Automated, Simplified Timesaver for Cisco Enterprise Software Customers: Cisco Smart Licensing with Policy

Cisco Smart Licensing using Policy is a new solution that simplifies license management across Cisco enterprise products running Cisco IOS XE. Managing licenses using automation, policy, and streamlined processes is getting kudos from customers. They no longer have to install unique licenses on every Cisco device and keep track of those licenses manually, an especially difficult process in large companies with thousands of devices.

Cisco Licensing and Cisco Smart Licensing Using Policy

At Cisco, we have a trust-but-verify model where most software usage is allowed upfront and trued up after the fact, when Cisco Smart Software Manager (CSSM) can correlate the usage with the purchases. Most Cisco software licenses are unenforced. Customers don’t have to complete any licensing-specific operations, such as registering or generating keys before they start using the software and the licenses that are tied to it. Less than a handful of export-controlled and enforced licenses require Cisco authorization before use.

An example of an enforced license is the Media Redundancy Protocol (MRP) Client license, which is available on Cisco’s Industrial Ethernet Switches. Export-controlled licenses are export-restricted by U.S. trade-control laws. An example of an export-controlled license is the High-Speed Encryption (HSECK9) license, which is available on certain Cisco Routers.

The required authorization for enforced licenses is an authorization code, which must be installed in the corresponding product instance. License usage is recorded on each Cisco device with timestamps.

Cisco Smart Licensing Using Policy is a software license aggregator solution that provides a seamless, automated experience for customers. Instead of having to manually configure Cisco devices to synchronize with CSSM, Cisco Smart Licensing Using Policy simplifies and automates Day-0 and Day-1 operations.

Cisco can tweak the policy for trusted customers to alter when devices report, how frequently, and which devices and licenses require reporting. If no changes are made to configurations that impact license usage, reporting occurs once a year. If changes are made, there is a suggested but not mandatory 90-day window for reporting.

Automated Collection of Software Usage Data

A Resource Utilization Measurement (RUM) report with usage measurements is continually generated by each Cisco product instance. The reports give a complete time series analysis of license usage at each customer site.

Software usage information is transmitted to the CSSM and customers use the My Cisco Entitlements (MCE) dashboard to manage all their Cisco products and services from a centralized portal. CSSM helps them manage current requirements and review usage trends to plan for future license requirements. Additional licenses can be purchased if software is being overused while features that are being paid for but not used can be highlighted and turned on.

Multiple options are available for license usage reporting (Figure 1).

Figure 1. Cisco Smart Licensing with Policy Reporting Options

Customers can report usage information directly to CSSM, use a controller (like Cisco DNA Center or Cisco vManage), or deploy Smart Software Manager On-Prem (SSM On-Prem) to administer products and licenses on their premises using a Cisco UCS server. Offline reporting for closed networks is also available. Customers can download usage information onto a storage device like a thumb drive, and then upload the data to CSSM.

Cisco Smart License Utility

Some Cisco customers don’t want to have to deploy a Cisco UCS, use a Cisco controller, or have devices directly connected to the Internet. So Cisco Smart License Using Policy was developed based on intense customer interest and input. This small footprint utility has a subset of functionality found on Cisco SSM On-Prem. It runs on Windows and Linux, with Mac OS coming, and automates the transmission of software usage reports from a Cisco product for reporting to

a Smart Account on Cisco SSM. It is also capable of managing trade-controlled software authorization codes per product as required.

The utility collects usage reports from the product instance and uploads them to the corresponding Smart Account or Virtual Account – online, or offline, using files. Similarly, the RUM report acknowledgement (ACK) process is collected online or offline and sent back to the product instance. The Cisco Smart License Utility also sends authorization code requests to CSSM and receives authorization codes from CSSM.

Figure 2 shows the CLI for a Cisco Integrated Services Router (ISR) with reporting for four different feature licenses. ACK corresponds to reported and acknowledged reports. UNACK reports have yet to be acknowledged by CSSM. OPEN reports have yet to be sent to CSSM.

Figure 2. CLI with Cisco Smart Licensing Usage Report

Figure 3 shows a screen shot of Cisco Smart Licensing Utility with a sample report with the device’s product ID and serial number, date of last report filed, and acknowledgement of usage report.

Figure 3. Smart License Utility Interface

For environments where devices are not directly connected to the Internet, the Cisco Smart License Utility triggers workflows with usage reports from all relevant devices and these can be put on a laptop and uploaded as a file to CSSM.

Cisco Smart Licensing with Policy improves the existing implementation of Smart Licensing by addressing the pain points customers have had with the PAKs reporting model. It streamlines usage reporting across topologies, introduces an easy-to-understand policy to govern reporting frequencies, and provides a frictionless Day 0/Day 1 experience.

Source: cisco.com

Continue reading

Cisco SD-WAN: Driving Network Efficiency and Accelerating Cloud Integration with AWS Cloud WAN

In today’s world, enterprise customers are dominantly focused on their users and applications. The bridge that stitches them together is the Enterprise WAN, which not only needs to align with the growing complex needs of its users but also needs to be secure, scalable, resilient, and programable. Cisco SD-WAN brings together users, branches, applications, and data centers (on-prem or cloud) under one cohesive architecture to meet today’s expectations. Cisco vManage provides a single pane of glass to provision, operate, and manage this network.

The enterprise cloud footprint is growing at a rapid pace, resulting in complex policies and designs for connectivity across enterprise sites and workloads in the cloud. Traditional AWS cloud-native service like AWS Transit Gateway is a regional construct, which performs well in a design involving transit gateway peering across a small number of AWS Regions. As more Regions are added, the network can get exponentially complex with additional transit gateway peering. Also, separate route tables for segmentation add another layer of complexity to the network.

Questions we typically hear from our customers are:

1. How do I easily deploy and manage a cloud network for segmented users, applications, and other resources dispersed across regions, while maintaining a hardened security posture?

2. Can my network be agile enough to quickly adapt to changing policies and application requirements?

3. What is the impact on the user experience for a multi-region application?

4. My users connected to region X are having inconsistent experiences accessing an application in region Y. What can I do?

5. Can I use the Cloud Service Provider (CSP) backbone as a faster way to connect my sites instead of less reliable internet?

It basically drills down to having a more robust means to connect site-to-site, site-to-cloud workloads, and inter-Region workloads in AWS. This is exactly what the Cisco SD-WAN and AWS Cloud WAN integration can offer.

AWS Cloud WAN

AWS Cloud WAN is a managed WAN solution that was announced at AWS re:Invent 2021. It enables users to build a multi-Region global WAN network on the AWS backbone using simple policy statements. It removes the need to stitch together multiple Regions as is the case with AWS Transit Gateway.

The key building blocks of the AWS Cloud WAN architecture are:

◉ Cloud WAN: Cloud WAN is a managed WAN service that allows enterprises to establish network connectivity across the Region using the AWS backbone. Cloud WAN can be enabled in a Region that is near to sites, users, or workloads. Cloud WAN includes CNE (Core Network Edge) which is a Regional Connection Point. Resources are connected to CNE using attachments like VPC, VPN, etc.

◉ Core Network Policy (CNP): A single JSON policy document that defines the whole configuration of the Cloud WAN. It lists the Regions through which the Cloud WAN extends. It carries the segment information which is used for routing separation. It also defines how the VPC and VPN attachments are connected to the network segments, along with route leak configuration for shared services use-cases.

◉ Attachments: Attachments are a way to connect resources to the Cloud WAN. The types of attachments are VPC, VPN, Connect, and TGW.

◉ Core Network Edge (CNE): The regional connection point managed by AWS in each Region, as defined in the Core Network Policy. Every attachment connects to a Core Network Edge.

Based on CNP configuration, AWS Cloud WAN will create CNE in the configured Regions. The CNEs across all the Regions will automatically peer with each other. Cloud WAN also carries segment information across the Region, thus automatically creating end-to-end routing domain for each individual segment. Resources are attached to the CNE and are mapped to a segment.

This Cloud WAN architecture’s built-in automation manages the complexity and provides customers with a simple plug-n-play approach to deploy and manage the cloud network.

Cisco SD-WAN Integration

The Cisco SD-WAN Cloud OnRamp for Multicloud with AWS, provides enterprise customers the following capabilities to deploy a secure SD-WAN fabric over a reliable AWS Cloud WAN backbone.

1. Automation: The integrated solution gives users the automation to integrate their SD-WAN policies with AWS cloud-native constructs for reliable and consistent sites and cloud deployments. Cisco vManage simplifies the process of creating and managing the Core Network Policy (CNP) document and AWS manages the implementation details.

2. Security: AWS Cloud WAN’s built-in network segmentation enables seamless integration with Cisco SD-WAN to provide end-to-end segmentation. Using a simple workflow in Cisco vManage, enterprise customers can deploy carrier grade transport (across Regions) using the AWS backbone.

3. Observability: Cisco SD-WAN integration with AWS Cloud WAN simplifies operations by enabling visibility for the SD-WAN overlay and AWS Cloud WAN underlay in the vManage portal.

Cisco vManage will:

◉ Discover workload VPC across regions

◉ Tag the VPC attachment to map to a desired segment (VPN)

◉ Deploy Cloud Gateway (CGW)

◉ Instantiate CNE in the required region

◉ Instantiate Transit VPC (TVPC) with pair of Cisco SD-WAN virtual edge routers

◉ Establish VPN or Connect attachment and BGP peering between CNE and SD-WAN virtual edge router for each segment/VPN

◉ Realize Intent by mapping SD-WAN VPN to AWS Cloud WAN segments

With the help of Cloud Gateway (CGW), the Cisco SD-WAN fabric is extended to the edge of the AWS Cloud in the desired Region. As shown in the topology above, Cisco vManage manages the SD-WAN policy across the fabric. This enables vManage to push consistent SD-WAN policies to the branches and Cisco SD-WAN virtual edge router in the TVPC. With the AWS Cloud WAN integration, vManage can create and update the CNP document. Using API calls, vManage pushes the CNP to AWS. AWS Cloud WAN then updates necessary configuration based on the policies defined in the CNP documents. Thus, Cisco SD-WAN intuitively helps create and manage end-to-end segments from the users to the application.

Automation Workflow

Cloud OnRamp for Multicloud automation follows a simple 4 step workflow. Users can follow these simple steps to implement AWS Cloud WAN integration:

1. Setup

Customer selects the solution and defines global parameters for the AWS Cloud WAN integration.

2. Discover

Customer uses the Discover option to discover host VPCs (workload VPCs) in the cloud. These VPCs can now be tagged with the segment name which attaches them to the desired VPN.

3. Deploy

At this step we deploy CGW in the AWS Region. Repeat this step for all the required AWS Regions to build a multi-region AWS Cloud WAN network.

4. Declare Intent

As a final step, users can map SD-WAN VPNs to AWS Cloud WAN segments by simply clicking on the specific matrix to establish the intended connections. In the example below, VPN 61 is mapped to SALES segment. VPN2 and VPN10 are being configured to map to TEST and PROD segments respectively.

That’s all it takes to bring up the AWS Cloud WAN integration using vManage.

The complimenting partnership between Cisco and AWS delivers a simplified WAN for:

◉ Unified Management – leverage an intuitive workflow to deploy site-to-cloud and site-to-site connectivity over a reliable backbone network, with end-to-end visibility and assurance, via single UI, Cisco vManage.

◉ Security – The built-in segmentation in AWS Cloud WAN not only simplifies VPN mapping with Cisco SD-WAN but also enables propagation of unified business-intent policies across the network.

◉ Reduced TCO – Reduce deployment time for overlay and underlays, ability to dynamically deploy in software is critical as traditional MPLS circuits takes weeks or months to provision. Significantly lower OpEx through improved performance and a reliable, on-demand consumption model provisioned through Cisco vManage.

To summarize, Cisco SD-WAN and AWS Cloud WAN integration will simplify Site-to-Cloud, Site-to-Site, and inter-region workload use-cases for the customers. This alleviates customers from dealing with the complexity of today’s WAN requirement and focuses on their users, applications, and core business.

Source: cisco.com

Continue reading

Cloud and the Hybrid Future of Work

Nothing in the world is as it once was. Things we used to take for granted—such as dining out, going to the movies, or throwing birthday parties for four-year olds—are forever changed. However, as personal as those changes are, nothing compares to the tectonic shift that has occurred in work. Prior to the pandemic, the percentage of people working remotely was in the single digits. Today, it’s more than 60% in some industries. And, in a recent study, 70% of employees said they would quit their jobs if they couldn’t work from home at least a few days a week.

For knowledge workers, the benefits are many—from no commute to learning to bake bread. But companies benefit as well. Productivity and morale have gone up, and facilities costs have gone down.

Without the cloud, this overnight shift would have been impossible. The cloud makes it easier for users to access their applications and information from anywhere—just click and go. But, for IT departments, it’s not so simple. More clouds, more users, more locations and more applications—often built with application mesh—lead to more complexity. And complexity is rarely easy to master.

This is where Cisco can help.

Due to the breadth of our portfolio, we’re uniquely positioned to help you harness the power of your clouds. Cisco solutions align with the way you actually use the cloud to deliver a consistent experience to all users, connect multiple clouds, support the future of work, secure your cloud workloads and simplify cloud operations.

In this blog, the third in a series of five, we’ll take a look at how companies using the cloud need to think about work differently. We’ll talk about what that looks like, the challenges involved and how Cisco can help.

Over the next few weeks, we’ll roll out more blogs to highlight other ways you use the cloud.

An Unplanned Social Experiment

The “work from home” question has been quietly argued for more than a decade. While technology made it possible, there was a wide range of sentiment on whether it was more or less productive. Then COVID. During this forced social experiment, the question stopped being a question. Employees had to immediately pull up stakes and decamp for home.

Nearly two years later, as offices slowly start to open, we’re starting to rethink the future of work. This won’t be a simple question about working from the home or the office, because the future of work is hybrid. Where some will work full-time on site. Others full-time off site. And still others will work in a mixed mode – moving between locations on any given day or time. And it all cases, working better.

H-m-m. Kind of sounds like something the cloud is good at making possible.

The cloud, by its very nature, supports both the agility and the location-independent needs of hybrid work, which requires a set of capabilities optimized for secure, consistent delivery—regardless of location. That’s why cloud has played such a huge role in the business response to the pandemic. Let’s take a look at what that means for a hybrid work future.

Home at the Office

Perhaps the best way to think about hybrid work is to re-think what an office is. Companies used to think of campus and branch offices. Simple enough. Now add hundreds or thousands of home offices. Not so simple. Every home office is effectively a branch office for one person—with the same demands for application performance and secure access but with substantially fewer IT resources.

Let’s start with secure access. As mentioned in an earlier blog, security and access are often at odds. The employee wants access that’s easy to use. If it’s difficult to connect, the employee may become frustrated and work around the security measure, actually increasing risk.

The company and its IT department understand the need for easy access but their larger concern is security. And easy access can imply it’s easy for anyone to get onto the network—including bad actors.

I outlined the key elements for secure access in my last blog, including policy, segmentation, zero trust framework and malware detection.

Application Experience

Application experience is critical as employees work from home. The employee is going to expect the same application experience they’ve come to know when they’re in the office. Anything less will negatively impact productivity and employee satisfaction.

Quality application experience doesn’t just happen. It demands new levels of visibility as applications become more distributed. This visibility starts with application components in the service mesh where developers need to see where each component of the application resides and how they connect at the user to deliver the application. You need to be able to see this journey from cluster to user to see where any potential application component performance issue may reside.

These distributed applications often connect over the internet via infrastructure that the company doesn’t own or manage. Each hop in that journey can negatively impact the overall application experience. As a result, you need to have visibility that follows the application through the infrastructure. More importantly, you need to augment that visibility with artificial intelligence that can turn simple visibility into actionable insights. Cisco ThousandEyes, AppDynamics and Intersight moves you beyond domain monitoring into end-to-end visibility, insights, and actions. They transform siloed data into actionable insights to help IT teams optimize for cost and performance, maximize digital business revenue, and deliver exceptional digital experiences—anywhere on the cloud.

Office Intrigue

As more employees head back to the office, companies have an important decision to make. Do they opt for the short term fix and simply do what they’ve always done. Or do they invest in the long term and build out the office of the future. And, in the long term, cloud is a key consideration.

As companies plan for the future, many have indicated that employees will work from home two or three days per week and in the corporate office the rest of the week. Those days in the office won’t be a replay of the past. This will impact how facilities are managed and applications are delivered.

The number of employees on-site and the hours they work will vary widely. As a result, corporate facilities will have to be able to cost-effectively support a hybrid workforce. The office will need to be able to accommodate this ebb and flow of employees—both in space and in network capacity.

The variability of used space is an important consideration for smart buildings and IoT devices to improve energy efficiency based on occupancy. There is some cloud component of this. However, the bigger cloud element may be IT capacity. As companies move to the cloud, they may rethink how to provision the workspace infrastructure. Rather than build out their network for a full complement of employees, they may consider a smaller investment and use the cloud to support their peak occupancy.

The workload in the corporate offices will also change. With a hybrid work environment, 60 percent or more of the participants in a meeting will be working off site. As a result, the cloud-based, distributed applications used from the home office need to seamlessly connect with the applications in the office. Essentially, hybrid cloud connectivity.

The bottom line, there will be more demand for distributed applications and collaboration even with the return to office. The applications themselves must promote better collaboration for a hybrid workforce. And the application performance—as discussed above—must be comparable between the on-site and off-site participants. Solutions such as Cisco Intersight or Cisco Nexus dashboard which can help manage your cloud network operations are essential for a seamless end user experience for any workload across any infrastructure whether on prem, multi cloud or edge.

Will every company look like this? Doubtful. No two companies have ever looked the same. As with everything surrounding this pandemic, no one really knows the shape of the final solution. And every company will determine their path forward. However, we do see trends coalescing around a hybrid work model. And that will only accelerate the demand for effective cloud solutions such as those available from Cisco.

Source: cisco.com

Continue reading

5 Resolutions for Small Businesses in 2022

A new year is a great time to reflect on the past 12 months and create goals for the year ahead. This is especially important for small businesses, which have been so dramatically affected by the pandemic. As with many disruptive events, the pandemic has provided many lessons for small businesses to pull from.

We’ve narrowed it down to five resolutions small businesses should consider as you take on 2022.

1. Accelerate Innovation Whenever Possible

As COVID upended operations and sent companies of all sizes and all industries into chaos, it also revealed that innovation doesn’t always require a big budget, massive resources, or years to implement.

Small businesses had to embrace and accelerate innovation in order to survive. Many of us thought remote work and digital transformation were still a few years away and would come on gradually, but COVID quickly proved that notion wrong. We also learned that companies could pivot to remote workforces and online business models almost instantaneously. All it took was a crisis to show many small businesses that they are indeed capable of innovating quickly and cost-effectively.

As you journey into 2022, don’t overlook additional opportunities to accelerate innovation within your organization.

2. Embrace Change – Even in Your Technology

It can be hard to make meaningful change (hello, New Year’s resolutions), especially when that comes with a price tag. For small businesses, one of the priciest changes is most often with their technology solutions. Why fix something that’s not really broken?

With cloud-based services, managed networks, WiFi access, video conferencing, virtual desktops and more, small businesses discovered the benefits of new technology in the past 18 months. Benefits like keeping employees productive, collaborating, secure, and engaged — while also supporting a strong customer experience. These services even proved to be manageable in-house, reducing the need for external IT.

In 2022, keep an eye out for ways to further embrace change. This can be as simple as adopting a new conferencing solution or an end-to-end security platform.

3. Focus on the (Hybrid) Future

It’s important to remember that the work model changes imposed on us all over the last year and a half are likely here to stay. That means we still have some growing to do to transition from a fully remote to a hybrid work environment.

You might still have on-premises tech that was used to support your predominantly in-person workplace, plus whatever new technology your team embraced as you went remote. Video calls, remote file access and offsite employees are here to stay, which means your IT needs to work in a whole new way. It’s worth evaluating your current set up so you can efficiently and securely accommodate this new working model in 2022 and beyond.

4. Make the Move to Cloud-based Solutions

Pre-pandemic, the shift to cloud-based solutions was progressing slowly, with most small businesses still employing on-premises IT – servers, networks, desktop computers, and more. Cloud-based IT took off over the past year when businesses learned they could seamlessly move their technology, critical applications, and data off-premises and into the cloud.

This enabled employers to grant remote workers access to virtual desktops and applications from anywhere, with all the data and tools they need to remain productive and engaged. It also allowed businesses to reduce IT requirements, as well as costs (and headaches) in the process.

In 2022, cloud-delivered solutions and software-as-a-service (SaaS) will continue to deliver high value and enable small businesses to accelerate innovation and scale as needed. It’s like getting two resolutions in one.

5. Repeat: Security, security, SECURITY!

Pre-COVID, many small businesses may have felt a false sense of security, thinking themselves too small for hackers to hassle with. But the truth is – hackers don’t care how small your business is, they care about how weak your security is. So if you thought you were flying under their radar, think again.

Cybersecurity attacks can be devastating, and hackers seized the opportunity when businesses had employees began working from different locations and sometimes on personal devices. The good news is that, with cloud-based solutions, it’s now easier and more affordable than ever to safeguard your data, devices, and business from attacks like these.

If you only resolve to do one thing as a small business in 2022, we highly encourage you to rethink your cybersecurity solutions. A powerful, yet simple, security approach can help protect your entire business – from your email to your network to your endpoints.

New Year, New Technology

With the new year in full swing, now is a good time to evaluate your current technology and see what, if anything, needs to be adjusted. Some questions to ask yourself:

◉ Are my technology environment and equipment ready to meet the moment and react to future crises?

◉ Do we have a flexible infrastructure than can easily adapt to change?

◉ Will our network bandwidth scale to meet the demands of an office full of people and days when most are working from home?

◉ Are we adequately protecting our people and their data?

◉ Will we continue collaborating through video conferencing or offering services and products online?

For some additional insights on these questions, check out recent episodes of the Cisco Designed “Small Business, Big Solutions” podcast to take a deeper dive into these topics and more.

Source: cisco.com

Continue reading

Cisco UCS and Cisco MDS

Better together

At a concert, few years ago, the director spoke to the audience and said something that resonated in my mind for long time. His words went like this: the value of the ensemble is greater than the sum of the value of the individual musicians. The meaning was clear. He wanted to illustrate the significance of playing together, as an orchestra, rather than a group of individual sound musicians.

The same concept comes to my mind when I think of the combination of Cisco UCS, and Cisco MDS 9000 storage networking. You can use them independently, or connected to other products. But the combination of Cisco UCS and Cisco MDS delivers unique benefits that exceed the sum of the individual products. The pseudo-mathematical formula 1+1=3 can well express the concept. Alternatively, another way to describe it is the prosaic expression “better together”.

Cisco UCS + Cisco MDS synergy: 1+1=3

The joint adoption of Cisco UCS compute systems and Cisco MDS 9000 Series of storage networking switches provides a significant benefit to the enterprise. Over the years, I have collected information from the many customer opportunities I have been directly involved in. When reflecting on that, I identified a list of synergies and benefits coming from the joint adoption of Cisco UCS with Cisco MDS 9000. I also discovered those benefits can be grouped into three main categories: advanced design options, easier management and better support.

Key advantages

◉ Multiprotocol flexibility allows organizations to deploy Fibre Channel and FCIP on a single chassis and more easily benefit from the advantages of both technologies. Support for SCSI, NVMe and FICON protocols is also available. Moreover, you have the advantage to be fully covered under a Cisco verified solution.

◉ VSANs can logically segregate storage traffic and create multi-tenancy, and they are supported in the Fibre Channel fabric and within Cisco UCS. This capability is only available from Cisco.

◉ VSAN trunking allows the use of the same link for carrying traffic from multiple VSANs, reducing the need for multiple links while segregating traffic. This is a unique Cisco capability.

◉ F-port PortChannels provide link aggregation of multiple Cisco UCS to Cisco MDS 9000 physical links into a single logical channel, as well as fault tolerance and uniform traffic load balancing. This capability is only available from Cisco.

◉ NVMe/FC can boost application performance by reducing latency and minimizing CPU usage for data transfer activities. You also have the advantage to be fully covered under a Cisco verified solution.

◉ Common Operating System and management tools ease network implementation, maintenance, and troubleshooting by relying on the same skill set across SAN, LAN, and computing environments. This is a unique Cisco capability.

◉ Cisco UCS visibility from Nexus Dashboard Fabric Controller allows a single view for all networking elements in a Cisco data center architecture, including Cisco UCS fabric interconnects and server vNICs and vHBAs. This capability is only available from Cisco.

◉ Cisco Intersight integration covering both compute and storage networking provides lifecycle management of Cisco UCS servers, as well as Cisco Nexus 9000 and Cisco MDS 9000 products. This is a unique Cisco capability.

◉ Cisco Intersight Cloud Orchestrator can be used to automate different technology domains with an easy-to-use and low-code workflow designer, enabling IT operations teams to move at the speed of the business. This is a unique Cisco capability.

◉ Smart Zoning reduces the need to implement and maintain large zone databases and eases management and implementation tasks. You also have the advantage to be fully covered under a Cisco verified solution.

◉ Assured interoperability and feature compatibility, avoiding tedious compatibility matrix verification and deployment delays. This capability is only available from Cisco.

◉ Organizations can interact with a single vendor when troubleshooting problems across computing and networking environments. This is a unique Cisco capability.

◉ A variety of support models are available across data center solutions to efficiently manage and coordinate partners to resolve problems. This capability is only available from Cisco.

Key business benefits

When we consider the business implications of the advantages listed above, we can discover that Cisco UCS plus Cisco MDS 9000 integrated solution delivers:

◉ Operational savings from hassle-free firmware upgrades, solution automation with Cisco Intersight and operational simplification with smart zoning

◉ Increased uptime with Cisco support and a single pane of glass for unified visibility, combined with deep traffic analysis and proactive troubleshooting

◉ Application performance improvements from uniform traffic load balancing on uplinks and NVMe/FC end-to-end support, all combined with congestion prevention with MDS 9000 DIRL software.

In short, the Cisco MDS 9000 Series provides superior performance, high availability, and intelligent storage networking for Cisco UCS environments in small, medium and large organizations.

Source: cisco.com

Continue reading

Cisco Nexus Dashboard Orchestrator (NDO): The maestro of the network

Orchestrate your multi-fabric and multicloud network simply

In any symphony you need a good maestro to help orchestrate all the different instruments to produce a harmonious sound.  Everything must be in time and to the beat.   It is the same with your networks.  When running multiple fabrics both on premise, private clouds or public clouds, you need a maestro or orchestrator as well that can be automated and help manage the network and security policies across vast landscapes.

Since it’s early days, Cisco’s Nexus Dashboard Orchestrator (NDO) has been that maestro, allowing network administrators, engineers and cloud operators work together harmoniously to provide a fast, safe and agile network.  We have new versions of NDO, release 3.5 and release 3.6 which will help you build your network capabilities, provide greater ease of use and enhance your security across multiple network fabrics.

What is Cisco NDO

NDO provides consistent network and policy orchestration, scalability, and disaster recovery across multiple data centers through a single pane of glass while allowing the data center to go wherever the data is.

NDO allows you to interconnect separate Cisco® Application Centric Infrastructure (Cisco ACI®) sites, Cisco Cloud ACI sites, and Cisco Nexus Dashboard Fabric Controller (NDFC) sites, each managed by its own controller (APIC cluster, NDFC cluster, or Cloud APIC instances in a public cloud). The on-premises sites can be extended to different public clouds for hybrid-cloud deployments while cloud-first installations can be extended to multi-cloud deployments without on-premises sites. In addition, Nexus Dashboard Orchestrator can be deployed through the Cisco Nexus® Dashboard, which provides a single automation platform to access the data center network’s operational services and tools.

The single-pane network interconnect policy management and the consistent network workload and segmentation policy provided by NDO allows monitoring the health of the interconnected fabrics, enforcement of segmentation and security policies, and performance of all tasks required to define tenant intersite policies in multiple sites through an easy to manage user interface.

What’s New?

NDO is always evolving to meet the needs of the ever-growing hybrid cloud world.  So, what is new now?   Recently Cisco launched NDO release 3.5 and 3.6 which incorporates several enhancements to help orchestrate consistent networks across multi-fabric and multicoud environments.

Key NDO 3.5 Enhancements: 

• BGP for underlay peering with ISN –
• This provides support peering spines with the ISN devices using BGP adjacencies.  It simplifies ISN connectivity using BGP only.
• External connectivity from Cloud Sites
• This allows you to establish external connectivity between Cloud CSRs and external devices with IPsec & BGP, which provides access to cloud resources from external networks (Branch, Campus, Co-lo, Internet)
• Show DCNM object fault info from all sites
• Scalability improvement of 12 DCNM sites

Key NDO 3.6 Enhancements: 

• Configuration drift reconciliation workflow for APIC and NDFC provides:
• NDO workflow that synchronizes and merges any policy config discrepancies/changes made in APIC or NDFC level.
• Ease of Use Improvements
• Scalable static port binding with leaf/port range provisioning
• Bulk update workflow for template objects
• NDO Cloud Enhancements allows:
• Google Cloud connectivity
• Multi-cloud inter-site connectivity between AWS, Azure, and Google Cloud Sites
• Partial mesh EVPN-VXLAN connectivity between on premises and AWS and Azure cloud sites
• Workload connectivity for multicloud without policy
• Proxy support for cloud sites
• SD-Access Campus (DNAC) and ACI Integration – Macro-Segmentation includes automating:
• Connectivity of Campus VN to access DC VRF
• Internet access for Campus VNs through ACI
• Visibility of VN-VRF extension and connectivity status
• NDFC 12.0(2) support

With all these updates customers can continue to enjoy simple orchestration across hybrid cloud environments all through the single interface of the Nexus Dashboard.

Source: cisco.com

Continue reading

300-515 SPVI | CCNP Service Provider | Syllabus | Questions | Exam Info | All You Need to Know

 

Cisco CCNP Service Provider Exam Description:

The Implementing Cisco Service Provider VPN Services v1.0 (SPVI 300-515) exam is a 90-minute exam associated with the CCNP Service Provider and Cisco Certified Specialist - Service Provider VPN Services Implementation certifications. This exam tests a candidate's knowledge of implementing service provider VPN services, including Layer 2, Layer 3, and IPv6. The course, Implementing Cisco Service Provider VPN Services, helps candidates to prepare for this exam.

Cisco 300-515 SPVI Exam Overview:

• Exam Name- Implementing Cisco Service Provider VPN Services
• Exam Number- 300-515 SPVI
• Exam Price- $300 USD
• Duration- 90 minutes
• Number of Questions- 55-65
• Passing Score- Variable (750-850 / 1000 Approx.)
• Recommended Training- Implementing Cisco Service Provider VPN Services (SPVI)
• Exam Registration- PEARSON VUE
• Sample Questions- Cisco 300-515 Sample Questions
• Practice Exam- Cisco Certified Network Professional Service Provider Practice Test

Related Articles:-

1. Why Should You Try to Pass Cisco 300-515 SPVI Exam?
2. Top Preparation Tips for Cisco 300-515 SPVI Exam: Can Practice Tests Help You Succeed?

Continue reading

Attaining Business Resiliency with Cisco Nexus Dashboard Insights

Identifying and Resolving Issues

IT teams require end-to-end visibility to ensure business critical applications are accessible and running effectively. But they often struggle with siloed processes and juggling multiple tool-sets to manage and monitor the network. They also need to ensure the network configuration is compliant with the established business intent. Cisco just released Nexus Dashboard 2.1.2 and Nexus Dashboard Insights 6.0.2 that addresses these issues and enables IT to identify and quickly resolve issues that ultimately enhance workforce productivity and efficiency.

It is often difficult to understand where issues lie in the network. Is it the physical devices, the endpoints, the applications, or the configurations—or possibly something else? Having this lack of knowledge increases the troubleshooting complexity as well as the time it takes to locate pain points.

Nexus Dashboard Insights 6.0 brings innovative One-Click Remediation, with which IT can identify issues in a single dashboard and resolve them with—literally—the click of a button. For example, as shown in the following screenshot, there is an anomaly with an access-entity profile that’s not associated to any of the domains. This issue will have a major impact into the network and applications for the workforce.

To fix this type of problem, NetOps needs to login to the Cisco Application Policy Infrastructure Controller (APIC) and check the application profiles, domains, and cross-check numerous places to make sure it won’t impact any other connections. However, the new One-Click Remediation feature provides NetOps with a diagnostic report and a “fix button” that will immediately resolve the issue. This dramatically reduces the amount of time and steps to identify and resolve an issue.

IT also needs to support business-critical applications by ensuring they are compliant with business intent and security policies. The new Compliance and Pre-Change Analysis features in Cisco Nexus Dashboard Insights provides a proactive approach to ensure configurations are properly setup to ensure applications are meeting the company’s business intent.

For example, a company may have a standard policy to prevent traffic from an internal server to the Internet. IT can create an applicable compliance requirement (shown in screen below) to be notified if the server begins communicating with the internet.

If there is a traffic between the internal server and the internet, then IT will receive a CRITICAL traffic restriction violation based on the compliance policy. IT can then analyze the anomaly to see what configuration is incorrectly allowing the traffic flow. In this example there is a contract allowing the traffic between the internal server and the internet. The new compliance feature enables IT to be proactive and identify issues before they start becoming a threat.

As part of Nexus Dashboard Insights new features, the Pre-Change Analysis enables IT to fix this specific traffic violation issue (by deleting the contract) and to ensure this won’t cause any other issues. Using the Pre-Change Analysis, IT can test the proposed configuration change and evaluate its impact on the network prior to committing any network changes. The following screen shows an example of deleting an existing contract between the internal server and the internet.

IT can also identify if there are any potential issues with a particular configuration change by looking at a snapshot of the current configuration and comparing it with the proposed configuration. IT can also look at all the resources that will be affected by this proposed change.

As shown in the following figure, the compliance requirement is met with the proposed change. IT can confidently make the change and know that there will be no negative impact on the network. With these Cisco Nexus Dashboard Insights features, IT can quickly and easily fix an issue to meet a compliance requirement for their business-critical applications, as well as validate the outcomes of the fix through Pre-Change Analysis before implementing the configuration.

Insights for Network Resiliency

At any point of time, IT strives to maintain network resiliency to securely meet the goals of business operations. Cisco Nexus Dashboard and Nexus Dashboard Insights provides the visibility, trust, and tools that IT needs to be successful. Learn more details about Nexus dashboard Insights from our Resource links below.

Source: cisco.com

Continue reading

Cisco Networking Academy partner NIIT Foundation creatively addresses inclusivity

While the International Monetary Fund (IMF) predicts India’s economy will bounce back strongly from the pandemic — with GDP predicted to grow 12.5 percent in 2021, after an eight percent decline in 2020 — a big challenge is ensuring that the growth is inclusive.

India has achieved a great deal in inclusive growth, lifting as many as 133 million people out of poverty in the last two decades, but it is clear that more needs to be done. Upon the release of India’s Global Human Development Report, The Real Wealth of Nations: Pathways to Human Development, Syeda Hameed, a member of India’s Planning Commission, said “far too many people are being left out of India’s growth story.”

Overcoming the insurmountable

In an emerging market with nearly 1.4 billion people, that may sound like an insurmountable challenge. There are a few factors, especially in the area of education, that indicate a more inclusive future is possible.

As early as 2014, Indian Prime Minister Narendra Modi proclaimed, “I dream of a digital India where quality education reaches the most inaccessible corners driven by digital learning.” In the same year, the Ministry of Skill Development and Entrepreneurship was established, with the aim of matching the supply of skilled candidates with the requirements of employers.

Unfortunately, around the world inequality widened throughout the pandemic. Disadvantaged communities and individuals with poor infrastructure and employment prospects felt the heaviest impact. In an increasingly digitized world, lack of access equates to lack of opportunity.

While technology drives overall economic expansion, it is more specifically digital connectivity that determines access to economic and social opportunity. At Cisco we believe that connectivity is critical to create a society and economy in which all citizens can participate and thrive. And we’re working to make that happen.

Cisco India innovates on inclusivity

Even before the pandemic, Cisco India started to bridge the education divide, with the creation of the Cisco Ideathon in 2019, which fundamentally changed our hiring practices to be more inclusive. The program was open to students from Cisco Networking Academy partner colleges and universities in rural and peri-urban areas, which are not part of the traditional talent supply chain. And top performers are often offered internships or jobs with Cisco.

Cisco Networking Academy equips educators with leading curriculum (licensed free to educational and non-profit institutions), Webex by Cisco, and resources for students that lead to industry-recognized skills and certifications. This is a true end-to-end skills-to-jobs program connecting learners with peers, mentors, and job opportunities through our job-matching engine, Talent Bridge.

Job offers to date have been equally distributed by gender, with a significant number of students hired from rural and peri-urban states, such as Odisha, Uttar Pradesh, Madhya Pradesh, and Rajasthan, where practically no top-tier company traditionally sought top talent before. Through Cisco Networking Academy’s training and education partnership with the NIIT Foundation, these underserved communities can participate in growth opportunities.

Making inclusive magic with the NIIT Foundation

NIIT Foundation, an education NGO, has a mandate to reach the unreached, uncared for, and unattended, to ensure inclusive development. The NIIT Foundation’s mission is to positively impact the underprivileged of the country through educational initiatives and skill development programs.

For its extraordinary work on inclusive education, the NIIT Foundation recently received Cisco Networking Academy’s Be the Bridge Award.

Starting as an Academy Support Center in 2019 with 6,000 learners, the NIIT Foundation quickly grew to support as many as 56,300 student participants. Last year it registered 236 percent growth in student numbers, and a massive 885 percent growth in career student participants.

NIIT Foundation works hard to ensure all Indians have access to the education and skills that jobs of the future require, to ensure inclusive development for all Indians. The NIIT Foundation held its first Skill-a-Thon for Tier 2 and 3 colleges in urban and rural areas in Northern India, using a focused campaign to attract students to career and Cisco Certified Technician (CCT) courses. This event attracted more students to CCT courses than the number of students who participated last year.

Educating the underserved

The organization also launched a pilot program to train people with disabilities on IT Essentials, with plans to scale beyond the current two locations, as well as a program to include India’s LGBTQIA+ community. And we have recently started a program to provide skills training to prison staff and inmates in Indian prisons.

Many underserved institutions in rural parts of India that lack resources and trained instructors have been exposed to the untapped power of the NIIT Foundation’s resources. NIIT even developed ATM-like “Hole-in-the-Wall Learning Stations,” making computers and the internet available for children who would otherwise not have access.

In India, Cisco Networking Academy currently boasts 328,000 students, with 864 partner organizations. Organizations like the NIIT Foundation are helping Cisco achieve its purpose of Powering an Inclusive Future for All.

Source: cisco.com

Continue reading

Integrating Perimeter and Internal Defenses: 5 Facts That May or May Not Surprise

IDC recently had the opportunity to talk to CISOs regarding the integration of Cisco Secure Workload and Secure Firewall. As analysts, we can articulate the technical benefits. The realized benefits can be different when real-life budget and time constraints are applied. Our conversations were quite illuminating. Below are 5 realities that may or may not surprise you when it comes to integrating perimeter and internal defenses:

1. Time is the currency of the day—Ransomware, cryptomining, and supply chain attacks are top of mind until we get into the office; business needs drive the fires to be fought during the day. The ever-present need to move quickly to stay ahead of cybercriminals require tools to “just work. ” According to the CISOs we spoke with, “if you’re limited on funds and don’t have a 20-person security team, you have to do a lot quickly…being able to get these overlapping protections…and they’re talking to each other really shines.”

2. Perimeter and internal defenses is not an “either-or” issue; it is an “and” issue—Firewalls have a prime vantage point, being able to observe all traffic traversing into and out of our infrastructure. But internal defenses are a bit more complicated. Digital transformation though does not wait for pristine security measures and policies to be put in place. Rather, digital transformation can force us to wrap devices or application like workloads and IoT devices in zero-trust policies elegantly or inelegantly; digital transformation does not care. According to the CISOs, “For organizations like hospitals that have IoT devices and new technologies, it’s going to be hard to wrap policies around all those devices. You’ve got some new scanner or a new handheld; how can you protect and lock them down? Maybe you can’t put an agent on some of them. So in a situation like that, with this [Secure Workload + Secure Firewall integration] you can wrap a zero trust policy around securing all those devices.”

3. Integration is real—Let’s acknowledge the elephant in the room; vaporware is a word for a reason. In this instance though, the integration of perimeter and internal defenses is actually happening already.  The integration is going beyond a single pane of glass management console and being driven by a real need to solve real problems. According to the CISOs, “You can get that data from the firewall and then you can use that data to wrap a Tetration [Cisco Secure Workload] workload protection policy around those, even without an agent on there.”

4. Integration enables automation—Time poverty is omnipresent. The holy grail of security is automation, which isn’t possible without deep integration. According to the CISOs, “I can have one block list in SecureX. When I right click on an IP address or SHA-256, I’ve got some automation set up and block it at the AMP level, the firewall level, and a number of places, Stealthwatch…everywhere.”

5. “One throat to choke”—Budget, time and management constraint are real and painful. The CISO of a top 10 bank may not serve these masters, but the CISOs with whom we spoke do. Deeper discounting, simplified buying process, and a “one throat to choke” are intangible, but invaluable benefits of integration. According to the CISOs, “With one company, it makes it a lot easier to get people to work together.”

Integration is a key aspect of digital transformation, and in the security realm can mean the difference between an intrusion attempt and a data breach. However, integration has to mean more than simple co-existence. True integration will improve workflows, productivity, and security outcomes. The level of integration between perimeter and internal defenses may well be the difference maker, as CISOs continue to navigate new and emerging threats, technologies, and business requirements.

Source: cisco.com

Continue reading

Solving Multi-vendor Network Management Complexity with OpenConfig

As the industry moves towards controller managed networks, where the operator describes what and not how to manage, configuring and maintaining networks from a single vendor remains very complex. Add in the need to manage devices from multiple vendors, and the complexity is multiplied.  Yet network operators typically have devices from multiple vendors and must use their models to configure, integrate, test, and manage those devices.

A better way to manage multi-vendor networks is here: The use of models from OpenConfig, which is fully supported in Cisco IOS XE Software.

Why use OpenConfig?

OpenConfig is an effort by network operators in collaboration with vendors to build open, software-defined, vendor-neutral, and model-driven principles for network configuration and management. OpenConfig enables the use of:

◉ Data models for configuration and management using Yang 1.0 that are vendor neutral

◉ Streaming telemetry for monitoring and obtaining incremental updates (SNMP is passé), which enables a Pub/Sub interface that alerts the collector of changes almost as soon as they occur on the device

The OpenConfig participants include large corporations and service providers like Google, British Telecom, Microsoft, Facebook, Comcast, Verizon, and Level 3.

OpenConfig also allows vendors like Cisco to add their own tweaks via extensions to the models.

Figure 1 shows the OpenConfig models, which are published on GitHub.

Figure 1. OpenConfig Models

Cisco’s Embrace of OpenConfig

Many customers with Massively Scalable Data Centers (MSDCs), such as Microsoft, are very interested in OpenConfig as they run huge data centers with devices from multiple vendors. Various other networking vendors such as Juniper and Arista also support OpenConfig models.

The Cisco IOS XE architecture in Figure 2 lends itself to implementation of OpenConfig models with little effort because Cisco IOS XE already supports the OpenConfig enabler:  streaming telemetry.

Figure 2: Cisco IOS XE – Functional Architecture

Cisco developers have tested and implemented many native models for most of the Cisco IOS XE features. Native models are specific to Cisco devices and platforms. We can implement the OpenConfig models so there is no duplication of effort. The request for an OpenConfig data element is converted to the corresponding native data element because Cisco models are typically a superset of what OpenConfig offers.

The architecture diagram in Figure 2 shows how the configuration and operational databases are common for native and OpenConfig models. We only need a way to translate between the native and the OpenConfig model elements.

Typically, we request a configuration or operational data elements, like those listed in Figure 3, and a corresponding native data element associated with it. Cisco IOS XE provides infrastructure to translate the OpenConfig data element to the corresponding native data element. So, the process of supporting OpenConfig models is typically not very hard if the native models for the corresponding OpenConfig models exist.

Figure 3. OpenConfig and Native Interfaces

Implementing Operational Telemetry with Cisco IOS XE

Cisco IOS XE provides two ways to implement operational telemetry, depending on whether the elements have performance implications, such as the number of interfaces and statistics on all the interfaces. These can be large numbers, since Cisco supports modular switching platforms with multiple line cards. Cisco IOS XE provides a way to get the data from the database using FastPath. For environments with fewer interfaces, the mapping infrastructure can be used to get the data from the corresponding native element.

Over the last few months, Cisco IOS XE developers have been actively involved in developing the OpenConfig models in multiple areas on Catalyst 9000 Series switch platforms for a customer in order to fulfill very interesting use cases which involve migration from SNMP. This entailed testing with the use of the customer’s network data platform and optimizing the implementation for scale and performance. The implementation catered to various telemetry types including on-change and periodic notification.

We engaged the customer in a co-development model where we provided an image with the new model implementation and the customer tested it in the network and gave us feedback. This ensured a quick turnaround time for any issues found at the customer site and completion of the use cases with verification in an actual deployment. The development cycle was completed once we completely automated the testing. We used Genie for operations and telemetry and an in-house tool for configuration models. This model of development eliminated the need for tradition DevTest and resulted in quicker delivery to the customer.

We have occasionally run into issues when a certain data element couldn’t be supported, due to the lack of functionality on the device. We have also encountered scenarios when the representation of a data element was inaccurate. Aside from working with the customer on that issue, Cisco is also raising the problem with the OpenConfig taskforce to make changes to the models.

Cisco continues to develop more OpenConfig models and will also upgrade the revision of the current models to the newer versions published in the upcoming releases of Cisco IOS XE. If you’re a network operator struggling with configuring and managing a multi-vendor network, struggle no more—OpenConfig is the way forward.

Source: cisco.com

Continue reading