Common Database Infrastructure in Cisco IOS XE Software Simplifies 160+ Enterprise Devices

Developed by a global team of more than 3000 software engineers, Cisco IOS XE Software powers more than 160 Cisco enterprise platforms for access, distribution, core, WAN, and wireless — with many different form factors and combinations of hardware and software. One of the main reasons the software stack can encompass such a large portfolio of enterprise networking products is due to a common database and database-centric programming model across all platforms.

It started with the Cisco 1000 Series Aggregation Services Router (ASR 1000) in 2004, where every state update to the data path went into and out of an in-memory database. Since 2015 and Cisco IOS XE version 16.1.1, many more platforms have been added, due in large part to the software stack’s consolidated database features that work across all platforms. From one platform supported by IOS XE to 160 in six years is an incredible industry run rate.

Here are some of the most useful and robust database features used across all Cisco devices that run Cisco IOS XE.

In-memory Database Power and Capturing Application Intent

Configuration and operational data in IOS XE devices are stored in in-memory NoSQL graph databases. In addition to providing atomicity, consistency, isolation, and durability (ACID) functionality, IOS XE supports validation and default values, dependency management, replication, notifications, subscriptions, and consolidation.

Application database intent ― including schema, defaults, validation, and graph model ― are captured in a Domain Specific Language (DSL) called The Definition Language (TDL) that was developed by Cisco. Using TDL, developers can describe what they want to do, what data they want to model, and the rules for validation. Then the TDL compiler generates database interaction code in the language of choice for the application (e.g., C, Java, Python), as shown in Figure 1. If developers want to use a new language, they can still use the intent captured in TDL to generate code.

Figure 1. Utilizing DSL to Capture Database User Intent

Decoupling intent from implementation code provides tremendous architectural flexibility. For IOS XE, the back end is written in C to provide optimal performance. The front end uses a formal query system and can be in any language. We use a custom compiler with a Model-View-Controller (MVC)-based architecture to perform the magic of converting intent to front-end APIs.

This approach eliminates the need for data conversion for clients querying the database. As shown in Figure 2, applications can natively interact with the database through APIs regardless of the language of choice. The database can also be read by other applications and/or infrastructure (e.g., Web UI, CLI-based show commands, and other monitoring services).

Figure 2. Cisco IOS XE Applications Natively Interact with the Database

Runtime Infrastructure for Cisco IOS XE

Although the database infrastructure in IOS XE can use secondary storage as the database store, most of the applications use in-memory databases that reside in RAM. A transactional engine specifies ACID guarantees (e.g., a process launched by some user must request modifying the database and signal when it is done modifying it). Failure to complete the process results in the database being rolled back so it is never in an inconsistent state.

Figure 3. Runtime Infrastructure for Cisco IOS XE

The raw lookup data structure layer includes the infrastructure for indexing algorithm tables (e.g., hash tables, binary search trees). The graph layer is where user-specific database configurations like table connections, default values, and validation enforcement are performed. For example, a Wireless Lan Controller (WLC) tracks Access Points (AP) and clients connected to it. Clients are connected to the WLC through the AP. This wireless operational state may be modeled as AP and client tables, with each record in the AP table connected to a client table. It is important to note this is the internal state of the application. With IOS XE database runtime, this state can now be consolidated, exported, replicated for SSO, etcetera, while being performant enough to support the high-scale requirements for wireless.

Other Functions Enhanced with IOS XE Database Features

◉ Fast reload – On reload, a persistent, version-aware, binary configuration can be read faster than any text representation. In the past, reloading software on Cisco platforms could take up to 7 minutes. With Extended Fast Software Upgrade (xFSU), it takes 30 seconds or less. The hardware is never powered off and traffic keeps flowing while the control plane is maintained in an operational state during the reload process.

◉ Stateful Process Restart – Externalizing an IOS XE device’s configuration and operational state allows stateful restart processes. By saving the device’s state externally, it can be restarted and will continue where it left off.

◉ Horizontal Scaling – Consolidation of a device’s operational state allows for the elastic and horizontal scaling of processes based on changing application traffic patterns. There may be multiple copies of the same process, each with its own database, but Cisco enables databases to be consolidated into a single database, providing a global view, which makes it easier to spawn more processes horizontally.

◉ Stateful Switchover (SSO) – Databases on active and standby devices in a high availability configuration are continuously synchronized through replication to keep the standby device in a hot state, able to become active in case of a failure. Like stateful process restart, at the device level, SSO synchronizes one device through replication continuously.

◉ In-Service Software Upgrade (ISSU) – To ensure that versions of Cisco IOS XE that are running are correct across supervisor engines and other devices, databases in Cisco IOS provide per-object versioning support with build time checking for violations. This helps ensure a reliable ISSU.  ISSU orchestrates the upgrade on standby and active processors one after the other and then switches between them in the control plane so that there is zero effective downtime and zero traffic loss.

◉ Monitoring and Global Device View – A device running IOS XE provide a global view of its complex and varied operations, based on the consolidation of databases, which allows for greater real-time insights into configuration and operational data. Analysts can subscribe to specific data sets and request to be alerted when any changes occur to monitor the device more proactively.

Summary of Database Benefits in Cisco IOS XE

Database features in Cisco IOS XE allow devices to be reloaded in seconds, to maintain a state during restart and switchover. Applications can consume database records natively without any translation required. Intent can be gathered and code generated in any development language, ensuring resilience to regressions. Databases used by each device are consolidated into a global view, enabling the horizontal scaling of processes. The system supports version skew operation with per-object versioning.

It’s all relatively seamless across all 160+ Cisco IOS XE devices.

Source: cisco.com

Continue reading

Enabling Metaverse and next generation content the right way

Content publishers and communication service providers (CSPs) are experiencing a transformation from broadcast television to streamed content from the internet. Fueling this transformation is competition from new providers that want to produce tailored content for their subscribers, allowing them to differentiate themselves among the competition and win viewership attention. And up to now, this streaming content has been mostly video and not bi-directional, but that will soon change.

The metaverse and applications like remote surgery or drone delivery services are on the horizon but can’t arrive while the network still struggles with common problems like asymmetrical bandwidth speeds, scalability, and variable latency conditions resulting from congestion and transport distance. Buffering and pixelization are bad during a video stream, but those delays may prove deadly during remote surgery or autonomous driving. Therefore, CSPs, content publishers, and other players within the infrastructure ecosystem need to evolve from traditional content delivery network (CDN) architecture and move compute power to the edge near the consumption point.

Visualize an evolved metaverse or immersive application this way: instead of jumping on a treadmill or spin bike and joining an online exercise class displayed on a screen, you put on a virtual reality (VR) headset and meet class participants first in a virtual gym room. You could engage other participants in conversation, high fives, and have a more three-dimensional, immersive experience. The experience would show you passing other participants, a changing landscape to mimic the actual physical environment, and sights and sounds along the way.

Expanding on this even further, your local store could have a virtual store front where you shop for items that are then sent home via a drone delivery service. Utilizing a ‘virtual proximity’ algorithm, the store front and personnel avatars would be localized to represent your nearby store. This way the application can expand upon the sense of community and convenience you feel by shopping locally and engaging with the same personnel that you see when you visit in person.

These realistic, immersive experiences are what providers want to deliver as they’re more engaging, more authentic, and will create new markets that can drive new revenue streams. For this to become reality, providers need greater quality control within CSP transport networks as well as to have content and any artificial intelligence (AI) or machine learning (ML) enabled contributions located deeper into the network, closer to their end users. By having this control and access, providers can have assurances that the network will supply the quality of experience subscribers expect. And for critical decision services like autonomous driving or flying drone action points, the compute power must be in the market to avoid disastrous outcomes.

Latency can be overcome by shortening distances and moving content as close as possible to end consumers—dropping the distance traveled from peering points and reducing the likelihood of encountering congestion and avoiding the cost associated with transporting traffic. Adding compute power to the same edge location means the CSP is creating a localized intelligent node that is capable of massive throughput supporting millions of simultaneous stream connections while not adding complexity to network management or operations.

These intelligent node deployments need to be easy to manage, economical, scalable, and sustainable. To maintain the simplicity in design, the economic feasibility and sustainability of the systems that are being put in place need to be leading edge with throughput capacity, adaptive to fluctuating traffic demands, flexible in deployment options, and rack, power, and space efficient. Recent announcements from Cisco supporting disaggregated data center designs for web scalers support these efforts to create more intelligent nodes in support of a more content-rich network.

The design for these nodes needs to include the compute power to serve the in-demand applications, but the server counts don’t need to be so large as to off-set the economics for the location or potential positive environmental impacts. To help keep the design and deployments streamlined, both content providers and CSPs need deep network observability to identify the tangible performance numbers and affecting factors. With tools such as Thousand Eyes or Crosswork Network Insights that can provide full-stack observability and a level of detail, workload distribution could become a hybrid deployment between the edge or larger aggregation computing locations. This could be a deterministic deployment model where application workloads are centrally located in large cloud centers when the workloads demand large compute power but have a higher latency tolerance. Conversely, applications with a lighter computing need that have lower latency requirements would be located at the edge to optimize their performance.

The deterministic workload deployments, along with improved quality of service parameters deployed through the network, will create a network design to serve as the foundation for immersive experiences that can be localized to foster community building and create connections that build an inclusive future for all.

Source: cisco.com

Continue reading

Launch Your Cybersecurity Career with Cisco CyberOps Certifications | Part 1

Every day, organizations worldwide contend with increasing malicious activity by criminal organizations and nation-state sponsored threat actors. There is a tremendous demand for security professionals who are trained to defend against these malicious threats. These professionals are the backbone of effective security teams. 

When organizations build security teams to address sophisticated cyber threats, they typically begin by constructing a security operations center (SOC). Modern organizations rely on SOC teams to vigilantly monitor security systems, rapidly detect breaches, and quickly respond to and remediate security incidents. To succeed in these crucial tasks, SOCs are desperately seeking more qualified cybersecurity professionals.

Cisco CyberOps Certification Evolution

In 2016, Cisco introduced the Global Cybersecurity Scholarship program to help close this cybersecurity skills gap. Alongside an investment of $10 million in the program to increase the pool of talent with critical cybersecurity proficiency, Cisco also introduced a new CCNA CyberOps certification to prepare candidates to begin a career working with associate-level cybersecurity analysts within SOCs. At the time, candidates had to pass two exams (SECFND + SECOPS) to earn this valuable certification. 

In 2020, Cisco redesigned the certification requirements and introduced the one-exam CCNA certification. For example, to earn the CCNA CyberOps certification, candidates had to only pass the CBROPS exam. At the professional level, candidates still had to pass two exams: for CCNP CyberOps, those exams were and still are the CBRCOR core exam and the CBRFIR concentration exam. 

In 2022, with the release of the new Cisco U. digital learning experience, the SOC Tier 1 Analyst learning path was introduced. The Cisco U. digital learning experience is built around the learner and the SOC Tier 1 Analyst learning path is specifically designed to ready learners for the SOC environment. With targeted quick-start pre-skill assessments, modular learning that addressed various aspects of the SOC experience, advanced search to refresh skills and topics, and a focus on goal setting, Cisco U. is designed to work for everyone’s unique journey.   

Cisco SOC Tier 1 Analyst Learning Path 

The SOC Tier 1 analyst role is the entry-level position within the security operations center. The SOC Tier 1 analyst, or triage specialist, has sysadmin and scripting programming skills, as well as one or more relevant cybersecurity-related certifications, such as the Cisco Certified CyberOps Associate, Cisco Certified CyberOps Professional, or CCNA. To help grow the skills necessary to operate effectively as a SOC Tier 1 analyst, Cisco created the Security Operations Center (SOC) Tier 1 analyst Learning Path training. This learning path is a collection of courses designed to help learners master the concepts and tasks needed for the SOC Tier 1 analyst job role and functions as a roadmap, guiding learners and providing visibility into their mastery of necessary SOC analyst skills and concepts.  

The goal of Cisco’s SOC Tier 1 Analyst Learning Path training is to teach the fundamental skills required to begin a career working as an entry-level associate SOC analyst within a threat-centric security operations center.

The training explores common attack vectors, malicious activities, and patterns of suspicious behaviors typically encountered within a threat-centric security operation center. It includes videos, example scenarios, hands-on-labs, and knowledge assessments (review questions). As the student advances down the learning path, they will be exposed to the foundational concepts and practices behind a security operations center and will gain the tactical knowledge and skills that SOC teams require to effectively detect and respond to the growing numbers of cybersecurity threats.  

Note: The SOC Tier 1 Analyst Learning Path consists of the CBROPS course with some additional cyber security content, plus some CCNA Implementing and Administering Cisco Solutions 1.0 content. 

SOC Analyst Job Outlook 

According to the U.S. Bureau of Labor Statistics, employment of information security analysts is projected to grow 33 percent from 2020 to 2030, much faster than the average for all occupations.   

Cisco CyberOps certifications are designed to satisfy the actual needs of SOC teams. CCNA and CCNP certifications prepare individuals to pursue a career working as an analyst in the SOC and the different levels of certification are intended to develop the skills necessary for advancement.  Below is a recent Cisco job posting for a SOC Cyber Security Analyst opening with the job position overview and responsibilities. Successfully completing the Cisco CCNA/CCNP Cyber Ops certifications fulfills many of the job requirements.

Source: cisco.com

Continue reading

Communication Service Providers: the Potential Power Behind an Inclusive Internet

Gartner defines communication service providers (CSPs) as those who offer telecommunications services, media, information, content, entertainment, and applications services over networks. We know them as our telecommunications companies, our cable service provider, our satellite broadcast operators, and our cloud communications providers. CSPs are arguably the most important players to enable an accessible, affordable, secure, trustworthy, sustainable, and inclusive internet. But, to play a leadership role in defining the Internet for the Future, CSPs must fundamentally transform.

CSP industry economics are challenging

The current economics of the CSP industry are challenging. CSP market cap share of the internet (including infrastructure, connectivity, devices, and value-add digital services) fell from just under 30 percent in 2010 to less than six percent in 2021. CSP revenue growth is now at low single-digits at best and return on invested capital (ROIC) is barely above the cost of capital. Meanwhile, CapEx as a percentage of revenue has remained high as leading operators such as AT&T, Verizon, and Deutsche Telekom roll out their 5G networks.

CSPs must transform

To play a leadership role in defining the Internet for the Future — while also delivering positive returns to shareholders — CSPs will need to fundamentally transform. The next five years are crucial as CSPs plan to invest about $2 trillion in their networks, especially to connect rural areas and provide access to the economically disadvantaged. These companies will need to increase their ROIC by more than three percentage points, meaning boosting annual top-line growth by at least four percent, reducing operating costs by at least 10 percent year-over-year, and reducing CapEx intensity of their business by at least five percent. Achieving these benchmarks will require a fundamental rethink of the CSP business model. In the remainder of this post, we offer a road map for achieving this.

Roadmap to success: transition to platform business model

The primary shift for CSPs will be to create a platform architecture and business model to provide open-access connectivity to any service provider: a “connectivity platform as a service” (CPaaS). This layer is enabled by connectivity infrastructure as a service (CIaaS), which in turn enables customer-facing everything as a service (XaaS). Platforms lead to innovation speed by leveraging third party development. Three key areas will define success in delivering the Internet for the Future:  modernization and automation, deeper partnerships, and B2B2X business models.

Modernization and automation

CSPs will need to make major shifts in their technology architecture to take advantage of potentially massive new opportunities. Investments in these five network domains will make possible a higher degree of automation and virtualization:

◉ Service and infrastructure orchestration. CSPs can move toward a leaner, cloud-native operations support system (OSS) and to ground their business support system (BSS) in microservices that are decoupled from outdated legacy infrastructure, opening new business opportunities and monetization models.

◉ Access. CSPs can use a virtualized radio access network (VRAN) or an open radio access network (ORAN) to drive disaggregation and standardization, leading to increased vendor diversity and new partnership models while reducing the total cost of ownership across upgrade cycles. CSPs with strong integration capabilities can see significant cost savings and time-to-market benefits.

◉ Edge/MEC. Multi-access edge computing (MEC) provides an excellent platform for delivering business and consumer services while deriving the fullest value from network infrastructure. In addition, operators can benefit from the broader MEC application market to drive monetization of new and emerging 5G use cases. This is an area that will require major investments as operators increase the coverage, capability, and capacity of their MEC networks.

◉ Transport. Convergence and delayering provide a great opportunity for service providers to make their transmission networks simpler and more intelligent, unlocking capacity while simultaneously reducing CapEx and supporting delivery of new revenue streams through network as a service (NaaS) offerings.

◉ Core. 5G core deployments will enable network slicing, which will help drive new organic service revenue while further strengthening NaaS capabilities. Public-cloud offerings will help a broader range of CSPs handle ever-increasing core workloads.

Software defined networks (SDNs) and network functions virtualization (NFV) will help decouple software and upgrade cycles and lower the costs of upgrades and maintenance. In turn, increased virtualization and open standards will enable service providers to design, configure, and manage network capacity more efficiently. Similar benefits can be achieved in flattening transmission networks (e.g., with Routed Optical network solutions) where current design rules, lack of visibility, and manual configuration result in over-dimensioning and over-provisioning. Legacy transmission networks run at an average utilization rate of less than 30 percent. VRAN and ORAN will both extend these life cycles and increase the use of third-party hardware. The lengthening of life cycles, along with a reduced need for manual upgrades and repairs, will help improve productivity in network functions.

CSPs must invest in deeper partnerships

CSPs will not be able to deliver the Internet for the Future unless they fundamentally change the way they think about and implement partnerships.

◉ Hyperscalers would benefit from CSP points of presence such as central offices and base-band locations. In return, hyperscaler investments in MEC could help service providers tap into the broader application-developer market.

◉ Infrastructure Providers. While CSPs already have models in place to share towers, fiber and data center virtualization and open standards will allow for more sharing in areas such as RAN.

◉ Carrier-neutral infrastructure providers.  Tower companies and data centers are also well-positioned to drive MEC growth and could be ideal partners for service providers and hyperscalers, helping to drive standardization within markets. However, this model has limitations in terms of monetization and may raise concerns related to the hosting of CSPs’ organic networks and IT workloads.

◉ Equipment vendors. CSPs can deepen their partnerships with equipment vendors, like Cisco, to manage equipment as a service, shifting CapEx to OpEx —thereby sharing investment risks and rewards.

◉ CSPs could consider partnering with their competitors (other CSPs serving the same markets) in areas ranging from infrastructure sharing to active co-investment efforts.

◉ Solidifying government partnerships will be needed. For example, we must support the creation of a centralized infrastructure entity within single nations, as we have seen in Australia, Singapore, Mexico, Jordan, and elsewhere. Such partnerships could help CSPs cut CapEx and operational expenses.

Implementing B2B2X business models

Finally, these rising technologies will be levers not only for savings, but also growth—the kind of growth that CSPs urgently need to remain competitive and deliver on the infrastructure of the future internet. One promising avenue for growth is the boosting of consumer ARPU growth with differentiated, personalized offerings. The rollout and adoption of 5G will help enable this, especially as the metaverse evolves.

Aligning with Cisco’s purpose

It’s clear that the Internet for the Future needs to be more accessible, broadly distributed, secure, trustworthy, and ecologically sustainable. And it needs to achieve these qualities while also becoming even bigger, faster, and more capable than it already is. If CSPs can embrace transformation, they can become one of the most consequential drivers of an inclusive internet for all.

Source: cisco.com

Continue reading

Three Best Practices to Enable Partner Success on AWS Marketplace

More than a month has passed since AWS re:Invent and the AWS Marketplace continues to accelerate as a new route to market for ISVs and channel partners. Here are a few proof points to consider: ISVs are reporting 80% larger deal sizes when transacting on AWS, 40% shorter sales cycles (from 5 months down to 3 months), and 27% more deals closed through AWS Marketplace versus other channels. These numbers help validate that ISVs and channel partners are gaining exposure to the large customer base on AWS Marketplace, which last year accounted for billions of dollars in transactions.

As a partner-led organization, Cisco is committed to being where our customers are while working together with our channel partners. And this includes — more than ever — transacting via the AWS Marketplace. Working as One Team — Cisco, AWS and our mutual channel partners — our customers rely on us to help them achieve or exceed their outcome objectives and user experience expectations.

So let’s look at the three best practices Cisco and our partners are following to maximize the value we deliver to our customers by leveraging AWS Marketplace for success:

1. List the right products

The AWS Marketplace is an online software store that allows ISV and channel partners to market and sell their software and services to AWS customers around the world. Therefore, it’s important that Cisco lists the products from its large, market-leading portfolio that truly deliver value to AWS customers. Today, this includes offerings that enable several use cases, such as cloud and data center networking, multi-cloud, IoT, security, full-stack observability, and hybrid work.

Most recently, Cisco has added the collaboration use case by listing the Cisco Webex Suite Named User offering on AWS Marketplace and through the AWS private offer. The Webex Suite Named User offers a per-user, subscription-buying model that enables customers and partners to provide the Webex Suite service to individuals, teams or departments, and to add additional named users as adoption grows. Webex Suite Named User includes a comprehensive set of cloud-based collaboration tools, including cloud calling, meetings, messaging, webinars (1K), polling, Vidcast and whiteboarding.

2. Align the sales teams around co-selling

Because AWS Marketplace represents a new route to market, Cisco and our channel partners’ sales teams need to be aligned with multi-partner co-selling motions transacting on AWS Marketplace or via CCW. Multi-partner co-selling is a sales strategy where two or more partner companies sell together offering holistic solutions. This approach can lead to increased deal sizes and profitability by enabling partner access to new decision makers and new buying centers, including AWS Marketplace.

The reality is that no single vendor — even companies the size of Cisco — has all the skills, knowledge and intellectual property required to deliver complete solutions that meet the business outcome that customers want. It takes a partner co-selling team to drive digital transformation for our customers.

Cisco enjoys market leadership in several architectures and use cases. Complementing our product offerings, our channel partners have incredible reach as trusted advisors into their customers’ technology stacks, as well as a robust menu of value-added services. And when those services are combined with Cisco offerings, we can deliver solutions that more precisely meets our customers’ unique needs. Add AWS Cloud and AWS Marketplace to this joint value proposition and you have an unbeatable combination.

However, enabling co-selling takes focus and change management. For instance, sales compensation models must be adjusted to motivate co-selling which results in AWS Marketplace bookings. Trust is the foundation of sales, so a defined communication plan centered on co-sell wins is paramount to ensuring the right behaviors are placed on the spotlight for all to see. This then triggers a domino effect of repeatable wins and undeniable trust.

3. Invest in developing processes to ensure operational success

Booking through AWS Marketplace requires partners to invest resources in building the operational foundation to process the bookings. For instance, when booking through AWS Marketplace, the partner generally sees margin — not topline — revenue. This can create required changes with existing sales compensation models that pay on topline revenue. That said, partners that manage their customers’ annual spend commitment per the predetermined AWS Enterprise Discount Program could recognize topline revenue.

In other words, integrating co-sell pipeline markers and data into a partner’s current sales pipeline may require planning and change management of existing processes. For instance, changes may be required with existing sales compensation models to properly motivate co-selling behavior with Cisco and AWS.

Accelerating opportunity and growth

Many will argue that the AWS Marketplace is still nascent with plenty of growth opportunities available for Cisco and our partners on the near- and long-term horizons. The AWS Marketplace value proposition is just too strong to ignore. It makes it easy for customers to buy, provision, and instantly gain value from their purchases. Individual buyers can make their purchases independently, while taking advantage of AWS Marketplace’s single platform to manage and pay for software and services. In addition, software purchases made on AWS can be used to “burn down” customers’ committed spends.

Partners! Now is the time to engage with us and AWS and be part of the journey that brings incredible value to our mutual customers running on AWS.

Source: cisco.com

Continue reading

You got legacy devices, we got Cisco DNA Center

It is a well-established fact that Cisco builds amazing hardware which is reliable and built to last. Perhaps one of the best testimonials of Cisco’s quality is the sheer amount of “legacy” devices still in production across the globe. In fact, it is not uncommon to see devices with uptime of over a decade. While many networking professionals are very proud of the uptime, this is part of the reality of some network infrastructures.  Let’s define what a legacy device is:

leg·a·cy (adjective)

“denoting or relating to software or hardware that has been superseded but is difficult to replace because of its wide use.”

Cisco has developed Cisco DNA Center as the next-generation platform, which provides not only network management and monitoring but is also feature-rich with advanced AIOps, automation, and security capabilities. However, it is also important to note that Cisco DNA Center can support and bring the latest and greatest in Cisco’s monitoring and management capabilities to many of your legacy devices, not just the newest  Cisco Catalyst 9000 product family.

With the most recent release, Cisco DNA Center now supports all devices up to 2015 (541 legacy devices). Note that the legacy device support in Cisco DNA Center does not imply the EOL devices are now TAC supported; if the device has reached its end of support, that is still the case.

Cisco customers can easily move from Prime Infrastructure to Cisco DNA Center with their SNMP-based legacy devices and be able to consolidate their monitoring tools to an advanced platform without having to leave their legacy devices behind.

Emphasis on Tool Consolidation

With Cisco’s commitment to helping our customers streamline and optimize their IT operations. In coming releases of Cisco DNA Center, Cisco will be incorporating MIB2 support, which will not only allow additional legacy Cisco device support but also enable monitoring of many 3rd party non-Cisco devices using Cisco DNA Center. This functionality will enable IT organizations to consolidate their monitoring platforms, as many IT organizations are struggling with the number of tools, the fragmentation between the different tools, and the “islands” of support.

What functionality is available on Cisco DNA Center for legacy devices?

Given that the legacy devices are limited to the SNMP protocol and CLI interfaces, Cisco DNA Center provides a range of capabilities given the capability of the target platform, there for some of the capabilities are limited, unlike the full capabilities of the modern Cisco Catalyst 9000 device family. Below is a list of functionalities available for legacy devices:

◉ Inventory – Legacy devices will appear in inventory which means they will generate some level of alerts and issues as provided by the SNMP protocol.

◉ Topology – Inventory devices, once placed in the hierarchy, will also appear on the topology view within Cisco DNA Center.

◉ SWIM (Software Image Management) – With end-of-life devices, software for many of the legacy devices is no longer updated, but Cisco DNA Center will provide limited SWIM functionality to many legacy devices for image management.

◉ Change config audit (CCA) – Limited support is provided for many devices with Configuration backup and config change audit functionality.

◉ Template Provisioning is available for select Nexus and Legacy Catalyst, which meet the minimum device software.

What is the Cisco DNA Center licensing requirement for legacy devices?

For legacy device support, please contact your partner or Cisco sales representative.

From Prime Infrastructure to Cisco DNA Center

With legacy device support going back to all devices since 2015, moving from Prime to DNA Center is easier than ever, allowing your organization to consolidate tools with legacy device monitoring and leverage all the advanced features with your newer Cisco Catalyst 9000 device family using Cisco DNA Center.

By adding legacy devices to Cisco DNA Center, customers can now leverage the following capabilities:

◉ Consolidate their monitoring tools with both new and old equipment

◉ Leverage Cisco DNA Center’s monitoring and alerting system

◉ Be able to see legacy equipment on DNA topology maps

◉ Ability to see legacy device health with DNA Center health score

◉ Detailed device view with Device 360 with details of device information, device neighbor-ship, event viewer, and interface details.

◉ Ability to run CLI commands on switch from DNAC

Cisco understands that many of our customers still have legacy devices and that in large networks, refreshes can take time to complete, but it does not mean that your organization can not start benefiting from Cisco DNA Center today.  If you have a current version of Cisco DNA Center, you already have all you need.  Now, you simply need to add your legacy devices to Cisco DNA Center!

Source: cisco.com

Continue reading

We’ve Doubled the Number of Cisco DNA Center Reservable Sandboxes

The Cisco DNA Center sandboxes have always been in high demand. For a while now we have had two always-on and two reservable sandboxes for Cisco DNA Center. With each of these sandboxes requiring at least one Cisco DNA Center appliance and several Catalyst 9000 switches, it’s easy to see why they were some of the most expensive sandboxes we have. (Hence, the limited number.) Expensive not only because of the hardware appliance and physical Catalyst 9000 switches, but also from a rack footprint, power, and cooling perspective.

Fully test all the features of the Cisco DNA Center platform including building SDA fabrics

Taking advantage of some virtualization secret sauce and holiday magic, the sandbox team has done a tremendous job and they have launched 4 Cisco DNA Center reservable sandboxes. Yes, you’ve read that right! We have doubled the number of Cisco DNA Center reservable sandboxes! And all 4 of them are running the latest version of code 2.3.3.5 as of the writing of this blog and have a Cisco ISE server so you can fully test all the features of the Cisco DNA Center platform including building SDA fabrics. There are two CoreOS virtual machines attached to the access switches for traffic generation and client troubleshooting. We’ve also included a CentOS DevBox that provides a developer environment with Python, virtual environment, Ansible and other tools already preinstalled.

Topology of the new reservable sandboxes

Test and develop your applications and integrations

The two always on sandboxes are still there, available at all times. They will also be upgraded to 2.3.3.5 in January, 2023. So, you now have 6 Cisco DNA Center sandboxes available for you to test and develop your own applications and integrations!

Next year will be an even bigger year for Cisco DNA Center sandboxes with the team looking at migrating our current environments to a fully virtual setup taking advantage of the recently announced Cisco DNA Center virtual appliance. This should allow us to better scale our Cisco DNA Center environments and provide even more sandboxes to you, our community.

No cost to you

If you want to discover Cisco DNA Center, explore the REST API interface it provides, or develop your first application or integration using Cisco DNA Center, these sandboxes provided at no cost to you are an invaluable resource!

Source: cisco.com

Continue reading

Perspectives on the Future of Service Provider Networking: 5G and the future of enterprise wireless networks

As part of the Industry 4.0 Initiative, many enterprises are working to improve their efficiency by increasingly digitalizing and connecting their business processes. This evolution calls for the aggressive adoption of networked sensors, robots, autonomous guided vehicles (AGVs), or other IoT devices. 5G, the latest generation of cellular technology, promises to meet the requirements that arise in such enterprise environments requiring extremely low latency and high reliability. But so far cellular networks have predominantly been operated by communication service providers (CSPs). So how can 5G be introduced into an enterprise setting with minimal risk and disruption to existing business processes?

Many enterprises are embarking on an Industry 4.0 journey, aiming to increase business efficiencies and workflow uptime and make informed business decisions. In this journey, existing processes are automated by deploying intelligent robots, AGVs, sensors, or other instruments that are networked together and supported by controllers providing real-time automation, visibility, and control. Examples of such processes in a manufacturing context include:

◉ Flexibly connecting manufacturing assets

◉ Deploying layout-free production lines, including autonomous robots and co-bots

◉ AGVs

◉ UHD cameras on high-speed uplinks combined with machine learning algorithms for predictive quality control and maintenance

◉ Augmented reality training

While this trend in Industry 4.0 promises to increase competitiveness and quality and reduce production costs, the required changes still present major challenges to predominantly risk-averse enterprises. Adjustments to existing processes are often quite intrusive, requiring deployment of new digitalized endpoints. Enterprise networks also need to support connectivity requirements beyond the carpeted space to include outdoor environments and allow partners and customers to participate in a fully digitalized workflow.

5G is emerging as a promising way to address these challenges. The latest generation of 3GPP cellular technology standards take an open architectural approach in addition to offering improvements in radio connectivity between endpoints and base stations. 5G offers deterministic real-time access to the network, broad geographic coverage, low latency, and high bandwidth communication to IoT devices. The figure below illustrates the five architectural pillars of 5G.

Cellular technologies have their roots in consumer mobile networks, using regulator-controlled licensed frequencies. Their sophisticated functional components support global roaming, high-speed handoffs between antennas, and detailed billing to name a few. To an enterprise operator, 5G as a technology may seem complex and unfamiliar. A major reason is that operators must consider several system design options in 5G, such as:

◉ Which radio spectrum to use, licensed, unlicensed, or shared (e.g., CBRS) — low-band (<1-GHz), mid-band (“sub-6-GHz”), high-band/mmWave (>24-GHz)?

◉ How to align the level of availability/reliability to the application/service level agreement (SLA)?

◉ How to cover the required area, be it campus (indoor/outdoor), branch offices, distributed remote sites, or industrial?

◉ Where to place the various 5G network functions for radios and the 5G packet core – is the network disaggregation centralized, private/on-prem, or hybrid?

◉ How to ensure security since disaggregation, open APIs, and 5G’s polyglot architecture represent new attack surfaces?

◉ How to meet data sovereignty and regulatory requirements?

◉ How to design for access determinism and what level of determinism is sufficient to meet application requirements?

◉ Ownership vs. partnership models, SLA impact on security, and resiliency models

◉ How to meet the requirements from different endpoint/user-equipment device-types such as phones, modems, sensors, worker wearables, drones, AGV/vehicle controllers, tools, fleet-management routers, industrial routers, etc.?

The introduction of 5G into the enterprise network may seem daunting to an enterprise operator, so it’s natural to look at the community of solution and managed service providers (MSPs) for help!

Three ways service providers can make the most of private 5G

From the perspective of a CSP or MSP, the above challenges that enterprises face in their journey to digitalization present opportunities to extend or enhance their managed service portfolio. Such providers typically have an opportunity to:

1. Offer a generalized 5G service that covers a broad market segment

2. Offer a vertical-specific, turnkey 5G service (e.g., for healthcare or manufacturing)

3. Offer a flexible 5G service integrated into an existing enterprise environment

An example of No. 1 is a CSP that offers 5G service throughout its entire service domain. Such operators could build the service based on their public network by devoting network functions to any subscribing enterprise. This approach is called network slicing in a 5G architecture, and it has the advantage of leveraging the existing technologies (5G packet core, radios) deployed for consumer services in a more service-differentiated manner. The service provider deploys multiple virtual networks on common network infrastructure end to end with control elements that are specific to the business purpose of each service slice.

An example of No. 2 would be an architecture where a systems integrator or MSP creates a turnkey service offer for a particular industry vertical. Dedicated 5G packet core and radios are integrated with vertical-specific endpoints (e.g., robots, AGVs) and deployed on enterprise premises. The systems integrator is typically responsible for the deployment and operation of the entire solution. The 5G network is dedicated to the enterprise’s solution use case and can thus offer the required SLAs. A drawback of such a turnkey solution can be the lack of integration with an existing enterprise network.

Option No. 3 offers a hybrid of the other two alternatives. In this model, the MSP offers a generic 5G access network dedicated to the enterprise without sharing critical resources with other enterprises. Such a network can be generic to multiple use cases, increasing the MSP’s target market. The service can also be tightly integrated into existing enterprise networks, for example by providing links into existing enterprise policy servers or by re-using the installed transport network to connect radios. This possibility of a tight integration with enterprise network operations makes this mode of consuming a 5G managed service particularly attractive.

Why choose an “as-a-service” model?

Each of the above three models have their place in the market and offer advantages. For all three, the “as-a-service” model offers a compelling alternative to a do-it-yourself approach.

We’re active in the public 5G core and transport domains and as such empower any service provider wishing to offer services as in option No. 1. The transport architecture of sliced services will be enabled by new IP routing technologies such as segment routing to address key slice characteristics like bandwidth and path forwarding policy. Core domain network slicing can also be enabled by 5G core orchestrators to govern containerized cloud-native 5G core network functions.

However, most enterprises embarking on the Industry 4.0 journey are looking for dedicated functions as outlined under the latter two options. The ability to retain control over access policies for 5G endpoints or to influence security and quality-of-service policies makes option No. 3 particularly attractive for risk-averse enterprises.

Cisco’s private 5G solution is based on a compelling variation of such an as-a-service approach. It offers critical functions of a 5G access network dedicated to the enterprise and positioned on-premises, but some control functions are also cloud delivered in a software-as-a-service model to the MSP. This allows the MSP to reduce time to market by avoiding deployment and operations complexities of the 5G packet core functions. MSPs can also enjoy the cloud management capabilities that have already been established with the Cisco IoT Control Center platform. We’re already hosting more than 200 million cellular devices on this cloud platform, making it a prime candidate to also extend the approach to the private 5G solution architecture.

Source: cisco.com

Continue reading

Maximize Network Wide License Utilization with Smart Licensing

How can you accurately track software licenses being consumed across your network and where? Smart licensing is the solution!

Smart licensing was created to simplify the customer experience and provide greater insight into software license ownership and consumption. It establishes a pool of licenses that can be used across your entire organization in an automated manner.

What is smart licensing?

Smart licensing is a flexible software licensing model that simplifies the way you activate and manage licenses across your organization. The smart licensing model makes it easier to procure, deploy, and manage your Cisco software licenses.

Smart licensing eliminates the need for PAK licenses and allows licenses to be easily shared across devices in the same organization. It also gives you the flexibility to use only what you need when you need it.

Why should I use smart licensing?

In today’s world, license portability and a flexible consumption model offer you the capability and flexibility to purchase software capacity as needed. This decreases OpEx and can eliminate stranded licenses. When installing high-density line cards or high-capacity fixed chassis, you don’t always need the full capacity of the hardware from day one and a simplified management tool allows you to fully utilize licenses and the dollars you spend.

Customer Needs	IOS XR Flexible Consumption Model (FCM)
Customers want strategic partners who can provide commercial offers permitting them to pay incrementally to expand capacity as demand for their consumer and business services rises.	FCM is a pay-as-you-grow model which enables customers to invest in the network capacity as demand grows. Having this ability to add capacity as and when needed helps customers with their network and capacity planning.
Customers want investment protection with the portability of software across hardware resources to meet demand across any one of their markets.	FCM has a subscription component which includes software portability. This provides investment protection by enabling porting of licenses to next-generation hardware when a customer is ready.
Customers want a software license management experience that enables porting of licenses across the corporation to shift capacity to markets in demand.	FCM permits service providers to pool software licenses and lower initial investments required to incubate new services.

Flexible consumption model benefits using smart licensing

◉ Simplify operations. Two software suites, Essentials Software and Advantage Software, simplify license management while still providing the carrier-class Cisco IOS XR Software feature set.

◉ License pooling: You can efficiently share licenses network-wide with license pooling. This solution improves capacity planning by eliminating “stranded capacity” as you can use available capacity wherever needed in the IOS XR Flexible Consumption Model network. In this manner, you can potentially utilize your capital budgets to consume software innovations in IOS XR.

◉ Software upgrades: Software upgrades provide access to new features and enhancements to existing features.

◉ Software portability: Software portability provides investment protection by enabling porting of licenses to next-generation hardware when you’re ready. During decommissioning of hardware and transitioning to next generation hardware, you retain the ability to not decommission the investment in the software, and instead, port it to a newer hardware provided all necessary conditions are met.

Flexible consumption model and smart licensing are supported on the following products:

◉ Access – NCS 540, NCS 560

◉ Edge – ASR 9000

◉ Core – NCS 5500, NCS 5700, and 8000 Series routers

The flexible consumption model requires Cisco Smart Licensing registration and license usage reporting. A network under IOS XR FCM is considered compliant if the FCM-enabled devices in your network are registered to smart licensing and are reporting the usage. Starting from IOS XR 7.3.1, major and minor XR software upgrades will only be available once you’ve registered the devices and aren’t using more licenses than what was purchased. The registration process is a simple one-time event that can be automated using Cisco EZ-Register, an open-source solution.

Source: cisco.com

Continue reading

Security Resilience in the Americas

The past couple of years have brought security resilience to the forefront. How can organizations around the world build resilience when uncertainty is the new normal? How can we be better prepared for whatever is next on the threat horizon? When threats are unpredictable, resilient security strategies are crucial to endure change when we least expect it.

In a previous blog post, we assessed security resilience in Europe, Middle East, and Africa (EMEA). Now, we take a look at organizations in the Americas to find out how they fare across four security outcomes that are critical for building resilience, based on findings from Cisco’s latest Security Outcomes Study. These outcomes include:

1. Keeping up with the demands of the business

2. Avoiding major security incidents

3. Maintaining business continuity

4. Retaining talented personnel

Country-level security performance

Based on the following chart, clear differences emerge when we examine these outcomes at the country level. The chart shows the proportion of organizations in each country that are reportedly “excelling” in the four outcomes contributing to security resilience.

What we see is that 52.7% of organizations in Colombia, for example, say their security programs are excelling at keeping up with the business, while only 35.3% report that they are excelling at avoiding major incidents. You can follow each country’s path through the four outcomes to see how they view their respective performance in certain areas.

Country-level comparison of reported success levels for security resilience outcomes

What’s really at the crux of these differences in security resilience among countries? Is Colombia that much more resilient than Mexico? Do organizations in different countries have varying definitions of what resilience is, and how they perceive their success? Reasons behind these country-level differences can be attributed to a variety of things, including security maturity, cultural factors and other organizational parameters.

How to improve resilience

Knowing what we know about how organizations across the Americas view their resilience, how can they improve it? The Security Outcomes Study, Volume 2, sheds some light here. In the study, we uncovered five practices proven to boost overall success in security programs, dubbed as the Fab Five:

1. A proactive tech refresh strategy

2. Well-integrated tech

3. Timely incident response

4. Prompt disaster recovery

5. Accurate threat detection

So, how did countries in the Americas rank their implementation of these Fab Five practices? If we look at Colombia, for example, 64% of organizations say their capabilities for accurate threat detection are strong, while only 48.1% of Canadian organizations say the same. There is a lot of movement around the top three countries: Colombia, Mexico and Brazil. The U.S. ranks fourth consistently across the board.

Country-level comparison of reported success levels for five leading security practices

You may be wondering if implementing these five security practices improved resilience across organizations in the Americas. Our study found that organizations in the Americas that do not implement any of these five practices rank in the bottom 25% for resilience, whereas those that reported strength in all five practices rose to the top 25%.

Effect of implementing five leading security practices on overall resilience score

Staying strong in the face of change

Resilience is a cornerstone of cybersecurity. The ability to quickly pivot while maintaining business continuity and robust defenses is increasingly important in today’s world.

Source: cisco.com

Continue reading