Thursday, 9 April 2020

Buyers Beware: Scamming Is Rife, Especially In a Time of Crisis

For years, scammers have been using a combination of Blackhat SEO techniques, phishing sites and newsworthy events to either trick individuals into giving up personal information including credit card numbers or to install malware or both. Preying on an individual’s fears has always been a go to tactic for scammers.

Recently a friend texted me and asked if I could take a look at a website his wife used to try and buy some 3M N95 face masks from. He was concerned that the site did not appear to be legitimate. “Sure”, I said, “What is the domain?” He sent it over. mygoodmask[.]com. Having spent the last decade looking at malware, spammers and scammers, I responded immediately, “Yes, it’s very bad. Tell her to cancel her credit card as soon as possible.”

I figured I’d take a closer look at the domain to confirm if I was right. Dropping the domain into Cisco Threat Response – our platform that accelerates investigations by automating and aggregating threat intelligence and data across your security infrastructure. Threat Response didn’t return anything useful aside from the IP Addresses it resolved to. Since the platform is configured for my test organization at the office, it’s not going to show me any hosts that may have visited that domain, but it is still a great source of intelligence. It showed that Cisco was aware of the domain, but there was no additional information – not surprising for newly created and used domains. There is more than one way to determine if a domain is suspicious.

Cisco Prep, Cisco Learning, Cisco Tutorial and Material, Cisco Guides

Enriching the two IP addresses, 50[.]97.189.190 and 66[.]147.244.168, returned everything I needed to decide that the original site was malicious. Nearly two hundred domains resolving to those two addresses, none of which looked like ones I’d like to end up on.

Cisco Prep, Cisco Learning, Cisco Tutorial and Material, Cisco Guides

At this point I was curious about the website itself and wanted to take a closer look. I submitted the domain to Threat Grid, Cisco’s malware analysis tool. It immediately redirected to greatmasks[.]com which resolved to 37[.]72.184.5. Using Glovebox, a capability in Threat Grid that allows full interaction with the virtual machine, I attempted to buy some masks from the website. I used an expired card number to purchase my masks. They are using PayPal to collect payments and validate card numbers.

Cisco Prep, Cisco Learning, Cisco Tutorial and Material, Cisco Guides

The results produced from the analysis highlighted further details on the website, indicating a high level of suspicious activity.

Cisco Prep, Cisco Learning, Cisco Tutorial and Material, Cisco Guides

Drilling down on the IP address that the new domain resolved to, we found another related domain, safetysmask[.]com. At this point it would be easy to create a new Casebook and add these observables to the investigation.

Cisco Prep, Cisco Learning, Cisco Tutorial and Material, Cisco Guides

Cisco Prep, Cisco Learning, Cisco Tutorial and Material, Cisco Guides

For me, one of the most telling signs of an unknown domain is the lookup frequency and activity mapped to the domain creation date and DNS changes. A scammer may register domains and park them until they’re ready to use them. At that point they’ll set up a website and point that domain to an IP.

Cisco Prep, Cisco Learning, Cisco Tutorial and Material, Cisco Guides

Looking at the timeline and domain lookup activity in Cisco Umbrella, our DNS-layer SaaS solution, it’s clear that this website has been up for less than a month which is unusual, especially in context of this investigation.

Cisco Prep, Cisco Learning, Cisco Tutorial and Material, Cisco Guides

Using a combination of our platform capability and our DNS-layer security, I was able to validate that this domain, IP Addresses, and related domains were malicious. With investigations of this nature, the domain or IP might not always have a known disposition at a certain point in time but often, by following the breadcrumb trail of related information, it’s easy to make a determination and judgement about the original domain. Another path to determining the disposition of these domains is to drill down into the observables in Umbrella.

Cisco Prep, Cisco Learning, Cisco Tutorial and Material, Cisco Guides

Cisco Security products not only integrate via Threat Response, there are multiple direct integrations between products as well. These integrations are used to share threat intelligence produced by individual products and to share capabilities across products through API integrations, data visualization and cross product capabilities such as Casebook’s browser plugin.

Umbrella, our cloud-delivered DNS- layer of protection, integrates with Threat Grid, our malware analysis tool, and this allows Umbrella to show information produced through dynamic analysis, mapping domains and IP addresses to samples seen in Threat Grid’s global database, providing another method of determining disposition.

By the end of my digging, I had found hundreds of scams related to sports events, fashion accessories, flu season and more. All easily searchable within your organization via Threat Response and just as easily blocked via Umbrella.

Cisco Prep, Cisco Learning, Cisco Tutorial and Material, Cisco Guides

What began as just a way to help a friend one evening, became a quick but comprehensive investigation into how bad actors are trying to capitalize on a global health crisis. Hopefully this was helpful in showing how easy it can be to validate the disposition of a domain using related observables, and in doing so, build out a collection of new content to be leveraged in your environment for detection and prevention.

Wednesday, 8 April 2020

Cisco Announces Intent to Acquire Fluidmesh Networks

Cisco Prep, Cisco Guides, Cisco Learning, Cisco Tutorial and Material, Cisco Certification

As organizations continue to connect their infrastructures, wireless connectivity remains a critical piece of their strategy. To meet the growing demand for wireless connectivity in the most challenging environments, Cisco is announcing its intent to acquire Fluidmesh Networks, LLC, a privately-held, New York-based leader in wireless backhaul systems. Fluidmesh’s leading technology will compliment Cisco’s robust industrial wireless portfolio, providing reliable and resilient wireless solutions for mission critical applications.

Today’s wireless technology is allowing organizations to improve productivity and worker safety. Organizations such as Caterpillar offer wireless technologies for unmanned vehicles, and mining operations such as Boliden in Garpenberg, Sweden are using wireless technology to remotely operate 23 ton loaders in a small space. If communications fail, it could result in the unit stopping and halting production, ultimately requiring human intervention. On the other hand, a loss in communications with a high-speed train or subway is unacceptable. While most wireless solutions work well for slow moving objects (<30km/h), Fluidmesh’s leading technology is designed to provide zero loss of data transfer at speeds in excess of 300 Km/h.

Beyond high speed rail, numerous industries from manufacturing, oil & gas and mining, to shipping ports, are all looking at how they can use wireless connectivity to automate operations in an effort to reduce operational costs. Today, customers are using Fluidmesh’s reliable wireless technologies in a range of industries to improve productivity, safety, and the customer experience.

Cisco Prep, Cisco Guides, Cisco Learning, Cisco Tutorial and Material, Cisco Certification
Cisco will use Fluidmesh’s products to extend its industrial wireless leadership position to on-the-move applications and where reliable backhaul is mission critical, including:

◉ Rail and transportation: Provide high-speed and reliable connectivity between the trains and the trackside eliminating potential gaps in data transfer, all without the need to stop even when traveling at high speeds.

◉ Mining operations: Improving worker safety with ultra-reliable communication systems for remote operations of mining equipment, eliminating the need to send workers into a potentially hazardous environment.

◉ Manufacturing and industrial automation: Increased productivity with autonomous moving robots operating on a resilient and low-latency wireless network.

With organizations digitizing and interconnecting their systems, the speed of business is constantly being redefined. Fluidmesh’s leading technology will allow us to address these new and emerging use cases with a solution set that is quick to deploy and provides low operational costs and maintenance. We are excited to bring this unique technology to our customers!

Tuesday, 7 April 2020

Top 5 features of a Network Traffic Analysis (NTA) tool- Why you need Stealthwatch now more than ever

According to research from Enterprise Strategy Group (ESG) and the Information Systems Security Association, 91% of cybersecurity professionals believe that most organizations are either extremely or somewhat vulnerable to a significant cyber-attack or data breach.1 CISOs have tried many different solutions. Many are increasing hiring in a field with a steep talent shortage, which may have some long-term returns but doesn’t solve the problems they are facing today. Some also purchase a patchwork of security solutions that aren’t really integrated – an approach that can cause major complications for security architects. These strategies are clearly not increasing confidence in their overall security effectiveness.


What are the primary reasons you believe cybersecurity analytics and operations are more difficult today than they were 2 years ago?

Research indicates that organizations can’t hire their way out of their cybersecurity woes. CISOs must improve security efficacy, streamline operations and bolster employee productivity, and they must rely on their existing workforce. That’s where Network Traffic Analysis (NTA) tools can provide a cybersecurity quick-win. An effective and modern NTA solution can continuously monitor the network and detect threats that might have bypassed the perimeter or even originated within the business. Top-tier NTA solutions take the weight off of the employees’ shoulders by giving them the tools they need to speed up threat detection and remediation. To help you evaluate an NTA solution effectively, let’s take a look at the top features identified by cybersecurity professionals as part of the research conducted by ESG:

1. Built-in analytics and threat intelligence services

44% of survey respondents said that built-in analytics to help analysts detect suspicious/malicious behavior is one of the most important features. Best-in-class NTA tools have different algorithms and signatures built-in to model behavior and crunch data, allowing for high-fidelity alerts that streamline workloads and accelerate incident response. The same percentage also said that threat intelligence services/integrations to enable comparisons between suspicious behavior and known threats is another top feature. These integrations allow NTA tools to “enrich” network telemetry, making alerts more thorough and actionable.

2. Ability to monitor IoT traffic/devices

Users also need the ability to monitor niche equipment that is unique to their industries. This is especially important in industries that have made aggressive investments in IoT like healthcare, manufacturing and transportation. IoT devices generate telemetry and increase the threat surface like any other connected device, and therefore need to feed into an NTA tool.

3. Ability to monitor all network nodes

37% of respondents stated that alerts for when new network nodes are connected are essential for an NTA tool. This means security professionals want NTA tools to issue alerts when unsanctioned devices connect. This is incredibly important for monitoring and mitigating cyber-risks.

4. Proven integrations with other security technologies

37% also said that one of the most important features is documented and tested integrations with other types of security technologies. These other technologies could be malware sandboxes, network segmentation enforcement technologies and much more. These integrations allow for a closed-loop process that includes network security development, monitoring and enforcement.

5. Public cloud visibility

More than a third of respondents said that the ability to monitor cloud traffic is an essential feature. In order to provide true end-to-end visibility, NTA tools need to be able to tap into VPCs, cloud monitoring logs and APIs across AWS, Azure, GCP, etc.

Cisco Stealthwatch


Stealthwatch aligns well with the most important NTA attributes cited by the surveyed cybersecurity professionals. For example, Stealthwatch:

◉ Features multiple types of built-in analytics. Its behavioral modeling and multi-layered machine learning algorithms can detect hidden threats- even those hiding in encrypted traffic.

◉ Provides comprehensive visibility. In addition to monitoring on-premises environments, Stealthwatch also offers agentless visibility into the public cloud. It can also detect when a new network node connects, monitor traffic from IoT devices and more. Nothing slips through the cracks with Stealthwatch.

◉ Backed by Cisco Talos threat intelligence. Threat intelligence is one of the most important features of an NTA tool. Stealthwatch ties its multi-layered analytics with global threat intelligence from Talos, the largest non-governmental threat intelligence organization in the world, and can take immediate action when activity is associated with a known threat, no matter the origin.


CISOs of the world can’t keep up with their security workloads, especially with a global cybersecurity talent shortage. They need quick wins– fast, efficient and accurate alerts that allow them to focus on what really matters. Cisco Stealthwatch is the tool they need right now.

Saturday, 4 April 2020

Evolution to Cloud RAN Made Easy with Cisco’s Fronthaul Solution

Cisco Prep, Cisco Tutorial and Material, Cisco Learning, Cisco Guides, Cisco Cert Exam

5G is happening now. Across the globe, more than 60 service providers have already launched enhanced mobile broadband (eMBB) or Fixed Wireless Access (FWA) services, with plans to offer more advanced 5G services such as ultra-reliable low-latency communications (URLLC), or industrial IoT in the next 18 to 24 months. But the expansion to 5G has not been easy or without growing pains, as legacy 4G network infrastructures struggle to support so many different services.

They’re struggling because the vast majority 4G transport infrastructures were designed to support consumer services with stable north-south traffic patterns, optimized for best-effort mobile broadband, and no need or ability to support stringent SLAs. Very few adopted advanced 4G features that would support more complex services, such as Enhanced Inter-Cell Interference Coordination (eICIC), Coordinated Multi-Point (CoMP), Evolved Multimedia Broadcast Multicast Services (eMBMS), Multiple-Input Multiple-Output (MIMO), or precise timing.

The expansion to 5G has changed the game, as three groups of services emerge – eMBB, URLLC, and massive machine-type communications (mMTC) – all driving a new set of requirements over the transport network. To match the commercial-grade SLAs these new services will inevitably demand, mobile networks must increase availability, reliability, and security.

Cisco Prep, Cisco Tutorial and Material, Cisco Learning, Cisco Guides, Cisco Cert Exam

To meet the service demands of 5G, service providers need to rethink the economics of their end-to-end infrastructure and make decisions that go beyond the radio. At the top of this list is the RAN architecture, which accounts for nearly 80% of service provider’s Capital Expenditures (CapEx). RAN operating costs are no slouch either; it’s estimated they equate to 60 % of the Total Cost of Ownership (TCO).

New densification strategies are also required to improve the economics of backhaul networks, supporting the high frequency (3,5Ghz, 6Ghz, 24GHz, etc.) spectrum with up to 400Mhz ultra-high cell bandwidth, massive MIMO (64TRX, 32TRX Multi-Access Antennas) and the exponential increase in base stations required to support 4G LTE expansions and 5G services.

Open, software-defined, virtualized, and cloud scalable, the emerging Cloud-RAN or Centralized RAN (C-RAN) architectures, support these densification strategies. C-RAN disaggregates base stations by separating Radio Units (RUs) from Radio Equipment Controllers (REC) and centrally locates these REC functions in regional/distributed data centers.

Cisco Prep, Cisco Tutorial and Material, Cisco Learning, Cisco Guides, Cisco Cert Exam

The centralization of base stations drives the need for fronthaul transport to be able to carry the antenna samples using CPRI or standard-based/open protocols. However, CPRI line rates (currently limited to 24 Gbps) don’t efficiently scale to meet the growing needs of 5G and also require tight delay budgets that lead to limitations in the distance and transport technologies that can be used for aggregation. Another concern is related to MIMO scale adoption as CPRI requires a dedicated link for every antenna. This mechanism becomes problematic as service providers invest in MIMO technology to increase data rates for 4G and 5G radio.

With these new architectures, service provider RAN departments must have a stake in ensuring the network between the RU and the DU delivers the required performance. This was not the case in the past as the RU and the DU were tightly integrated at the cell site.

These attributes are essential to the transport infrastructure meeting performance expectations and assuring a smooth evolution to C-RAN while supporting legacy RAN requirements.

Converged end-to-end IP infrastructure


To improve economics, RAN transport networks need to be optimized to share connectivity for both wireline, wireless and business services. This can be done effectively by leveraging technologies such as Segment Routing to address the diverse 5G transport requirements – for example, different SLAs can be enforced thanks to network slicing capabilities powered by Segment Routing directly from the cell site up to metro and core networks.

As operators move to Cloud RAN, mobile network functions are virtualized and distributed closer to end-users for better service quality and lower latency. Cloud RAN locations, in turn, need to support the dynamic placement of VNFs and Service Edge, while providing telco class resiliency; this is driving service providers to roll out multiservice networking devices that support end-to-end network slicing.

Designed to Evolve


As 4G and 5G RAN specifications and standards evolve towards cloud-scale, open, and virtualized solutions, RAN transport must be extensible to meet current and future RAN functions and technical requirements. Turbo-charging RAN networking devices with Field-Programmable Gate Array (FPGA) will increase the flexibility to quickly adapt to evolving radio interface processing specifications for CPRI, eCPRI and RoE.

Automated


To curb OpEx costs and better manage operational life-cycle, RAN transport solutions need extensive and open automation capabilities that can integrate into existing management domains and end-to-end systems.  As densification can require on-site interventions, network operators need greater automation in deployment processes and tighter security requirements.

Packet-based 


Traditional fronthaul optical solutions have been static TDM solutions using dedicated optical resources to carry fronthaul traffic. By contrast, packet-based solutions leverage statistical multiplexing to share transmission capacity, using valuable fiber resources more efficiently. Packet-based solutions also support an enhanced CPRI (eCPRI) protocol that scales bandwidth 10x more effectively than 4G CPRI, meaning fewer transport resources are required.

Packet-based solutions support Point-to-Point and Ring topologies, offering easy bandwidth growth while providing the telco class resiliency demanded by mission-critical enterprise services. Fronthaul optical transport solutions are typically implemented using point to point topologies.

Open


Already, service providers have shown an unprecedented interest in open, virtualized RAN solutions that dovetail into their broader SDN architectures. As an early leader in the creation of the Open vRAN ecosystem, we’ve witnessed great progress, but there still is a long road ahead. Continuing to grow and mature the Open vRAN ecosystem will ensure new open RAN solutions find their way into service providers’ infrastructures.

Friday, 3 April 2020

How to Create a Dashboard for Webex Device Monitoring

Demand for remote work systems is growing


The rapid growth in demand for remote work systems has resulted in new challenges of monitoring and troubleshooting devices used for this purpose. Recently, Webex events (calls, messages, etc) have jumped from 39 billion to 270 billion per day.

All well known video services are under heavy load. Cisco’s advantage in unified communication solutions is also based on high-quality functional devices equipped with high-quality cameras, sound systems, and microphones as well. Many employees started working remotely. Someone uses laptops for video conferencing; many employees make use of advanced devices, such as Webex devices: Series DX, MX, SX; Room/Roomkit/Codec and Webex Board’s.

Below we will take a particular look at the necessary elements to create a dashboard to monitor and manage Webex devices.

By using one dashboard, Collab admins can manage and automate many remote devices


Automatic monitoring and use of dashboards eliminates the need for tracking certain parameters and transfers all the necessary information into one center.  This allows you to track and manage parameters.

What kind of useful cases can be implemented?


Using the dashboard as a remote control and automation system makes it possible to implement useful use cases such as:

◉ Track the number and quality of ongoing calls
◉ Monitor employees who joined an online meeting/standup
◉ Manage QoS parameters based on network capability needs
◉ User management (Admit, Mute, Disconnect)

What metrics and events can you collect and monitor:

◉ Call Disconnect
◉ Audio Settings
◉ Video Settings
◉ Network configuration
◉ Software update settings
◉ User interface interaction

Cisco Tutorial and Material, Cisco Prep, Cisco Learning, Cisco Guides, Cisco Cert Exam
Example dashboard you can create using the templates and functions described in this blog.

Create your dashboard using functions and templates


To track these and other parameters, we can use the jsxapi library written in JavaScript. Accordingly, we will consider examples of functions and codes which will also be written in JavaScript. Everything we will examine can be integrated into ready-to-use templates (Angular, React, Vue) for visualization and data management.

In many cases, we will use WebSockets to track parameters quickly. You must subscribe to this data to receive parameters.

We first import the appropriate packages into the code

const jsxapi = require ('jsxapi');

Initializing WebSockets connection

this.wsconnection = jsxapi.connect (this.ip, {username: this.login, password: this.password});

Looking ahead, you should also remember to create a function that will close WebSockets connection and disable feedback listening for all listeners of the group.

Here’s what it might look like

   closeConnection () {
     this.wsconnection.close ();
     this.feedbackGroup.off ();
     console.log ('Connection closed');
   }

Then, after creating necessary variables and functions, we will start them to collect and process information from devices

    this.wsconnection.on ('ready', () => {
      this.getCallHistory ();
// List of fuctions
    });

Through jsxapi, you can run xConfiguration, xCommand and xStatus commands, and you need different methods to use them.

xConfiguration (sample)

        this.wsconnection.Config.Audio.DefaultVolume.set(this.newVolume);
xCommand (sample)

        this.wsconnection.command("Time DateTime Get")
          .then((data) => {
            if (data.status === 'OK') {
              // process with data
            }
           });

xStatus (sample)

        this.wsconnection.status.get("Network 1 IPv4 Address")
          .then((history) => {
            this.ipv4 = history
          });

For online tracking of parameters, metrics, and different changes we need to register listeners.

Here’s a sample of listener that tracks changes of a device name

this.wsconnection.status.on('UserInterface/ContactInfo/Name', (newName) => {
        console.log('SystemUnit Name', newName);
        this.SystemName = newName;
      }),

Here’s a sample of listener that tracks changes of number of active calls

this.wsconnection.status.on('SystemUnit/State/NumberOfActiveCalls', (newNumberCalls) => {
        console.log('NumberOfActiveCalls', newNumberCalls);
        this.NumberOfActiveCalls = newNumberCalls;
      })

Bandle is used for mass subscription for various events

        this.feedbackGroup = this.wsconnection.feedback.group([
          // Register listeners for track changing
        ]);

Thursday, 2 April 2020

Here’s What You Need to Know About Digital Transformation

According to the new Cisco Annual Internet Report 2018-2023, there will be 29.3 billion networked devices by 2023, up from 18.4 billion in 2018, (9.8% compound annual growth rate) globally and 5.3 billion total Internet users (66% of the population) by 2023, up from 3.9 billion (51% of the population) in 2018.

Cisco Prep, Cisco Tutorial and Materials, Cisco Learning, Cisco Cert Exam

In addition to the many, many billions of users and devices connecting to global IP networks, the new report also projects faster speeds for wired and wireless networks (driven by new fiber deployments and cable standards as well as Wi-Fi6 and 5G).

◉ Globally, the average fixed broadband speed will grow 2.4-fold from 2018 to 2023, from 45.9 Mbps in 2018 to 110.4 Mbps.

◉ Globally, the average Wi-Fi speeds from mobile devices will grow 3.0-fold from 2018 to 2023, from 30.3 Mbps in 2018 to 92 Mbps by 2023.

◉ Globally, the average mobile (cellular) connection speed will grow 3.3-fold from 2018 to 2023, from 13.2 Mbps in 2018 to 43.9 Mbps by 2023.

Cisco Prep, Cisco Tutorial and Materials, Cisco Learning, Cisco Cert Exam

Better network performance (faster speeds and lower latencies) serve as the foundation for other network innovations and application advancements for consumer and business users. Network users demand and expect more from their online experiences. Ubiquitous access and millisecond responsiveness are now table stakes characteristics (not features). Next-gen applications must be customized and tailored to individual user preferences. This “new normal” adds complexity and scale that are often difficult for service providers and IT teams to keep with and support. Fortunately, artificial intelligence (AI) and machine learning (ML) are helping to automate many types of repetitive network jobs/processes and develop new insights into online user behaviors and preferences.

Cisco Prep, Cisco Tutorial and Materials, Cisco Learning, Cisco Cert Exam

And with the many next-gen applications being created, new models of business are being created as well. Artificial Intelligence and Machine learning and many other applications are now taking advantage of the digital transformation which is very much underway thus creating new models of business and impacting various industries.

AI Platforms and applications are enabling enterprises to leverage ML capabilities and provide enhanced accuracy and user experiences. AI is projected to be utilized everywhere from edge to core to cloud. Technology providers should continue to partner and support rapid deployment, interoperability, and standardization of AI solutions.

Take a look at our executive insights on “Reimagine your applications”. Across almost all business sectors there is an increased demand for new or enhanced applications that increase workforce productivity or improve customer experiences.

IT departments are often challenged to transform infrastructures to accommodate new technologies. The Internet of Things (IoT), artificial intelligence (AI), machine learning (ML), and business analytics are changing how developers build smart applications to simplify customer transactions and deliver new business insights.

Take the music industry, for example, Watson BEAT helped create a better soundtrack than an original composition with the help of a cognitive machine. The IBM® Spectrum Computing team asked IBM Watson® Beat to come up with killer beats for its latest Red Bull Racing video—and the AI composer used its neural network to lay down a unique track.

Or look to the Automotive industry, where self-driving cars use Artificial Intelligence. Next-gen applications such as “Reinforcement learning” have found its way in revolutionizing the automotive industry by creating autonomous driving cars and the financial services industry with new ways of portfolio management.

Tesla, for example, uses AI and effectively crowdsources its data from all of its vehicles with its internal and external sensors. While this will help Tesla refine its self-driving systems, this data holds tremendous value in its own right. Researchers at McKinsey and Co estimate that the market for vehicle-gathered data will be worth $750 billion a year by 2030.

Another example of a next-gen application is predictive analytics which involves using advanced analytic techniques that leverage historical data to uncover real-time insights and to predict future events. Predictive analytics can help transform the way a business operates and can be used for many Industrial IoT solutions- using sensor data to predict equipment failure, weather patterns, crop rotation, and yield predictions and various other impacts on agriculture and the food industry and many other IoT solutions.

New next-gen applications and their rapidly evolving use cases and real-life examples are being built every day—the most successful of which will involve shifting technologies and evolving business models as we digitally transform.

Wednesday, 1 April 2020

Implementing Cisco SD-WAN deployments with Cisco Action Orchestrator

Cisco SD-WAN, Cisco Tutorial and Materials, Cisco Learning, Cisco Guides, Cisco Cert Exam

Since the Cisco developer program (DevNet) began five years ago, we have seen huge growth and maturity of tools and platforms that enable engineers, operations teams, and software developers to deliver critical outcomes for their businesses. From the surge in growth of services in the public cloud to all of the open-source automation and orchestration platforms – such as Chef, Puppet, Ansible, so there has never been a better time to increase the way we tackle the challenges.

Our networks are composed of multiple operational domains (for example campus, data center, and security), that are tightly interconnected. However, engineers need more than interconnected domains to support customer and business needs. They need security, and an access policy that spans domains. And they need the agility to support new needs as they arise, with complete end-to-end visibility.

The need for tight integration, despite the differences in the domains, is one of the biggest drivers for moving to a controller-based, fully abstracted architecture.

Cisco Action Orchestrator provides a unified solution


Using Cisco Action Orchestrator we built a complete workflow. Action Orchestrator is a powerful workflow automation and technology-agnostic cross-domain orchestration product. This orchestration platform easily binds Cisco products together and connects smoothly to third-party products and open-source solutions, providing a unified solution. The following designs are applicable to provide advanced automation.

Imagine that your company wants to open a new store or remote office. When the company employees or customers connect on the network they need access to all their resources. This could be to enable applications to check stock, take payment, process invoices, or even just to safely surf the web. Ensuring your business is connecting safely and securely can be a challenge, this is where automation will help solve many of these once teething issue.

Cisco SD-WAN, Cisco Tutorial and Materials, Cisco Learning, Cisco Guides, Cisco Cert Exam

Let’s look at how we can deliver this, quickly and securely. Here we will focus on connecting the store to our data center and other locations and how we do this with Cisco SD-WAN API’s and Cisco Action Orchestrator.

Multi-Domain with Cisco SD-WAN


Our infrastructure must be flexible enough to accommodate those restraints. An intelligent, software-layer, such as SD-WAN, can change the inflexible and often slow networking models of the past. In the largest awareness, it is DevOps meets networking, this can be (and often is) referred to as ‘NetDevOps’.

When using Cisco Action Orchestrator we can use REST API calls to authenticate, to get a list of devices that are part of the SD-WAN fabric, and get device status deploying templates instantly connects our stores/remote office and data center networks. Now our routing algorithms accommodate application requirements and can adapt to real-time link conditions. The ability to connect any data services into the SD-WAN gives organizations amazing elasticity.

Let’s go over the steps that are required


You must first establish an HTTPS session to the server. To do this, you send a call to log in to the server with the following parameters: URL to send the request to use URL: `https://{vmanage-ip-address/j_security_check` which performs the login operation and security check on the vManage web server at the specified IP address.  The API call payload. The payload contains the username and password in the format j_username=username&j_password=password.
After we have established the HTTPS session, we can list the devices attached to the fabric, we use the call that retrieves a list of all devices in the network. To retrieve this list, use the following URL: https://vmanage-ip-address/dataservice/device.  In the templates table, the Device Templates column indicates how many device configuration templates are using a particular feature template the next URL being called is URL: `https://{vmanage-ip-address/dataservice/template/feature` which show the devices in to which the feature template is deployed.
Once the new site/devices are identified we push and attach the feature template to the devices with URL: `https://{vmanage-ip-address/dataservice/template/device/config/attachfeature`.  Validation of the feature template is completed by URL: `https://{vmanage-ip-address/dataservice/template/device/config/attached/[id]` validates which sites/device.

Cisco SD-WAN, Cisco Tutorial and Materials, Cisco Learning, Cisco Guides, Cisco Cert Exam

Building the workflow in Cisco Action Orchestrator


Now we know our API’s we are using from Cisco SD-WAN, we can add these into Cisco Action Orchestrator. A workflow is basically a constructed workflow that consists of activities, invocations of child workflows, and logic components that can be included to complete the workflow. Action Orchestrator allows you to automate IT processes based on our requirements using a workflow format. Once we have added in our Cisco SD-WAN workflow the whole thing looks like this.

Cisco SD-WAN, Cisco Tutorial and Materials, Cisco Learning, Cisco Guides, Cisco Cert Exam

To kick this off, we simply hit the “RUN”. When you create a workflow, you must specify where you want the workflow to run. You can also specify that the workflow runs on a specific target or target group. The target group can be defined once and reused in several processes. For example, you might have a database maintenance process that is scheduled to run every month on all database servers. Instead of scheduling the process multiple times to run on each database server, you can create a target group that includes all the database servers and schedule the process to run on all the servers at the same time. If you choose to execute the process on a target group, you can further specify to run the process on all objects that are included in the target group or run the process on a specific object within the target group.

Cisco SD-WAN, Cisco Tutorial and Materials, Cisco Learning, Cisco Guides, Cisco Cert Exam

The colors associated with the individual activities determine the status of the process and activity instances, upon completion we see green which means our process has completed successfully (if any of the steps failed we would see these as red which means the process has failed and did not complete the process execution). We also see a 200 OK,  as our request succeeded, STATUS 200 OK appears in the results area, here our request was successful and we see a STATUS 200 OK and the result is contained in the response body.

Now our new device and location have had its template pushed to the end device and the traffic will begin to flow as expected and our new device has all our router, policy and security feature that our requirements for our company.