Vacations and IT Operations: Save Time with the Right Tools

You have just used an online travel aggregator site to plan your summer vacation. The day of your trip arrives, you’re exhausted before you even set foot on the beach. Getting to the airport, boarding the first of two flights, making a connecting flight, and picking up luggage all wear you out. Your goal is the beach, but to get to it you’ll spend considerable time on tactical, non-value add, operational logistics.

Relax. You’re a smart traveler – Your TSA Clear approval saves you that long queue at the security checkpoint. Your Platinum travel partner membership gives you priority check-in for your flight and hotel. These tools shorten the time to get to the beach while allowing flexibility in planning your schedule. Wish you could have something similar, to manage your IT operations? Stick with me.

Where ITOps Teams Lose Time

As an IT manager, you’re expected to make sure your company is providing an outstanding digital experience that’ll drive revenue and growth. That’s the end goal. But to get there you’ll have to support your DevOps team through not just the development process but the ongoing application lifecycle. Multiple tasks to get to your goal, like getting to the beach, likely wear down your team, from deploying infrastructure, figuring out how to deploy and manage containers for cloud-native apps, and making your best estimate at provisioning resources in the public cloud. Task switching between tools and learning Kubernetes takes away valuable time and slows down service delivery. A missed flight connection is like a missed task, and something you want to avoid.

Simplify deployment and delivery, anywhere

Intersight bridges the gap between ITOps and DevOps

Cisco Intersight can help you move faster and more reliably, bridging the divide between dev teams and LoB with operations, and changing the perception of IT from a “necessary cost center” to an innovation driver. From one dashboard, you can:

◉ Add resources to your virtualized datacenter.

◉ Set up a new off-the-shelf application for your users.

◉ Stand up a Kubernetes cluster at the edge in just a few clicks.

◉ Provide multi-cloud resources for your developers to deploy code.

◉ And more

Managing and deploying all physical and virtual infrastructure and supporting any workload type (VMs, K8s in VMs, bare metal K8s, serverless) in one place saves your teams from switching tools. The user-friendly automation of Intersight with API-based integration gives your internal customers flexibility to use the resources the way they want.

Integrate with DevOps to accelerate application delivery

Intersight integrates with cloud providers and supports an ecosystem of 3rd party tooling

Intersight brings together the tools your IT Operations knows and integrates with tools your dev teams are using. As an open, cloud-neutral platform it integrates with cloud providers and supports an ecosystem of third-party tooling, so your internal customers can continue using the platforms and software of their choice—without disruption.

The result? Your team can move faster and expose with IaC plans that your developers are used to working with or orchestrating across every infrastructure and workload aspect of your Intersight-managed environment while managing risk and governance. And with open API support, you can extend and integrate with ITSM tools or 3rd-party endpoints for more control.

Accelerate service delivery and flexibility with Cisco Intersight

You know how to minimize the headaches that stand between you and the beach. Now you can apply smarter ways of working to deploy and support business critical applications. Get out of the business of managing management products and focus on accelerating delivery for line-of-business.

Source: cisco.com

Continue reading

Cisco Announces Open Source Cloud-Native Offerings for Securing Modern Applications

Today at KubeCon + CloudNativeCon North America 2022 in Detroit, Cisco unveiled FunctionClarity, a new open source project which helps developers secure the serverless functions that fundamentally reduce the amount of code necessary to create and deploy cloud-native applications.

Based on SigStore, FunctionClarity lets users sign the code of serverless functions, and authenticate their integrity from a trusted pipeline, when deployed across any cloud environment. It allows both keyless and key pair methods to eliminate exposure of the code at runtime.

The launch of FunctionClarity comes as the use of serverless technologies is growing exponentially. For example, AWS (Amazon Web Services) Lambda functions are now invoked 3.5 times more often compared to just two years ago.

OpenClarity is a trio of projects

FunctionClarity is the third chapter in the OpenClarity set of open source projects which help solve problems around application security, the software supply chain, and the “Shift Left” movement in software development that fully considers security from the outset.

Chapter 1: At KubeCon North America in 2021, Cisco released APIClarity, an open source API tool for visualizing and identifying potential risks such as API drift, shadow and zombie APIs. It builds and analyzes the OpenAPI specifications for all APIs in your environment.

Chapter 2: In May at KubeCon Europe 2022, we followed with the release of KubeClarity, an open source tool for detection and management of Software Bill of Materials (SBOM) and vulnerabilities of container images and filesystems. It scans both runtime Kubernetes clusters and CI/CD pipelines for enhanced software supply chain security.

Building the Application-First Future

Modern, distributed application software solves real-world business problems. Increasingly, those software assets come from everywhere – internal, cloud, SaaS, open source – run anywhere, and are accessed from anyplace via APIs and service calls.

In this distributed environment, the expanding attack surface for these applications includes APIs and serverless interfaces, vulnerable services, and opaque software assets. It’s no surprise APIs and service endpoints have become preferred threat vectors with the average company experiencing a 95% rate of API security incidents. There has been a 540% increase in the number of API-related security vulnerabilities recorded in the OVE database between 2015 and last year.

Transparency about your software tools and assets, and the security of APIs and interfaces, from development all the way through to production are therefore critical to ensuring you, your customers and end users are protected.

Panoptica brings 360-degree visibility and remediation options to your application attack surfaces in a single, modular application-security solution. As a freemium SaaS service that’s easy to get started and consume, it connects through your application SDL workflows, toolchains, and runtime to help your teams shift everywhere. It lets developers, SREs and security experts seamlessly collaborate within the same environment.

Nikolas Mousorous, DevOps Engineer, Marlow Navigation: “Existing security solutions we had in our environment couldn’t address our transition to modern microservice-based applications. Working with Panoptica, we were able to insert security controls into our complex environment seamlessly for secure application deployment and connectivity.”

Calisti is a complementary solution that provides discoverability, connectivity, SLO, and lifecycle management across all your application services – from greenfield, cloud-native applications to hybrid, traditional, and cloud-based applications. Calisti integrates seamlessly into your cloud operating environments, and allows your SRE, DevOps and cloud platform teams to easily connect, scale and manage the performance of application services across virtual machines (VMs), Kafka instances, and Istio service meshes, across any cloud or on-premises footprint.

Cisco Leading in Open Source

Cisco is taking an increasingly leading role in open source, stepping up contributions and driving the open source movement forward across the enterprise application ecosystem.

We have been a Platinum Member of the Cloud Native Computing Foundation (CNCF) since it was founded, and we have been Diamond Sponsors of KubeCon for every year since its inception. We also serve as members of the steering committee for the Linux Foundation’s TODO Group, we are a Platinum sponsor of Open Source Security Foundation (OpenSSF), LF Networking, LF Public Health, and we are Gold or Premier for Open19, Linux Foundation, and the Bytecode Alliance.

Along with the trio of OpenClarity projects, we have launched, maintain, and contribute to many other cloud-native projects including Dex, Bank Vaults, Istio Operator, K Operator, Logging Operator, Zot, and Network Service Mesh, and we are among the top five contributors to OpenTelemetry.

Calisti and Panoptica are both built on the open source foundation of the above-mentioned projects.

Join Us at KubeCon in Detroit

Come see Cisco at KubeCon + CloudNativeCon North America 2022 this week at the Cisco Solutions Showcase, Booth D3 in Exhibit Hall B, at Huntington Place in Detroit. There you can view a demo of FunctionClarity and learn more about the emerging Security, Observability, and Connectivity solutions Cisco is building. You can also find out about the latest open source projects at Cisco, including how to contribute and collaborate.

At the Cisco booth, you can get your own personalized hoodie, choosing from multiple designs to make an amazing statement, and even watch it get printed. In addition, for every theatre session and demo attendee, Cisco will donate a pair of socks to local Detroit homeless shelters so we can all give back to the community.

Source: cisco.com

Continue reading

Free Tool Helps You Visualize and Understand YANG Models

All YANG Suite, all the time

Are you interested in automating the process of viewing operational data or configuring network devices remotely? YANG models are the foundation to automation and programmability for Cisco IOS XE devices. Not sure where to start? Cisco YANG Suite is a free tool to help understand and visualize Yet Another Next Generation (YANG) models ranging from standards-based models such as OpenConfig and IETF to Cisco native models. Start using YANG Suite today to become a programmability pro!

The previous releases of YANG Suite include the set of Core Plugins and support for NETCONF, RESTCONF, gNMI, and gRPC telemetry as well as a Python script generator for payloads created within YANG Suite. To simplify your programmability and automation journey, the third release introduces four additional features: gRPC Telemetry with TLS support, SNMP OID to YANG Xpath mapping, Ansible integrations and PIP installation.

Let’s dive into the new YANG Suite features included in the third major public release.

Secure gRPC Dial-Out using TLS

With increased security threats comes the need for secure telemetry. Now, YANG Suite provides support to upload the necessary certificates and keys to implement Transport Layer Security (TLS).

Simplify the SNMP to YANG Transition

Simple Network Management Protocol (SNMP) has been become a standard method to understand and work with network devices. However, the new approach is to use YANG models to remotely query network devices for operational data or to configure the devices. To facilitate the transition from SNMP to YANG, YANG Suite provides the option to add an object identifier (OID) and YANG Suite will perform an SNMPwalk to locate the corresponding Xpath. Additionally, you can validate that SNMP and the newly-found YANG model return the same data directly within YANG Suite—sweeeeet!

Replicate Custom YANG Payloads with Auto-Generated Ansible Playbooks

Quickly and easily generate an Ansible playbook for a NETCONF, RESTCONF, or gNMI payload built in YANG Suite. This can help you run your favorite payloads across multiple devices. All you need to do is build up a payload using our protocol of choice and select “Replays” and the “Generate ansible playbook” button. Now, sit back, relax and let YANG Suite generate Ansible playbooks for you.

Docker or Pip? You decide.

Previously, YANG Suite was accessible using Docker containers. Now, in addition to Docker, we can now install YANG Suite using PIP. Check out the examples below:

That’s a wrap!

With the third YANG Suite release, we introduce:

◉ gRPC Telemetry with TLS Support

◉ SNMP OID to YANG Xpath mapping

◉ Ansible integrations

◉ PIP installation

Source: cisco.com

Continue reading

An Introduction to Understanding FFIEC Regulations

Regulatory requirements are a key operational concern that we hear about from our financial customers. As a key provider of technology for mission-critical financial system infrastructures across the globe, Cisco is held to the highest levels of scrutiny in the financial services regulatory audit chain. We have helped customers navigate the complex requirements and landscape to help keep them protected, when 100% of their business, relies on our equipment in the value chain.

A key challenge is managing iterations of infrastructure in global financial enterprises which have spanned 50+ years of digitization. These systems are continually being updated with newer and better ones; however, it takes a long time to sunset the legacy technology.  This leads to many generations of installed technology sets with diverse hardware and software systems, all that need to be tracked and managed, secured, and audited. Regular external examination is a necessary challenge to ensure hygiene of these systems are maintained amidst a backdrop of increasing cyber risk.

Streamlining the IT audit process

The Federal Financial Institutions Examination Council—or better known as the FFIEC—is a formal U.S. government interagency body charged with helping streamline the audit process. A number of our financial institution customers are regulated by multiple, and different, regulatory bodies. In the U.S. a few agencies include the Federal Reserve (FRB), the Federal Deposit Insurance Corporation (FDIC), the National Credit Union Administration (NCUA), the Office of the Comptroller (OCC), and the Consumer Financial Protection Bureau (CFPB). Without consistency, if every agency had their own examination criteria for assessment it would be exceptionally difficult for financial institutions to get work done.

To help streamline audit, the FFIEC as an interagency body, creates uniform principles, standards, and report forms for federal examinations of financial institutions. Having a consistent set of audit criteria and forms, a financial institution can have one audit that satisfies numerous federal regulatory agencies and keeps it a level regulatory playing field. The FFIEC’s scope is much broader than simply the IT aspects of digital financials, as it includes credit markets, fraud, BSA/AML, liquidity, and other areas of interest for regulatory bodies.

IT Governance in Financial Services

Over the next few weeks and months we’ll be contributing blogs that will focus on the FFIEC’s requirements in the information technology space, covering the below distinct areas:

◉ The Cybersecurity Maturity Assessment and how to use it

◉ The 2021 Updates in the Architecture, Infrastructure, and Operations book

    ◉ Hardware and Software Lifecycles

    ◉ Common Risk Management Topics: Architecture, Data, IT

    ◉ Infrastructure Management

    ◉ Operations and Operational Processes

◉ Cisco tools that can satisfy regulatory governance requirements

The goal for this series of blogs is to help the IT teams of financial institutions be aware of the regulatory concepts dealt with further upstream in an organization, and to promote tools that simplify the hardening of systems and streamlining audits.

Source: cisco.com

Continue reading

Cisco 300-820 | CCNP Collaboration Exam Syllabus | Free CLCEI Practice Questions

Cisco CLCEI Exam Description:

The Implementing Cisco Collaboration Cloud and Edge Solutions v1.0 (CLCEI 300-820) exam is a 90-minute exam associated with the CCNP Collaboration and Cisco Certified Specialist - Collaboration Cloud & Edge Implementation certifications. This exam tests a candidate's knowledge of collaboration cloud and edge solutions, expressway configurations, Cisco WebEx Teams hybrid and emerging technologies. The course, Implementing Cisco Collaboration Cloud and Edge Solutions, helps candidates to prepare for this exam.

Cisco 300-820 Exam Overview:

• Exam Name- Implementing Cisco Collaboration Cloud and Edge Solutions
• Exam Number - 300-820 CLCEI
• Exam Price- $300 USD
• Duration- 90 minutes
• Number of Questions- 55-65
• Passing Score- Variable (750-850 / 1000 Approx.)
• Recommended Training- Implementing Cisco Collaboration Cloud and Edge Solutions (CLCEI)
• Exam Registration- PEARSON VUE
• Sample Questions- Cisco 300-820 Sample Questions
• Practice Exam- Cisco Certified Specialist Collaboration Cloud & Edge Implementation Practice Test

Related Articles:-

1. Cisco 300-820 CLCEI Exam: A Detailed Exam Preparation Guide
2. CCNP Collaboration 300-820 CLCEI Exam: Brief Description, Preparation Tips and Benefits

Continue reading

ThousandEyes Looking at EchoLink

I’m working with a Cisco service called ThousandEyes. Now, the best application of ThousandEyes would be to spot problems, especially with cloud services. If you offer a service in the cloud and customers are complaining about performance, ThousandEyes can reveal where the bottlenecks exist. Then you can execute a plan of action to get the issues addressed. But, indulge me a moment to explain the excuse I’m using to play with it.

I recently passed my Amateur Radio exam to get licensed again after letting my Advanced license expire 30 years ago. Before I share my new call sign, here’s a note for the benefit of non-hams (ham is common lingo for an Amateur Radio operator). It is customary to use a standard phonetic alphabet when giving your call sign on the air. For example, WB2GJ would be Whiskey Bravo 2 Golf Juliet. But someone might say WB2 George Jetson just for fun. (If you recognize the name, you’re dating yourself. And no hams were doxed for this blog; there is no WB2GJ.)

I mention this because the FCC assigns KI5VDI as my new call sign. I didn’t think any call sign could be worse than the one I had in Colorado, KB0FU. Yeah, say that one out loud and you’ll get it. But KI5VDI? I just know someone will say or at least think “KI5 Venereal Disease Infection”. So, I purchase a vanity call sign similar to my original Advanced call sign, WB2EWS. I get N2EWS. That’s good news. I’m now cured of Venereal Disease Infection.

As a revitalized ham, I find myself listening to a conversation on 2 meters. (We hams refer to frequency ranges by their approximate wavelength. The 144-148 MHz frequency wavelength is about 2 meters.) People you speak with on the 2-meter band are generally very close by. These signals don’t travel far unless you have the opportunity to do something fancy pants like bounce your signal off a meteor. Even then, voice communication would be virtually impossible. So, I am shocked to hear a local Texan talking with someone in South Korea. How? Repeaters extend the range on 2 meters so your signals can jump over objects like mountains or tall buildings, but even a daisy chain of repeaters isn’t going to reach South Korea.

It turns out they are using EchoLink. This free software lets you link your radio to your computer and connect anywhere with VoIP. You talk on the radio, and EchoLink forwards everything to the remote location, typically the other person’s radio connected to EchoLink.

I download and install EchoLink to give it a try. Being a Cisco guy, the first thing I think about is how reliable VoIP will be with this software and EchoLink destinations. Network latency and jitter can be a problem for VoIP.

This is where ThousandEyes (finally) comes in. ThousandEyes analyzes network traffic in detail. Fair warning: This is not a typical reason for using ThousandEyes, and I’m using ICMP to simplify the test. Normally you would use TCP and a port to get a more realistic view. Unfortunately, EchoLink doesn’t like tests on its VoIP port. But even these simple ICMP results are very interesting.

I see that EchoLink chooses a server in San Diego for my connection (nasouth.echolink.org). When I use EchoLink for ham radio, I’ll use it on my personal PC. But I’m testing it on my work PC, which adds a level of complexity since I use a Meraki router on the Cisco network. I install a ThousandEyes agent on my work PC so I can test the network from my work PC to the EchoLink server. The agent isn’t working. What’s my boggle? The agent is a Chrome extension and I’m using Firefox. No problem. I switch to Chrome and be well.

I run the first test. The path visualization (see Figure 1) shows some interesting information. The blue dots are nodes that have ThousandEyes agents. When I click on a blue dot, it shows the node information. The empty circles with numbers are unidentified node hops. The number tells you how many unidentified hops there are in that chain. Not every node in the Interwebs is equipped for ThousandEyes, yet.

Figure 1: The path visualization from the work PC to the EchoLink server

The table view shows the latency and jitter. The jitter is higher than I expected, but it shouldn’t be a problem.

Figure 2: The latency and jitter of this connection

That is only half of an EchoLink connection, though. The other half would go from the contact in South Korea to the San Diego server. When you define a ThousandEyes test, you can pick multiple agents from anywhere in the world. I can even select multiple countries at a time for a single test. In this case, I only want one country, South Korea. But I can specify several South Korea nodes as starting points.

Figure 3: I don’t have the location of a user in South Korea, but I can check various ISPs

The table below shows that all but one source in South Korea have very low latency and jitter. But even the 3.2ms jitter is unlikely to be a problem.

Figure 4: Table of latency and jitter for each South Korea starting point

Now let’s look at the paths. There are enough hops to be an IPA recipe. The red lines are links between two nodes where the delay is greater than 100ms. It is entertaining to hover over the dots to see traffic details. In one case, for Google (gcp asia-northeast3), the first jump is from South Korea to Illinois! Azure koreacentral is the only starting point with a path that has no delays. Since none of the delays add up to a significant latency, as shown in the above table, the delays are unlikely to be significant when using EchoLink.

Figure 5: The paths from South Korea to EchoLink

Let’s try another location for Amber Heards and giggles. How about war-torn Ukraine? Surely this will show network problems.

Figure 6: Choosing starting locations in Ukraine

I see two IPv4 agents in Ukraine, one in Kyiv and the other in Kharkiv. Kyiv uses Deltahost Company. Kharkiv uses Ukrainian Internet Names Center LTD. The results (see Figure 7) are impressive for a war torn country. Check out Figure 8 for the paths. No delays and no dead ends. Do we have Elon Musk to thank for this? I click on a few blue dots and see that several nodes are through Cogent Communications.

Figure 7: Low latency and no jitter to speak of

Figure 8: The paths to freedom

Overall, EchoLink communications should work very well, even to Ukraine.

I’m impressed with ThousandEyes. As more routers become ThousandEyes agents, there should be fewer and fewer unidentified nodes in test results. I’ll keep experimenting and report whatever may be interesting.

Source: cisco.com

Continue reading

Innovation at the inner core of Cisco DNA Center

Cisco DNA Center has seen several releases with significant innovation and the evolution of the product platform. With DNA Center capabilities aligned to Gartner’s four IT personas (AIOps, NetOps, SecOps, and DevOps), it is important to take a step back and look at the platform or networks-put the “underlay.”

With changes in the IT landscape, several megatrends are shaping what the network platform needs to deliver. With the new landscape where both applications and users are on the move, the face of the campus network has changed and expanded.

Figure 1. Megatrends shaping digital transformation

Cisco DNA Center Virtual Appliance, deployment flexibility

With applications moving to the cloud, it is no surprise that management platforms are moving to the cloud. Cisco DNA center is no exception. DNA Center is now able to run on AWS, and the deployment of the AWS VA takes under an hour from start to finish.   A lot of flexibility is also provided to the end user through the support of a launchpad to automate the installation or through a manual mode for users who already have a custom AWS environment. DNAC install is completely programmatic in both cases (no login to shell required!)

At this point, users can get on the Cisco DNA Center UI and begin configuration, discovery, and more.

Figure 2. Virtual Appliance Diagram

Following AWS, a VMWare version of the appliance will be released, allowing customers to use their existing VMWare infrastructure to run Cisco DNA Center instead of a physical appliance. As part of Cisco’s commitment to the platform, no matter how you deploy Cisco DNA Center, users will see feature parity it is the same Cisco DNA Center code and capabilities.

Hardened Security Features

Some verticals, industries, and organizations have specific security requirements mandated, such as FIPS.

Activation of FIPS compliance at Cisco DNA Center install time enables security features such as secure boot, TPM, session timeouts, and password expiration.  When data is shared using weak or deprecated ciphers, that data is at risk of being decrypted by malicious actors. Cisco DNA Center now supports FIPS 140-2-compliant cryptography modules, ensuring that only strong NIST-approved ciphers are used and enabling deployment in security-conscious verticals such as the public sector, finance, and healthcare.

Figure 3. FIPS compliance letter

ACL to management access for Cisco DNA Center appliance

By popular demand – many customers utilize ACL’s to control access to the network devices for management. As Cisco DNA Center is now the centralized monitoring and management point for network estate, customers can now create ACL’s to control what networks or IPs can access the Cisco DNA Center UI

Restricted shell support

Again by popular demand customers have requested to provide an enable shell for DNA Center so that sensitive CLI commands can be protected at all times. DNAC now comes with a restricted shell as standard and only non-invasive CLI is allowed to be run on the console. For any  CLI which requires root level / Sudo permissions, the shell will default deny it. A special token needs to be acquired to remove the restriction.

Scale – the agility to keep up with your business

Scale is a constant growth factor with post-pandemic life coming back to normal, with the proliferation of IoT and OT devices on the network on the rise. There is a constant need to ensure that the network management and orchestration platform can continue to scale with the network and business needs. With each release, Cisco DNA Center team has been making continuous strides with an increased platform scale. Recent scale updates for version 2.3.3 include up to 6,000 sites and 24,000 devices (Access Points and Network Devices for both Fabric and non-fabric networks).

Figure 4. DNA Scale

Remote support

As part of improving the support engagement between customers and TAC, at times providing TAC easy access to the equipment has contributed to extending the MTTR (Mean time to repair). To ease the process, customers are now able to allow TAC access to network equipment via Cisco DNA Center. This solution enables the customer to provide TAC-specific access to equipment and the ability to revoke access at any time.

Figure 5. Remote Support Activation

Aura (Audit & Upgrade Readiness Analyzer)

AURA stands for Audit & Upgrade Readiness Analyzer and performs various health, scale, and upgrade readiness checks for the Cisco DNA Center and the rest of the Fabric network. The tool is extremely simple to run and is executed on the Cisco DNA Center.

Figure 6. AURA screen image

The tool uses API calls, DB reads and CLI show commands (read-only operations) and hence, doesn’t affect performance or cause impact the Cisco DNA Center or the networking devices. This functionality was built in collaboration with Cisco DNA Center Escalation Engineering, Sales, and CX Centers TAC Engines team to ensure an efficient upgrade experience. AURA Tool Check Areas:

◉ DNA Center Scale Test

◉ DNA Center Infra Health

◉ DNA Center Assurance Health

◉ WLC/eWLC Assurance Health

◉ SDA Device CLI Capture

◉ SDA Control & Security Audit

◉ Software Bugs Causing Upgrade Failures

◉ Upgrade Readiness Checks

◉ SDA Compatibility Check (Switches, Wireless Controllers & ISE for 2.2.2.x)

◉ DNAC-ISE Integration Checks

◉ Fabric Devices Configurations Capture and Compare using inbuilt diff tool

Figure 7. System Analyzer screen image

Source: cisco.com

Continue reading

Cisco Nexus: Connect cloud-scale performance and sustainability

Announcing the first Cisco 800G Nexus Switch

It’s the week of the Open Compute Project Global Summit a conference that attracts the biggest names representing cloud providers, colo-facilities, enterprises, telco service providers, media, and government entities, a group who build and operate high performance infrastructure. Our customers are here in force and we launched our blueprint for helping cloud service providers (both hyper scalers and webscale customers) deliver richer cloud applications and services, while balancing their needs for higher performance, cost effective, yet more efficient, hence more sustainable networking infrastructure.

For our Cloud Networking customers, 2022 turns out to be a block buster year. It was only in June that I wrote about exciting new 400G Nexus platforms. All of these are now shipping. This week I am proud to announce the addition of the first 800G Nexus product to the rich Nexus portfolio. The Nexus 9232E is a 1RU Nexus switch with 32ports of 800G.

So, what use case needs an 800G switch? I don’t think there is a dispute that the pace and scale of data center networking buildouts is accelerating. Two fun facts:

1. In 2011, the first year of the OCP event, the total volume of data created and stored in the world was just under two zettabytes. In 2022, that’s expected to grow to nearly 100 zettabytes.

2. Similarly, the number of users (by MAU or monthly active users) for Meta services, who was one of the founding members of OCP, grew from 845 million in 2011 to nearly 3 billion  today.

What is becoming clearer are the many use cases for AI/ML for both network operations team as well as application teams. AI/ML capabilities are crucial for digital twin type predictability of network change results as well as for modeling highly customized application outcomes in the real and meta world. Indeed, by 2025, 44 percent of global data created in the core and edge will be driven by analytics, artificial intelligence, and deep learning, and by an increasing number of IoT devices feeding data to the enterprise edge.

It is no wonder that our customers are actively looking for innovative solutions addressing their key questions:

◉ How do I handle traffic/ data growth while dealing with an increasingly challenging power/ power cost environment?

◉ Can I continue to scale this infrastructure but do so in a sensible, sustainable way?

◉ Can network bandwidth be utilized more efficiently while still supporting current cloud network deployments?

Cisco’s cloud networking difference

We are hard at work in solving these customer challenges. 800G technology is one of many steps on a journey.  Our customers want positive outcomes in the areas of experiences, economics, and environment with respect to their hybrid cloud network infrastructure. So, our new Nexus 800G product will deliver the same benefits that Nexus cloud networking customers already enjoy including:

◉ High Performance: Massive throughput with Silicon One 25.6T G100 ASIC and smart system design that will power the next generation of network innovations and breakthroughs.

◉ Flexibility and Agility: Choices in network operating systems, speed, form factors, optics to meet virtually any use case.

◉ Programmability: Enabled through open APIs and protocol support in our cloud network optimized OS.

◉ Density and Scale: For both fixed and modular systems offering scalability from 100G to 400G to now 800G.

◉ Energy Efficiency: Significantly improved power per bit leveraging 112G Serdes technology.

◉ Simplicity: Manageability, optics backward compatibility enabling less equipment needed to scale higher.

Source: cisco.com

Continue reading

Vacations and IT Operations: Calm the Chaos

As I prepare to head out on summer vacation, I can’t help but realize that planning a vacation is a lot like managing IT operations. Both require coordinating a handful of individual tasks (from booking flights and reserving a hotel to deploying servers and resolving issues and more). Luckily, just as online travel services have made vacation planning easier, SaaS tools also make IT operations easier. In a series of blogs, I’ll explore this comparison to drive home the point that any IT shop still using multiple tools—or worse, trying to manually coordinate multiple tasks—can make their life much easier by using an integrated SaaS platform like Cisco Intersight for hybrid cloud operations.

From Manual Travel Management to Online Vacation Planning

The first recorded instance of a travel management service may be in 1840 when Thomas Cook organized rail transportation and lunch for 540 people. Five years later he was managing travel services for 165,000 people. All with a pen and ledger. Back then it was the model for success.

Let’s fast forward to the age of the internet. The internet not only wiped-out pens and ledgers through digital vacation planning, but it also made way for a more connected world that puts the power of integrated vacation planning at our fingertips.

Online Isn’t Good Enough

Imagine you’re planning a summer vacation for your family. Your first challenge is finding the best flights to your destination. There are 18 major airlines operating in the US plus more than 40 smaller ones. You’ll have to search each airline site for tickets. Doing this 18+ times to compare and find the best flights gets overwhelming quickly. I’ll just leave it there because when you multiply the effort to search for lodging, restaurants, and activities, it becomes clear that the internet alone isn’t the key to efficient vacation planning.

A flock of birds take synchronized flight off the beach in Destin, FL.

Integration is Key

But you’re smart. You know that all you have to do is log on to your favorite travel site, like Tripadvisor, Kayak, or a handful of others. Integrated travel sites aren’t just about booking your vacation. You can get alerts, track deals, make changes, and get support…all from your fingertips anywhere in the world. That’s the power of an integrated SaaS platform.

The Power of Integrated SaaS for IT Ops

Now let’s bring IT operations back in. Running IT operations requires juggling multiple tasks to plan, manage, and optimize outstanding experiences while managing risk and dependencies. This means deploying servers and apps, monitoring system health, identifying and resolving issues, managing critical dependencies, configuring profiles, and driving collaboration, to name just a few tasks. Then multiply these tasks across your on-prem, hybrid, and public cloud infrastructure.  It’s an incredibly complex and overwhelming responsibility with virtually no margin for error (somewhat like pleasing each family member who has a different view of the perfect vacation).

Simplify Hybrid Cloud Management with Cisco Intersight

What if there was an integrated IT operations platform that lets IT teams manage your hybrid cloud infrastructure in a few clicks from one place? There is! Cisco Intersight.

Like an integrated online travel service, Cisco Intersight:

◉ Integrates multiple tasks in one place:

    ◉ Deploy and troubleshoot your on-prem, public cloud, and edge environments, including physical servers, hypervisors, and VMs

    ◉ Evaluate workload and app performance and optimize in real time

    ◉ Build, deploy, and manage cloud-native Kubernetes clusters, and

    ◉ Provision on-prem resources for Infrastructure-as-Code deployments

◉ Provides value-added services:

    ◉ Customizing the dashboard to view your global inventory, fault monitoring, and firmware status

    ◉ Automating tasks for device configuration, OS installation, HCI cluster upgrades, K8 and infrastructure-as-code (IaC) deployments, and other routine tasks

    ◉ Creating and executing workflows across multiple infrastructure domains and cloud platforms

    ◉ Integrating with 3rd-party operations tools such as ServiceNow

    ◉ Automating workload placement, scaling, and capacity so workloads get the resources they need when they need them and you optimize spend

    ◉ Modeling capacity planning and migration scenarios to reduce risk and ensure predictable performance and cost

    ◉ Managing your entire infrastructure on the go from the Intersight mobile app

◉ Provides role-based experiences:

    ◉ Gives IT Ops a powerful tool to control every aspect of your environment and move faster with powerful automation capabilities

    ◉ Allows developers the agility and freedom they need to deploy applications even faster their own way – using the tools of their choice

Take Control

To wrap up, just like an online travel planning service lets you easily tame the many aspects of planning a vacation, Cisco Intersight helps you take control of your IT operations across your entire hybrid cloud environment. Intersight gives you one place to manage your on-premises, public cloud, and edge locations and all types of workloads (bare metal, VMs, K8s, and serverless). Its services make common IT operations tasks easier, give your DevOps teams the agility they need, and help you stay ahead of issues to optimize performance and costs.

Source: cisco.com

Continue reading

300-215 CBRFIR Preparation: Tips to Clear 300-215 Exam with Question Bank

Cisco CBRFIR Exam Description:

Conducting Forensic Analysis and Incident Response Using Cisco Technologies for CyberOps v1.0 (CBRFIR 300-215) is a 60-minute exam that is associated with the Cisco CyberOps Professional Certification. This exam tests a candidate's knowledge of forensic analysis and incident response fundamentals, techniques, and processes. The course Conducting Forensic Analysis and Incident Response Using Cisco CyberOps Technologies helps candidates to prepare for this exam.

Cisco 300-215 Exam Overview:

• Exam Name- Conducting Forensic Analysis and Incident Response Using Cisco Technologies for CyberOps
• Exam Number- 300-215 CBRFIR
• Exam Price- $300 USD
• Duration- 90 minutes
• Number of Questions- 55-65
• Passing Score- Variable (750-850 / 1000 Approx.)
• Recommended Training- Conducting Forensic Analysis and Incident Response Using Cisco Technologies for CyberOps (CBRFIR)
• Exam Registration- PEARSON VUE
• Sample Questions- Cisco 300-215 Sample Questions
• Practice Exam- Cisco Certified CyberOps Specialist - CyberOps Forensic Analysis and Incident Response Practice Test

Cisco 300-215 Exam Topics:

• Fundamental- 20%
• Forensics Techniques- 20%
• Incident Response Techniques- 30%
• Forensics Processes- 15%
• Incident Response Processes- 15%

Related Reads:-

• Cisco 300-215 CBRFIR Exam: Study Resources and Tips to Overcome Exam Anxiety
• Cisco 300-215 Certification Path: Road to Build Your Future
• Cisco 300-215 CBRFIR Certification Exam That You Need to Check Out

Continue reading

Cisco NDFC One View – Centralized Management of the Global SAN Infrastructure

Cisco Nexus Dashboard Fabric Controller (NDFC) is a scalable application for managing Fibre Channel SAN. However, in some cases a single NDFC server may not be efficient. For example, it may be a better solution for large global environments to utilize a dedicated NDFC server for each region or department. But how do you get a centralized view of the global SAN infrastructure when using multiple instances of NDFC managing separate regions or departments?

The answer is NDFC One View. It delivers the centralized management and visualization of multiple SAN environments that are managed by different NDFC servers.

What does NDFC One View offer?

NDFC One View provides insights into what is happening within the Fibre Channel SANs at multiple locations in a single pane of glass. It offers the following:

◉ Executive Dashboard: Important and relevant information.

◉ Faster Troubleshooting: Centralized view of the fabric and switch health.

◉ Increased Collaboration: Define the access using Role-Based Access Control (RBAC).

◉ High Availability: Each participating NDFC server can run on a 3-node active-active Nexus Dashboard cluster.

◉ Simplicity: Single Sign-On (SSO) allows seamless click-thru navigation to any of the servers that participate within NDFC One View.

◉ One View in Context: One View is always just a click away via a breadcrumb regardless of the participating NDFC server.

Figure 1: Nexus Dashboard SAN Controller One View

You can view a summary of all the SAN switches across the globe on the NDFC One View Dashboard.  However, for making a change on any of the switches, such as creating a zone, you must do that from the NDFC server that manages that switch. NDFC One View simplifies this inter-cluster navigation with a single log in, so you do not have to remember which switches are managed by which Nexus Dashboard (ND) clusters.

How does NDFC One View work?

NDFC One View is an intuitive presentation layer. Only when accessed, it uses the RESTful APIs over HTTPS transport for retrieving the data from the participating NDFC servers. NDFC One View doesn’t store any additional data, or increase the storage requirement of the ND clusters.

No Extra Licensing Requirements for NDFC One View

Unlike other competing solutions, there is no extra license for NDFC One View. If you already have DCNM advanced license for managing Fibre Channel switches, you can start using NDFC One View today with no added cost.

How is NDFC One View different from Cisco Nexus Dashboard One View?

Cisco Nexus Dashboard (ND) One View and NDFC One View are different features. ND One View provides centralized management of Nexus Dashboard itself, which is a hosting platform in which applications such as NDFC can run. In contrast, NDFC One View provides centralized management of the global SAN Infrastructure that is managed by different NDFC servers.

How is NDFC One View different from DCNM Federation?

DCNM SAN, the predecessor of NDFC, provides high availability using a Federation. The participating DCNM servers in a federation must use an externally shared Oracle RAC database, which increases the total cost of ownership. In contrast, Nexus Dashboard integrates all the required services, including the distributed database services, which provide native active-active clustering. This design makes NDFC One View even more affordable.

How-to setup NDFC One View?

It’s easy. First, configure remote authentication for the Nexus Dashboard clusters. Then, add the address and the credentials under Infrastructure > Cluster Configuration > Multi Cluster Connectivity.

Source: cisco.com

Continue reading