Wednesday, 1 January 2020

MDS 9700 Scale Out and Scale Up

This is the final part on the High Performance Data Center Design. We will look at how high performance, high availability and flexibility allows customers to scale up or scale out over time without any disruption to the existing infrastructure. MDS 9710 capabilities are field proved with the wide adoption and steep ramp within first year of the introduction. Furthermore Cisco has not only established itself as a strong player in the SAN space with so many industry’s first innovations like VSAN, IVR, FCoE, Unified Ports that we introduced in last 12 years, but also has the leading market share in SAN.

Before we look at some architecture examples lets start with basic tenants any director class switch should support when it coms to scalability and supporting future customer needs

◉ Design should be flexible to Scale Up (increase performance) or Scale Out (add more port)

◉ The process should not be disruptive to the current installation for cabling, performance impact or downtime

◉ The design principals like oversubscription ratio, latency, throughput predictability (as an example from host edge to core) shouldn’t be compromised at port level and fabric level

Lets take a scale out example, where customer wants to increase 16G ports down the road. For this example I have used a core edge design with 4 Edge MDS 9710 and 2 Core MDS 9710. There are 768 hosts at 8Gbps and 640 hosts running at 16Gbps connected to 4 edge MDS 9710 with total of 16 Tbps connectivity. With 8:1 oversubscription ratio from edge to core design requires 2 Tbps edge to core connectivity. The 2 core systems are connected to edge and targets using 128 target ports running at 16Gbps in each direction. The picture below shows the connectivity.

Cisco Tutorial and Materials, Cisco Learning, Cisco Guides, Cisco Study Material, Cisco Prep, Cisco Online Exam

Down the road data center requires 188 more ports running at 16G. These 188 ports are added to the new edge director (or open slots in the existing directors) which is then connected to the core switches with 24 additional edge to core connections. This is repeated with 24 additional 16G targets ports. The fact that this scale up is not disruptive to existing infrastructure is extremely important. In any of the scale out or scale up cases there is minimal impact, if any, on existing chassis layout, data path, cabling, throughput, latency. As an example if customer doesn’t want to string additional cables between the core and edge directors then they can upgrade to higher speed cards (32G FC or 40G FCoE with BiDi ) and get double the bandwidth on the on the existing cable plant.

Cisco Tutorial and Materials, Cisco Learning, Cisco Guides, Cisco Study Material, Cisco Prep, Cisco Online Exam

Lets look at another example where customer wants to scale up (i.e. increase the performance of the connections). Lets use a edge core edge design for this example. There are 6144 hosts running at 8Gbps distributed over 10 edge MDS 9710s resulting in a total of 49 Tbps edge bandwidth. Lets assume that this data center is using a oversubscription ratio of 16:1 from edge into the core. To satisfy that requirement administrator designed DC with 2 core switches 192 ports each running at 3Tbps. Lets assume at initial design customer connected 768 Storage Ports running at 8G.

Cisco Tutorial and Materials, Cisco Learning, Cisco Guides, Cisco Study Material, Cisco Prep, Cisco Online Exam

Few years down the road customer may wants to add additional 6,144 8G ports and keep the same oversubscription ratios. This has to be implemented in non disruptive manner, without any performance degradation on the existing infrastructure (either in throughput or in latency) and without any constraints regarding protocol, optics and connectivity. In this scenario the host edge connectivity doubles and the edge to core bandwidth increases to 98G. Data Center admin have multiple options for addressing the increase core bandwidth to 6 Tbps. Data Center admin can choose to add more 16G ports (192 more ports to be precise) or preserve the cabling and use 32G connectivity for host edge to core and core to target edge connectivity on the same chassis. Data Center admin can as easily use the 40G FCoE at that time to meet the bandwidth needs in the core of the network without any forklift. 

Cisco Tutorial and Materials, Cisco Learning, Cisco Guides, Cisco Study Material, Cisco Prep, Cisco Online Exam

Or on the other hand customer may wants to upgrade to 16G connectivity on hosts and follow the same oversubscription ratios. . For 16G connectivity the host edge bandwidth increases to 98G and data center administrator has the same flexibility regarding protocol, cabling and speeds.

Cisco Tutorial and Materials, Cisco Learning, Cisco Guides, Cisco Study Material, Cisco Prep, Cisco Online Exam

For either option the disruption is minimal. In real life there will be mix of requirements on the same fabric some scale out and some scale up. In those circumstances data center admins have the same flexibility and options. With chassis life of more than a decade it allows customers to upgrade to higher speeds when they need to without disruption and with maximum flexibility. The figure below shows how easily customers can Scale UP or Scale Out.

Cisco Tutorial and Materials, Cisco Learning, Cisco Guides, Cisco Study Material, Cisco Prep, Cisco Online Exam

As these examples show Cisco MDS solution provides ability for customers to Scale Up or Scale out in flexible, non disruptive way.

Tuesday, 31 December 2019

Westfield Malls Use Digital Transformation to Disrupt Industry in Need of Change

Cisco Tutorial and Material, Cisco Guides, Cisco Learning, Cisco Guides, Cisco Online Exam

Today’s retailers understand that if they want to stand out from the pack, they must engage every shopper with a personalized, enjoyable experience. Westfield Corporation has been delivering superior retail experiences for more than 50 years. With 35 properties in the United States and the United Kingdom and more than $16 billion in annual retail sales, the firm is constantly employing new ways to learn more about its customers – and keep them coming back.

Westfield upgraded its Century City property in Southern California – easily the company’s busiest location at 20 million visitors a year – with innovative technology to transform the visitor experience. The goal was to set the brand apart for shoppers, while providing growth opportunities for its retail, entertainment, and hospitality partners, by getting to know their customers better.

A Springboard for innovation


Westfield’s strategy included collecting data and building user profiles to enable real-time engagement and applying these business insights to attract flagship-level tenants. In support of these efforts, Westfield also sought to digitize its advertising platforms, with location-based digital content delivery across fixed and mobile screens.

To bring its vision to life, Westfield partnered with Cisco to create a digital-ready foundation for its SmartCenter initiative. The blueprint employed Cisco UCS, Cisco networking, mobility, collaboration, analytics, and software solutions to help make the retailer’s IT more agile, and its innovation more accessible. The entire solution was based on a Cisco Digital Network Architecture (Cisco DNA™) for retail, which uses automation to simplify network management, analytics to provide customer insights, and embedded security everywhere.

In addition, Cisco wireless solutions support a public high-density Wi-Fi network that delivers a premium customer experience where visitors can enjoy wireless connectivity everywhere, taking advantage of applications such as self-service ordering and checkout, as well as easier customer returns. Using Wayfinding navigation tools, visitors can quickly find the retailer, dining, or entertainment for which they are looking, while the mall engages visitors with event-driven personalized messaging.

The Cisco Advantage


To gain better insight into its shoppers and operations, Westfield utilized Cisco Connected Mobile Experience (CMX)Advanced analytics. With a better understanding of customer behavior, the mall can now enhance the delivery and relevance of ads and promotions, as well as optimize the layout of its tenant locations and its lease rates.

Westfield also applied its end-to-end SmartCenter environment to non-retail operations, such as parking and energy management.

Future-Proofing


Knowing it needed to deploy the SmartCenter solution to its other flagship properties, Westfield also utilized the Cisco enterprise agreement to help simplify complex licensing, while including an allowance for growth and scalability.

“We couldn’t succeed without the right partners, and Cisco has been just amazing,” said Denise Taylor, Westfield CIO. “The enterprise agreement allowed us to be very agile. It became the building block of how we future-proofed our centers, enabling us to be nimble and flexible to make adjustments as necessary as our industry continues to evolve.”

From Shopping Center to Destination


Westfield defined new levels of retail innovation through digitization and Cisco’s support, replicating its SmartCenter model and employing it as a blueprint that it can apply to other properties around the globe in the future.

With Cisco’s help, the company is expecting a dramatic return on its investment (ROI) for the multiphase deployment, projecting a 100 percent increase in customer data capture and a 50 percent increase in digital advertising revenues. As it adds more digital value across its properties, the firm also anticipates a 10 percent increase in tenant revenue.

With a solid SmartCenter vision and an end-to-end data strategy across the entire shopper journey, Westfield continues to build a new business model that redefines the mall experience. Through digital transformation and a strong partnership with Cisco, Westfield is disrupting an industry in the midst of change.

Sunday, 29 December 2019

Chipping Away at S/4 HANA Migration challenges

Gaining competitive advantage with digital transformation is a balancing act of value and cost.  Delivering incremental value at a high cost is not advantageous, and S/4 HANA business process migration can be expensive.

Cisco Tutorial and Materials, Cisco Learning, Cisco Online Exam, Cisco Study Materials

Cisco, Intel and SAP have partnered to deliver a solution that increases the value of the S/4 HANA migration while decreasing the cost, and potentially reducing the migration challenges.  We achieved by incorporating the Intel Optane Datacenter Persistent Memory into Cisco UCS solutions for SAP HANA.

Intel Optane Datacenter Persistent Memory and the SAP Value


The Intel Optane DC PMEM is a persistent memory device that sits directly on the memory bus of the server system board sharing the memory space with the existing dynamic memory.  This new device retains the data stored when the server power is turned off and is immediately available for usage when the server power is restored, and the SAP HANA database restarted.  The new persistent memory is available in three memory sizes; 128G DIMMs, 256G DIMMs and 512G DIMMs.

This new combination of dynamic memory and persistent memory provides three interrelated benefits which result in reduced total cost of ownership without impacting the in-memory performance.

Value #1: Realizing Real Cost Savings

First, the Intel Optane DC PMEM has a lower price per TB than industry standard dynamic memory.  A direct comparison of the 128G DRAM DIMM and the 128G PMEM DIMM results in an estimated 50% cost reduction when replacing DRAM with PMEM.  The value- a direct 25% reduction in the SAP HANA server acquisition cost.  This is a very real savings when you consider almost all S/4 HANA migrations have at least 3 SAP HANA servers.  This price comparison will vary as the volatile price of memory changes.

Value #2: Increased memory capacity without excessive costs

The Optane DC PMEM are available in larger capacity sizes ranging from 128G to 512G resulting in larger capacity without significantly increasing cost.  It is now possible to build a 4-socket UCS B480 server with 6T of Optane PMEM SAP HANA data tables space.  Before Optane PMEM this size of data table space required an expensive 8-socket server fully loaded with 96 128G DRAM DIMMs.  And the interesting fact is this increased capacity 4-socket server is almost the same price as a traditional 4-socket DRAM-only server with only 3T of SAP HANA data table capacity.  12T of SAP HANA data tables can also be supported on a 4S system for customers with deep pockets.

Value #3: Reduce planned downtime

A traditional 6T SAP HANA database can take over 65 minutes or more to reload into memory significantly increasing the time needed for planned downtimes.  The Optane PMEM saves the data in the memory devices and presents the data immediately when SAP HANA is restarted.  This decreases the restart time to well below the 65 minutes, many times decreasing the restart time by a factor of 12 or more.  System recovery for planned downtime can be significantly reduced resulting in less time needed for productive system maintenance.

Special S/4 HANA and BW/4 HANA Server Opportunity


Deciding when to migrate your workload to SAP HANA or to refresh your existing landscape is a difficult decision.  Cisco and Intel are announcing a short-term program to make that decision a little easier.  Cisco has created four unique SAP HANA server products that provide even more price value than just the Optane pricing.  These 4 servers enjoy not only the 25% cost savings associated with Optane PMEM pricing, but a nearly additional 20% special saving to help reduce the cost of SAP HANA migration and refresh programs.  Combine this SAP HANA server with the newly enabled S/4 HANA and BW/HANA Landscape bundles to create an end to end landscape solution for your S/4 HANA or BW/4 HANA migration program.

Migrating to SAP S/4 HANA presents challenges and risks.  Confidently accelerate SAP modernization and migration efforts with these new Cisco® SAP solution packages. Fast-track your SAP HANA andS/4 HANA projects by applying your realized CapEx infrastructure savings toward SAP migration services.

Now you can easily test drive Intel Optane DC persistent memory and discover Optane’s SAP HANA value.

Saturday, 28 December 2019

Where’s my Endpoint?

Cisco Study Materials, Cisco Guides, Cisco Certifications, Cisco Guides, Cisco Online Exam, Cisco Exam Prep

Is there a way to know what endpoints are alive within your data center at this moment? Is it possible to continuously monitor the life of every endpoint – be it a Virtual Machine (VM), a physical host or even a container ? Enter Endpoint Locator or EPL!

With DCNM available as a manager for data center fabrics, we decided to incorporate EPL directly into DCNM. EPL has been shipping as a preview feature in DCNM since November 2016. General availability of this feature is now available with the DCNM 10.2(1) May 2017 release.

Cisco Study Materials, Cisco Guides, Cisco Certifications, Cisco Guides, Cisco Online Exam, Cisco Exam Prep

For a VXLAN BGP EVPN based data center fabric, Endpoint Locator provides near real-time tracking of every endpoint. Events such as endpoint coming up, endpoint going down, or endpoint move are now visible with a few simple clicks. EPL supports all kinds of endpoints, be it IPv4, IPv6 or Dual-Stack. In fact, EPL can literally locate anything with a MAC or IP address.

To provide context to the detected endpoint itself, additional information is gathered and correlated, resulting in a multitude of data points at your fingertips. Find your endpoints physical location with the reference to the associated switch and connected physical interface. Add in logical information such as VLAN, VRF or VNIs. The ease of access and visibility of such information within the data center is unprecedented for data center fabrics.

Once EPL is enabled via a simple wizard, it starts gathering information about existing endpoints and from then onward, all network events associated with the endpoint will be tracked.

Apart from a live endpoint dashboard, EPL also displays endpoint historical information for a time period specified in absolute or relative data ranges. The endpoints can be filtered by a variety of parameters including the VRF, network identifier, switch name, etc. Any search results are available for instant download.

In addition to the dashboard, EPL offers a set of Operational and Exploratory analytics views that are based on the collected endpoint data.

◉ Network Historical View – Displays daily historical information about endpoints, networks, and VRFs in terms of currently active endpoints, endpoint additions & deletions.

◉ Operational Heatmap – Displays holistic information on all the operations that have been occurring in the fabric on an hourly basis.

◉ Endpoint Life – Displays a timeline of a particular endpoint throughout its entire existence within the fabric showing where the endpoint was located and where it has moved.


Stay tuned for more innovations like these which drive operational simplicity and visibility into data center fabrics using DCNM.

A Special acknowledgement to Shyam Kapadia for being the primary development lead for EPL; our journey started with an innocent break room conversation about a customer problem with respect to workload visibility.

Thursday, 26 December 2019

Do the Impossible: Deliver the Best Collaboration Experience and Secure Sensitive Data with Cisco’s Extended Secur …

Security is Paramount, and Cisco Webex is the Market Leader


Security is critical for any collaboration deployment because employees inevitably share sensitive data and intellectual property. Building out security is hard as it’s not a standalone feature that can be built in isolation. It is a platform-level capability that needs to be designed for every component and every feature support must comply with it to be effective.

Cisco Study Materials, Cisco Guides, Cisco Learning, Cisco Tutorial and Materials, Cisco Prep

Cisco has security in its DNA from the network to devices to the cloud. Cisco Webex was architected with a 360 approach to security. We looked at the full attack surface and possible threat vectors to build controls and mitigations while providing the best user experience, and enabling users to securely collaborate with users outside of their companies and support their personal devices.

Customer Challenges


Users are increasingly using collaboration tools to do their job – and it often involves sensitive data – whether it’s intellectual property, personally identifying information or financial information. Line of business executives and IT administrators are concerned about data loss especially when their users are collaborating externally. As an open platform, Webex has an events API and one of the largest compliance and Data Loss Prevention (DLP) partner ecosystems in the industry to address these concerns.

However, many of our customers do not have a central DLP solution deployed and this stalls rollout of modern collaboration tools. Even if some customers deploy these tools, IT admins end up blocking collaboration with external users and use of personal devices in order to mitigate these data loss risks.

Not only does this impact employee adoption of these tools, it increases data loss and malware exposure as users start using non-sanctioned consumer collaboration apps to get the job done.

Extended Security Pack Solution


I am thrilled to announce a new Collaboration Flex add-on offer – the Cisco Webex Control Hub Extended Security Pack – a Cisco-on-Cisco best of breed solution to this customer problem that packages full functionality Cisco Cloudlock for Webex Teams with native Webex anti-malware capabilities powered by Cisco Talos ClamAV in Webex Cloud.

The new Extended Security Pack is available now and enables our customers to safely and securely rollout modern collaboration with best user experience.

Cisco Study Materials, Cisco Guides, Cisco Learning, Cisco Tutorial and Materials, Cisco Prep

Cloudlock DLP policies follow your employees even when they collaborate with external users. And our anti-malware solution will block infected files from being downloaded and malicious URLs will not be expanded and clearly marked for end-users.

Peace of Mind Through Industry Leading Webex Teams Security


We firmly believe that every customer is different and there is “no one size fits all” security model, and therefore IT Admins can choose Webex Control Hub policies to match Webex security to their risk profile. We are announcing new controls to manage 3rd party integrations like JIRA, Box, and Smartsheet into Webex. The ability to manage bots and whitelist external domains for collaboration will be available in October. In addition, Control Hub now supports active directory groups for automatic license assignment based on your geography, role or other criteria.

We are very excited to partner with ThetaLake to support AI-based archiving, eDiscovery, and supervision for Webex Meetings recordings with automated detection of compliance risks in audio and visual content, including screenshares.

The new Control Hub search and extraction tool is available now and will support large lawsuits and investigations by allowing hundreds of users in one query. In addition, a simple EML export mechanism will allow faster integration into eDiscovery tools and quick viewing of extracted content for internal investigations.

Trust and Protection You Can Count on 


Webex has tight controls on privacy and personal identifiable information and supports various cross-border frameworks and is GDPR compliant. ISO 27018 is the first certification to focus on privacy and PII controls and Webex Meetings and Teams have passed the ISO27018 audit.

Webex is adding new built-in mobile application management (MAM) capabilities to set up a timeout for Teams mobile client with application PIN lock and an ability to block notifications with message content on lock screen. In addition, we are proud to announce a common mechanism for customers to wrap all Webex mobiles apps (Meetings, Teams and Jabber) using their favorite MAM SDK starting October 2019.

Wednesday, 25 December 2019

The 3 W’s in Zero Trust Security

Picture this scenario: you are a security guard at an office building. Today you are looking after a restricted area. A person you’ve never seen before walks straight past you into one of the rooms. Would you stop them or would you just assume they are allowed to be there?

In a physical world, trust is most commonly based on who you are, not where you are. A savvy security guard would ask you for your ID before allowing you in. Virtually, though, the situation is different: being in the right place is often enough. If you are inside of a company’s network perimeter, it is often assumed you have the right to be there. You gain access to the same data and tools that any other trusted user would. It’s clear that such an approach is no longer enough.

Zero trust security comes in as an alternative model, more in line with the current threat landscape.  It is based on the principle of “always check, never trust“, originally introduced by Forrester. It takes into account 3 main factors:

◉ Workforce: Employees are at risk of identity theft, which is one of the most widespread types of fraud today.

◉ Workload: New vulnerabilities in applications and their improper management open highways for cybercriminals.

◉ Workplace: With more and more connected devices, the workspace has extended far beyond the four walls of you company building.

Moving from a perimeter model to Zero Trust means assessing, adapting and implementing new security policies that address threats in a constantly changing environment. In this trust-centric approach access is granted to users and devices, not a network.

Cisco Tutorial and Materials, Cisco Learning, Cisco Online Exam, Cisco Security

This means that policies now need to be calculated based on a vast number of data sources. All network activities must be continuously taken into account. Any indications of compromise or changes in the behaviour of apps, users and devices must be examined, validated and receive immediate responses.

How to apply a Zero Trust model


Cisco’s practical approach to Zero Trust includes six important steps.

1. Establish levels of trust for users and user devices (identity verification with multi-factor authentication and device status, which must be compliant and properly updated)
2. Establish levels of reliability for IoT and/or workloads (profile and baseline)
3. Establish SD perimeters to control access to the application (authorised access)
4. Establish SD perimeters to control access to the network (segmentation and micro-segmentation)
5. Automate the adaptive policy using normalisation (network, data centre and cloud)
6. Automate the adaptive policy using the response to threats (adapt the level of trust)

Cisco Tutorial and Materials, Cisco Learning, Cisco Online Exam, Cisco Security

Zero Trust Security involves people, processes and technology in its adoption. It can provide a roadmap for a truly efficient and automated security infrastructure.

Tuesday, 24 December 2019

Ransomware in Education: How to use your Network to Stay Ahead of Attacks

Cisco Study Materials, Cisco Guides, Cisco Certifications, Cisco Exam Prep

Educational institution systems store a large amount of sensitive data, including student and employee records. They rely heavily on these systems for day-to-day operations. So any disruption or loss of access can be a game changer. But these same institutions also often have tight budgets and can’t afford to employ large security teams. That’s one reason they’re perceived as easy and lucrative targets by online adversaries.

A typical response may be to deploy multiple security technologies to block threats from entering your organization at various attack vectors, and you should continue to do so. However, just relying on these techniques isn’t enough since 100% prevention is not possible in today’s complex threat landscape. That’s where continuous monitoring of your network’s behavior comes in. By using this approach, you can help detect and respond to a ransomware attack more quickly and effectively.

How to stay ahead of cyber threats


Your network is a source-of-truth of every activity – normal or malicious. Adversaries must use your network in order to carry out their malicious objectives. Because of this, collecting and analyzing your network telemetry is an effective way of detecting advanced threats, like ransomware. Here’s how it helps you.

◉ Detect threats early by pinpointing suspicious behavior. Ransomware attacks are generally initiated through methods like a phishing email or exploitation of a vulnerability. It might involve behavior such as port scanning, command-and-control (C&C) communication back to the attacker network, etc. Whatever means the attackers use, the activity touches the network. By using behavioral modeling, this kind of activity can be easily detected. You can also create custom security policy alerts to detect restricted communications such as use of SMB protocol, or access to sensitive data servers from outside the network. So even if the ransomware is an unknown strain and has infected the organization, the anomalous behavior will give the attackers away.

◉ Correlate local alerts to global campaigns. Attackers often reuse ransomware strains to infiltrate multiple organizations. An effective network security analytics solution is powered by industry-leading threat intelligence that has the knowledge of all the malicious domains, servers, campaigns, and other indicators of compromise. Using multiple analytical techniques like statistical modeling and machine learning, billions of network sessions within your organization can be processed and correlated to global campaigns, in order to pinpoint attacks and then quickly remediate.

◉ Perform forensic analysis for incident response. Your organization has been infected, and you have been immediately notified through alerts of the ransomware attack. Now what? Time is of the essence and your security teams need to answer questions like what machines have been infected, what was the source of the attack, and where are communications occurring? Because you have a record of every network communication, you can begin from the alert and investigate back in time to conduct a thorough forensic analysis to answer those questions and contain the ransomware.

Industry-leading network visibility and security analytics


The capabilities described above are offered by Cisco’s network traffic analysis solution, called Cisco Stealthwatch. It provides enterprise-wide visibility, from the private network to the public cloud, and applies advanced security analytics to detect and respond to threats in real-time.

By using a combination of behavioral modeling, machine learning, and global threat intelligence, Stealthwatch can quickly (and with high confidence) detect threats such as:

◉ C&C attacks
◉ Ransomware
◉ DDoS attacks
◉ Illicit cryptomining
◉ Unknown malware
◉ Insider threats.

With a single, agentless solution, you get comprehensive threat monitoring across your data center, branch, endpoint, and cloud. Plus, it can also analyze encrypted traffic for threats, without any decryption, using our proprietary Encrypted Traffic Analytics technology.

Cisco Study Materials, Cisco Guides, Cisco Certifications, Cisco Exam Prep
Stealthwatch can detect ransomware hiding in encrypted traffic, and can also correlate it to global campaigns like WannaCry.

By deploying Stealthwatch, you can turn your network into a “threat sensor” by simply collecting telemetry such as NetFlow. And there is no need to deploy multiple agents. Stealthwatch can be deployed easily. Best of all, it scales automatically with your infrastructure, growing as your needs grow.