High Availability – Features in Cisco IOS XE Software Makes It Appear Seamless

High availability (HA) networks continue to function even when some components fail. A variety of features in Cisco IOS XE Software provide hardware and software redundancy that contribute to five nines (99.999%) uptime, which translates to no more than 5.26 minutes of downtime per year. That’s the kind of reliability that Cisco customers have come to expect. Thousands of Cisco engineers in offices throughout the world make it possible.

This is the first in a series of three blogs that describe significant features in Cisco IOS XE that contribute to HA in the enterprise.

Stack Manager

Cisco Stack Manager is a platform-independent discovery protocol that provides failover from active to standby switches in case the active switch experiences a failure. Available on Cisco Catalyst 9000 series, it enables a switch to discover peer nodes, verify their authenticity, raise alarms in case of a mismatch, allocate a unique switch number during discovery, and assign a HA role (e.g., active, standby, and member in one type of configuration). In case of failover, switchover, or a reload of the active switch card, the standby switch takes over.

After Stack Manager assigns roles to the switches (e.g., Active, Standby, Member), the Cisco IOS XE redundancy framework enables the control plane protocols to synchronize configuration data to the standby node. Standby protocols remain in a hot state so the standby switch can become active in case of a failure.

Stack Manager works in three different HA configurations, which will be described in an upcoming blog:

1. Switch connected via stack cable to up to eight nodes

2. Switch connected via StackWise Virtual Link to up to two nodes

3. Dedicated HA interface for wireless devices like controllers

Cluster Manager

Cluster Manager is an adaptation of Stack Manager for use with Cisco Next Gen StackWise® Virtual Link, which provides the ability to virtualize two connected switches into a single virtual switch. Cluster Manager enables the same standby/active failover features provided by Stack Manager, with the added ability to provide HA across an entire data center environment using Next Gen StackWise Virtual Link. Virtualization eliminates the need to physically stack switches on top of each other. Soon, Cluster Manager will be able to support HA in switch clusters across different geographically dispersed locations.

Redundancy Management Interface

The Stack Manager solution connects switches in a ring up to 8 switches but in configurations using StackWise Virtual Link and in wireless deployments, there is only a single interface between two nodes: one active, one standby. So, two technologies were created to handle split-brain-related HA scenarios in these configurations: Redundancy Management Interface (RMI) and Dual Active Detection (DAD).

RMI adds another interface to wireless controllers so that if one interface falters or fails, the other will take over to handle HA, first determining if it is an actual failure or just a momentary glitch. If it is an actual failure, RMI provides the redundant connection to ensure that if the active switch goes down, the standby takes over.

Dual Active Detection

For deployments using StackWise Virtual Link, if the connection between the active and standby switches is lost, if one switch fails over to the second, the Dual Active Detection (DAD) process is activated. It queries the node manager for the existence of the lost peer. If it is available, it sends a recovery handshake. Once the handshake is completed, if the lost connection was due to a momentary glitch, the standby switch goes into recovery mode. If the switch is experiencing a failure, the other switch goes into recovery mode and assumes the active role.

Operational Data Manager

All processes in active switches update the database and the database maintains the device’s state. Since the standby doesn’t communicate to the outside world, when it is updated by the active switch, it uses Operational Data Manager (ODM) to update the database. ODM uses Replication Manager to trigger all the data to sync from an active to a standby switch. The update first goes to the DB and then out to update the processes in the hot standby switch.

Symmetric Early Stacking Authentication

Symmetric Early Stacking Authentication (SESA) imposes authentication when one Catalyst 9000 series switch interacts with another and encrypts and decrypts all the remote inter-process communication between them to guard against hacking attempts. It works alongside standard stacking, StackWise Virtual Link, and wireless HA solutions and is Federal Information Processing Standards (FIPS) compliant.

Extended Fast Software Upgrade

In the past, reloading software on Cisco platforms could take 6-7 minutes. Now, with Extended Fast Software Upgrade (xFSU), the process is reduced to 30 seconds or less. This fast reload feature for Catalyst 9300 series switches decreases downtime during reload ― the hardware is never powered off and traffic keeps flowing ― while maintaining the control plane in an operational state during the reload process.

Graceful Insertion and Removal

Network admins may wish to remove a network device from the network to perform troubleshooting or upgrade operations. To remove one device and replace it with another, the Graceful Insertion and Removal (GIR) function notifies the protocols of both devices that there is a maintenance window but not to go down. When the platform undergoing maintenance comes back online, it goes immediately into production without having to recreate the sessions it missed, minimizing traffic disruption both at the time of removal from the network and during insertion back into the network.

Hot Patching

Another area that contributes to HA is hot patching. Cisco issues small micro images containing only the code necessary for a critical bug or security fix. Customers can install it on devices in a fraction of a second using hot patching without any network disruption. Hot patching doesn’t result in a device reload and the fix takes effect immediately. Because of the small size of the patches, they are easy to distribute. Because of their limited content, customers can have much higher confidence in installing these micro patches in their production network without going through the complete validation process. The Cisco IOS XE hot patching feature is a toolchain of integrated technology and is expected to provide a default hitless defect fix.

ISSU

With the in-service software upgrade (ISSU) feature, Cisco customers using Cisco IOS XE products with HA functionality, including both routing and switching platforms, can avoid disruptions from image upgrades. ISSU orchestrates the upgrade on standby and active processors one after the other and then switches between them in the control plane so that there is zero effective downtime and zero traffic loss. The Cisco IOS XE software stack has the ability to do ISSU between any–to–any releases and the development team has an elaborate feature development testing and governance process to ensure this happens without failures occurring. Cisco defines policies for a smooth ISSU experience based on platform and releases combinations.

An Ongoing Quest for High Availability

Handling failover at the device level seems straightforward, with automatic features guiding active, standby, and sometimes member switches that are all waiting in line. (For Cisco ASR 1000 routers, active and standby route processors also provide failover and HA, much like Catalyst 9000 series switches.) But for Cisco engineers working on Cisco IOS XE solutions, HA is an ongoing, complex challenge, with vulnerabilities addressed by the many solutions above.

Source: cisco.com

Continue reading

Kenna.VM Premier: Accelerate Vulnerability Management with Cisco Talos Intel and Remediation Analytics

New level unlocked. The next step for Kenna.VM users who are maturing their risk-based vulnerability management program is Kenna.VM Premier—and it’s live. 

The Cisco Kenna team is excited to release a new tier of the Kenna Security platform designed specifically for customers or prospects that have reached a point of maturity in which they can and want to do more with their vulnerability management program.

In addition to the existing Kenna features and functionality you know and love, the new Kenna.VM Premier tier includes:

◉ In-depth and actionable remediation scoring (New!)  

◉ Zero-day vulnerability intelligence, powered by Cisco Talos (New!) 

◉ Access to Kenna’s vulnerability intelligence via an API or user interface (UI) 

We’re particularly excited about the new features that are debuting with this tier. So, let’s take a closer look at everything that’s included.

Remediation scoring 

On the Kenna.VM homepage, a new metric will appear at the top right corner (Figure 1). The Remediation Score, as this measurement is known, quantifies how well an organization is addressing risk overall.

Figure 1: Remediation Score in Kenna.VM homepage

The Remediation Score itself encompasses four key measurements (Figure 2), which may sound familiar to you if you’ve been reading any of the Prioritization to Prediction reports produced by Kenna and the Cyentia Institute:  

    ◉ Coverage: Of all vulnerabilities that should be remediated, what percentage was correctly identified for remediation?  

    ◉ Efficiency: Of all vulnerabilities identified for remediation, what percentage should have been remediated? 

    ◉ Capacity: What is the average proportion of open vulnerabilities that were closed in a given period? 

◉ Velocity: What is the speed and progress of remediation?  

Figure 2: Remediation sub-scores in Kenna.VM homepage

These new remediation insights will allow organizations to shift away from relying on just the Risk Score itself as a measurement to assess the performance of remediation teams. While many organizations opt to use the Risk Score in this manner, there are inherent problems with evaluating performance based on the Risk Score—particularly for mature programs. A Risk Score can spike at any moment due to a suddenly high-risk vulnerability—a spike that isn’t a reflection on the remediation team themselves. And as organizations mature, they’re likely to reach a ‘steady state’ with their Risk Score, which makes it a difficult metric to use to measure progress.

Ultimately, these performance metrics will help customers better understand what areas of their remediation efforts are doing well and which might need to be adjusted.

Zero-day vulnerability intel—brought to you by Cisco Talos 

Another new addition to the Kenna.VM platform is zero-day vulnerability intelligence powered by Cisco Talos. Talos regularly identifies high-priority security vulnerabilities in commonly used operating systems and software. The team works with vendors to disclose more than 200 vulnerabilities every year.  

This new integration with Talos gives Kenna.VM users access to information on zero-day vulnerabilities documented by the Talos research team (and likely to be in their environment). With the “Zero Days” filter in Kenna.VM, users can isolate zero-day vulnerabilities, investigate, and take action leveraging Snort rule IDs provided by Talos, when applicable (Figure 3).

Figure 3: “Zero Days” filter isolates all zero-day vulnerabilities in Kenna.VM Explore page

Vulnerability intelligence—your way 

The last (but certainly not least) piece of the Kenna.VM Premier puzzle is the inclusion of Kenna’s recently enhanced vulnerability intelligence User Interface and API. Kenna is known for its risk scoring, but what people may not realize is just how much data we consume and turn into finished, actionable intelligence. There are more than 18+ threat and exploit intelligence feeds that power our understanding of vulnerabilities, and our vulnerability intel API and UI make of this information available to customers. 

The UI provides a dashboard to research any CVE—regardless of whether or not a scanner found that vulnerability in the customer’s environment. Meanwhile, the API allows customers to query Kenna and export as much of our vulnerability intelligence on as many vulnerabilities as they wish, and use that data to enrich any existing IT, dev or security workflows, including Cisco’s very own SecureX. The data in this set includes descriptions, publication dates, CVSS data, available exploits and fixes, insight into remote exploitable vulnerabilities, and much more. Also provided is the Kenna Risk Score for each vulnerability and an indication of whether it is predicted to be exploitable—unique data points derived by Kenna’s data science.

Figure 4: Kenna’s vulnerability intel dashboard lets you research any CVE to see its risk score and other characteristics

This intelligence, combined with our new remediation scoring and Talos zero-day intelligence, rounds out the Kenna.VM Premier tier as the ideal package for any customer or prospect who is looking to take their vulnerability management program to the next stage of maturity.

Kenna.VM Premier is available today. If you’re interested in learning more, contact your sales representatives or send us a demo request to unlock the next level of your vulnerability management journey.

Source: cisco.com

Continue reading

Using APIs to create a Multidomain Inventory for Asset Management

IT Organizations have to manage, secure, and get audited on their IT assets. The span of domains cover multiple different product sets with different operating systems by nature, and the teams are tasked to create a cohesive asset management framework. An example is a financial institution which is subject to the FFIEC guidance, which requires them to be able to conform to an audit structure that requires managing their assets and software.

A second example is the NIST publication 1800-5 on IT Asset management that describes a framework for managing assets in an organization. A number of organizations may adopt NIST as their security framework.

Within these frameworks, the NIST and FFIEC guidance don’t call out “Cisco Equipment” or “Microsoft software”, “Virtual machines”, or “Firewalls” in a vacuum. IT Administrators and security teams aren’t tasked with inventory and patch management of just their load balancers, servers, switches, or routers.

IT Administrators and their leadership are tasked with knowing, patching, and securing all of their IT infrastructure. From the physical to the virtual, from the endpoint to the cloud. Thus any single tool needs to be able to fit into a framework to be able to merge together different systems in a cohesive manner that is capable of managing multiple operating systems and vendor implementations.

The purpose of this blog is to show how this can be done practically using diverse Cisco hardware and software, and the framework would bolt in to any other third party and provide functional, easy to use code, that can create a single asset management table for products in the Cisco portfolio.

We do this by integrating ACI, Multiple DNAC, Meraki, Intersight, and SD-Wan platforms into a single table which can be cross referenced and then pushed, into Service Now. We do this using available DevNet sandboxes as of 11/2022. There is also a reference on how this can be reconciled and pushed into Service Now (so that the system of record can be updated following software changes, or reconciled).

This is functional code, which is easy to run against real sandbox environments, and can be validated and repurposed for your environment.

While we cannot control third party products and how they integrate, the framework would allow for other equipment which support Rest API to create a state table for inventory asset management. The framework is rather straightforward: capture the inventory from diverse systems using REST API, and normalize to a consistent list of all assets in those systems. From there, you can update Service Now or another system of record.

The problem we are trying to solve is further elaborated in NIST 1800-5, of the multiple frameworks a customer may be required to audit towards, and the fact that its not as simple as just running a single vendor’s report, when your responsible for an entire ecosystem of vendors and products.

So lets get to it!

What is created is a Google Colab notebook, which allows you to take and validate the code. This is possible because we are using cloud sandboxes hosted in DevNet and our cloud platforms. If you have never used Colab before, it is a Jupyter notebook in the sky that is as easy to run as clicking a button. It also allows me to easily share with you, so you can see for yourself how it works.

You can get a read only copy of the code here: We will walk through it below.

https://colab.research.google.com/drive/1DMfB_FfWPEIDggYawtJgmskLJmkVzqyM?usp=sharing

The first thing you want to do, is look at what it says at the top. What is shared is a read only copy, and to play with it, you want your own editable copy. So you want to save it, by going to File/Save a copy to drive.

The next thing to look at is there are sections, at a high level, its broken down into

1. Getting Meraki inventory

2. Getting SD-Wan inventory

3. Getting DNAC (and multi controller example… this multi controller could also be ACI domains, or Meraki networks)

4. Getting Intersight inventory

5. Getting ACI Inventory

6. Merging them all togther

7. Optional: Updating ServiceNow example. (note, this uses a developer instance which will be inactive by the time you read this, it is functional, get your own developer instance and use the URI at developer.servicenow.com)

Each of these sections can be ran as a group, by mousing over “7 cells hidden”, or you can expand each section and look at code, and what it is doing. You can click the run button below, OR expand the section. This shows the Meraki inventory.

We then go and get the info from SD-Wan, and Intersight, we go into all the groups and grab information and store them in tables, we have created the below tables:

◉ sdwan_inventory_df -> Data Frame with details from SDWAN

◉ meraki_inventory_df -> Data Frame with details from Meraki

◉ dnac_inventory_df -> Data Frame with details from DNAC

◉ intersight_inventory_df -> Data Frame with details from Intersight

◉ aci_inventory_df -> Data Frame with details from ACI

Each of these data frames include details from inventory, and we want to simplify it for the concise table. We reduce the amount of fields in each table, and rename them so they are consistent. For example, natively ACI calls hostnames in model format, as fabricNode.attributes.name. Intersight calls Hostname “HostName”. We just simplify this.

Reduce the Intersight table to just a few columns,

intersight_inventory_simple_df=intersight_inventory_df[[‘DataSource’,’SerialNumber’,’HostName’,’ModelNumber’,’Ip.Ip’,’Version’]]

Rename these columns to a consistent format:

intersight_inventory_simple_df.rename(columns={‘SerialNumber’:’Serial’,’HostName’:’Hostname’,’ModelNumber’:’Model’,’Ip.Ip’:’IP Address’,’Version’:’Version’}, inplace=True)

After concatenating all these tables, we have an inventory list with a list which we can use to audit or update our system of record.

Source: cisco.com

Continue reading

Secure the Industrial Edge with Cisco SD-WAN

The Expansion of Enterprise Networks

As networking infrastructure continues to expand in our hyper-connected world, the capabilities businesses have to deploy, secure, and manage their critical Internet of Things (IoT) devices plays an ever-increasing role in the success of their enterprise. In response to this expansion, there have been on-going innovations advancing the ways networks operate – and at the forefront of these trends is the way that SD-WAN enables and supports IoT deployments.

Networks are expanding outside traditional office buildings and into industrial spaces, resulting in more devices being connected to the internet and data centers. It is not just printers, light bulbs, and cameras anymore as IoT is moving far beyond the carpeted spaces – each day something new is added to your network and sometimes you may not even know it was there.

The rate of growth for IoT is moving so quickly that IDC estimates by 2025 there will be 55.7 billion IoT devices connected to the internet – that outnumbers the amount of humans in the world by a 7:1 ratio. Though the rise of IoT has improved and extended visibility to more operational elements of the business, it comes with a unique set of challenges that must be tackled to maintain the integrity of the network.

Challenges Surrounding IoT

Across multiple industries companies are finding it difficult to identify, manage, and secure industrial assets. The volume of IoT deployments in an enterprise can vary greatly and introduce incremental security risks. The bottom line is that to fully protect your network and enterprise, IoT devices must be secured on the same level as a data center or operating system would be.

Deployments in the field can be hard to manage with use cases like roadways and intersections, pipelines for oil and gas, and substation automation for power stations. The influx of IoT devices that are being added to networks can be a challenge for those in charge as observability becomes a bottleneck for networks operating on multiple WANs. These obstacles of observability and management can result in instances of unauthorized users accessing sensitive data and lead to high-risk vulnerabilities being exploited. In many cases, lack of consistent security policy extending through the industrial edge becomes an expensive problem.

Fortunately, Cisco SD-WAN provides users with the ability to manage, secure, and observe networks with IoT deployments of all sizes. Cisco SD-WAN provides seamless and secure connectivity far beyond your enterprise, powers automation to scale your operations, and enables visibility to keep your enterprise protected and resilient.

Cisco SD-WAN Can Help

Cisco SD-WAN provides solutions for common IoT challenges by converging security features and management tools that enable the visibility of IoT assets connected to the network while applying consistent security policies in both the enterprise as well as the industrial network extensions. With SD-WAN, encryption and segmentation of data from IoT devices can be applied so that the right people or applications with the right credentials see critical information at the right time.

Over the years, Cisco SD-WAN has made the world more connected than ever by enabling routers deployed in the field, on campus, and at home to be connected to a single network that can be managed with a single pane of glass. Now, Cisco SD-WAN allows for enterprise networks to be brought to the industrial edge to enable visibility and security needs without the need for an entirely new network or management tool.

The simplification of extending network security and routing policies to the edge of your network should be top of mind for any business looking to keep up with changing times and with Cisco SD-WAN, that power is yours.

Source: cisco.com

Continue reading

Supercharge 5G with Converged CRAN Architecture

Communication service providers (CSPs) are being challenged to deploy 5G in dense urban and high traffic environments while trying to optimize for cost and simplify capacity expansions. Centralized radio access network (CRAN) architectures are becoming critical as CSPs adopt mid-band and high-band spectrums to address 5G opportunities. CRAN architecture lowers capital expenditures (CapEx), simplifies operations, and enhances RAN performance with spectrum sharing technologies. CSPs need to look at their existing transport architecture to ensure that they realize these benefits by adopting CRAN.

Evolving the transport network is a first important step in adopting 5G on an existing 4G RAN network. The decision to either stay with distributed RAN (DRAN) architecture by expanding backhaul capacity or migrating to CRAN architecture with fronthaul investment is something every CSP must consider.

Cisco’s Converged SDN Transport architecture and product innovations are addressing these challenges with a unified transport architecture design. This way CSPs can adopt any deployment scenarios (CRAN, DRAN, or both) without changing the underlying transport protocols, management, and infrastructure services definition.

5G CRAN explained

4G is traditionally deployed with DRAN architecture, where radio baseband processing for each site is done locally (figure 1a). In CRAN, a large part of the radio baseband processing is done at a hub for multiple radio sites (figure 1b). In DRAN architecture, the RAN transport toward the mobile core is referred to as backhaul. In CRAN the transport network between the radio antenna and baseband processing units is referred to as fronthaul. Fronthaul has much more stringent latency, jitter, and synchronization requirements compared to backhaul.

Figure 1. 5G RAN architectures – DRAN and CRAN

There are several benefits with CRAN architecture, such as:

◉ Cost optimization: CRAN improves hardware utilization with centralized processing for multiple radio sites. It also reduces radio site footprint and optimizes power and cooling requirements.

◉ Spectrum gains: By processing multiple radio sites from a centralized hub location, it’s easier to process related functions like coordinated multipoint reception to remove inter-signal interference and implement carrier-aggregation techniques.

◉ Expansion and scale: CRAN simplifies capacity expansion, site acquisition, and deployment of heterogeneous networks to meet different business needs.

The benefits of CRAN are realized in dense urban and high traffic scenarios whereas DRAN is often more appropriate for rural and moderate traffic scenarios. CSPs need to consider their networks and traffic patterns in deciding between CRAN and DRAN adoption.

Building efficient RAN transport

CSPs are focused on building an xHaul transport architecture that allows them the flexibility to adopt DRAN or CRAN without worrying about the requirements of fronthaul, midhaul, or backhaul transport. They demand an architecture that meets the latency, jitter, and synchronization requirements of each of these transports – a flexible, programmable, and scalable 5G xHaul transport architecture.

As shown in figure 2, Cisco Converged SDN Transport, with Cisco NCS 540 and NCS 5700 series platforms, allows customers to build a 5G RAN transport that’s both scalable and flexible and can converge Layer 2 and Layer 3 services from the edge of the network. The architecture allows customers to offer various public and private 5G services covering eMBB, FWA, URLLC, and enterprise services.

Figure 2. Converged xHaul architecture

Extending segment routing to the cell site not only simplifies the protocol stack and allows intelligent traffic steering, but also enables service slicing, programmability, and automation capabilities on the architecture. Fronthaul traffic, which is mostly Layer 2, can be carried over an EVPN slice with a low latency path while non-latency sensitive traffic can be carried over a L3VPN slice to meet 5G ORAN specifications. Built using timing best practices, the architecture allows adopting any access topology without impacting time synchronization accuracy.

Cisco’s Converged SDN Transport architecture simplifies adoption of DRAN and CRAN with a deployment that’s independent of network level protocols, infrastructure services, or synchronization architecture.

5G xHaul transport with NCS 540 and NCS 5700 series

Cisco NCS 540 and NCS 5700 series deliver performance, density, and exceptional efficiency to address transport pre-aggregation as well as 5G CRAN deployments. Powered by the IOS XR network operating system, the architecture focuses on simplified operations with programmability, manageability, and automation to meet key characteristics of 5G xHaul transport.

High Density Interfaces for 5G CRAN

NCS 5700 platforms offer high density 10G, 25G, 50G, 100G, and 400G interfaces to aggregate access transport links as well as 5G DU or CU servers at 5G CRAN or far-edge.

At cell sites, NCS 540 platforms offer high density 1G, 10G, and 25G interfaces to connect mid-band and high-band radios over CPRI or eCPRI interfaces with 100G or 400G options for uplink connections.

Optical Support

Broad support of 400G and 100G QSFP-DD ZR/ZR+ optics across the NCS 540 and NCS 5700 portfolio enables CSPs to address bandwidth demand and scale through simplified network architecture.

ORAN Characteristics

The NCS 540 and NCS 5700 portfolio meets 5G xHaul ORAN specifications to support fronthaul, midhaul, or backhaul deployments on a converged architecture.

With consistent performance that meets stringent microsec latency, accurate Class C timing and support of advanced segment routing features, EVPN, and integrated GNSS, the solution helps customers deploy any use case scenario under a single plane of management.

Programmability and Automation

Starting with segment routing v6 and microSIDs-based programmable routing, the solution offers zero-touch provisioning (ZTP) and advanced streaming telemetry as well as YANG model support.

Platforms support modern protocols like gRPC, gNMI, protobuf; and tools based on Chef, Puppet, and Ansible to help customers integrate management layers and simplify operations across access transport and 5G CRAN/far-edge. Network operations teams can take early action, achieve faster remediation, and ensure guaranteed service level agreements (SLAs) for a better end-user experience.

Source: cisco.com

Continue reading

Cisco Intersight Gets a New Look

New User Interface Signals Milestone for Hybrid Cloud Operations Platform

Cisco Intersight, Cisco’s hybrid cloud operations platform, passed a major milestone with the recent release of its new user interface (UI). The UI introduces Cisco’s new branding for its Cloud Networking and Computing software portfolio, brings Nexus Cloud (Cisco’s cloud-managed platform for networking) into the Intersight platform, and improves readability and task findability.

Consistent User Experience

“One of our priorities for the software-as-a-service offerings in Cisco’s Networking and Computing portfolio is to provide a consistent and familiar user experience, no matter which product someone’s using,” said Jeff New, Cisco Intersight Product Manager. Intersight is the first platform to introduce Cisco’s common UI that will be rolled out across its data center computing, networking, and security solutions to provide a more consistent experience for customers.

Cloud Networking, Newest Intersight Platform Service

Intersight’s new UI also introduces cloud-managed networking as the platform’s newest IT operations service. This signals the next step in the platform’s vision to simplify IT operations through a cloud operations model that extends the principles of the cloud to the entire cloud/network IT stack. Nexus Cloud will debut as a service on Cisco Intersight following its current tech preview.

Intersight users can select the IT operations functions they need to perform using the multi-service selector

To easily access Intersight’s services, the new UI introduces a multi-service selector. From the selector, users can choose:

◉ Infrastructure Service – visualize, control, and automate Cisco UCS, HyperFlex, and third-party computing devices

◉ Cloud Orchestrator – automate workflows with a drag-and-drop designer to accelerate delivery of apps and infrastructure

◉ Workload Optimizer – ensure applications get resources when and where needed, at the lowest cost

Nexus Cloud – deploy, manage, and operate your Cisco Nexus networks from the cloud

◉ My Dashboard – personalize a multi-service dashboard using widgets for capabilities across the services on the Intersight platform

◉ System – Claim devices, licensing, identity access management, and other account settings

Intersight users will have access to the functions they have licensed and their corresponding permissions. Once users are in a specific service, they’ll find capabilities in a familiar way.

Command Palette – Get to Actions and Information Quickly

Intersight is a comprehensive solution for hybrid cloud operations with a robust feature set. Intersight users have asked for a faster way to find specific objects in their environments as well as the actions they want to take.

To do this, we’ve introduced the Command Palette. Based on a simple search approach, users can input what they want to do and select from the search results. (“Command K” for Mac users and “Control K” for PC users.) The command palette shows suggestions based on your current context and items you’ve used recently.

Users who took part in the tech preview of the new UI report being pleased with the shortcut to specific tasks they want to execute. This lets them launch operations and begin working in fewer clicks.

Cisco Intersight users can find actions fast using the Command Palette.

Users can find actions fast using the Command Palette

The new UI also improves readability. The classic Intersight UI presented information in a dense way with heavy text on a single screen. In the new UI, users will find that readability is improved with more relevant information on individual screens and more space that allows users to focus on what’s most important.

One UI, Multiple Benefits

“The new UI is more than an improved look and feel,” said New. “The release of the new UI marks the next significant milestone on our vision to deliver a flexible hybrid cloud operations platform to help customers simplify IT operations. Cloud networking joins the suite of Intersight services, with more to come. And through the common UI, we’re lowering the learning curve for customers of Cisco software so it’s easier to get up and running.”

Source: cisco.com

Continue reading

CCT Routing and Switching 100-490 RSTECH Exam: Get to Know How to Pass

Cisco CCT Routing & Switching certification emphasizes on the skills needed for onsite support and sustenance of Cisco routers, switches, and working environments. Technicians in this field must be able to recognize Cisco router and switch models, cabling, accessories, and interfaces; perceive the Cisco IOS Software operating modes and recognize ordinarily found software; and be able to utilize the Cisco Command Line Interface (CLI) to link and service products. One must pass the Cisco 100-490 RSTECH exam to obtain the CCT Routing & Switching certification.

CCT Routing & Switching 100-490 RSTECH Exam Information

The applicant is only said to be completely prepared once they understand and master the essential information for any exam. The CCT Routing and Switching (100-490 RSTECH) exam evaluates an applicant's understanding and expertise concerning the following objectives.

Cisco 100-490 RSTECH Exam Objectives

General Networking Knowledge (25%)

Cisco Equipment and Related Hardware (20%)

Cisco IOS Software Operation (29%)

Service-Related knowledge (26%)

Basic Details of Cisco 100-490 Exam

Let us dive into the basic details of the Cisco 100-490 RSTECH exam. The exam comprises 55-65 multiple-choice questions. This Cisco exam is available in the English language. Also, the Cisco CCT Routing and Switching (100-490 RSTECH) certification is valid for three years.

Studying for CCT Routing and Switching 100-490 RSTECH Exam

If you want to obtain the CCT Routing and Switching certification, you need to pass Cisco 100-490 RSTECH exam. If you consider this exam as another task to accomplish, you will be able to carry it out with amazing results. Just concentrate on learning and mastering all the exam syllabus topics; the rest will be pretty easy whenever you are taking any exam; one of the initial things you will require to do is to obtain the right study resources.

The first platform from where you should begin is the Cisco official website. Cisco itself offers many learning materials for those who want to utilize official resources. You can come across many learning materials on the official website, like the Cisco community, 100-490 RSTECH study guide, training courses, practice tests, and much more. The Cisco community is the ideal place to join in to solve all the questions you have with other members of the community. All the details of these learning resources can be found on the certification's official webpage.

And to perform the CCT Routing and Switching practice exam, you can explore the nwexam website. This is the best website providing practice tests for the Cisco certification exam. They help you assess your preparation level for the exam topics as well as equip you with exam-taking skills. The practice tests will equip you with knowledge and skills but also helps you get familiar with an exam environment before facing the actual exam.

Additional Tips for CCT Routing and Switching Exam

During the preparation stage, not only study resources are important, but also the steps that you take. When you are studying for the CCT Routing and Switching 100-490 RSTECH certification exam, try to make a study plan so that you can learn the syllabus topic within time and assign enough time for each of them. Take into account all the resources available and give each of them an identical time during every week of your preparation. But don’t overlook counting your free time with your family, responsibilities, and other pleasing things you require.

If you want to pass this CCT Routing and Switching exam on the first shot, it is best to concentrate on studying the essential objectives. Thus, you should attempt as many practice tests as possible because they will make a huge difference. Once the exam day reaches, you should ensure that you sleep well the night before and don’t learn anything new on this day. If you start revising concepts instead of just giving yourself a break before the actual exam, there is a possibility that you might start to ignore important details. Have faith in your exam preparation and take your certification exam smoothly.

Pro Tip: Don’t be frightened to use multiple resources because this might be the thing that will help you pass the exam.

Conclusion

Passing the CCT Routing and Switching 100-490 RSTECH exam will demonstrate to organizations that you hold all the skills needed for onsite support and maintenance of Cisco routers, switches, and operating environments.

Cisco certifications are greatly appreciated in the professional world, and if you hold one, it will be a shining star on your CV. Obtaining the CCT Routing and Switching certification will smooth your career path, so why not grab this opportunity and put all your efforts into this milestone?

Continue reading

Vacationing and IT Operations Part 3: Manage the Change

You are looking forward to a day of island hopping. The cruise has been booked, swimming trunks and snorkels packed – you are ready to dive right in. Alas, on the day of the trip the weather gods decided to rain on your parade. Literally. Now what? You can’t afford to waste a precious vacation day cooped up in a hotel room but it’s too late to plan an alternative.

Continuously Optimize for changes

Thankfully, your hotel has an awesome concierge desk. They have been monitoring the weather forecast and proactively created a few alternate options should things not go according to plan. Within minutes of your cruise being canceled, you get a call from the concierge desk offering day passes to the local indoor amusement park. Wave pool, bowling, rides, food court – the whole nine yards. Wouldn’t it be great if your IT infrastructure was this smart in handling change?

Change Management

Change is the only constant. Your IT team knows this too well. Maintaining the health of an ever-changing hybrid cloud environment is not easy: multiple layers of heterogeneous infrastructure, distributed workloads, and applications across different platforms, dynamically changing, require constant monitoring, and decisions about cost, performance and compliance are made at the speed of the cloud. This is a challenge beyond the human scale, and it requires the power of data and analytics to solve.

Transform data into insights across your entire environment

A key part of the value proposition of Intersight is how the platform optimizes your environment and constantly adapts to changes.

Increase your situational awareness and remediate faster to stay ahead of problems

Intersight leverages intelligence across all layers

Starting with Cisco Intersight Infrastructure Services, hardware and firmware are monitored to help ensure that your systems are always compliant with the Cisco Hardware Compatibility List (HCL)—any unsupported configurations cause automatic alerts. At the same time, Cisco Intersight Workload Optimizer analyzes and correlates telemetry across your full stack, from your physical servers to virtualized resources, Kubernetes clusters, and application components, wherever they are, to visualize application and infrastructure dependencies.

In addition, Cisco Intersight offers an always-on connection to the Cisco Technical Assistance Center (TAC), constantly monitoring your environment to help identify configuration issues before they become problems. It watches for anomalous infrastructure events, capturing log information and providing centralized alerts about failure notifications or policy violations.

Reduce risk and costs – optimize performance

Automate complex workload placement decisions with intelligent recommendations

All this telemetry and intelligence captured by Intersight across the different layers of your stack is used to automate tasks and decisions that would be otherwise manual, enabling your environment to truly scale. Using an AI-powered recommendation engine, Intersight continuously assures application performance by automating scaling and placement actions, provisioning resources to meet demand, or correcting misconfigurations to avoid disruptions and unnecessary costs.

Intersight gets smarter over time and adapts better to your unique needs with historical data feeds, producing better real-time recommendations and advanced scenario modelling outputs. Examples of automated tasks include applying security patches and operating system upgrades for physical servers, to licensing for databases on your virtual machines, to resizing and moving workloads for performance and cost, auto-scaling Kubernetes clusters, or applying user access policies across all layers of infrastructure etc.

Finally, Intersight can automatically generate and forward Cisco TAC support cases when required and even raise service requests and return material authorizations (RMAs) automatically.

With complete visibility into on-premises and public cloud application requirements, resource utilization, availability, and costs, Cisco Intersight can improve your overall situational awareness, reduce risk and cost, and free your teams to focus on more important things.

The show must go on

Cisco Intersight can help you smoothly manage disruptions and reduce risk and cost, through complete visibility into on-premises and public cloud application requirements resource utilization, and availability. Allowing your teams to free their focus for more important things, like soaking up that awesome wave pool. Rain or shine.

Source: cisco.com

Continue reading

Scaling the Adoption of Private Cellular Networks

1. Private Networks

Private networks are essential to every enterprise. Enterprises use private networks to integrate information systems into their operations and to continue their digital transformation through technology integration into business processes. Over the past twenty years, Wi-Fi has become an essential component of nearly every private network. Wi-Fi accelerates digital transformation and supports a wide variety of enterprise-specific value propositions.

Back in the early 2000s, Cisco’s own analysis estimated that Wi-Fi adoption by its employees was resulting in staff being 86 minutes more productive per day than their tethered counterparts. More recently, analysis of Wi-Fi adoption by retailers indicates improvements in top and bottom lines, with positive impact on customer loyalty, increased insights through the use of wireless network analytics and increased sales. Other examples include industrial predictive maintenance use cases that are delivering 10-20% increases in equipment uptime and 5-10% decreases in overall maintenance costs. One report indicates that Wi-Fi is being used in 34% of such deployments across different industry sectors. Finally, in sports and entertainment, digitization is transforming the fan experience. At the SoFi stadium, the private network uses a massive deployment of more than 2500 Cisco Access Points to deliver the fastest and most reliable fan experience, that is reported to have resulted in the most digitally engaged set of spectators.

Across all verticals, from carpeted office, through to retail, manufacturing and sports and entertainment, Wi-Fi based private networks have proved themselves adept at supporting the widest range of business needs and value chains.

2. Complementary wide-area cellular technology

In parallel with enterprise adoption of local-area Wi-Fi networks, several industry segments have integrated cellular wide-area technology into their business processes. The earliest use cases adopting wide-area cellular technology have focused on the benefits offered by the wide area coverage offered by public cellular providers. In contrast to the local-area private Wi-Fi networks, public cellular coverage supports nationwide service. Phone based systems that connect vehicle users have always been an important segment for public cellular providers. But now we see integration of cellular modem technologies into the latest utility meter offerings, where the cellular connectivity is able to provide near real time visibility of energy consumption to utility customers. The wide area coverage ensures that a uniform solution can be offered across a particular geography.

Transportation systems that integrate cellular modems leverage the same wide area capability. The latest connected warning signs now benefit from secure connectivity from road-side control cabinets to the central data centre. Fleet management solutions use wide area cellular connectivity to improve vehicle maintenance, lower fuel consumption as well as automated logging of odometers, rev-meters and accelerometers.

Over the years, public cellular providers have adapted their product and services to enable a range of different verticals to integrate cellular modems that benefit from wide area connectivity into their business processes while supporting a range of different business relevant value propositions.

3. The emergence of private metropolitan-area cellular networks

The coverage advantage of public cellular systems has driven adoption by those use cases that necessitate national or international coverage. So called “metropolitan area network” use cases can similarly benefit from this coverage advantage. One of the earliest examples of such is the Australian regulator ACMA that permits use of 3GPP defined 1800 MHz cellular frequencies for supporting point-to-multipoint systems for private networks in regional and remote areas of Australia. This has led to the adoption of private cellular networks by mining and energy companies that have operations that span over significant distances and where the increased range of cellular based point-to-multipoint systems offer clear advantages compared to local Wi-Fi based unlicensed alternatives.

In the US, many utility companies used to operate private metropolitan-area networks based on WiMAX technology. These have now transitioned to private LTE based systems, enabled by the recent innovation in spectrum licensing associated with CBRS. Now airports are using these new licenses to operate private LTE networks, leveraging the extended range offered by cellular frequencies to enable better coverage of the apron where aircraft are parked to support baggage and maintenance use-cases.

In the UK, from 2019, Ofcom took the decision to augment its approach to licensing spectrum for cellular operation, with the introduction of shared access to spectrum for a newly introduced 5G band. The specific 5G band covers 400 MHz of spectrum between 3.8 and 4.2 GHz. Ofcom’s rationale for the novel approach was to “enable the deployment of private networks with greater control over security, resilience and reliability”. Ofcom has made two types of local license available:

◉ a low power license that authorizes the licensee to deploy as many radio access points within a 50 metre radius of a defined reference point. The radio access points have a maximum emitted power of 24 dBm (for a 20 MHz carrier) and an antenna height limited to 10 metres above ground.

◉ a medium power licensed that authorizes the licensee to deploy a single radio access point at a defined rural location where the radio access point has a maximum emitted power of 42 dBm (for a 20 MHz carrier).

Previously businesses wanting to benefit from integrating cellular service into their business operations had to engage with public cellular operators that had been licensed exclusive spectrum. Now, these new regulatory approaches are allowing businesses to deploy local and metropolitan cellular systems independently of public operators.

4. Standardization of 3GPP Non-Public Networks

5G is targeted at fulfilling the requirements from different industrial segments. In order to meet such expectations, 3GPP Release 16 defines enhancements to the 5G system to support Non-Public Networks (NPNs). This introduces two new cellular identifiers, a Non-Public Network Identity (NID) and a Closed Access Group Identity (CAG-ID), enabling devices to perform non-public network identification, discovery and selection as well as enabling the NPN to implement access controls. In release 16, the NPN can be deployed in two different configurations:

◉ “stand-alone” mode (S-NPN) where the NPN is deployed in isolation of a public cellular network, and

◉ in“public network integrated” mode (PNI-NPN) where the NPN leverages 5GS functionality delivered by the public cellular network, including SIM/identity management.

The PNI-NPN deployment can, subject to agreed policies, enable an enterprise device to seamlessly transition between the NPN access network and the public cellular network. In contrast, the Release 16 S-NPN is considered isolated from other networks. However, release 17 has seen further enhancements with the ability for a device to access the S-NPN using credentials owned by a separate credential holder (CH) entity. The credential holder can be a private enterprise, or can be a public cellular operator, enabling a SIM-based public cellular identity to be used to authenticate a device on an S-NPN. Note, whereas such a scenario would conventionally be referred to as “roaming”, 3GPP’s use of roaming is limited to using another public cellular operator’s visited network and hence 3GPP refers to authentication between S-NPN and CH as “interworking”.

These latest NPN capabilities, when coupled with the new approaches to licensing cellular frequencies, are specifically aimed at broadening the applicability of private cellular networks to the widest range of businesses.

5. Operating inter-connected networks

Operating interconnections between networks, be that peering interconnect, an ISP service or roaming, always requires a technical framework and a financial framework that are referenced in terms defined in legal agreements agreed between parties.

The GSM Association came into existence to drive matters essential for the implementation of a pan European roaming service. Since its inception back in the 1990s, GSMA’s remit has since broadened to address services and solutions that underpin interoperability and make mobile work across the world. Serving its operator members, GSMA defines how to operationalize the roaming reference points defined by 3GPP to enable their operator members to support international roaming. This includes defining international roaming agreements, operating systems to enable collecting and sharing roaming related business and technical information, and procedures that enable the exchange of roaming signalling between different operators.

In contrast to the unified inter-operator cellular system operationalized by GSMA, historically the private wireless industry has taken a decentralized approach, with each individual wireless hotspot provider defining their own legal terms and getting end-users to agree to those before being able to access via the private network. This decentralized approach has not inhibited private wireless hotspot adoption, with some estimates of over 500 million Wi-Fi hotspots available worldwide. However, more recently it has inhibited usage, as users avoid the required user engagement necessary to accept the hotspot’s legal terms.

6. Scalability

How to scale interconnect is a significant issue for private networks. While GSMA has been successful in scaling roaming between the 800 public cellular operators, there are still challenges in scaling GSMA interconnect. This requires the use of roaming hub providers to scale operations. Importantly, such hub models are predicated on the use of financially settled service that can be used to pay for the services of the roaming hub provider. In contrast, the businesses that have deployed private wireless networks frequently do not require financial remuneration from another enterprise in exchange for providing access, be that from a third party private enterprise or a public cellular operator. Without financial remuneration to enable conventional hub models, an alternative approach to scaling may be required for private networks.

Another key aspect of scaling private networks is related to the dimensioning of inter-connected signalling that is a function of the geographical coverage of the private wireless access network and the number of subscribers served by a particular credential holder. Public cellular networks provide nationwide coverage to 10s of millions of subscribers. Such scale drives significant roaming signalling traffic between cellular providers that enable assumptions related to longevity of signalling connections to be embedded into technical procedures that support bidirectional signalling between all public cellular operators. In contrast, early data from the Wireless Broadband Alliance (WBA) on adoption of its OpenRoaming federation, a system designed to operate with private wireless networks, indicates that dimensioning in private deployments may be as low as one thousandth of that experienced by a conventional public cellular network.

With some forecasting 1 million private cellular networks by the end of the decade, a thousand times the current number of public cellular networks, we can anticipate the future scalability challenges of being able to support 1000 times more networks, each with 1/1000th of the signalling load.

7. Interconnecting 3GPP Non-Public Networks

The opportunity of being able to interconnect 3GPP Non-Public Networks with third party systems is aimed at fulfilling 5G’s opportunity at serving different industrial segments. The challenges faced include defining the technical framework to simplify adoption of interconnect functionality, agreeing procedures that are amenable to the administrators of information technology (IT) and operation technology (OT) systems in separate businesses while simultaneously supporting the unique scaling attributes of private networks and separate credential holders.

Complementing the technical framework, a legal framework that enables legal teams in private enterprises, individual credential holders and public cellular operators to scale is required. The legal terms need to ensure cellular devices, be that end-user smartphones or embedded cellular modems, experience a great service when using the private wireless networks. Finally, the interconnect systems should not assume that financial remuneration for providing wireless service is going to be available to fund the operation of hubs to scale interconnect across the millions of private networks.

Simplification and scaling of private 5G solutions is going to be critical to ensure the full potential of 5G can be harnessed. The 5G DRIVE (Diversified oRAN Integration & Vendor Evaluation) project led by Virgin Media O2 and part-funded by the UK DCMS, Cisco and co-partners is targeted at defining the use of the new 5G Security Edge Protection Proxy (SEPP) roaming interface to connect public and private 5G networks. Cisco is invested in solving the key problem of how best to integrate private 3GPP Non-Public Networks with established public cellular networks, affordably, securely and at scale. Cisco will use its membership of the 5GDrive project to showcase its 5G-as-a-Service offer that is aimed at lowering the barriers to adoption for 3GPP Non-Public Networks as well sharing key learnings from its incubation of the OpenRoaming systems from an internal Cisco proof-of-concept to an industry standard supporting roaming across over a million private hotspots. Watch out for upcoming blogs where we will be sharing more information about proof of concept demonstrations of how SEPP-based roaming could be adapted to lower barriers to adoption for private enterprises.

Source: cisco.com

Continue reading