Most Effective Study Techniques | Cisco CCDA 200-310 (DESGN) EXAMS

Exam Name: Designing for Cisco Internetwork Solutions

Exam Code/Number: 200-310 DESGN

Exam Overview:  This exam requires a foundation or apprentice knowledge of network design for Cisco enterprise network architectures. CCDA certified professionals can design routed and switched network infrastructures and services involving LAN/WAN technologies for SMB or basic enterprise campus and branch networks.

Practice Exam: Cisco Certified Design Associate Practice Test

Sample Questions: Cisco 200-310 Sample Questions

Continue reading

Critical Network Infrastructure in IoT Industries

The Internet of Things and the way in which different industries are transforming their business is having a direct impact on the type of networking infrastructure they now require. Digitization, Artificial Intelligence, Machine Learning and Automation are now the main drivers for many companies across multiple verticals to look into new ways of offering their services, running their day to day operations, dealing with their customers and suppliers and become more efficient.

But let’s look first into what we mean by Critical Network Infrastructure. Generally speaking, we refer to the information technologies and cybersecurity systems required to run mission critical applications that support the continuity of normal business and government operations. These systems provide the resiliency to avoid vital network interruptions and non-recoverable failures. They are also characterized by providing High Availability, Optimal Performance and Increased Security.

In the past, before IoT and Digital Transformation became ubiquitous, almost the only companies that required this type of Network Infrastructure were what we refer to as Service Providers or Telecommunications Carriers. These are the organizations that provide telephony, cellular services, internet broadband access and nowadays even cable and video streaming services. Networks are a Critical Infrastructure for this type of companies because their business model has always been based on providing connectivity in one way or another. Up until very recently we have referred to Critical Network Infrastructure simply as SP networking or Carrier infrastructure.

All these has changed as more and more industries require to provide an improved Customer Experience, and while the networking infrastructure was used in the past to provide mainly back-office operations and internal communications services, nowadays whole business operations have to run over this infrastructure and the interaction with the end users relies solely on the low latency,  uptime. and security of these networks.

Critical Information and as a result the data traffic carrying it, is moving closer and closer to the end user, across multiple regions and over very long distances. By the year 2021 up to 41% of all the data traffic will be delivered across multiple countries.

The demand for reliable real-time data is more critical than ever, with the arrival of Smart Homes, Autonomous Vehicles and Smart Cities the expectation is to have Secure, Fast, Simple and Reliable data. This can only be achieved by having High-Performance Networking, Automation & Analytics, Always-On and Secured Trusted Infrastructure to interconnect all of these systems.

Some of the most immediate IoT Use Cases that require Critical Network Infrastructure, and hence where some of the greatest opportunities are for Cisco and our Partners are in the Industrial Verticals and Public Sector. Let me give you a few examples here:

◈ Smart Cities

As more and more cities provide multiple services to their inhabitants, reliability and data privacy becomes critical. Some of the main challenges cities are facing include the effects of urbanization, it is estimated that by 2050 68% of the worldwide population will be living in cities. Shifting economics, sustainability and public safety are also some of the main trends impacting today’s cities. Technology can help solve some of these problems, including Lighting, Parking, Environmental control, Urban Mobility, Water Supply, Safety & Security and Waste Management. A Multi-Services Network including a Connected Communities Infrastructure Layer is required to provide all of these services! And guess what? This is an actual Network Critical Infrastructure, the one we have been talking so much about so far.

◈ Utilities

Power Utilities are also facing a new set of challenges that are transforming the way in which they Generate Energy, operate the Power Grid and interact with their Customers. In the past Customers were only seen as simple Rate-payers, but IoT is turning them into real Clients with high Customer Experience expectations. Electrical Vehicles, Distributed Energy Resources, Renewable Energy and Smart Homes are all shaking-up an industry that has been mainly focused on providing stable electricity supply for over a century. However, Power Supply is and has always been a matter of national security for every country. The electrical power grid is now changing as it has to adapt to all of these new challenges and expectations. The grid is a critical infrastructure that is becoming interconnected and that has to be run over a Critical Network Infrastructure. 

◈ Manufacturing

Over the past few decades globalization has turned the supply chain of almost every product into a multi-national affair. Different parts are manufactured across the globe and assembled in faraway locations. At the same time Digital Automation is turning Discrete and Process Manufacturing into one of the most accelerated verticals for IoT and Digital Transformation. Industry 4.0 is the concept of smart factories where robots and machines are interconnected to a system that can visualize the entire production chain and make decisions on its own.  If we add-up these trends the result is that manufacturing companies need to be able to provide High-Performance, Scalable, Resilient connectivity with very low latency (due to the precision required for many manufacturing processes), while at the same time having a high degree of flexibility across long distances with strong security and policy control. Sounds familiar?

These are just a few industries where the Critical Network Infrastructure that was required mainly by Service Providers in the past is now a “must” for many Industries. I could go on and on, but the idea is just to give you a glimpse into what is possible. Other industries close to my heart such as Transportation, Mining, Oil & Gas and many more are having very similar needs with their own specific requirements and industry trends all being driven and fostered by IoT technologies. And all of them represent a great opportunity for Cisco and all of our Partners.

Continue reading

4 Trends Molding the Future of Customer Service

Technology adoption and consumer behavior shifts have changed customer service forever. The simultaneous rise of mobile computing, social media, and changing demographics have aided a disruption that’s far from over. But as inevitable as change is, most companies are still using a 1995 playbook to solve modern customer service issues.

The issue with that 1995 playbooks is in its results. Eighty percent of businesses think they deliver superior customer service. Only 8% of customers think businesses deliver superior customer service.

It’s time for this to change. Here are four customer service trends that must impact how you interact with your customers from this point forward.

Proactive Customer Experience

While responding to customers online is less expensive than legacy customer service mechanisms like phone or email, the costs are real and the public nature of those pose risk.  Perhaps the best way to invest your resources is to legitimately improve your customer experience so fewer people have any reason to be upset with your business in the first place.

If you’re paying attention to customer feedback, you’re probably aware of the weak parts of your business. You know where and when customer satisfaction is likely to dip. Instead of waiting for your customers to experience those dips, proactively head them off at the pass. The best way to handle unhappy or unsatisfied customers is to eliminate the forces that make them unhappy or unsatisfied.

The best customer problems are the ones that don’t have to happen in the first place.

Self-Service Solutions

If customers can easily and thoroughly address problems on their own, they will. Self-service is an efficient path to issue resolution because customers don’t have to wait on your business to respond.

Self-service makes a lot of sense — on both the customer experience and cost efficiency fronts. According to Forrester, self-service increases customer satisfaction and lowers costs for businesses.

Forrester also found that 72 percent of consumers prefer using a company’s website to answer their questions. Unfortunately, businesses are not universally adept at this approach. Only half of customers can find the information they need online.

The best self-service programs are living organisms. They expand and morph and change to fit customer questions and complaints. To do this, managers must meet often with personnel interacting with customers to discuss what questions and issues are emerging. Many of the questions will be repeats. In fact, one-third of customer questions are common or repeat issues. The objective with self-service is to determine all of those likely questions, and then provide answers to customers in (ideally) multiple online formats.

Community-Based Service

If the most efficient way to get answers to consumers is to give them access to that information in a self-service capacity, the next best approach is to enable support from a customer community.

One of the reasons community-based customer service tools are so powerful is that collectively, the community knows more than any one customer service representative possibly could. These programs also have financial implications. Research from Gartner suggests businesses that implement community-based support can reduce costs by 10 – 50 percent. There’s another business benefit to these programs: Online communities can also breed deep insights that allows businesses and organizations to change their offerings, communicate more effectively, and enhance customer service when it does not need to be provided on a one-to-one basis.

Mobile Messaging Apps

Messaging has fundamentally changed the way we communicate with each another, and it’s making this transformation with gusto. According to Statista, Facebook Messenger has more than 1.3 billion active monthly users. WhatsApp (owned by Facebook) has more than 1.6 billion active monthly users, and WeChat is nearing 1.1 billion.

Messaging has transformed the world of customer service, changing the way people expect to interact with your business. Mobile usage studies show Americans are sending texts five times more often than they’re picking up the phone. In Asia Pacific and Latin American countries, those same studies show a strong preference for the aforementioned chat apps billions of people are using globally. In the U.S., this trend is even more prevalent with younger generations: 36 percent of Millennials would contact a company more frequently if they could text. Messaging apps are bigger than social networks and SMS. When it comes to younger generations, messaging dwarfs communications vehicles like email and phone calls as well.

Messaging apps are the biggest force in communication today, and their functionality for one-to-one messaging has everything you need for customer service. They’re private, which companies love. They’re persistent, which customers love. They’re real-time, and they’re asynchronous. Asynchronicity is one of the key factors that make messaging apps so convenient and powerful. A consumer can start a conversation with a business, do something more important, and pick up the same conversation where she left off 10 or 20 minutes later. Gone are the days of being on hold and gone are the expectations that being on hold is normal.

Not to mention the fact that messaging apps often get better satisfaction ratings than any other CX channel, including phone calls.

If you haven’t already, archive the playbook from 1995 and adjust how your business delivers customer service to meet the expectations of today’s customer.

Continue reading

Discover Hidden Risks in Your Network Before It’s Too Late

Consider for a second how you think about your vehicle’s maintenance. If you’re like the majority, you might drive your car every day and feel confident that you can get from place to place without scheduling a routine checkup every 5000 miles, as automotive experts suggest. You might wait for a signal to prompt that something is wrong, whether it’s a check engine light, tire pressure warning, etc. to take your car in to get serviced. And then it’s back to getting from point A to point B every time you step in your vehicle. The problem is, all the buttons and warning signs inside your vehicle can signal that everything is ok, but they don’t necessary provide information on the health of all the underlying parts.

Driving as if everything is ok without performing routine checkups is a lot like monitoring your network without rigorously evaluating it on a consistent basis. Just as parts of your car can deteriorate or break without your knowledge, network support and capacity thresholds are often broken from incremental requirement burdens that the network has to shoulder. This results in teams consistently performing corrective network maintenance, costing more and creating longer downtimes in the long run. In fact, results show that “preventative maintenance represents roughly 10-30 percent of total maintenance costs as compared to corrective maintenance.”

So, what can you do?

One idea is to set some time aside – either once or twice a year – and perform a thorough network audit. It may seem mundane and unappealing at first but think about the potential value it could bring your team (and the organization) if you found a major problem or gap ahead of time. For example, what if you were upgrading to high-resolution video but found that the network was experiencing consistent packet drops? Or what if you were deploying a new unified communications solution but found your network’s Quality of Service (QoS) was never revisited for real-time voice and video applications 7-8 years after it was first deployed?

How would packet drops affect your network before a new deployment?

Would you catch them in time?

IT organizations that routinely do this before a new deployment or cloud migration often find the most value and are able to get buy-in from other critical stakeholders, such as those in finance and upper management, for future change initiatives. They are able to articulate the severity of repercussions if something goes wrong, which can often include an “all-hands-on-deck” situation for IT and extra costs incurred for the whole company.

Another benefit is that audits help bridge a gap between executives and IT. An audit creates a foundational platform in which both parties can understand what’s most important through an objective report. This has often served as a catalyst for IT departments to get projects approved as they are able to finally provide credibility and evidence for specific recommendations that had initially been declined for not being “a priority” or for being “too complex” of a solution.

If you’re interested in trying this yourself, take three of your sites and at least one data center and simulate what the network traffic would be with your new collaboration solution. Monitor the key parameters (e.g. jitter, delay, packet loss, etc.), the bandwidth difference, and how the network’s load-balancing changes throughout the session. Then perform a risk analysis with your findings, which can include:

◈ A list of gaps, problems, and likely future issues
◈ An as-is scenario that highlights the likelihood and magnitude of associated risks
◈ A list of necessary and recommended upgrades
◈ Predicted cost, timing, and impact of upgrades
◈ Expected deployment date after upgrades are made

The goal is to spot areas that have been overlooked and to identify key drivers that could negatively impact future upgrades and solutions.

If you’re open to having an external party help you do this, Cisco has a couple audit options that might benefit you, including a:

- Cloud Collaboration Readiness Assessment
- Media Network Readiness Assessment (for video and Webex deployments)
- Network Readiness Assessment (for UC and Contact Center deployments)

Each Readiness Assessment consists of a detailed analysis of your foundational network (critical Layers 1-3), including security and compliance, so you can easily upgrade your collaboration technology without hassle or fear. Each assessment also addresses reliability requirements and validates your network’s capacity to deliver desired business outcomes, helping you understand the implications and repercussions of different options before you deploy or migrate. To help provide some context, let’s look at a quick example.

Last year, a global leader in consumer and business credit reporting wanted to upgrade its Contact Center solution and agreed to have a Network Readiness Assessment beforehand so it could properly address any concerns. The IT department initially resisted the idea but later agreed, noting:

◈ All bandwidth requirements had been met

◈ The network was highly redundant and had no known issues

◈ IP routing was in good shape

After identifying eight sites and two data centers to perform the assessment on, the Cisco Customer Experience team installed its proprietary software and simultaneously set up a network probe at each of the eight sites to simulate real time RTP traffic. It found:

◈ The IP routing between the eight key sites was not configured properly and the convergence time was too high, causing network packet drops
◈ The bandwidth was not configured properly to handle the amount of traffic to be deployed
◈ The QoS and network policies were outdated and needed to be updated before the upgrade

Ultimately, without the assessment the customer’s network would have likely crashed with the new deployment, costing millions and requiring all IT personnel to immediately fix the problem.

Turning your department from a reactive standpoint to a proactive one can help you better anticipate outcomes and problems before they occur. If you’re thinking about conducting a network audit on your own for your next collaboration upgrade, consider what resources you need to create a good report and the questions you’ll need to ask yourself along the way. What would have to be true in my audit in order to convince management to think differently? How do I ensure that my results are accurate and that I have the right data to back up my findings? How do I get others involved to create buy-in and to not upset those who would be impacted?

A good practice is to assume there’s already something wrong

in your network. Doing so will help give you the drive to ensure that

each possible risk is rigorously evaluated.

Learning what could prevent future success is arguably just as important as understanding what facilitates it in the first place.

Continue reading

Orchestration and Automation Solutions for the 5G Era

We looked at how Cisco can help service providers (SPs) deliver high-quality 5G solutions to their enterprise customers.

We now continue the story by focusing on two important 5G-network enablers: automation and orchestration.

In the light of today’s changing market trends, this blog briefly reviews some key Cisco orchestration solutions, illustrating their benefits via case studies.

Preparing for an accelerating world

If the 4G network was all about smartphones and consumer data, 5G is more about addressing the strict demands of vertical markets with the expectation of improved quality of experience (QoE) and application performance resulting in rapidly changing business models and customer behaviour.

Product cycles and new, more agile companies are disrupting markets. Savvy customers expect services to be available on demand, from anywhere, at the touch of a button. And technologies such as cloud services, virtualisation/containerisation and intent based networking (IBN) are enabling new commercial opportunities.

All of these developments demand more powerful and flexible network orchestration and automation solutions. But what are the business benefits for SPs?

To give just some examples, Cisco orchestration can reduce configuration and support costs, enable SPs to offer more innovative services quicker with shorter TTM (Time-to-Market), and help them build new revenue streams.

Managing tomorrow’s 5G network traffic

Let’s take a look at two Cisco automation solutions that SPs can use to manage next-generation networks.

Cisco Network Services Orchestrator (NSO) seamlessly configures, automates and provisions end-to-end services across traditional and virtualised networks with Cisco and 3rd Party products. It can add, change and delete services without disrupting the overall service, and help ensure that services are delivered in real time.

NSO 5 is the latest release. It’s a key part of Cisco’s Evolved Services Platform (ESP), which benefits from being:

• Open – multi-vendor and based on open standards and API.
• Extensible – its modules span the full SP architecture (cloud, video, mobile and fixed).
• Elastic – it seamlessly scales services and resources, whenever and wherever needed.

This industry-leading software offers a significant five-year ROI of 383 per cent.1

Cisco Crosswork is the newer suite of automation and orchestration solutions that can enable SPs to proactively manage end-to-end networks. This includes:

• Cisco Crosswork SON Suite – an automation solution concerning the self organising of the radio access network (RAN) that enables companies to reduce operating costs while improving the end-user experience.

• Cisco Crosswork Network Insights – a cloud service that analyses routing and network data to reduce the time taken to fix issues.

• Cisco WAN Automation Engine (WAE) – a solution that offers precise network modelling and optimisation of network traffic across the Wide Area Network (WAN).

Cisco Crosswork is a truly scalable orchestration solution for the new era of 5G networks.

Cisco orchestration and automation in action

Many companies are partnering with Cisco on 5G projects to reap the benefits of automation and orchestration solutions. Here are three examples.

VodafoneZiggo runs with RAN automation

Netherlands operator, VodafoneZiggo, wanted to automate its radio access network (RAN) for the 5G era, so it deployed a Cisco Crosswork SONFlex solution. The solution works in a multi-vendor environment, enabling the company to reduce the cost-per-bit while improving its overall customer experience with superior voice quality.

This move marks a new milestone for VodafoneZiggo. The company’s automation strategy has now shifted from traditional network-focused optimisation to customer-centric, self-organising network (SON)-based automation solutions.

As Matthias Sauder, VodafoneZiggo’s Director, Mobile Networks commented: ‘With Cisco SONFlex, we are now in a position to manage increasing network complexity with 5G on the horizon, improve operational efficiency, and gain greater autonomy to develop a unique automation strategy.’

Rakuten Mobile Network launches the first fully virtualised network

Another mobile network operator, Rakuten Mobile Network (RMN), plan to launch its services in Japan, late 2019, with a 5G architecture that will disrupt the telecom industry globally.

This will be the world’s first cloud-based network that’s fully virtualised the RAN and Core components, with end-to-end automation for both the network and services. RMN will deliver services from consumer mobile, narrowband IoT and rich media, to low-latency services that include augmented and virtual reality (AR/VR).

Cisco NSO enables full end-to-end automation along with the element management system (EMS) and operations support systems (OSS). It helps reduce OpEx and, compared to traditional operators, greatly reduces the need for people to deploy and operate the network. It also minimises human error.

As Tareq Amin, CTO of Rakuten Mobile Network Inc., commented: ‘Our services will benefit from a unique computing infrastructure that enables the best possible user experience.’

Orange invests in Cisco automation

Innovative service provider, Orange, is also planning to deploy the Cisco NSO software platform to its network. The company wants to be able to programme its infrastructure while automating its method-of-procedure operations and customer-facing services.

This will enable Orange to cut service activation times from days to hours, automate its service lifecycles and remove the risk of human error.

Christian Gacon, VP of Wireline Networks and Infrastructure at Orange, said: ‘Cisco’s model-driven approach to network automation and service orchestration is enabling Orange to drastically speed up delivery of services across our entire lifecycles.’

The solution will also enable Orange to continue delivering superior customer services without disruption.

Cisco trusted solutions are ready to orchestrate today’s increasingly complex networks, simplifying management, cutting costs and, above all, offering outstanding services to end-users.

Continue reading

Enterprise Streaming Telemetry and You: Getting Started with Model Driven Telemetry

Why Streaming Telemetry?

Cisco IOS XE is the Network Operating System for the Enterprise. It runs on switches like the Catalyst 9000, routers like the ASR 1000, CSR1000v, and ISR 1000 and 4000’s, Catalyst 9800 Wireless LAN controllers, as well as a few other devices in IoT and Cable product lines. Since the IOS XE 16.6 release there has been support for model driven telemetry, which provides network operators with additional options for getting information from their network.

Traditionally SNMP has been highly successful for monitoring enterprise networks, but it has limitations: unreliable transport, inconsistent encoding between versions, limited filtering and data retrieval options, as well as the impact to the CPU and memory of the running device when multiple Network Monitoring Solutions poll the device simultaneously. Model-Driven Telemetry addresses many of the shortfalls of legacy monitoring capabilities and provides an additional interface in which telemetry is now available to be published from.

Yes, this is a push based feature. No longer do we need to poll the device and ask for operational state. Now we just decide what data we need, how often we need it, and where to send it. Once the configuration is in place the device happily publishes the telemetry data out to the 3rd party collectors, your monitoring tools, big data search and visualization engines like Splunk and Elastic, or even to a simple text file – it’s totally configurable what you do with the data. In the example below we use Telegraf + InfluxDB + Grafana to receive, store, and visualize the data.

Once common use case is to monitor the CPU utilization of a device. Let’s understand where and how we can get this data from our Cisco Catalyst 9300 running IOS XE 16.10

YANG Models

YANG Models are at the heart of Model-Driven Telemetry: Yet Another Next Generation! These human-readable text-based models define the data that is available not just telemetry publication but also for programmatic configuration as well. These data models reside within the IOS XE device and can easily be downloaded when using tooling like YANG-Explorer. All of the models are also published on the YangModels Github page which makes them easy to access and analyze.

The YANG-explorer tooling is available on the CiscoDevNet Github page which can download the YANG models directly from the IOS XE device over the NETCONF or RESTCONF interfaces and quickly show which data is available and from which model.

This example from the YANG Explorer shows that we have already downloaded and loaded the Cisco-IOS-XE-process-cpu-oper.yang model and began to explore it. It shows that the one-minute, five-minute, and 5-second “Busy CPU-Utilization” is available as a percent, as well as the Interrupt 5-second (five-second-intr) metric. It also shows some metadata about the model that includes the XPath, Prefix, Namespace, and a description with some other details.

Cisco IOS XE MDT Configuration

Now that we know which YANG data model contains the needed information let’s enable sending this telemetry from the device.

It is possible to configure and verify telemetry subscriptions from the traditional CLI as well as through the NETCONF, RESTCONF, and gNMI programmatic interfaces using YANG. When using CLI the show commands are available with the ‘show telemetry ietf’ set of commands, and is configured similarly with ‘telemetry ietf’ commands when in configure mode. When using YANG, the “Cisco-IOS-XE-mdt-cfg.yang” and “Cisco-IOS-XE-mdt-oper.yang” YANG models are available for both configuration and operational datasets.

Lets look at a configuration example from a Catalyst 9300 switch running Cisco IOS XE 16.10 This configuration enables telemetry subscription ID 501 and encoding is set to “kvgbp” which is a self describing JSON key-value pare Google Protocol Buffers format. The data that we want sent is defined by the filter xpath and we used YANG Explorer and the YANG models earlier to find it. The xpath filter prefix for the Cisco-IOS-XE-process-cpu-oper.yang model is “process-cpu-ios-xe-oper.yang”, and the specific datapoint or KPI we want is the 5-second CPU Utilization. The source address and source VRF are set so that the device knows which port or interface to send telemetry from. The update policy is set in centiseconds so every 5 seconds (500 centiseconds) the device will publish an update. Finally, the IP and port that the receiver is listening on is set, as well as the to use gRPC over TCP as the protocol.

Cat9300# show run | sec tel

telemetry ietf subscription 501

 encoding encode-kvgpb

 filter xpath /process-cpu-ios-xe-oper:cpu-usage/cpu-utilization/five-seconds

 source-address 10.60.0.19

 source-vrf Mgmt-vrf

 stream yang-push

 update-policy periodic 500

 receiver ip address 10.12.252.224 57000 protocol grpc-tcp

Let’s see what this looks like with some of the show commands: ‘show telemetry ietf subscription 501 detail’ and ‘show telemetry ietf subscription 501 receiver’:

The output shows that the CPU Utilization XPath has been set and that the telemetry receiver has connected successfully.

Telemetry Receiver

The open source software stack that allows easy reception, decoding, and processing of the “kvgbp” telemetry is referred to as the TIG stack. TIG represents three separate software components: Telegraf which receives the telemetry data, InfluxDB which stores it, and Grafana which is responsible for visualizations and alerting.

Telegraf has the “cisco_telemetry_mdt” input plugin that receives and decodes the gRPC payloads that the IOS XE device sends. It also has an output plugin that sends this data into the InfluxDB where it is stored. The configuration for Telegraf is simple and static because once it’s setup it rarely needs to be reconfigured or modified. Simply define a few global parameters, the input, the output, and then start the telegraf binary or daemon process.

In this example we configure the gRPC input listener on port 57000 – this is the port that IOS XE will publish telemetry to. We have also configured where to send the data out to: InfluxDB running on the localhost, port 8086, as well as the database, username, and password to use for the data base storage.

# telegraf.conf

# Global Agent Configuration

[agent]

hostname = "telemetry-container"

flush_interval = "15s"

interval = "15s"

# gRPC Dial-Out Telemetry Listener

[[inputs.cisco_telemetry_mdt]]

transport = "grpc-dialout"

service_address = ":57000"

# Output Plugin InfluxDB

[[outputs.influxdb]]

database = "telegraf"

urls = [ "http://127.0.0.1:8086" ]

username = "telegraf"

password = "your-influxdb-password-here"

InfluxDB and Grafana can run inside Docker containers or natively on Linux, and there is excellent getting started documentation on the official InfluxDB and Grafana websites. I recommend following the official guides in order to setup InfluxDB and Grafana in your environment as needed.

Visualization with Grafana

Grafana is the visualization engine that is used to display the telemetry data. It calls into InfluxDB to access the data that is stored there, which is the same data that Telegraf received from IOS XE. In this example there are three unique queries for each of the CPU metrics: five-seconds, five-minutes, and one-minute, and those are shown in the chart. We can see that the 5-second CPU average in green is between 1% and 2%, while the 1 minute CPU average in blue remains at 1%.

Continue reading

Affirming Trustworthiness of Critical Infrastructure

In this blog, I will focus on how you can cryptographically gather evidence to affirm trustworthiness of your trusted network.

Earlier this year, at Mobile World Congress (MWC) in Barcelona, Cisco announced Crosswork Trust Insights as a cloud-based SaaS offer that reports on the integrity of devices and provides advanced forensics for assured inventory. The visibility helps to maintain confidence in your trusted network infrastructure, and track potential concerns such as:

◈ Is my hardware authentic?

◈ Am I running the expected software?

◈ Are the firmware and OS verified to be genuine?

◈ Was there an unexpected software or hardware change?

Cisco is committed to continually enhance the security and resilience of its networking solutions. Delivering highly trusted and secure platforms involves relentless effort across technology innovations, rigorous certifications, best-in-class manufacturing and software development processes.

Figure 1: System Integrity is the Foundation of Trust

Building and maintaining trust demands reliable and verifiable reporting on device state. There is no feature on the device that can tell you whether it is trustworthy. Instead, you must gather evidence: a broad set of integrity measurements related to hardware, firmware and software (Figure 1). It begins in the hardware as the evidence needs to be cryptographically anchored to hardware-level root of trust. Such evidence need to be collected and verifiable, not just at the boot time, but also at runtime and retrospectively for ongoing affirmation of trust. The crucial component of such a solution is the visualization and reporting of evidence that can enable today’s service providers to track the trust posture of their network infrastructure components. Such a solution must have the following attributes:

◈ Cryptographically secured collection, evaluation and storage of evidence

◈ Automated feed of up-to-date fingerprints derived from manufacturing and software build processes to affirm hardware and software integrity

◈ Authoritative history of changes to the device state to establish traceability for forensic analysis. The key is reinforcing the truth based on verifiable evidence collected today, yesterday or in the past

◈ Hosted independently to safe-guard against insider threats

In releasing Cisco Crosswork Trust Insights, we introduced a secured mechanism backed by cryptographic proof for collecting data from your devices. This mechanism can be leveraged to gather verifiable evidence for a variety of use cases such as inventory and operational reporting, compliance verification or trust attestation. Accurate tracking of inventory changes and ability to prove retrospectively, what happened, when and how it happened, who did it, are critical to preserve assured inventory. The assessment can be augmented with trust data enabling integrity verification and detecting unanticipated changes. For example, when a router is upgraded, it is essential to gather evidence to verify what OS version it is running or if the version changed unexpectedly indicating a suspicious activity.

Figure 2: Cisco Crosswork Trust Insights

Crosswork Trust Insights reports on inventory changes and system integrity information with comprehensive coverage across hardware and software. It uses Cisco Crosswork Data Gateway as a proxy deployed in your network to collect data from network devices using a cryptographically secured channel. It validates the signatures and evaluates the collected evidence against the fingerprints provided by Cisco. Crosswork Trust Insights also provides secure off-site storage of evidence which can help ease compliance and forensics while safe-guarding against internal threats. All the information can be visualized and analyzed with intuitive dashboards and workflows.

For service providers, Web/OTT, and enterprises alike, a network is a mission-critical asset. Especially for service providers, the network enables delivery of business-critical services, new revenue streams, and business models. Trust is a key infrastructure pillar that can help you reinforce trustworthiness as a significant differentiator.

As we know, the security landscape will continue to expand, therefore Cisco is committed to transparency and accountability, acting as a trusted partner to our customers to address evolving security threats.

Continue reading