Sunday, 24 February 2019

New Wireless Frontiers for the Enterprise: 5G, Wi-Fi 6, and CBRS

2019 is going to be an incredible year in wireless networking. Enterprises are going to be able to take advantage of several important innovations.

Cisco Tutorial and Material, Cisco Guides, Cisco Learning, Cisco Certifications

First, 5G carrier-based wireless is going to start rolling out broadly, bringing a promise of dramatically better performance to mobile workers and the enterprise. Additionally, standards-based Wi-Fi 6 will be available in 2019. Wi-Fi 6 will dramatically improve the wireless experience, and it will enable new use cases for wireless that weren’t possible before. Quick on the heels of both of these rollouts will be CBRS (Citizens Broadband Radio Service, also known as OnGo), an extension of LTE that offers a new band of uncrowded spectrum. It will be especially valuable for mission-critical IoT applications.

With so much changing in how we connect, we are looking at a rare opportunity to combine technological change with strategic planning, as we explore how new wireless capabilities will change the way our businesses operate.

Common Tech


Before we get into the changes we’ll see in network planning due to these technologies, we have to understand how they’re different — and how they are actually coming together.

In 2019, both carrier-based mobile connectivity (LTE and 5G cellular) and unlicensed nomadic networking (Wi-Fi 6, otherwise known as 802.11ax), will converge in two key areas: radio signal encoding, and scheduling.

Both new wireless systems use the same method to squeeze more users and data into the frequencies they use, so each base station or access point can talk to more devices simultaneously. Also, with Wi-Fi 6, local wireless networking gets more scheduled, deterministic use of spectrum. Unlike other versions of Wi-Fi, which use a randomized channel access mechanism, with Wi-Fi 6, a device can rely on being able to use the radio on a particular schedule (measured by the millisecond). Scheduled access enables lower latency and allows for greater density of devices. And it has a positive impact on power use and battery longevity. In this regard Wi-Fi is advancing alongside 3GPP cellular technologies (like 5G and LTE), which are also deterministic.

Despite their technological convergence, carrier-based (LTE/5G) and unlicensed (Wi-Fi) wireless systems are, and will remain, dramatically different in terms of cost, infrastructure layout, and the level of administrative control they provide to enterprise network operators. These factors will determine how enterprises plan to maintain and grow their wireless capabilities.

Wireless Inside the Campus and the Branch


Wi-Fi 6 provides improvements in speed and latency, and supports a higher density of connected devices. Combined with its reasonable cost to deploy and maintain, it will prove an ideal system for indoor wireless connectivity – especially in areas where access points will serve more users.

Users on Wi-Fi 6 devices will see improved individual experiences. People in crowded areas that have traditionally offered hit-or-miss performance (waiting rooms, student lecture halls, meeting spaces, and so on), will have better experiences. Some devices that previously would only be connected by wired Ethernet will be able to move to wireless. This will help drive innovation around high-bandwidth and latency-sensitive use cases that should really be untethered, like AR/VR, gaming, and video communications.

As the number of performance-sensitive wireless devices goes up, enterprises will need new network intelligence to assure the best levels of service. Specifically, Cisco believes that Wi-Fi 6 access points, and end devices themselves, must become sensors, collecting real-time performance and experience data that they stream to a new generation of analytic engines. This will allow for proactive and granular management of these increasingly complex environments.

While for some enterprise installations and indoor use cases it will make sense to extend 5G or LTE into the interior space with Distributed Antenna Systems (DAS), or with interior 5G access points (“microcells”), this remains an expensive proposition. LTE and 5G radio chipsets are dramatically more expensive than Wi-Fi, and we do not anticipate this changing.  Additionally, most enterprises have an exponentially increasing number of devices they need to keep online; paying a monthly fee for connectivity per device would be cost-prohibitive.

Wi-Fi networks also provide a rich vein of analytics information to the enterprise. Businesses can gather extremely rich data about their facilities by tracking how Wi-Fi devices move through them. This information is going to change how businesses optimize the use of their physical locations.

5G for Connecting Campus and Branch


5G will have a great impact on branches and campuses as a backhaul service.  Keeping an enterprise’s branch and campus locations all connected to each other and the Internet has traditionally fallen to wired technologies like T1/E1 and xDSL; today, 4G is often used to quickly bring up sites, or as a back-up link, but it’s seldom used as a primary link, due to bandwidth limitations and cost.

But 5G is much faster than 4G. It can be used to augment or, in some scenarios, replace a wired connection. And with contemporary SD-WAN tools, it’s simple to deploy 5G in parallel with other WAN services – even across thousands of sites.

Moreover, wireless links make sense for businesses that rely on having robust, always-on connectivity to their branch offices, and for businesses that rely on cloud services. That is to say: nearly all businesses. Wireless backhaul links can’t be cut, and wireless infrastructure is often the first communications service restored after a disaster like a major storm. Using 5G to augment existing WAN services allows sites to have maximum uptime for their cloud-based services, and, when it’s managed with SD-WAN and used alongside links that are bandwidth-constrained , it can enhance the overall application experience too.

For even more bandwidth, 5G has frequency extensions into high-frequency millimeter wave bands, which offer significantly higher throughput. These high-frequency bands do not easily reach indoor spaces, but carriers can quickly set up external, line-of-site antennas to provide dedicated, high-speed connectivity at competitive prices.

Wireless and IoT


Both Wi-Fi 6 and 5G offer exciting opportunities to connect more devices reliably via wireless.  They share scheduling technology that makes wireless more deterministic, which is important for mission-critical IoT assets being used in manufacturing automation, healthcare, energy, and many other industries. Wireless technologies enable new use cases, and businesses that lean heavily on wireless will find it easier to accelerate their digitization initiatives.

Wi-Fi 6 APs will also increasingly include additional radios, like Bluetooth and Zigbee, which will make them more capable IoT gateways — and useful wireless sensors. They’ll be to help track and manage IoT devices through their entire lifecycle.

A particularly interesting extension of LTE (and later, 5G), called CBRS (Citizens Broadband Radio Service), holds a lot of promise as a complimentary technology to Wi-Fi 6 for use inside  buildings.  CBRS relies on spectrum in the 3.5Ghz range that is not used by WiFi or existing LTE/5G services in the U.S., so it’s unlikely to be interfered with by general-access consumer devices. Some initial CBRS capabilities are rolling out in products shortly.  For devices, like robots, that need guaranteed connectivity as well as mobility, CBRS will be a great compliment to Wi-Fi 6. Most businesses using CBRS will use it together with Wi-Fi 6.

When we discuss mission-critical IoT programs, we also need to keep security top of mind. Many IoT devices are both highly critical to business, and highly vulnerable to attack. Fortunately, a modern network can help make an IoT-rich environment more secure in several ways. In particular, it can limit potential for malware to spread from device to device, by using software-defined segmentation to ensure that network traffic from a particular device cannot be sent where it’s not supposed to be. Segmentation policies can span wired and wireless networks, as well as ruggedized environments.

Tying Wireless Networks Together


5G and Wifi6 will eventually be deployed together in the enterprise. It will be an evolving challenge to manage these separate access technologies as integrated systems – with unified policy, security, and analytics. Users and devices will need to move between 5G and Wi-Fi 6 systems, and the smart IT leader will want the experience to be seamless and easy to manage at scale. Orchestrating the management systems of these separate networks is our next frontier. Watch out for more to come on this aspect.

Friday, 22 February 2019

Peace of Mind with Cisco Optics (A)

Cisco sells the highest quantity of optical transceivers in the world. Through a combination of internal development and OEM and JDM engagements with suppliers, Cisco has developed an extensive portfolio of transceivers that has shipped to thousands of customers.

The value proposition of this optics portfolio is best viewed through several interrelated aspects – the breadth of product portfolio, stringent qualification requirements on Cisco platforms, and assurance of robust supply continuity along with worldwide logistics and distribution.

This first blog in a three-part series reviews the variety of Cisco platforms and the ease of deployment that comes with deploying Cisco optics. Additionally, the Cisco Transceiver Compatibility Matrix simplifies the network architect’s job of selecting transceivers to connect Cisco host platforms to each other.

Cisco Platforms for End-To-End Network Connectivity


Cisco offers the most comprehensive set of platforms of any NEM (Network Equipment Manufacturer). These solutions address a variety of applications and markets such as IoT (Internet of Things), Service Provider, Campus Enterprise, and Datacenter segments. In addition to platform hardware and software, Cisco provides optical transceivers to connect the different switches and routers in these networks. The following table samples the variety of Cisco platforms along with their application.

Cisco Tutorial and Material, Cisco Guides, Cisco Learning, Cisco Certifications

To connect all these devices at various places in the network, Cisco has developed an extensive portfolio of transceivers that spans multiple Form Factors, Reaches, and Speeds.

Transceiver options for all of Cisco Platforms


Cisco provides a comprehensive portfolio of pluggable transceivers to cover the entire range of applications for IoT, Service Provider, Campus-Enterprise, and Datacenter segments. These include pluggable optics for multi-mode fiber and single-mode fiber, and cables at various data rates and distances. In addition to optical transceivers that comply to IEEE standards and/or MSAs (Multi-Source Agreement), Cisco innovation is built into transceivers with proprietary optical specifications that give customers flexibility in their operations. For example, Cisco QSFP BiDi (Bi-Directional) and SFP and QSFP CSR (Cisco Short Reach) allow customers to migrate to higher data rates while reusing their existing fiber infrastructure without modification.

The Table below provides a high-level overview of the product portfolio highlighting the standards, form factors, and platforms supported.

Cisco Tutorial and Material, Cisco Guides, Cisco Learning, Cisco Certifications

Cisco Tutorial and Material, Cisco Guides, Cisco Learning, Cisco Certifications
Table 1. Transceivers for multiple platforms and places in the network

Detailed information on the entire transceiver product portfolio is available in their respective datasheets, which are organized by speed and form factor. Cisco has shipped millions of transceivers in 100M, 1G, 10G, 40G and 100G speeds. As market adoption continues, Cisco will continue this leadership with 25Gbps and new 100Gbps transceivers.

Cisco Transceiver Compatibility Matrix


The Cisco Transceiver Compatibility Matrix is a menu driven tool that lists Cisco platforms and all transceivers qualified on each platform.  For example, the network architect can quickly select transceiver options for the NCS540, a Service Provider Access platform.

Cisco Tutorial and Material, Cisco Guides, Cisco Learning, Cisco Certifications
Example 1. Using the compatibility matrix tool menus and appropriate filter settings, QSFP transceivers can be selected for the 100Gbps uplinks that span from 500 meters up to 40Km reaches over single mode fiber, which results in the following options for one line card example: QSFP-100G-PSM4-S, QSFP-100G-CWDM4-S, QSFP-100G-SM-SR, QSFP-100G-LR4-S, and QSFP-100G-ER4L-S.

Cisco Tutorial and Material, Cisco Guides, Cisco Learning, Cisco Certifications
Example 2. Similarly, 1 Gbps transceiver can be selected for the downlink data rates that span from 1Km to 10Km reaches. In both cases, the SW release version of the switch is provided, along with indication for DOM support (if available).

Cisco Tutorial and Material, Cisco Guides, Cisco Learning, Cisco Certifications

Buying Optics from a Platform Vendor


Cisco optical transceivers are qualified on the largest portfolio of routers and switches in the industry. By vetting transceivers for the most applications, Cisco routinely identifies issues during qualification that would otherwise go undetected until after network deployment has started. Cisco optics indeed provide peace of mind and the assurance that the entire network will be brought up and continue to operate reliably.

Wednesday, 20 February 2019

Practicing Responsible SSL Inspection in an SD-WAN Environment

One benefit driving enterprise SD-WAN adoption is improved branch connectivity to cloud applications via direct internet access (DIA). When performed securely, DIA cuts bandwidth costs and ensures a consistent user experience.

Looking at an SD-WAN fabric, WAN aggregation may seem outdated as headquarters and core locations no longer need to serve as fortified gateways to the internet. Despite these architectural changes, core locations can excel as aggregation points for more challenging security operations, such as Transport Layer Security (TLS) decryption, often called by its more common name, Secure Socket Layer (SSL) inspection.

Security remains a top concern across the WAN. Enterprises want to detect the latest malware threats, yet the latest research shows that 70% of malware attacks are estimated to be hidden in encrypted TLStraffic that network and security teams cannot see. With encrypted internet traffic increasing, SSL inspection has been promoted a solution for finding hidden malware, but this is misleading for a number of reasons.

To Decrypt or Not


Though some SD-WAN vendors may tout their SSL inspection capabilities—such as hardware acceleration or off-loading—as evidence of product superiority, indiscriminate decryption across the WAN is not a sound practice. Decrypting sensitive traffic can violate privacy and data laws, and establishing whitelist policies to avoid violations is time-consuming and, at best, educated guesswork. Furthermore, many enterprise teams do not have the compute resources for wholesale SSL inspection, forcing them to suffer performance degradation as traffic enters the WAN.

Cisco addressed this challenge by developing a proprietary process known as Encrypted Traffic Analytics(ETA). With ETA enabled, Cisco SD-WAN platforms, such as the Integrated and Aggregated Services Routers (ISR and ASR), as well as the Enterprise Network Compute System (ENCS) hosting virtual devices, are able to categorize malicious traffic without performing decryption. Enabling ETA allows your SD-WAN fabric more precise network policies, where any traffic flagged as questionable can then be backhauled to core locations for responsible decryption.

This is a unique process we call SSL Aggregation.

Reasons to adopt SSL Aggregation


While Cisco SD-WAN enables industry-leading, zero-touch branch security capabilities, such as stateful firewalling, URL filtering, DNS monitoring, and Snort IPS, it is recommended to backhaul any traffic ETA flags as questionable to core locations for three main reasons:

◈ Greater physical space at core locations allows for more robust security layering, including products that are different from, or go beyond, what’s available through SD-WAN. A next-generation firewall (NGFW) with SSL Inspection, next-generation anti-virus (NGAV) that can detect fileless malware, or SIEM technology can help to remediate and log vulnerabilities after the malicious traffic is decrypted for inspection.

◈ Many enterprises manage thousands of branch office locations in their SD-WAN fabric. Even if SSL inspection capabilities exist at branch and remote office locations, the complexity of such data could overwhelm network and security teams. By consolidating malicious data flows into fewer ingress points, security management is simplified.

◈ Metadata created in conjunction with ETA can alert to zero-day threats that evade threat intelligence. Sending the flagged traffic to secure core locations is the safest practice when aiming to retain and utilizing data.

Given their superiority as secure hubs to isolate and examine malicious traffic, core locations make effective aggregation points for practicing responsible SSL inspection in an SD-WAN environment. Architecting this process is simple with Cisco.

Architecting SSL Aggregation


Cisco Tutorial and Material, Cisco Guides, Cisco Learning, Cisco Certifications

Combined with a Cisco Stealthwatch license, Cisco routing and compute platforms become ETA intelligent, able to identify potential hazards in encrypted traffic. The following Cisco platforms are recommended in a standard SSL Aggregation architecture:

Cisco Tutorial and Material, Cisco Guides, Cisco Learning, Cisco Certifications
◈ At the Branch: Deploying a 1000 or 4000 Series Integrated Services Router (ISR 1000; ISR 4000), or a 5000 Series Enterprise Network Compute System (ENCS 5000) will allow your branch locations to feed key telemetry data into Stealthwatch, enabling ETA across the SD-WAN fabric.

◈ Core/Colo/Campus/HQ: Because these core locations will receive high volumes of aggregated traffic, deploying 1000 Series Aggregated Services Router (ASR 1000) is recommended to handle increased flows. A Cisco Firepower Threat Defense (FTD) Next-Generation Firewall (NGFW) can decrypt the malicious traffic at the core and detect the threat.

Sunday, 17 February 2019

Digital Transformation: Lesson’s learned at Cisco’s Media and Entertainment Industry Roundtable

Recently I had the great opportunity to host and moderate Cisco’s most recent Media Roundtable in Barcelona, Spain in conjunction with Cisco Live EMEAR with over 30 attendees.  During this event we had representation from some of the leading European Media organizations and partners including the likes of the BBC, Sony, France Television, SIC, Telefonica, Videlio, TF1, Dorna, Arqiva, Radio France, and Talpa TV along with our team at Cisco in attendance.  At this session we started to uncover how IP is transforming the Media Supply Chain in ways that are affecting their business in three areas:  Business Transformation, Technology Transformation and Operational Transformation or collectively what we at Cisco call “Digital Transformation”.  Let me dig into some of that discussion and some insights I gathered.

Digital Transformation, SP360: Service Provider, Cisco Tutorial and Material, Cisco Certifications

To set some context to the discussion we focused on the initial entry into the Media Supply Chain by focusing on the SDI to IP Transition or what many think of as the area of the Media Supply Chain focused on the live or near live acquisition of content.  This is an area that has had lots of visibility over the past two years with the introduction of new industry standards and trade groups, new technology solutions, new facilities being built, and new ways of thinking all while the needs of the staff to operate and execute this are changing dramatically.

Business transformation:


The key theme expressed during the discussion was that these media organizations are thinking about flexibility and use cases for manipulating the content that they now will have at their hands in far greater ways than ever before in the Media & Entertainment industry.  Some shared feedback that they were hyper focused on how IP would allow for new channels or digital channels for distribution and the revenue models to support that similar to how Canal + explains it in this video.  There was also interest and opinions in the role of the industry standards bodies in terms of how they are incorporating formats and whether those apply or not to their real life situations.  Some interesting debates on that specific topic for sure!  Some discussed how IP could offer flexibility to their environments and impact staffing, facilities and such.  Regardless it was clear that the move to IP creates some opportunities and goals that many are still trying to uncover.

Technology transformation:


Much of the discussion was around how to monitor and operate an IP Fabric environment.  Monitoring, flows, security and automation all bubbled up during the discussion but as we progressed the discussion we drilled into how this technology transformation was forcing the need for full interoperability between the Media and Broadcast Ecosystem Partners and folks like Cisco who provide the network and security aspects of these systems and innovation needed.  This “open interop” and “expanded partner ecosystem” has proven to be a hallmark of our strategy within Cisco’s Media and Entertainment strategy and this roundtable reinforced that direction.  The key now is to see how the industry keeps up and evolves to meet the demands of the content providers.

Operational Transformation:


This was an unexpected area of discussion, in which many of the customers and partners shared with us the challenges they have around workforce needs, training, and skilled labor needed by their own staff as well as the staffs of the ecosystem partners and systems integrators. It was clear that more awareness to training programs such as Cisco’s IP Fabric for Media basic and advanced training are needed and desired by the market.  We also shared that Cisco is working hard to “industrialize” the media ecosystem by creating programs and incentives to create consistent delivery partners of these systems through the IP Fabric for Media Partner Authorization Program. Here partners have a way to distinguish themselves as a trusted advisor to deliver these systems by investing in labs, training and ecosystem interoperability and thus Cisco’s ability to recommend them to the market.  Partners like Diversified Systems and WWT have already received their badge for this distinction but it was clear that we need to get more partners around the world to leverage this type of program to ensure successful project delivery.

Digital Transformation, SP360: Service Provider, Cisco Tutorial and Material, Cisco Certifications

In all, it was clear that transitioning to IP is top of mind for Media organizations due to the abundance of benefits it can bring however this transition also brings many concerns therefore there is a need to work together with the right partners and systems integrators to make the transition more seamless and effective.

Friday, 1 February 2019

Taking the Full Power of Hyperconverged Infrastructure to the Edge with HyperFlex Anywhere

We at Cisco have been on a mission; a mission to create the design patterns for the next generation of datacenters and private clouds. These design patterns are simpler than anything seen before, more performant than anything out there, and include the enterprise-class resiliency that our customers can count on.

Cisco shook up the server industry in 2009 with an architecture that extracted the personality of both server and fabric away from the metal, and codified it into policy. A few years later, we led the transition to converged infrastructure stacks—a space we still lead in. In 2016, we realized that Hyperconverged Infrastructure (HCI) could be built in a much more elegant manner than was available at that time. We codesigned hardware, software, networking, and management, creating a deeply engineered system with a superior architecture. We then introduced HyperFlex 2.0 in 2017, with a focus on application performance, and beat the competition in independent testing. In 2018, we released version 3.0 of HyperFlex, with support for multiple hypervisors, multiple container frameworks, and integrations that bridge to a multicloud world.

Today at Cisco Live Barcelona, I am happy to report that we are announcing HyperFlex 4.0—which extends Cisco’s HyperFlex platform from the core to the edge. HyperFlex 4.0 is a truly unique and innovative platform engineered to meet the requirements for deploying HCI in edge environments at a global scale.

Cisco Study Materials, Cisco Guides, Cisco Learning, Cisco Tutorial and Materials, Cisco Certifications

Data Center Anywhere – There’s Nothing Centered about the Data Center Anymore


Every cloud or data center is built for one reason – to run applications. However, today’s applications are increasingly diverse and distributed. They generate data in disparate locations and consume it from disparate locations. To further the point, it is estimated that by 2022, 50% of enterprise-generated data will be created and processed outside the traditional, centralized data center or cloud[1]. As data pools outside the traditional datacenter, datacenters themselves must follow the data to branch, remote, and edge locations.

Our latest HyperFlex offering is designed with this new reality in mind, delivering an elastic datacenter-in-a-box to wherever the data resides, be it at the core or at the edge.

HyperFlex Anywhere – Simplifying the Branch Deployment


Deploying HCI to multiple sites at a state-wide, national or global scale can be a complex task. Conventional offerings require staging in a central location, sending trucks from there to each site, moving IT teams from location to location, and manual installs. This process can be fraught with problems. Errors can get introduced due to fat fingering. Edge sites can get stale before the entire footprint is even installed. And the entire process can be very time consuming. HyperFlex with Cisco Intersight revolutionizes this process. HyperFlex Edge nodes ship ready to deploy directly from the factory to the edge sites along with connectors to Cisco Intersight in the cloud. This allows us to leverage the power and reach of the Intersight cloud to provide a fully automated, zero touch installation of the HyperFlex Edge clusters.

Cisco Study Materials, Cisco Guides, Cisco Learning, Cisco Tutorial and Materials, Cisco Certifications

We can now deliver deployment and lifecycle management benefits at scale; and deliver this remotely from the cloud. In addition to this, HyperFlex Edge and Intersight also allows our ROBO and Edge customers to:

◈ deploy a single and simplified hyperconverged architecture across their core, hybrid cloud, and edge – simplifying operations
◈ meet aggressive cost envelopes for infrastructure deployment at scale for edge and branch locations
◈ deploy clusters as small as 2-nodes (and up to 4 nodes) – a form factor that fits the needs of edge sites
◈ drive data resiliency without the expense (through our industry leading innovations around an invisible cloud-based witness resident in Intersight)
◈ simplify operations through centralized lifecycle management and actionable intelligence from Intersight.

In addition to the Intersight Cloud for Infrastucture management, we are also now integrated with Citrix Cloud Services. This enables customers to quickly and easily provision hundreds and thousands of virtual desktops and virtual applications from anywhere using Citrix cloud.

HyperFlex Anywhere – Performance without Compromise


The second key theme in today’s HyperFlex announcement is all about performance—one of our key differentiators and an area where Cisco will continue to lead. Although some of our competitors talk down the importance of performance because it is the Achilles Heel of their solution, we at Cisco take the opposite approach. We believe that performance matters and is key to enabling mission critical applications and minimizing total customer spend.

Cisco Study Materials, Cisco Guides, Cisco Learning, Cisco Tutorial and Materials, Cisco Certifications

The reason is simple. HCI has now matured to the point where it runs more and more of a company’s critical business applications. Poor HCI performance can impact customer experience, team effectiveness, and ultimately, a company’s bottom line. On the other hand, a high Performance HCI solution like HyperFlex can not only reduce these risks but also have a significant impact on TCO, both in terms of cost saving and cost avoidance for customers. When you can do more work with less resources, it means you need less hardware, less associated software licenses, and even more important, less operation overhead. These savings can add up quickly.

Yes, performance matters. And that’s why our latest HyperFlex release ups the game on performance yet again by utilizing Intel®Optane™caching and all NVMe capacity drives. We worked closely with Intel to develop the HX220c M5 All NVMe nodes and were the first to market with a fully engineered all NVMe HCI system that incorporates full reliability, availability, and serviceability (RAS) functionality. This includes hot plug capabilities to enable enterprise-grade All-NVMe systems for our customers’ business critical applications.

We’ve also added a new hardware offload engine to the latest release, called the HyperFlex Acceleration Engine. This engine is an optional add-on PCIe card with an onboard FPGA, and gives our customers the ability to offload processing from the CPU, thereby freeing up those cycles for actual application workloads. In addition, the hardware acceleration provides higher performance, further extending our lead in this area and maximizing economic value for our customers.

And finally, along with all the other new features mentioned above, this release delivers further enhancements for cloud native applications with support for RedHat Openshift Container Platform as well as support for the Kubernetes Container Storage Interface (CSI).

Our Mission Continues


HyperFlex Anywhere enables Cisco customers to extend the simplicity of hyperconvergence from the core to the edge, to address a multitude of workloads and use cases. Our new HyperFlex 4.0 release and Intersight innovations, are engineered to meet the unique requirements for deploying hyperconverged infrastructure in edge and ROBO environments, at a global scale, and with superior performance.

We are proud to have been recognized in 2018 by both Forrester and Gartner as a leader in the hyperconverged infrastructure space and look forward to continuing our mission of providing customers with the innovations they need to accelerate their digital transformation.

Wednesday, 30 January 2019

Security in Utilities: an architectural approach for partners.

When we talk about Utilities, we usually refer mainly to the companies that supply electricity to business and residential consumers. However, there are several other types of Utilities including Water, Gas and Waste Management companies just to name a few. All of them face the same types of security threats, in the past few years there have been a number of incidents, for example public warning systems have been hacked and turned on in the middle of the night. There have also been attacks on the systems that control gas pipelines shutting down the gas flow for several hours.

Cisco Tutorial and Material, Cisco Learning, Cisco Guides, Cisco Study Materials

Many of these attacks have happened not because of the actual lack of IT security measures or precautions, but in my cases due to organizational failures, whereby security data has been released to a third-party contractor without taking the necessary data protection procedures to avoid these incidents from happening.

In order to prevent security incidents from happening companies have to evolve their security approach to a phased security architecture:

◈ First Phase: modernize the connectivity of the transmission and distribution systems, including zone segmentation, controlled conduits and following standards such as ISA -95,99 / IEC 62443 / NERC /NIST.

◈ Second Phase: providing visibility of the data that is going through the equipment and systems all the way to the control area. This requires Application Control and Threat Control.

◈ Third Phase: convergence of security policies across all the different layers, including policy driven responses and deeper vision and control.

This phased security architectural approach can be used by partners across different types of Utilities. The most important thing to highlight is that partners should provide their customers with a consistent risk assessment followed by an architecture that addresses the potential gaps discovered through this assessment.

There are some use case themes that partners can discuss with their customers to address the different types of potential vulnerabilities their industrial infrastructure might have, including:

◈ Secure Connectivity: what devices can connect to what control systems; what type of communications can happen between different systems.

◈ Secure Remote Access: what are the access control measures, how can secure access be provided.

◈ Threat Control: what devices are vulnerable; how can you protect any vulnerable assets.

◈ Safe Environment: what type of protection is being provided in the networking infrastructure and what type of protection is being provided on the devices themselves.

In order to address the security requirements of all different types of Utilities we now have Cisco IoT Threat Defense which converges a security architecture and services to help industrial companies defend their IoT devices and keep their business running.

The main idea is to look at the individual environments that need some form of Cybersecurity, then mapping them to the products that Cisco partners can deliver by using the Cisco Validated Designs to define how to bring a particular solution forward.

There are four different areas that we focus on: Segmented Access Control for both IT and OT environments; Visibility and Analysis of potentially dangerous behavior to/from IoT devices; Secure Access into the OT network; and finally, Professional Security Services to assess the baseline risk, manage OT environments and perform incident response.

Monday, 28 January 2019

Improved performance and pay-as-you-go in Microsoft Azure

According to a recent IDC survey 85% of organizations are evaluating or using the public cloud1. As customers begin deploying workloads in the public cloud having a high-performing solution that allows them to securely extend their on-premises network to the cloud is critical. The Cisco CSR 1000V is a full-featured IOS-XE router that provides a secure way to connect your public cloud deployment to your on-premises network.

Microsoft Azure, Cisco Tutorial and Material, Cisco Learning, Cisco Study Materials, Cisco Guides

We are constantly working with our cloud partners to deliver new features and improved scale and performance. The latest software release for CSR 1000V (IOS-XE 16.10.1) delivers a number of significant enhancements for CSR 1000V on Microsoft Azure.

First, the release adds support for Microsoft Accelerated Networking which will enable customers to achieve 4x the throughput of the current CSR 1000V software release. Also, CSR 1000V will be launching support for customers to leverage pay-as-you-go, allowing for hourly consumption of the CSR. All of these improvements mean customers will be able to leverage better scale and performance for the CSR in Microsoft Azure.

Improved performance with Accelerated Networking


Cisco is adding support for Microsoft Accelerated Networking in the IOS-XE 16.10.1 software release for the CSR 1000V. By leveraging Accelerated Networking CSR 1000V is able to achieve up to a 4x increase in throughput performance across the existing instance types.

Figure 1 – Image from Microsoft Azure Documentation on Accelerate Networking

Microsoft Azure, Cisco Tutorial and Material, Cisco Learning, Cisco Study Materials, Cisco Guides

With accelerated networking, network traffic arrives at the VM’s network interface (NIC), and then is forwarded directly to the VM by-passing the host and the virtual switch. By allowing the CSR 1000V direct access to the network interface (NIC) Cisco and Microsoft are able to achieve significant improvements in the maximum throughput of the virtual router.

Azure Pay-as-you-Go


This new release for CSR 1000V also marks the launch of a new way to consume CSR 1000V on Azure. Customers will now be able to launch an hourly pay-as-you-go instance of CSR 1000V from the Azure Marketplace. With hourly pay-as-you-go, users can spin up CSR 1000V and consume it for a defined period of time based on their needs. When they are finished they can spin it down and only pay for the length of time they used it instead of being locked into an annual or multi-year contract. This pay-as-you-go instance of CSR 1000V will support all of the existing deployment models that are available today for customers who choose the bring-your-own-license consumption model for CSR 1000V.

Smart Licensing Only


In this release CSR 1000V will support only Smart Licensing. In previous release the CSR 1000V also supported classic ePAK licensing. Going forward all future releases of software for CSR 1000V will support only Smart Licensing which greatly simplifies licensing for the customer and provides greater flexibility and visibility to the licenses they own. Customers can use the Cisco Smart Software Manager (CSSM) to view all of the smart licenses they own in one place. For customers who have classic ePAK licenses they should convert their classic license to a smart licenses using the Licenses Registration Portal prior to upgrading to the 16.10.1 release.

This video provides step-by-step details on how to convert your existing classic ePAK licenses to a smart license.