Wednesday, 25 September 2019

The Circus is Coming to Town and Why You Should Stay Away

We are entering the integrated era


Cisco Tutorials and Materials, Cisco Learning, Cisco Study Materials, Cisco Learning
You’ve probably noticed the recent headlines of a few one-trick ponies getting together to form their own three ring circus.  These events underscore a paradigm shift that is underway – the security world is entering the integrated era.  Nowadays, customers want comprehensive solutions with seamless integrations across their endpoint, cloud and email security programs.  Standalone vendors are just now realizing this and are scrambling to partner up with one another to satisfy the market’s demands.  As an ambassador of Cisco’s integrated security portfolio, I would like to formally address these three vendors by saying: Congratulations – you finally realized what your customers need.  But let me issue a caution: you’re going about it all wrong!

The new reality


A lot of things have fundamentally changed how users work today.  Applications, data, and user identities have moved to the cloud, branch offices connect directly to the internet, and many users work off-network.  This has given users an unprecedented ability to access, create, and share information online, which has concomitantly increased the risk of them exposing sensitive information.  Additionally, advanced attackers have matured beyond the traditional defense models that rely on a patchwork of point solutions – they no longer rely on a single attack technique, and instead use multipronged approaches that may combine email phishing, fileless malware, and malicious websites.

Practitioners must protect against internet-born threats, phishing attacks, have control and visibility into their endpoints, and be able to quickly respond to incidents that arise – that’s a tall order for many reasons.  First, the average enterprise has 75 security tools running in its environment.  Second, most of these tools don’t communicate with one another.  The sheer volume and complexity associated with responding to this information overload while simultaneously trying to correlate disparate datasets across multiple disaggregated sources is daunting. Security teams often find themselves drowning in a deluge of data and facing unmanageable workloads that make it nearly impossible for them to do their jobs well.  This leaves them feeling overwhelmed and unmotivated, and further undermines cyber risk management by increasing the likelihood of them not responding to the threats that matter most fast enough, or missing them altogether.  Additionally, 79% of respondents in Cisco’s 2019 CISO Benchmark Report said it was somewhat or very challenging to orchestrate alerts from multiple vendor products.  To paraphrase, this implies that 79% of the security community does not view ‘Frankensteining’ multiple point products together as a solution to their problems!

Now, don’t get me wrong – I love animals, am an avid fan of the Ringling Brothers, and think that one-trick ponies getting together is abso-friggin-lutely adorable.  But frantically moving from console to console while correlating disparate threat data is a myopic approach that doesn’t solve the underlying problem.  The inconvenient reality is that there always are and always will be threats to respond to, and with attack surfaces continually growing, the problem is only getting more complex.  The only way to stand up to advanced attacks is by taking a highly integrated architectural approach to security.

Successful security integrations require a minimum of these 5 things – everything else will fail sooner or later:


1. Comprehensive coverage – Platforms that cover major threat vectors, like web and email security, span across all endpoints, and integrate with network security tools.

2. Intelligence sharing & automated response – Actionable threat intelligence that is shared amongst all incorporated solutions for data enrichment purposes, so that responses are automated (rather than ‘suggested’) and if a threat is seen once anywhere, it is immediately blocked everywhere.

3. Centralization – Features and capabilities that allow users to consolidate information from multiple solutions on a single pane from which they can dynamically pull observables about unknown threats and kick off investigations.

4. Improved time to remediation (TTR) – Proven ability to significantly reduce TTR to enable SecOps teams to work more quickly and efficiently, thus decreasing likelihood of an incident becoming a full-blown breach.

5. Reliable integration – Integrations that wouldn’t disappear because one company changed their mind regarding their strategic direction or got acquired.

Security that works together for the integrated era

Fortunately, at Cisco, we foresaw this paradigm evolution years ago and invested in building a seamlessly integrated security platform across our SIG, email security, endpoint security, and advanced sandboxing solutions, along with our network security tools like IPS and NGFW.  Backed by Cisco Talos – the largest non-governmental threat intelligence organization on the planet – real-time threat intelligence is shared amongst all incorporated technologies to dynamically automate defense updates so that if a threat is seen once, it is blocked everywhere.  Teams can also kick off threat investigations and respond to incidents from a single console via Cisco Threat Response (CTR), which is a tool that centralizes information to provide unified threat context and response capabilities.  In other words, Cisco’s integrated security portfolio, underscored by Threat Response streamlines all facets of security operations to directly addresses security teams’ most pressing challenges by allowing them to:

◈ Prioritize – SecOps teams can pinpoint threat origins faster and prioritize responding to the riskiest threats in their environment.

◈ Block more threats – Threat Response automates detection and response, across different security tools from a single console, which allows SecOps team to operate more efficiently and avoid burnout.

◈ Save time – Threat intelligence from Talos is shared across all integrated tools, so that you can see a threat once and block it everywhere.

As the largest cybersecurity vendor in the world, only Cisco has the scale, breadth and depth of capabilities to bring all of this together with Threat Response – and best of all, it’s FREE!  Cisco Threat Response is included as an embedded capability with licenses for any tool in Cisco’s integrated security architecture.

Let’s compare the following two scenarios:


Scenario 1 – A patchwork of non-integrated security tools:

Security teams must review alerts from multiple solutions, correlate disparate datasets from various disaggregated sources investigate each threat.  They triage and assign priorities, perform complex tasks with tremendous urgency with the goal of formulating an adequate response strategy based on situational awareness and threat impact, potential scope of compromise, and the criticality of damage that can ensue.  This process is laborious, error-prone, and time-consuming, requiring an analyst to manually swivel through multiple consoles quickly.  We’ve run internal simulations, in which all of this on average takes around 32 minutes.  SOC analysts are left drained and high-severity threats risk being overlooked.

Scenario 2 – Cisco’s integrated security platform:

Security teams see an aggregated set of alerts from multiple Cisco security tools in Threat Response’s interface.  The alerts are automatically compared against intelligence sources, SOC analysts can visualize a threat’s activities across different vectors, kick off an investigation, pinpoint the threats origin, and take corrective actions immediately – all from a single console.  In our internal simulations this took 5 minutes.

Cisco Tutorials and Materials, Cisco Learning, Cisco Study Materials, Cisco Learning

Bottom line: Cisco’s integrated portfolio with Threat Response brings the time it takes to deal with a potential threat down from 32 minutes to 5 minutes, which is 85% faster than the non-integrated patchwork scenario!

Tuesday, 24 September 2019

5 Steps to Creating a Powerful Culture of Video to Impact Your Business, Brand, and Bottom Line

Regardless of whether you’re B2B or B2C, there is a megatrend afoot and the reality is few businesses are ready for it.

Cisco Tutorial and Materials, Cisco Study Materials, Cisco Online Exam, Cisco Certifications

Case in point, the recent “Cisco Visual Networking Index: Forecast and Methodology, 2016–2021” states that video will constitute over 80% of internet traffic by the year 2020.

Think about that for a second.

It’s a truly profound movement.

Furthermore, ask yourself two simple questions:

How much of our company website is video right now?
How often do we integrate video into our sales process?

Both questions, when answered honestly, can be incredibly telling.

But fret not—if your business is struggling with video then it’s highly likely all your competitors are feeling the same pains when it comes to this ever-evolving media.

So, let’s say we accept this trend for what it is and we want to truly establish a culture of video within our organizations. What can we do? Who needs to be involved? And how do we get started?

As an owner of a digital sales and marketing agency, IMPACT, I went to my team a few years ago with a simple challenge. I told them:

“Video is changing the world. Our clients aren’t ready for it. They don’t know how to get started and they certainly don’t know what to do to see a true ROI (return on investment) from video. And let me tell you, outsourcing is not the future of video. They need to learn this in-house, and we’re going to teach it to them.”

My statement wasn’t exactly celebrated at first. Fact is, most agencies “do” video for you. Almost none teach you how to do video, as well as integrate it into your sales and marketing process. With the cost of hiring an agency to do video so high, rarely does a company produce enough videos, consistently, to have a major impact on their bottom line.

Over this time of helping clients establish this culture, we’ve seen clearly there are five essential steps to creating a culture of video within your organization. When any of these are skipped, the company rarely reaches its potential. But when followed properly, the results can be astounding. Here they are:

5 Steps to Creating a Culture of Video In-House and Getting Dramatic Results:


1. Everyone Must Understand the What, How, and Why of Video


Like anything important in business, getting buy-in to video is a must. But this doesn’t happen by sending out a company memo saying, “We’re going to do video.” No, team members must be taught how buyers are changing, why video isn’t going away, and what that means for sales, marketing, customer service, and more.

2. See Video, Primarily, is a SALES Tool


Yes, you did read that correctly. Too often video is cast aside as just another marketing activity that cost a lot while producing little fruit. This should absolutely NOT be the case. But if you approach your entire video strategy with a sales focus, then that will guide you not only on the types of videos that you should produce, but you will now see immediate results from the work you produce.

3. Obsess Over Answering Customer’s Questions with Video


Trying to figure out what your video editorial calendar and priorities are supposed to be? Start with your sales team. Specifically, brainstorm the most common questions they answer on every sales call. If you’re really listening to what your customers are asking, then your video content will resonate, which is why everything from the cost of your products/services to what makes your company truly different needs to be shown, and not just stated, on video. By so doing, you’ll find your prospects are more educated, informed, and certainly further down the buyer’s funnel.

4. Hire an In-House Videographer


Without question, the biggest difference between the companies that are doing GREAT things with video, versus the ones that are not, comes down to their willingness (and faith) to hire an in-house videographer. You may be thinking to yourself, “Our business could never do that. And how would we even keep this type of person busy?” Well, once you start focusing in on the questions your customers are asking, you’ll quickly see there are likely hundreds of videos for you to produce. In fact, at my agency we’ve seen over and over again that when companies produce 100 videos or more a year (assuming they are focused on the right types of videos), their business, brand, and bottom-line explode.

Cisco Tutorial and Materials, Cisco Study Materials, Cisco Online Exam, Cisco Certifications

100 videos? Yes, you read that correctly. Which is also why it’s so much more financially sound to hire someone in-house in lieu of outsourcing. And if you’re wondering, the average compensation we see for a videographer in the marketplace is between 40-60k—way less than the compensation of a typical agency but definitively more fruitful over the course of time.

5. Teach Your Sales Team How to Use Video in the Sales Process


Few things can shorten a sales cycle as well as a powerfully produced video that focuses in on the typical questions and concerns that a buyer has. This being said, most sales people don’t naturally understand how to integrate video content into the sales process. For this reason, it’s imperative you take the time to teach such skills as using 1-to-1 video in email, what types of content to use before and after sales calls, and even how to effectively communicate on camera.

So there you have it. Five proven steps to creating a culture of video within your organization.

Remember, the key starting point here is the acceptance that this critical medium isn’t going away. It’s the rising tide, and each and every one of us can either lose business (and buyer trust) because of an unwillingness to embrace it, or we can accept that buyers have changed and we therefore must “show it.”

Sunday, 22 September 2019

Three Services from 5G: More, Better!

SP360: Service Provider, Cisco Tutorials and Materials, Cisco Learning, Cisco Online Exam, Cisco Study Materials

5G is a capital improvement project the size of the entire planet, replacing architecture created this century with another one that aims to lower energy consumption and maintenance costs while increasing efficiencies. In 2035, 5G is projected to enable $12.3 trillion of global economic output and support 22 million jobs. It’s a gamble, for sure, on the future of transmission technology — contingent upon consumers’ willingness to upgrade.

5G will introduce three new use cases, the most publicized offering users’ theoretical tens of Gbps (reality being more 1 Gbps). In addition to this use case, 5G will allow you to get off the mobile network faster and also provide enhanced access into cloud services like AWS, Azure or GCP. This allows you to take advantage of the network and right into your cloud with such services as mobile office applications, interactive entertainment, and games (think AR/VR).

With all of the speculation and possibilities for 5G and what it really means, we’re taking a stab at showing why it really does matter to Web Scale companies.

Each of the blogs in this series covers the web applications of these new services and how this will help Web players intelligently utilize the virtual 5G core in their clouds or partnering with existing service providers to enable new Web offerings, and potentially more!

Technically the three 5G use cases are viewed in the following graphic are:

◈ Enhanced Mobile Broadband (eMBB): Bandwidth-driven use cases needing high data rates across a mobile wide coverage area.

◈ Ultra-Reliable Low Latency Communications (URLLC): Exacting requirements on latency and reliability for mission critical applications like autonomous vehicle (V2X), remote surgery/healthcare (e.g. Da Vinci surgical system), or time-critical factory automation (e.g. semiconductor fabrication).

◈ Massive Machine Type Communications (mMTC): Providing connectivity to a large number of devices that transmit intermittently a small amount of traffic found in next-gen Internet of Things (IoT) systems.

SP360: Service Provider, Cisco Tutorials and Materials, Cisco Learning, Cisco Online Exam, Cisco Study Materials

Part 1 – eMBB (enhanced Mobile Broadband)

The following features are supported by 5G eMBB use case:

◈ Peak data rate: 10 to 20 Gbps
◈ 100Mbps whenever needed.
◈ 10000 times more traffic
◈ Supports macro and small cells.
◈ Supports high mobility of about 500 Kmph.
◈ It helps in network energy savings by 100 times.

The first marketable application of 5G focuses on eMBB, which provides greater bandwidth supplemented with decreased latency improvement over 4G LTE. This will help to develop today’s mobile broadband services such as emerging AR/VR media and applications (think augmented learning or entertainment including 360-degree streaming, 3D virtual meetings).

But eMBB is not solely about the consumption of multimedia content for entertainment purposes. The uses are vast from supporting a telecommuter (like me) using cloud-based apps while traveling and remote workers located anywhere to communicate back to the office or to an entire “smart” office where all devices are connected seamlessly and wirelessly. Ultimately, it will enable applications from fully immersive VR and AR to real-time video monitoring and 360-degree virtual meetings, real-time interaction, and even real-time translation for participants speaking different languages.

eMBB will also evolve to work across all connected devices, not just smartphones. Video-capable devices we use every day, will drastically increase from the VR and AR goggles that are fast becoming pervasive in our everyday lives to everything offering video services (including IoT Devices).

You can also have dedicated and higher priority connections or bearers in 5G per application for an incredible customer experience, and that capability will be covered in part 2.

Saturday, 21 September 2019

Fundamentals of Cisco DNA Center Plug-and-Play – Day 0 Networking

Background


Network Plug-and-Play allows switches, routers, and wireless access points to be on-boarded to the network. An agent in the device, connects to Cisco DNA center and downloads the required software and device configuration.

In order for this to be truly zero-touch, a network connection is needed. For AP and routers, the initial network connections are reasonably simple. With switches, there a few more options – with vlan, trunking, and port channel options.

I get a lot of questions about the different options and will document the most common ones.

Plug and Play


I am going to assume you are familiar with PnP, and know there is an initial discovery phase, where the device discovers Cisco DNA Center, then a configuration template can be pushed down to the device. All communication is from the device to Cisco DNA Center, which means the source IP address can change on the PnP device. This is significant if you want to change from a DHCP address to static, or even change the IP address/interface that are used for management.

Use Case 1: Trunk Interface, Vlan 1 management, Single Link

Cisco DNA Central, Cisco Tutorial and Materials, Cisco Learning, Cisco Guides, Cisco Online Exam
Initial State. After PnP Discovery

This is the simplest use case. It requires DHCP on vlan 1 on the upstream switch. There is nothing really required here. When the PnP switch boots, all interfaces are running Dynamic Trunking Protocol, so a trunk is automatically established. Vlan 1 will have dhcp enabled.

Looking at the trunk status on the pnp device, trunking has been established and vlan 1 is active.

switch#show int g2/0/1 trunk 

Port        Mode             Encapsulation  Status        Native vlan
Gi2/0/1     auto             802.1q         trunking      1

Port        Vlans allowed on trunk
Gi2/0/1     1-4094

Port        Vlans allowed and active in management domain
Gi2/0/1     1

Port        Vlans in spanning tree forwarding state and not pruned
Gi2/0/1     1

The configuration will push a static IP address for vlan 1. Because the dhcp address is changed to static ip, a default route needs to be added. The uplink is being hard coded as a trunk, but this is optional. I have not included any credentials in the configuration as this is done automatically as part of the provisioning.

hostname 3k-stack
int vlan 1
ip address 10.10.1.100 255.255.255.0
ip route 0.0.0.0 0.0.0.0 10.10.1.1

int g2/0/1
switchport mode trunk

The final switch configuration will be as follows:

Cisco DNA Central, Cisco Tutorial and Materials, Cisco Learning, Cisco Guides, Cisco Online Exam
Final State, After PnP Provisioning

Use Case 2: Trunk interface, Vlan 15 management, single link


In this case, I want to use vlan15 for management, instead of vlan1. (this could be any vlan number, I just chose 15). This can be achieved in two ways:

◈ I could switchover to vlan 15 in my template
◈ I can use the pnp startup-vlan command in the upstream switch to cause the pnp switch to create vlan 15.

The second case is really useful as it simplifies the deployment. Once I add the “pnp startup-vlan 15” command, any pnp switch will have vlan 15 created and the uplink converted to a trunk with vlan 15 enabled. This process uses CDP under the covers to communicate to the PnP device, and a process on the device creates the vlan and enables DHCP.

Cisco DNA Central, Cisco Tutorial and Materials, Cisco Learning, Cisco Guides, Cisco Online Exam
Initial State: PnP Discovery

Looking at the state of the uplink, you can see the vlan 15 is active on the trunk.

Switch#show int g2/0/1 trunk

Port        Mode             Encapsulation  Status        Native vlan
Gi2/0/1     on               802.1q         trunking      1

Port        Vlans allowed on trunk
Gi2/0/1     15

Port        Vlans allowed and active in management domain
Gi2/0/1     15

Port        Vlans in spanning tree forwarding state and not pruned
Gi2/0/1     15

I can then push a configuration to convert the dhcp IP address to static IP.

int vlan 15
ip address 10.10.15.200 255.255.255.0
ip route 0.0.0.0 0.0.0.0 10.10.15.1

Cisco DNA Central, Cisco Tutorial and Materials, Cisco Learning, Cisco Guides, Cisco Online Exam
Final State, After PnP Provisioning

Use Case 3: Trunk interface, Vlan 15 management, link aggregation

In this case, there are two links in a bundle. This has been configured in the upstream switch. The same process that creates the management vlan 15, will also create an etherchannel on the PnP device. Only one interface will be added to the bundle.

Cisco DNA Central, Cisco Tutorial and Materials, Cisco Learning, Cisco Guides, Cisco Online Exam
Initial State: PnP Discovery

The port channel contains a single member.

switch#show int g2/0/1 ether
Port state    = Up Mstr Assoc In-Bndl 
Channel group = 1           Mode = Active          Gcchange = -
Port-channel  = Po1         GC   =   -             Pseudo port-channel = Po1
Port index    = 0           Load = 0x00            Protocol =   LACP

Flags:  S - Device is sending Slow LACPDUs   F - Device is sending fast LACPDUs.
        A - Device is in active mode.        P - Device is in passive mode.

Local information:
                            LACP port     Admin     Oper    Port        Port
Port      Flags   State     Priority      Key       Key     Number      State
Gi2/0/1   SA      bndl      32768         0x1       0x1     0x202       0x3D  

 Partner's information:

                  LACP port                        Admin  Oper   Port    Port
Port      Flags   Priority  Dev ID          Age    key    Key    Number  State
Gi2/0/1   SA      32768     7c95.f3bd.2a00   4s    0x0    0x1    0x106   0x3D  

Age of the port in the current state: 0d:00h:01m:57s

In this case, all I need to do is configure the other port into the bundle.

int vlan 15
ip address 10.10.15.200 255.255.255.0
ip route 0.0.0.0 0.0.0.0 10.10.15.1
int g2/0/2
switchport trunk allowed vlan 15
 switchport mode trunk
 channel-group 1 mode active

Cisco DNA Central, Cisco Tutorial and Materials, Cisco Learning, Cisco Guides, Cisco Online Exam
Finial State: Post PnP Provisioning

Then the two ports will be in a bundle.

show int port-channel 1 etherchannel 
Port-channel1   (Primary aggregator)

Age of the Port-channel   = 0d:00h:09m:06s
Logical slot/port   = 12/1          Number of ports = 2
HotStandBy port = null 
Port state          = Port-channel Ag-Inuse 
Protocol            =   LACP
Port security       = Disabled

Ports in the Port-channel: 

Index   Load   Port     EC state        No of bits
------+------+------+------------------+-----------
  0     00     Gi2/0/1  Active             0
  0     00     Gi2/0/2  Active             0

Time since last port bundled:    0d:00h:01m:49s    Gi2/0/2
Time since last port Un-bundled: 0d:00h:09m:03s    Gi2/0/1

Management interface switchover


It is also possible to do discovery and deployment via the management interface. On a cat 9k with will be Gig0/0. This interface is in a different VRF, so you need to take that into account. The communication back to DNAC will be via this interface, as will the discovery that takes place one the device is provisioned. If you change over to inband management, you need to change the ‘ip http client source-interface’ command to reflect the new interface. This could be a loopback, or an SVI.

Remember if you switch the source interface, it needs to have a route back to DNAC. This is also the IP address that will be used to add the device to the inventory.

USB bootstrap


The other challenge you may have is no access to DHCP. In this case ISR routers and 9k switches support a USB bootstrap. You can place a configuration file called ‘ciscortr.cfg’ on the root of a usb drive and the switch will execute those commands when it boots. This file needs to contain a way to get ip connectivity and the pnp profile for the device to connect to DNAC. Then the normal PnP process will take over.

vlan 15
int vlan 15
ip address 10.10.15.200 255.255.255.0
ip route 0.0.0.0 0.0.0.0 10.10.15.1
no shut
pnp profile BOOTSTRAP
transport http ipv4 10.10.10.181 port 80

Thursday, 19 September 2019

The Multicloud Vision of Cisco’s ACI Anywhere Becomes Reality

Cisco ACI, Cisco Tutorials and Materials, Cisco Certifications, Cisco Study Materials

The data center is not centered in one place anymore. With applications active at all points on the network, the data center can no longer be confined to a specific place but be more of a nerve cluster situated where the data is—which could be anywhere along the edge-cloud continuum.

At the edge, where new data is generated. In the cloud, any cloud, or on-premise, where it’s processed. Wherever it makes the most sense to execute at speed. Ready and able to provide intelligence on the spot. Ready for change. Ready for growth.

Modern IT infrastructure is performing an intricate and elaborate dance with these data sources and requirements. Cisco’s ACI Anywhere is that critical infrastructure component enabling policy driven network automation for connectivity and segmentation for these data elements, independent of where data resides.

Cisco ACI Anywhere now delivers a true hybrid multicloud capability for customers, taking a holistic, policy driven abstraction on top of cloud native APIs , regardless of the type of workload – physical, virtual, or containerized, across on-premises and/or public cloud.

Cloud Challenges


During recent conversations with customers who operate some of the most demanding and complex data center environments, we found that many are dealing with the same issues, such as:

◈ Inconsistent segmentation capabilities across hybrid instances pose security, compliance, and governance challenges

◈ Complex operational models due to diverse and disjointed visibility and troubleshooting capabilities, with no correlation across different cloud service providers. .

◈ Managing secure connectivity across these hybrid data and application workload environments.

◈ Multiple panes needed to configure, manage, monitor, and operate these multicloud instances.

◈ Last, but not least, training and learning new cloud native constructs.

Solving the Challenges


As the premier policy-driven infrastructure solution for the largest enterprises, Cisco ACI can play a key role in enabling customers to embrace multicloud capabilities.

Cisco Cloud Application Centric Infrastructure (Cloud ACI) is a comprehensive solution for automated network connectivity, consistent policy management, and simplified operations for multicloud environments.

The solution captures business and user intent, uses group-based network and security policy models, and translates them into cloud-native policy constructs for applications deployed across various cloud environments.

Cloud ACI Solution Core Components


While customers benefit from an ACI policy driven infrastructure in the on-premises environment, Cisco Cloud ACI allows them to automate the management of end-to-end connectivity, as well as the agentless enforcement of consistent security policies, for workloads across on-premises and in public clouds through a single pane of glass.

Key components include:

◈ Multisite Orchestrator (hosted anywhere) for inter-site policy definition

◈ Cisco’s Cloud Application Policy Infrastructure Controller (APIC) runs natively in public clouds to provide automated connectivity, policy translation, day two operations, and enhanced visibility of workloads in the public cloud

◈ CSR 1000V instance (runs in the cloud) for IPSec VPN tunnel (Underlay), and VXLAN (overlay termination) for data-plane connectivity between on-premises and cloud

Cisco ACI, Cisco Tutorials and Materials, Cisco Certifications, Cisco Study Materials

Accelerating Cloud-based Journeys – What’s New?


For customers whose journeys start in the cloud, we are now introducing the Cloud-first ACI solution, or ACI Multicloud, which uncouples the solution from the on-premises data center and allows you to securely connect and segment workloads not only in the public cloud, but also across public clouds.

Cisco ACI, Cisco Tutorials and Materials, Cisco Certifications, Cisco Study Materials

For customers extending their on-premises ACI infrastructure into public cloud, we are now introducing Cloud ACI extensions to Azure cloud, in addition to the already shipping Cloud ACI extensions on AWS.

Cisco ACI, Cisco Tutorials and Materials, Cisco Certifications, Cisco Study Materials

We are also introducing new ACI and SDWAN integration for branch offices (Network Edge). An integral component of customers cloud journey also requires secure, policy driven interconnects between the data center and branch offices, that are a cost-efficient alternative to provisioning dedicated connections. Through this integration, customers can now automate WAN path selection between the branch office and the on-premises data center based on application policy.

Cisco ACI, Cisco Tutorials and Materials, Cisco Certifications, Cisco Study Materials

Enjoy the benefits of a policy driven infrastructure … Anywhere


Collectively, these capabilities reduce management complexity, enable a common governance and security posture, simplify ‘Day 2 operations’ with enhanced visibility across on-premises and public cloud, while leveraging the rich native services available in public clouds for scale and flexibility.

Customers can benefit from secure workload mobility and preserve the application policies, network segmentation, and identity of the workloads, whether it’s to achieve their business continuity, disaster recovery mandates, cloud bursting SLAs, or simply accelerating your cloud migration journey.

In addition, customers can benefit from Cisco ACI broad ecosystem that allows for integration with most commonly deployed solutions such as Cisco AppDynamics, CloudCenter, F5, Citrix, ServiceNow, Splunk, SevOne, and Datadog.

With new Azure extensions, customers can tap into the rich cross-silo insights through ACI integrations with Azure technologies like Azure Monitor*, Azure Resource Health* and Azure Resource Manager * to fine-tune their network operations for speed, flexibility and cost.

Customers can leverage widely adopted tools such as Terraform and Ansible to achieve end-to-end workflow-based automation.

“ESG Research validates that companies are increasingly adopting a hybrid cloud approach as a centerpiece of the their digital transformation journeys. In fact, many are standardizing on a Multi-cloud policy.
However, these distributed compute environments create significant management and operational complexity. Cisco ACI Anywhere, and more specifically, Cloud ACI for Microsoft Azure with its native integration in Azure, is the “Easy” button that helps to consolidate and simplify management across the on-premises data center and the popular Azure cloud environment.
It enables a common policy ,security and governance framework across all locations enabling consistent application segmentation, access control and isolation across varied deployment models. We expect this message to resonate with all market segments and customers.”
—Bob Laliberte, Practice Director and Senior Analyst with the Enterprise Strategy Group.

Looking Towards the Future


Our ACI anywhere vision is to provide the freedom of choice, agility, security, and flexibility of being able to connect and run your workloads Anywhere without compromising your security and governance mandates.

With the new ‘Cloud ACI on Azure’ and ‘Cloud First ACI’, along with ‘ACI and SD-WAN’ integration, Cisco has taken another huge step forward toward delivering that vision. And there is more to come in future.

Wednesday, 18 September 2019

From Controllers to Multi-Domain: 7 Pillars of Intent-Based Networking

About four years ago, my team at Cisco sat down to re-architect enterprise networking, because we knew that the traditional models for running networks were not going to be able to scale with the changes being forced on to them. For example, we saw that the number and types of devices connecting to networks was growing exponentially; that the security perimeter was shifting from data center to being fully distributed in the network; and that wireless networks had become primary networks, not overlays. Meanwhile, networks were getting more business-critical. Even life-critical.


One thing that was not going to change: Nobody was getting more people to run their systems. Our networks are more complex, more threatened, and more important, but they have to be run by the same kinds of teams, using the same kind of tools, that were in place ten years ago.

Fortunately, the technologies available to address these challenges are evolving as well. Wireless technologies, AI, rich behavioral and telemetry databases, more flexible and economical WAN links, and abundant cloud compute resources are becoming available to address the new reality.

These are some of the reasons we have gone all-in with intent-based networking (IBN). We released our first products that supported IBN in 2017 – primarily the Catalyst 9000-series switches and Cisco DNA Center. And it’s why we acquired the SD-WAN innovator Viptela, also in 2017.

Behind these new products and acquisitions there is a long-term vision. All our new enterprise products are based on seven core tenets of this vision. I want to explain those here. It may help you see the strategy behind the products we have launched in the past few years. And it will give you an idea of the new services and tools we’ll be rolling out soon.

1. Controller-Based Networking


Networks are complex systems, and a core focus of intent-based networking is that they should be run and managed as cohesive systems. That means network managers need a controller, from which they can monitor, manage, and automate their networks, and eventually create closed-looped systems.

A controller-first system architecture is made up of loosely-coupled systems. It allows network devices and controllers to be upgraded individually, without causing major network disruptions (no more “flag days.”) And by using APIs and well-defined data structures for communication between devices, we also get a system in which programming, maintenance, and upgrading to new capabilities is more straightforward.

2. Wireless as an Equal to Wired


In the past, enterprise networking meant wired networking: cables and fibers connecting critical devices to each other. Wireless, for the most part, was seen as an emerging access technology for devices on the edge of the network. Wireless networks were built as  overlays on top of the wired networks. The separation into different infrastructures led to inconsistent policies and operating models between the wired and wireless clients.

We can no longer relegate wireless communication to a different system. Wireless is the predominant access technology for end-user and IoT devices, and to keep these devices managed and secure, we need to think of wireless and wired as one network.

In our latest access products, from our switches like the Catalyst 9300 to Wireless Lan Controllers (WLC) like the Catalyst 9800, we use the same fundamental technologies: The same line of ASICs and the same operating systems. This was not a superficial change. We reengineered our entire line for this, so that the same networking capabilities and security could be enabled for all our devices, and so user policies would be the same no matter what access medium the user was on.

3. Integrated Security


The most modern and insidious security threats often come in today via end-user devices. In addition to traditional attacks focusing on data theft, the goal of many attacks today is destruction of infrastructure, by encrypting and denying access to critical information. But traditional firewalls are much less effective with attacks that move from device to device inside a network, which is a growing threat in the era of wireless, which, from a security perspective, is also the era of the network without a perimeter. There is no “DMZ” anymore. Infected devices can launch attacks no matter what network they are on, and their attacks can jump not just from machine to machine, but from network to network. The only way to prevent these attacks is for the network to act as the first line of defense.

Because these security threats are more complex, and attacks more fluid, it’s important that we use network segmentation as a primary security tool, instead of relying primarily on blacklists. We need dynamic, controller-based systems to manage segmentation and whitelisting across network domains to make sure that people, apps, and devices have access to the resources they need, but that they are never put in contact with the devices, apps, and networks they don’t.

Complementing the network segmentation, we also need to evolve our ideas of where and how we deploy traditional security functions. Along with the traditional standalone deployment models, security services need to be fully integrated with switches and routers, as well as available as cloud services.

Overall, we need networking to be and integral part of how we secure the enterprise against  modern threats.

4. Data-Driven


The key to everything we’re building now is data. Data from every dimension of our networking equipment can be collected, collated, parsed, and analyzed. Because when we know what our network equipment is doing we know if it is delivering on our customers’ strategic and day-to-day needs. In Cisco DNA Center, data powers our Assurance capability, which helps us close the loop from intent to action. (In vManage, vAnalytics plays this role.)

The massive amount of information could be overwhelming. Standard algorithms can help us find standard issues that crop up. Beyond that, we rely on machine intelligence to perform complex correlations and generate more valuable insights, like spotting pattern-breaking behavior that may indicate problems on the network.

We are also pioneering the field of machine reasoning to combine machine intelligence with knowledgebases created by teams of experts, to provide smart alerts to network operators, and ultimately, automatic remediation of issues to improve our customers’ experiences with their networks.

5. Cloud-First


This machine intelligence runs locally on our customers’ networks, but there’s extra benefit to be gained when we combine metadata about network use across enterprises. Many of our machine learning capabilities use cloud-based resources, primarily to leverage the vast resource of global data on how networks are performing, and the issues they are facing. This is how the information security industry has long been identifying and remediating global zero-day exploits; we use similar capabilities, seasoned with AI, to improve day-to-day network performance and efficiency for all. No matter where our controller systems run – on-prem or in the cloud – using cloud-based data makes the network more powerful and proactive.

We are also delivering updates to our controllers’ software from the cloud, instead of requiring network operators to manually pull software and update these systems. Furthermore, the rich telemetry we can get from cloud-connected devices enables us to roll out software upgrades gradually across our customer base – and even within customers’ installations. This way, customers can keep up with security issues, and we can deliver new capabilities as we develop them. And yes, it sounds basic if you’re accustomed to using consumer devices like smartphones, but designing controllers for over-the-air updates is a change in this industry – just like Tesla’s ability to roll software updates out to customers’ cars has changed the expectations for how the auto industry delivers software to the car.

While nearly all our customers are moving to cloud-based systems architectures, that transition can be a complex, multiyear journey. For now, most networks are hybrid, on-prem plus cloud, and will be for a long time. In order to seamlessly operate these hybrid networks, customers need consistent features across all their devices and services. We are enabling this by delivering IOS-XE on physical switches & routers, and as virtual instances in the cloud.

6. Support for Existing Networks


It’s one thing to design a networking system using all modern concepts and systems. But the real world isn’t a green field of open racks and empty conduit. We need our systems to work in our customers’ existing “brown field” installations. Businesses generally upgrade infrastructure gradually, piece by piece. Older networking components have to co-exist with the new. “Rip and replace” isn’t a workable implementation tactic.

That is why, although we built Cisco DNA Center and all our new Catalyst 9000-series hardware to be programmable using new, well-defined APIs  and new interaction capabilities, we also control and gather data from older products, using traditional CLI (Command Line Interface), SNMP (Simple Network Management Protocol), and other legacy control schemes. Cisco DNA Center presents the network operator – and network applications – with a unified modern interface for all network equipment, and it chooses the best way to connect to the equipment to carry out the operator’s intent.

Similarly, to support the installed base of equipment on existing networks, we are also enabling SD-WAN and vManage on older ISR platforms, so customers can introduce SD-WAN into their current deployments.

7. Multi-Domain


Today’s networks are made up of multiple operational domains (for example: campus, data center, and security), that are tightly linked. Today’s customers need more than interconnected domains. To support business needs, they need security and access policy that spans domains, and they need the agility to support new needs as they arise, with complete end-to-end visibility.

The need for tight integration, despite the differences in the domains, is one of the biggest drivers for moving to a controller-based, fully abstracted architecture.

I’ve long believed that Cisco is uniquely positioned to create this holistic and end-to-end system, and to help businesses create these networks for their own uses. No matter which domain these critical transformation projects starts at, eventually they will need to end up in the same place: With a true multi-domain, any-to-any network controller architecture.

The Goal: Closing the Loop and Supporting Business Transformation


Business today requires infrastructure that responds to technical issues immediately and automatically – in machine time, not human time.

Our intent-based networking systems are designed to close the loop from intent, to activation, to continuous verification (Assurance) – quickly addressing deviation from the original intent.

Intelligence can enter the loop from several sources, including people and systems outside of Cisco: Our network controllers learn from their environment, providing intelligence to developers and partners, so they can add value in the feedback loop – for example, with smarter service desk tool, or automated troubleshooting systems.

The network systems can also be a part of larger business feedback loops. When the entire network is sensing its environment, that data can feed into systems that serve other purposes. For example, we can use the location intelligence our networks gather about the devices they serve, to inform business processes in a way that has simply not been possible before.

Cisco Certifications, Cisco Learning, Cisco Study Materials, Cisco Online Exam, Cisco Networks

The ultimate challenge for this technology, though, is human. To run controller-based, programmable, intent-based networks, and to use the intelligence these networks generate for real transformation, our IT teams need new skills.

That’s why training and certification programs are part of our journey to intent-based networking. Education has always been in our DNA – we’ve been certifying technical personnel since 1993. We recently added new programs for app developers, too, recognizing the role these skills will play in the future of network management.

No matter how much we automate and simplify the management of networks, there will always be new opportunities to improve how a network works, to increase its efficiency, and to use it to help a business succeed. Our customers know where they need to take their technology. We’re going to help them get there.

Tuesday, 17 September 2019

Best Practices for Search Friendly Content, Cisco Marketing Velocity Style

Cisco Online Exam, Cisco Tutorials and Materials, Cisco Learning, Cisco Guides, Cisco Study Materials

Before we begin writing rank-worthy content, let’s first confirm our topic. Not every topic is relevant to search and there’s no need to search optimize an article if no one is looking for it. Opinion pieces and news are two examples of formats that have inherent disadvantages in search. No one’s really searching for them.

So begin by checking your topic against a few basic criteria:

◈ Does the article answer a question?
◈ Does it explain how to do something?
◈ Is it an “evergreen” topic that won’t quickly go out of date?
◈ Is it suggested by Google?

That last criteria makes it a sure bet it has SEO potential. If you see that Google is suggesting the phrase when you begin typing, it’s vetted as a search-friendly topic.

Cisco Online Exam, Cisco Tutorials and Materials, Cisco Learning, Cisco Guides, Cisco Study Materials

You’ve picked your topic, so you’ve picked your target keyphrase. Now we’re ready to begin constructing a search friendly article.

Tip! Keep in mind that the longer the keyphrase, the easier it is the rank for. Only the very famous websites will rank for one- and two-word phrases. Virtually any website can rank for the six- and seven-word phrases! 

1. Search-Friendly Title and Headline


The title tag (<title>) and the header (<h1>) should both include the target keyphrase, ideally at the beginning.

The title and the header don’t need to be identical. Headers can be long, but for the title tag, keep the total length to 60 words. This will keep it from getting truncated when Google uses the title as the link in Google search results.

Cisco Online Exam, Cisco Tutorials and Materials, Cisco Learning, Cisco Guides, Cisco Study Materials

Consider using punctuation such as parentheses or a colon to create double headlines. The first half should use the target keyphrase. This helps the rankings. The second half should use numbers, specific benefits or unexpected words. This helps the clickthrough rate.

Here are a few examples:

◈ Video Conferencing Tips for Sales Teams: 5 tips for better remote meetings
◈ Career Tips for Tech Support Professionals (and how to jump to a senior role)
◈ How to Configure a Switch to Be a Root Bridge: 3 Steps for Manual STP Setup 

2. Semantically Related Phrases

It’s good to use the target keyphrase in the body text. It’s even better to use the semantically related phrases. Which phrases are semantically related to your topic? Look around and you’ll find them everywhere:

◈ Other words suggested by Google when you search for your target keyphrase
◈ Phrases in the “Searches Related to” box at the bottom of the search results page
◈ Questions in the “People also ask” box

As you write, work these into your article. It’s good for rankings because it’s good for quality. A great page on your topic should also cover these related subtopics. It should answer all of the related questions.

3. Format for Scan Readers

If the visitor clicks on your search listing, but leaves after just a few short seconds, Google sees this as an indication that your article isn’t high quality and isn’t rank-worthy. So getting the visitor to stick around is important for maintaining your rankings.

How can we get the visitor to engage? By making the content easy to scan. That starts with short paragraphs. No one wants to read a long, dense block of text. So keep your paragraph length down to three or four lines.

Next, use lots of formatting to keep the scan readers flowing.

◈ Subheads
◈ Numbered lists and bullet lists
◈ Bolding and italics
◈ Multiple images, diagrams, charts
◈ Contributor quotes from experts

We all have to accept that visitors aren’t going to read everything. Research shows that on a typical visit to a typical webpage, visitors have time to read 28% of the words at most (20% is more likely)

Cisco Online Exam, Cisco Tutorials and Materials, Cisco Learning, Cisco Guides, Cisco Study Materials
Source: NN Group

But visitors are more likely to keep reading, even if the article is very long, as long as it’s formatted to be easily consumed. So break it up, add white space, and help scanners get to the information they’re looking for quickly.

4. Research, Data, Statistics

Some assertions are backed by evidence. The rest are simply unsupported claims. When you add research data, you are instantly more credible. Your case is stronger. Your message is supported.

Example: The last section of this article made an assertion (formatting is important because visitors are scanning) that was supported by data (NN Group found that visitors aren’t reading everything) making the point stronger.

Bring data to your articles. It will give you the opportunity to add visuals and it will make your content more likely to be cited by others in their content.

5. Internal Links

Finally, search-friendly content is interconnected. It has links from other pages which give it authority. But it also creates deeper paths into other content, helping to prevent the visitor from going back to search results.

Here is a list of links that work:

◈ A link to an older article

Never miss the chance to connect your new articles to high value content you’ve already created.

◈ A link from an older article to your new article

You’re not done publishing something new until you’ve linked to it from something old!

◈ A link to a product or service page (on our site or on Cisco)

Ideally, this content drives demand. You can trigger this by gently guiding visitors toward offers that relate to your content. Anytime you mention a product or service, link.

◈ A link to a related article on another Cisco partner website

We should build relationships with other Cisco partners, let them know what we’re working on. We should find out what they’re publishing. And then link to each other whenever possible. This can do wonders for our search rankings long term.

Our content should work together, and we can work together to make it work harder. Our content should never be isolated and our teams shouldn’t work on islands.

Building interconnected hubs of content that links from one article to the next, on our site and on other partner sites can give us huge and durable benefits in SEO. Build a network of content creators and sync your publishing calendars. This, plus quality and persistence, is the key to winning the top spot in search.

To become a true SEO pro and learn even more about the tactics described above, be sure to check out my latest webinars in Marketing Velocity Learning. SEO Principles and Practices provides an introduction to creating high-ranking content and Advanced SEO takes you beyond the keyword for a practical approach to the future of search.