Setting a simple standard: Using MQTT at the edge

I shared examples of how organizations can benefit from edge computing – from enabling autonomous vehicles in transportation and preventive maintenance in manufacturing to streamlining compliance for utilities. I also recently shared examples on where the edge really is in edge computing. For operational leaders, edge compute use cases offer compelling business advantages. For IT leaders, such use cases require reliable protocols for enabling processing and transfer of data between applications and a host of IoT sensors and other devices. In this post, I’d like to explore MQ Telemetry Transport (MQTT) and why it has emerged as the best protocol for IoT communications in edge computing.

What is MQTT?

MQTT is the dominant standard used in IoT communications. It allows assets/sensors to publish data, for example, a weather sensor can publish the current temperature, wind metrics, etc. MQTT also defines how consumers can receive that data. For example, an application can listen to the published weather information and take local actions, like starting a watering system.

Why is MQTT ideal for edge computing?

There are three primary reasons for using this lightweight, open-source protocol at the edge. Because of its simplicity, MQTT doesn’t require much processing or battery power from devices. With the ability to use very small message headers, MQTT doesn’t demand much bandwidth, either. MQTT also makes it possible to define different quality of service levels for messages – enabling control over how many times messages are sent and what kind of handshakes are required to complete them.

How does MQTT work?

The core of the MQTT protocol are clients and servers that send many-to-many communications between multiple clients using the following:

◉ Topics provide a way of categorizing the types of message that may be sent. As one example, if a sensor measures temperature, the topic might be defined as “TEMP” and the sensor sends messages labeled “TEMP.”

◉ Publishers include the sensors that are configured to send out messages containing data. In the “TEMP” example, the sensor would be considered the publisher.

◉ In addition to transmitting data, IoT devices can be configured as subscribers that receive data related to pre-defined topics. Devices can subscribe to multiple topics.

◉ The broker is the server at the center of it all, transmitting published messages to servers or clients that have subscribed to specific topics.

Why choose MQTT over other protocols?

HTTP, Advanced Message Queuing Protocol (AMQP) and Constrained Application Protocol (CoAP) are other potential options at the edge. Although I could write extensively on each, for the purposes of this blog, I would like to share some comparative highlights.

A decade ago, HTTP would have seemed the obvious choice. However, it is not well suited to IoT use cases, which are driven by trigger events or statuses. HTTP would need to poll a device continuously to check for those triggers – an approach that is inefficient and requires extra processing and battery power. With MQTT, the subscribed device merely “listens” for the message without the need for continuous polling.

The choice between AMQP and MQTT boils down to the requirements in a specific environment or implementation. AMQP offers greater scalability and flexibility but is more verbose; while MQTT provides simplicity, AMQP requires multiple steps to publish a message to a node. There are some cases where it will make sense to use AMQP at the edge. Even then, however, MQTT will likely be needed for areas demanding a lightweight, low-footprint option.

Finally, like MQTT, CoAP offers a low footprint. But unlike the many-to-many communication of MQTT, CoAP is a one-to-one protocol. What’s more, it’s best suited to a state transfer model – not the event-based model commonly required for IoT edge compute.

These are among the reasons Cisco has adopted MQTT as the standard protocol for one of our imminent product launches. Stay tuned for more information about the product – and the ways it enables effective computing at the IoT edge.

Continue reading

Okta Now Offering Free Single-Sign On and Provisioning for Cisco Webex

Okta Cloud Connect Integrates Webex with Active Directory/LDAP for Fast and Free Single Sign-On and Provisioning

Okta is a single platform for identity management – Cisco Webex is a single platform for all of your collaboration needs. And now we’re even better together.

Okta’s mission is to enable any organization to use any technology. Okta enables companies to easily provision applications, and then allow employees, customers, and partners to access applications and infrastructure in a secure and seamless way, other tools more smoothly and securely than ever before.

Okta is one of the most complete identity and access management platforms for workforces and customers, securing all critical resources from cloud to ground.

Born in the cloud, Okta provides an identity management cloud platform that enables customers to secure their users and connect them to the technologies and applications used by their IT department.

Okta and Cisco have worked together to make sure that we could deliver the most complete IDaaS solution for all Cisco Collaboration applications.

There were a couple of challenges to address:

Provisioning

Okta needed to provision users across a different cloud to Cisco Webex. Okta needed to push information in a secure way about users to the Cisco Webex platform and to achieve that, we used SCIM protocol.

It is an open standard for automating the exchange of user identity information between identity domains, or IT systems. It allows for provisioning and de-provisioning operations between different systems. In addition, it allows to systems to share information about user attributes, group membership, and attributes schema.

For customers that still use Webex Meetings with Identity Management user Site Admin, Okta uses the XML APIs from Webex meetings to be able to deliver provision functions for the solution.

Okta also supports just-in-time provisioning of SAML JIT, but the usage of it only allows for provisioning, which is insufficient for most of our customer needs.

Okta provisions users in Cisco on-premise products. Two possible solutions could be used:

◉ Both Okta and Cisco on-premise collaboration solutions get information about users from the same source such as an LDAP service like Active Directory

◉ For those customers that no longer have an on-premise LDAP service, Okta can provide LDAPS service for Cisco on-premise Collaboration solution

Authentication and Authorization

Okta supports many types of authentication mechanisms like Secure Web Authentication, SAML 2.0 or OpenID Connect. Typically, most customers have their applications supporting SAML 2.0 protocol, to deliver single sign-on and implementing a central authentication policy.

Cisco’s on-premise application requires support for multiple servers to act as a single SAML entity, and for that to work we require a SAML feature called Multiple Assertion Consumer Service URL’s. This allows for multiple nodes in a cluster to provide information to the IdP to which node to send the SAML assertion. Okta was the first IDaaS vendor to implement that feature, allowing the on-premise collaboration tools to work with it.

Better Together For our customers

Cisco and Okta provide unique value for our customers, allowing them to increase the security of their overall collaboration solution, but at the same time having a platform that would increase the overall security for all the IT applications in their portfolio.

Okta went one step further and offers the full feature IDaaS product only for Webex applications – allowing our join customers that don’t yet an Identity strategy to deploy the best in the market IDaaS solution and in the future extending the identity solution to all their other applications.

Get Okta Single-Sign On for Webex for Free

You can get Okta single-sign-on for Webex for free.

Continue reading

How to Defend Against Command-and-Control attacks: Don’t let your network turn into a Zombie

Your network is increasingly targeted by cybercriminals. One of the most clever and damaging way they strike is through command and control attacks – a technique often executed over DNS. A command-and-control (also referred to as C&C or C2) server is an endpoint compromised and controlled by an attacker. Devices on your network can be commandeered by a cybercriminal to become a command center or a bonet (a term coined by a combination of the words “robot” and “network”) with the intention of obtaining full network control. Establishing C&C communications via a Trojan horse is an important step for them to move laterally inside your network, infecting machines with the intent to exfiltrate data.

Going After the Command-and-Control Servers

What does your new investigation workflow look like? Today we take a closer look at how a C&C server attack can gain a foothold into your network, and how Cisco can identify, detect and block this type of threat using an integrated approach to security.

Imagine a security analyst whose enterprise has invested in network traffic analysis. Let’s call him Sam. He works for large financial services organization with over 10,000 employees and more than 80,000 user accounts. It’s 6:00 PM on a Friday evening and Sam is getting ready to catch the latest Zombie apocalypse movie with his buddies. A notification pops up on his Cisco Umbrella console telling him that Umbrella has blocked malware from communicating with a C&C channel.

Sam investigates this threat using the Cisco Security

Sam is tired. He spends copious amounts of time running down rabbit holes every time his SIEM registers an alert as suspicious. He is ready for a faster, more effective way to block threats and protect his environment. He is excited to see if Cisco Umbrella, a secure internet gateway, will make his life easier. Cisco Umbrella offers both real-time threat Intelligence, as well as the capabilities to mitigate attacks across an organization in a split second. It acts as the first line of defense against internet-borne threats like C&C communications attempting to exfiltrate data. Sam knows a DNS block on the Umbrella can simply be a symptom of persistent malware on your endpoints. He investigates further.

Sam identifies the malicious domain that is the epicenter of a C&C activity using Umbrella. Umbrella automatically proxies, decrypts, and inspects all subsequent requests with AMP for Endpoint to make a determination about the threat. Sam can also choose to block newly seen domains outright on the console. Now, while Sam knows that not all newly seen domains are bad, he knows this could be part of an emerging malware campaign or associated with another threat. In this case, Sam sees that Umbrella is working and has successfully blocked the threat.

Figure1: Identify the C&C Domain in Umbrella

But Sam is curious. He wants to know more. Sam decides to analyze the malicious code and try to identify samples in Threat Grid, Cisco’s dynamic file analysis solution that referenced this domain. Umbrella Investigate shows him samples in Threat Grid that referenced this domain. He drills down deeper.

Figure 2: Sightings in Threat Grid that referenced this domain

Using the Threat Grid console, Sam quickly realizes the file is malicious. He sees two internal targets that can be potentially compromised with this attack. If successful, this infected server could connect to another server, ready to receive commands and do the botnet owner’s bidding by compromising systems and exfiltrating your data.

Figure 3: The Aha! moment: The Malicious Verdict

Sam is close to the Aha moment! He drills down to understand the behavioral indicators in Threat Grid. He gets every scrap of detail about this threat artifact. And sure enough, there’s our C&C connection. Victory!

Figure 4: Discovery: There’s our C&C connection.

But Sam wants more. Threat Grid also shows him the internal target that might need further analysis. It analyzes the files and suspicious behavior across his environment to deliver context-rich malware analytics and threat intelligence. Now that he is armed with insights into what the file is doing, he is ready to explore how this threat has impacted the network. Sam kick starts a threat investigation for observed internal targets in Cisco Threat Response using the Browser Plugin. The Plugin enables Sam to research any observable (e.g. Domain, IP-address, File-Hash, URL, etc.), on any HTML-based webpage, in Chrome. Interested in what Sam is doing? 

Sam now knows which systems inside our network have seen the malicious file. This information is provided by AMP for Endpoint, our cloud-delivered endpoint protection, detection and response solution, that helps you simplify this investigations with a broader context from endpoint, web, email, and network data.

Figure 5: The Pivot to Threat Response

Figure 6: Getting the Full Picture – the Relations Graph in Threat Response

Upon investigation, Sam confirms that the malware is already correctly identified and blocked. With Cisco Threat Response, Sam can now achieve faster detections, simpler investigations, and immediate responses.

Figure 7: Malware Identified and Blocked

For all the Sam’s of the world, this analysis can be at your fingertips too. With Threat Grid, you can easily construct a query using the Orbital Advanced Search feature, a new advanced capability in Cisco AMP for Endpoints based on the behavior observed when the sample executed. This feature accelerates your hunt for threats and enables you to shrink the lifecycle of an incident– mitigating any or further damaging cost of the breach to your business.

Figure 8: Orbital Advanced Search Query in Threat Grid

This Orbital query enables you to gain deeper visibility so you may discern whether this is an isolated incident in your network, or there are other devices that may have seen this in your network. Additionally, Threat Grid can shine a light on other techniques like code injection that attackers might be using based on key behavioral indicators of malware. Security teams can save time by quickly prioritizing attacks with the biggest potential impact. In our investigation, we have discovered important details about this attack, as well as the malicious, forged documents that the attackers are using.

Figure 9: Orbital Query, Figure 10: Potential Code Injection Detected

Cisco Advanced Malware Protection (AMP) for Endpoints Prevents Fileless Attacks

AMP for Endpoints’ Exploit Prevention engine prevents all variants of fileless malware without needing any prior knowledge of the attacks. There are thousands of threats attempting to embed malicious code that can take over your workflows. Sam makes sure that the Exploit Prevention engine is enabled in AMP to catch any such activity.

Sounds too good to be true. No way?

Figure 11: File is quarantined

AMP’s Exploit Prevention Engine remaps the runtime environment and its components (such as libraries and DLL entry and exit points) and places a decoy or a facade of these resources in their original locations. It then only let’s legitimate applications know their newly randomized address spaces. The end result is that legitimate processes continue to run seamlessly without experiencing any performance penalty, but anything else that attempts to execute in-memory can’t find its target, and therefore, cannot execute. Exploit Prevention’s remapping of the runtime environment effectively protects you against all variants of in-memory attacks, whether they are pre-existing or undiscovered zero-days deterministically. With that done, Sam is on his way to the movies.

Cisco’s Security Platform

Can you imagine flying an Airbus A380 without an air traffic controller? Cisco’s vision for a security platform is built from a simple idea that security solutions should act as a team, learning from each other, listening and responding as a coordinated unit. Our platform, Cisco SecureX,connects the breadth of Cisco’s integrated security portfolio and your entire security infrastructure for a consistent experience that unifies visibility, enables automation, and strengthens your security across your network, endpoints, cloud, and applications.

Try AMP for Endpoint

You could test out AMP for Endpoints and decide whether it’s right for you in under an hour. Don’t let C&C servers sit dormant in your environment and turn your computers become someone else’s malicious botnet!

Continue reading

Is Your Company Still Experiencing Digital Transformation Challenges?

Digital transformation is essential for all businesses, from the smallest to the largest of enterprises. These businesses are striving to become more agile, innovate quickly, and respond to change faster – and they’re turning to modern applications to fuel that change. One of the first steps businesses need to take when commencing on a digital journey is to answer two critical questions: “What business outcomes do you want to achieve?” and “How will you overcome new demands digital transformation places on your IT teams?

There is a saying, “If you are not moving forward, you are falling behind.” This statement could not be any truer than it is in today’s complex and application centric environments.

The History of Digital Transformation

If we look back at Netflix’s journey to reshape markets through digital transformation, it’s easy to see how embracing digital transformation helped the company move forward. As most of us know, Netflix led the way for digital content when it started in 1997 by offering DVD rentals and sales via its website. Customers quickly saw the value in its data insights, called the “Personalized Recommendation System,” which used member ratings to accurately predict a user’s next movie choice. A decade later, in 2007, the company began offering streaming content for personal computers. Another decade passed and in 2017 Netflix won its first academy award for best documentary.

In its first 20 years, Netflix transformed its business model from mailing digital content to streaming digital content, and finally, creating digital content. Why did Netflix succeed when so many others didn’t? Because of its rapid adoption of digital transformation tools and apps. There were many companies that entered the space with Netflix, but those that didn’t embrace digital transformation not only couldn’t keep up, most are no longer in business.

In today’s application centric world, innovations need to happen in days or weeks, not decades. Is your company ensuring its application tools, operations, networking, and security features are working together to transform your business?

Application Challenges Landscape

All industries are making the shift to become more application centric, putting them into a place where they compete on application experience. But to compete effectively, they need to iterate quickly, learn with real-time telemetry, and get that feedback incorporated back into the business application. Changing the way companies monitor and maintain application availability, performance, and security means it’s imperative that they shift their operational model from siloed to collaborative teams. These collaborative teams then need to understand what’s going on from the business perspective to the user experience to the applications performance, the infrastructure, the network, and the security domain.

Enhance your day-to-day tools with a digital upgrade

Customers use many tools to monitor and alert when issues surface. Application Performance Monitoring (APM) and network performance monitoring tools give detailed insights within their silos. While those individual parts are important, what really matters is how those tools work together, as well as how they impact application performance and the end user experience.

Cisco is uniquely positioned with its broad product portfolio to provide the tools, insights, automations, and integrations that give users visibility across the entire stack, otherwise known as “full stack visibility.” This delivers insights into application-to-application dependencies, application-to-infrastructure dependencies, infrastructure performance and availability, infrastructure resources utilization (compute, storage, and memory), end-to-end visibility, and business outcomes. To improve performance and availabilty, protect the workload wherever it’s located, reach a faster MTTR, and maintain exceptional customer experience requires giving day-to-day tools a digital upgrade.

In order to ensure your company has the best digital journey possible, the following products offer additional insights and automation: 

Data Insight Tools

◉ AppDynamics (AppD). An application performance management (APM) tool that manages performance and availability of applications across cloud and DC. Appd baselines, monitors, and reports on the performance of all transactions that flow through your app.

◉ Cisco Workload Optimization Manager(CWOM). Software that continuously analyzes workload consumption, costs, and compliance constraints, while automatically allocating resources in real-time. It assures workload performance by giving workloads the resources they need, when they need them.

◉ Tetration. Hybrid-Cloud workload protection platform to secure workloads. Using machine learning, behavior analysis, and algorithmic approaches to offer holistic workload-protection strategy. This approach allows the implementation of true micro-segmentation, proactive identification of security incidents, and reduction of attack surface by identifying software vulnerabilities.

Automation Tools

◉ ACI anywhere. Technology that supports integrating virtual and physical workloads in a programmable, multi-hypervisor fabric to build a multiservice or cloud data center. The ACI fabric consists of discrete components that operate as routers and switches, but it is provisioned and monitored as a single entity.

◉ Intersight. A unified management platform that delivers intuitive management across data centers and remote locations from a single management platform. This platform offers an intelligent level of management that enables IT organizations to analyze, simplify, and automate their environments in ways that were not possible with prior generations of tools.

◉ Networks Assurance Engine (NAE). A comprehensive, intent-assurance solution that mathematically verifies the entire data center network for correctness, providing users with the confidence that the network is operating as intended.

◉ CloudCenter (CC). Multi-cloud management software that helps enterprises work with disparate environments. CC delivers workflow automation, ALM, cost optimization, and governance across multiple clouds.

It’s much easier to identify the root cause of an issue quickly and accurately with a tight integration of the above-mentioned products, third party applications, such as ServiceNow, InforBlox, Moogosoft, and more, along with end-to-end dependencies and the specific details of each layer. By doing this, your IT teams will work collaboratively and not in solitude.

A subset of the integrations and how the products collaborate to bring exceptional application experience

The diagram above shows how Cisco ACI, with AppD integration, identifies problems faster by correlating applications and network data. Cisco then provides the dynamic correlation between application and network constructs, and notes the problems with application services on a network fabric that can then be investigated by the application and networking teams, each with their own separate tools.

NAE will inform CWOM of any network anomalies so those issues are part of the recomendation process CWOM uses in its decision engine. NAE effectively makes CWOM “Network Aware,”  and CloudCenter will model an application and apply an AppD agent as part of that profile.  Deploying the AppD enabled profile using CC will allow the AppD controller to trigger action for CC based on metrics from AppD. Tetration and CWOM team up by using Tetration’s analytics.  CWOM can take Tetration’s application dependency mapping between endpoints by localizing chatty workloads that were across clusters, datacenters, and cloud to reduce latency.

Application Needs Rule the Day

It’s no longer adequate – or sustainable – to take a legacy approach to ensuring application experience, availability, and security are working properly in today’s technology environment. These modern day applications demand superior experience be delivered, whether they are executed on-prem, hybrid, or in cloud datacenters. Using a combination of tools from Cisco enables the scale, performance, visibility, and operational excellence needed for efficient deployment of all next-generation applications, helping companies overcome their greatest digital transformation challenges.

Continue reading

How 5G is transforming the Wireless WAN

Remember when, not long ago, cellular wireless technology was primarily used for backup connectivity? With the introduction of 4G and SD-WAN, enterprises were able to augment their primary WAN connection with wireless using an active/active configuration. Faster 4G speeds meant that wireless could be considered as primary connectivity alongside Internet and MPLS modes of transport. In addition, 4G could also help bring up locations in remote places where MPLS or alternative connectivity was nonexistent.

Over the last ten years, we’ve seen the evolution of 4G. First LTE, then LTE Advanced, and LTE Advanced Pro. And now brings the promise of 5G. There is an element of hype and ambiguity about what is true 5G and what is needed to support the evolution. Also, there is different branding like 5G TF and now 5G E, 5G Ultra Wideband, etc. and various radio wave spectrums like low-band, mid-band, and millimeter to learn about. Who wouldn’t be confused?

The higher throughput and lower latency of 5G brings a lot of promise for increased workforce productivity and a better user experience. Enterprises will now be able to support more users, in more locations using cellular to offer wireless connectivity with wider reach.  The ability to support new applications and connect more devices will make it easier to migrate to a wireless WAN with guaranteed QoE. This progression often brings confusion and a common misconception that there will need to be drastic infrastructure change in order to support the new wireless technology. Cisco is working to make the transition to 5G easy by building technology and hardware that allows for a seamless upgrade.

Cisco SD-WAN and 5G

Another common misconception is that with 5G enterprises won’t have a need for SD-WAN. In reality, as more and more businesses rely on wireless technology to support their WANs, SD-WAN has become essential in encouraging this type of modern WAN. Cisco SD-WAN allows you to optimize the user experience by using all available paths, like wireless or internet, giving users the fastest access to cloud applications without compromising security. SD-WAN also makes it easier to enforce policy across all available paths and locations like the branch, campus, and cloud. The result is a superior application experience and secure connectivity for employees and guests.

Leading the way in wireless WAN innovation

Cisco’s gigabit class, wireless WAN solutions offer next generation LTE Advanced PRO (CAT18) with new bands capability and the ability to easily utilize 4G as both primary or backup connectivity. In addition to the industry’s first SD-WAN LTE pluggable module, Cisco’s cellular gateway innovations provide secure connectivity, additional WAN coverage, and increased deployment flexibility. With Cisco SD-WAN, both enterprises and managed service providers can enable simplified cellular deployment and management.

The new provides next generation LTE Advanced PRO bandwidth for a wireless WAN on ISR 1120’s and 1160’s (part of the ISR 1000 Series). Features include 1.2 Gbps download speeds, dual micro SIM, backward compatibility for CAT 4/CAT 6/etc. and diversity antennas for additional reception or remote antennas. The best part? The ISR 1120’s and 1160’s make it easy to upgrade cellular technology with just a module replacement versus an entire router.

Also new to Cisco’s wireless WAN lineup is the CAT4 LTE USB dongle supported on select ISR 1000 platforms, featuring single micro-SIM and max throughput of 75/50 mbps. This gives an additional option to provide cellular failover to existing small branch networks.

Keep a lookout for additional Cisco wireless WAN innovations coming soon that will support additional platforms and use cases to fit your or your customer’s needs. The current and upcoming technologies all share the common benefit of an easy upgrade path to 5G, allowing you to use your existing software and hardware platform. We know that cellular technology continues to evolve, so we are providing easier and cheaper options to upgrade versus requiring all new equipment. You’ll know you have investment protection and flexibility to choose whatever category of wireless connectivity your business needs without the need for a full infrastructure change.

Seamless transition to 5G

Our goal is to help make the transition to 5G as seamless as possible with innovative technology and trusted hardware. That is why Cisco is proud to partner with the world’s leading service providers to ensure our customers benefit from an optimal user experience whether it be using Wi-Fi 6 or cellular. We look forward to all the benefits 5G promises and to supporting wireless WANs across the globe.

Continue reading

How Cisco manages corporate social responsibility

Cisco pioneered the technology that connects everything. We believe that connections have the potential to create opportunity for everyone and to solve some of the world’s most pressing challenges. Leveraging our expertise, technology, and a strong network of partners, we’re focused on building bridges to a more inclusive future.

Corporate social responsibility (CSR) is core to our purpose, our culture, and how we invest. We focus on People, Society, and Planet—issues that align with our business strategy and where we can have the greatest potential for impact. Our success is built on a Conscious Culture, where trustworthiness and ethical conduct are expected and supported among our employees, suppliers, and business partners.

How we manage CSR

Corporate Affairs, as part of the Human Resources organization, champions Cisco’s strategic approach to CSR, including social investment programs and environmental sustainability. The organization also stewards our commitments to CSR performance and transparency. The Corporate Affairs team is responsible for:

◉ Defining and managing our social investment strategy and programs

◉ Driving CSR governance processes

◉ Collaborating with a broad range of stakeholders

◉ Conducting socio-economic research and developing data driven insights

◉ Assessing and monitoring CSR priority issues

◉ Producing our annual CSR Report

◉ Coordinating and ensuring cross-functional ESG alignment

Business functions own CSR priorities. Teams integrate priorities into their business strategy by setting goals, implementing plans, and measuring performance. Some priorities touch multiple functions. In these cases, we establish cross-functional teams to align CSR business process and implement against our commitments. In some cases, CSR goals and objectives may be linked to performance factors and compensation for CSR owners. For example, Supplier Code of Conduct performance may be considered when assessing the performance of key supply chain leaders.

We believe that risk is inherent in innovation and the pursuit of long-term growth opportunities. Cisco’s management is responsible for day-to-day risk management activities. The Board of Directors, acting directly and through its committees, is responsible for the oversight of risk management.

Cisco’s management has implemented an enterprise risk management (ERM) program, managed by Cisco’s internal audit function, that is designed to work across the business to identify, assess, govern, and manage risks and Cisco’s response to those risks. Cisco’s internal audit function performs an annual risk assessment that is utilized by the ERM program.

The Audit Committee, which oversees our financial and risk management policies, including data protection (comprising both privacy and security), receives regular reports on ERM from the chair of the ERM operating committee, as well as regular reports on cybersecurity from Cisco’s Chief Security and Trust Officer. Other Board committees oversee certain categories of risk associated with their respective areas of responsibility.

The Nomination and Governance Committee of the Board reviews Cisco’s policies and programs concerning corporate social responsibility, including environmental, social, and governance matters. CSR and environmental sustainability are represented through Tae Yoo, Senior Vice President of Corporate Affairs, and Francine Katsoudas, Executive Vice President and Chief People Officer.

Engaging with stakeholders

Building bridges of understanding with key stakeholders helps us maximize impact and informs our materiality process. Through regular dialogue, we can better align our business to social and environmental needs.

We partner with a wide range of global and local organizations to shape and extend the reach of our CSR programs, including governments, nonprofits, multilateral organizations, and peers. We have been a strategic partner of the World Economic Forum (WEF) since 2002. Our engagement with the WEF provides us with world leader insights, influences our CSR strategy, and enables us to learn from others and share best practices. Other partnerships and memberships include: Business for Social Responsibility (BSR); the Conference Board’s Sustainability Council II on Innovation and Growth; the CEF (formerly the Corporate Eco Forum); and the Responsible Business Alliance (formerly the EICC or Electronic Industry Citizenship Coalition).

In addition to the formal materiality assessment, Cisco’s environment team independently gathers feedback on emerging issues, the quality of our reporting, and our sustainability performance from sources including stakeholder inquiries and key rankings and ratings. “Stakeholder inquiries” is the umbrella term we use for questions we receive from a variety of sources, including:

◉ Customers and partners. The visibility of environmental sustainability continues to increase in customer and partner requests for proposal (RFP), supplier qualification, and contract processes.

◉ Employees

◉ Financial and industry analysts

◉ Shareholders and investors

◉ Sustainability data aggregators, which includes companies like Ecovadis that collect sustainability information for our customers and partners. It also includes a range of organizations that collect and package sustainability information for resale or for their own analysis.

◉ Environmental advocacy groups

◉ Academia, including researchers and students

◉ Media

Environment-related topics form the vast majority of stakeholder inquiries that Cisco receives. These inquiries provide continuous, real-time insight into the environmental issues of interest to different categories of stakeholders. In FY19, we continued to see increasing customer and investor interest in environmental sustainability, as reflected in customer requests for proposals, customer and environmental advocacy surveys, and other inquiries.

Continue reading

How to Speed Up Root Cause Analysis with Rookout

It’s been truly amazing to watch the software development industry grow and evolve over the past 20 years. We’ve gone from building tightly coupled now considered monolithic applications in the standard client-server approach to complex, highly-distributed microservice-based systems which can autoscale up or down on demand. Cloud computing has commoditized compute infrastructure, making it possible for anyone to build applications that can easily scale as demand grows, as well as compete with applications developed by the best companies in the business. It’s definitely an exciting time to be a software developer as the ecosystem continues to grow and the possibilities for the future are endless.

With all of this ever-changing complexity, being able to properly observe and understand what’s happening within your applications as they’re running in their native environments is more important than ever. Due to the complex and highly distributed nature of applications today, there are many places where things can and do go wrong. Many organizations are creating focused teams within the realm of observability in order to put in place best of breed tools, processes, and cultural changes in order to build highly observable software systems.

Observing Running Code

When we stop and take a look at the process of how developers observe what’s happening within the code they’ve written while their applications are running, it really hasn’t changed much over the past 20 years. Sure, there are all sorts of application performance monitoring, tracing, and event management tools, but the way that developers typically inspect the internal state of their running code still relies on writing log lines.

Wouldn’t it be nice if you could easily inspect the state of your running applications including objects, variable values, or any other component within your code while it’s running without having to write more log lines and redeploy your application? That’s exactly one of the challenges Rookout looks to solve. Rookout is a debugging and data-collection solution that allows developers to quickly debug and get data from running applications in any environment (including production) without stopping the application and without impacting its performance.

Why Does it Have to Be That Way?

The founders of Rookout asked themselves a simple question, “Why does it have to be so difficult to debug running applications and to get the data needed to properly get to the bottom of issues?” In many large enterprises, the process for introducing new code changes, even simply adding log lines, can be a lengthy process. A typical enterprise process for development teams may look something like this:

Imagine you find a defect in your codebase and find yourself needing to add more log lines in order to understand what’s happening while your application is running in staging or production environments. Typically you would write more logs, test your code, submit a PR, execute CI/CD processes, and wait for your code to be deployed.

With Rookout running as part of your codebase, you gain the ability to bypass the slowness of the above scenario by directly setting “Non-Breaking Breakpoints” (Rookout doesn’t stop your application) at any place within your code and collecting real-time snapshots of data from within your application regardless of where it’s running. No need to change your code or redeploy your application. Rookout runs as an SDK (or agent in the case of Java) alongside your application and currently supports any JVM based language, Python, Node.js, and .NET. Details for getting started with various languages can be found in the Rookout documentation.

Rookout runs as a SaaS-based application with deployment options available for keeping data on-prem based on your needs. Data collected from Rookout can also be sent to any external logging or monitoring system, or any system that has an API exposed. Here is a sample architecture diagram showing how Rookout works and communicates with various components in your environment.

Rookout aims to help development teams increase the velocity at which they can develop applications by making the debugging process simpler and more efficient. Many organizations now monitor and track the meantime to resolution of defects. With Rookout giving access to data directly within your running application on demand, organizations are able to more quickly understand the root cause of issues.

In addition, it’s a handy tool for developers just starting to get familiar with a new codebase. By collecting snapshot data from Non-Breaking Breakpoints, Rookout will show variable values from your application directly within code. This makes the process of understanding a good code base much more simple for new or veteran developers alike.

Continue reading