A guide to maximizing your chances of success with IoT

“Dream big, start small.” This may sound like a clichéd phrase from a motivational poster, but it’s actually a very valuable piece of advice for enterprises to heed when deploying Internet of Things (IoT) initiatives.

By now, we all know that IoT has the power to drive digital transformations across industries by creating new value propositions, business models, services and markets. However, as I speak with frontline business and operations managers from enterprises around the world, I’ve found that many are still unsure how and where to begin their IoT journeys. They have big ideas and aspirations, but often struggle to see their project through. In fact, 60 percent of IoT initiatives don’t move past the proof of concept stage, and just 26 percent of organizations consider their IoT initiative a success.

Whether you’re embarking on your first or fiftieth IoT project, you need to do some careful planning to yield tangible results. Often that means starting with the low-hanging fruit – realizing some quick successes with a fast ROI and then scaling your projects into additional areas of the business for more ambitious results.

Condensed from my interactive book, “Building the Internet of Things – a Project Workbook” here are the 10 steps I recommend organizations take to maximize the chances of success with their IoT projects. Some of these might seem basic and common sense. However, based on my experience with dozens of IoT implementations across industries, I have discovered that these guidelines are often overlooked.

Identify your IoT project vision: First start small, but never lose sight of your end goals. IoT is a technology tool, and your IoT project is a means to an end. Therefore, you must first clearly define your business-oriented “why.” Why do you want to implement IoT, and what business goals do you plan to achieve? Here, consult cross-functional teams for input and to help secure buy-in from your higher-ups. If you skip this step, you will end up fragmenting your efforts on one-off projects, rather than creating a foundation for true digital transformation across your organization.

Define your use case: What is the specific business problem you want to solve? I recommend starting with one of four “fast paths” to IoT payback that focus on improving existing processes and thus reducing costs: connected operations (linking devices, sensors and meters to a network); remote operations (monitoring, control and asset management); predictive analytics (identifying and understanding where to take action); and preventative maintenance (increasing uptime and productive hours). Further down the road, you can start leveraging IoT to generate new revenue streams, business models and value propositions, as well as map out new go-to-market strategies, market disruptions and more.

Determine your skill requirements. People, not just the technology itself, determine the success of your IoT journey. Therefore, evaluate the readiness of your team and its skillsets to support your IoT initiative. Large IoT projects require people with soft-skills – not just technical knowledge– to build trusted relationships and virtual teams across departments and functions, listen and communicate, as well as secure buy-ins and on-going support and sponsorship from peers, executives and partners.

Benchmark your organization against your industry peers: This step will help establish metrics you can use to validate your project and determine how far you’ve come upon its completion. I suggest benchmarking your organization in the following areas: IT and OT convergence (not only at a technology level, but also organizational, architectural and business process); innovation environments (your workforce’s capabilities and appetite for innovation); partner ecosystems; customer relationships; and level of IoT experience. Use the results to identify gaps you need to address prior to starting the project.

Assess your technological readiness: Consider whether you’ll be able to connect and access all data and, at least, major functions of IT and OT groups via open and interoperable technology stack. Do you need to integrate islands of data? Do you have plans to consolidate networks onto IP? Rest assured that you don’t necessarily need to overhaul your legacy system from the start, especially if you are starting small. You can begin by connecting existing systems within your organization, then gradually introduce other elements of flexible frameworks.

Assess your cultural readiness: From the C-Suite to your workforce and across your partner’s ecosystem, your organization must be ready and willing to support your project. Here, it’s important to assess how well key functions tend to work together, how well they communicate with each other as well as with key stakeholders (including customers), what changes to the culture your initiative will require and what changes it will bring.

Develop the value proposition for your business case: As you prepare your organization for IoT’s required cultural change, IT managers will want to know the expected ROI of your project. Do your best to estimate a hard number, considering patterns of payback where IoT delivers the greatest value (see step 4), while taking into account the cost of new technology, human capital, device connections and cultural change.

Identify and connect devices, technologies and system: This critical step involves creating your project’s blueprint. Define your technology framework and how it needs to integrate with your existing systems and with the business processes. Make sure that your framework is not applicable only to your first project, but that it can also scale across your organization down the road and is flexible enough to integrate future technologies.

Address security:Take a rational, risk-based, architectural approach to IoT security. Partner with your Chief Information Security Officer to create a unified and policy-based security architecture that is imbedded into every aspect of your technology stack and workflow. Develop a plan for how you’ll handle security incidents before, during and after an attack. Leverage industry best practices and tools (don’t reinvent the wheel) such as device and traffic segmentation to safeguard your infrastructure from end to end. In addition, implement processes and checks to ensure the accuracy and validity of your IoT data flows. Identify the data you plan to capture and apply the appropriate business rules or logic needed to process or analyze it for meaningful results.

Measure Success:As you put your plan into gear, measure your successes (and even failures) along the way. Refer back to your baseline metrics established during the benchmarking step; identify what worked, and where you need to improve. Once you realize results – big or small – look for ways to replicate and scale your initiatives across other areas of your business.

Continue reading

The Potential of Thought Leadership is Much Better Than You Think

A headline from the 2019 Edelman-LinkedIn B2B Thought Leadership Impact Study caught my attention: Thought leadership has more influence on sales than marketers realize.

As it turns out, when it comes to thought leadership, marketers and those who create thought leadership have different beliefs when compared to decision makers and those who consume thought leadership content.

Consider these examples:

◈ Thought leadership creates access to top-of-the-food-chain decision makers. Forty-seven percent of C-Suite executives said they shared their contact information after consuming thought leadership content. Only 39 percent of marketers believe thought leadership generates leads or provides new contacts to call on

◈ Thought leadership content influenced 45 percent of business decision makers to invite an organization to bid on a project they were not previously considering. Only 17 percent of marketers said they felt thought leadership was effective at generating RFPs

◈ Thought leadership directly influenced 58 percent of decision makers to award business to an organization. Only 26 percent of marketers believe thought leadership is responsible for helping them close business

◈ Sixty-one percent of C-Suite executives said they would pay a premium to work with organizations that have clearly articulated a vision through thought leadership. Only 14 percent of marketers said thought leadership allowed them to charge more than their competitors who produce lower quality thought leadership content or none at all.

Here’s a chart that sums it all up: At every stage, decision makers value thought leadership more than those who produce it.

Source: 2019 Edelman-LinkedIn B2B Thought Leadership Impact Study

Marketers and decision makers are aligned on one thing: There’s not a lot of great thought leadership out there. Only 18 percent of thought leadership content is considered “excellent.”

To get the attention of the C-suite, to generate new RFPs, to become a premiere service provider—to reap the benefits of thought leadership, you have to create something far above the run-of-the-mill content branded and touted as ‘thought leadership.’

Thought leadership is bestowed, not claimed. Leadership of thought is in the eye of the content consumer, not the content creator. They decide who is the leader, and they decide who is not.

Anyone can create thought leadership. It takes five fairly straight-forward steps:

1. Develop an Idea
2. Create content
3. Merchandise your content
4. Ensure your content is consumed
5. As a result of your content, peoples’ attitudes and behaviors change

The fifth step is the one we overlook. But without it, what’s the point?

Today, I see a lot of marketers completing steps 1 – 4 but they’re not thinking about the fifth and most important step. Thought leadership without accompanying attitude and behavior change is a big waste of time and money.

If you want to create thought leadership that actually moves the needle—that actually influences change—follow these three commandments:

1. Know the Landscape.

No content exists in a vacuum, and it’s nearly impossible to find a topic that is brand-new and uncovered. In order for your content to become “thought leadership” it must be different and better than everything else that is already out there on the topic. I don’t see enough businesses doing the research and leg work from the beginning (and there are a TON of tools out there to help do this work). If seven great eBooks or webinars already exist about your topic, the bar for your content to become “thought leadership” is high.

Know what you are competing against for attention (and for Google love) and make your content different and better.

2. Prove It.

Today there’s a lot of essay-style “thought leadership,” which really isn’t that different than a guy on a street corner shouting at passersby. You see this approach with LinkedIn articles and Medium posts. When deconstructed, the content is someone venting or throwing out an idea. That canbe interesting, but opinions only aren’t likely to become thought leading.

If you want to be at the head of the pack, it’s better to use first or second-party research to develop more fact-based content.

3. Atomize It.

Even within your target audience who share attributes and values, people prefer different modalities of content based on their age, technological aptitude, and job function to name a few. The best thought leadership respects these choices and provides content in a panoply of formats. Don’t just write a white paper and call the job done. At Convince & Convert, we counsel all our clients to atomize their thought leadership into different formats: teasers, videos, infographics, audio content, and more. The list goes on and on.

The rule we follow is for every single piece of content create at least eight new and different content formats. If your thought leadership content is a white paper, for example, produce eight videos and also distribute it as an episodic series. Generate additional content formats and use those to appeal to your audience in many ways. Don’t stop at one.

Continue reading

How 5G Will Make the Network-as-a-Service (NaaS) Model a Reality

Cellular networks have become an important connectivity asset for businesses, allowing them to support mobile workers and devices that sit outside the enterprise. Despite the importance of connectivity, mobile networks have been limited in their ability to provide unique experiences for different types of users and apps connected to the network. 5G will have huge ramifications for what organizations can do over cellular connections and, as this is the first of four blogs providing an insight into how Cisco sees 5G’s future, it’s a worthwhile starting point to remind ourselves of the likely impacts of this new wave in connecting machines and people.

Clearly, 5G will be much faster than today’s networks but it will also be more reliable, more energy-efficient, capable of delivering high connectivity density and operating with very low latency.

5G’s network slicing capability is a means of providing a differentiated experience for users and devices based on the specific requirements of the environment they operator in. Together with the aforementioned new radio capabilities, slicing will offer the service levels, security, controllability, programmability and uptime that are needed for challenging and even mission-critical applications today. Network slicing leverages the virtualization of mobile network resources to allow the operator to create many logical networks with unique capabilities over a single physical network.

With 5G, the dynamic provisioning and scaling of network capacity and resources are available for the first time. The vision of managing the network-as-a-service in the same way as an application developer might manage cloud resources on AWS, Azure, or Google Cloud Platform is finally coming.

So, what does this mean in the real world?

5G’s speed and low latency makes it fit for the data glut created by bandwidth-hungry applications such as 4k video, AI-embedded devices and streaming analytics. But, more strategically, 5G opens new markets opportunities for Mobile Network Operators (MNOs) to address use cases that have specialized connectivity requirements: factory floors, autonomous vehicles, the Internet of Things, fixed wireless connectivity to remote branches and sites, and beyond.

While the potential for 5G to introduce new MNOs to new markets is significant, it should be noted that the investment operators will have to make to deliver 5G networks will be equally significant. Ensuring a viable business case will require the operators to find opportunities to charge a premium over basic connectivity for the differentiated experiences that 5G enables.

MNOs need therefore to make clear the advantages of 5G in terms of its ability to enable new capabilities and business outcomes for business customers:

◈ A sensor-driven manufacturing system that links to supply-chain peers and knows when parts need to be serviced or replaced (and might even be able to perform the task automatically).

◈ Real-time collaboration, including video conferencing

◈ An autonomous vehicle that relays status information to its manufacturer from every component – brakes, gears, acceleration, passenger games and entertainment and so on – for predictive maintenance, thanks to those aforementioned network slices.

◈ Connected remote offices and sites that are located in inaccessible or rural areas.

◈ Retail stores and malls that can deliver individualized augmented reality experiences offers and information for shoppers.

◈ Security, including live video streaming for protection of people and assets

At Cisco, we see our role as enabling enterprise customers to extend their network boundaries and trusted security profiles to the edge of the 5G network, with role-based controls over who has access to what services. By providing decades of expertise on internetworking and by layering in network and security policy controls to 5G services we will go to market with MNOs to change the network. And change the world.

Continue reading

Putting the “Trust” in Trustworthy SD-WAN

Organizations are implementing SD-WAN to bring secure, cost-effective, and efficient connectivity to distributed branches, retail outlets, and an increasingly distributed workforce. Top of mind for IT when expanding remote connectivity is ensuring the security and integrity of remote network appliances that are no longer under lock and key in the data center. Therefore, one of the advantages of adopting a software-defined network architecture is the plug-and-play, zero touch installation and configuration of remote SD-WAN branch routers and compute platforms. These Cisco-engineered appliances can be shipped directly to a remote site, powered on by a non-technical employee, and remotely configured by an IT expert from anywhere in the World Wide Web. For budget-constrained IT departments, remote provisioning, configuration, and management of network components, both hardware and software, provides significant time and cost savings.

But there’s also continuous pressure to decrease IT CapEx spending, as reflected in a recent trend to run Virtualized Network Functions (VNF) on white-label or bare-metal hardware. Budget-minded IT purchasers hope to save money by opting for less-expensive, generic versions of x86 hardware to run routing and security VNFs. However, security-minded IT professionals have a different perspective of using off-the-shelf compute hardware to process business-sensitive and personal data—the increase in risk.

Let’s look at an example of white box hardware that is shipped from a third-party manufacturer to a remote office for installation and provisioning. In today’s security environment, IT professionals should be asking:

◈ Where did my networking gear actually originate?
◈ Is the device genuine?
◈ Has it been altered at low levels in the BIOS?
◈ Is malware lurking in the bootstrap code?
◈ Can corrupted software with backdoors be installed without warning?

For scenarios like these, there’s no way to tell if corruption has occurred unless security-focused processes and technologies are built into the hardware and software across the full lifecycle of the solution. That level of engineering is difficult to accomplish on low-margin, bare metal hardware. Even when running VNFs on a public cloud, the same bare metal risk is mitigated only by the guarantees of the colocation or IaaS provider. If the choice comes down to savings from slightly less costly hardware versus increase in risk, its worthwhile remembering the average cost of stolen data from security breaches is $148 per record, while the cost of the loss of customer trust and theft of intellectual property is incalculable.

The Risky Business of Trusting Generic Hardware

With the daily onslaught of ever-more sophisticated threats, we all recognize that security for networks and applications has to be built into the foundation of every networking device. Network operators must be able to verify whether the hardware and software that comprise their infrastructure are genuine, uncompromised, and operating as intended. No matter how many functions are added to the security stack, the weakest link can cause all the other layers to fail. From hardware, to OS, to VNFs, every layer needs to be secure and work interdependently with the other layers for a complete defensive posture of the attack surface.

Building in Trust from Design through Deployment

Cisco embeds security and resilience throughout the lifecycle of our solutions including design, test, manufacturing, distribution, support, and end of life. We use a secure development lifecycle to make security a primary design consideration—never an afterthought. We design our solutions with trustworthy technologies to enhance security and provide verification of the authenticity and integrity of Cisco hardware and software. And we work with our partner ecosystem to implement a comprehensive Value Chain Security program to mitigate supply chain risks such as counterfeit and taint.

Security and Resilience Anchored in Hardware

The ability to verify that a Cisco device is genuine and running uncompromised code is possible with Cisco Secure Boot and Trust Anchor module (TAm). Cisco uses digitally-signed software images, a Secure Unique Device Identifier (SUDI) to prove hardware origin, and a hardware-anchored secure boot process to prevent inauthentic or compromised code from booting on a Cisco platform.

Secure Boot

Cisco Secure Boot helps ensure that the code that executes on Cisco hardware platforms is genuine and untampered. Using a hardware-anchored root of trust and digitally-signed software images, Cisco hardware-anchored secure boot establishes a chain of trust which boots the system securely and validates the integrity of the software at every step. The root of trust, which is protected by tamper-resistant hardware, first performs a self-check and then validates the next element in the chain before it is allowed to start, and so on. Through the use of image signing and trusted elements, Cisco hardware-anchored secure boot establishes a chain of trust which boots the system securely and validates the integrity of the software.

Trust Anchor Module

The TAm is a proprietary, tamper-resistant chip that features non-volatile secure storage for the Secure Unique Device Identifier (SUDI), as well as secure generation and storage of key pairs with cryptographic services including random number generation (RNG).

Secure Unique Device Identifier (SUDI)

The SUDI is an X.509v3 certificate with an associated key-pair that is protected in hardware. The SUDI certificate contains the product identifier and serial number and is rooted to the Cisco’s Public Key Infrastructure. This identity can be either RSA- or ECDSA-based. The key pair and the SUDI certificate are inserted into the TAm during manufacturing so that the private key can never be exported. The SUDI provides an immutable identity for the router that is used to verify that the device is a genuine Cisco product.

TAm-embedded SUDI and Secure boot are particularly important for configuring remote appliances with Zero Touch capabilities, providing assurance that both the hardware is Cisco certified and software being loaded is uncompromised. Before a router, switch, or AP can load the BIOS and network operating system, the unit must first prove to the network controllers that it is a verifiable Cisco hardware component by submitting the encrypted SUDI to the orchestrator in Cisco DNA Center or Cisco vManage. Once the hardware’s certificate is validated, the BIOS and network OS load, each verified by additional encrypted certificates to ensure the code is untampered before running. Finally, the IOS-XE and SD-WAN software loads and the router can receive a configuration file to join the orchestration fabric. Every step of this process is protected with encrypted certificates and secure tunnels for end-to-end trusted provisioning.

Cisco Secure Development Lifecycle is a Holistic Approach to Trustworthiness

The Cisco Secure Development Lifecycle (SDL) is a repeatable and measurable process designed to increase Cisco product resiliency and trustworthiness. The combination of tools, processes, and awareness training introduced throughout the development lifecycle enhances security, provides a holistic approach to product resiliency, and establishes a culture of security awareness. Cisco SDL development process includes:

◈ Product security requirements
◈ Management of third-party code
◈ Secure design processes
◈ Secure coding practices and common libraries
◈ Static analysis
◈ Vulnerability testing

In addition, Cisco IT is “Customer Zero” for many of our own products, so that ordering, implementation, and production are robustly tested even before Customer Early Field Trials.

Enforcing Trust in Virtualized Network Functions

Virtual Network Functions for SD-WAN can be trusted as long as the appliance hardware has the proper built-in security features, such as a TAm, to enforce hardware-anchored secure boot. Whether the routing appliance is located in a secure data center, installed with zero-touch ops at a remote site, or running in a cloud colocation facility, Cisco hardware supports VNF routing with end-to-end security and trustworthiness.

When selecting the appropriate hardware to run critical virtualized functions such as routing and security, it’s also important that the entire hardware ecosystem is optimized to achieve the levels of performance required to support SLAs and the expected application Quality of Experience (QoE). When it comes to high-speed gigabit routing and real-time analysis of encrypted traffic, performance is more than processing horsepower. By designing custom ASICs for complex routing functions and including Field Programmable Devices (FPD) to support in-field updates, Cisco hardware is fine-tuned for network workloads, security analytics, and remote orchestration.

Trust and Security Built-in from Design to Deployment

With a hardware-anchored root of trust; embedded SUDI device identity; encryption key management for code signing; plug and play zero touch installation, and custom silicon optimized for IP routing, Cisco provides a secure and trusted platform for enterprises of all sizes.

Continue reading

How to Get the Most Value From Your Container Solutions?

There’s been a fundamental shift in the technology industry over past 3-4 years with “applications and software-defined everything” dominating IT philosophy. The market continues to move towards a cloud native environment where developers and IT leads are looking for agility in application development, faster application lifecycle management, CI/CD, ease of deployment, and increased data center utilization.

Today, engineers and IT operations teams are tasked with churning out applications, new features and functionalities, configuration upgrades, intelligent analytics and automation quickly and efficiently to stay competitive and relevant, all while reducing cost and risk. An elastic and flexible agile development is now considered core to innovation and to reduce time-to-market. However, IT is faced with some key challenges, such as: siloed tools and processes, delayed application deployment cycles, and increased production bugs and issues – all resulting in slower application time-to-market, increasing costs, risk and inefficiency.

Docker revolutionized the industry with the introduction of application container technology where you can run multiple applications seamlessly across a single server or deploy software across multiple servers to increase portability and scale. While this has helped achieve consistency across multiple, diverse IT environments, removed the underlying OS abstractions, and enabled faster and easier application migration from one platform to another — it’s only the beginning. Organizations still need the right strategy and support to accelerate adoption of container solutions.

And it’s no longer a matter of when, but how?

How to speed container adoption?

Containerization is the new norm. Moving applications across heterogeneous environments from the laptop to the test bed, from testing to production, and from the production cycle to actual release both quickly and efficiently, is testament to an efficient and scalable containerized strategy.

So no matter what your broader business goals are, whether you are looking to:

◈ Align your cloud strategies with corporate visions
◈ Identify specific use case requirements for implementing container solutions
◈ Get your applications ready for prime-time
◈ Spin up applications for seasonal capacity surges
◈ Enable operational scaling and design for multicloud/ hybrid cloud deployments
◈ Configure application security policies
◈ Align application automation across diverse DevOps teams to streamline operations and troubleshooting;

You need the right cloud and container strategy, tools and expertise to help you bridge the technology and operational gaps, and accelerate the process of modernizing traditional applications. Services can play a critical role in helping you fast-track your transformation journey, while enhancing application portability and ensuring the optimum use of resources.

Determine the best strategy for your business

You need the right strategy alignment and cloud roadmap to maximize the impact of your cloud services across the organization. Coupled with that is the growing importance attributed to determining governance and security policies to reduce IT risk and speed time-to-market. Employing the right expertise – whether in-house or external, can help you to not only identify the right use case requirements for implementing container solutions, and determine technology/ operational gaps but more importantly, help you optimize your investment across people, processes, and technology.

Accelerate deployment across heterogeneous IT environments

Quick and efficient deployment of container solutions across multiple, disparate IT environments is a must, to enable operational scaling, configure feature integration, and design for hybrid cloud solutions. This is a crucial step in the implementation process, and you need highly experienced and trained specialists who can ensure frictionless operations through end-to-end network automation.You need a fool-proof solution design, test plan and clear implementation strategy that can ensure reduced lifecycle risk and interoperability. Engaging the right experts and skill-sets will result in faster implementation and increased time-to-value.

Consistent optimization and support for continued success

Maintaining application consistency and optimizing your application environment post-deployment, will help you exact the most value out of your technology investment. Conducting regular platform performance audits, root-cause analysis, streamlining existing automation capabilities, and running ongoing testing and validation, are all akin to keeping the lights on. Having the best-of-the-breed technology and industry expertise coupled with integrated analytics, automation, tools and methodologies enables you to preempt risks, accelerate container adoption and navigate IT transitions faster. Furthermore, you need centralized support from engineer-level experts who are accountable for issue management and resolution across your entire deployment.

Looking to accelerate applications to market, Cisco can help through our unmatched IT expertise, experienced guidance and best practices.

We offer a lifecycle of Container Services across Advisory, Implementation, Optimization and Solution Support Services to help you drive faster adoption of container solutions. We take a vendor-agnostic approach to offer container networking, infrastructure and lifecycle support to enable distributed containers across the cloud; manage cloud-native apps with support for orchestration, management, security and provisioning, and ensure integrity of the container pipeline and deployment process.

We also launched a new container management platform called Cisco Container Platform, based on 100% upstream Kubernetes, that offers a turnkey, open and enterprise-grade solution that simplifies the deployment and management of container clusters for production-grade environments by automating repetitive tasks and reducing workload complexity.

Continue reading

Cisco CloudCenter Suite: Your Multicloud Management Champion

In a few days, over one hundred million viewers will experience the phenomenon known as the Super Bowl. As fans of championship sporting events like the Super Bowl or, for my friends outside of the US, the World Cup, we expect a gratifying experience during these events and are solely focused on our favorite team’s accomplishments. At this point, we don’t care how many practice sessions and training hours were involved, or how long it took the team to reach this level. Our only expectation is to witness a superb performance culminating in our favorite players lifting the trophy; little do we dwell on the inherent complexity of what it took to get there.

In reality, championship teams prepare for this “trophy lifting” experience for years by developing and executing a framework of specific components: talent (management, players, coaching, supporting staff), teamwork (working together), discipline (execute to the plan), and a little luck.

Now in cloud, the expectations of cloud consumers are similar to those of sports fans. They adopt cloud platforms to exploit their numerous benefits: accelerate innovation, increase scale, or reduce operational expenses. Increasingly they are adopting multiple clouds simultaneously to leverage the unique advantages that each of them has to offer. But the specific use case, whether it’s to manage hybrid cloud workloads or distributed multicloud applications, is just a means to an end for them.

But for organizations, it’s all about taking the championship team’s point of view. Because to truly realize the benefits of a multicloud approach, they need a cloud management platform (i.e. a framework) that works across many clouds, both public and private. One that provides the best finished product, while abstracting the inherent complexities.

The newly announced Cisco CloudCenter Suite does just that, via a single solution that works across multiple clouds, doing what many other tools do separately or only for specific clouds.

Cisco CloudCenter Suite is an integrated set of software modules that accelerates innovation by providing a framework for organizations to design, deploy, and optimize infrastructure and applications across clouds to achieve their cost and compliance objectives. The suite simplifies multicloud management by providing workflow automation, application lifecycle management, cost optimization, governance and policy management across clouds.

Cisco CloudCenter Suite is now a modular, self-managed, Kubernetes-based solution that gives you all the benefits of a microservices application without actually having to manage one. It consists of:

Three modules that work together to simplify multicloud management 

◈ Workload Manager – Multicloud management of infrastructure and applications that helps customers design, deploy, and optimize their on-premises and public cloud environments. Workload manager enables governance policies, aligned with the organization’s objectives, that provide centralized visibility and control to help customers improve their multicloud maturity.

◈ Cost Optimizer – Cost reporting and remediation that analyzes customers’ consumption patterns on-premises and in public clouds and provides visibility into total cloud spend (compute, storage, network, and cloud services). It also identifies cost-optimization strategies to help customers right-size their cloud workload instances by minimizing overprovisioning.

◈ Action Orchestrator – Simplified orchestration and workflow automation that provides seamless integration within the suite and externally through a broad set of adaptors and standardized interfaces. This simplifies business processes, reduces human error, and eliminates repetitive tasks associated with technical integrations and business processes.

◈ Suite Admin – Central administration point for all CloudCenter Suite modules. It provides common services such as managing cloud accounts, multi-tenancy, licensing, monitoring and logging, role-based access control, user authentication, and single sign-on integration.

◈ Suite Installer – A self-deployed, self-managed installer that takes care of the installation process for the Kubernetes-based CloudCenter Suite on any environment (VM, OpenStack, on-premises and in public clouds).

CloudCenter Suite delivers a ubiquitous experience across your multicloud environments, whether on-premises or in the cloud, so that you can focus on developing and deploying applications with speed and scale. At design time, architects can compose the dependencies of their multi-tier applications into an application profile. Designers can leverage numerous out-of-the-box integrations across many Cisco products and other ecosystem solutions to build on the strength of Cisco’s ever-increasing investments in cloud technologies. Consumers can then deploy the profile, devoid of multicloud complexities, using a pre-established governance framework consisting of application and infrastructure policies. Applications are delivered consistently and reliably across private and public clouds in a manner that eases the transition to operations teams. Both consumers and operators can optimize infrastructure and applications anywhere through a recommendation engine that exposes the most economical consumption opportunities.

CloudCenter Suite’s flexible consumption models enable customers to choose the buying option that best suits their organizations’ use case requirements and price points, with three subscription-based license tiers available as self-hosted or SaaS. Small and mid-size enterprises can now take advantage of the same premier multicloud management capabilities enjoyed by large enterprises.

How does CloudCenter Suite deliver “quick wins” for cloud consumers and IT operators? It helps teams:

◈ Focus on accelerating innovation and reducing time to market by delivering applications wherever the cloud strategy dictates.

◈ Capitalize on the unique benefits of each provider by easing the management of multiple clouds.

◈ Reduce total cloud costs without compromising application performance by monitoring private and public cloud usage.

◈ Automate complex business processes to reduce digital waste and precious time and resources.

Championship teams operate best when the unique skills of each team member seamlessly come together to accomplish a common goal. CloudCenter Suite unifies your multicloud experience in the same way—enabling you to secure the best value from the ‘skills’ each cloud provider has to offer.

Continue reading

DevOps with CloudCenter Suite and Kubernetes in a Multicloud Environment – Part 2

This post is the 2nd part our series on DevOps and will focus on a CI/CD demo based on Cisco Multicloud Portfolio. You can find part one here. For our demo environment, we are using resources from 3 Kubernetes clusters, on-premises and in AWS.

Our lab

We have built a simple microservice-based application as shown by the picture below.

 The source code of the 5 components is stored in a github repository, where new versions of the application are committed (uploaded) by developers. At each commit, the Jenkins orchestrator gets the source code and compiles it, building the container images ready to deploy the application.

The images are saved in a shared container registry (Harbor, see next picture) where Cisco CloudCenter (or Cisco CloudCenter Suite, as per the official new title) will be able to retrieve them when asked by Jenkins to deploy the application. Based on input parameters provided by Jenkins, Cisco CloudCenter will target the deployment to the most appropriate environment for the current phase of the project.

In our demo lab, the environments are “integration test”, “performance test” and “production”.

They correspond to three different Kubernetes clusters that have been created on-premises (integration and performance test) and in AWS (production).

Each environment has different set of policies, that will be inherited by every application that is deployed there: policies for security, networking, autoscaling, etc.

The 3 Kubernetes clusters mentioned above have been quickly deployed by the Cisco Container Platform (CCP) without having to manually create them on each side.

The value in using CCP here is simple: in few minutes we created and deployed 3 production-ready clusters, fully integrated with networking, storage, security, monitoring and logging without even touching the K8s installer or the underlying infrastructure.

The 2 clusters named “integration test” and “performance test” were created automatically inside VM in a local VMware environment, while the cluster named “production” was created in AWS (CCP uses the API exposed by AWS’s Managed Kubernetes Service (EKS) to do everything automatically, including the integration with AWS’s Identify and Access Management (IAM) for authentication, authorization and access control)

The automated deployments will repeat, in the three environments, in a sequence that tests each version before moving it to the next deployment environment, ensuring the quality of the release. In the real world you might want to run more complex testing activities (such as code quality inspection, security, resiliency etc) than the 2 tests in this example (functional and performance).

Demo flow

◈ The next picture is a sequence diagram showing all the actions that we have automated; we used a color code to represent the phases that are commonly referred to as Continuous Integration (the green part) and Continuous Deployment (the orange part).

CCC stands for Cisco CloudCenter, where K8s dev, test and production represent the 3 Kubernetes clusters mentioned above.

◈ The entire process is completely automated and brings a new version of the application to the production deployment without any human intervention. This complete automation is often referred to as Continuous Deployment and – although very useful and adopted by big players like Facebook (their pipeline is more complex than our simplified demo) – is not very common among the customers I generally meet.

Those that adopted DevOps still prefer to have some human checks in between the activities, so that they feel they have a better control on the process and its quality.

When they have more experience, they will probably be confident enough to delegate every check to the automation tools.

Implementation

The automation is based on Jenkins, an open source orchestrator that benefits from the availability of hundreds of plugins; it can automate almost every component in your IT ecosystem, including Cisco CloudCenter of course.

In the Jenkins dashboard you can build different projects, like in the picture below. A project is a sequence of steps, using plugins to drive activities in the systems you want to automate (e.g. pull the source code from the repository, compile it, build container images, trigger a cloud deployment through Cisco CloudCenter, etc.).

Projects can call other projects, to make your orchestration modular and reusable. In the picture above, the project ‘TheWall’ (that is the name of our demo application) calls the other 5 projects in a sequence, checking that the outcome is positive before calling the next one.

◈ With this we are able to automate the deployments on those 3 Kubernetes clusters and run the functional test and the performance test of the application using an external tool (here we are using another open source product called Apache Jmeter).

◈ The functional test (which happens on the integration test cluster) is a sequence of user transactions, executed by the test tool using a pool of user identities and a pool of input data such as simulated clicks and text inputs, where assertions about the expected result are validated automatically. If the page generated by the application differs from the expected result, an error is logged, and the test can be considered failed. So, the functional test ensures that the application behaves as expected from a functional standpoint (and you can avoid a manual test for user acceptance).

The performance test (which happens on the performance test cluster), executed by the same tool, stresses the application and the infrastructure from a performance standpoint. A large number of concurrent users are simulated by the tool, invoking a sequence of user transactions with random wait time, reproducing a situation similar to the workload in a production environment. Response times are tracked and so are eventual errors, allowing the tool to declare whether the test is successful or not.

Based on the outcome produced by Jmeter, Jenkins will continue with the Continuous Deployment pipeline or abort it, notifying the developers that something went wrong, requiring a correction. In the latter scenario, the CI/CD cycle will start from the beginning: new modified source code modified committed, application built and deployed to the first environment, test executed, application promoted to next environment and tested… until the pipeline is completely executed without any warning or error and the application is released automatically in production.

The next picture shows the execution of the Jenkins pipeline for three different builds of the application. The most recent execution failed because the modification of the source code introduced an error that blocked the build. The other two executions succeeded, as demonstrated by the green color of every step in the pipeline.

Jenkins logs all the activities, so that you can check what happened during the automated process.

The next picture shows the output of the sub-project named ‘TheWall_Deploy_Test’, that is the 7th stage in the pipeline in previous picture.

In order for us to ensure that governance policies are applied during deployment (such as access control, reporting, cost control etc), we have inserted CloudCente in the process. Jenkins will use the API exposed by Cisco CloudCenter to deploy the application ‘TheWall’ to the test environment.

Note that the performance test environment needs to be robust enough to sustain the workload of the performance test, whileon the contrary, the functional test can be executed in a smaller cluster with less computing power.

You don’t have to code the API calls, because Cisco CloudCenter ships a plugin for Jenkins that integrates into its user interface graphically. But if you prefer, Jenkins can run scripts and commands from the CLI for you.

Continue reading