An Overview of Zero Trust Architecture, According to NIST

While ZTA is already present in many cybersecurity policies and programs that sought to restrict access to data and resources, this document is intended to both “abstractly define” ZTA and provide more guidance on deployment models, uses cases and roadmaps to implementation.

What’s the problem they’re trying to solve? Agencies and enterprise networks have given authorized users broad access to resources, since they’ve traditionally focused on perimeter defenses. But that’s led to lateral movement within the network – one of the biggest security challenges for federal agencies.

Realistically, NIST recognizes that the migration to a ZTA is more of a journey rather than a complete replacement of an enterprise’s infrastructure. Most enterprises will likely continue to operate in a hybrid model – of both zero trust + legacy mode – for awhile as they continue their IT modernization investments.

And despite the misleading name, they state that ZTA is not a single network architecture, but rather a set of guiding principles.

The overall design denotes:

◉ A shift away from wide network perimeters to a narrower focus on protecting individual or small groups of resources
◉ No implicit trust is granted to systems based on their physical or network location

While traditional methods block attacks coming from the internet, they may not be effective at detecting or blocking attacks originating from inside the network.

ZTA seeks to focus on the crux of the issue, which NIST defines as two main objectives:

1. Eliminate unauthorized access to data and services
2. Make the access control enforcement as granular as possible

Zero Trust Architecture Tenets

NIST lists out a few conceptual guidelines that the design and deployment of a ZTA should align with (summarized for brevity below):

1. All data and computing services are considered resources. For example, an enterprise might classify personally-owned devices as resources, if they’re allowed to access enterprise resources.

2. All communication is secure regardless of network location. This means access requests from within the network must meet the same security requirements as those from outside of it, and communication must be encrypted and authenticated.

3. Access to individual enterprise resources is granted on a per-connection basis. The trust of whatever is requesting access is evaluated before granted access – authentication to one resource doesn’t automatically mean they get access to another resource.

4. Access to resources is determined by policy, including the state of user identity and the requesting system, and may include other behavioral attributes. NIST defines ‘user identity’ as a network account used to request access, plus any enterprise-assigned attributes to that account. A ‘requesting system’ refers to device characteristics (software versions, network location, etc.). ‘Behavioral attributes’ include user & device analytics, any behavior deviations from baselined patterns.

5. The enterprise ensures all owned and associated systems are in the most secure state possible, while monitoring systems to ensure they remain secure. Enterprises need to monitor the state of systems and apply patches or fixes as needed – any systems discovered to be vulnerable or non-enterprise owned may be denied access to enterprise resources.

6. User authentication is dynamic and strictly enforced before access is allowed. NIST refers to this as a ‘constant cycle of access’ of threat assessment and continuous authentication, requiring user provisioning and authorization (the use of MFA for access to enterprise resources), as well as continuous monitoring and re-authentication throughout user interaction.

Zero Trust Architecture Threats

What follows is a summary of some of the key potential ZTA threats listed in the publication:

Insider Threat

To reduce the risk of an insider threat, a ZTA can:

◉ Prevent a compromised account or system from accessing resources outside of how it’s intended
◉ MFA for network access can reduce the risk of access from a compromised account
◉ Prevent compromised accounts or systems from moving laterally through the network
◉ Using context to detect any access activity outside of the norm and block account or system access

To prevent the threat of unauthorized access, Duo provides MFA for every application, as part of the Cisco Zero Trust framework. An additional layer of identity verification can help mitigate attacker access using stolen passwords or brute-force attacks. That paired with Duo’s device insight and policies provides a solid foundation for zero trust for the workforce.

Learn more about Duo’s new federal editions tailored to align with:

◉ FedRAMP/FISMA security controls
◉ NIST’s Digital Identity Guidelines (NIST SP 800-63-3)
◉ FIPS 140-2 compliance

Network Visibility

In a ZTA, all traffic should be inspected, logged and analyzed to identify and respond to network attacks against the enterprise. But some enterprise network traffic may be difficult to monitor, as it comes from third-party systems or applications that cannot be examined due to encrypted traffic.

In this situation, NIST recommends collecting encrypted traffic metadata and analyzing it to detect malware or attackers on the network. It also references Cisco’s research on machine learning techniques for encrypted traffic (section 5.4, page 22):

“The enterprise can collect metadata about the encrypted traffic and use that to detect possible malware communicating on the network or an active attacker. Machine learning techniques [Anderson] can be used to analyze traffic that cannot be decrypted and examined. Employing this type of machine learning would allow the enterprise to categorize traffic as valid or possibly malicious and subject to remediation.”

Cisco Encrypted Traffic Analytics (ETA) allows you to detect and mitigate network threats in encrypted traffic to gain deeper insight without decryption. It also allows you to quickly contain infected devices and uses, while securing your network. Paired with Cisco Stealthwatch, you can get real-time monitoring using machine learning and context-aware analysis.

Zero Trust Architecture: Continuous Monitoring

The publication also references having a strong Continuing Diagnostics and Mitigations (CDM) program as “key to the success of ZTA.”

This is a complete inventory of physical and virtual assets. In order to protect systems, agencies need insight into everything on their infrastructure:

◉ What’s connected? The devices, applications and services used; as well as the security posture, vulnerabilities and threats associated.

◉ Who’s using the network? The internal and external users, including any (non-person) entities acting autonomously, like service accounts that interact with resources.

◉ What is happening on the network? Insight into the traffic patterns, messages and communication between systems.

◉ How is data protected? Enterprise policies for how information is protected, both at rest and in transit.

Having visibility into the different areas of connectivity and access provides a baseline to start evaluating and responding to activity on and off the network.

Cisco Zero Trust

Asking the above discovery questions and finding a solution that can accurately and comprehensively answer them can be challenging, as it requires user, device, system and application telemetry that spans your entire IT environment – from the local corporate network to branches to the multi-cloud; encompassing all types of users from employees to vendors to contractors to remote workers, etc.

Get visibility into everything on your infrastructure, and get control over who can access what, on an ongoing basis. Cisco Zero Trust provides a comprehensive approach to securing all access across your applications and environment, from any user, device and location. It protects your workforce, workloads and workplace.

It is comprised of a portfolio of the three following primary products:

◉ To protect the workforce, Duo Security ensures that only the right users and secure devices can access applications.

◉ To protect workloads, Tetration secures all connections within your apps, across multi-cloud.

◉ To protect the workplace, SD-Access secures all user and device connections across your network, including IoT.

This complete zero-trust security model allows you to mitigate, detect and respond to risks across your environment. Verifying trust before granting access across your applications, devices and networks can help protect against identity-based and other access security risks.

Continue reading

Datacenter Security: How to Balance Business Agility with Great Protection

When IDC consults with enterprise customers or performs world wide surveys, security is invariably an acute concern. That’s regardless of geography, industry, and identity of respondent (executive, LoB, IT, DevOps, etc.). While the challenge of providing protection and security extends across all places in the network, the problem is especially vexing in the datacenter.

There’s good reason for that, of course. The parameters of the datacenter have been redrawn by the unrelenting imperative of digital transformation and the embrace of multicloud, which together have had substantive implications for workload protection and data security.

As workloads become distributed – residing in on-premises enterprise datacenters, in co-location facilities, in public clouds, and also in edge environments – networking and network-security challenges proliferate and become more distributed in nature. Not only are these workloads distributed, but they’re increasingly dynamic and portable, subject to migration and movement between on-premises datacenters and public clouds.

Data proliferates in lockstep with these increasingly distributed workloads. This data can inform and enhance the digital experiences and productivity of employees, contractors, business partners, and customers, all of whom regularly interact with applications residing across a distributed environment of datacenters. The value of datacenters is ever greater, but so are the risks of data breaches and thefts, perpetrated by malevolent parties that are increasingly sophisticated.

In that cloud is not only a destination but also an operating model, the rise of cloud-native applications and DevOps practices have added further complications. As DevOps teams adopt continuous integration and continuous deployment (CI/CD) to keep up with the need for business speed and as developers leverage containers and microservices for agility and simplicity, traditional security paradigms – predicated on sometimes rigid controls and restrictions – are under unprecedented pressure. For enterprises, the choice seems to be between the agility of cloud and cloud-native application environments on one side and the control and safety of traditional datacenter-security practices on the other.

Perhaps that isn’t true, though. There is a way to move forward that gives organizations both agility and effective security controls, without compromise on either front. Put another way, there needn’t a permanent unresolved tension between the need for business agility and the require for strong security, capable of providing the controls that organizations want while aligning more closely with business outcomes.

The first step toward this goal involves achieving visibility. If you can’t see threats, you can’t protect against them. This visibility must be both pervasive and real-time, capable of sensing and facilitating responses to anomalies and threats that span users, devices, applications, workloads, and processes (workflow). From a network standpoint, visibility must be available within datacenters – into north-south and east-west traffic flows –between them, and out to campus and branch sites as well as to clouds. The visibility should extend up the stack, too, all the way to application components and behavior, giving organizations views into potentially malicious activity such as data exfiltration and the horizontal spread of malware from server to server.

Once visibility is achieved, organizations can leverage the insights it provides to implement policy-based segmentation comprehensively and effectively, mitigating lateral propagation of attacks within and between datacenters and preventing bad actors from gaining access to high-value datacenter assets.

The foundations of visibility and policy-based segmentation, in turn, facilitate a holistic approach to threat protection, helping to establish an extensive network of capabilities and defenses that can quickly detect and respond to threats and vulnerabilities before they result in data loss or prohibitively costly business disruptions.

While it might seem that cloud-era business agility and effective security are irreconcilable interests, there is a path forward that merges the two in unqualified alignment.

Continue reading

Enterprise Networking Business 2019 Year in Review

Towards the end of this busy and innovative year, Cisco leadership decided to combine several businesses under one leader, SVP/GM Scott Harrell, to create the Intent-Based Networking Group. So, what is the meaning in a change of names? The new organization consists of engineering and product marketing teams from Enterprise Networking and Data Center, with a renewed focus on creating deep multi-domain integrations across wireless, wired, data center, cloud, and SD-WAN/edge computing.

The name change represents how we are focusing on solving customer challenges with complete intent-based networking solutions. As enterprises enhance the ways their workforce connects and collaborates, Cisco is there. As organizations move applications and data resources to multiple cloud platforms to improve flexibility and responsiveness of business processes, Cisco is there. When branch offices need to connect to SaaS applications over the internet, Cisco is there to secure the data, devices, and provide high quality of experience to the distributed workforce.

In this review of 2019 achievements, both technical and cultural, we will take a closer look at how our engineering teams’ accomplishments have benefited enterprises large and small, in every region in the world. Throughout this post, I’ll highlight products and solutions with links to past blog posts and external articles for deeper dives.

Solving Customer Digital Transformation Challenges

Everything we design, code, and manufacture is created to support our customers’ digital transformation journey with multi-domain connectivity, built-in security, and high-availability.

Expanding Wireless Connectivity with Wi-Fi 6

Top of mind for many organizations in 2019 was the arrival of Wi-Fi 6. Wireless connectivity is the preferred method of connecting devices to enterprise networks, applications in the cloud, and internet data sources. The next generation of faster, lower latency, and higher density wireless communications is already replacing the existing wireless LAN infrastructure and it is expected to be a high-priority, multi-year project for organizations of all sizes. To support this major transition, Cisco engineering created the Catalyst Access Points and Wireless LAN Controllers to exceed the Wi-Fi 6 standard, incorporating innovative features such as Flexible Radio Assignment, real-time analytics, integrated security, and intelligent capture. In addition, we introduced new Catalyst 9000 switches to unite the new faster and higher bandwidth wireless networks with the wired campus.

Many new enterprise endeavors are already relying on Cisco Wi-Fi 6 wireless technology to bring fast connections in high-density sites and in complex facilities, such as manufacturing, where older Wi-Fi bersions struggled to work at all. There will be even more innovations ahead as we work to connect the proliferation of IoT devices with Wi-Fi 6 with its power-saving capabilities to conserve IoT device battery life and the new Catalyst IE3k Rugged Series Switches.

As telecommunications service providers expand their 5G footprints, Cisco is providing methods for integrating the two wireless networks to deliver seamless connectivity and take full advantage of network slicing to provide specialized services to enterprise applications governed by common security policies. Wi-Fi 6 was a big leap in 2019 and will be even more important as enterprise workforces continue to be more distributed and mobile, while the business applications people need to access are hosted in multiple cloud platforms.

Uniting Campus and Branch with Cloud Resources using SD-WAN

2019 was also the year that Cisco SD-WAN powered by Viptela became the go-to solution for uniting a distributed workforce in branch offices, retail stores, and partners’ systems with cloud and SaaS applications. We built-in full stack security to ensure that using direct internet connections at branch locations to connect to cloud applications doesn’t expose data and devices to external and internal security threats. With centralized cloud management, Cisco SD-WAN connects remote offices with zero-touch edge routers, traffic segmentation, and threat detection using built-in Application-Aware Enterprise Firewall, intrusion detection system, and URL-filtering with Cisco Umbrella. As a result of these enhancements, Cisco SD-WAN was given a coveted CRN Product of the Year award.

Our next goal for SD-WAN last year was to ensure a high quality of experience (QoE) for cloud and SaaS applications being accessed by a distributed workforce. Working with cloud application providers, such as Microsoft and their Office 365 applications, we built Cloud OnRamps that automatically connect workers at branch offices with the nearest, or most efficient, point of presence for the desired application via the SD-WAN. Cisco Cloud OnRamps monitor and adjust traffic to ensure the best level of performance for the primary cloud application providers.

Taking the OnRamp concept one step further, we developed Cloud OnRamps for CoLocation for regional point of presence and IaaS centers. This advancement creates transport-independent connections to regional hubs to service multiple branches and business sites to provide high QoE for applications. The regional aspect of the colocation also addresses the need for some enterprises to keep certain types of personal data local, versus storing it in global clouds, while providing an SD-WAN fabric that is easy to manage from a central console.

Augmenting NetOps Skills with AI and Machine Reasoning

Just because networks grow in complexity doesn’t mean they have to be complicated to manage. But trying to make sense of the billions of data points generated by campus-sized networks of switches, routers, and access points can quickly overwhelm an IT team. Using machine learning, machine reasoning, and artificial intelligence algorithms to analyze the vast data lakes of telemetry to determine norms and anomalies, we developed Cisco AI Network Analytics to help IT navigate the torrents of network telemetry to zero-in on time-critical problems. Applying machine reasoning to the analysis of network anomalies leverages thousands of man-hours of Cisco troubleshooting knowledge to suggest the correct remedies for many challenging issues.

Empowering IT with an Architecture for Access Control

To simplify the complexity of campus to branch to cloud connectivity, we augmented Cisco SD-Access with additional intelligence to translate business intents into segmentation and security polices—a foundational aspect of intent-based networking. SD-Access shifts the workload from IT staff performing routine tasks of onboarding individual devices and managing network configurations, to building intelligence into the network. The network learns to manage itself by, for example, automatically onboarding specific device types with pre-determined security and access policies that follow people and devices across the wired and wireless fabrics, from ground to cloud.

We also improved the Cisco Identity Services Engine (ISE) to work with multiple Cisco DNA Centers. This enables regional Cisco DNA Centers to leverage a master instance of Cisco ISE so that SD-Access can apply access and segmentation policies across each region. With this capability, SD-Access ensures that security and access policies defined by corporate IT are implemented consistently across global networks, while enabling regional control over specific aspects of workforce and device rules.

Focusing on Innovations in Connectivity Solutions

At several 2019 events, Cisco had the opportunity to demonstrate OpenRoaming, an open method of enabling mobile devices to automatically and securely connect to Wi-Fi networks without entering IDs and passwords. We created the OpenRoaming Federation ecosystem with partners such as Apple, Intel, and Samsung. As the Federation grows with additional device and access providers, the general public will be able to seamlessly connect to authorized Wi-Fi networks in stores, public spaces, and offices without manually signing in to captive portals with IDs and passwords. OpenRoaming unites wireless connectivity from LTE, 5G, and Wi-Fi to provide continuous internet connectivity to the applications people depend on for collaboration, finance, shopping, and community. Last year, OpenRoaming was demonstrated in real-world environments such as Mobile World Congress in Barcelona, Cisco Live in San Diego, Cisco Impact in Las Vegas, and a public trial at the Canary Wharf Group business center in London.

Building on the premise of always-on connectivity for mobile devices with OpenRoaming, we released the Cisco DNA Spaces Cloud Location Platform to empower property managers to interact with guests’ devices to offer location-specific services, wayfinding, and customized experiences. For sites that already use Cisco access points, capabilities such as Operational Insights, Locate, and Detect are available through Cisco DNA Center and the DNA Spaces SDK for building custom location apps, with no need for additional hardware or software overlays. Physical spaces become digital spaces that improve customer service by measuring and understanding the habits and preferences of guests using wireless devices.

Worldwide Events Bring Cisco Customers and Engineers Together

Like most technology companies, Cisco often announces new solutions sets in conjunction with customer and partner events that provide an opportunity to receive immediate feedback from customers, industry analysts, and the technology press. This year we used events to unveil and demonstrate:

◉ OpenRoaming and DNA Spaces Cloud Platform at Cisco Live Barcelona

◉ Wi-Fi 6 Catalyst Access Points and Wireless Controllers at Cisco Live Melbourne

◉ Cisco AI Network Analytics at Cisco Live San Diego

◉ SD-WAN integration with MS Azure vWAN and Office 365 at Partner Summit

◉ SD-WAN integration with AWS Transit Gateway at AWS re:Invent

Being Inclusive and Innovative Makes Cisco the #1 Place to Work

Cisco stands committed to empowering business, society, and people to help develop a more Inclusive Future for all stakeholders. Our investments in Country Digital Acceleration (CDA) goes hand in hand with our People, Culture, and Social Impact initiatives to solve some of the world’s most challenging problems.

Our innovation mindset in Enterprise Network engineering produces an average of 300 patents a year. To turbocharge our internal thinking, we host or participate in multiple events throughout the year. For example, our annual EN Hackathon combines team building with technical prowess and a healthy portion of fun, to generate original prototypes that could one day become products that solve customer challenges. The Pioneer Awards represent a similar take on innovation, but with a focus on solutions brought to market that are making a significant impact—the Cisco AP4800 with Location-based Intelligent Capture was this year’s best product, and the best productivity solution went to WARP (Workflow Architecture Renewal Program), which is key to keeping the IOS XE network operating system up-to-date. Engineers also attend external events—such as the Grace Hopper Celebration and Women of Impact—to broaden their thinking and make new professional connections.

One result of these internal and external celebrations of innovation is that Cisco was named #1 World’s Best Workplaces by Great Place to Work in 2019, capping off a year of employee engagement and Cisco’s Corporate Social Responsibility (CSR) in a wide variety of social endeavors around the world.

Enterprise Network Engineering is a significant driver of Cisco solutions. We take great pride in our innovations and progress in producing quality solutions for our worldwide customers. Now that we are an integral part of the larger Intent-Based Networking Group, I personally look forward to the amazing journey ahead in 2020.

Continue reading

How we take our culture to the next level with Conscious Culture

A company’s culture can be its greatest asset. Unfortunately, you don’t have to look far to find companies where culture isn’t working. Places with problems like unethical behavior, discrimination, and harassment. And employees who are afraid to speak their mind.

Cisco aims to help set a new standard, reinforcing the values and behaviors that make this a great place to work. In FY19, we built upon our solid foundation and started defining culture using a new framework. We call it “Conscious Culture.” It has three components:

◉ An inclusive, diverse environment that positively impacts people, society, and the planet.

◉ The typical traits of our culture, such as our unique beliefs, behaviors, and principles.

◉ The everyday interactions people have with their leaders and colleagues.

Many companies focus on only one of these three aspects of culture. Bringing all three pieces together is what sets Cisco apart. And this culture is “conscious”—aware and accountable for what’s working, what’s not, and how we can improve. When we see or experience something, like harassment by a manager or a violation of our Code of Conduct, we say something. Employees can protect our culture by sharing concerns with our Ethics Office. As part of Conscious Culture’s debut, we shared metrics internally regarding concerns our employees reported—issues like bullying and other negative behavior. We’ll continue to do so every six months, as well as sharing how concerns are handled. But Conscious Culture is more than addressing concerns. It affects every aspect of how our people work and interact. Now, business functions across Cisco are determining how to apply Conscious Culture to their practices. As this journey progresses, the result will be better employee engagement. And in turn, better experiences for our customers and communities.

One example of the implementation of Conscious Culture at Cisco is our no shame, no stigma campaign around mental health.

Over the past year, Cisco has made it a priority to not only end the taboo against talking about mental health but encourage people to ask for help. It all started with an email. In 2018, in the face of growing concerns about mental health in society, Cisco CEO Chuck Robbins sent an email to all Cisco employees. In it, he expressed Cisco’s concern for those who are struggling, sharing that no one needs to go it alone.

The response was overwhelming. Robbins received more than 100 replies from employees saying thanks and sharing stories of themselves and their loved ones. Since then, even more people have courageously spoken about personal struggles in company blog posts and the Cisco Beat.

This response has awakened us to an issue that wasn’t being addressed. Consider the statistics: about one in five U.S. adults lives with a mental health condition. Yet many people are still uncomfortable talking about these issues. Cisco is breaking the silence. We want everyone to know that it’s okay to not be okay. By decreasing the stigma and broadening the resources we offer, we hope to encourage people to get the help they need.  And change the conversation about mental health across our industry.

Continue reading

Bridging the divide: Getting IT and OT to work together for industrial IoT

Industrial IoT has the potential to transform business processes in manufacturing, oil and gas, utilities, and more. However, organizations must first overcome numerous challenges, one of which is bridging the divide between IT and operational technology (OT). Having the right people involved and working together toward an IoT initiative is critical for achieving a seamless, secure and successful end-to-end design.

We often hear customers describe what it is they want out of an IoT deployment: a dashboard with buttons that allows them to see data or analytics of that data to understand what is happening in the operating environment. It’s obvious they have a clear vision of the outcome they want, but they don’t know how to get there. And they can’t — at least, not by themselves.  One of the biggest reasons why IoT projects fail is because line of business expectations aren’t managed correctly, or because IT and OT didn’t work together to validate if a solution is feasible with current technology and skill sets.

The IoT tech stack is complex and fragmented. Organizations have to pick the right sensors, select the machines to be connected, choose a connectivity method, and then build the networking, application, and business intelligence layers (often incorporating cloud and multiple applications) on top. To further complicate matters, companies are looking to connect many different (often legacy) machines that have never before been connected. Different protocols must be parsed and cleaned up so that technologies further up the stack can ingest and understand the data.

No single department is capable of navigating all the different technical options and making the best decisions for a seamless, secure IoT deployment. While OT may be able to choose sensors and machines to connect, and IT may be able to build the remainder of the tech stack, these decisions can’t be made in silos. The digitalization of machine data creates a technical convergence, and both sides must work together to make IoT work. IoT is a team sport.

When the right people come together to solve a business problem with IoT, it becomes much easier to build a successful solution. Four primary groups or individuals include:

The line of business:

Representatives from lines of business can articulate the business need. These people are experts in higher level business strategy, sales, marketing, how to go to market, etc. For the line of business, IoT is a means to an end to achieve a business objective. These people can envision the dashboard and contribute to process and organizational design. While they may or may not own the budget, the line of business defines and creates the demand for a business improvement.

IT department:

The IT department is responsible for the enterprise IT infrastructure. The department’s main concerns are security, scalability, and manageability. They work in a fast, dynamic environment. IT is always under pressure to get things done—and to do more with less. When it comes to an IoT deployment, the IT department is concerned with the tech stack from the network out to the edge.

OT department:

The OT department is generally responsible for the equipment on the shop floor. They are concerned about quality, uptime and maintenance of machinery that is typically two to three decades old. Often times, the machines produce data that doesn’t go anywhere. There’s a human/machine interface where operator receives data and makes decisions. The OT department plays a key role in connecting machinery on the shop floor for an IoT deployment.

Procurement:

Procurement is responsible for finding products and services at the best cost. Sometimes this means breaking up solutions and buying components piecemeal. It’s best to bring procurement on board sooner than later so that they understand that the broad spectrum of components in an IoT deployment come from one ecosystem of integration. If a solution is broken up into bits and pieces, none of the solution providers will feel motivated to deliver the best possible service.

Even with these parties at the decision-making table, there are likely to be gray areas. Organizations often have to experiment or partner with a provider for technology that they don’t have the skills to work with internally. Of course, it’s important to get the right skills at the right time for the right cost.

At Cisco, we work hard to pull together the key technologies and partners required to deliver seamless, secure solutions that span the manufacturing floor to the cloud. Our partner ecosystem consists of large systems integrators, service providers, OT partners, distributors, and a variety of others. We span and bring together both the IT and OT worlds to create harmony and cohesion across our customer’s organization, our Cisco partner ecosystem and through the solution itself via Cisco Validated designs to ensure a successful IoT initiative.

Continue reading

Opportunities For Lifelong Learning with CCDP 300-320 ARCH Certification Exam

Cisco Certified Design Professional (CCDP) 300-320 ARCH Certification

Cisco Designing Network Service Architectures (ARCH) exam 300-320 is an assessment exam associated with the Cisco Certified Design Professional certification. CCDP certification exam tests a candidate's knowledge of the latest development in network design and technologies, including L2 and L3 infrastructures for the enterprise, WAN technologies, data center integration, network security, and network services.

CCDP (ARCH) exam can verify a candidate's knowledge of the latest and rapid development in network design and technologies, including L2 and L3 infrastructures for the enterprise, WAN technologies, data center integration, network security, and network service. The 300-320 exam will give you the professional pieces of knowledge. If you are mastery of the expert knowledge, you will take up the networking jobs.

Most Popular Jobs For CCDP Certified:

• Network Engineer
• Sr. Network Engineer
• Network Administrator
• Network Architect
• Information Technology (IT) Manager
• Network Security Engineer
• Systems Engineer

It goes without question that the Cisco certifications are among the in-demand Certification across the world. The best thing about Cisco certifications is that they are available across all levels of expertise. Whether you are at the entry-level or an expert in your field, there is always something for everyone from this certification provider. If you ever thought of attaining the highly covetable CCDP certification, then you have an anthill task ahead of you.

To gain CCDP Certification, you need to pass three exams 300-101, 300-115, and 300-320. But should you worry if that's the case? Absolutely not because this guide highlights all the key aspects of the Cisco 300-320 ARCH exam, the third one you need to pass to attain your CCDP Certification of the professional level.

Cisco 300-320 (ARCH) Exam Description:

• Exam Name: Designing Cisco Network Service Architectures
• Exam Number: 300-320 ARCH
• Exam Price: USD 300
• Duration: 75 minutes
• Number of Questions: 60-70
• Passing Score: Variable (750-850 / 1000 Approx.)

The Cisco 300-320 exam Syllabus includes Several concepts, with each having a specific weight in the test. These topics cover advanced addressing and routing solutions for enterprise networks (22%), advanced enterprise campus networks (22%), WANs for enterprise networks (17%), enterprise data center integration (17%), security services (13%) and network services (11%).

Recommended Training:

Cisco recommends a few paths that you need to take to enhance your chances of success in the CCDP exam.

These include:

• Designing Cisco Network Service Architecture (ARCH)
• Designing Cisco Network Service Architectures (ARCH) E-Learning

Preparation Options:

You might have heard a lot about the Cisco 300-320 exam, but one thing remains, proper preparation is the key to success in this exam. Fortunately, multiple resources are readily available online to aid in your exam preparation. The Cisco official website in itself is the ultimate source for this.

Practice Makes You Perfect:

Everyone says practice makes perfect, and who knows, maybe that is all you may need before taking your 300-320 exam. If you are willing to tread this path, then you can practice your skills for this exam using the Cisco hands-on lab environments.

The first in this category is the Cisco Virtual Internet Routing Lab Personal Edition (VIRL PE). Then comes the Cisco Modelling Labs, which can be instrumental in your certification journey by equipping you with the vital hands-on skills related to this exam.

Some Basic Tips:

The highly volatile IT industry has made it necessary for hiring managers to employ individuals with relevant certifications in the related field. This means that your understanding of the area and experience are not enough to help you secure your dream job. Passing the 300-320 exam is not as hard as they have made you believe. Use these tips to pass the CCDP exam at your first attempt and propel your career to the top where the competition is quite favorable.

Pace yourself

This is important! Always keep track of how much time you have and try to use your time wisely. You can always go back to check or improve your answers later!

Surround Yourself with Brilliant People

Not only are you more likely to be perceived as educated and knowledgeable, but you are also more likely to become more creative due to the possibility that you will have more intellectual discussions and be more challenged.

Being around skilled individuals will help increase your intellectual stimulation, help further your knowledge base, and help improve your education.

Write Practice Essays

With practice, it becomes easier to` write under the time constraints imposed by the AP test. It is also necessary to get a good sense of your pacing. You don't want to go on so long on a particular subject that you can not finish. Get an understanding of your limitations so that you know when to wrap things up on your exam.

Familiarize yourself with how many records you are expected to discuss and stick to that number.

Get Yourself Certified

Enroll in an online teaching certification program. Although all tutoring agencies do not specify for teacher certifications, it is better to hold one to prove your competency in a subject. Many universities offer online teacher certification programs, specifically designed to guide teachers through the latest technological tools and online teaching practices.

The Benefits of Achieving CCDP Certification

• Around the world, several enterprises and businesses are extensively making use of Cisco products, such as Designing Cisco Network Service Architectures solutions. 
• Therefore, Cisco Certified professionals are in high demand today. If you possess sound knowledge and proven technical skills in Cisco and related fields, you should go for CCDP Certification to enhance your job profile and advance your career prospects to great heights. 
• There are three major job roles related to Cisco 300-320 certification.
• The role of a CCDP Administrator is crucial in any organization. 
• Some of the distinguishing features expected of a Designing Cisco Network Service Architectures include good communication, excellent technical knowledge, and proven expertise in the real world scenario in addition to a thorough understanding of 300-320 theory and a sound working knowledge with experience in the Cisco technologies.
• 300-320 exam is CCDP certification exclusively designed to endorse the foundation skills needed for both Designing Cisco Network Service Architectures administration and application development. 
• The principal objective of CCDP certification is to measure a professional's ability to do his job as a team member with either administrators or application developers. 
• Designing Cisco Network Service Architectures certification is considered as the first step towards getting the more advanced Cisco certification.

Continue reading

Wi-Fi 6E: The evolution of next generation wireless access

Wi-Fi 6 just arrived, bringing better speed and more capacity to wireless networks. And soon it’s going to get even better, thanks to the FCC opening up of all-new 6 GHz frequencies for Wi-Fi 6. The name of this extension to the standard: Wi-Fi 6E.

When the new 1.2 GHz of spectrum (500 MHz in the EU) starts getting built into devices later this year, it will unleash new potentials for networks, and help them meet the growing demand for high-performance connectivity.

The Need for More Unlicenced Spectrum

Moving from one Wi-Fi generation to the next – currently in the sixth generation – all wireless devices share the crowded 2.4 and 5 GHz bands. They are constantly competing for bandwidth. The limited spectrum and channels in those bands cause significant issues for users. There are very few non-overlapping 80 MHz or 160 MHz (in 5 GHz band) channels to prevent interference caused by devices on overlapping channels. In fact, it’s almost impractical to enable these wide band channels in dense environments such as venues with hundreds of access points. Besides, the 20 MHz and 40 MHz channels are not wide enough to support high data throughput for bandwidth-intensive applications.

These problems have been exacerbated by the proliferation of wirelessly connected IoT devices and data growth. For example, Wi-Fi and mobile devices will account for more than 75 percent of all Internet traffic by 2022.

We need more unlicensed spectrum to deliver on the Wi-Fi brand promise, and that’s what the new 6 GHz frequencies will deliver.

The Promise of Wi-Fi 6E

To keep unlicensed Wi-Fi devices running in the 6 GHz band from interfering with incumbent users of the band such as microwaves links, the FCC is proposing some technical restrictions. These rules divide the overall spectrum into 4 separate bands with their own boundaries. For example, a Wi-Fi device could only operate indoors at low power in order to ensure unlicensed services can coexist safely with existing incumbents. (Figure 1)

Figure 1 – 6 GHz Wi-Fi Channels

Wi-Fi 6E brings the following improvements and enables important use cases:

1. More spectrum

An additional 1.2 GHz spectrum, twice the size of the current Wi-Fi bandwidth, offers more non-overlapping channels i.e. 59 additional 20 MHz channels  And only Wi-Fi 6 devices are allowed in this new spectrum. No legacy (Wi-Fi 5 or earlier) devices will have access to it. Wi-Fi 6 not only gets the additional bandwidth of Wi-Fi 6E, it uses that bandwidth more efficiently, which makes this new spectrum great for solving capacity problems in large public venues, such as concert venues or sports stadiums. This not only enables better user experience but opens the gateway for quality live streaming connections.

2. Higher throughputs

As envisioned, Wi-Fi 6E makes available large contiguous blocks of spectrum. With 14 additional 80 MHz and 7 additional 160 MHz wide channels, it allows for high-throughput and concurrent data transmission. This enhances applications that require high bandwidth such as augmented and virtual reality (AR/VR) and real-time immersive gaming on Wi-Fi 6 devices. It will further the current Wi-Fi 6 capabilities for the next generation of learning where every student in a classroom or in a school can use a VR headset for their education at the same time.

3. Lower latency

The high frequency spectrum of Wi-Fi 6E opens up entirely new horizons for ultra-low latency and emerging data-intensive applications and services, such as telehealth. Wi-Fi 6E is able to provide reliable and consistent low-latency connectivity for critical applications that can’t afford data delays. This allows, for example, patients to connect virtually with doctors and get real-time diagnostics on their high-quality 3D CAT exam or MRI.

All in all, Wi-Fi 6E expands the horizon of user connectivity, opens opportunities for emerging use cases, and enables enterprises to push boundaries with innovations. Cisco is actively partnering with the regulatory agencies working on Wi-Fi expansion. We will keep you updated as regulators finalize the operational requirements. Watch for product announcements from Cisco that will seize upon this new spectrum.

Continue reading