Secure Network Analytics 7.5.0 Launch

Secure Network Analytics (SNA) Release 7.5.0 is generally available as of January 22, 2024. All current customers are eligible to upgrade and should look at the release notes to better understand the upgrade process and any additional considerations.

SNA is Cisco’s Network Detection and Response solution.  SNA provides enterprise-wide network visibility to detect and respond to threats in real- time. The solution continuously analyzes network activities to create a baseline of normal network behavior. It then uses this baseline, along with non–signature-based advanced analytics that include behavioral modeling and machine learning algorithms, as well as global threat intelligence to identify anomalies and detect and respond to threats in real- time. Secure Network Analytics can quickly and with high confidence detect threats such as Command-and-Control (C&C) attacks, ransomware, Distributed-Denial-of-Service (DDoS) attacks, illicit cryptomining, unknown malware, and insider threats. With an agentless solution, you get comprehensive threat monitoring across the entire network traffic, even if it’s encrypted.

Read More: 300-735: Automating and Programming Cisco Security Solutions (SAUTO)

This release delivers the innovation and usability that customers expect from the platform. By directly integrating firewall logs, improving response management, and updating the platform to meet the latest certification mandates, release 7.5.0 combines essential platform development with new features and enhancements.

Firewall Logs Generate Events in Secure Network Analytics

Given their location at the edge of the network, firewalls see a vast amount of traffic and behaviors that may be indicative of an attack. In this release, Secure Network Analytics can take logs directly from Cisco Firewall Management Center (FMC), Firewall Threat Defense (FTD) and ASA. These logs are converted into a format that looks like NetFlow but does not count against your flows per second (FPS) license. Enabling this configuration gives further insight into your traffic patterns, risks, and the scope of an attack.

New Response Management Actions

Automated responses improve the workflow for Security Operations Center (SOC) analysts and are a core component of our Network Detection and Response solution. By providing flexibility for multiple response actions, SOC analysts can ensure proper action is taken based on a specific alert type. This release adds Central Analytics detections to Response Management workflows, including the ability to deliver email, syslog, threat response, or webhook.

Data Enrichment from Secure Network Analytics to Cisco XDR

With the 7.5.0 release, security events contribute directly into XDR investigations. Also, XDR response actions can now be applied to alerts.

Other Enhancements

Additionally, this release provides improvements to the overall security and usability of the platform. Secure Network Analytics can achieve the certifications required by customers, including DODIN-APL, FIPS 140-3, Level 1, Common Criteria, USGv6, and IPv6 ready Logo. Some of these enhancements include:

• TLS 1.3: TLS 1.3 is now supported, and TLS 1.2 is still supported. These protocols should be used for inter-appliance and external TLS connections, and can be configured in SystemConfig to be TLS 1.3 only or both TLS 1.2 and 1.3
• Root access restriction: Root access has been removed. TAC will have access for troubleshooting purposes using the Cisco Consent Token mechanism via SystemConfig.
• New SystemConfig workflows: New workflows added that non root user sysadmin can action, including Diag Packs, License Reservation, Data Store operations, and more.
• MongoDB upgrade: Moved to a version that uses an already available package rather than a custom-built version.

In addition to these enhancements –we have improved certificate rotation and management, IPv6 support, and support for M4, M5, and M6 appliances.

By simplifying workflows, increasing compliance, and expanding detections, Secure Network Analytics Release 7.5.0 continues to prove its value as a central component of your SOC. We encourage you to review the release notes and speak with your local Cisco provider to begin planning your upgrade.

Source: cisco.com

Continue reading

Cisco vAnalytics: Simplifying Your Network Operations

“Change is the only constant in life” – this famous quote by the Greek philosopher Heraclitus is often used in a positive light. Try saying this to a network administrator, however, who constantly has to deal with changes in the network environment, and he will likely frown!

Cisco vAnalytics within an SD-WAN network

Over the past few years, SD-WAN has evolved to securely connect the hybrid workforce of an organization to applications deployed across multiple clouds and data centers. Typically, SD-WAN is built over a variety of transport paths, and it implements application-aware traffic routing to connect users to applications via the optimal transport path. However, there are many moving parts in these underlying transport paths that organizations do not control, and they are often in constant flux. Hence, organizations seek analytics solutions that offer greater visibility into their networks and provide insights that help these organizations take proactive measures to improve application delivery. Cisco vAnalytics is a cloud-hosted SaaS service that aggregates a large volume of telemetry data gathered from various vantage points within an SD-WAN network and produces insights that are otherwise hard to discern from raw monitoring data.   

Cisco launched a new version of its vAnalytics service, and here are its key benefits:

Enhanced Visibility

◉ Quickly assess your overall network and applications health – get a pulse on the quality of application experience and the uptime of your WAN circuits and sites.

◉ Get a perspective into the long-term historical behavior of your application and network performance metrics in order to establish benchmarks and detect deviations.

◉ Compare the performance of your applications and understand ongoing trends such as a drop in the quality of application experience (QoE) and a rise in application usage or latency.

Figure 1. Summary Dashboard showing an aggregated network and application health while drawing attention to problem areas

Faster Diagnosis with Actionable Insights

◉ Quickly detect applications experiencing problems and the magnitude of these problems to assess their overall impact.

◉ Get a multi-dimensional 360-degree view of an application experience alongside its associated network health—both at the aggregate and individual site level—to quickly isolate problem areas and reduce mean time to resolution (MTTR).

◉ Identify if your application or network issues are local to a site or a region, and accordingly narrow your target area to reduce mean time to identification (MTTI).

Figure 2. Application behavior over time with the correlated application-layer and network-layer performance indicators

Proactive Analytics

◉ Facilitate the exchange of telemetry data between Cisco SD-WAN and Microsoft 365 to optimize the delivery of Microsoft productivity applications using Cisco Cloud OnRamp for SaaS capabilities.

◉ Assess the quality of application experience across different application classes and adjust your application-aware routing policies to achieve optimal delivery.

◉ Schedule periodic reports for offline review and analysis in order to further optimize your network.

Figure 3. Application Dashboard with rich insights on application behavior, usage, trends, and distribution by application classes

You do not need to dive into deep waters to discover these nuggets – all the information listed above is available in just a few clicks through intuitive workflows built over a state-of-the-art graphical interface. Furthermore, this analysis can be exported as a password-protected pdf report.

Figure 4. A Sample Site Summary Report

Source: cisco.com

Continue reading

Cisco 64G Module: Enabling The Most Power Efficient SANs

The need for speed and sustainability

With the ever growing amount of data every organization manages, there is an associated need for a higher data retrieval speed, as demanded by Business Intelligence and Artificial Intelligence applications. Hence, the introduction of 64G Fibre Channel support on storage networking devices appears as a no brainer, especially when used in combination with the performance-optimized NVMe/FC protocol.

Read More: 352-001: CCDE Design Written Exam (CCDE)

At the same time, we are living in a context where sustainability efforts are mounting and pressing for power efficient solutions that can deliver more bandwidth at a reduced wattage.

Designing a power efficient SAN

Eight years ago Cisco launched the MDS 9700 family of mission critical directors with 16G switching modules. In 2017, green initiatives and power saving efforts became front and center, as reflected in the design of the 32G switching module and its major step forward in that direction. Continuing on the same path, the recently introduced 48 ports 64G switching module can really be described as a breakthrough technological epiphany. It provides 4 times the bandwidth of the original 16G switching module and shaves power consumption by approximately 40%, making it about 7 times more power efficient than its predecessor.

In combination with the highly efficient 80Plus platinum certified power supplies and the power-reduced chassis infrastructure elements, namely supervisor Sup-4 and crossbar fabric unit Fab-3, the new 64G switching module makes Cisco MDS 9700 directors the ideal choice for designing the most power efficient SANs.

New ASIC, new capabilities

This achievement is the result of a painstaking work to optimize both the physical footprint and power envelope of the new F64 switching ASIC, sitting inside the 64G switching module. This dual-die chipset can switch traffic for all the 48 ports at full line rate, freeing up space on the module motherboard.

The F64 ASIC incorporates numerous port counters and an efficient rate limiter, offering a combination of advanced congestion detection and mitigation techniques. This way the high-speed ports do not go underutilized due to roadblocks in the fabric.

Also, the entire switching module design was revisited to minimize latency, accommodate low energy components, and facilitate cooling.

Experiencing the full symphony

It is not unusual that the front-face of a high port count Fibre Channel switching module resembles an extra-long mouth-organ, but it is when you slide it inside an MDS 9700 chassis that you can appreciate the full symphony. Full line rate switching at 64G on all ports with no oversubscription, massive allocation of buffer to buffer credits for longer distances, traffic encryption for secure data transfer over ISLs, popular enterprise-class features like VSANs and PortChannels, hardware-assisted congestion prevention and mitigation solutions, including Dynamic Ingress Rate Limiting (DIRL) and Fabric Performance Impact Notification (FPIN) and Congestion Signals. All of that with a typical power consumption of only 300 Watts or 240W when operated at 64G or 32G respectively.

SAN Analytics on steroids

The low power consumption appears even more impressive when you consider that the 64G switching module comes with a dedicated onboard Network Processing Unit (NPU). It complements the ASIC-assisted metric computation and adds flexibility to the widely popular SAN Analytics capability of MDS 9000 switches.

The new 64G switching module raises the bar once again in terms of deep and granular traffic visibility. It uses an improved lens for frame headers inspection. It offers the capability to recognize VM-level identifiers. It provides a more refined analysis and correlation engine.

The presence of a dedicated 1G port on the switching module for streaming the telemetry data makes sure the scalability of the SAN Analytics feature can go beyond what is possible on the 32G modules. This is unrivalled, both in terms of self-discovered I/O Fibre Channel flows and computed metrics. Specific optimizations for a better handling of NVMe/FC traffic will also see the light when the SAN Analytics feature becomes available on this linecard.

Investment Protection

Investment protection is always good news for customers and the new 64G switching module excels in this area. It is supported inside Cisco MDS 9706, MDS 9710 and MDS 9718 mission critical directors. It can coexist and interoperate with previous generation of linecards, in any of these chassis. Existing MDS 9700 customers can decide to upgrade their install base to 64G speed without any service interruption. They can even migrate old SFPs to the new switching module, for those ports that do not need to be operated at 64G. This is what we call real investment protection.

At Cisco we are very proud of what our talented engineering team has been able to realize with this new 64G switching module. We hope you will feel the same when turning up the traffic volume in your SAN.

Continue reading

Cisco MDS SAN Analytics: The GPS System for Your SAN

Living in Silicon Valley can be very exciting, but it has some challenges too. Traffic is certainly one of those challenges, and it’s a very common occurrence for most of us. Regardless of where you live in the world, you’ve likely experienced the inconvenience of traffic congestion.

In order to avoid traffic, we usually turn to one common solution. Simply turn on your favorite GPS map application and find the most optimized route around traffic congestion. These applications provide us with real-time traffic reports and visualization across the GRID and in every city.

The same analogy can be applied to Cisco’s industry-unique solution: SAN Analytics for Cisco MDS 9000 series switches.

The Need for SAN Visibility

When beginning a performance review of our storage environment, we need complete visibility. Storage management solutions provide valuable insights from the fabric storage and server infrastructure perspective. But what about congestion that occurs outside of the server or storage environment? It could be a misbehaving application, a corrupt piece of hardware in the pathway, or a saturated storage port. It could even be a VM causing heavy utilization on a server port or an application with bursty behavior caused by a large number of small IOPS. It can literally be anything, right? This is precisely where Cisco SAN Analytics comes to the rescue.

Like a trusted GPS, Cisco SAN Analytics running on the Cisco MDS 32G platform provides real-time, complete visibility across the fabric comprising of SCSI/NVMe flows. Let’s look at this very briefly and understand how it functions in Cisco’s MDS 32G switches.

How It Works

The Cisco SAN Analytics solution runs on the onboard NPU (Network Processing Unit) located on the Cisco MDS 32G platform. It runs on a dedicated network processor which carry out the analytics operation. Hence, turning on this feature is non-disruptive to any normal switching functionality. The dedicated NPU (Network Processor Unit) residing on each 32G module or switch will analyze the Fibre Channel protocol header information (SCSI or NVMe). It will then export this metadata from the switches using streaming telemetry via the management port. This metadata can be streamed into the DCNM (Data Center Network Manager) or to any 3rd party tool that has the ability to digest gRPC formatted data.

The unique features of SAN Analytics

◉ Accessibility: Turn ON or OFF anytime, without disrupting normal switching traffic through the port.

◉ Ease of configuration or administration: It is not rocket science! It’s a simple 4-step process using DCNM or a 2-line CLI command to enable it.

◉ Flexibility: It can analyze SCSI or NVMe flows, or both flows together.

◉ Security: Security does not interfere with the data payload, so there is no concern with compromising the data at any point.

◉ Simplicity: How about those extra cabling or ports? Not necessary, as this is an on-switch function requiring no extra cables or ports.

◉ Scalability: It can be turned on across selected / all of the switch ports to monitor up to 40,000 flows.

Now, if there are any issues in the fabric (or even to improve the performance of the fabric), you will know where to send the ambulance!

This is how Cisco SAN Analytics is defining the standards for storage network analytics: simple, scalable, and secure.

Take SAN Analytics for a Test Drive

Why not try it out? Both Cisco Data Center Network Manager (DCNM) and the SAN Analytics software products can be deployed and utilized with full product capabilities for up to 120 days. This will allow customers to test drive these amazing technologies in their environments to get a feel for their capabilities before they purchase.

Simply grab any Cisco MDS 32G FC switch/module, put it in any fabric (Cisco or non-Cisco), and discover issues long before they can become a real problem.

Continue reading

Rapid Evolution of Cisco SD-WAN is a Revolution for Enterprises with a Cloud-First Strategy

Just a few years ago, software-defined wide area networking (SD-WAN) was a “new” technology just breaking into the awareness of the IT market. It arrived at the time when enterprises were changing from moving applications and data to “a” cloud platform, to expanding to multiple clouds. SaaS application providers for CRM, HR, finance, and supply chain were firmly established as critical business resources that need to be accessible from anywhere via direct internet connections.

These were all positive changes, but not without a certain amount of pain. In particular, the traditional WANs were struggling with these new demands. The WAN architecture worked well when all connections from branches and a distributed workforce flowed back to a central data center through MPLS lines, where security policies were also applied. But the hub and spoke WAN architecture broke down as more direct internet connections were needed to access multi-cloud resources and SaaS applications. Continuing to backhaul all traffic to data centers before routing to internet cloud applications results in increasing MPLS costs, bandwidth inefficiencies, increased latency, and poor application quality of experience. In addition, WANs were often composed of components from multiple vendors, limiting the visibility and control over performance and troubleshooting.

SD-WAN was designed to answer these challenges. The technology provides methods to prioritize critical business traffic and take advantage of internet broadband connections—previously used for backup and redundancy—to connect directly to multicloud resources. SD-WAN simplifies the management of the wide area network fabric with a controller-first overlay that is independent of transport layers—MPLS, Ethernet, internet, leased lines, DSL, LTE networks, and soon 5G. SD-WAN controllers intelligently choose among the available transport mediums to deliver the best application performance as defined by IT service level agreements (SLA).

The Evolution of Cisco SD-WAN

In the early stages of SD-WAN, engineers at Viptela developed a flexible SD-WAN architecture based on cloud management and controllers (vManage and vSmart) and virtualized network function edge routers (vEdge). Their version of SD-WAN followed the same software-defined architecture as Cisco’s Digital Network Architecture (DNA), separating the Data, Control, and Management Planes for maximum flexibility. Viptela’s architecture made it a natural extension to Cisco’s Intent-Based Networking vision. Viptela’s visionary team and technology were acquired by Cisco two years ago this week—August 1st to be precise. Rapid innovations and integrations have been ongoing ever since.

Many of the innovations we’ve added come from listening to our enterprise customers who are seeking a solution to unite multi-domain cloud resources across a distributed organization. We hear that they need ways to simplify the interconnection of the domains with unified access and security policies applied across campus, branch, and cloud. Let’s look at the capabilities we’ve added to make Cisco SD-WAN powered by Viptela an enterprise-class platform that meets these needs and more.

Looking Deep Inside SD-WAN Operations

Networks are becoming much more complex as organizations tie data centers, remote branches, and a distributed workforce with multi-cloud applications using connectivity options like direct internet and LTE that are outside the direct control of IT. Therefore, it’s important to be able to see inside the WAN to monitor, measure, and adjust the parameters affecting performance. That’s why one of the first capabilities Cisco added to the SD-WAN stack was Cisco vAnalytics, a cloud-based tool for monitoring and analyzing SD-WAN performance via the vManage portal. vAnalytics provides specific information that enables IT to readily monitor bandwidth usage, application performance, and detect anomalies based on baseline application usage. Going forward, vAnalytics will incorporate more artificial intelligence and machine reasoning, as was recently introduced in Cisco AI Network Analytics.

Expanding SD-WAN to Cisco ISR/ASR Edge Routers

When considering a new technology, IT leaders prefer to avoid the need to “rip and replace”. Cisco alleviates that concern by making SD-WAN available to run on over a million ISR/ASR routers that are already serving branches and campus networks worldwide. Cisco IOS XE, released a year ago, provides an instant upgrade path for creating cloud-controlled SD-WAN fabrics to connect distributed offices, people, devices, and applications operating on the installed base of ISR/ASR routers. At the same time, we added the ability to run SD-WAN as virtualized network functions in a cloud provider’s IaaS platform, providing even more flexibility to quickly extend SD-WAN to the cloud.

SD-WAN Full Stack Security Protects Branch Data and Cloud Applications

When using the internet to connect branches and remote employees with cloud applications, sensitive data could pass over multiple networks outside of the control of IT, increasing security risks. Protecting the data while making it available on-demand to the workforce presents a series of technical and enforcement challenges.

To allay those concerns, Cisco, one of the top worldwide providers of network security solutions, integrated full-stack security into SD-WAN running on edge routers. Cisco SD-WAN Security is built-in, not composed of separate bolted-on components from a disparate variety of vendors, making security easy to manage via the vManage cloud portal. By integrating an application-aware firewall, intrusion detection and prevention, advanced malware protection, and Cisco Umbrella DNS cloud security layer, data security is easily and consistently maintained across branches.

In addition to securing branch and distributed workforce connections, IT wants to holistically address security concerns across multiple domains. That means setting access and security policies once and having them permeate the enterprise across data center, campus, and branch, to the cloud edge where IoT devices increasingly need to do local processing. Because Cisco designs security using an end-to-end perspective, creating cross-domain policies is not only possible, but a necessary capability as applications, data, and devices become more distributed and the workforce more mobile. Cisco is enabling unified policy management by linking ACI in the data center with SD-Access in the campus and SD-WAN for branches so that segmentation and security are applied consistently all the way from people and devices to the application hosting cloud platforms.

SD-WAN Cloud OnRamp for CoLocation Consolidates Regional Branch Connectivity

With SD-WAN making it simpler to configure and manage connections from branches to cloud resources, it’s just one more step to consolidate many regional branches under a common colocation facility. Creating an onramp connection from each of many branches to a colocation facility hosting a virtualized SD-WAN reduces the need for edge routers at each location and centralizes the management while providing all the same security and transport layer options.

In many cases, the target cloud providers and SaaS applications reside in the same colocation facility, thus shortening the paths and reducing latency to further improve application performance for potentially dozens to hundreds of branches. Additional virtualized SD-WAN instances in the colocations can also be quickly spun up to connect new branches as quickly as needed. SD-WAN Cloud OnRamp for CoLocation joins Cisco’s Cloud OnRamp for IaaS and SaaS to extend connectivity management from branches to multiple cloud platforms to provide granular control over application quality of experience via vManage.

Evolution of SD-WAN Continues for Revolutionary Results

All these innovations integrated into Cisco SD-WAN powered by Viptela are fundamental to building an Intent-Based Network. Built-in network intelligence translates business intents into network actions that provide consistent access policies, security for devices and data, and a high-quality application experience for a distributed workforce. Integrating multicloud compute resources with cross-domain access drives a revolution in business as enterprises strive to connect information to people anywhere at any time to improve employee productivity and customer experience.

National Instruments, an international leader in test and measurement systems, implemented SD-WAN to solve a number of IT and business problems. Like many organizations with a globally distributed workforce, the network supports communication services, software distribution, and access to applications and data resources among worldwide sites. The existing WAN greatly constrained video conferencing, slowed large software transfers, and couldn’t provide acceptable application performance. Implementing SD-WAN turned those issues around by:

◈ Reducing MPLS spending by 25% while increasing bandwidth by 3,075%.

◈ Categorizing traffic by function and type, sending backup traffic over the Internet under an SLA, eliminating bandwidth bottleneck on MPLS circuits.

◈ Reducing the time for software updates to replicate across the network from 8 hours to 10 minutes.

◈ Adding new internet-based services used to take months, with the agility of SD-WAN new services can be deployed in the cloud immediately.

◈ Eliminating the need for call admission controls and limiting video quality for conferencing

Enterprises are gaining advantages such as these by upgrading their aging WAN technology to SD-WAN. It’s not just cost savings by supplementing or replacing MPLS with direct internet connections that is motivating the transition to software-defined WAN architecture. It’s also about gaining flexibility and stability with intelligent, continuously monitored connections to multicloud resources and SaaS applications that are fueling the transition. In a software-defined world, people, devices, applications, and data are all securely connected to ensure organizations run efficiently as they tackle digital transformation projects. How will you use SD-WAN to support your digital revolution?

Continue reading

Data Evangelism: Oxymoron, Fluff, or Business Driver?

At first pass, data evangelism may sound more like an oxymoron than a corporate function. Most of us (and our dictionaries) associate evangelism with faith, while data & analytics is core to the scientific method. Evangelism is predominantly qualitative while data & analytics is the definition of quantitative.

In practice, data evangelism has become synonymous with spreading the good word of data.  Need to inspire your team to balance their gut-based approach to problem solving with data-driven insights? Call in a Data Evangelist.

However, if we delve beneath the surface, data + evangelism reveals a richer value proposition. Evangelism teaches us to practice what we preach. Lead by example. Be the change we want to see in the world. Data & analytics teaches us to measure what matters. Hypothesize, test, minimize our biases, refine, and always let our data be our guide.

-----------------------------------------------------------------------------------------------------------------------
If we marry the tenets of data + evangelism, the result is:  Practicing the data & analytical methods we preach. Leading others to leverage data as an asset via a data-driven approach. Challenge ourselves as data evangelists to be at the forefront of data-driven models and insights, especially in the most qualitative domains.
----------------------------------------------------------------------------------------------------------------------

Data Evangelism Needs a Model

In data science, once you understand the data and its significance to the business, the next step is to create, stress test and refine a model which presents a simplified version of the business problem or opportunity you’re seeking to address. This model is a first attempt to explain the workforce’s relationship to data and provide actionable insights into creating (or maintaining) a data-driven enterprise.

The Axes:

◈ Data IQ — The level to which a person is capable of leveraging data & analytics relative on his or her role and goal. For example, a food coordinator who is data literate and comfortable using a simple forecasting model will have a high Data IQ. If, however, s/he wants to lead an engineering team responsible for a machine learning-based technology, a Master’s or PhD in AI will be the new standard for a high Data IQ.

◈ Data Enablement — The level to which a person is enabled (or unable) to leverage data & analytics relative to his or her role and goal. For example, a people manager in HR may be fully Data Enabled via: data literacy, foundational data science for leaders, a dashboard which provides him/her the relevant people analytics and insights about their team, access to data & analytical talent on a project-by-project basis, and a steady stream of curated content including training, best practice sharing, and success stories. However, someone managing a data science team would need all of that and much more, including tools and platforms which allow for reusable asset (i.e. models and code) sharing, to be Data Enabled.

The Quadrants:

◈ Enthusiasts — Low Data IQ; Data Enabled: Well connected to their data & analytics community, fluent in its success stories but unsure how to begin leveraging data. Example: A marketing new hire with a degree in literature who marvels at chatbots.

◈ Data Illiterate — Low Data IQ; Data Unable: Lack of understanding regarding the value of leveraging data & analytics as well as how to do so. Example: An experienced technical writer who leans into his/her qualitative strengths.

◈ Siloed High Performers — High Data IQ; Data Unable: Limited by their isolation. Typically start from scratch instead of having a library of assets at their fingertips and peers with whom to collaborate. Example: a data scientist working on a non-data science team without access to mentorship, peers, enterprise tools, platforms and data products/services.

◈ Data-Driven — High Data IQ; Data Enabled: Individuals have the platforms, infrastructure, tools, services, and knowledge to leverage data & analytics in their role. Connections into the larger community provide them with a constant stream of ideas, best practices, and opportunities to collaborate as well as share their work. This is the target state.

-----------------------------------------------------------------------------------------------------------------------
Data-driven workforces, whose employees have High Data IQs and are Data Enabled, power the most digitally disruptive companies in the world.

Should we start looking to data evangelism as a business driver?
-----------------------------------------------------------------------------------------------------------------------

Data-Driven by an Evangelism Engine

How does this play out? Let’s say a Customer Success Executive leverages data that is 22% more accurate than previously possible to enable 96% adoption of the collaboration tools his/her customer purchased. The customer wins by realizing a high ROI; Because the customer wins, the Customer Success Executive wins. Evangelism’s “win” is in enabling the person or team behind the 22% increase in data accuracy and the Customer Success Executive to leverage said data to achieve (and know s/he achieved) 96% adoption.

Our Approach

Our efforts to influence Data IQs take the form of a multi-pronged (and evolving) strategy of recruiting, learning & development, and continuous education.

We approach Data Enablement more broadly. Success in this domain doesn’t just take a village, but rather the support of the entire Data & Analytics business unit in addition to strong cross-functional partnerships. Data Enablement encompasses building, buying, supporting and/or co-creating the data products and services needed to enable each role- as well as those products’ and services’ adoption.

While far from an exhaustive list, Data Enablement includes global virtual and live events, Kaggle-style data science competitions, collaboration platforms for technical and non-technical best (and worst) practice sharing, an enterprise data science platform with reusable asset libraries, and democratized trustworthy datasets… and as data & analytics (and data evangelism) matures, who knows?

Continue reading

How Cloud Native and Container Platforms Change the Way We Think about Networking

Networking has been a foundational component of our economy since the Internet days. In the early days, defining protocols and standards for how to connect, route, and interoperate local, metro, and wide area networks was critical to the businesses strategy. The computer networking exports with their TCP/IP computer centric view of the stack went head to head with the telecommunications giants and their more traditional telephony driven model of switching, FCAPS (Fault, Configurations, Accounting, Performance, and Security management), and OSI Model. As is often the case in these debates, both sides have good architecture and design principles and in the end, while TCP/IP one the war, very important concepts were adopted into the network model to account for Quality of Service (QoS), traffic engineering, segmentation of network traffic for control and data plane, and hierarchy of the network Simply stated, a flat network with no segmentation or hierarchy from the network stack on the computer though the Internet would cause fault, configuration performance, and security issues. This was understood largely by all in the industry and IT.

TCP/IP Model Versus OSI Model

In the past several years as the need to agility and driving time to market down, there has been a major mind shift that I have noticed in the largest of companies. Networking, with all its complexity in configuration, routing and segmentation, was causing major delays in delivering the true speed and agility required by the business. There have been several attempts to address these using technologies like VPN, NAT, and predefined network blocks per deployment region. These solutions are static in nature and the speed at which technologies mature and innovation happens, these solutions were very limiting. In the industry, we have looked at automating and orchestrating the network parameters with an API and called this Software Defined Networking.  SDN is definitely a step in the right direction; however it geared towards Network Administrators and not business owners or developers. Wikipedia has a good explanation of SDN and this simple diagram:

SDN Overview

While SDN is a great step forward – programmable APIs to the network, this is way too complex for the business owner or developer to program against (not in developer language and not written in a developer model) and most importantly, it does not solve the issues of complexity and ease of configuration in a rapidly changing and software centric world.

As cloud computing use increased in the public cloud, the abstraction of the underlying network became an important driver in adoption. No longer is defining or understanding the network important. As the industry moves to containers, the desire to simply and flatten the network is rapidly becoming the new standard for cloud native and container networking, orchestration, and microservices architecture.

While this may appear to be the right direction to take the least path of resistance, the network matters more today than it ever has before. Why you ask, let’s look at the tradition application architecture.

N-Tiered Application Model

In this model, you have the following build in networking parameters:

◈ Presentation – On Isolated Network with NAT/PAT, firewall, and Logical separation of traffic onto a VLAN that is for just web traffic. The control (routing) traffic is on a separate network from the web (data) traffic

◈ Logic – On a separated network isolated behind a firewall on a separate VLAN than the web traffic. The control (routing) traffic is on a separate network from the application logic (data) traffic

◈ Database – On a separate isolated network behind a firewall on a separate VLAN than the web and application logic traffic. The control (routing) traffic is on a separate network from the database (data) traffic

Now let’s compare this to the cloud native architecture:

Cloud Native Application Model

In this new architecture, all traffic is on a common network with no isolation, no segmentation of control and data traffic, and leveraging the Linux kernel networking stack – which is another blog on why that is a very bad idea if you care about performance and scale. With the move to APIs and Rest interface, there is an added level of very chatty API traffic running over the very same network. All the complexity of the application architecture is handled by the network which makes the network more critical today than ever before.

Now, I’m not saying, it’s all about the network. As with all things in life, balance and focusing on what matters most is the best path to take (although it’s the path less traveled)  What I propose is that the intelligence can be built into the network. I like the analogy that everyone uses for cloud native with Pets versus Cattle. My network analogy is that cattle need isolation, direction, and fences! How can we as an industry move to more agile cloud native architecture and still corral the cattle? The answer comes from looking at this from 2 separate but equally important perspectives.

From a top down (application developer) perspective, the network requirements need to be represented as business intent with constraints that the business understands like latency, priority, security, and performance. If we enable a simple definition that is focused on the application’s business objectives, that will make it easy for the business to define what they care about.

From a bottom up (network administrator) perspective, the network administrators understand how to address business objectives and can easily programmatically define network and network security policies to meet the requirements. This will requires extending SDN capabilities to understand application policy and network specification to be created to support cloud native architectures, but these patterns are well known in the networking world today. The next step will be to use data generated by the application, services, and components to enable analytics to address performance, security, reliability, and latency issues in real or almost real time.

Continue reading

Introducing New Enterprise Controls for Cisco Spark

Making the Impossible, Possible

Last year, one of my colleagues went to a start-up conference with 2,000 people. On stage, someone asked the audience how many were working on consumer apps. Almost everyone raised their hands. Then the person asked how many were working on enterprise apps. This time only three hands went up. Three.

Continue reading

Introducing Cisco CMX Engage

Enhancing customer experience to unlock the Business Value from Wireless Infrastructure

Wi-Fi is fast becoming an essential commodity, on par with air, food and water. In response, almost every known modern business across the world is attempting to offer free Wi-Fi to visitors. The next big question is “Can we offer a best-of-breed Wi-Fi infrastructure and help customers extract business?”

Continue reading