Women Technical Leader Incubation Program (WTLI) in India

Cisco IT has launched a women technical leader incubation program to support and encourage women in technology. The initiative, which has been run in-house, offers training and development for women to build leadership skills. Its four-pillar framework of experience, education, empowerment, and exposure was designed to enable women to “confidently build their path in technology with skilled guidance and opportunity.” An added hackathon-style event proved “beneficial to garner employee engagement and enthusiasm.”

Overview

Women empowerment has shattered many myths and altered numerous mindsets around the world. Although technology is an open arena for leaders of any gender, the number of women leaders remains low. Retaining and developing women’s technical talent is a challenge, and the numbers can be discouraging. Cisco IT conducted a survey with site leaders, managers, women leaders, and women employees to determine why there are fewer women in technology. The reasons ranged from the lack of female role models to the perpetuation of myths, such as imposter syndrome, as well as the lack of opportunities to network, train, and provide a platform for empowerment.

Cisco IT initially implemented a gender-neutral Technical Leadership Initiative in India, but this did not bring women to the forefront. According to the survey, women who take a career break find it difficult to keep up with the latest technology and upskill. Many who return to work after a leave period, or a sabbatical, feel outdated. These insights led to the creation of a specific program for women.

A Unique Program

With this in mind, Cisco IT developed and launched a unique program in-house to address the challenges and obstacles faced by women in the technology industry. This innovative platform provides enterprise women leaders with an opportunity to work together on cross-functional business problems and serve as role models for other women. The goal of the program is to empower women and help them become the leaders they aspire to be.

The framework

To support and empower women in the technology industry, Cisco IT developed the program with four key pillars: experience, education, empowerment, and exposure. This holistic approach provides women with the guidance and opportunities they need to confidently pursue and build successful careers in technology. The program was developed in early February, and the first cohort of participants began their projects in May 2022.

In line with its efforts, the program followed a rigorous nomination process and ultimately selected 20 women to participate. The participants were then divided into four cohorts with cross functional expertise and given projects with a coach to learn and apply the four-pillar framework.

1. Education

To provide participants with the best possible learning experience, the program leveraged a variety of soft skills and leadership training courses available on Degreed. These courses were facilitated in group settings to encourage active collaboration and practice. In addition, a defined technical leadership curriculum was developed, and the latest technology trainings were made available to participants. Key players in the cloud technology industry, such as AWS, also contributed training sessions in a group forum. Hackathon-based events were also organized to engage and energize participants.

2. Experience

After completing their training, it was important for the participants to gain practical experience. To provide this opportunity, technology leaders from across Cisco came together to design cross-functional business problems for the participants to work on. This allowed the participants to shadow the leaders and gain hands-on experience, breaking the traditional mindset of project execution and fostering leadership skills. It also facilitated connections across different parts of the organization, helping participants develop their business acumen.

3. Exposure

To provide the participants with diverse perspectives and guidance on their projects, the team brought in Principal and Distinguished Engineers from various functions across Cisco to serve on the advisory board. The board held a mix of panel discussions and role-model series featuring successful women leaders who shared their experiences and insights on topics such as work-life balance and making difficult decisions. These sessions provided valuable guidance and inspiration for the participants.

4. Empowerment

To celebrate the completion of the program, each participant presented a lightning pitch to Cisco CIO Fletcher Previn. This was a rewarding and empowering experience for them. It also enabled them to identify a sponsor through Cisco’s Multiplier platform, where the power of sponsorship is leveraged to increase a pipeline of diverse talent. Additionally, the participants had the opportunity to participate in one-on-one speed mentoring sessions with women leaders from across Cisco, which helped them chart a career path forward.

Valuable Outcomes

The program empowered women employees to make their own decisions, define the scope of their projects, engage with stakeholders, and become thought leaders in their fields. Most of the participants went through career progression by taking on challenging responsibilities, increased scope or being part of complex technical projects, with better visibility and technology stack, ever since the culmination. One participant even had the opportunity to speak at Cisco Live as a technical expert.

The program has received overwhelmingly positive feedback from both participants and coaches involved. One major advantage of the program is its ability to retain and develop in-house talent, which can be challenging in the current global environment. The program offers women the opportunity to enhance their skills and break new ground in technology. Many participants who were originally part of a technical team are now leading their own teams, tackling new challenges with confidence.

Overcoming Challenges

One of the main challenges of the program was to break down the myths and misconceptions that held women back. Because of career breaks and a conventional mindset, women often lacked confidence and were hesitant to ask for what they needed or negotiate for better opportunities. These negative biases made them feel excluded from innovative projects.

The solution took five to six months to develop, as the team worked with multiple vendors to provide training, coordinated with site leaders for nominations, consulted with Principal Engineers to identify business use cases, and worked with the Learning and Development team to review progress.

The program was launched during the COVID-19 pandemic, which made it difficult as the virtual format made it challenging to provide effective training in soft skills. However, as the program gained momentum, it became more interactive and effective.

Manager support was key to help employees balance work and training, making the program a success with huge positive impact for all participants.

Future: Where there is intent, opportunities are limitless.

Preparation for the next phase of the Women’s Technical Leadership Initiative (WTLI) Program is underway, with plans to implement it in March 2023. The team is also evaluating expansion to more locations across the globe. With the support of Cisco’s senior leadership, we are confident that the program will be successful and help bring more women technical leaders to the forefront.

Source: cisco.com

Continue reading

What IT loves about Webex Control Hub

We work from just about anywhere. Coffee shops, airplanes, kitchen tables. The nature of our work is hybrid and when we aren’t in shared spaces with our colleagues, we rely on our collaboration suite to keep us connected. As the collaboration leader for video endpoints across Cisco, my day revolves quite heavily around Webex and delivering consistent collaboration experiences to Webex users.

As we work across the world using collaboration tools both internally and externally, managing that experience is becoming more complex. With earlier tools, learning when, where, and why our collaboration services, devices, or applications faltered was like trying to find a rogue brace in 100,000 lines of code. Shortly after we migrated to our Cisco Collaboration Meeting Rooms Cloud solution, we began working on Webex Control Hub. Ever since, we’ve become smarter about pinpointing those rogue braces.

Control Hub is a centralized collaboration management portal that offers troubleshooting, analytics and compliance capabilities for our collaboration portfolio. We have multiple services, like Webex Meetings, Webex App, Webex Devices, Webex Calling, and with Control Hub, we get to see what’s happening across the board in our environment. In a word, it’s amazing.

Diving into Webex data to troubleshoot

In the past, let’s say Fernando called to escalate a connection issue he had with Webex Meetings. We’d have to wait on Cisco Technical Assistance Center (TAC) to get backend Webex data and send it our way. Then, we’d go down a rabbit hole trying to pinpoint the issue, pulling information from different sources while trying to piece together a picture of what went wrong. Meanwhile Fernando is frustrated he can’t join calls. It’s affecting his work productivity. It’s not great for business.

Today, when Fernando says he has a problem, we find it quickly. Control Hub populates a single dashboard with data from our entire environment, from aspects like users, devices, places, and services. Control Hub visually organizes that data to show me where Fernando is having issues, whether it’s a network issue, or a loose cable on his Cisco Webex Desktop Pro device. It’s a user-friendly interface, and in an instant, I spot when Fernando’s call is disrupted, for how long, what his bandwidth was, his latency – I get the entire picture, not pieces.

An administrator’s view of Webex Control Hub

If Fernando was on a conference call at the time of his connection issue, Control Hub offers up meeting information in a single view. All the participants, the types of endpoint clients they’re using, the meeting type, how long it takes to join the meeting, and network statistics of the call are visible. As an admin, joining the call to evaluate it in real time and troubleshoot live is an option.

In Control Hub, we pull logs from a device, whether it’s on the network or not. We comply with data privacy in every region, and while we can’t see everything, alerts and some diagnostics pop up, which is always better than nothing. We get way more troubleshooting capabilities for devices that aren’t on the network.

When viewing the logs, the simple dashboard reports when changes happen, and this information is collected. It narrows down the field of what is going on when a user says, ‘my device isn’t working’.

I’ve helped Fernando within a few minutes instead of a few hours. With analytics, I’ve identified if this is a particular pattern other users may be having and proactively monitor or alert them before it becomes an issue. Control Hub enables us to be more efficient, more resilient, and more focused on providing an exceptional collaboration experience.

Winning with user and device management

Managing thousands of devices and users comes with its own nuances, not to mention security protection challenges. Control Hub simplifies provisioning, authentication, and authorizing users on our Webex platform. We ensure that only successfully authenticated users are accessing spaces and services they’re meant to, using Key Management Service (KMS) – meaning unauthorized users will not be able to join your calls or spaces.

Once users are added, we manage their services and settings from Control Hub. This makes onboarding so much more straightforward. When new hires join Cisco, they turn their laptops on, sign in, and get straight to work meeting their new colleagues. When employees refresh their laptops or buy a new device, they don’t need to go through a long migration or setup. They log in, authenticate with Single Sign-On and Duo, and it works. We download device logs and push configuration changes to devices as well. It helps us make the collaboration experience better for everyone.

We also run proactive scripts that help us monitor devices regularly. These scripts perform audits on the devices for status, and if something pops up a couple of times, we open a case. The reason we do this is to make sure that the devices in our demo centers and offices are working to specification. Meaning, if Sam walks into a conference room in San Jose one week and into Bangalore another, her experience of the devices is consistent, no matter where she is in the world.

Simplified support and APIs

A lot of internal development went into simplifying the bot creation process with BotLite, a bot-making platform powered by MindMeld and Webex Teams. Using bots transforms so much of our work in terms of how we’re able to better support our user base and how our user base becomes more comfortable with self-service.

German Cheung, a Cisco technical systems engineer, has developed diverse tools via Webex Bots that add a lot of value to our services. The BVE Support bot, for example, provides various tools to our multi-tiers support teams based on their roles without breaking apart the role-based access permission in Control Hub. With the intelligent workflows and automations built into the bot, our support teams can interact with the bot to check, diagnose, pinpoint, and fix the issues in a few clicks. The bot helps to standardize the procedures of diagnosis, troubleshooting, validation and fixing. It also helps to reduce human intervention and the misconfiguration caused by human errors. MTTR (Mean Time to Repair) has decreased significantly. The bot remediates issues caused by access permissions, case escalations, and repeated steps. For example, one bot tool, UCM Calling Enablement in Webex, completes all checks across multiple infrastructures and services, and fixes issues automatically in about 15 seconds. Manually, that task usually takes anywhere from several minutes to several hours. The bot resolves cases quickly and more importantly, the user experience is that much better.

A great deal of information comes from various contributing platforms that help us make calls, launch applications, and develop bots. When we think of Webex, it’s not only about video endpoints and Webex meetings. We also have Webex apps that encourage engagement or streamline our workspaces too, like Miro, Slido, and M365. We manage those configurations within Control Hub.

Cisco IT has a culture of developing creative solutions. Webex has an open architecture; it allows you to develop your own solution. If we don’t offer it, it means the APIs are there if you need to develop something, just for your company and your users.

Needles in haystacks are painful and unnecessary

Is there a way to avoid twenty-questions when a senior leader says, ‘my device isn’t working’? Yes. What about when a user encounters dropped calls in Webex? Sure. Data is a beautiful thing when it’s used insightfully. While it’s still a work in progress, Control Hub gives us more time to make a great collaboration experiences even better – and with exceptional support.

Source: cisco.com

Continue reading

Our future network: insights and automation

Insights and automation will power our future network. Think of it as a circular process: collect data from network infrastructure. Analyze it for insights. Share those insights with teams to help them improve service. Use the insights to automatically reprogram infrastructure where possible. Repeat. The aim is to quickly adapt to whatever the future brings—including new traffic patterns, new user habits, and new security threats.

Now I’ll dive into more detail on each block in the diagram.

Insights

Data foundation. Good insights can only happen with good data. We collect four types of data:

◉ Inventory data for compliance reporting and lifecycle management

◉ Configuration data for audits and to find out about configuration “drift”

◉ Operational data for network service health monitoring

◉ Threat data to see what parts of our infrastructure might be under attack—e.g., a DDoS attack on the DMZ, or a botnet attack on an authentication server

Today, some network data is duplicated, missing (e.g., who authorized a change), or irrelevant. To prepare for our future network, we’re working to improve data quality and store it in centralized repositories such as our configuration management database.

Analytics. With a trusted data foundation, we’ll be able to convert data to actionable insights. We’re starting by visualizing data—think color-coded dials—to make it easier to track key performance indicators (KPIs) and spot trends. Examples of what we track include latency and jitter for home VPN users, and bandwidth and capacity for hybrid cloud connections. We’re also investing in analytics for decision support. One plan is tracking the number of support tickets for different services so we can prioritize the work with the biggest impact. Another is monitoring load and capacity on our DNS infrastructure so that we can automatically scale up or down in different regions based on demand. Currently, we respond to performance issues manually—for instance, by re-routing traffic to avoid congestion. In our future network we’ll automate changes in response to analytics. Which leads me to our next topic: automation.

Automation

Policy and orchestration. February 2022 marked a turning point: we now fulfill more change requests via automation than we do manually. As shown in the figure, we automatically fulfilled more than 7,500 change requests in May 2022, up from fewer than 5,000 just six months earlier. Examples include automated OS upgrades with Cisco DNA Center Software Image Management (SWIM), compliance audits with an internally developed tool, and daily configuration audits with an internal tool we’re about to swap out for Cisco Network Services Orchestrator. We have strong incentives to automate more and more tasks. Manual activities slow things down, and there’s also the risk that a typo or overlooked step will affect performance or security.

In our future network, automation will make infrastructure changes faster and more accurate. Our ultimate goal is a hands-off, AIOps approach. We’re building the foundation today with an orchestrator that can coordinate top-level business processes and drive change into all our domains. We are working closely with the Cisco Customer Experience (CX) group to deploy Business Process Automation solution. We’re developing workflows that save time for staff by automating pre- and post-validation and configuration management. The workflows integrate with IT Service Management, helping us make sure that change requests comply with Cisco IT policy.

Release management. In the past, when someone submitted a change request one or more people manually validated that the change complied with policy and then tested the new configuration before putting it into production. This takes time, and errors can affect performance or security. Now we’re moving to automated release pipelines based on modern software development principles. We’re treating infrastructure as code (IaC), pulling device configurations from a single source of truth. We’ve already automated access control list (ACL) management and configuration audits. When someone submits a change to the source of truth (typically Git), the pipeline automatically checks for policy compliance and performs tests before handing off the change for deployment.

The Road Ahead

To sum up, in our future network, the only road to production is through an automated pipeline. Automation helps us adapt more quickly to unexpected change, keeps network configuration consistent worldwide, and reduces the risk of errors. We can’t anticipate what changes our business will face between now and 2025—but with insights and automation, we’ll be able to adapt quickly.

Source: cisco.com

Continue reading

The SASE story II: How Cisco IT developed our SASE product amid an evolving industry landscape

As revealed in The SASE story, part I, the SASE model brings value to enterprise IT organizations looking to achieve connectivity and security resilience through a secure, efficient, hybrid architecture. In Part II, we’ll outline the journey we took to develop our Cisco SASE solution.

CloudPort: The precursor to SASE

Throughout the past decade, IT organizations have witnessed two significant trends: the migration of applications to the Cloud, followed by Hybrid Work. These trends caused IT leaders to think differently about how to better connect users to applications. Many — including Cisco IT — realized that networking and security problems can no longer be solved in isolation. To address this, Cisco IT embarked on a journey to build our own bespoke solution by combining different Cisco networking and security components, delivering SASE-like capabilities in an on-prem platform.

At a Cisco IT offsite in 2013, during a time when workloads were starting to migrate to the cloud, we drafted what is now the CloudPort vision on a hotel bar napkin. The plan was to deploy highly scalable networking and security hardware platforms in colocation facilities worldwide.

Initially, CloudPort was conceived in response to this Hybrid Cloud paradigm shift, providing us with the opportunity to strategically place our network edge directly with major ISPs and Cloud providers. Over time, we realized we could fuse security services directly into this architecture, which allowed us to bring together networking and security into a common platform. This was, effectively, a hardware- and co-lo-based precursor to current cloud-delivered SASE. The crux of this plan was that it allowed us to layer more and more services on top – offering similar capabilities (VPN, Firewall, Zero Trust Network Access, URL filtering, etc.) to what would become known as SASE.

The CloudPort solution was and is very effective – allowing us to securely interconnect the Cisco enterprise network with the outside world.  However, as technology evolved and business requirements changed, it started to pose some challenges:

◉ Due to the layered nature of the solution, it became complex to build and operate

◉ It required specialized skillsets, which became difficult to find in the industry

◉ After years of iteration, CloudPort became an amalgamation of different technologies and solutions we had layered together ourselves, so it became difficult to quickly adjust to increasingly agile business needs

Taking into account these challenges, we decided that it was time for a different approach.

A modernized “SASE” Hub

As a stepping-stone between CloudPort and fully Cloud-delivered SASE, Cisco IT’s Customer Zero team developed a modernized solution, branded the “CZ SASE Hub.”  Since we have the in-house expertise, and we needed to use physical appliances to meet scale requirements, we decided to deploy our own solution. For customers, this new version provides a simple, easy-to-operate, Zero Trust-ready platform, and will later allow for easier migration to SASE.

The CZ SASE Hub is SD-WAN centric, leveraging both Meraki and Viptela. This allows us to efficiently bring connectivity and policy to a central, easy-to-manage place in the network. By extending micro (Cisco TrustSec) and macro segments (SDA & SD-WAN VPNs) into Cisco Secure Firewall, we can enforce identity-based policies supporting our Zero Trust for the Workplace initiatives (SDA, TrustSec/ISE). In addition, we significantly improved our observability (DNA-C/vManage Assurance, ThousandEyes, DNA Traffic Telemetry Appliance) to make sure the platform is healthy and delivers a great experience to our end users.

This homegrown solution turned out to be much easier to deploy and operate, with a much smaller footprint. If we need to expand our footprint into different colocation facilities to meet new business demands, we will entertain using Cisco SD-WAN Cloud OnRamp for colocation or Secure Agile Exchange (SAE). These highly virtualized solutions offer the same capabilities with controller-based orchestration and integrations that offload a lot of the complexity.

Adopting Cloud delivered SASE

Although our do-it-yourself platform is doing mostly what we need it to do, it poses a few challenges. Building and operating a homegrown SASE-type solution remains complex and requires in-depth expertise of many different technologies.

To address these challenges, we look to move to a cloud-delivered SASE model. With this model we can outsource the complexity, allowing experts to build and operate the platform for us. We no longer have to deploy bigger-than-needed boxes to factor in potential future growth — we can now scale up and down when business needs change. Finally, SASE provides new security capabilities within a single offering, preventing us from having to deploy a multitude of standalone security tools. An added bonus? We believe SASE can result in cost optimizations.

Our aspiration is to migrate to Unified SASE for most of our network. These easy-to-order, easy-to-operate SASE solutions provide superb integrations among some of the best technologies (SD-WAN, Umbrella SIG, AnyConnect, ZTNA/Duo), all available through a unified services portal.

For the parts of our network where we don’t migrate to Unified SASE, we will adopt Disaggregated SASE. As a large enterprise customer, Cisco has complex use-cases that ask for a bit more flexibility. Disaggregated SASE is similar to Unified SASE in that it provides much better integrations between similar technologies, yet it allows for more customization to fit our specific needs. Disaggregated SASE deconstructs certain components of Unified SASE to allow for a more flexible, scaled deployment. For example, Cisco Secure Firewall Cloud Native (SFCN) allows a containerized deployment of Next-Generation Firewall in AWS. The customer can then combine this with custom deployments of SD-WAN, Umbrella, and Duo to create a distributed, scaled-out architecture to meet Enterprise needs.

Our ultimate aim is to drive a unified solution that is tenable for large-scale, complex environments like ours, and produce a reference solution that customers can easily replicate.

Source: cisco.com

Continue reading

The SASE story: How SASE came to be, and why it has quickly become the default architecture

Secure Access Service Edge (SASE) has quickly become one of the hottest topics related to cloud, networking, and security architectures. As Cisco engineers, we have seen hesitation and confusion among some customers on what SASE really means. We hope to answer most of those questions here.

What is SASE, and how is it related to the Cloud Edge, Zero Trust, and SD-WAN? SASE has positively impacted how we run our IT organization, and how we envision Enterprise IT customers will run theirs. To accurately explain what SASE is, and why SASE came to be, we must look at the evolution of how data is stored and transported within an enterprise.

Our journey started inside the data center

A decade ago, many of us lived in a data Center-centric world, and security was simpler to implement.  Here at Cisco, we were moving data inside the four walls of our data centers, and  we assumed complete trust. The corporate office, the MPLS circuits between sites, and the Cisco data centers were all within a trusted environment, which enabled us to meet our security and compliance requirements.

Move to hybrid cloud and hybrid work

However, while many enterprises still focus on data center-centric applications for their core business needs, the world is shifting towards cloud-based application development. This enables faster and more efficient deployment of software and services to meet ever-changing business needs.

IT organizations have also shifted from a model of only managed devices (PC or laptop) for use within the trusted corporate network to allowing users to work on multiple devices from just about anywhere. The emergence of BYOD (Bring Your Own Device) as well as remote work had already been gaining traction in the industry over the past few years, and this trend significantly accelerated with the onset of the COVID-19 pandemic. Now, employees are expected to be able to work from anywhere, and any device. Combined with the distribution of resources across on-prem networks and the cloud, Hybrid Work presents a significant security problem as business users and application providers are no longer fully controlled by the IT organization.

To address security concerns in the interim, network architects designed a model where all user/cloud interactions were routed back, or backhauled, through a data center — i.e. the trusted entity — prior to being redirected to the cloud application. While meeting the security needs, this model has performance and cost challenges.

Arriving at SASE

To improve security and efficiency, a SASE-like architecture was developed internally by Cisco IT. The model we used for the architecture provides every user with a security profile tailored to their access privileges and uses a Zero-Trust approach to identify and authenticate users and devices before allowing a direct connection between the cloud and the access edge.

Ultimately, SASE is the convergence of networking and security functions in the cloud to deliver reliable, secure access to applications, anywhere users work. The Cisco SASE model works by combining SD-WAN for network, with cloud-based security capabilities such as Secure Web Gateway, Firewall as a Service, Cloud Access Security Broker, and Zero Trust Network Access into one, single, integrated cloud service.

CloudPort and the evolution of SASE at Cisco

Cisco’s SASE journey started with CloudPort, which was a hardware-based, on-prem, self-managed Cloud Edge platform, delivered at Colocation data centers around the world. While CloudPort provided a single platform that delivered network and security, it also brought cost challenges, used a traditional perimeter security, and required both agility to scale up/down as well as specialized skillsets.

To address these challenges, we first modernized the on-prem CloudPort solution, and put in motion a plan to move from on-prem to as a service or hosted SASE capabilities. The Customer Zero team, which deploys emerging technology in real life environments to provide critical feedback to the BU early in the product lifecycle, created a strategy to move to SASE, testing do-it-yourself and as-a-service models. The findings from the Customer Zero internal testing have guided our external offering strategy.

During this testing period, Cisco IT has moved from a ‘do-it-yourself’ model to a Cisco hosted/managed solution.

Source: cisco.com

Continue reading

How Cisco IT is solving multi-cloud management: a single pane of glass

Management of multi-cloud matures

Figure 1. Multi-cloud strategy adoption

For enterprise IT organizations, the public cloud has become a staple at delivering software, infrastructure, security, and other capabilities at scale. Companies primarily adopt public cloud services for greater flexibility, faster time-to-market, and to take advantage of best-of-breed solutions while avoiding vendor lock-in. While SaaS platforms are the lion’s share of services consumed (48%), IaaS and PaaS combined make up 51% of public cloud spending (IDG).

When combined with an organization’s private cloud, the collective services available for business units to spin up applications and services rapidly help drive innovation and decrease the time-to-market. It’s no surprise that 74% of enterprises are now taking the best of both worlds and defining hybrid or multi-cloud strategies. In fact, the Boston-based research firm, IDC, has declared 2021 as the year of multi-cloud.

While cloud offerings have matured and consumption continues to increase, one could argue that how we manage multiple private and public cloud services has lagged consumption and is just now beginning to mature. Most IT organizations are experiencing a common set of challenges in how they and their internal customers manage their cloud services, how they can account for and identify owners of cloud services within their company, and a lack of visibility into the usage and costs for these services. In response, enterprises are now adopting a “deliberate” multi-cloud strategy — up from 49% in 2017 to 75% projected for 2021 by Gartner.

Evolving our multi-cloud management strategy

Like most enterprise organizations, Cisco has seen dramatic growth in the use of public cloud-based services over the past decade or more. In parallel, our internal infrastructure offerings continue to evolve in response to customer demand, and technological and feature advancements. Our challenges — which I’m sure we share with many — have included a lack of visibility into all the cloud services consumed (shadow IT), poor budgeting and cost control, inconsistent governance and security, and disparate user experiences.

Read More: 300-735: Automating and Programming Cisco Security Solutions (SAUTO)

To respond, Cisco IT set out in 2017 to craft a strategy with “single pane of glass” visibility into multi-cloud services. We drafted a blueprint to include a knowledge base about services and how to choose them, methods to ease integration with data- and API-driven capabilities, holistic audit and compliance capabilities with security in mind, and consolidated monitoring and metering capabilities with pay-as-you-go modeling.

“Our goal has been to build a solution that provided a unified experience for all of our customers, regardless of whether they were consuming public or private cloud services,” notes Mayank Jain, Director of Software Engineering at Cisco and a member of the team that has worked on the problem. “We needed a solution that provided the ability for our customers to consume different cloud services and see what it’s costing them over time, all through a single pane of glass.”

Figure 2. Value proposition

From the early stages, we looked to four sources to gain insight and understand how best to craft our solution — the industry for analysis and best practices, our customers for their cloud consumption needs and experiences, our internal service providers for their offerings and product roadmaps, and the solution providers. Our goal was to have a clear understanding of how cloud services are consumed, identify what patterns consumption follows, and gain insight into the best practices for managing multi-cloud, all while maintaining a healthy security and compliance stance. We also worked to understand how what we propose will impact our internal service providers and customers alike.

Not all clouds are alike

Our first challenge: Anyone who has tried to address this challenge knows that there is no single, unified way providers deliver account data and information, and APIs and management interfaces vary. This lack of uniformity makes it difficult to provide a single pane of glass for all cloud services being consumed. When modeling our solution, we worked to develop methodologies at the abstraction layer to pull the data from all providers that is then translated to a uniform display in the user interface.

As we were building our cloud management solution, Cisco IT was building its own private cloud. The new cloud service offerings are API-driven and engineered as an “as-a-Service” offering with faster deployment capabilities. Our goal has been to make these services behave and operate like public cloud offerings, moving away from traditional delivery methods that were customized for every instance. The resulting private cloud model is easily consumable, automated, measured, and based on pay-as-you-go pricing models. In this case, the multi-cloud management strategy influenced our internal provider teams but also allowed us to make public and private cloud models on par with each other for better standardization at the management level.

“We needed to understand better how to cost a service,” noted Kenny Jones, Principal Engineer and a key member of the team. “This change in mindset — one where infrastructure and services are commoditized through cloud-centric models — was one of the biggest challenges for our internal teams and this project. We changed our thinking to that of a service provider and educated our different providers in our private cloud.”

A purpose-built multi-cloud management solution

The Cisco IT MultiCloud Management Platform provides a unified management environment with a consistent experience for customers, regardless of what they’re ordering and managing. It offers automated purchasing and provisioning, reducing delays in getting applications and services to market — often in minutes rather than days or weeks.

“A key feature we felt vital to include in our solution was the ability to meter and measure hybrid cloud services over time,” states Kenny Jones. “This capability also allows our customers to project their cost obligations into the future. That type of visibility is key to maximizing the value of the service while also aiding in maximizing the lifecycle of the service required. That’s a game-changer in avoiding infrastructure sprawl and having assets live beyond their usefulness.”

The MultiCloud Management Platform incorporates a multi-tiered, persona-based administration environment. Based on their role, administrators and users are granted visibility and management capabilities through the same environment for viewing, operating, and administering their cloud service. It also provides key approval processes, including funding approvals and quota approval flows, where a customer wants to order specific services beyond standard levels.

The MultiCloud Management Platform also supports multi-tenancy for different groups. With this capability, business units within Cisco have visibility into and can manage multiple cloud services under one umbrella. These capabilities allow our customers to manage their costs as a single-tenant — an ability many service providers struggle to provide.

What’s next?

Already, the MultiCloud Management Platform has made a tremendous impact on productivity and started us down the road in managing infrastructure lifecycles and costs. In a recent conversation, one of our business unit leads and internal customers, noted to me, “You’re empowering us to make sure that we can oversee our resources correctly, optimize them for our budgets, and do our job the best we can. Through the tools you’ve made available, you’re going to help us a lot — and we’ve made some tremendous strides already.”

This new environment is more than just a new and updated interface. It has changed our strategic thinking by providing data that we didn’t have before or had to generate offline through spreadsheets and manual processes. Now, when spinning up and managing resources, we’re able to get a true picture of our costs, project their costs over time, and do it all faster than we could before.”

To date, the environment incorporates compute platforms, PaaS services, network and storage services, analytics, and other services. We will expand the services in the solution to include more public cloud services, like cloud-based software subscriptions in addition to enrolling private cloud solutions as they become available. Our goal is to continue evolving the solution to reduce the time involved in getting services by automating context-specific areas. Plus, we’re advancing multi-tenant capabilities by developing features that allow organizations to share templated setups and configurations that can straddle a customer group’s service subscriptions while sharing common traits, policies, and structures.

Source: cisco.com

Continue reading

Zero Trust framework improves workforce security and productivity, while cutting support costs

Like most companies, Cisco is committed to continually improving security while simultaneously simplifying the user experience.

We’ve learned some important lessons along the way.

There are multiple points where user ID and password credentials can be potentially compromised. For example, employees sometimes chose to ignore best practices by utilizing easy-to-remember passwords such as “123456.” Others would share their Cisco passwords or use them externally for non-business-related applications—essentially utilizing their passwords everywhere.

When we relied only on the password login process, it is estimated that about 80 percent of all hacks were caused by credentials/identity theft. Other points of concern included new-hire onboarding or credentials delivery, password resets on behalf of users, password-related communications, and overall handling or management of password details. All can contribute to potential risks.

Further complicating matters, when most of our workforce went remote in early 2020, it became confusing and taxing for users to know how to access different applications. For example, some apps required a Virtual Private Network (VPN) connection, while others could be accessed directly. Like many other companies, Cisco invested in VPN expansion to support employees working from home, while also rolling out Zero Trust on a limited basis initially (more details below).

As the lines increasingly blurred between work and home life, many remote workers became frustrated at connecting via VPN and enduring the authentication process potentially multiple times a day. It can be tiring for users to keep track of which applications need VPN and which don’t – reducing their productivity. Ultimately, using a VPN when the workforce is almost fully remote can be inefficient, especially when we’re sending data back over the corporate network, only to have it eventually return to the cloud.

Zero Trust framework delivers secure, uniform user experience

As a result, Cisco decided to move from a traditional, network-based perimeter and VPN model to a Zero Trust model. Zero trust is not a single solution but a framework of solutions that verify a device, establish policy, and continually monitor device behavior. Multi-Factor Authentication is a key element of this approach. We started deploying multi-factor authentication in November 2020 for several applications, then expanded its coverage in 2021 to many additional applications, including Microsoft Office 365.

Our overall goal for Zero Trust and multi-factor authentication is to provide a secure, uniform experience while accessing applications, wherever users or applications are located. From a technical perspective, we had four objectives:

1. Implement an architecture that would allow secure, VPN-free access to some of our most-visited internal and SaaS applications

2. Validate user and device trust on a per-app basis, with an ability to set per-app access policies

3. Improve our authentication experience by reducing the burden on users

4. Build this transition seamlessly, requiring zero user action, and without any outages or distractions

Zero Trust helps us achieve these goals by incorporating user/device trust policies for remotely accessing applications. Users enjoy a “borderless experience” by accessing the network from anywhere, without having to connect through a VPN.

Instead of relying only on user ID and password credentials, Zero Trust adds a layer of protection. It leverages a user-identity certificate that is securely deployed to managed endpoints by our device management suite. This certificate then acts as the first factor of authentication, saving users the step of having to type in their username and password. This also reduces the likelihood that users will save their corporate identity and password in their browser for convenience.

After establishing user trust, the solution validates device trust and health—starting with the assumption that if a device is managed by our corporate device management platforms, then it must have a good baseline security posture. We perform an additional device health check during every authentication transaction to ensure that the device is running the latest software, screen lock, disk encryption, firewall, and anti-virus agent. This real-time check is conducted by the Duo Beyond Device Health app, which continuously operates in the device’s background.

With Zero Trust, when a user tries to log in to an application, our corporate SSO identity engine checks the user and device certificate, does a real-time health assessment of the device, and finally triggers a second-factor notification before allowing user access.

Zero Trust saves time, boosts productivity

Since Zero Trust was implemented, adoption metrics show that it is saving Cisco employees more than 410,000 VPN authentications per month. Based on Cisco IT internal analyses, it takes about 45 seconds for each VPN authentication. This represents 307,500 minutes, or 5,125 hours, saved per month – an annual savings of 61,500 hours. Assuming an average hourly cost per employee of $55, we can value this productivity improvement at $3.4 million per year for Cisco employees. This also represents an optimization of the application information traffic flowing over the company’s core network and offloaded through direct internet access.

Since incorporating controls for device health and trust at the application layer, we’ve substantially improved our ability to react to device risk. For example, we’re conducting approximately 5.76 million device health checks automatically per month. This has allowed us to identify 86,000 devices per month that users have self-remediated. That’s 86,000 potential compromises effortlessly averted.

While there were some concerns about increased support call volume when introducing device health checks for borderless access, only 0.6 percent of users have contacted our help desk for support—which is actually less than the 7 percent rate of help-desk requests for security deployment, password reset, device remediation, and support calls for authentication based on internal benchmark. We feel that the easy-to-follow remediation steps within the Duo Device Health App played a key role in minimizing our support numbers. The deployment had a minimal impact, keeping overall costs low and providing a better user experience.

Subsequently, fewer analysts have been required to provide support, leading to an estimated $500,000 per year savings in helpdesk support costs. In addition to cutting support costs and improving security, the Zero Trust Multi-Factor Authentication framework has improved productivity because users don’t need to waste time logging in to the VPN.

Figure 1. Duo Zero Trust benefits

The future of Zero Trust

Implementing Zero Trust as a critical framework and adopting a more rigorous security posture will continue providing opportunities for Cisco. For example, the remote working capabilities that Zero Trust enables has over the past two years allowed Cisco to expand access to a diverse talent pool. According to Darcie Gainer, Cisco’s Security Product Marketing Leader, the remote working capabilities with borderless access and without VPN have already allowed Cisco to grow its intern classes in 2021 and 2022.

Source: cisco.com

Continue reading

Driving down IT OPEX with a Webex bot

Every IT organization strives for excellence by continuously driving down their operating expenses (OPEX) while providing the best-in-class experience to their user base. Several factors affect OPEX, such as increasing IT cases that require more resources to address recurring requests. Having a focused approach to reduce cases can significantly optimize on cost and improve the efficiency of IT Operations teams. One way that Cisco IT is driving down OPEX is by harnessing the power of automation.

By the end of September 2020, the number of service request cases to Management & Finance IT’s (M&F IT) Order Management (OM) Automation team in Cisco had been cut by half and operational costs reduced by one-third. The solution:  a self-help Webex bot called ‘OM-BOT’ that the OM Automation team created to assist with service request cases.

OM-BOT helps users answer queries without requiring any IT teams’ intervention. Below are some benefits of implementing OM-BOT:

◉ Avoided 140 IT cases per month

◉ Improved Mean Time to Resolution (MTTR): cases get created in the correct queue, reducing the time it takes to resolve cases

◉ Improved case routing: OM-BOT links user to the correct team to solve their cases

◉ Enhanced user experience: we meet with users weekly to discuss feedback, most of it positive

From January 2020 to September 2020, we, the OM IT Support Team, were receiving an average of 285 cases per month (see Figure 1). However, in the last six months, we’ve seen an average of 145 cases per month — a reduction of about 48.5 percent, most of which can be attributed to the usage of OM-BOT.

Figure 1. The steady decline in service request cases under Order Management track in the last 2 years

Why did we build OM-BOT?

In early 2020, the OM Automation team realized that our incident case count per quarter was very high. When we investigated, we found that a lot of cases didn’t require IT fixes.  Users were seeking IT’s help to fetch data and information from the backend as it was not available in any of the tools or applications they used. We realized that we were spending a significant amount of time and resources in addressing non-technical related requests and we needed to get a little creative to solve this problem. We started exploring ideas on how to tackle it.

How did we build OM-BOT?

Around the same time, Cisco’s BotLite team were showcasing their new DIY No-code Low-code framework and toolkit with a rich GUI to create a bot with minimum technical expertise. BotLite leverages Cisco’s MindMeld and Webex and allows users to have human-like interaction with the bots they create through Natural Language Processing (NLP).

We saw this as a great opportunity to build our own bot to help answer user queries reported in service request cases. Our bot could easily connect to databases, pull the required information, and display it for the users in Webex. We formed a small, agile automation team of 3 members and identified the scenarios that caused the most confusion for users (See Figure 2). We set up a few sessions with the BotLite support team for their initial guidance on building a bot. It was pleasantly surprising to learn how simple and quick it was to create bot scenarios. After 4 sprint cycles, our first OM-Self Assist-BOT (now known as OM-BOT) was ready for our end users.

Figure 2. A few of the common scenarios configured in the BOT

 

Did we face any challenges?

Once our bot was ready, our major challenge was end user adoption. Initially, not many users were aware of the bot or how it could help them. We continued to see a spike in request case numbers, and we were still spending a lot of manual effort addressing these requests.

We set up a weekly connect call with the team that was raising about 90 percent of request cases. We started showcasing the bot to them, gave demos on how to interact with the bot, and shared the bot user manual. We discussed the 13 scenarios that we identified and how the bot could solve these scenarios.  The team realized the potential of OM-BOT and spread the word within their extended team. The bot was helping them to get the required details quickly and they did not have to spend time creating IT cases. It was a win-win for our teams! We started seeing results from October 2020 onward and service request cases declined.

Another challenge was more technical in nature. We had to connect to two databases (Oracle and MongoDB) to fetch the data, but the BotLite framework only allowed a connection to the Oracle database. Without data from both databases, the information we wanted to provide to users was incomplete.

To fetch the data from both databases, we leveraged the BotLite API feature. Our team built an API to connect to MongoDB. It’s able to fetch data, combine it with the result from the Oracle database, and then display the information in Webex in a human-readable format. If the requested data is large, we can provide the result in a downloadable spreadsheet.

 

What is the roadmap ahead for the bot?

We regularly collect and implement feedback from our end-users. We receive their enhancement requests, and they also notify us when they encounter issues with the bot.

Some bot usage metrics from 2021 include:

◉ Over 600 unique users from across the world interacted with OM-BOT

◉ More than 20,000 messages were sent

◉ OM-BOT is accurately answering users’ queries, with a 97 percent Hit Rate

In the future, we want to continue driving down opex by providing users with “self-healing” options. By this, we mean, if the bot identifies an issue, it can also guide the user on how to fix the issue with some simple clicks in Webex itself rather than creating IT cases. We want to give this option to users as it will help us in case avoidance and improve the time to resolve such issues for them — which is critical for teams when we are working during time-crunch situations, especially, during our Month-End and Quarter-End periods.

Key Takeaways

In the past, chatbots were a nice gimmick without any concrete benefit, but today they are an indispensable tool in the corporate world and really help drive down OPEX. Of course, developing and running a chatbot is a lot of work and requires a financial investment, but there are many good reasons to build and implement a bot. Our efforts in creating OM-BOT have not only achieved case and cost reductions, but has also ensured that as the OM IT Support Team, we are now able to provide a best-in-class experience to our users. The bot enables our IT support agents to focus more on addressing critical IT issues while the bot takes care of service requests. I think conversational AI is the way forward, now more than ever, for every IT organization.

Source: cisco.com

Continue reading

Plug & Play (PnP) enables faster onboarding of new offices

Most IT engineers can agree that device provisioning for new offices is tedious, time-consuming, and error-prone. Fortunately, our Cisco IT Customer Zero team—which tries out the latest Cisco solutions and integrations to prove value and share experiences—has discovered that it doesn’t need to be that way.

By leveraging the Plug & Play (PnP) capability in Cisco DNA Center, we’ve managed to slash provisioning time by over 50%, while improving the engineer/user experience, reducing configuration issues, and enhancing security.

Prior to PnP, provisioning new offices was tedious and error-prone

Before PnP, our process was manual and slow, with a high risk of producing errors. In the weeks before we set up a switch, engineers had to scour a 501-page playbook to find the right configuration for the device model and office size. They would then travel to the office and paste in the appropriate code snippets via the command-line interface (CLI).

During this process, engineers could easily type an incorrect character or miss a line/s of code. These types of mistakes were responsible for the vast majority of Day-1 problems. The process also required engineers to remain for Day-1 support.

PnP provides the ability to automate onboarding, eliminating errors and saving time

Today, Cisco DNA Center’s PnP capability allows us to onboard new sites much faster by automating the onboarding of devices and the configuration of underlay routing (Figure 1). Switches automatically connect to Cisco DNA Center and retrieve the correct template, based on their serial number and tags. Engineers no longer have to engage in the time-consuming activity of searching through the playbook for the right configuration. PnP also reduces the need to type command-line instructions and cut-and-paste blocks of code. We are now able to standardize our configuration with the use of templates and version control. Instead of using Microsoft Word or Excel spreadsheets, we can create templates that are used across multiple devices with the concept of variables allowing us to be adaptable to each device using templates and tags, saving time and ensuring compliance. Finally, with PnP, engineers no longer need to go on-site for Day-1 support.

Figure 1: Day-0 provisioning with PnP

PnP enables zero-touch device provisioning – ensuring simplicity, security, and consistency:

◉ Simplicity: When the device boots up for the first time, it automatically reaches out to the PnP Connect Cloud, then is redirected to Cisco DNA Center. From there, we can easily push the required Day-0 and Day-1 configs as well as the software images to the device—lowering the risk of an accidental input.

◉ Security: The device securely connects to the PnP cloud via https and is verified and redirected using its product ID and serial number.

◉ Consistency: This process enables a consistent workflow across all platforms— switches, routers, and wireless LAN controllers—regardless of the number of devices that need to be staged.

The Cisco IT Customer Zero team recently conducted a detailed value analysis to quantify the benefits of Cisco DNA Center PnP (Figure 2). Here is what the Customer Zero team found:

◉ Significant time savings: PnP cut the provisioning time of wireless controllers by 54 percent—from 130 minutes using the manual approach, to 60 minutes using Cisco DNA Center with PnP. Similarly, PnP reduced onboarding time for Cisco Catalyst 9300/9400 switches by 43 percent—from 180 minutes manually to 77 minutes with PnP.

◉ Enhanced NetOps experience: Because PnP does not require actual monitoring during device provisioning, only 45 percent of the provisioning process requires “active engineering time.” As a result, the experience is less tedious and stressful for network engineers.

◉ Better end-user experience: By automating initial provisioning and underlay routing configurations, PnP ensures faster site readiness and seamless user onboarding.

◉ Improved security: PnP enables end-to-end security, from Cisco DNA Center to network devices, from Day-0 to Day-N, with no physical access required.

Figure 2. Key findings: Cisco DNA Center Plug & Play benefits

The Cisco Customer Zero team is committed to exploring other ways that Cisco DNA Center PnP can further drive value by leveraging automation to fuel greater efficiency, better user experiences, and improved security. We are working towards initiatives such as configuration management across multiple Cisco DNA Centers and other automated use cases. Stay tuned…

Source: cisco.com

Continue reading

How the network team’s bold steps + agile mindset launched a cloud-ready backbone

In 2014, we realized our world in network engineering was changing rapidly. Like many IT organizations, we saw a shift to the internet and cloud services in our network traffic. Over that year alone, we observed a 200% increase in peak internet and cloud traffic. That’s when we knew our network needed to change to accommodate the evolution of conducting business at Cisco.

Our network was designed and evolved with the bulk of our enterprise traffic originating from and destined for resources within Cisco’s “four walls.” The growing demand for traffic to cloud providers and SaaS services meant a quick pivot was necessary. As a result, our initial step was to build Cisco IT CloudPorts in strategic carrier-neutral facilities, which allowed us to quickly secure connections between the Cisco enterprise and the outside world.

Our CloudPort hubs provide high availability and flexibility to turn up new connectivity quickly, but our private backbone connecting the CloudPorts needed enhancement. With more and more business reliance on public cloud and SaaS workloads, the resiliency and performance required for CloudPort connections grew. We needed the capability to quickly respond to network issues and use our backbone to route traffic from one region to another.

Our CloudPorts are now interconnected with a global cloud-ready backbone that allows seamless routing of connectivity in case of outages or performance issues within a region. This new backbone is built on top-of-line routers like the Cisco ASR9k and Cisco NCS5k series that are optimized for internet route table scale and better programmability of Border Gateway Protocol (BGP) policies.

That’s where we are today. But how did we get here?

The genesis: The birth of a strategy

During a team off-site — sitting in a small restaurant near our offices in North Carolina — our group discussed how our core network design was not sustainable. We needed a big change. While the approaches and technologies weren’t anything new, the scale and breadth of such a change was significant. How would we rearchitect and deploy a change of this scale, especially given the size and complexity of Cisco’s business? And a common question — how would we deploy with minimal disruption?

Over dessert, we began to sketch and brainstorm and sketch some more — literally on the back of a cocktail napkin. (We’ve all done that, right?) We concluded that we needed to stop thinking of the traditional enterprise where communication patterns were between users and our private cloud. Instead, we needed to design a new architecture that would deliver optimized and resilient connectivity between on-premise resources and users, and the outside world.

Our path to a solution began.

The value in the process

Over the next three years, our team looked at how to address the issue. We started by examining the existing infrastructure and making small, incremental changes to address immediate performance concerns. While we saw minor improvements, they were isolated, not necessarily repeatable at scale, and would create new complexity down the road. But this exercise provided great insight into the issues and confirmed our belief that we needed a new uniform network architecture.

Team member Oliver Agpalasin shares how our journey began: “We started with a blank canvas and set out to define the ‘future state’ of the network, putting traditional and historical thinking aside. With that architecture defined, we could then start thinking about execution and how to move to the new environment. All while recognizing the value this would bring to Cisco and the quality of experience it could provide to our internal clients.”

Changing the mindset

As an operations organization typically focused on solving day-to-day business issues, we were challenged by our inherent silos and conflicts of interest. To solve this, we adopted an agile mindset and made operations engineers the leaders of the program, freeing them from the constraints of “just keeping the lights on.” We wanted to leverage the team’s deep working knowledge of the network, break down the barriers between design and operations, and gather everyone in the same room in a series of workshops.

“We never questioned the value in the vision,” says team member Alisha Sanchez. “Adopting an agile mindset gave us the opportunity to carve that path independently and allowed us to focus on creating options, test those theories, and make informed decisions based on our findings.”

Insight from one team manager summarizes the real value of this mindset shift. As Steve Sheldon describes it, “Part of the agile methodology for me is that you’re able to make your own work. You are able to decide the best strategy as a team. In an operational role, you don’t always get that option. That’s a big mindset shift.”

Team member Prashant Bhadoria adds: “Along the way, and despite the new challenges that came up, we were always focused on choosing the best options. Having an overarching strategy in place helped us address each issue focused on that overall intent. We’re typically perfectionists, not risk-takers. But with the support of our leadership, we were encouraged to take bold steps.”

Deploying the new network

We understood our most significant challenges to be twofold:

1. Building consensus among our stakeholders

2. Deployment of the new network itself

With a project at this scale, we recognized  significant obstacles which at first appeared insurmountable. But through the program team’s persistence and commitment, we solved them one by one.

“It was not easy to explain the business value to secure the funding and resources,” says Warren Rigney, a team manager. “But our leadership understood the risks and potential impacts of doing nothing.”

Part of the task facing us was to unravel two decades of complexity that could hinder delivery of the new architecture. Through self-written automation and auditing tools, we could visualize and continuously track all required clean-up efforts. As we peeled back the onion, we grew more confident in our ability to succeed.

In the words of team member Touseef Ahmed Gulgundi, “To speed up deployments and avoid risks, we utilized Network Services Orchestrator (NSO) automation to deploy the new backbone and policies. This approach allows us to reduce the deployment time from 12 hours for the first deployment down to less than four hours for the second — an efficiency trend that continued over time.”

Because we were deploying significant changes to Cisco’s core network, a prudent approach was needed, even if it meant small delays to project timelines. We built development and test environments where we could safely validate our changes before deploying at scale in production.

Building and deploying the new backbone was one thing. We also had to make sure that our support teams would understand the new environment. The test and development networks allowed team members to spin up their own virtual instances so they could freely play with the new setup. We invited these teams to shadow us during the implementations and turned over the keys to those confident enough to learn the new setup during deployment. In addition, we did extensive Transfer of Information sessions to make sure everyone in the wider team could support the new solution.

IT is all about the people

In the last one and a half years, the newly formed program team put their shoulders to the wheel, and things really started to happen. The team consisted of a mix of engineers, some wanting to move very aggressively while others preferring a more prudent approach. This mix triggered good conversations (and occasional differences) that ultimately resulted in the right decisions being made. The team also worked tirelessly across time zones, through late evenings, and in meetings while supporting their families during the global pandemic. Behind every corner there was often a new surprise, but the team never gave up and tackled each problem as it came.

The future of our network

This new backbone design laid the groundwork for the future and allowed us to be more agile and deliver new technical capabilities quickly while supporting our business transition and adoption of the cloud. Most importantly, the lessons learned during this program will benefit us as we keep driving innovation into Cisco’s corporate network.

What’s next? Our team is focused on expanding the network’s capabilities, including automating the resiliency of our internet network, extending the resiliency in our connectivity to cloud services, and bolstering our disaster recovery for internet services at scale.

Oh, and what became of the napkin? We still have it. We break it out every time a member of our team says, “It can’t be done!”

Continue reading