubeflow, including integration with other open source projects that enable more advanced model inferencing, such as Seldon Core. The Kubeflow Pipelines platform, currently in beta, allows users to define a machine learning workflow from data ingestion through training and inferencing.

As you can see, Kubeflow is an open source integrated tool chain for data science teams.  At the same time, Kubeflow enables the IT team to manage the infrastructure for the resulting data pipeline.

Cisco Kubeflow Starter Pack

To enable IT teams to work more closely with their data science counterparts, Cisco is introducing the Cisco Kubeflow Starter Pack, which provides IT teams with a baseline set of tools to get started with Kubeflow. The Cisco Kubeflow Starter Pack includes:

     ◉ Kubeflow Installer: Deploys Kubeflow on Cisco UCS and HyperFlex

     ◉ Kubeflow Ready Checker: Checks the system requirements for Kubeflow deployment. It also checks whether the particular prescribed Kubernetes distribution is able to support Kubeflow.

     ◉ Sample Kubeflow Data Pipelines: Cisco will be releasing multiple Kubeflow pipelines to provide data science teams working Kubeflow use cases for them to experiment with and enhance.

     ◉ Cisco Kubeflow Community Support:  Cisco will be providing free community support for Cisco customers who would like to check out Kubeflow.

Friday 27 March 2020

Simplify Multi-domain Automation with Cisco Action Orchestrator

Cisco Prep, Cisco Tutorial and Material, Cisco Study Material, Cisco Learning, Cisco Exam Prep

I’ve been working in software development/IT/technology my entire 17-year career. Time and time again I’m confronted with what ends up being the same challenge: how do I/we cobble together different pieces of software, platforms, and/or functionality to build one cohesive and observable solution.

Piecing solutions together

My first development job out of school was with a mortgage origination software company.  We provided custom installations depending on how your bank did business.  To provide viable tools for our bank customers to use, we had to piece together credit reporting, payment, and government regulation systems all onto our platform.

A few years later, I had a similar experience at a hospital billing software firm.  In this instance, we had to manage connections from scanned OCR documents, Medicare, insurance billing, and mainframe hospital systems. (The software that interacted with the mainframe emulators was SO COOL!)  These fed into a common billing database that took into account the incongruencies of all of those systems.

Finally, I’ve come across this same kind of challenge at least a half dozen times in my career here at Cisco!  Likely we all have, whether we realize or not. Because that’s what IT solutions (hardware and/or software) really are.

A multi-domain solution consolidates deployments

That brings us to the concept of Multi-domain solutions.  Cisco products cover enterprise/campus, data center, security, and WAN.  Depending on the need, these products are deployed individually or as a combination for a larger solution.  Organizations then choose to manage these deployments via the device, the controller GUI, or API.  A multi-domain solution consolidates these deployments “as one.” This offers the capability of provisioning and configuring all necessary components of the solution.

The Scenario

Cisco Prep, Cisco Tutorial and Material, Cisco Study Material, Cisco Learning, Cisco Exam Prep
Consider we have a number of retail branches being set up and a centralized data center.  The POS system at each branch needs secure access to the datacenter price list.  In addition, there is a need for a local network at the sites, requiring wireless access over a standardized SSID.  Finally, a local web server and ad server is required for advertisement.  This scenario is ripe for a multi-domain solution.

First, let’s look at access to the data center.  This is achieved through Cisco SD-WAN (or Cisco Meraki), and makes each added branch device part of the organization’s WAN.  Next, we provision wireless networking devices at the branches through Cisco DNA Center (or Cisco Meraki). This provides our local network SSID.  Finally, we deploy our branch host servers via Cisco UCS and manage their application connectivity via Cisco ACI.  Now, we could deploy and provision all of these elements for each branch manually through various GUIs for each platform. But why? There is a better way!

Multi-Domain Automation with Cisco Action Orchestrator

Cisco Prep, Cisco Tutorial and Material, Cisco Study Material, Cisco Learning, Cisco Exam Prep

All of the platforms mentioned above have robust APIs as part of their platforms.  This allows for applications and scripts to be written to automate repeatable tasks.  Now, a network automation engineer may take a look at this problem and think, “well, I could script all of this out in Python using REST APIs. Or maybe Ansible would be a good solution.”  Those would both be valid tactics. But they could take some time to develop, and come with a list of requirements. This is where Cisco Action Orchestrator can help.

Cisco Action Orchestrator saves time and effort in automation tasks

Cisco Action Orchestrator (CAO) allows a network automation engineer to create individual tasks, like making calls to REST APIs, that can be linked together to repeatedly perform complex linear and parallel workflows.  In our example, tasks can be created to call Cisco SD-WAN vManage API. And when that completes (or in parallel) the task to call Cisco DNA Center intent APIs to setup wireless networks is triggered.  We can also implement messages to platforms like Webex Teams for monitoring the success of the tasks and workflows.  CAO abstracts the necessity of writing code or YAML from scratch and lets you focus on building the solution.

Thursday 26 March 2020

How To Make 100G Pluggable Optics In Massive Volume

We’ve been talking about Single-Lambda 100G and why it’s so important for the next generation of 100G pluggable optics. I use the term “pluggable optics” because even though 100G is all about the QSFP28 form factor these days, the next generation should be an SFP of some sort.

Let’s back up a little and get back to where the previous post left off. We said that we’re working toward the vision of simpler 100G pluggable optics. And to facilitate that, we’re using PAM4 modulation so that we can get by with only one laser instead of four, and therefore one wavelength (a.k.a. “lambda”), to carry a full 100Gb/s stream of data.

Why is it important to minimize the components in the module? Consider the diagram in Figure 1. It shows what goes into today’s 100G QSFP28 pluggable optical modules. Notice that they are inherently four-channel devices, both in the optical interface facing right, and the electrical interface facing left. Each of the four channels carries 25G of NRZ data, for a total of 100G.

Cisco Prep, Cisco Tutorial and Material, Cisco Learning, Cisco Certification, Cisco Exam Prep
Figure 1. Block diagram and application of a typical 100G QSFP28 transceiver for duplex SMF.

Compare this with the diagram in Figure 2, a typical 10G SFP+ transceiver. It’s pretty simple. There is only one lane that carries 10G of data. There is typically only a laser, a photodiode, and simple driver circuits for optical-to-electrical and electrical-to-optical conversion. This simplicity is key to why manufacturers are able to make 20 million 10G SFP+ modules per year.

Cisco Prep, Cisco Tutorial and Material, Cisco Learning, Cisco Certification, Cisco Exam Prep
Figure 2. Block diagram and application of a typical 10G SFP+ pluggable transceiver module.

Eventually, when 100G SerDes (serializer – deserializer) is available on switch and router ports, the ASIC behind the ports can take over the FEC (Forward Error Correction) and PAM4 (Pulse Amplitude Modulation with 4 levels) functionality, leaving the pluggable module to perform only the optical-to-electrical and electrical-to-optical conversion. Then we could increase faceplate bandwidth density by using the smaller SFP form factor, with a single 100G lane on the electrical side that interfaces with the switch or router port. This form factor will likely be called SFP112 (Figure 3). Note that the block diagrams in Figures 2 and 3 look nearly the same.

Cisco Prep, Cisco Tutorial and Material, Cisco Learning, Cisco Certification, Cisco Exam Prep
Figure 3. Block diagram and application of a future 100G SFP pluggable transceiver module. It will likely be called SFP112.

We’re not there yet, though. In the meantime, we have QSFP28 modules that perform the FEC and PAM4 inside the module, as well as convert the electrical 4x25G lanes to the single 100G lane. This is what happens in our recently released QSFP28 100G FR module. The benefit of adopting this QSFP28 now is that when the SFP112 becomes available, today’s switches and routers using QSFP28 modules will interoperate with the future ones that accept SFP112 modules. And there won’t be any need for 4x25G-to-100G conversion because both the electrical interface and the optical signal will be single-lane 100G. This forward compatibility is highly advantageous for network upgrade strategies, as it prevents your existing QSFP28 modules from becoming obsolete as you add new SFP112-based hardware.

Wednesday 25 March 2020

AI for Networking: Separating the Hype from Reality

Cisco Tutorial and Materials, Cisco Certification, Cisco Exam Prep, Cisco Prep

Networks support explosive growth in traffic volume, connected mobile and IoT devices, and interconnected applications and microservices needed to deliver required services. Today’s networks generate massive amounts of data that exceed the ability of human operators to manage, much less understand.

Cisco Tutorial and Materials, Cisco Certification, Cisco Exam Prep, Cisco Prep

With unprecedented increases in network complexity and scale, AI is no longer just “a nice to have” – it is becoming essential to helping NetOps teams maintain service and network assurance. Network strategists already know this: More than 50% identify AI as a priority investment needed to deliver their ideal network.

AI: What can’t it do?

However, there are also a lot of over-blown expectations. As the engineering lead on AI for networking at Cisco, I often find myself in conversations about very futuristic, and somewhat unrealistic AI-enabled scenarios. It can be quite entertaining – but we also need to remember that today’s AI technology is not a panacea for every networking ailment.

For now, and for the next few years, AI will only help fully automate a limited set of straightforward use cases. In most cases, that require more complex and flexible analysis, AI will simply help human operators make quantifiably better and faster decisions.

AI: What can it do?

So, what can AI help us do today? One of the most common AI techniques, machine learning (ML) offers unique capabilities that operators can use to assure required network performance.

ML algorithms are certainly very powerful, but they also have a reputation of being difficult to design, tune, and adapt to a variety of situations and sometimes have been known to produce results that may be difficult to interpret.

Cisco Tutorial and Materials, Cisco Certification, Cisco Exam Prep, Cisco Prep

With Cisco AI Network Analytics, we have created a learning platform that solves issues where ML provides an indisputable and impactful benefit for network operators over existing technologies and approaches. This is possible thanks to the combination of two factors: (1) decades of experience in building some the world’s largest and most advanced networks and (2) deep expertise in ML algorithms that can effectively process networking data.

AI and ML have some useful applications

Let’s look at one of the more useful ML use cases – complex event processing. When applying ML to network telemetry, it is possible to establish dynamic baselines of what constitutes normal operating conditions for a given intent.

For example, the ML model(s) may be used to predict what should be the lower-upper bounds for a given KPI, for example, Wi-Fi on-boarding times. On-boarding refers to the set of complex tasks triggered when a wireless client attempts to join a wireless network.  Joining a network successfully and seamlessly contributes significantly to the Quality of Experience for the end user. Being able to monitor such complex, multidimensional KPIs so as to detect abnormal onboarding times, along with determining potential root causes should an issue occur, is a fundamental task for IT teams.

In this instance, Machine Learning (ML) allows for computing models used to predict the upper and lower bounds of the KPIs for on-boarding. KPIs falling outside a prediction as provided by the ML model would be considered “abnormal” for that unique network involved, and thus would be candidates for raising an alarm (that is, an alarm based on a learned bound, not based on a static value).

The figure below shows a predicted “band” (shown in green) of normal values for the percentage of failed onboarding sessions. As we can see, at some point the percentage of failed onboarding sessions (blue line) became abnormal (falling outside the green band), considering a number of network variables involved, as analyzed by the ML algorithm in use. This departure from normal to abnormal behavior for this network is denoted by the red section of the time-line in the diagram shown.

Cisco Tutorial and Materials, Cisco Certification, Cisco Exam Prep, Cisco Prep
Predicted range of normal values for the percentage of failed onboarding sessions

A second ML use case that has a lot of potential is correlated insights. ML can provide deeper insights and visibility into the operation of the network and even help predict when an anomalous condition is likely to occur in the future.

A third important use case would be root-causing. In some cases, an ML algorithm may be able to detect anomalies with associated root causing, whereas in other situations more than one ML algorithm may be used in conjunction with anomaly detection to provide root causing.

IBN and AI as disrupters

AI and advanced networking technologies like IBN are disrupting how things are done, especially for networking operations. Testing of new applications can be done in minutes instead of weeks. Troubleshooting gets significantly easier when an assurance engine identifies root causes and recommends fixes. In fact, when armed with powerful dashboards that offer actionable insights, a future network operator may only need to look in a handful of places, as opposed to plowing through heaps of possible causes.

Cisco Tutorial and Materials, Cisco Certification, Cisco Exam Prep, Cisco Prep

The intent-based networking (IBN) vision is that network teams will simply define the required behavior, and the network will know how to continuously align itself with what the business needs.

Tuesday 24 March 2020

How to quickly capture share of the SD-WAN Managed Services market

Early in the 21st century, the subject of applications being delivered across the WAN was being researched.  It took more than 10 years for computing power to increase sufficiently to support analysis of the network traffic in order to make informed decisions in real-time.  This increase enables support of an overlay network that could function as traditional WAN did – but at a much lower cost. In 2014, the term software-defined WAN, or SD-WAN, was being used to describe this overlay network.

The benefits to customers of SD-WAN are significant, but the opportunity for solution partners of all types is vast and profitable. For some partners, providing a managed service for SD-WAN is new territory and they currently don’t have the depth of knowledge on SD-WAN implementations –  and customers may select competing partners that tout more expertise in the service.  A lost opportunity isn’t just the SD-WAN service, it’s also complementary services that can be provided by the service provider.

Just having enough expertise to implement an SD-WAN infrastructure for a customer is not enough.  You need the capacity to deliver and maintain connectivity to applications over the WAN – often to one or more clouds.  With Over-the-Top (OTT) services consuming greater bandwidth, adjusting for the ebbs and flows of business can become a challenge in providing the Application Quality of Experience (AppQoE) your customers need in a multicloud world.

SD-WAN Delivery Models

There are 4 main delivery models for SD-WAN:

1. Re-sell – it’s still the most common in the market. However, the market is changing from large Enterprises buying SD-WAN appliances using CapEx funds and attempting to implement it themselves to one that extends down-market, uses an OpEx model and is managed by a service provider.

Managed Services Practice Models

2. Build – Offering SD-WAN bundled with additional professional services and network connectivity options. The service providers build the SD-WAN infrastructure to a customer’s requirements and provides services for that customer.  This option has the longest ‘time to market’.

3. Co-deliver – This model involves a partner working with an SD-WAN vendor. Partnering with Cisco expands the technical workforce capabilities.  It has a slightly faster time to market than the ‘Build’ model.

4. “As A Service” – This model is based on consumption and addresses the complete lifecycle of deployment. A service provider or system integrator engages a company such as ngena (net) who offers the complete SD-WAN infrastructure, full lifecycle expertise, and flexible options to ensure successful deployments.  This model has some unique benefits for both customers and partners and is our focus for the rest of this discussion.

Let’s say you are a strictly SD-WAN resell partner today and want to take advantage of profitable opportunities delivering managed services for SD-WAN.  You’ll need a Business and Go-to-market plan, you need SD-WAN expertise and the understanding of how OTT services will impact the customer. You need to build out capacity to deliver and support the infrastructure, you will need new billing models, and you will need to implement consumption tracking.  In this fast-moving market, the service offering build-out time could negatively impact your market share, ability to expand service offerings and capture new recurring revenue streams.  Creating new services requires a significant investment in time and resources to develop and can be fraught with risks.

Cisco Tutorial and Material, Cisco Learning, Cisco Certification, Cisco Cert Exam

Working with an “As A Service” Partner

Providers can partner with ngena for faster design and implementation, ability to leverage a scalable portfolio of solutions built on Cisco’s SD-WAN products, have confidence in a future proof delivery model, and leverage white label deployments.

Here’s an analogy: You are building a home for a client.  You are the general contractor.  Maybe you have some skills in electrical work too – maybe enough to do the work yourself, but that will take time from you overseeing the rest of the project and keeping to a delivery date.  As the general contractor, you hire an electrician to wire everything up.  The electrician is ngena.  You get expertise and confidence the work will be done correctly – and you save time and get to focus on what you need to focus on.

Cisco Tutorial and Material, Cisco Learning, Cisco Certification, Cisco Cert Exam
Partnering with ngena, you are ready to sell now, and it provides the consumption model that allows you to build Monthly Recurring Revenue (MRR) streams.  ngena offers wholesale prices to partners with zero CapEx investment which provides an incremental margin opportunity.  The ngena offering is a Cisco SD-WAN solution which provides a predictable application experience (AppQoE), and security that is built-in to provide secure segmentation across the entire network stack.  Cisco’s SD-WAN is enterprise-grade and provides intent-based networking with multi-domain policy.  CRN honored Cisco SD-WAN with the SD-WAN Product of the Year award for 2019.

ngena delivers the service through a single portal with worldwide orchestrated operations featuring pre-defined services, intelligent automation and predictive analytics, and is DevOps ready.  They offer a global presence through dedicated global infrastructure, backbone and the ability to take care of local loop connectivity as well.  Full lifecycle management enables scalability to address the needs of any migration.

Cisco Tutorial and Material, Cisco Learning, Cisco Certification, Cisco Cert Exam

Interested in quick GTM and expanding your service offerings?  ngena provides a global end-to-end managed platform that is truly unique in the industry – delivering secure SD-WANaaS for any category of partner.  Regardless if your scope is just your domestic market or serving international markets, ngena provides that coverage.

Monday 23 March 2020

What do ‘Owning Your Edge’ and ‘Customer Experience’ have in common?

Cisco Prep, Cisco Tutorial and Material, Cisco Guides, Cisco Learning, Cisco Exam Prep

It’s not easy to be in the resell and network integration business. For decades, our partners have been wrestling each other for differentiation and relevance in a crowded and unforgiving landscape. We often ask partners “Why do customers buy from you?”, and while the answers vary, they are often predictable, generic, and unconvincing. “We have the greatest engineers” or “We have amazing customer relationships and we do whatever it takes to support them.”

How do partners recognize their differentiation, define their uniqueness and own their edge?

At Cisco Partner Summit 2019, Oliver Tuszik displayed a picture of himself next to a monkey and declared (to the audience’s laughter) that although 99% of their DNA is shared, they are very different indeed. One is relaxed and eating a banana, while the other has an accelerated heart rate and is on stage presenting to 3,000 people. Although the DNA differences are very small, those differences are extremely significant, and a great illustration of what it means to have an edge. The Cisco Partner Consulting & Innovation team has worked with countless partners to help them realize just that. We’ve utilized our Unique Value Proposition (UVP) workshops to help many partners define their edge. For some, their edge is clearly understood, but most struggle with defining and communicating it.

So, what does that have to do with Customer Experience (CX)?

To understand a partner’s edge, it’s important to identify their strengths and align these strengths to what their customers care about. At the heart of it all is the challenge of quantifying how they provide a complete lifecycle experience to their customers. Understanding the technology, managing the product/service/software ordering and billing process are not easy but they are table stakes to be in this business. This, by no means, is an attempt at trivializing these functions. For some partners, their edge is their ability to address fulfillment faster, easier, and cheaper.

For most partners, the opportunity to differentiate happens after landing the deal. Their edge is in how they interact with the customer to implement and adopt the technology purchased. Their edge is demonstrated as they ensure that the customer maximizes the return on the investment they made, and it’s defined in the partner’s ability to manage risk and proactively help the customer achieve their business goals. These lifecycle activities are not new to our partners. It’s in these areas where they can enjoy the margin-rich professional services and managed services they possess. Partners generate (on average) 15% margin with their resell business, but they obtain upwards of 30% margin on their partner-branded and delivered service(s).

For many years, partners have honed their customer relationships so they can build upon the stickiness that post-sales activities promise. Cisco CX defines the steps that partners have followed intuitively for decades. CX identifies the lifecycle milestones and defines the steps for true adoption – where customers are choosing, using, and loving Cisco. It provides the process for systematic execution and holds the promise of automation to lead to the seamless renewal stage. CX also enables the lifecycle and demonstrates to our partners that we not only understand how they define their edge, but we now speak the same language, and lead together. As one partner executive told me at Partner Summit – “Cisco finally understands our world.”

CX fuels the lifecycle that partners embrace to own their edge.

Sunday 22 March 2020

What can you learn from your most profitable competitors?

There is one thing that every CEO wants to know the answer to: How is my company performing compared to others?

Cisco Prep, Cisco Tutorial and Material, Cisco Learning, Cisco Cert Prep

This question does not stem from insecurity, but rather from the desire to gain insight, to achieve great results, and to generate maximum returns. “Am I charging enough for my services?”, “Are my costs of sales higher or lower than others?”, “What are my competitors doing that I can learn from so I can increase my operating income and my valuation?” For publicly traded companies, some high-level information is readily available, but specific margin attainment and productivity metrics are not typically reported yet are highly coveted.

Cisco’s Partner Consulting and Innovation (PC&I) team offers confidential financial benchmarking analysis for partners’ complete business operation. Most recently, we completed an aggregate study of our findings and explored what separates the most profitable partners, the 20% of partners with the highest EBITDA, from the rest. Our most profitable partners enjoy EBITDA of 13.1% versus the average attainment of 4.9% – there are many factors that contribute to this impressive 2.7x performance.

Let’s look at a few:

1. Selling More Partner-Branded Services

Traditionally, services were a capability that partners would attach to an infrastructure deal: “I will sell you the network infrastructure and attach my implementation services”. This service-attach behavior served well for those partners wishing to achieve 10-15% of their revenue via their brand of service. However, most partners strive to offer consulting, architecture, design, and day-2 service capabilities to their customers. We’ve seen a steady increase over time in that business model. In fact, on average, the Cisco partners we have analyzed generated 21.6% of their revenue from their brand of service, while the most profitable generate 27%.

The most profitable partners do not view services as an ‘attach’ play, but rather as a comprehensive and differentiated margin-rich capability that facilitates their customer engagement lifecycle and stickiness. These partners embrace the entire Cisco portfolio of capabilities as a platform which enables them to position their services in a manner that delivers an integrated technology solution to address a business need. Doing so enables them to command higher margin, attain greater project control, and increase customer intimacy.

2. Recurring Revenue and Managed Services

It is no secret that transactional and project-based business is somewhat unpredictable. Our partners have been on a long and challenging journey to increase the recurring revenue components of their business and many have built Managed Services and Cloud capabilities along the way. On average, partners generate 37.5% Gross-Margin on their MS/Cloud business, but the most profitable partners enjoy average margins of 46.2%. These healthy margins are extremely attractive, and they are rather sustainable, but still represent a small percentage of a partner’s overall business at just 7%. What separates the most profitable from the rest is their ability to generate a larger percentage of revenue from their recurring business and provide advanced capabilities to their customers. These partners offer Managed Services that consist of data-driven, proactive capabilities addressed to support the customer’s business needs and not just reactive infrastructure monitoring. The most profitable partners have specific and intentional sales motions with unique & qualified skillsets to sell Managed Services with an emphasis on solving a business needs, addressing different economic buyers, and focusing on the user experience across the full lifecycle.

3. Account Managers (AM) and Systems Engineers (SE) Ratios

The most profitable partners invest in more pre-sales SEs. Over time, the role of the pre-sales SE has evolved from a technical subject-matter expert who addresses features and functionality into a Solutions Architect that bridges the technical and business divide. These resources are focused on ensuring that technology solutions are defined to address a business need, adding significant value to customer alignment and architectural roadmap clarity. The most profitable partners invest in a Systems Engineer for every 1.8 Account Managers, while the rest deploy a Systems Engineer for every 2.9 Account Managers. The impact made through investing in these resources is clear when we look at the sales productivity metrics for the most profitable partners who typically see 10% higher revenue and 16% higher Gross-Profit per sales resource.

Gaining a glimpse into how competitors are defining and achieving success is a valuable lesson in realizing what is possible and paves the way on the journey to excel. The secret for optimal performance and profitability is multi-faceted and requires excellence across all the business functions operating in unison.

By knowing how one compares to the competition, one gains visibility into the possibilities.

Saturday 21 March 2020

Cisco Introduces Segment Routing v6 on Nexus 9000 GX Series Platforms

Cisco Tutorial and Materials, Cisco Learning, Cisco Guides, Cisco Prep, Cisco Exam Prep

When discussing the Internet of the future recently, Cisco CEO Chuck Robbins said, “We really want our customers to consume the technology in any way they want.” With that in mind, I am pleased to announce the first Cisco Nexus platform that supports Segment Routing v6 (SRv6) running NX-OS which gives customers’ business the next-generation programmable data center network capabilities. Our Cisco Nexus platforms already support Segment Routing (SR-MPLS); now the Nexus GX platform supports SRv6 as well.

Segment Routing Introduction

Segment Routing (SR) is a flexible, scalable way of doing source routing. In Segment Routing, the source chooses a path and encodes it in the packet header, as an ordered list of segments. The network does not need to maintain state per-application and flow. Instead, it obeys the forwarding instructions provided in the packet. The first version of SR used the MPLS data plane.

SRv6 – Building Next-Gen Programmable Network Infrastructure

SRv6 further simplifies the network by eliminating MPLS altogether. It relies on the native IPv6 header and header extension to provide the same services and flexibility as SR-MPLS, directly over the IPv6 data plane.

SRv6 adds network programming capabilities by taking advantage of IPv6 Extension Headers. We can now insert Segment Routing headers into IPv6 packets. Thanks to the increase in Segment ID size, it is now possible to pack more than IP addresses into a Segment ID and hence go beyond routing purposes.

The IPv6 flavor of Segment Routing allows user-defined functions to be associated with segments. By leveraging the segments encoded in the dedicated segment routing extension header (SRH), the IPv6 packet carrying the network instructions explicitly tells the network the path it should traverse and the functions to be executed at each SRv6 node. These functions may implement any computable behavior, enabling simplified network programming.

Beside the main advantage of SRv6 providing the most advanced SRv6 Traffic Engineering (TE) capabilities, the network can be turned into a multi-service infrastructure. New Flexible Algorithm (Flex-Algo) capabilities make multiple optimizations of the same physical network infrastructure along various dimensions possible.

The SRv6 architecture (Segment Routing based on IPv6 data plane) is a promising solution to support services like Traffic Engineering, Service Function Chaining, and Virtual Private Networks in IPv6 backbones and data centers. The SRv6 architecture has interesting scalability properties as it reduces the amount of state information that needs to be configured in the nodes to support the network services.

Fundamentally, SRv6 provides a way to simplify the network by eliminating MPLS – using the native IPv6 header and header extension to provide the same services and flexibility as SR-MPLS, over the IPv6 data plane.

Cisco Nexus GX Platform Supports SRv6 Functionality

Cisco Nexus 9000 platforms support Segment Routing v6 (SRv6), which brings many advantages to our customers. The GX platform provide customers with:

◉ 4 TBPS Packet Processing in a single 1RU/2RU switch with port speeds up to 400G
◉ Insert up to 9 SIDs (Segment IDs)
◉ Encapsulate IP/L2 payloads with SRv6 and add up to 5 SIDs in Segment Routing Header (SRH)
◉ Line Rate SRv6 forwarding
◉ Operational management tools for troubleshooting and monitoring
◉ Nexus 9000 Series platform models
     ◉ N9K-C9316D-GX: 16 x 400/100/40-Gbps QSFP-DD ports
     ◉ N9K-C93600CD-GX: 28 x 100/40-Gbps QSFP28 ports and 8 x 400/100-Gbps QSFP-DD ports
     ◉ N9K-C9364C-GX: 64 x 100/40-Gbps QSFP28 ports

Business Drivers for going with SRv6

Build Scalable Networks

The SRv6 architecture allows to build scalable networks by reducing the amount of state information that needs to be configured in the nodes to support the network services.

Traffic Engineer (TE) customers traffic across any size of networks

SRv6 Traffic Engineering leverages IPv6 underlay and forwarding by adding Segment Routing Header (SRH) to SRv6, this facilitates Traffic Engineering and path protection capabilities. Accordingly, Traffic engineering enables use cases such as Disjoint Paths for selected traffic, Color Affinity traffic forwarding based on link colors, low latency path selections for certain traffic, high bandwidth path selections, and many more to come.

Build Data Center Interconnection (DCI) with Core/WAN running SRv6

Data Centers mostly based on VXLAN technology can hand-off the traffic to the service provider or core/WAN running SRv6.

Reduce Network Operational Complexity and OPEX

SRv6 eliminates the need for LSP management. As networks become more complex; this helps to simplifies network operational management. This is one of the key differentiators comparing SRv6 to SR-MPLS and MPLS LDP technologies.

Enable Network Programmability

In SRv6, a segment routing identifier (SID) is an IPv6 address. It can be conceptually separated to two parts: locator and function. The locator is the route to the node performing the function. The function can be any possible function bound to SRv6 SID. Customers have the complete flexibility to program the SID in SRH to enable simplified network programming.

Introduce Operation, Administration and Maintenance (OAM)

Enables customers with operational management tools for troubleshooting and monitoring.

SRv6 Use-Cases on the Nexus 9000 Series Platforms

Cisco Nexus GX platforms with SRv6 enables realize the following key use cases.

The first and immediate use case is interconnection of data center networks with core networks. VXLAN has been widely deployed in the data center and the core networks are transitioning to SRv6 from MPLS. Nexus GX platform is a perfect choice for performing a seamless VXLAN to SRv6 hand-off function interconnecting VXLAN data centers with SRv6 core networks. This is the most-tailored and scalable design for GSPs (Global Service Providers) and large enterprises with SRv6 Core. Benefits offered are simple, scalable architecture and seamless inter-connectivity between globally spread data centers and the SRv6-based core/WAN.

The second use case that SRv6 brings to service providers is L3 VPN (Layer 3 Virtual Private Network) over SRv6. L3VPN over SRv6 enables multi tenancy for next generation IPv6 networks, 5G networks of global service provides, large and small data centers that support 5G, and beyond.

Another important SRv6 use case is network service chaining, also known as service function chaining (SFC). It is a capability that uses software-defined networking (SDN) capabilities to create a service chain of connected network services (such as L4-7). This network service chaining enables customers to have, for example, security (firewall) services embedded within the SRv6 network.

A key advantage SRv6 brings to networks is Unified Data Plane (UDP), where customers can run IPv6 everywhere in data center and core networks. This enables the Global VRF (Virtual Routing Forwarding) over SRv6 use case, where IPv4 as well as IPv6 data center fabrics interconnect over SRv6. This use case is applicable for MSDCs (Massive Scaled Data Centers) and globally spread data centers inter-connectivity.

Friday 20 March 2020

Top 5 new features in Cisco DNA Center 1.3.3.x

Cisco Study Materials, Cisco Tutorial and Material, Cisco Learning, Cisco Cert Exam

Cisco DNA Center 1.3.3.x just dropped and it’s full of new features. Here are the five most popular additions in this free upgrade and what they mean to your business.

The next time you login to your Cisco DNA Center dashboard, you’ll see a notification for a new software upgrade to version 1.3.3.x. Included in this free upgrade are 47 new features, all accessible from the Cisco DNA Center dashboard. Here’s a quick look at five of the features that our customers are talking about most.

Cisco’s partnership with Samsung enables Galaxy smartphones, including the S10 and S20 families, to speak to Cisco DNA Center with client diagnostics. This provides a more comprehensive view of all potential root causes of wireless issues.

Samsung client analytics

This feature allows Samsung mobile clients (such as the Samsung Galaxy S10 and S20 families of smartphones) to send alerts and error codes to Cisco DNA Center for increased insights into the health and user experience of clients on your network. You’ll recall that in early 2018 Cisco and Apple joined together to allow iOS devices to send device information and error codes to Cisco DNA Assurance. The results of this collaboration have been great, and our customers love the ease with which they are able to diagnose connectivity issues with iOS devices.

Now we have added Samsung Galaxy smartphones to this effort. When a mobile client sends an error code to Cisco DNA Center your IT team is given the exact cause of a wireless issue. This eliminates the guess work and troubleshooting and can eliminate any problem that is not a network-related problem.

Wireless sensor enhancements

Cisco Study Materials, Cisco Tutorial and Material, Cisco Learning, Cisco Cert Exam
From the release of our Cisco DNA Assurance wireless sensors back in 2017, they have been a hit. But many customers have asked for an easier way to deploy these magic boxes in remote offices. We answered by completely rewriting the software on the Cisco AP1800S Wireless Active Sensor and adding new capabilities into Cisco DNA Center. The result are wireless sensors that are easier to setup and scale across large-scale network environments. Moreover, the interface is easier to read with new location-based sensor heatmaps to quickly identify failed tests and potential network issues. We have added “Day-0” provisioning so that the sensor can be automatically provisioned once it is powered on. This makes connecting at a remote office a snap! Next, we made the wireless link to the network a dedicated backhaul link, which means that the wireless connection is “always on” regardless of wireless testing activities. A new Heatmap View displays the top five rankings for statistical categories. This view also displays a heatmap representation of the sensor test result failures. This focus on location makes it much easier for teams to prioritize and locate issues quickly.

Network speed tests can now be performed via NDT or iPerf3, depending on which you prefer. Finally, we have added a “Sensor-360” view with time travel to the main Assurance menu in Cisco DNA Center. This allows you the same analytics and troubleshooting on your sensors as the rest of your network. This feature can verify the appropriate sensor functionality and performance so that you can rely on the tests that you perform with the sensor. If you have never tried the Cisco AP1800S Wireless Active Sensor, now is the time! They are now simple to install, even in remote offices, they are easier to use, and they can save you from constant remote site visits for network troubleshooting.

Executive Summary Reports

Cisco Study Materials, Cisco Tutorial and Material, Cisco Learning, Cisco Cert Exam
The answer to the question: How can I demonstrate the many network improvements my team have achieved in a clean, simple to understand, graphical report? Cisco DNA Center’s new Executive Summary Reports gives you a myriad of categories with which to assemble a network report.  Set up the areas of focus (sites, users, or devices) and capture detailed data about network devices and clients, which you can use to analyze network performance. From simple reports such as overall health, to device data, or even an overview of network issues trending. A weekly (7-day) overlay shows the change in performance. This feature allows other company stakeholders or executives to get a clear and easy-to-read overview of network performance and trends.

Meraki Automation

Many Cisco customers have deployed a hybrid Catalyst + Meraki network. This is usually because a company needs a sophisticated switch solution for their large campus network, and cloud-managed devices in remote branches that are simple, secure, and reliable. Many of you have asked for ways to provision and inventory Meraki devices from within Cisco DNA Center. In version 1.2.1.x, we included full Meraki visibility and inventory into the Cisco DNA Center dashboard. Now we are including provisioning of Meraki wireless access points. The diagram below shows five branch offices with Meraki enterprise networks. The corporate campus and regional sites are larger operations and have deployed Cisco DNA (Catalyst/Aironet) on their campus’. The new Meraki Automation feature in Cisco DNA Center allows the corporate campus to provision new Meraki access points into any sites in the network and maintain control of the addition of new devices – this is a common company policy.  Once these Meraki devices are installed and provisioned, they can be managed from any site via Meraki dashboard.

Cisco Study Materials, Cisco Tutorial and Material, Cisco Learning, Cisco Cert Exam

Rogue wireless management

This provides increased security and control of wireless networks by enabling detection of unauthorized access points plugged into local switches or access points with the same SSID but not connected to the customer’s wired network. These wireless security breaches are known as “the honeypot” and “the unauthorized access point.” The diagram below shows a graphic explanation of these scenarios. Cisco DNA Center’s new Rogue wireless management feature will discover and flag both security cases allowing your team to immediately (and remotely) disable the rogue access points.

Cisco Study Materials, Cisco Tutorial and Material, Cisco Learning, Cisco Cert Exam

The new 1.3.3.x software includes many, many other features including: StackWise Virtual support, ASA Firewall automation, APIC-EM migration, policy extensions for SDA, and customizable device health scores.

Thursday 19 March 2020

SaaS-delivered Encrypted Traffic Analytics with Cisco Stealthwatch Cloud

We’ve reached an interesting turning point for encrypted traffic.

Gartner predicted that 80% of web traffic would be encrypted by 2019. Sure enough, this prediction came true. Last year, the team at Let’s Encrypt, an organization that helps enable encryption for websites, cited that 80% of web traffic they’ve seen is now encrypted. We have reached the point where the average volume of encrypted traffic on the internet has now surpassed the average volume of unencrypted traffic.

This is largely good news, as moving forward, encrypting internet traffic is now the new norm online and will continue to grow. This is good for data privacy and should let us sleep a bit easier knowing that as out information traverses the internet, it’ll be encrypted.

However, much like the adoption rate of encrypted traffic, encrypted threats are also on the rise. This year, Gartner has predicted that more than 70% of malware campaigns will use some type of encryption to conceal malware delivery, command-and-control activity, or data exfiltration. Complicating matters, it’s also predicted that 60% of organizations will fail to decrypt HTTPS efficiently, thereby missing critical encrypted threats.

Traditional threat inspection methods that rely on bulk decryption, analysis, and re-encryption are not always practical or feasible, for both performance and resource reasons. These methods also compromise privacy and data integrity. Unfortunately, many organizations do not have a way to detect malicious activity in encrypted traffic without the use of decryption. With the growing amount of encrypted traffic and the number of threats hiding within it, how should organizations ensure the encrypted traffic coming into their network is safe, without compromising the integrity of that data?

A better approach to analyzing encrypted traffic

Stealthwatch Cloud is a Software-as-a-Service (SaaS) solution that is easy to try, easy to buy, and simple to operate and maintain. Stealthwatch Cloud analyzes network behavior to detect advanced threats, even those hiding in encrypted traffic. Cisco’s proprietary Encrypted Traffic Analytics (ETA) technology uses attributes like Initial Data Packet (IDP) to detect malware in encrypted traffic, without decrypting the data.

Recently, Stealthwatch Cloud has added further integrations with Cognitive Intelligence, our amazing cloud-based machine learning and AI R&D team as well as its Confirmed Threat Service.

These integrations allow Stealthwatch Cloud to ingest ETA telemetry from supported Cisco networking devices and provide additional, enhanced fidelity of encrypted (as well as non-encrypted) traffic. From there, ETA will alert users of potential threats that might be hiding in encrypted traffic. These alerts include cryptomining, unpublished TOR, botnets, Ramnit, Sality, malicious file download, phishing and typosquatting and more.

In a performance study by Miercom, Cisco Encrypted Traffic Analytics showed as much as 36% faster rates of detection, finding 100% of threats in three hours. Furthermore, the study found that Cisco ETA detected 100% of malicious flows within three hours

How it Works

Cognitive Intelligence’s Confirmed Threat Service provides Stealthwatch Cloud with a list of high-confidence Indicators of Compromise (IOCs in the form of IPs and domains), a full description of the related global threat, and a write-up of recommended remediation steps. These IOCs are generated as a result of processing billions of connections from across the globe using a pipeline of analytical techniques which include the collection of Initial Data Packets. In essence, the Confirmed Threat Service is the outcome of multi-layered machine learning and encrypted traffic analytics that can convict known as well as unknown global threat campaigns. Cisco ETA can match field data extracted from the IDP against known IOCs which allows Stealthwatch Cloud to then correlate local customer telemetry to the global Confirmed Threat Service.

New alerts created via this threat intelligence will show up as “Confirmed Threat Watchlist Hit” alerts. These alerts can include named malware type families and also provide details on what they do (exfiltration, exploit, content distribution, botnets, ransomware, etc). Some of the threat intelligence provided by the Confirmed Threat Service is created in collaboration with Cisco Talos. Talos will seed intelligence (initial set of seed IOCs), title and description of a threat. Cognitive Intelligence will then expand this seed set of IOCs with new occurrences using information gathered from IDPs and machine learning – which in turn yields new IPs and domains that are also related to the given threat and appear in real customer telemetry.

Meeting Compliance Needs

In addition to being able to effectively monitor encrypted traffic coming into their network, organizations also have to consider how they use encryption on their own data. When using encryption for data privacy and protection, an organization should be able to answer major questions:

How much of the digital business uses strong encryption?

What is the quality of that encryption?

This information is critical to prevent threat actors from getting into the encrypted stream in the first place. Today, the only way to ensure that encrypted traffic is policy compliant is to perform periodic audits to look for any TLS violations. However, this method isn’t perfect due to the sheer number of devices and the amount of traffic flowing through most businesses.

Cisco Encrypted Traffic Analytics provides continuous monitoring without the cost and time overhead of decryption-based monitoring. Using the collected enhanced telemetry, Stealthwatch provides the ability to view and search on parameters such as encryption key exchange, encryption algorithm, key length, TLS/SSL version, etc. to help ensure cryptographic compliance.

Together, Cisco ETA and Stealthwatch Cloud can also identify encryption quality instantly from every network conversation, providing organizations with the visibility to ensure enterprise compliance with cryptographic protocols. These tools deliver the knowledge of what is being encrypted and what is not being encrypted on your network so you can confidently claim that your digital business is protected and compliant. This cryptographic assessment is displayed in Stealthwatch Cloud and can be exported via APIs to third-party tools for monitoring and auditing of encryption compliance.