Saturday, 21 March 2020

Cisco Introduces Segment Routing v6 on Nexus 9000 GX Series Platforms

Cisco Tutorial and Materials, Cisco Learning, Cisco Guides, Cisco Prep, Cisco Exam Prep

When discussing the Internet of the future recently, Cisco CEO Chuck Robbins said, “We really want our customers to consume the technology in any way they want.” With that in mind, I am pleased to announce the first Cisco Nexus platform that supports Segment Routing v6 (SRv6) running NX-OS which gives customers’ business the next-generation programmable data center network capabilities. Our Cisco Nexus platforms already support Segment Routing (SR-MPLS); now the Nexus GX platform supports SRv6 as well.

Segment Routing Introduction


Segment Routing (SR) is a flexible, scalable way of doing source routing. In Segment Routing, the source chooses a path and encodes it in the packet header, as an ordered list of segments. The network does not need to maintain state per-application and flow. Instead, it obeys the forwarding instructions provided in the packet. The first version of SR used the MPLS data plane.

SRv6 – Building Next-Gen Programmable Network Infrastructure


SRv6 further simplifies the network by eliminating MPLS altogether. It relies on the native IPv6 header and header extension to provide the same services and flexibility as SR-MPLS, directly over the IPv6 data plane.

SRv6 adds network programming capabilities by taking advantage of IPv6 Extension Headers. We can now insert Segment Routing headers into IPv6 packets. Thanks to the increase in Segment ID size, it is now possible to pack more than IP addresses into a Segment ID and hence go beyond routing purposes.

The IPv6 flavor of Segment Routing allows user-defined functions to be associated with segments. By leveraging the segments encoded in the dedicated segment routing extension header (SRH), the IPv6 packet carrying the network instructions explicitly tells the network the path it should traverse and the functions to be executed at each SRv6 node. These functions may implement any computable behavior, enabling simplified network programming.

Beside the main advantage of SRv6 providing the most advanced SRv6 Traffic Engineering (TE) capabilities, the network can be turned into a multi-service infrastructure. New Flexible Algorithm (Flex-Algo) capabilities make multiple optimizations of the same physical network infrastructure along various dimensions possible.

The SRv6 architecture (Segment Routing based on IPv6 data plane) is a promising solution to support services like Traffic Engineering, Service Function Chaining, and Virtual Private Networks in IPv6 backbones and data centers. The SRv6 architecture has interesting scalability properties as it reduces the amount of state information that needs to be configured in the nodes to support the network services.

Fundamentally, SRv6 provides a way to simplify the network by eliminating MPLS – using the native IPv6 header and header extension to provide the same services and flexibility as SR-MPLS, over the IPv6 data plane.

Cisco Nexus GX Platform Supports SRv6 Functionality


Cisco Nexus 9000 platforms support Segment Routing v6 (SRv6), which brings many advantages to our customers. The GX platform provide customers with:

◉ 4 TBPS Packet Processing in a single 1RU/2RU switch with port speeds up to 400G
◉ Insert up to 9 SIDs (Segment IDs)
◉ Encapsulate IP/L2 payloads with SRv6 and add up to 5 SIDs in Segment Routing Header (SRH)
◉ Line Rate SRv6 forwarding
◉ Operational management tools for troubleshooting and monitoring
◉ Nexus 9000 Series platform models
     ◉ N9K-C9316D-GX: 16 x 400/100/40-Gbps QSFP-DD ports
     ◉ N9K-C93600CD-GX: 28 x 100/40-Gbps QSFP28 ports and 8 x 400/100-Gbps QSFP-DD ports
     ◉ N9K-C9364C-GX: 64 x 100/40-Gbps QSFP28 ports

Business Drivers for going with SRv6


Build Scalable Networks

The SRv6 architecture allows to build scalable networks by reducing the amount of state information that needs to be configured in the nodes to support the network services.

Traffic Engineer (TE) customers traffic across any size of networks

SRv6 Traffic Engineering leverages IPv6 underlay and forwarding by adding Segment Routing Header (SRH) to SRv6, this facilitates Traffic Engineering and path protection capabilities. Accordingly, Traffic engineering enables use cases such as Disjoint Paths for selected traffic, Color Affinity traffic forwarding based on link colors, low latency path selections for certain traffic, high bandwidth path selections, and many more to come.

Build Data Center Interconnection (DCI) with Core/WAN running SRv6

Data Centers mostly based on VXLAN technology can hand-off the traffic to the service provider or core/WAN running SRv6.

Reduce Network Operational Complexity and OPEX

SRv6 eliminates the need for LSP management. As networks become more complex; this helps to simplifies network operational management. This is one of the key differentiators comparing SRv6 to SR-MPLS and MPLS LDP technologies.

Enable Network Programmability

In SRv6, a segment routing identifier (SID) is an IPv6 address. It can be conceptually separated to two parts: locator and function. The locator is the route to the node performing the function. The function can be any possible function bound to SRv6 SID. Customers have the complete flexibility to program the SID in SRH to enable simplified network programming.

Introduce Operation, Administration and Maintenance (OAM)

Enables customers with operational management tools for troubleshooting and monitoring.

SRv6 Use-Cases on the Nexus 9000 Series Platforms


Cisco Nexus GX platforms with SRv6 enables realize the following key use cases.

The first and immediate use case is interconnection of data center networks with core networks. VXLAN has been widely deployed in the data center and the core networks are transitioning to SRv6 from MPLS. Nexus GX platform is a perfect choice for performing a seamless VXLAN to SRv6 hand-off function interconnecting VXLAN data centers with SRv6 core networks. This is the most-tailored and scalable design for GSPs (Global Service Providers) and large enterprises with SRv6 Core. Benefits offered are simple, scalable architecture and seamless inter-connectivity between globally spread data centers and the SRv6-based core/WAN.

The second use case that SRv6 brings to service providers is L3 VPN (Layer 3 Virtual Private Network) over SRv6. L3VPN over SRv6 enables multi tenancy for next generation IPv6 networks, 5G networks of global service provides, large and small data centers that support 5G, and beyond.

Another important SRv6 use case is network service chaining, also known as service function chaining (SFC). It is a capability that uses software-defined networking (SDN) capabilities to create a service chain of connected network services (such as L4-7). This network service chaining enables customers to have, for example, security (firewall) services embedded within the SRv6 network.

A key advantage SRv6 brings to networks is Unified Data Plane (UDP), where customers can run IPv6 everywhere in data center and core networks. This enables the Global VRF (Virtual Routing Forwarding) over SRv6 use case, where IPv4 as well as IPv6 data center fabrics interconnect over SRv6. This use case is applicable for MSDCs (Massive Scaled Data Centers) and globally spread data centers inter-connectivity.

Friday, 20 March 2020

Top 5 new features in Cisco DNA Center 1.3.3.x

Cisco Study Materials, Cisco Tutorial and Material, Cisco Learning, Cisco Cert Exam

Cisco DNA Center 1.3.3.x just dropped and it’s full of new features. Here are the five most popular additions in this free upgrade and what they mean to your business.

The next time you login to your Cisco DNA Center dashboard, you’ll see a notification for a new software upgrade to version 1.3.3.x. Included in this free upgrade are 47 new features, all accessible from the Cisco DNA Center dashboard. Here’s a quick look at five of the features that our customers are talking about most.

Cisco’s partnership with Samsung enables Galaxy smartphones, including the S10 and S20 families, to speak to Cisco DNA Center with client diagnostics. This provides a more comprehensive view of all potential root causes of wireless issues.

Samsung client analytics


This feature allows Samsung mobile clients (such as the Samsung Galaxy S10 and S20 families of smartphones) to send alerts and error codes to Cisco DNA Center for increased insights into the health and user experience of clients on your network. You’ll recall that in early 2018 Cisco and Apple joined together to allow iOS devices to send device information and error codes to Cisco DNA Assurance. The results of this collaboration have been great, and our customers love the ease with which they are able to diagnose connectivity issues with iOS devices.

Now we have added Samsung Galaxy smartphones to this effort. When a mobile client sends an error code to Cisco DNA Center your IT team is given the exact cause of a wireless issue. This eliminates the guess work and troubleshooting and can eliminate any problem that is not a network-related problem.

Wireless sensor enhancements


Cisco Study Materials, Cisco Tutorial and Material, Cisco Learning, Cisco Cert Exam
From the release of our Cisco DNA Assurance wireless sensors back in 2017, they have been a hit. But many customers have asked for an easier way to deploy these magic boxes in remote offices. We answered by completely rewriting the software on the Cisco AP1800S Wireless Active Sensor and adding new capabilities into Cisco DNA Center. The result are wireless sensors that are easier to setup and scale across large-scale network environments. Moreover, the interface is easier to read with new location-based sensor heatmaps to quickly identify failed tests and potential network issues. We have added “Day-0” provisioning so that the sensor can be automatically provisioned once it is powered on. This makes connecting at a remote office a snap! Next, we made the wireless link to the network a dedicated backhaul link, which means that the wireless connection is “always on” regardless of wireless testing activities. A new Heatmap View displays the top five rankings for statistical categories. This view also displays a heatmap representation of the sensor test result failures. This focus on location makes it much easier for teams to prioritize and locate issues quickly.

Network speed tests can now be performed via NDT or iPerf3, depending on which you prefer. Finally, we have added a “Sensor-360” view with time travel to the main Assurance menu in Cisco DNA Center. This allows you the same analytics and troubleshooting on your sensors as the rest of your network. This feature can verify the appropriate sensor functionality and performance so that you can rely on the tests that you perform with the sensor. If you have never tried the Cisco AP1800S Wireless Active Sensor, now is the time! They are now simple to install, even in remote offices, they are easier to use, and they can save you from constant remote site visits for network troubleshooting.

Executive Summary Reports


Cisco Study Materials, Cisco Tutorial and Material, Cisco Learning, Cisco Cert Exam
The answer to the question: How can I demonstrate the many network improvements my team have achieved in a clean, simple to understand, graphical report? Cisco DNA Center’s new Executive Summary Reports gives you a myriad of categories with which to assemble a network report.  Set up the areas of focus (sites, users, or devices) and capture detailed data about network devices and clients, which you can use to analyze network performance. From simple reports such as overall health, to device data, or even an overview of network issues trending. A weekly (7-day) overlay shows the change in performance. This feature allows other company stakeholders or executives to get a clear and easy-to-read overview of network performance and trends.

Meraki Automation


Many Cisco customers have deployed a hybrid Catalyst + Meraki network. This is usually because a company needs a sophisticated switch solution for their large campus network, and cloud-managed devices in remote branches that are simple, secure, and reliable. Many of you have asked for ways to provision and inventory Meraki devices from within Cisco DNA Center. In version 1.2.1.x, we included full Meraki visibility and inventory into the Cisco DNA Center dashboard. Now we are including provisioning of Meraki wireless access points. The diagram below shows five branch offices with Meraki enterprise networks. The corporate campus and regional sites are larger operations and have deployed Cisco DNA (Catalyst/Aironet) on their campus’. The new Meraki Automation feature in Cisco DNA Center allows the corporate campus to provision new Meraki access points into any sites in the network and maintain control of the addition of new devices – this is a common company policy.  Once these Meraki devices are installed and provisioned, they can be managed from any site via Meraki dashboard.

Cisco Study Materials, Cisco Tutorial and Material, Cisco Learning, Cisco Cert Exam

Rogue wireless management


This provides increased security and control of wireless networks by enabling detection of unauthorized access points plugged into local switches or access points with the same SSID but not connected to the customer’s wired network. These wireless security breaches are known as “the honeypot” and “the unauthorized access point.” The diagram below shows a graphic explanation of these scenarios. Cisco DNA Center’s new Rogue wireless management feature will discover and flag both security cases allowing your team to immediately (and remotely) disable the rogue access points.

Cisco Study Materials, Cisco Tutorial and Material, Cisco Learning, Cisco Cert Exam

The new 1.3.3.x software includes many, many other features including: StackWise Virtual support, ASA Firewall automation, APIC-EM migration, policy extensions for SDA, and customizable device health scores.

Thursday, 19 March 2020

SaaS-delivered Encrypted Traffic Analytics with Cisco Stealthwatch Cloud

We’ve reached an interesting turning point for encrypted traffic.

Gartner predicted that 80% of web traffic would be encrypted by 2019. Sure enough, this prediction came true. Last year, the team at Let’s Encrypt, an organization that helps enable encryption for websites, cited that 80% of web traffic they’ve seen is now encrypted. We have reached the point where the average volume of encrypted traffic on the internet has now surpassed the average volume of unencrypted traffic.

This is largely good news, as moving forward, encrypting internet traffic is now the new norm online and will continue to grow. This is good for data privacy and should let us sleep a bit easier knowing that as out information traverses the internet, it’ll be encrypted.

However, much like the adoption rate of encrypted traffic, encrypted threats are also on the rise. This year, Gartner has predicted that more than 70% of malware campaigns will use some type of encryption to conceal malware delivery, command-and-control activity, or data exfiltration. Complicating matters, it’s also predicted that 60% of organizations will fail to decrypt HTTPS efficiently, thereby missing critical encrypted threats.

Traditional threat inspection methods that rely on bulk decryption, analysis, and re-encryption are not always practical or feasible, for both performance and resource reasons. These methods also compromise privacy and data integrity. Unfortunately, many organizations do not have a way to detect malicious activity in encrypted traffic without the use of decryption. With the growing amount of encrypted traffic and the number of threats hiding within it, how should organizations ensure the encrypted traffic coming into their network is safe, without compromising the integrity of that data?

A better approach to analyzing encrypted traffic


Stealthwatch Cloud is a Software-as-a-Service (SaaS) solution that is easy to try, easy to buy, and simple to operate and maintain. Stealthwatch Cloud analyzes network behavior to detect advanced threats, even those hiding in encrypted traffic. Cisco’s proprietary Encrypted Traffic Analytics (ETA) technology uses attributes like Initial Data Packet (IDP) to detect malware in encrypted traffic, without decrypting the data.

Recently, Stealthwatch Cloud has added further integrations with Cognitive Intelligence, our amazing cloud-based machine learning and AI R&D team as well as its Confirmed Threat Service.

These integrations allow Stealthwatch Cloud to ingest ETA telemetry from supported Cisco networking devices and provide additional, enhanced fidelity of encrypted (as well as non-encrypted) traffic. From there, ETA will alert users of potential threats that might be hiding in encrypted traffic. These alerts include cryptomining, unpublished TOR, botnets, Ramnit, Sality, malicious file download, phishing and typosquatting and more.

In a performance study by Miercom, Cisco Encrypted Traffic Analytics showed as much as 36% faster rates of detection, finding 100% of threats in three hours. Furthermore, the study found that Cisco ETA detected 100% of malicious flows within three hours

How it Works


Cognitive Intelligence’s Confirmed Threat Service provides Stealthwatch Cloud with a list of high-confidence Indicators of Compromise (IOCs in the form of IPs and domains), a full description of the related global threat, and a write-up of recommended remediation steps. These IOCs are generated as a result of processing billions of connections from across the globe using a pipeline of analytical techniques which include the collection of Initial Data Packets. In essence, the Confirmed Threat Service is the outcome of multi-layered machine learning and encrypted traffic analytics that can convict known as well as unknown global threat campaigns. Cisco ETA can match field data extracted from the IDP against known IOCs which allows Stealthwatch Cloud to then correlate local customer telemetry to the global Confirmed Threat Service.


New alerts created via this threat intelligence will show up as “Confirmed Threat Watchlist Hit” alerts. These alerts can include named malware type families and also provide details on what they do (exfiltration, exploit, content distribution, botnets, ransomware, etc). Some of the threat intelligence provided by the Confirmed Threat Service is created in collaboration with Cisco Talos. Talos will seed intelligence (initial set of seed IOCs), title and description of a threat. Cognitive Intelligence will then expand this seed set of IOCs with new occurrences using information gathered from IDPs and machine learning – which in turn yields new IPs and domains that are also related to the given threat and appear in real customer telemetry.


Meeting Compliance Needs



In addition to being able to effectively monitor encrypted traffic coming into their network, organizations also have to consider how they use encryption on their own data. When using encryption for data privacy and protection, an organization should be able to answer major questions:

How much of the digital business uses strong encryption?

What is the quality of that encryption?

This information is critical to prevent threat actors from getting into the encrypted stream in the first place. Today, the only way to ensure that encrypted traffic is policy compliant is to perform periodic audits to look for any TLS violations. However, this method isn’t perfect due to the sheer number of devices and the amount of traffic flowing through most businesses.

Cisco Encrypted Traffic Analytics provides continuous monitoring without the cost and time overhead of decryption-based monitoring. Using the collected enhanced telemetry, Stealthwatch provides the ability to view and search on parameters such as encryption key exchange, encryption algorithm, key length, TLS/SSL version, etc. to help ensure cryptographic compliance.

Together, Cisco ETA and Stealthwatch Cloud can also identify encryption quality instantly from every network conversation, providing organizations with the visibility to ensure enterprise compliance with cryptographic protocols. These tools deliver the knowledge of what is being encrypted and what is not being encrypted on your network so you can confidently claim that your digital business is protected and compliant. This cryptographic assessment is displayed in Stealthwatch Cloud and can be exported via APIs to third-party tools for monitoring and auditing of encryption compliance.

Wednesday, 18 March 2020

Five Tips on Working from Home from a 20-Year Work from Home Veteran

Cisco Prep, Cisco Tutorial and Material, Cisco Tutorial and Material, Cisco Exam Prep

In my work career, I’ve spent almost the last 20 years working from home and have learned a lot in the process. For the last 14 years, I have also been fortunate to work for Cisco, a company that embraced the remote work force way before many of our peers. Mobilizing our 73,000+ employees to work remotely has been a relatively seamless process given that we sell world class security, networking and video/voice collaboration technologies that our employees, partners and customers need to get their jobs done at home.

Many of us and our partners will be working from home for the foreseeable future. Here are my five best practices (and lessons learned) for making the most of your work situation.

1. It’s easy to work a 16-hour day from home – so don’t!  


Schedule your day. Establish some structure by knowing when you want to start and finish. It’s easy to keep working or return to work late in the evening, as you have everything you need right there. But it’s healthier to maintain set work hours. I often forget that point and pay a price (as does my family).

2. Avoid bringing work into the family environment. 


If you have deadlines, escalations and other intense (which is code for “stressful”) situations, be aware of the impact it can have on your family members. They may see or overhear you handling difficult issues and, as a result, they might internalize that stress or worry. Over the years, I’ve become more conscious about this, especially as I took on more senior positions with greater scope and responsibilities over multiple time zones. And candidly, I’ve not always managed this very well.

3. Manage your home time carefully.


Not having that commute can be fantastic. In fact, staying home makes it easier to engage in family time. But it’s important to manage it so you don’t get burned out by being home all day (and night). There have been times when I haven’t left the house and have let three days go by without crossing my front door. Don’t let that happen to you!

4. Be respectful and patient of other team members’ home office environments and that some people can’t work from home. 


Some folks will have home offices that are well established, with a professional look and configuration. Others, who are new to working from home, may not. Some may struggle to carve out a workspace in their homes or need to share that work environment with a spouse or significant other, which can cause background noise and distractions. If you hear a dog bark or a baby cry, please be patient with them. I will never forget when my 4-year-old son walked into my office naked in the middle of a Telepresence (video) call one morning, asking me to play with him. A very innocent mishap and thankfully everyone was understanding on the video call.

It is important to keep in mind not everyone has the benefit of working from home. Stay supportive and empathetic to everyone’s work situation. Also, be sure to help your local small businesses even when you are at home, whether picking up food for dinner from a local restaurant or buying a gift card that you can use later. Let’s all try and help keep the least amount of impact to businesses that we can!

5. Structure your day with breaks. Walk the block, smell the roses, or do a call from the backyard. If the walls start closing in, change your scenery:


◉ Schedule lunch and eat it away from your office. This was a huge lesson learned, as I would put in 12-hour days (or later) with back-to-back calls and forget to eat or eat poorly. You need both a mental and nutritional break, so take a lunch break. But do it away from your computer.

◉ Don’t forget to exercise. Some folks will squeeze in a quick run, hit the Peloton, or go to the gym for 30 minutes. Follow their leads – it’s a great way to clear out the mental cobwebs and re-energize your body.

◉ Starbucks can be your friend. A coffee break with Wi-Fi is a good thing for getting you out of the house (especially if you sit outside and manage the COVID-19 six-foot distance from other people rule).

◉ Schedule quick 15-minute calls with colleagues or friends. Under normal office circumstances, you might enjoy catching up with folks over the water cooler. While you are home, simulate that connection by scheduling WebEx calls with your buddies. Talking to them not only refreshes your brain but is great therapy.

Tuesday, 17 March 2020

Care and Quality When it Matters Most: IT preparedness for COVID-19

At Cisco, we have asked thousands of our employees around the world to work from home. Most of them came to the office every day. Other companies have also taken this step, and many more will do so soon. We are all motivated by the same things: care for the people we work with, a desire for everyone to stay healthy, and the hope that by preventing community transmission we can shorten this period of disruption.

Cisco Prep, Cisco Tutorial and Material, Cisco Guides, Cisco Learning

While our teams are at home, we want to support them in every way we can, which includes helping them be productive in their jobs so they can continue to drive towards their goals. Although we have a strong culture that supports remote work when it makes sense, and amazing technology to enable it, this shift can still be daunting.  At Cisco, we’ve always had business continuity planning and even though the plan exists for shutting down corporate headquarters, it’s never too late to take one more look before everyone leaves the building.  Here are the questions we’ve been asking.  Maybe some of them may help you, too.

Thanks so much, stay healthy, and please let us know how we can help.

Is IT ready to handle a spike in support calls and tickets?


Some employees new to working from home will need help. In addition, regardless of planning, systems may glitch when exposed to multiples of their regular loads. We have to be ready for a spike in IT cases.

There is no easy way to dramatically staff up IT to the extent that might be called for, at least not quickly. Proactive advice to employees is critical. Send notes on how your remote work tools function, and how to set them up. If possible, encourage people to test work-from-home tools, like their VPN software, while they are still in the office.

And remember that people will pull together in a crisis. Your community is a powerful resource. Setting up employees to support each other, via online chat tools, wikis, forums, and email lists can reduce the load on IT.

Is your VPN ready for the load?


If your business has resources behind a corporate firewall, it’s likely that your users will connect to them using a virtual private network (VPN). The VPN concentrator that connects these users to your corporate network may not be configured for the new load of remote users.

It might be time to do a few things to increase your capability to handle an increased load. Obviously, you can acquire more VPN concentrators and get them installed

Check your IP pool. The new load of remote workers could outnumber the IP addresses in the pool reserved for external access. The pool can be increased by your staff.

Employees can be asked to not use their VPN-connected work computers for non-work tasks. During this crisis, it is fair to ask employees to be disciplined in their use of company resources.  You might be shocked at the amount of cat videos streamed through your corporate VPN.  Blocking entertainment sites like Netflix and Hulu could also be a part of this strategy, but honestly, for most of us, asking employees would probably be just as effective and with less conflict.

Companies whose VPNs are configured to handle all traffic from workers’ devices might want to look at enabling split tunneling, where traffic destined for work resources goes over the VPN link, while internet bound traffic does not.  AnyConnect can even selectively split tunnel by whitelisting only IP ranges of trusted sites.  Just a few ranges can have a dramatic effect.  Of course, this would have security ramifications and it’s up to your security team to weigh the risks here.

You can also leverage Cisco’s Umbrella infrastructure to secure your Internet bound traffic instead of pushing more traffic through your VPN and security stack.  It’s remarkably easy to setup and can be done remotely.

Do Call Center Employees have the Teleworker equipment they need?


While many workers get productive by just connecting the laptops to the home ISP and your company VPN, that may not be true for call center employees or anyone with direct communication needs. There are teleworker gateways (including our own products) that will let these workers put their dedicated communications devices online from their homes.

Do you have enough raw network capacity? Do your employees?


Under the work-from-home scenario, network loads shift. Now is a good time to make sure your business’ network links are configured for more traffic. Depending on the types of links you have, it may be a simple and straightforward call to upgrade your committed information rate (CIR). If not, using the tips above to reduce network load might be even more relevant.

At your employees’ homes, ISP capacity may come in to play as well. Many ISPs today are configured to support massive loads to handle video streaming traffic. ISP execs say this traffic peaks at about 8pm every day, so during the lighter workday, there should be ample capacity to handle business networking needs, even video calling. Also, several ISPs are working to eliminate data caps and bandwidth throttling.

It is still possible that the work-from-home transition will tax consumer networks. As one of our IT practitioners says, “As you get further out from the company’s network, things are outside your control.”

Should performance for remote workers suffer, employees should know how to take measures to improve their online experience, especially in collaboration tools like video conferencing. Employees can turn off video during a call (if the software doesn’t adapt automatically to network issues), or even route audio to their phone.

Have you trained your employees in best practices for working remotely?

The nature of work changes when your teams are no longer sitting together. Some employees may be able to get more done, while others will find working from home isolating. More critically, the role of managing changes. Everyone, including people not working from home, will have to allot extra time and energy to staying in touch with the co-workers.

We have a number of remote working tips, including regular community time for all teams as well as a block every day where there’s a video bridge everyone on the team connects to, and people can call in to talk as available, get small things resolved and just catch up. It can be a comfort and social leveling function for everyone in a time of flux.

How can we make sure our teams feel cared for?


Depending on your industry, up to 100% of your teams may soon be working from home, and due to the exponential nature of viral spreads, the situation is likely to outpace traditional planning methodologies. If you do not have a business continuity plan that encompasses this type of crisis, we recommend you quickly address your workers’ technology needs, your internal network, and management policies. Open communication with all constituencies is vital.

And whether it’s as-needed all-hands meetings with the CEO and medical experts, or ramped-up management one-on-ones, it’s important everyone feels cared for during this time. We hosted our first company-wide Q&A session with corporate medical doctors on Covid-19 with just two hours notice and nearly 20,000 attendees. It was an indication of everyone’s hunger for information and connection.

When so much is uncertain and worrisome, I think it’s that much more important to make it possible for people to continue working with their teammates, and still find wins together. With the right management and technology behind them, at least this part of life can remain familiar and comfortable.

Monday, 16 March 2020

Setting a simple standard: Using MQTT at the edge

Cisco Prep Exam, Cisco Tutorial and Material, Cisco Learning, Cisco Career, Cisco Cloud

I shared examples of how organizations can benefit from edge computing – from enabling autonomous vehicles in transportation and preventive maintenance in manufacturing to streamlining compliance for utilities. I also recently shared examples on where the edge really is in edge computing. For operational leaders, edge compute use cases offer compelling business advantages. For IT leaders, such use cases require reliable protocols for enabling processing and transfer of data between applications and a host of IoT sensors and other devices. In this post, I’d like to explore MQ Telemetry Transport (MQTT) and why it has emerged as the best protocol for IoT communications in edge computing.

What is MQTT?


MQTT is the dominant standard used in IoT communications. It allows assets/sensors to publish data, for example, a weather sensor can publish the current temperature, wind metrics, etc. MQTT also defines how consumers can receive that data. For example, an application can listen to the published weather information and take local actions, like starting a watering system.

Why is MQTT ideal for edge computing?


There are three primary reasons for using this lightweight, open-source protocol at the edge. Because of its simplicity, MQTT doesn’t require much processing or battery power from devices. With the ability to use very small message headers, MQTT doesn’t demand much bandwidth, either. MQTT also makes it possible to define different quality of service levels for messages – enabling control over how many times messages are sent and what kind of handshakes are required to complete them.

How does MQTT work?


The core of the MQTT protocol are clients and servers that send many-to-many communications between multiple clients using the following:

◉ Topics provide a way of categorizing the types of message that may be sent. As one example, if a sensor measures temperature, the topic might be defined as “TEMP” and the sensor sends messages labeled “TEMP.”

◉ Publishers include the sensors that are configured to send out messages containing data. In the “TEMP” example, the sensor would be considered the publisher.

◉ In addition to transmitting data, IoT devices can be configured as subscribers that receive data related to pre-defined topics. Devices can subscribe to multiple topics.

◉ The broker is the server at the center of it all, transmitting published messages to servers or clients that have subscribed to specific topics.

Why choose MQTT over other protocols?


HTTP, Advanced Message Queuing Protocol (AMQP) and Constrained Application Protocol (CoAP) are other potential options at the edge. Although I could write extensively on each, for the purposes of this blog, I would like to share some comparative highlights.

A decade ago, HTTP would have seemed the obvious choice. However, it is not well suited to IoT use cases, which are driven by trigger events or statuses. HTTP would need to poll a device continuously to check for those triggers – an approach that is inefficient and requires extra processing and battery power. With MQTT, the subscribed device merely “listens” for the message without the need for continuous polling.

The choice between AMQP and MQTT boils down to the requirements in a specific environment or implementation. AMQP offers greater scalability and flexibility but is more verbose; while MQTT provides simplicity, AMQP requires multiple steps to publish a message to a node. There are some cases where it will make sense to use AMQP at the edge. Even then, however, MQTT will likely be needed for areas demanding a lightweight, low-footprint option.

Finally, like MQTT, CoAP offers a low footprint. But unlike the many-to-many communication of MQTT, CoAP is a one-to-one protocol. What’s more, it’s best suited to a state transfer model – not the event-based model commonly required for IoT edge compute.

These are among the reasons Cisco has adopted MQTT as the standard protocol for one of our imminent product launches. Stay tuned for more information about the product – and the ways it enables effective computing at the IoT edge.

Sunday, 15 March 2020

Okta Now Offering Free Single-Sign On and Provisioning for Cisco Webex

Okta Cloud Connect Integrates Webex with Active Directory/LDAP for Fast and Free Single Sign-On and Provisioning


Okta is a single platform for identity management – Cisco Webex is a single platform for all of your collaboration needs. And now we’re even better together.

Okta’s mission is to enable any organization to use any technology. Okta enables companies to easily provision applications, and then allow employees, customers, and partners to access applications and infrastructure in a secure and seamless way, other tools more smoothly and securely than ever before.

Okta is one of the most complete identity and access management platforms for workforces and customers, securing all critical resources from cloud to ground.

Born in the cloud, Okta provides an identity management cloud platform that enables customers to secure their users and connect them to the technologies and applications used by their IT department.

Okta and Cisco have worked together to make sure that we could deliver the most complete IDaaS solution for all Cisco Collaboration applications.

There were a couple of challenges to address:

Provisioning


Okta needed to provision users across a different cloud to Cisco Webex. Okta needed to push information in a secure way about users to the Cisco Webex platform and to achieve that, we used SCIM protocol.

It is an open standard for automating the exchange of user identity information between identity domains, or IT systems. It allows for provisioning and de-provisioning operations between different systems. In addition, it allows to systems to share information about user attributes, group membership, and attributes schema.

For customers that still use Webex Meetings with Identity Management user Site Admin, Okta uses the XML APIs from Webex meetings to be able to deliver provision functions for the solution.

Okta also supports just-in-time provisioning of SAML JIT, but the usage of it only allows for provisioning, which is insufficient for most of our customer needs.

Okta provisions users in Cisco on-premise products. Two possible solutions could be used:

◉ Both Okta and Cisco on-premise collaboration solutions get information about users from the same source such as an LDAP service like Active Directory

◉ For those customers that no longer have an on-premise LDAP service, Okta can provide LDAPS service for Cisco on-premise Collaboration solution

Authentication and Authorization


Okta supports many types of authentication mechanisms like Secure Web Authentication, SAML 2.0 or OpenID Connect. Typically, most customers have their applications supporting SAML 2.0 protocol, to deliver single sign-on and implementing a central authentication policy.

Cisco’s on-premise application requires support for multiple servers to act as a single SAML entity, and for that to work we require a SAML feature called Multiple Assertion Consumer Service URL’s. This allows for multiple nodes in a cluster to provide information to the IdP to which node to send the SAML assertion. Okta was the first IDaaS vendor to implement that feature, allowing the on-premise collaboration tools to work with it.

Cisco Study Materials, Cisco Prep, Cisco Webex, Cisco Tutorial and Material, Cisco Learning, Cisco Prep

Better Together For our customers

Cisco and Okta provide unique value for our customers, allowing them to increase the security of their overall collaboration solution, but at the same time having a platform that would increase the overall security for all the IT applications in their portfolio.

Okta went one step further and offers the full feature IDaaS product only for Webex applications – allowing our join customers that don’t yet an Identity strategy to deploy the best in the market IDaaS solution and in the future extending the identity solution to all their other applications.

Get Okta Single-Sign On for Webex for Free


You can get Okta single-sign-on for Webex for free.

Cisco Study Materials, Cisco Prep, Cisco Webex, Cisco Tutorial and Material, Cisco Learning, Cisco Prep