Enjoy Incredible Benefits by Passing Cisco 300-425 ENWLSD Exam

Cisco is an international organization widely known for producing specialized gadgets and systems. The organization is presently the best designer in the best-in-class system administration equipment list. Therefore, obtaining the certification of this vendor is an excellent solution for the career of any IT professional. One of the current and popular tracks offered by Cisco is CCNP Enterprise. That is why, in this blog, we will check out the details of the Cisco 300-425 ENWLSD exam, which is one of the certification examinations needed for earning this professional-level certificate, and explore the benefits it can bring. So, let's dive into it!

A lot of professionals want to earn this certificate and get it to validate their skills in delivering enterprise networking solutions. This brings us to what we require to obtain this certification.

Essential Information About Cisco 300-425 exam

The CCNP Enterprise certification track, which the Cisco CCNP 300-425 ENWLSD Exam is a part of, doesn't need any formal requirement. Hence, everyone can sit for this exam and its associated certification. The only crucial thing is to master all the skills evaluated in this exam. Certainly, you can have tremendous knowledge behind your back with three to five years of experience, but this is not a compulsory requirement.

Cisco 300-425 ENWLSD is a certification exam designed for IT professionals who want to obtain CCNP Enterprise. To obtain this certification, they should pass one core exam (350-401 ENCOR) and one concentration exam (to choose their supplementary knowledge domain). Cisco 300-425 is from the concentration exam group. Other exams that you can take instead of this one are as follows:

• Cisco 300-410 (Implementing Cisco Enterprise Advanced Routing and Services);
• Cisco 300-415 (Implementing Cisco SD-WAN Solutions);
• Cisco 300-420 (Designing Cisco Enterprise Networks);
• Cisco 300-430 (Implementing Cisco Enterprise Wireless Networks);
• Cisco 300-435 (Automating Cisco Enterprise Solutions).

The 300-425 ENWLSD exam is geared towards demonstrating one's knowledge of wireless network design, comprising wired & wireless infrastructure, Mobility & WLAN high availability, and site surveys. This is an excellent certification exam for the mobility network engineers and wireless site survey engineers who are typically engaged in implementation, network design, and planning. It is also apt for those professionals who want to build a career in the IT sector, especially in wireless enterprise networking.

Cisco 300-425 ENWLSD Exam Structure

The Cisco CCNP 300-425 ENWLSD syllabus includes four topics from which most or all of the exam questions are taken. These objectives cover Mobility (25%), Wireless Site Survey (25%), WLAN High Availability (20%), and Wired and Wireless Infrastructure (30%). These are the subjects that the applicants should master to pass this exam. You can get mastery over them by enrolling in a training course offered by Cisco's official website. In addition, you can get some valuable and reliable prep resources from many websites: these resources involve study guides, practice tests, videos, and Cisco blogs.

Cisco 300-425 ENWLSD exam comprises 55-65 questions, which need to be completed in a 90-minutes. To pass the exam, you need to obtain a score of 750-850 out of 1000. The exam cost is $300.

Also Read: 300-425, ENWLSD Certification: Study Guide & Career Benefits

You can take the exam in English only. To schedule this exam, you must visit the Pearson VUE platform. You can register for this exam from the official Cisco certification webpage by clicking on the link offered at the bottom of the page.

Your path to Success for CCNP Enterprise 300-425 ENWLSD Certification Exam

What Are the Benefits of Passing the Cisco 300-425 ENWLSD Exam?

There are so numerous benefits of passing the Cisco 300-425 ENWLSD exam. Let's look at them closer.

Acquiring Advanced Skills and Knowledge

The Cisco 300-425 ENWLSD exam equips the applicants with the relevant knowledge and skills to adequately represent the systems of wireless network design for producing a network design solution. It also reveals how the Enterprise Composite Network Model can competently streamline the complications of modern networks. The exam also equips you with the ability to design the enterprise campus in wired and wireless infrastructure modular fashions. It will also allow you to design an enterprise WAN network along with a network addressing plan.

Additionally, this exam is intended to help the applicants know how to choose the ideal routing protocols for a network. Furthermore, CCNP Enterprise 300-425 certification equips them with the expertise to evaluate security solutions for a network. All of these abilities are an essential part of the correct working process of the whole organization. Therefore, organizations want to employ those professionals who own this knowledge.

Enjoy Brilliant Career Opportunities with Cisco 300-425 ENWLSD Certification

Being a Cisco certified professional is something that creates new opportunities for you within your country and overseas. The hiring managers will find your resume appealing, and you will hold a higher chance of acquiring a well-paid job position or get a promotion in your existing company. Adding the CCNP Enterprise certification to your CV will make you stand out from the group. And even if you choose to continue your current job, the skills you will get through Cisco 300-425 exam preparation will help you become more productive in your job role.

Some of the job positions you can follow after passing the Cisco 300-425 exam include the following:

• System Engineer;
• Network Administrator;
• Senior System Administrator.

Conclusion

Cisco 300-425 ENWLSD can be a difficult certification exam if you don't study thoroughly. We recommend that you go through all the details and learn all the topics before sitting for it. Make good use of available study resources to pass this exam and earn the sought-after CCNP Enterprise certificate.

Continue reading

How to Prepare for Cisco 300-410 (ENARSI) Certification?

Cisco ENARSI Exam Description:

This exam certifies a candidate's knowledge for implementation and troubleshooting of advanced routing technologies and services including Layer 3, VPN services, infrastructure security, infrastructure services, and infrastructure automation. The course, Implementing Cisco Enterprise Advanced Routing and Services, helps candidates to prepare for this exam.

Cisco 300-410 Exam Overview:

• Exam Name:- Implementing Cisco Enterprise Advanced Routing and Services
• Exam Number:- 300-410 ENARSI
• Exam Price:- $300 USD
• Duration:- 90 minutes
• Number of Questions:- 55-65
• Passing Score:- Variable (750-850 / 1000 Approx.)
• Recommended Training:- Implementing Cisco Enterprise Advanced Routing and Services (ENARSI)
• Exam Registration:- PEARSON VUE
• Sample Questions:- Cisco 300-410 Sample Questions
• Practice Exam:- Cisco Certified Network Professional Enterprise Practice Test

Related Articles:-

• Cisco 300-410 ENARSI Exam and Practice Tests: Details Not to Be Missed
• Preparing for the Cisco 300-410 Exam: Study Resources
• Upgrade Your Career with New CCNP Enterprise 300-410 Certification
• Sharpen Your Confidence With Practice Test – and Passing Cisco 300-410 Exam Will Be Super Easy

Continue reading

CX Cloud—expertise and insights at our fingertips

Over the years Cisco IT has built many tools to manage support. We had one tool to track subscriptions, another to keep tabs on service contracts, and yet another to view asset lifecycle information. The problem? We spent too much time correlating information scattered across the different interfaces. When we received a security alert on one interface, for instance, we had to go into another interface to identify the affected assets.

Supporting the Cisco network is much more efficient now that we use Cisco CX Cloud. Think of CX Cloud as a one-stop destination for all information we need (Figure 1). No more searching across disparate, unconnected tools. Everything is in one place. CX Cloud is saving us time. Revealing issues we didn’t know about. Helping us more quickly respond to vulnerability alerts to keep the network secure. And giving us new insights into network health.

Figure 1. All support information in one place

I asked Chris Groves, Cisco IT director of network services, how CX Cloud makes his job simpler. Here are his top four:

◉ Monitoring case status (Figure 2). “At the top of my list is how easy it is to see open cases,” Chris told me. “In two clicks I can see every TAC case, who opened it, and whether it’s for firewall, remote access, data center, Cisco Virtual Office, etc. Never underestimate the power of the mundane.”

Figure 2. TAC case status at a glance

◉ Time savings. Before, when we received an advisory about a potential security vulnerability we’d start by identifying all assets at risk. That alone took several hours. Next, we’d figure out the right mitigation steps and plot out our strategy. After that we’d track progress. Along the way we’d use several tools. With CX Cloud, we can easily see all affected assets in one place, along with suggestions for mitigation (Figure 3). If an incident affects 500 assets, just being able to see all of them in one place saves us about 15 hours of work.

Figure 3. Selecting an advisory shows all assets at risk

◉ Faster response to vulnerabilities. Chris likes the convenience of seeing all advisories right on the dashboard—sorted by criticality. For example, field notices about less-important issues, like a button prone to sticking, are listed separately. “We can’t patch everything at once, so we check the CX Cloud dashboard to see which advisories have the biggest impact in our network,” he said.

◉ New insights. If Chris sees that a large portion of cases involve the same product or place in the network, he checks if the support team needs help. He might even suggest a product change to the business unit. He can also spot chronic issues and monitor the results of support initiatives.

As Customer Zero, we influenced the product

Cisco IT was Customer Zero for CX Cloud, meaning that we were the first to use it in production so we could provide input on features and share our experiences with other customers. With our feedback, initial setup time dropped from 6 hours to 30 minutes. We also suggested features on the product roadmap, like the ability to tag advisories with recommended actions and to filter cases by team or product group.

Though we’ve just started using CX Cloud, we’re already seeing the business value. Consolidating support information in one place helps us more efficiently manage our network, keeping it secure and available. As Chris summed it up, “CX Cloud is like having high-touch support right at your fingertips.”

Source: cisco.com

Continue reading

Enable Digital Transformation with Cisco SD-WAN

Cisco SD-WAN unlocks new possibilities with our network infrastructure, the new architecture is replacing the long-established role of the wide-area network (WAN), connecting our users at the branch office location to applications hosted on servers in the datacenters.  

Often VPN (Virtual Private Network) tunnels or Multiprotocol Label Switching (MPLS) were implemented for segregation of data and security. This approached worked well for years, but as our customer moved into a mobile digital application world and their data move to the cloud, a new approached was required. 

It’s a multi-cloud world

We live in a multi-cloud world, where using multiple clouds from multiple providers has become the new normal. Cisco SD-WAN has proven effective in helping Cisco partners accelerate their adoption of multi-cloud environments and drive business solutions for their customers. It helps them manage multiple network providers, ISP circuits, and connect branches to clouds. Cisco SD-WAN allows customers to deliver on-demand branch connectivity to their ISP and cloud providers directly from the SD-WAN controller. 

Model-Driven Programmability

Adding Cisco SD-WAN programmability via the vManage REST APIs has opened even more possibilities for extending automation to any task. Such as:

◉ Template-driven infrastructure deployment service, allowing engineers to define building blocks and create abstractions for the deployments of required sets of resources.  

◉ Update or delete the deployed resources with ease without many changes to the configurations. 

◉ Provisions the reference of one resource definition to another, thus enabling the creation of dependencies and controlling the order of creation of resources. 

Many Cisco partners are leveraging these APIs to create custom automated sequences for managing, monitoring, configuring, and troubleshooting the SD-WAN environment based on their specific needs. 

Getting the details via developer experience

The Cisco SD-WAN API allows Cisco partners to focus more and more on their developer experience. Product managers, marketers, and engineers alike have an interest in evaluating and improving how a developer uses APIs and the benefits they bring. That’s why Cisco DevNet is dedicated to delivering an excellent developer experience with SD-WAN.  It’s a dedication that pays off over many developer interactions, as they use the SD-WAN documentation, sandbox, and other resources. 

Are we doing this right though?

A mentor once told me “Feedback is feedback, no matter if this is valuable feedback or bad feedback. Asking the right people for feedback will help you grow.” Hearing from our DevNet Specialized partners is key to improving the quality and content for Cisco SD-WAN API, and programmability in general. So, when it came to feedback on the SD-WAN Dev Center, I took the opportunity to speak with our DevNet Specialized Partners at the recent API Insights webinar. The webinar – offered exclusively to our DevNet Specialized partners – was focused on the Cisco SD-WAN Dev Center, new plans, and upcoming opportunities.

The webinar featured a live presentation and demo of how partners can execute Cisco SD-WAN REST API calls for role-based access control (RBAC), based on the Resource Groups feature, and how this can be used for Cisco SD-WAN deployments. The presentation showed how this feature helps to simplify network administration, restrict blast perimeter, and meet compliance requirements. 

API Insights webinars are available exclusively to partners who have already achieved their DevNet Specialization. I invite partners to learn more about the DevNet Specialization so they, and their teams, can experience these insights webinar events, and see how being DevNet Specialized can benefit your teams, your business, and the business of your customers.

Source: cisco.com

Continue reading

Complete and continuous remote worker visibility with Network Visibility Module data as a primary telemetry source

Navigating the new normal

Organizations are currently facing new challenges related to monitoring and securing their remote workforces. Many users don’t always use their VPNs while working remotely – this creates gaps in visibility that increase organizational risks. In the past, many organizations viewed these occasional gaps in visibility as negligible risks due to low overall volumes of non-VPN-connected remote work. However, today, that’s no longer the case, as organizations and workers have been thrust into a new “work from home (WFH) era.”. This not only led to an explosion in the need for remote access from anywhere and on anything – effectively expanding threat surfaces and concurrently increasing opportunities for attackers – but – as if that weren’t enough – organizations were also hit with a wide-ranging and prolonged employee activity visibility blackout. This left security teams scrambling to adapt as this sudden “visibility blackout” further exacerbated overall organizational security risk levels.

Read More: 300-410: Implementing Cisco Enterprise Advanced Routing and Services (ENARSI)

Nostalgically remembering the good old days…

Back in olden times, circa late 2019 – back in the heydays of employee-activity visibility via on-premises network monitoring, and way, way back when people’s work-week routines involved commuting to the office, clocking in, logging onto the corporate network, and doing work in between water cooler breaks – organizations using Secure Network Analytics had absolute, total visibility into everything that their employees were doing. Back then, before the WFH era – security teams could instantly glean deep insights into practically everything that was being hosted within, interacting with, and connecting to their corporate networks. And despite these being simpler times, security teams still had to be incredibly agile, up to speed with rapidly changing and evolving technologies, and always ready to react to security incident-related fire drills at a moment’s notice.

Amidst the arms race that is network security, SecOps professionals must always be comfortable with high-pressure situations and fast-paced environments. It just comes with the territory. Plain and simple. It’s a job that requires a thick skin and continuous adaptation. I have always been impressed with security professionals’ ability to embrace such complexity and ambiguity, remain calm and collected, and just focus on the task at hand and execute. And I especially admire the ones that are naturally energized by their work and thrive on it. However, last year’s abrupt exodus away from corporate offices marked a paradigm shift that left even the best security teams in the dark and effectively lent a whole new meaning to the age-old adage, “the only constant is change”.

New WFH blind spots

To illustrate, in today’s new WFH era, whenever remote workers don’t use their VPNs, organizations are 100% blind to what their employees are doing. This prevents security teams from successfully establishing baselines of normal worker behavior and continuously monitoring them, concomitantly preventing them from being able to alert on anomalous activity and hindering their ability to detect certain types of threats. As a result, SecOps teams have been left in the dark and have been finding themselves asking questions like, have any of our users visited malicious URLs? Is anyone exfiltrating sensitive proprietary data? Have any users’ devices been unintentionally compromised and are now demonstrating command and control (C&C) activity? Are we facing compliance-related and broader organizational risks due to employees running outdated and vulnerable operating systems that need to be patched?

Obtaining complete and continuous remote worker visibility with NVM data

To adapt to this modern conundrum, Secure Network Analytics recent release 7.3.1 began to address this whole “WFH visibility blackout conundrum” by making endpoint Network Visibility Module (NVM) data a primary telemetry source to provide organizations with continuity in remote worker monitoring and visibility without requiring NetFlow telemetry to be present. But that was just phase 1 – now, with release 7.3.2, we’ve further extended this capability with the Data Store now supporting all NVM telemetry record collection to offer 100%-complete and continuous remote worker visibility. So now, whenever a user either works on-network or remotely – be it at home or a local coffee shop – and thus off-network without tunneling through a VPN, or if they are optimizing their remote work experience through split tunneling, all their activity is stored locally. With Network Visibility Module data being a primary telemetry source, whenever workers do eventually turn their AnyConnect VPNs back on, the NVM module phones home and sends logs of all their user activities back to Secure Network Analytics.

This gives security practitioners the continuity in visibility that they need by allowing them to monitor remote worker activities through the collection and storage of NVM endpoint records. Security teams can now gain visibility into activities that they were previously blind to, such as:

◉ Downloading and hoarding of large amounts of sensitive company data

◉ Data exfiltration or the sharing of sensitive company data to an external source

◉ Visiting malicious IP addresses and/or inadvertently installing trojans or other malicious processes

◉ Running older operating system versions with vulnerabilities that need patching

Et cetera. The list of potentially suspicious activities goes on, regardless of whether they are unintentional or motivated by an insider that has gone rogue.

Additionally, with Release 7.3.2, customers that are using NVM data along with a Data Store deployment are also gaining the following benefits:

◉ NVM telemetry records can be collected, stored, and queried in the Data Store

◉ New NVM reports that are now available in the Report Builder application

◉ The ability to define customized security events based on NVM data-specific criteria

◉ All Endpoint Concentrator functions are now fully managed by the Flow Collector

Figure 1. A Secure Network Analytics deployment enabled with both the AnyConnect Secure Mobility Client and the Data Store. User endpoints generate NVM data with rich and granular device context – such as IP addresses, host and usernames, machine types and models, which operating systems and versions are running, the processes that launched network connectivity, MAC addresses, hash information, and more – that is all collected and stored in the Data Store.

Extend the zero-trust workplace to anywhere on any device

In fact, not only does deploying the NVM module software meet the challenges outlined above by extending visibility beyond the walls of the enterprise network to enable more efficient remote worker monitoring, but it also extends the zero trust workplace to anywhere globally and on any device by providing security practitioners with visibility into who is online and what they’re doing by capturing additional granular user device context such as IP addresses, host/user names, machine types and models, which operating system and version is running, the processes that launched network connectivity, MAC addresses, hash information in case potentially harmful files are being shared and traversing the network, and more.

Drastically comprehensive and context-rich visibility is simply table stakes in our “new normal”

Despite efforts to begin transitioning back to the office, with some organizations embracing hybrid models going forward, a significant paradigm shift has already occurred – WFH is here to stay. Having pervasive visibility into remote worker activities is no longer a negligible risk that could be ignored. Nor should any NDR solution portray it as a “nice to have” rather than a “need to have” capability. Now, in today’s “new normal,” with users capable of connecting to the enterprise network from literally anywhere and on literally any device, the need for continuity in visibility across all remote activity has never been more pronounced.

Modern problems require modern solutions. Nowadays, organizations need NDR solutions that offer an unparalleled breadth and depth of visibility across their modern, distributed networks. Secure Network Analytics delivers the most comprehensive, granular, and continuous visibility into remote worker activities through the Network Visibility Module, as well as best-in-breed and industry-leading behavioral analytics to alert on suspicious and anomalous network activity.

Source: cisco.com

Continue reading

Cisco Nexus Dashboard: Cloud Operational Platform for Observability

One of the things that used to keep me up at night is that troubleshooting a data center network typically involved multiple disparate teams, each having a different view of the network, user interface, and the applications it supports. Historically, it took probing the network manually with complex questions and use the answers derived from custom scripting, spreadsheets, and CLIs for troubleshooting and remediation.

Read More: 300-815: Implementing Cisco Advanced Call Control and Mobility Services (CLACCM)

And with scaling into the multi-cloud in modern data center fabrics, the size and scope of deployments are growing into hundreds or even thousands of devices. This results in operational complexity, and the cost of managing these devices has exponentially grown as it takes longer to troubleshoot issues using multiple tools and methods. These multiple tools result in disparate user experiences that result in a lot of time and manual processing spent on troubleshooting and tracking critical network events across global networks. It often requires time to hone into misbehaving devices or collect and analyze data across multiple devices. That can result in downtime which quickly becomes expensive.

Traditional data center network management tools and approaches assume a velocity and volume of change that is well below what is enabled by the cloud and is unable to meet the demands of cloud native applications and digital business.

Cisco Nexus Dashboard is designed to automate, monitor, and analyze your network infrastructure. Innovative architectural approaches were implemented to provide automation and visibility at scale. Nexus Dashboard Insights simplifies operations for our customers with a modern, stateless microservices architecture that can scale horizontally, leveraging open-source infrastructure code. Insights delivers dynamic correlation, impact analysis, proactive alerts, failure prediction, and remediation, along with operational data visualization. These capabilities help consolidate the number of operational tools needed and reduces application downtime, Mean Time to Identify (MTTI), Mean Time to Resolution (MTTR), and the operating costs. 

Driving automation and visibility at scale 

Here are the key architectural components of the Nexus Dashboard Insights architecture: 

Collectors: Nexus Dashboard Insights incorporates universal telemetry collectors. These collectors support multiple input plugins for collecting software and hardware telemetry data streamed from networking infrastructure devices like routers, switches, firewalls, and load balancers.  

Data lake: Insights pipeline supports data encoded in JSON or GPB, which gets transformed and stored in a data lake for further processing. Telemetry data from legacy devices that do not support streaming telemetry is retrieved using REST API or SSH and then put into the pipeline for transformation.  

Analytics Engine: The analytics engine pipeline uses a serverless compute model. It handles tasks such as data enrichment, anomaly detection, data aggregation, and resource scoring by splitting them into modular tasks with associated task specifications. These tasks are processed independently, and the results are saved in the distributed data lake.  

Nexus Dashboard Operations Intelligence Platform

Architecture for deep visibility and operational simplicity 

Today, we are leveraging best-in-class AI/ML technologies to automate a number of these tasks which were being done manually on CLIs or using custom python scripts. This has led to powerful forecasting and anomaly detection use cases to generate an alert based on analytics of the time-series network data, paving the path towards proactive and predictive capabilities. 

Insights proactively streams software and hardware telemetry from across the fabric. It uses AI/ML technology to create a network-specific baseline for different Key Performance Indicators (KPIs). These baselines are continuously updated to reflect dynamic network behavior. An anomaly alert is generated when the network state crosses the thresholds band set around the baseline. These anomalies can further trigger user-specified actions such as generating email notifications or auto-remediation.  

Insights has been built on the principle that beyond identifying a problem in the network, there is a strong need to make the complex monitoring of IT operations simple. We embarked on an automation journey starting with taking additional steps to identify the impact caused by the issue/s and the resulting remediation steps.  

We address the architectural demands placed on the modern networks by: 

1. Hardware and software telemetry: Deep expertise in analyzing hardware and software telemetry:  Increases the completeness and accuracy of data that helps monitor, troubleshoot in real-time.  

2. Future-proof support: Future-proof support for infrastructure devices using capabilities specified in Industrywide supported open standards (both existing and in planning stages) 

3. Lead with AIOps: Building closed and continuous feedback loop automation into remediation by utilizing AIOps capabilities. Monitor and root cause issues and scale support needs by leveraging a DevOps toolchain to enable development to be very agile resulting in real-time automated pattern discovery. 

This allows us to automate and manage legacy data-intensive processes while simultaneously embracing new cloud-driven data frameworks. 

Cisco Nexus Dashboard Alerts Summary

Stay tuned to the next set of blogs that will delve into upcoming Nexus Dashboard capabilities and use cases based on this new “built from the ground up” architectural approach. 

◉ One view: With Single Sign-On (SSO) and Role-Based Access Control (RBAC), operate your geographically distributed multi-site environment across multiple Cisco Nexus Dashboard clusters from a single point of control.  

◉ Microburst detection: Insights into network microburst and flows. Expose and locate invisible microbursts, locate congestion hotspots, and protect application performance. 

◉ Anomaly analysis: Solving “Needle in a Timestack” problem for CRC/FCS errors. Compare and contrast time-synced data of multiple parameters to derive a deeper understanding of issues and behaviors.

Source: cisco.com

Continue reading

Power of Cloud Application Centric Infrastructure (Cloud ACI) in Service Chaining

It is a reality that most enterprise customers are moving from a private data center model to a hybrid multi-cloud model. They are either moving some of their existing applications or developing newer applications in a cloud native way to deploy in the public clouds. Customers are wary about sticking to just a single public cloud provider for fear of vendor lock-in. Hence, we are seeing a very high percentage of customers adopting a multi cloud strategy. According to Flexera 2021 State of the cloud report, this number stands at 92%. While a multi cloud model gives customers flexibility, better disaster recovery and helps with compliance, it also comes with a number of challenges. Customers have to learn not just one, but all of the different public cloud nuances and implementations.

More Info: 352-001: CCDE Design Written Exam (CCDE)

Navigating the different islands of public cloud

When customers adopt a multi cloud strategy, they often begin with one and then expand to other clouds. Though most public clouds were built with an over-arching goal  of providing access to resources instantly at a lower cost, their individual implementations and corresponding cloud native constructs are different. Hence automation artifacts built for a specific public cloud provider, cannot be re-used for other clouds.  As we see our customers undertake the multi cloud journey, it is increasingly clear that having an automated way to configure the cloud constructs for various clouds is a huge benefit for our customers.

Cisco provides this solution to our customers via Cloud ACI. Cisco Application Centric Infrastructure (ACI) is Cisco’s premier Software Defined Networking (SDN) solution for the data center.  The ACI solution now caters not only to on-premises data center, but the public cloud as well. Thereby, offering a seamless experience to customers to orchestrate and manage consistent policies for their workloads irrespective of where the workload resides. Cloud ACI provides that needed abstraction across multiple public clouds, providing a single policy model for customers to define their intent. Cisco ACI solution takes care of automating the user intent into required cloud native construct of each cloud.

Cloud ACI solution achieves this by deploying the Cisco Cloud Application Infrastructure Policy Controller (Cloud APIC)  in the cloud site, like Amazon AWS or Microsoft Azure. The cloud APIC is registered with the Cisco Nexus Dashboard Orchestrator (formerly Multi-Site Orchestrator) – the master controller for managing different ACI sites. The user defines the policies on the Nexus Dashboard Orchestrator, which pushes it down to the sites where the user policy needs to be applied.The Cloud ACI controller at the site takes care of configuring the right networking and security cloud constructs for that cloud site.

Let us take an example of an enterprise that plans to deploy workloads both in AWS and Azure. Resources in AWS are deployed within a VPC, whereas Azure requires a Resource Group. AWS provides native load balancing services via Elastic Load Balancers, whereas in Azure, you would use an Application Gateway for L7 load balancing and Network Load Balancer for L4 traffic. The native cloud constructs are different and end users have to learn both AWS as well as Azure languages. If the enterprise uses Cloud ACI, configuring a VRF (Virtual Routing context) from the Nexus Dashboard Orchestrator will translate to creating a VPC in a AWS site and a Virtual Network (VNET) in the Azure site. It’s that simple!!!

Load Balancers and More!

Cloud ACI can be particularly powerful when automating your applications behind native load balancing services. Both large web scale applications as well as  smaller enterprise applications are typically deployed behind a load balancer for high availability and elasticity. Hence, all major public cloud players offer load balancing as a native service. Load balancers have a frontend, which is the IP and port to reach the application and a backend with the servers serving that application. Depending on the load, the servers hosting the application can be scaled up/down elastically.

Cloud ACI provides a neat way to automate the creation of the native load balancers as well as configure and manage the lifecycle of the load balancers. The solution provides an innovative way to add the backend servers as targets to the load balancers dynamically. This is done via tagging the servers and creating a service graph in ACI. A service graph represents the flow of data between consumers and providers via one or more service devices. Cloud ACI provides the ability to create load balancers and configures the frontend port based on user configuration. Once a user specifies via a contract the desired provider endpoint group (EPG), the solution takes care of automatically adding the servers that belong to the provider endpoint group as the backend of the load balancer.

This is pretty powerful, with VMs scaling up and down, there is no need to manually add/remove these servers from the load balancer backend. Cloud APIC auto detects the servers and classifies them into the right EPG.  The Cloud APIC then dynamically adds/removes these servers from the backend of the load balancer.

Unleash the power of service chaining

For web applications reachable over the internet, it is paramount that there is additional security built in to protect the application and the backend servers from security attacks. In such cases, it is common for customers to insert a firewall before the traffic hits the load balancer. The firewall could be Cisco’s FTD, or 3rd party firewalls from vendors like Checkpoint, Fortinet, VM-Series Next-Generation Firewall from Palo Alto etc, available in the public cloud marketplace. Cloud ACI provides the perfect automation for this use case by providing users with a way to build a multi node service graph. To provide high availability for the firewall, a load balancer may be placed in front of the firewall like shown in the below picture

Cloud ACI can automate the entire flow by managing the lifecycle of both the front end and the Backend LB. It automates the creation of the load balancers, configuring the frontend port/protocol and adding the right backend targets.  As defined by the service chain, it adds the firewall instances as the targets of the Frontend LB. It adds the application servers as the targets of the backend application load balancer (ALB). Cloud APIC also configures the security groups at each layer with the right set of rules based on the contract. This ensures that no un-intended traffic flows between the user and the backend application servers. Can it get better than this! The only configuration that is required from cloud ACI is

◉ creation of the logical devices for the load balancers and firewall

◉ creation of a service graph specifying the location of the service devices in the chain

◉ configuring a contract between the consumer and the backend application server endpoint group

As you can see, this is extremely simple and saves time and reduces configuration complexity for the user. What more, the network admin can be at peace knowing that any dynamic scaling of the backend servers by the application/server admin, will be handled by cloud APIC.

Source: cisco.com

Continue reading

Top 10 CCNA 200-301 Exam Preparation Tips: Key to Success

When applying for any IT job position in comparison with numerous candidates, it is important to confirm extra qualifications for the role. Achieving a relevant certification is believed to be an amazing way to do so. This would be because recruitment manager view them as evidence of skills so signs for more reliable performance. If you are looking for some useful study methods concerning the CCNA 200-301 Exam, we have mentioned them below, but first, let’s explore the exam outline.

Essential Information of the CCNA 200-301 Exam

A vital step in preparing for any exam is to determine the list of the themes to be included. And the more comprehensive it is, the more consideration you should pay to this chapter. Regarding Cisco 200-301 exam, you can find a complete outline on Cisco’s official website. On the whole, the areas you’ll be evaluated on involve networking basics, IP connectivity and IP services, programmability, network access, and so on. At this step, it’s also essential to know what types of questions you will face, how much time you’ll be given, and how to ace the exam.

Continue reading

Cisco Secure: Supporting NIST Cybersecurity Framework

Extending the alignment to include more Cisco products

Why should you care? With so many security frameworks, it can be difficult to know where to start from. While many organizations are challenged with managing and improving their cybersecurity programs against the dynamic threat landscape, it’s not easy to pick one framework over another. So where do they start from – ISACA COBIT 5? ISO27000 series? CIS CSC? NIST CSF? SABSA? Or something else? National Institute of Standards and Technology (NIST) developed the Cybersecurity Framework (CSF) exactly for this reason. It’s a simple, best-practices approach to Cybersecurity leveraging the specific standards that are widely used and already working well today.

Basics First

NIST CSF is a voluntary framework based on existing standards, guidelines and practices for reducing cyber risks. It enables organisations to discuss, address and manage cybersecurity risk.

More Info: 350-901: Developing Applications Using Cisco Core Platforms and APIs (DEVCOR)

◉ It is used to manage cybersecurity risks in a cost-effective way while protecting privacy

◉ It references the globally accepted standards (COBIT, ISO/IEC, ISA, NIST, CCS)

◉ It enables all organizations (large or small) to improve security and resilience

◉ 3 pillars – People, Process, and Technology – Each of these are important

◉ Only half of the CSF Categories are addressed by technology

◉ It emphasizes the importance of two other main pillars of Cybersecurity – People and Process

The Cybersecurity Framework consists of three main components: the Core, Implementation Tiers, and Profiles but for today’s discussion, we will focus only on Core which is a ‘set of activities and outcomes using a language that is easy to understand.

How CSF Core makes lives easier?

The CSF Core consists of four components as shown in the table below. The CSF Core provides a set of activities to achieve specific cybersecurity outcomes. It also gives guidance on how to achieve those outcomes. The table below lists each of these components with a short description and example:

The CSF Core is comprised of five functions – Identity, Protect, Detect, Respond, and Recover. These functions when considered together, provide the lifecycle of an organization’s cybersecurity risk

How Cisco Security Products align to NIST CSF?

Extending the work already done with the existing whitepaper, below is the updated alignment that includes a few more products (highlighted in Orange box) and how each of these products map to different NIST CSF Categories:

Source: cisco.com

Continue reading

Create new possibilities at the IoT Edge with the Cisco Catalyst IR1800 Series

Get ready for an all-new Cisco industrial router: the Cisco Catalyst IR1800 Rugged Series. With many new interfaces and modules backed by a stronger CPU and more memory, the IR1800 series gives IoT application developers new possibilities for innovating at the IoT Edge, for example to host applications that can extract and transform IoT data right at the edge. The DevNet IoT Dev Center has a new learning lab and sandbox so you can try out these new features on a real IR1835 ruggedized router.

More Info: 300-715: Implementing and Configuring Cisco Identity Services Engine (SISE)

With the 5G/LTE, Wi-Fi 6, industrial SSD and GPS modules, the IR1800 series prepares you for the future, but that’s not all. The IR1800 focuses on supporting mobility , especially in the transportation industry with features like CAN bus, FirstNet, GPS/GNSS + dead reckoning and ignition power management. Furthermore, you can access all these interfaces from your IOx edge applications and use the data to power use-cases like recording video surveillance, streaming multi-media entertainment and advertisement content or providing predictive maintenance for the vehicle itself.

IR1835: Industrial Routing & Edge Compute Sandbox Overview

IOx Edge Compute

All models of the IR1800 series support the Cisco IOx Edge Compute Framework which allows you to install and deploy your dockerized applications directly on the device. With the updated 1.2GHz quad-core ARM CPU and 8GB memory, you also have a strong compute device at the edge. Furthermore, you can add an industrial SSD which extends your storage to more than 100GB, for example for on-board videos, images, databases, and log files.

Want to try deploying your Docker containers and IOx applications on the IR1835? Check out this iox-webserver sample application on the DevNet Code Exchange which you can download or build to get started.

On-box IOx Local Manager: Managing your IOx applications on the IR1835.
Here the NGINX server is installed and reachable on Port 8000.

Device APIs NETCONF & RESTCONF

Since this Router runs Cisco’s open and programmable IOS-XE operating system, you can configure the device via device level APIs such as NETCONF/RESTCONF. This means that you can change any device configuration by simply running a Python script from your local machine and apply the changes on as many devices as you want.

The new DevNet learning lab walks you through how you can get operational data directly from the device or even change the device configuration with simple REST calls or Python scripts.

WebUI

Check out the user-friendly on-box Device Manger (WebUI) shown below. Now you can easily navigate through the monitoring data, configuration, and settings of your industrial device from a browser window.

Graphical User interface on the IR1835

Source: cisco.com

Continue reading

Secure and Save with Cisco Secure Firewall Threat Defense Virtual

Simultaneously secure and save with new 7.0 features and subscription models

Organizations rely on Cisco Secure Firewall Threat Defense Virtual (formerly FTDv/NGFWv), Cisco’s proven network firewall with IPS, URL filtering, and malware defense that protects virtualized environments in private and public clouds.

In addition to the improved IPS performance with Snort 3 and the new support for Hyperconverged Infrastructure platforms, our 7.0 release brings a wealth of other visibility, management and performance enhancements. This includes two additional improvements for Secure Firewall Threat Defense Virtual: licensing enhancements that lower consumption cost, plus a much larger virtual appliance option, FTDv100, that provides increased performance with a 16-core CPU configuration.

Licensing enhancements

The capabilities of our virtual firewall offerings can be cost-effectively consumed with a new, flexible, tiered licensing model. By making the base software available as a subscription with 1, 3, and 5-Year terms, customers benefit with lower total cost of ownership. These subscriptions include basic online embedded support, further lowering ownership cost when compared to perpetual licenses. Further, subscriptions enable a shift in spending from CapEx to OpEx, and allow portability across on-prem and cloud deployments.

Additionally, we are introducing performance tiers for Secure Firewall Threat Defense Virtual. This includes a low entry price, suitable for organizations of all sizes and requirements. With the performance tier licensing model, customers can now pick and choose the tier that meets their throughput requirements. Throughput starts at 100Mbps and extending to 16Gbps. The performance-tiered licensing also provides different VPN session limit options, depending upon your deployment requirements.

Any of the licenses can be used on any supported configuration, allowing higher tier licenses on lower tier vCPU/memory configurations, for future expansion flexibility.

Table 1: Performance tiered license entitlements

Software upgrade considerations

For current deployments running 6.7 or below, the upgrade to 7.0 will, by default, maintain the variable license tier and uses the non-tiered license entitlements. Customers can also choose the specific performance tier from their Cisco Smart Licensing account using Firewall Management Center or the local Firepower Device Manager.

Customers who have an existing non-tiered license can continue to use all entitlements, including the new FTDv100 tier.

Figure 1: Tier Selection in Secure Firewall Management Center (FMC)

Public Cloud

Performance-tiered licenses can be applied and used on any supported platform,  including public clouds like Amazon Web Services (AWS), Microsoft Azure, Google Cloud Platform (GCP), and Oracle Cloud Infrastructure (OCI) using the Bring Your Own License (BYOL) model.

The ability to use any of the performance-tiered licenses, on any supported resource combination, (i.e., vCPU/memory) enables virtual firewall licenses to be used on a wide variety of instance types across AWS, Azure, GCP and OCI platforms.

Support

The Base and TMC subscription include 8X5 online support at no additional cost and also provides software upgrades.

Cisco Solution Support is also available for the Base and TMC subscription that provides 24X7 technical phone support and is the recommended level of support.

Source: cisco.com

Continue reading

DNA Center Template Labs – Getting Started Series, Part 1

Prologue

Over the years, as new technology has been introduced, there has always been a barrier to adoption. While automation is powerful, we need to test it fully. Delays in getting started are typically caused by the wait on lab equipment. If it’s not lab equipment, it’s licensing or the time required to set up and cable the equipment. This, together with the development time, resources, and scheduling, makes the whole activity painful. This typically causes a gap between the time technology is launched to the time it is adopted. It also means that there is a learning curve which typically adds even more delay to adoption by organizations. This leaves one to ask exactly how do I get started with DNA Center Templates.

But what if there was a better way!

dCLOUD is a Cisco environment that provides curated content labs. dCLOUD allows the user a new way of experiencing the Cisco portfolio. It allows the user to try out the new technology in a safe environment. It also helps to save time, reduce shipping costs, licensing issues, power, and cooling needs. All this and while still allowing an environment to test various features and functions.

Overview

In this ongoing series, we will explain each of the labs. The labs are set up to help you learn more about templating, Plug and Play, and Day N automation. Together with helpful labs and guided examples that can be downloaded and implemented within dCLOUD or modified for use in your own lab environment.

How?

Within dCLOUD, several sandbox-type labs are available. These self-contained environments are there to allow you to use them as you please within the time scheduled. This allows us a place to start practicing various concepts without fear of impacting production environments.

Therefore, to aid customers in the transition toward automation, we have put together a set of small helpful labs within a Github repository. As a result, we hope to demystify some of the complexities of setting up plug-and-play and help guide customers through the complexities and caveats. In this way, these self-guided labs provide a glimpse into the fundamentals of building velocity templates and provide examples that you can download and expand from. The sample templates and JSON files supplied are for easy import into DNA Centers’ template editor for quicker adoption. Lastly, some scripts are ready-made excerpts of code that allow you to build the environment to test.

First, in a practical lab guide, we step by step delve into the concepts of building templates and methodologies for using both Onboarding and DayN templates. Second, we provide answers and explanations to many of the questions that come up during automation workshops. Our hope is that you find the information both helpful and informative. Thus, we hope to give a well-rounded explanation of automation methods and concepts that we can easily expand upon for production purposes.

The lab content is located within the existing DNAC-TEMPLATES repository to give a one-stop-shop for all the necessary tools, scripts, templates, and code samples. Within it are four labs, which build upon the tutorials allowing you to test the methods in a lab environment.

DNAC Template LABS

These labs aim to guide you through the typical steps required to enable the various automation tasks delivered by DNA Center. This lab will give examples of templates used in DNA Center that we can modify for our use and test on equipment within the LAB environment. Additional information within the lab provides a well-rounded explanation of Automation methods with Templates. Lastly, the lab allows for customers to use DNA Center workflows to practice deploying Onboarding, DayN Templates, and Application Policy automation on both Wired and Wireless Platforms.

The goal of this lab is for it to be a practical guide to aid engineers to rapidly begin using DNA Center automation and help them work towards a template strategy. Additionally, this lab will give customers a permanent place to try out the templates and include configurations for various use cases. This environment will enable engineers to reduce the time and effort needed to instantiate the network.

As a result, you will gain experience in setting up Plug and Play onboarding and templates. Additionally, you will use advanced templating methods and troubleshooting tools. These may help during faultfinding to determine what is failing in a deployment.

Please use this menu to navigate the various sections of this Github repository. Within the multiple folders are examples, explanation readme files for reference.

◉ PnP Preparation – This lab explains the overall Plug and Play set up steps

◉ Onboarding Templates – This lab explains in-depth and how to deploy Day 0 templates

◉ Day N Templates – This lab will dive into Day N template constructs and use cases

◉ Composite Templates – This lab will explore how to build a composite template on DNA Center.

We will share additional, labs and content in an ongoing effort to fulfill all your automation needs with DNA Center.

dCLOUD as a LAB

To help customers succeed with DNA Center Automation, you may utilize the above labs as they have been designed to work within dCLOUD’s Cisco Enterprise Networks Hardware Sandbox v2.1 Lab. This allows you to run these labs and gives an environment to try the various code samples. You may choose to develop and export your own code for use in production environments. Also, this gives you an environment where you can safely POC/POV methods and steps without harming your own production environments. This also negates the need for shipping equipment, lead times, and licensing issues needed to get moving rapidly. Please do adhere to the best practices for the dCLOUD environment when using it.

The dCLOUD environment consists of the following:

Software:

DNA Center 2.1.2.5

Identity Services Engine (ISE) 3.0 (Not Configured)

Stealthwatch 7.1

FlowCollector 7.1

Cisco Prime Infrastructure 3.9

Wireless LAN Controller - C9800 running IOS-XE Amsterdam 17.3.3 code.

Windows 10 Jump Host 

Windows Server 2019 - Can be configured to provide identity, DHCP, DNS, etc.

Windows 10 Clients 

Hardware:

ISR 4451 Router - 17.3.3 IOS-XE Code

Catalyst 9300 Switch - 17.3.3 IOS-XE Code with Embedded Wireless Controller (EWC) and ThousandEyes Enterprise Agent

Catalyst 3850 Switch - 16.12.5 IOS-XE Code

4800 Access Points

Silex Controller (2 NIC's)

The environment allows for use with a web-based browser client for VPN-less connectivity, access as well as AnyConnect VPN client connectivity for those who prefer it. You may choose from labs hosted out of our San Jose and RTP Facilities by either selecting US East or US West. Choose the Cisco Enterprise Network Sandbox v2.1 or 3.1. To access this or any other content, including demonstrations, labs, and training in dCLOUD please work with your Cisco Account team or Cisco Partner Account Team directly. Your Account teams will schedule the session and share it for you to use. Once booked follow the guide within Github to complete the tasks adhering to the best practices of the dCLOUD environment.

Source: cisco.com

Continue reading