Cisco and Nutanix Team Up in Response to Customer Demand: Another Win for Customer-Centric Innovation

In the ever-evolving landscape of IT, organizations continually seek solutions that simplify complexity, break down silos, and enhance agility. At Cisco, we’re continually tuned into the demands and requirements of our customer base, and it’s this laser focus that has led to our most recent collaborative venture. We are thrilled to announce our new integration with Nutanix, a leader in enterprise cloud computing solutions.

Listening to You: Our Driving Force

Time and time again, our commitment to delivering top-notch, efficient solutions is fueled by the needs and feedback of our customers. You spoke, and we listened. The partnership with Nutanix is a direct reflection of this two-way dialogue, a testament to our commitment to not just hear, but actively listen and respond to what you are saying.

Bridging the Gap with ACI VMM Integration

One of the key facets of this collaboration is the integration of Cisco’s Application Centric Infrastructure (ACI) Virtual Machine Manager (VMM) with Nutanix. This marriage of technologies effectively bridges domain silos between the network and server teams. Network configurations and server deployments, historically segmented tasks, can now be coordinated more efficiently, fostering a more agile and responsive infrastructure. This integration is designed to simplify operational complexities, promoting a more streamlined and efficient operational workflow.

Cisco ACI: Beyond Traditional Networking

Before we jump into the integration, let’s re-familiarize ourselves with Cisco ACI:

◉ APIC (Application Policy Infrastructure Controller): It’s not just a management tool; think of it as the brain behind the orchestration of network policies.

◉ Spine and Leaf Architecture: This ensures a swift and efficient flow of data, connecting all aspects of the data center seamlessly.

◉ Policies: The linchpin of ACI, these pre-defined functionalities ensure the network is adaptive and responsive to specific needs.

Why Nutanix?

Nutanix is a frontrunner when it comes to hyperconverged infrastructure, bringing together compute, storage, and virtualization under one roof. Their solution, which focuses on simplicity and scalability, offers an ideal playground for ACI’s capabilities. Integrating with Nutanix’s VMM functions ensures that ACI’s policy-driven approach aligns perfectly with the agility and dynamism of virtualized workloads.

The Power of Integration

Holistic Visibility: ACI’s already granular insight extends into Nutanix environments. Network administrators can track activities from the physical infrastructure up to individual VMs in the Nutanix cluster.

Elastic Networking: As virtual machines and workloads shift within the Nutanix ecosystem, ACI adapts, ensuring network policies remain consistent and effective.

Enhanced Security Posture: ACI’s renowned micro-segmentation, when combined with Nutanix’s security features, offers a formidable defense against malicious activities and breaches.

Unified Management: With APIC interfacing directly with Nutanix’s Prism management, it consolidates the administrative experience, simplifying operations.

Getting Started with ACI and Nutanix

Integration at a glance:

• Kickstart with a robust ACI environment and an operational Nutanix cluster.
• Through APIC, navigate to VM Networking, and add a VMM domain specific to Nutanix.
• Detail out the Nutanix cluster specifications and correlate with ACI’s bridge domain.
• Watch as ACI seamlessly integrates its policies with Nutanix, creating a cohesive networking environment.

Joint Commitment to Customer Success

Both Cisco and Nutanix are firmly committed to jointly supporting our customers. Our shared goal is to deliver the best infrastructure automation experience possible. By harmonizing the strengths of ACI’s policy-driven architecture with Nutanix’s prowess in hyperconverged infrastructure, we aim to offer a solution that epitomizes efficiency, simplicity, and most importantly, customer satisfaction.

In Conclusion

The integration of Cisco’s ACI with Nutanix marks a pivotal moment in data center networking. It signifies a future where the physical and virtual, the network and the application, are in perfect harmony. For enterprises looking for agility, security, and simplicity, this integration opens up new vistas of possibilities.

Source: cisco.com

Continue reading

Cisco Nexus Dashboard Orchestrator (NDO): The maestro of the network

Orchestrate your multi-fabric and multicloud network simply

In any symphony you need a good maestro to help orchestrate all the different instruments to produce a harmonious sound.  Everything must be in time and to the beat.   It is the same with your networks.  When running multiple fabrics both on premise, private clouds or public clouds, you need a maestro or orchestrator as well that can be automated and help manage the network and security policies across vast landscapes.

Since it’s early days, Cisco’s Nexus Dashboard Orchestrator (NDO) has been that maestro, allowing network administrators, engineers and cloud operators work together harmoniously to provide a fast, safe and agile network.  We have new versions of NDO, release 3.5 and release 3.6 which will help you build your network capabilities, provide greater ease of use and enhance your security across multiple network fabrics.

What is Cisco NDO

NDO provides consistent network and policy orchestration, scalability, and disaster recovery across multiple data centers through a single pane of glass while allowing the data center to go wherever the data is.

NDO allows you to interconnect separate Cisco® Application Centric Infrastructure (Cisco ACI®) sites, Cisco Cloud ACI sites, and Cisco Nexus Dashboard Fabric Controller (NDFC) sites, each managed by its own controller (APIC cluster, NDFC cluster, or Cloud APIC instances in a public cloud). The on-premises sites can be extended to different public clouds for hybrid-cloud deployments while cloud-first installations can be extended to multi-cloud deployments without on-premises sites. In addition, Nexus Dashboard Orchestrator can be deployed through the Cisco Nexus® Dashboard, which provides a single automation platform to access the data center network’s operational services and tools.

The single-pane network interconnect policy management and the consistent network workload and segmentation policy provided by NDO allows monitoring the health of the interconnected fabrics, enforcement of segmentation and security policies, and performance of all tasks required to define tenant intersite policies in multiple sites through an easy to manage user interface.

What’s New?

NDO is always evolving to meet the needs of the ever-growing hybrid cloud world.  So, what is new now?   Recently Cisco launched NDO release 3.5 and 3.6 which incorporates several enhancements to help orchestrate consistent networks across multi-fabric and multicoud environments.

Key NDO 3.5 Enhancements: 

• BGP for underlay peering with ISN –
• This provides support peering spines with the ISN devices using BGP adjacencies.  It simplifies ISN connectivity using BGP only.
• External connectivity from Cloud Sites
• This allows you to establish external connectivity between Cloud CSRs and external devices with IPsec & BGP, which provides access to cloud resources from external networks (Branch, Campus, Co-lo, Internet)
• Show DCNM object fault info from all sites
• Scalability improvement of 12 DCNM sites

Key NDO 3.6 Enhancements: 

• Configuration drift reconciliation workflow for APIC and NDFC provides:
• NDO workflow that synchronizes and merges any policy config discrepancies/changes made in APIC or NDFC level.
• Ease of Use Improvements
• Scalable static port binding with leaf/port range provisioning
• Bulk update workflow for template objects
• NDO Cloud Enhancements allows:
• Google Cloud connectivity
• Multi-cloud inter-site connectivity between AWS, Azure, and Google Cloud Sites
• Partial mesh EVPN-VXLAN connectivity between on premises and AWS and Azure cloud sites
• Workload connectivity for multicloud without policy
• Proxy support for cloud sites
• SD-Access Campus (DNAC) and ACI Integration – Macro-Segmentation includes automating:
• Connectivity of Campus VN to access DC VRF
• Internet access for Campus VNs through ACI
• Visibility of VN-VRF extension and connectivity status
• NDFC 12.0(2) support

With all these updates customers can continue to enjoy simple orchestration across hybrid cloud environments all through the single interface of the Nexus Dashboard.

Source: cisco.com

Continue reading

Connecting people, places, and things – Cisco Networking innovations for hybrid work

The world is changing and the structure of connectivity between users, businesses, and devices has entered a new dimension. The rate of transformation has accelerated, including major advances in collaboration and access to applications and data from anywhere. However, remote connectivity has enlarged the attack surface for cyber criminals and troubleshooting outside your corporate border is challenging.

Our customers are looking for solutions for hybrid work, providing agility for users to securely connect from work, home and everywhere in between. Businesses must empower their hybrid workforce with seamless access to cloud applications and high-quality collaborative experiences. IT is also tasked with maintaining security, control, and governance across devices, networks, clouds and those applications.

Our latest Networking innovations provide advanced analytics and insights to improve operations for remote IT operators, along with greater integration with storage and cloud providers for more seamless and secure access to applications and data. Learn more about how these innovations can improve the user experiences to support hybrid work environments below.

Wireless 3D Analyzer in Cisco DNA Center

Simplified Operations for the Workforce and Workspace

To better support the demands of the hybrid workspace, the Cisco DNA Center release 2.2.3 brings exciting upgrades that enable IT to improve wireless performance, facilitate zero trust networking, and support smart building deployments.

With the new Wireless 3D Analyzer, Cisco announces the first true 3D wireless indoor propagation tool. Use your mouse to move around and visualize where signal is propagating through the actual architectural design of your office. You can simulate adding walls or reorganizing the workspace to accommodate your return to office plan. Then do a simulation of the new wireless network design to support this new plan so that you buy what you need without over-dimensioning. And IT teams can simulate this office redesign without being in the office themselves.

Now you can enjoy real time visibility over your zero-trust network like never before. Across both your offices and remote workers, a new policy analytics dashboard gives you complete policy and endpoint status at a glance. You’ll see alerts for any attempted policy violations, including spoofing detection, and a granular trust score engine for specific details on endpoint security decision parameters.

Deploying Smart Buildings means supporting more and more IoT endpoints. Network teams struggle to get complete visibility for PoE switch capacity and actual endpoint power consumption without visiting remote branches. Our new PoE Analytics dashboard can show your team actual power usage, available power, and in which ports. The tool then monitors these devices for unusual power consumption and other anomalies. Need to send five new IP cameras to the office in Singapore? Now you can tell the local team what switch ports have power and monitor the usage.

We are also making it easier to add on other Cisco DNA software products to your network with the Cisco DNA Expansion Pack. This new offer allows you to enhance your Cisco Networking solutions with SD-Access, Zero Trust Networking, Encrypted Traffic Analytics (ETA), digital experience monitoring, location analytics and assurance. It provides flexible way to purchase Cisco Identity Services Engine (ISE), Cisco DNA Spaces, Cisco ThousandEyes, Secure Network Analytics (Stealthwatch) and other licenses, appliances, and services in one convenient bundle.

Putting IT in control of Internet traffic

Hybrid work has also shifted traffic patterns, where more traffic runs across the Internet. To securely scale out your network to the Internet, Cisco SD-WAN provides a software-defined approach to managing across your users, branches, clouds and the Internet. Businesses are moving to a multicloud environment that requires secure connectivity everywhere and visibility that extends from into your enterprise network and beyond into the cloud.

Now, more than ever, enterprises need agility to adjust their business models as they continue their journey to the cloud. In this release, we are offering greater interconnection with Cloud and SDCI partners, enhanced multitenancy support and several other advancements for Cisco SD-WAN.

Cisco SD-WAN Cloud Interconnect with Equinix delivers seamless, automated connectivity to multiple IaaS and SaaS environments, without all the complexity. The joint solution enables customers to create network connections to their multicloud deployments with greater agility, reduced operating costs, and increased speed to market compared to classic connectivity options. ​

Managing multi-domain networks and applications has created complexities and IT requires a simple approach. The integration of Cisco SD-WAN Cloud Hub with Google Cloud Service Directory allows enterprises to automate SD-WAN policy for custom applications in multicloud based on application profile. ​The solution bridges DevOps and NetOps; now DevOps can define traffic profiles in Google Cloud Service Directory and NetOps can translate those profiles into network policies.

Cisco Cloud OnRamp for IaaS: Azure Secure vWAN extends the SD-WAN policy seamlessly to Microsoft Azure and then it provides analytics via telemetry for troubleshooting in Azure as well as secures connectivity to every type of traffic flow. Cisco is the first Enterprise SD-WAN Partner to support an additional layer of security with support for service chaining with Azure Firewall in the Azure Virtual WAN Hub. This process has traditionally been manual and tedious. With this integration, the guesswork is removed, and customers can save time by automatically securing any traffic whether it originates from branch to host vNets, or vNets to Branch, branch to internet or vNet to Internet.

Many customers rely on a Managed Service Provider (MSP) to build out their SD-WAN. Recent enhancements in Cisco SD-WAN Multitenancy increases both scalability and security, which will increase capacity and density to scale and reduce costs for MSPs as well as large enterprises that require multitenancy. The addition of Reverse Proxy adds a layer through which access to Cisco vManage occurs using a Proxy server providing an encrypted bi-directional communications path. The shared control, management, and orchestration plane across multiple tenants will reduce CapEx. Single pane of glass for management and operations of multiple tenants reduces OpEx and flexibility is increased with support for on-prem and cloud, API support and support for KVM and ESXi.​

The Cisco vManage User Interface (UI) has been updated providing a highly visualized and more intuitive user experience that simplifies network management and onboarding of SaaS, IaaS, and security for network operators with expanded pre-configured templates and guided step-by-step configuration.

In a previous release, we provided integrated Unified Communications on the Cisco SD-WAN platform – eliminating the need for a separate UC platform with the associated acquisition and support costs. In this release, we are offering further platform consolidation incorporating the 5G connectivity into Cisco SD-WAN Edge platforms with the new 5G Pluggable Interface Module (PIM) and Cisco mGig WAN module (NIM). ​This eliminates the need for a separate gateway. Manage up to 3.3Gbps of cellular edge routing in Cisco SD-WAN with direct internet access at the branch and connect to multicloud applications regardless of broadband availability.

In addition to all this news, look out for an exciting announcement next week on how Cisco will provide more customer choice and flexibility in expanding Cisco DNA Software capabilities.

Cisco continues to innovate to address the hybrid workplace transformation the world is undergoing. A secure, agile network has never been more important, and our solutions will help you enable a safe return to the workplace, secure work from home and anywhere access to multicloud applications.

Source: cisco.com

Continue reading

Intersight Kubernetes Service (IKS) Now Available!

We announced the Tech Preview of Intersight Kubernetes Service (IKS) which received tremendous interest. Over 50 internal sales teams, partners and customers participated and provided valuable recommendations and great validation for our offering and strategic direction. Today we are pleased to announce the general availability of IKS!

Read More: SaaS-based Kubernetes lifecycle management: an introduction to Intersight Kubernetes Service

Intersight Kubernetes Service’s goal is to accelerate our customers’ container initiatives by simplifying the management effort for Kubernetes clusters across the full infrastructure stack and expanding the application operations toolkit. IKS provides flexibility and choice of infrastructure (on-prem, multi-hypervisor, bare metal, public cloud) so that our customers can focus on running and monetizing business critical applications in production, without having to worry about the challenges of open-source or figuring out the mechanics to manage, operate and correlate between each layer of the infrastructure stack.

With Cisco Intersight it can be easy

For IT admins and infrastructure operators IKS means an easy – almost hands-off – secure deployment and comprehensive lifecycle management of 100% open source Kubernetes (K8s) clusters and add-ons, with full-stack visibility from the on-prem server firmware and management up to the K8s application. Initially, ESXi targets will be supported, with bare metal and public cloud integrations coming soon, along with many other features, such as adopted clusters, multi-cluster and vGPU support.

For DevOps teams IKS is so much more than just a target to deploy K8s-based applications.  As a native service of the Intersight platform, DevOps engineers can now benefit from the recently announced HashiCorp partnership and brand new Intersight Service for HashiCorp Terraform, deploying their applications using Infrastructure as Code (Iac) and Terraform. They can also benefit from the native Intersight Workload Optimizer functionality, which means complete mapping of interdependencies between K8s apps and infrastructure, and AIOps-powered right-sizing (based on historical utilization of resources) and auto-scaling.

Let’s take a look at what IKS enables in a bit more detail:

A common platform for full-stack infrastructure and K8s management

The modern challenges for IT admins and infrastructure teams is navigating a hyper-distributed, extremely diverse IT landscape: hybrid cloud infrastructure with on-premises locations (data centers, edge, co-lo) and multiple clouds, heterogeneous stacks and workload requirements (bare metals, virtual machines, containers, serverless), and the need for speed to cater for internal customers (DevOps, SecOps, other IT and LoB users) and ultimately end-users!

The only way to address this complexity is to simplify with a unified, consistent cloud operating model and real-time automation to balance risk, cost and control. This is where Cisco Intersight comes in. Cisco Intersight is a common platform for intelligent visualization, optimization, and orchestration for applications and infrastructure (including K8s clusters/apps). It enables teams to automate and simplify operations, use full-stack observability to continuously optimize your environment, and work better and faster with DevOps teams for cloud native service delivery.

Intersight – The world’s simplest hybrid cloud platform

With IKS and other Intersight services, IT admins can easily build an entire K8s environment from server firmware management, to the hyperconverged layer, to deploying clusters in a few clicks via the GUI or directly using the APIs – and now with Terraform code! In addition, Intersight provides common identity management (SSO, API security), RBAC (two new roles for K8s admins and K8s operators) and multi-tenancy (server/hyperconverged/K8s layers) to support customers looking for a secure, isolated, managed and multi-tenant K8s platform.

IKS regular releases ensures that IT Admins can effortlessly keep K8s versions, add-on versions and security fixes up to date on their clusters. We curate, harden for security and manage essential and optional add-ons (CNI, CSI, L4 and L7 load balancer, K8s dashboard, Kubeflow, monitoring etc) to provide production grade tools to our customers. Those IKS features allow customers to deploy and consume secure, consistent and reliable open-source K8s integrations without becoming CNCF landscape experts, and while maintaining the flexibility to port any other open-source components. Demo video available here.

Continuous Delivery for Kubernetes clusters and apps

IKS supports multiple options to integrate Kubernetes resources into customers’ continuous delivery pipelines, saving precious time and effort in configurations and development. Users can use OpenAPI, python SDK or Intersight Terraform provider. This makes it easy to integrate IKS with customers’ existing Infrastructure as Code (IaC) strategies.

In addition, the Cisco Intersight Service for HashiCorp Terraform (IST) now makes it even simpler to securely integrate their on-prem environments and resources with their IaC plans – a result of our partnership with HashiCorp.

For many, however, the preferred way is to continuously deploy application Helm charts to the clusters. To address this requirement, another IKS feature we will be adding soon will be a Continuous Delivery toolkit for Helm charts, equipping customers with yet another mechanism to deploy and manage their application on their K8s platform.

Full-stack app visualization, AIOps rightsizing and intelligent top-down auto-scaling

Another important Intersight native service that IKS benefits from is Intersight Workload Optimizer (IWO). By installing the IWO agent helm chart on IKS tenant clusters, customers benefit from a comprehensive observability and automation toolkit for their K8s platforms, freeing them to focus on what matters: onboarding application teams and increasing K8s adoption.

Today IWO with IKS works in 3 ways:

◉ First, with IWO, customers can gain insights with interdependency mapping between K8s apps across virtual machines, servers, storage and networks, for simplified, automated troubleshooting and monitoring.

◉ Second, IWO allows DevOps teams to right-size K8s applications without the labor of manually pouring over the real-time traffic data patterns against configured limits, requests or namespace quota constraints, in order to identify the optimal CPU and memory thresholds for horizontal and vertical pod auto-scaler. Instead, IWO automatically detects thresholds based on user-configured policies.

◉ Finally, IWO enables intelligent, top-down auto-scaling – from the K8s app, to the cluster, to the infrastructure layer. Typically, DevOps teams use the Kubernetes default scheduler to handle fluctuating demand for their applications. While this is ok with the initial pod placement, it doesn’t help during the lifecycle of the pod, where actions might need to be taken due to node congestion or low traffic demand. IWO automatically and continuously redistributes IKS workloads and pods to mitigate that node congestion or optimize under-usetilized infrastructure. This results in better scaling decisions.

Source: cisco.com

Continue reading

SaaS-based Kubernetes lifecycle management: an introduction to Intersight Kubernetes Service

The transition to cloud native application architectures is rapidly growing and becoming mainstream, increasing the need for container operationalization and management. According to a Gartner report, “growing adoption of cloud-native applications and infrastructure will increase use of container management to over 75% of large enterprises in mature economies by 2024, up from less than 35% in 2020.”

Three years ago we launched Cisco Container Platform (CCP), a self-hosted software container management platform, based on upstream Kubernetes, offering integrations with all the popular public clouds as well as any hardware on-premises. As we have been enabling customers in their containerization and DevOps journeys, we always come across the three key personas that we are trying to help: IT Admins, DevOps and development teams.

◉ IT Admins, responsible for not just for the Kubernetes layer but also the end-to-end cloud infrastructure. They are looking for common tools to easily deploy, manage, visualize, and monitor across the entire infrastructure stack, from server firmware management, to the hyperconverged layer, to the automation and container lifecycle management.

◉ DevOps teams are responsible for the stack’s Day 2 operations. They are looking to protect the precious application data and automate deployment to be able to scale across both infrastructure and application stack.

◉ Development teams want a simple API to hide infrastructure complexity and tools to automate continuous delivery of their Kubernetes-based applications.

The feedback was consistent: how can we expand the functionality of our container management offering to enable integrated management of the complete infrastructure stack under the Kubernetes layer?

That’s exactly why we built Intersight Kubernetes Service.

Expanding Intersight with Kubernetes management

Back in October this year, at Cisco’s Partner Summit, we made a series of announcements under a common umbrella message of “simplifying IT operations across multicloud”. One of them was regarding Cisco Intersight and its evolution. Cisco’s Intersight, from a Cisco data center infrastructure management solution, is becoming a comprehensive cloud operations platform, helping users simplify the management and optimization of infrastructure, workload and applications – on-premises and on public clouds.

One of the first brand new modules to come out of the exciting new Intersight roadmap is Intersight Kubernetes Service (IKS). IKS effectively expands the Cisco Container Platform’s functionality to benefit from Intersight’s native infrastructure management capabilities, further simplifying building and managing Kubernetes environments. IKS is a SaaS offering, taking away the hassle of installing, hosting, and managing a container management solution. For organizations with specific requirements, it also offers two additional deployment options: (with a Virtual Appliance). So let’s take a look at how IKS can make the lives of our personas easier.

Building an end-to-end data center and edge Kubernetes environment with a few clicks

A good example comes from the retail sector: an IT admin needs to quickly create and configure hundreds of edge locations for the company’s retail branches to do AI/ML processing and a few core ones in privately-owned or co-located data centers. The reason it makes sense for processing or storing large chunks of data at the edge is the cost of shipping the data back to the core DC or to a public cloud (and latency to a certain extent).

Creating those Kubernetes clusters would require firmware upgrades, OS and hypervisor installations before we even get to the container layer. With Cisco Intersight providing a comprehensive, common orchestration and management layer, from server and fabric management, to hyperconverged infrastructure management to Kubernetes, creating from scratch a container environment can be literally done with a few clicks.

IT admins can use either the IKS GUI, its APIs or integrate with an Infrastructure as Code plan (such as HashiCorp’s Terraform) to quickly deploy a Kubernetes environment, on a variety of platforms – VMware ESXi hypervisors, Cisco HyperFlex™ Application Platform (HXAP) hypervisors and/or directly on Cisco HyperFlex™ Application Platform bare metal servers (coming soon) – enabling significant savings and efficiency without the need of virtualization.

Similar to the Cisco Container Platform, IKS will also soon support public cloud integrations with all the popular providers. After deploying the environment customers can easily lifecycle manage the entire stack as shown in this video (shown between 1.49-3.22).

Adding full-stack application visibility with Intersight Workload Optimizer

DevOps teams want to bridge the application and infrastructure gap as much as possible. They would be looking to right-size their application replicas (vertically and horizontally scaling of pods and nodes) based on traffic load. A benefit of IKS is that users can connect their Kubernetes workloads to another Intersight SaaS module used for application resource management, Intersight Workload Optimizer, and benefit from right-sizing their containers (by monitoring the traffic between the pods) as explained here (4.23 – 6.11). This way customers can get maximum ROI from the different locations where capacity can be an issue such as edge locations.

At the same time, IT Admins are always aiming for complete visibility across the application and infrastructure stack, beyond just the Kubernetes layer. As both IKS and IWO are part of the same platform, users can get a comprehensive view on the health of the entire stack, which is crucially important when remediating.

Stay tuned for our big IKS general availability launch in February 2021

As we work on the roadmap for IKS and the new features it will bring, we couldn’t be more excited to work with customers exploring new grounds on how to offer more value and accelerate IT operations.

Continue reading

Enabling Innovation in Customer Experience while Optimizing the Multi-Cloud: Part Two

As you read in part one of this blog, due to the pandemic and the resultant exponential increase in digital transactions, Customer Experience is far more paramount than ever before, across all demographics. It is imperative that as financial institutions embrace multi-cloud, the impact of how services are consumed from different clouds but presented in a consistent manner for the desired Customer Experience is vital.

Impact of the Multi-cloud environment on CX

As institutions go Cloud-All-In to enable this digital transformation, an application customer transaction will bounce across multiple clouds before reaching the end goal. In the recent State of the Cloud 2020 Report by Flexera, customers indicated that their #1 initiative is to reduce cloud bills, but their #2 is go move more workloads to the cloud. This is mainly due to the fact that existing individual cloud-provided tools are not integrated and create data silos. Also, most companies are unable to connect the dots between poor digital performance and the cost to the business. Most importantly, executives want — but don’t have — real-time performance metrics of their applications. There were consistent patterns found when CXO’s were asked how they assure application performance, namely:

◉ They over-provision – on an average 20% more, which is expensive.

◉ They monitor for alerts, which doesn’t always prevent the problems in the first place. In fact, people tell us that they ignore most of the alerts.

◉ They troubleshoot issues with people, which no longer scales given the volume and complexity of workloads.

◉ And they suffer with slow applications. Few companies tell us that they can “assure performance”.

When application workloads get the resources they need, when they need them:

◉ Your applications would perform as designed – no more resource contention.

◉ You’d be able to get the most out of your data center infrastructure.

◉ Sticker shock would be a thing of the past for your cloud projects.

◉ With the infrastructure constraints gone, you would not have to relax your policies.

◉ And best of all, your developers would have time and flexibility to innovate instead of chasing alerts.

The issue is around providing that flexibility for the DevOps teams to experiment at scale  as costs are kept in control, ensuring compliance is maintained and operationally the services are manageable, while assuring application performance is above par. As you constantly aim to find that equilibrium, there are 5 key areas one must keep in mind:

1. Assuring your applications: Do you understand your application portfolio ‘beyond the CMDB’ ? How will you be prioritizing your application migration? What KPIs will you use to baseline and measure success?

2. Streamline your operations: Will you be enabling developers to deploy infrastructure on demand? On multiple clouds? How do you plan to cost-optimize your infra?

3. Multi-cloud & cloud hosting: How will you develop the right level of abstraction across multiple clouds? How will developers manage container platforms across multiple clouds? How will you host legacy workloads?

4. Multi-cloud Optimized Networks: How will you achieve common operations, policy, visibility, and performance across multiple clouds? How will you assure and secure user experience to any cloud from anywhere?

5. Zero Trust Security: How will you deliver a cloud-ready security policy across multiple clouds, without slowing developers down? How does your cloud security strategy fit with your overall security strategy?

Taking a holistic solution approach

The true value of the application is not just on the hosting but on the consumption. Providing end to end connectivity, security, assurance and visibility to consume the apps is the key, looking at it consistently is the right way to provide the desired outcomes.

Cloud Hosting: Create cloud-agnostic, cloud native software solutions to enable and optimize your multi-cloud. Cloud-agnosticism means different services consumed from different clouds but presented in a consistent manner across clouds.

Cloud Consumption: Providing end-to-end connectivity, security, assurance, and visibility to consume those services across all clouds.

All cloud providers within themselves have strong capabilities, but as you undoubtedly are embracing multi-cloud, it’s imperative to be able to create consistent services across multiple clouds or as some people like to say – keeping the cloud providers honest. Thereby giving your development teams the flexibility to meet and surpass business asks and expectations, when it comes to the digital experience from their applications, but do it while keeping costs in check, maintain compliance and operational teams happy too.

Thus, evolving your applications experience not just from a FUNCTIONAL one to a JOYFUL one, but further raising the entire digital experience to a MEANINGFUL one. Thereby increasing your brand value and in-turn your desired customer recall.

Realizing this vision, backed by a business case

Cisco has always been at the forefront of providing the underlying infrastructure in enabling the expected connected experience, enabling businesses to get the most out of their ever-changing foundational layer. Cisco’s Performance IT program takes a consultative approach to assessing how your current multi-cloud environment is set up to help achieve your expected application experience. Keeping business outcomes in mind, Performance IT takes a 360˚ view of architectural transition, operational efficiency, and financial oversight in one go. It provides organizations with an architectural blueprint and a target operating model to demonstrate how this architecture can be run effectively. The cherry on top is the financial benefit in making this possible and setting up your teams to assure application performance in a multi-cloud environment of the future.

Continue reading

Watch How Riedel Networks Ensures World Events Win

Today everyone wants more and more from their network: more control, more visibility, and more security. And that’s exactly what Riedel Networks intends to give its customers, including the Olympic Games and Formula 1 as well as TV broadcasters and global enterprises.

With customers migrating data and applications, the communications networks provider decided to expand its product offerings to include a managed SD-WAN (software-defined networking in a wide area network) offering. 

Riedel Networks services some of the largest and most connected events around the world.

But with today’s security threats coming from vectors including remote workers, the additional of SD-WAN requires security gateways, both central and remote customer locations. The company needed an SD-WAN security solution for the edge.

Riedel has relied on Cisco technology since it started out connecting the headquarters of Formula 1 teams with race circuits. So, it was only natural that it turned to Cisco.

Cisco SD-WAN Security ensures every single packet on its journey to the cloud and back is kept secure without hindering performance. The Cisco technology provides everything from a broad range of connectivity options – including satellite connections and 5G mobile networks – to advanced SD-WAN routing and a full security suite.

And the vManage software controller means Riedel can manage everything centrally, over a single dashboard. With the right security controls in the right place based on policy, traffic, and location, customers have greater resiliency, no matter where they are – which is vital for businesses reliant on their networks for transferring pictures and sound as well as data.

Riedel Networks delivers customers a managed digital service including SD-WAN and SD-WAN Security for the latest in cloud networking.

The company plans to adopt Cisco’s new Catalyst 8000 Edge Platforms, which will allow Riedel Networks to deliver a secure, connected multicloud across the Cisco SD-WAN edge. Ultimately, bandwidth above one gigabyte per second means Riedel can include headquarters and data center sites in the SD-WAN.

Continue reading

Enabling Integration via Webex Teams – All Together Now

Enabling Integration via Webex Teams and Cisco DNA, SD-Wan, Intersight, Thousand Eyes via Cloud API Gateway

I was really excited to have a unique opportunity to put together a team of my fellow engineers to work on a Collaboration hacking contest within Cisco. This annual event is usually in-person for a day or two in San Jose, making it out of reach for my nomadic desert comrades located in Arizona. This year, however, remote is the new normal. This unique situation made it possible for my ragtag band of misfits to participate in events regardless of our geography. So we embarked on a mission to enable webhook integration for Webex teams, so that our products can send notifications into Teams, just as they can into email.

A cloud native yet cloud agnostic solution

In order to do this we decided to make sure this wasn’t only able to support diverse products, but also, diverse clouds. A cloud native, yet cloud agnostic solution based upon serverless infrastructure supporting standard webhooks and HTTPS Post messages. We decided on Google Cloud platform and Amazon Web Services for our multi cloud endeavor.

The initial idea was actually for a separate use case – I have esp8266 modules integrated with Teams for the use case of being notified when my garage door is opened/closed, my bearded dragon’s cage is hot, etc. As these scale in number, if I ever were to change my security bot token or room ID, I would have to go re-flash all of my IoT Sensors to match. So, it creates an operational problem for leveraging Teams as a IoT device receiver or third party integrator.

Enable cloud as an API gateway

The idea was to enable cloud as an API gateway to accept requests, do advanced security checks, and decouple the Webex Teams security and context information from what is flashed onto the sensors to better manage the lifecycle. But extending this to webbooks was a natural evolution that seemed to have the most immediate impact to customers. When Demo’ing some of our cloud technologies (Intersight, Meraki), customers saw that notifications can go to webhook or email, and naturally inquired about their Webex Teams integration.

By enabling the webhook capability, we immediately added support for all of our product sets that support webhooks to integrate with Webex Teams. And do so without requiring any change on either the product, or Webex Teams. We did want to have native “handlers” in the code to handle differences in webhook formatting between different products. For our project we created handlers for Cisco DNA Center and Meraki. We had started work on Thousand Eyes but didn’t have the lab instance able to send webhooks at the time we finished the project. The amount of effort to create and modify a handler is as simple as 20 minutes worth of effort ensuring that the JSON fields that you care about, are included in what is sent to Teams.

The code is available on Github

Of note, while the code should have been very consistent between solutions, there is a difference in how Google integrates their API with their cloud functions compared to AWS. The API gateway on GCP has been out for a while, but right now integration of the API gateway on Google for cloud functions is in Beta and does require a bit more lift to setup. I expect this will normalize as it is brought to market. I also want to caveat that by noting I was seeking a functional product, closer integration with GCP teams probably would have helped with how I managed some error handling in Cloud Functions to make it integrate with API GW.

Continue reading

Cisco Launches SD-WAN Cloud Interconnect Ecosystem with Megaport

Enterprises are consuming more business-critical cloud applications, and most connect to the cloud over the Internet. However, the Internet offers only best-effort connectivity with inconsistent network quality, which can impact application performance significantly.

Enterprises can also choose direct cloud interconnects for their site-to-cloud connectivity. However these “mid-mile” interconnects require customers to plan for capacity and global reach upfront, which can lead to underutilization and spiraling cost.

Today we are announcing a collaboration with Megaport, which offers Software-Defined Cloud Interconnects (SDCI). It provides programmable cloud interconnects to bridge enterprise SD-WAN sites to clouds in minutes instead of weeks, with strong performance and high reliability.

Cisco’s vManage will act as the overlay for software-defined cloud interconnects, providing ease of management and the capability to rapidly instantiate connections.

This collaboration will offer Cisco’s SD-WAN customers access to Megaport’s global reach. Megaport offers extensive connectivity choices, backed by service-level guarantees for assurance. It includes peering with location data centers, with a global footprint across 23 countries. Megaport connects to more than 200 cloud on-ramps, including leading SaaS services like Office365 and Salesforce, and to the six largest public cloud providers:  AWS, Azure, Google, Oracle, IBM and Alibaba. The Megaport ecosystem also connects to 200 network service providers, more than 700 data centers, and 360 IT service providers and aaS providers.

With this new collaboration, Cisco customers can leverage Cisco’s SD-WAN management platform, vManage, to software-define their cloud interconnects to multicloud and SaaS. With this integration, Cisco SD-WAN fabric will act as the overlay, and the Megaport Software Defined Network will act as the underlay.

This collaboration extends Cisco’s SD-WAN leadership, by offering an ecosystem platform for partners, of which Megaport is the first, to bridge Cisco SD-WAN fabric with the carrier-neutral and software-defined cloud interconnect fabrics.

Continue reading

From Data Center to Cloud, Guidance for Managing Data Everywhere

As enterprises react to rapid changes in business models driven by macro-events, digital transformation, and redistribution of both the workforce and the workloads, agility and resiliency in IT solutions and services are a key differentiator for success. Whether application workloads reside in the cloud, at the edge, or on-prem, the data center needs to be optimized for performance, reliability, and user experience as business and operational needs evolve.

Data center and cloud networking agility provide the ability to react quickly to changes and goes way beyond traditional measurements of speeds and feeds. Agility depends on being able to manage the network fabric holistically with emphasis on higher-level infrastructure orchestration platforms, automation tools, programmability through APIs, and end-to-end visibility through deep analytics with machine learning.

With the many permutations of cloud and data center infrastructures that exist in the global market, IT has a wealth of vendor options to evaluate for network solutions that match the needs of their enterprise and cloud data centers. Fortunately, there are analysts and technology journalists to help sift through the flood of data with independent research. What are the critical capabilities that set leaders of network infrastructure and management apart from followers? Let’s look at some of the capabilities that Gartner uses to evaluate data center and cloud networking solutions.

2020 Gartner Critical Capabilities for Data Center and Cloud Networking

The capabilities for optimizing data center and cloud networking—from hardware to network operating systems to management solutions—are all drivers of agility and business resiliency. In particular, Gartner highlights three use cases that are top of mind for many enterprise IT teams for evaluating data center networking solutions:

1. Enterprise Refresh/Build-Out Use Case. Includes switch hardware, Network Operating System (NOS), management, and automation integrations.

2. Agility Boost Use Case. Based on management platform independence, automation, hyper-converged infrastructure integrations, and public cloud integrations.

3. DevOps Driven Organization Use Case. Day 1 and Day 2 automation and data center platform integrations.

These capabilities, among others, build a foundation for managing data center resources for modern enterprises facing continuous change. For example, Gartner predicts that “by 2023, 10% of enterprises will fully integrate data center networking activities into CI/CD pipelines, up from nearly zero in early 2020”, with DevOps driving the development of applications critical to business. For these applications to run successfully under high demand, organizations will need increased insight and automation into managing Day 2 operations for data center and hybrid-cloud operations. In the 2020 Magic Quadrant for Data Center and Cloud Networking report, Gartner highlights Cisco’s strengths and cautions as a Magic Quadrant Leader.

◉ With solid products and a large and global installed base, Cisco offers depth and breadth of features that covers nearly all usage scenarios, including advanced routing and ultra-low-latency switching.

◉ Cisco has a roadmap to deliver increasing levels of analytics and automation to satisfy emerging customer requirements for a more autonomous and self-healing network.

◉ Cisco Network Insights improves Day 2 operational activities such as troubleshooting, reporting, and bug scrubs, and integrates with both Application Centric Infrastructure (ACI) and Data Center Network Management (DCNM) controllers.

Six Years of Positioning as a Gartner Magic Quadrant Leader in Data Center and Cloud Networking

2020 marks the 6th consecutive year that Gartner positions Cisco in the Leaders Quadrant for Data Center and Cloud Networking. This year Gartner included Cloud Networking in addition to the traditional on-prem data center offerings and we believe Cisco was named a Leader given our proven multi-cloud architecture. Gartner evaluated Cisco data center and cloud switches, NOS as well as Cisco Application Centric Infrastructure (ACI), Data Center Network Management (DCNM), and Data Center Network Assurance and Insights Suite.

*Source: Gartner Magic Quadrant for Data Center and Cloud Networking, June 30, 2020

Continue reading

Automating Network Deployment with Cisco DNA Center and Cisco Action Orchestrator

The Story:

A major retailer is standing up a new location. They require:

◉ A connection to corporate remote data center for price list
◉ To quickly deploy the local network at the branch including standardized configuration
◉ On site compute for localized advertisement, webservers and general compute.

Multi Domain Story

Check out Matt’s Blog to learn more about the overall story and what we’ve done.

What I would like to focus on is how we’ve Integrated Cisco DNA Center to automate the standing up of a new network with Cisco Action Orchestrator (CAO)

The Tech:

Cisco DNA Center

I had two tasks to accomplish:

1. Discover and provision the network in the new branch

2. Create and deploy an SSID throughout the entire store

The way Network Discovery works in Cisco DNA Center, first I have to initiate a Discovery Task based on a range of IP addresses.

Once the task is completed and the device is part of the managed devices. I can dynamically create my sites and assign the devices to each site with the appropriate template.

The Workflow is pretty simple

◉ Authenticate against DNA-Center to get a Token

◉ Grab credentials IDs that are configured in DNAC to access the devices

◉ Initiate Network Discovery

◉ Check if the task is complete

◉ Get a list of discovered devices

Network Discovery workflow built in Cisco Action Orchestrator

To Initiate Network Discovery you need to POST a request to the /dna/intent/api/v1/discovery endpoint with this body

Network Discovery request JSON Body

We are using an IP Range to discover our devices. We are also telling DNAC to access the devices via SSH using the configured credentials.

Once the discovery task is completed. We can check to see the results via /dna/intent/api/v1/discovery endpoint. This endpoint will return the list of all discover devices.

Network Discovery result

Part Deux of this automation journey is to create a standardized SSID. There is a nice API for that which made the workflow pretty simple:

◉ Authenticate against DNA-Center to get an API Token

◉ POST JSON body with SSID configuration to /dna/intent/api/v1/enterprise-ssid

and voila.

CAO Workflow using Enterprise SSID Intent API

The End

Remember how I said earlier this was part of an all star team that has essentially automated the entire story you’ve read? Well what’s great about working with Cisco Action Orchestrator (CAO) is that it didn’t matter the way I’ve built my workflow. When it came time to integrate all of our work, CAO made it very simple and hence we were able to take a small bit of automation for a specific Cisco Product and integrate it into a larger multi domain effort.

Continue reading

Implementing Cisco SD-WAN deployments with Cisco Action Orchestrator

Since the Cisco developer program (DevNet) began five years ago, we have seen huge growth and maturity of tools and platforms that enable engineers, operations teams, and software developers to deliver critical outcomes for their businesses. From the surge in growth of services in the public cloud to all of the open-source automation and orchestration platforms – such as Chef, Puppet, Ansible, so there has never been a better time to increase the way we tackle the challenges.

Our networks are composed of multiple operational domains (for example campus, data center, and security), that are tightly interconnected. However, engineers need more than interconnected domains to support customer and business needs. They need security, and an access policy that spans domains. And they need the agility to support new needs as they arise, with complete end-to-end visibility.

The need for tight integration, despite the differences in the domains, is one of the biggest drivers for moving to a controller-based, fully abstracted architecture.

Cisco Action Orchestrator provides a unified solution

Using Cisco Action Orchestrator we built a complete workflow. Action Orchestrator is a powerful workflow automation and technology-agnostic cross-domain orchestration product. This orchestration platform easily binds Cisco products together and connects smoothly to third-party products and open-source solutions, providing a unified solution. The following designs are applicable to provide advanced automation.

Imagine that your company wants to open a new store or remote office. When the company employees or customers connect on the network they need access to all their resources. This could be to enable applications to check stock, take payment, process invoices, or even just to safely surf the web. Ensuring your business is connecting safely and securely can be a challenge, this is where automation will help solve many of these once teething issue.

Let’s look at how we can deliver this, quickly and securely. Here we will focus on connecting the store to our data center and other locations and how we do this with Cisco SD-WAN API’s and Cisco Action Orchestrator.

Multi-Domain with Cisco SD-WAN

Our infrastructure must be flexible enough to accommodate those restraints. An intelligent, software-layer, such as SD-WAN, can change the inflexible and often slow networking models of the past. In the largest awareness, it is DevOps meets networking, this can be (and often is) referred to as ‘NetDevOps’.

When using Cisco Action Orchestrator we can use REST API calls to authenticate, to get a list of devices that are part of the SD-WAN fabric, and get device status deploying templates instantly connects our stores/remote office and data center networks. Now our routing algorithms accommodate application requirements and can adapt to real-time link conditions. The ability to connect any data services into the SD-WAN gives organizations amazing elasticity.

Let’s go over the steps that are required

You must first establish an HTTPS session to the server. To do this, you send a call to log in to the server with the following parameters: URL to send the request to use URL: `https://{vmanage-ip-address/j_security_check` which performs the login operation and security check on the vManage web server at the specified IP address.  The API call payload. The payload contains the username and password in the format j_username=username&j_password=password.

After we have established the HTTPS session, we can list the devices attached to the fabric, we use the call that retrieves a list of all devices in the network. To retrieve this list, use the following URL: https://vmanage-ip-address/dataservice/device.  In the templates table, the Device Templates column indicates how many device configuration templates are using a particular feature template the next URL being called is URL: `https://{vmanage-ip-address/dataservice/template/feature` which show the devices in to which the feature template is deployed.

Once the new site/devices are identified we push and attach the feature template to the devices with URL: `https://{vmanage-ip-address/dataservice/template/device/config/attachfeature`.  Validation of the feature template is completed by URL: `https://{vmanage-ip-address/dataservice/template/device/config/attached/[id]` validates which sites/device.

Building the workflow in Cisco Action Orchestrator

Now we know our API’s we are using from Cisco SD-WAN, we can add these into Cisco Action Orchestrator. A workflow is basically a constructed workflow that consists of activities, invocations of child workflows, and logic components that can be included to complete the workflow. Action Orchestrator allows you to automate IT processes based on our requirements using a workflow format. Once we have added in our Cisco SD-WAN workflow the whole thing looks like this.

To kick this off, we simply hit the “RUN”. When you create a workflow, you must specify where you want the workflow to run. You can also specify that the workflow runs on a specific target or target group. The target group can be defined once and reused in several processes. For example, you might have a database maintenance process that is scheduled to run every month on all database servers. Instead of scheduling the process multiple times to run on each database server, you can create a target group that includes all the database servers and schedule the process to run on all the servers at the same time. If you choose to execute the process on a target group, you can further specify to run the process on all objects that are included in the target group or run the process on a specific object within the target group.

The colors associated with the individual activities determine the status of the process and activity instances, upon completion we see green which means our process has completed successfully (if any of the steps failed we would see these as red which means the process has failed and did not complete the process execution). We also see a 200 OK,  as our request succeeded, STATUS 200 OK appears in the results area, here our request was successful and we see a STATUS 200 OK and the result is contained in the response body.

Now our new device and location have had its template pushed to the end device and the traffic will begin to flow as expected and our new device has all our router, policy and security feature that our requirements for our company.

Continue reading