Monday, 25 May 2020

Spinning up an NVMe over Fibre Channel Strategy using Cisco MDS 9000 Series Multilayer Switches

Cisco Tutorial and Material, Cisco Exam Prep, Cisco Study Material, Cisco MDS, Cisco Prep

Every so often there comes a time when we witness a major shift in the networking industry that fundamentally changes the landscape, including product portfolios and investment strategies. Storage and Storage Area Networks (SANs) are undergoing one such paradigm shift that opens up a huge opportunity for those looking to refresh their SAN investments and take advantage of the latest and greatest developments in this particular space. We can think of it as a “trifecta effect.”

Let’s see how the Cisco MDS SAN solution – using Cisco MDS 9000 Series Multilayer Switches helps meet the challenges posed by this “trifecta effect.” Through this series of blogs, we will cover various topics on Cisco’s innovation in storage networking technologies and how it addresses these challenges.

To start with, let’s first take a very common topic that is top of mind for every customer looking at Cisco MDS 9000 series switches:

◉ Do you support NVMe over Fibre Channel (NVMe/FC) or NVMe over Fabrics (NVMe-oF)?

◉ Which Cisco MDS 9000 Multilayer Series Switches support NVMe?

◉ Do I need an extra license to get support for NVMe on my Cisco MDS SAN switches?

So, let’s discuss the latest and greatest innovations driving the SAN industry and try to paint a picture of how the SAN landscape will look five to seven years down the road, while focusing on asking the right questions prior to that critical investment. Following this, we will be posting additional blogs that will dig deeper into each of the technological advances, in order to understand the bigger and better picture of future storage networking technology.

Why now?


Modern enterprise applications are exerting tremendous pressure on your SAN infrastructure. To keep up with advances in storage technology, customers are looking to invest in higher performing storage and storage networking. Combining the economic viability of All Flash / NVMe arrays and the technological advances with NVMe over Fibre Channel, there has never been a more compelling opportunity to upgrade the SAN infrastructure to meet future demands.

But before we think about refreshing our SAN, we have to ask few questions ourselves:

◉ Does it support NVMe?

◉ Is it 64Gb FC ready?

◉ Do we get any sort of deep packet visibility, a.k.a. SAN analytics, for monitoring, diagnostics, and troubleshooting?

◉ How can I get my SAN ready to use Cisco MDS 9000 Series Multilayer Switches?

We will elaborate more on the above questions, one by one, in this series of blogs.

In this blog, let’s talk about NVMe over Fibre Channel (FC) support using Cisco MDS 9000 series switches.

Most of us probably know what NVMe is – the various deployments of NVMe (over FC, RoCE, TCP, etc.). Solid State Disks (SSDs) and NVMe have superseded rotating/spinning disks. NVMe also has opened up a superhighway to send traffic using multiple lanes, providing a very high throughput rate. This results in extremely high bandwidth consumption, along with burst of reads and writes.

Does Cisco’s MDS SAN solution provide support for NVMe/FC?


This is a very common and top-of-mind question from customers during conversations involving SAN. The good news on the Cisco MDS SAN solution is – yes, it supports NVMe.

◉ Transparent support – no additional hardware/commands needed

◉ Works with any current 16G/32G fabric switch or current Cisco MDS 9700 16G/32G modules using Cisco NX-OS 8.x release

◉ No additional license needed

◉ No additional features needed to enable identification of NVMe commands


Vendor certification


From an ecosystem support perspective, we have certified Broadcom/Emulex and Cavium/Qlogic HBAs, along with Cisco UCS® C-Series servers. We have also published Cisco Validated Design guides with the NVMe solution, listed at the end of this blog.

Cisco Tutorial and Material, Cisco Exam Prep, Cisco Study Material, Cisco MDS, Cisco Prep

We can run SCSI and NVMe flows together through the same hardware, through the same ISL (Inter Switch Link). Cisco MDS 9000 series switches will transparently allow successful registrations and logins with NVMe Name Servers as well as I/O exchanges between SCSI and NVMe initiators and targets, together.

This way, NVMe/FC, along with the Cisco MDS SAN solution, provides the best possible performance across the SAN, with seamless insertion of NVMe storage arrays in the existing or new ecosystem of MDS SAN switches.

Sunday, 24 May 2020

Automating Network Deployment with Cisco DNA Center and Cisco Action Orchestrator

Cisco DNA Center, Cisco Action Orchestrator, Cisco Tutorial and Material, Cisco Exam Prep, Cisco Learning

The Story:


A major retailer is standing up a new location. They require:

◉ A connection to corporate remote data center for price list
◉ To quickly deploy the local network at the branch including standardized configuration
◉ On site compute for localized advertisement, webservers and general compute.

Cisco DNA Center, Cisco Action Orchestrator, Cisco Tutorial and Material, Cisco Exam Prep, Cisco Learning

Multi Domain Story

Check out Matt’s Blog to learn more about the overall story and what we’ve done.

What I would like to focus on is how we’ve Integrated Cisco DNA Center to automate the standing up of a new network with Cisco Action Orchestrator (CAO)

The Tech:

Cisco DNA Center

I had two tasks to accomplish:

1. Discover and provision the network in the new branch
2. Create and deploy an SSID throughout the entire store

The way Network Discovery works in Cisco DNA Center, first I have to initiate a Discovery Task based on a range of IP addresses.

Once the task is completed and the device is part of the managed devices. I can dynamically create my sites and assign the devices to each site with the appropriate template.

The Workflow is pretty simple

◉ Authenticate against DNA-Center to get a Token
◉ Grab credentials IDs that are configured in DNAC to access the devices
◉ Initiate Network Discovery
◉ Check if the task is complete
◉ Get a list of discovered devices

Cisco DNA Center, Cisco Action Orchestrator, Cisco Tutorial and Material, Cisco Exam Prep, Cisco Learning

Network Discovery workflow built in Cisco Action Orchestrator

To Initiate Network Discovery you need to POST a request to the /dna/intent/api/v1/discovery endpoint with this body

Cisco DNA Center, Cisco Action Orchestrator, Cisco Tutorial and Material, Cisco Exam Prep, Cisco Learning

Network Discovery request JSON Body

We are using an IP Range to discover our devices. We are also telling DNAC to access the devices via SSH using the configured credentials.

Once the discovery task is completed. We can check to see the results via /dna/intent/api/v1/discovery endpoint. This endpoint will return the list of all discover devices.

Cisco DNA Center, Cisco Action Orchestrator, Cisco Tutorial and Material, Cisco Exam Prep, Cisco Learning

Network Discovery result

Part Deux of this automation journey is to create a standardized SSID. There is a nice API for that which made the workflow pretty simple:

◉ Authenticate against DNA-Center to get an API Token
◉ POST JSON body with SSID configuration to /dna/intent/api/v1/enterprise-ssid
and voila.

Cisco DNA Center, Cisco Action Orchestrator, Cisco Tutorial and Material, Cisco Exam Prep, Cisco Learning

CAO Workflow using Enterprise SSID Intent API

The End


Remember how I said earlier this was part of an all star team that has essentially automated the entire story you’ve read? Well what’s great about working with Cisco Action Orchestrator (CAO) is that it didn’t matter the way I’ve built my workflow. When it came time to integrate all of our work, CAO made it very simple and hence we were able to take a small bit of automation for a specific Cisco Product and integrate it into a larger multi domain effort.

Saturday, 23 May 2020

Cisco and AWS Strategic Partnership: Working to Secure Your Acceleration to the Cloud

Cisco Tutorial and Material, Cisco Learning, Cisco Guides, Cisco Exam Prep

As many know, AWS deploys a shared responsibility security model, which starts with AWS taking responsibility for the security of the underlying cloud infrastructure— compute, storage, database, and networking—within its various regions and domains. In parallel, as an AWS customer, you are responsible for the security of your applications, workloads, and data—including network security, identity and access controls, data encryption, and operating system—while running in the AWS cloud. The question naturally emerges: How do you effectively do this?

To help AWS customers, Cisco—a market leader in security—has built a security architecture around four key pillars: visibility, segmentation, threat protection, and identify and access management.

Visibility


Visibility is about seeing everything. It’s about having complete visibility into users, devices, networks, applications, workloads, and processes running in the AWS cloud. To accomplish this, Cisco offers a number of products:

◉ Cisco Tetration agents running on AWS instances forward “network flow and process information” that is essential to visibility and policy enforcement, which in turn enables enhanced automated threat defense.

◉ Cisco Stealthwatch Cloud (SWC) consumes Amazon Virtual Private Cloud (VPC) flow logs, cloud trail, AWS Inspector, AWS IAM and other data sources. Cisco SWC includes compliance-related observations while it provides visibility into your AWS cloud infrastructure.

◉ Cisco Advance Malware Protection (AMP) for Endpoint threat response helps you gain visibility into the scope of a breach, such as how many endpoints are affected by subject malware. You can discover patient zero: when the malware was first seen, on which computer in your environment, its lineage, and how it moves between hosts.

◉ Cisco Threat Response offers API-driven integration with Cisco Umbrella, Cisco AMP for Endpoints, and SWC. Using this integration, security ops teams can gain increased visibility while hunting down threats.

AWS VPC flow logs can be combined with these Cisco tools to enable you to capture information about IP traffic going to and from network interfaces in your VPC.

Segmentation


Segmentation is about reducing the attack surface. It’s about preventing attackers from moving laterally—east to west—through application whitelisting and microsegmentation. To accomplish this, Cisco offers a number of products running on AWS:

◉ Cisco Next-Generation Firewall (NGFWv) provides capabilities like stateful firewall, “application visibility and control,” next-generation IPS, URL-filtering, and network AMP in AWS.

◉ Cisco Adaptive Security Appliance Virtual (ASAv) provides a stateful firewall, network segmentation, and VPN capabilities in AWS VPC.

◉ Cisco Tetration enables zero-trust security using application segmentation.

◉ Cisco Defense Orchestrator (CDO): CDO can now manage the AWS security group. CDO provides microsegmentation capability by managing firewall hosts on the workload.

Working with Cisco products, AWS security architecture around segmentation includes AWS security group, AWS gateway, AWS VPC, and AWS subnets.

Threat protection


Threat protection is about stopping breaches by quickly detecting, blocking, and responding to attacks before hackers can steal data or disrupt operations. To accomplish this, Cisco offers a number of products:

◉ Cisco NGFWv delivers threat inspection throughput of up to 1.1 Gbps to help protect virtual data center and AWS cloud environments from sophisticated threats.

◉ Cisco Tetration uses advanced security analytics to speed detection.

◉ Cisco AMP for Endpoints provides comprehensive protection against the most advanced attacks. It prevents breaches and blocks malware at the point of entry, then rapidly detects, contains, and remediates advanced threats that evade front-line defenses and penetrate your network. It stops
malware, eliminates blind spots, and discovers unknown threats

◉ Cisco Umbrella virtual appliance is available for AWS. Using dynamic host configuration protocol (DHCP) options, administrators can configure Cisco Umbrella as a primary DNS. Cisco Umbrella cloud provides a way to configure and enforce DNS layer security for workloads in the cloud.

◉ Cisco Threat Response helps detect, investigate, and take corrective action against cyber threats.

AWS security architecture for threat protection also includes:

◉ AWS Web Application Firewall (WAF) which protects against web exploits
◉ AWS Shield (DDoS – Basic or Advanced) which protects against DDoS

As an alternative to AWS applications—and based on your requirements and preferences—you might consider Radware WAF and DDoS mitigation solutions, which also provide WAF and DDoS capabilities offered through as a service business models.

Identity and Access Management (IAM)


IAM assigns robust access control to help ensure appropriate access to technology resources. Cisco Duo provides multi-factor authentication (MFA) service for AWS consoles and applications running on workloads.

Coupled with Cisco DUO is AWS IAM, which enables you to manage access to AWS services and resources securely.

Thursday, 21 May 2020

How Partners Make Money with Cisco Customer Experience (CX)

With the advent of SaaS and cloud business models, customers expect a shorter time between when they buy something and when they attain value from their purchase. These days, partners can’t sell something, install it, support it, and expect their customers will satisfactorily consume and receive available value from what was bought.

Partners need to enable customers with a customer success strategy that helps ensure they will derive maximum value and ROI from their purchases — but this can be challenging. As an example, newly purchased business-critical technologies can be complex to implement and deploy. As another example, in the absence of usage data, it’s often difficult for customers to know their level of consumption for purchased products, which can make renewal discussions troublesome.

The Cisco Customer Experience (CX) team has an answer, helping Cisco partners transform from a traditional product resell business model to a value-added lifecycle growth model and helping them to help their customers extract the most value from their investments.

To be clear, many Cisco partners have built very successful businesses selling their professional services along with reselling Cisco offerings. That said, although this approach has yielded considerable success in the past, going forward it is not well differentiated, because many partners can essentially replicate this formula. The result is a diluted value proposition, reduced margins, and — quite frankly — a future struggle for survival.

So, to help partners create new sources of value and enable expanded growth, while helping ensure that customers have an optimal experience, Cisco offers the CX Success Portfolio. The Cisco CX Success Portfolio consists of three fundamental elements:

◉ A simplified Cisco portfolio of products and services that makes it easier for buyers to buy and partners to bundle in their own value-add services.

◉ Insights and analytics based on usage and telemetry data generated from the Cisco portfolio, spotlighting customer consumption of the overall product and specific features and enabling ongoing partner-to-customer discussions to help deliver customer satisfaction and identify partner upsell opportunities.

◉ A lifecycle selling framework, which helps guide the selling motion to where there are opportunities to grow revenues.

A simplified Cisco portfolio


Previously, Cisco services were sold as product attach during the initial sale and then hopefully again at renewal. The result was a complicated portfolio of product and service offerings not aligned to the customer lifecycle. In the future, the new CX portfolio will have a simplified, agile, and innovative services portfolio with flexible options to meet your customer’s business requirements. We are developing a new suite of solution capabilities comprised of four primary focus areas:

1. Expert Resources
2. Trusted Support
3. Insights and Analytics
4. Contextual Learning

We are evolving our portfolio with new Expert Resources; designed a more tailored approach to hardware and software with Trusted Support; added Insights and Analytics features; and added Contextual Learning to create an optimal experience in every step of your customer’s lifecycle journey. We will offer graduated service levels that build upon each other as they increase — with everything from self-help tools to working beside them to show, guide, and jointly team to deliver the right level of support to meet specific needs or directly execute successful outcomes.

Your customer can choose the right level of support, expert guidance and insights that aligns with their budget, resources and IT environment, to resolve issues quickly and realize value faster at all levels of their lifecycle.

Additionally, this simplified portfolio makes it easier for partners to bundle in their own value-added implementation, deployment and ongoing management services. As an example, a partner can bundle in accelerators, such as one-on-one workshops, which provide deeper education on how to deploy a purchased technology.

Insights and analytics


In addition, the Cisco portfolio now provides usage and telemetry data, offering partners insights into how much their customers are utilizing the products they’ve purchased. This data becomes a critical tool to help partners engage with customers, ultimately with the goal to increase usage and satisfaction with purchases, which can lead to increased renewals. This data also gives partners a lens into opportunities on how best to position their services en route to upselling additional services.

Lifecycle Services Framework


Ultimately, Cisco’s simplified portfolio, along with insights and analytics, provide the foundation for partners to align their services around the Cisco CX Lifecycle framework racetrack, as shown in Figure 1.

Figure 1: The customer lifecycle

Cisco Prep, Cisco Tutorial and Material, Cisco Guides, Cisco Learning, Cisco Exam Prep

Partners can utilize this framework to align capabilities in their organization to deliver enhanced customer experiences in areas such as customer and user onboarding, implementation, adoption, expansion, training, customer success help desks, and traditional technical support. Likewise, partner CX capabilities need to meet customer expectations around regular reviews of product utilization and outcomes delivered, help with renewals and future planning, and provide timely updates on new features and offers.

The breadth and depth of partner lifecycle services, offered in concert with their industry and domain expertise, can create strong differentiators and help fuel future growth in four major areas:

◉ Increase deal sizes at purchase, because partners are better positioned to achieve a higher attach of Cisco CX offers and sell at a higher price point as a part of the bundled offer.

◉ Increase bookings, because more partner value-added services can be sold along with Cisco Simplified Portfolio offers. Partners will have opportunities to better differentiate themselves by offering accelerators for deployment and adoption of technologies.

◉ Increase renewal rates through insights and analytics, facilitating partner investments in their customers’ success as they work with customers around increasing adoption and renewal activities.

◉ Increase upsell pull-through, as partners utilize insights and analytics to identify additional upsell opportunities for Cisco product portfolio.

According to Cisco’s own research, by adopting the lifecycle selling framework, as shown in Figure 2, partners on average can expect to see a 1.15X increase in deal size, a 20 percent point increase in partner service pull-through, a 10 percent increase in renewal rates, and a 5 percent higher pull-through. Ultimately, this leads to increased partner revenues.

Figure 2: Partners can grow profitability with the CX lifecycle

Cisco Prep, Cisco Tutorial and Material, Cisco Guides, Cisco Learning, Cisco Exam Prep

How much additional revenue? Ultimately through the Cisco CX Success Portfolio and adopting the lifecycle selling framework, Cisco has discovered that over a five-year period partners on average can see a 2X increase in revenue, as shown in Figure 3.

Figure 3: Increased partner revenue through lifecycle selling

Cisco Prep, Cisco Tutorial and Material, Cisco Guides, Cisco Learning, Cisco Exam Prep

Survive and thrive


Essentially, Cisco CX is here to help partners not only survive by further differentiating their offers from traditional box reselling, but also thrive through increases in revenue over the lifetime of each deal.

In fact, this is the path Cisco took. In the last few years, Cisco has increasingly focused on growing its recurring software business, which has resulted in better visibility into future earnings and higher profitability. Partners can look to Cisco as an example of how they might evolve themselves.

Tuesday, 19 May 2020

Cisco Threat Response takes the leap with SecureX

Cisco Prep, Cisco Guides, Cisco Tutorial and Material, Cisco Learning, Cisco SecureX

Reimagine the grocery delivery experience


Even in typical times, grocery and household shopping is time consuming. Especially, if you need to visit multiple stores – a main supermarket for your basics, a specialty store to accommodate diet restrictions, and another for bulk items. In a fast-paced world – with time spent working, family caregiving, and other responsibilities – grocery shopping is a tedious but necessary chore…or is it? The evolution of acquiring groceries and household goods has been one to watch as grocery delivery services, such as Instacart and Shipt, is increasingly relevant. These companies have each built a platform with a network of grocery providers to solve the problem – a simple and efficient way for customers to purchase groceries without having to leave their homes.

Now let’s take grocery shopping to the next level. What if you didn’t even need to proactively browse items and put them in your Instacart grocery order. Imagine if your “smart” refrigerator had sensors to detect inventory levels, and connected to Instacart, your recipes, and meal planning apps. Groceries could be ordered automatically or on-demand based on the menu you’ve planned and what you actually need. One platform with all of your apps integrated and automated to simplify not only your grocery shopping experience but your entire cooking experience. This and many other platform experiences have been developing over the last several years to bring two (or more) sides of a connection together with more efficiency and use cases.

What does grocery shopping have in common with cybersecurity?


The cybersecurity industry is ripe for this type of innovation. We all know that the industry has historically been quite fragmented – at last count, an estimated 3000+ vendors are in this space and customers use, on average, 75 security tools. What does that mean for your security teams? Multiple tools share limited context between them with incomplete, labor-intensive workflows. Going back to the grocery experience, this is akin to visiting seven different stores in one day to tackle a shopping list for each store, and hoping you don’t miss an item. Also consider high lifecycle costs associated with maintaining interoperability, which is often limited. When you need to take into account an ever-evolving threat landscape and attack surface, this trend is not sustainable.

A platform journey two years in the making


Nearly two years ago, Cisco Threat Response debuted to combat this problem for Security Operations teams. As a valuable add-on application to several Cisco Security products — at no additional cost – Threat Response accelerated investigations and remediation by aggregating and correlating intelligence and data across your security products, both Cisco and third party. Threat Response has helped nearly 9,000 customers simplify their security operations. As Don Bryant, CISO for The University of North Carolina at Pembroke, says, “Having a holistic security platform has helped us simplify and accelerate our security operations. All of our tools seamlessly integrated through Threat Response gives us one view into our layered protection and valuable time back.”

Cisco Prep, Cisco Guides, Cisco Tutorial and Material, Cisco Learning, Cisco SecureX

Figure 1: Cisco Threat Response application for threat investigation and remediation

As background, Threat Response provides a visual, real-time answer for if, and how, threats have impacted your environment, so, you can take first-strike response actions in the same interface. Security operations teams use Threat Response to:

◉ Aggregate global threat intelligence: Search, consume, and operationalize threat intelligence, both public and private sources, with one application.

◉ Accelerate threat hunting and investigations: Visualize threats and incidents across multiple technologies in one view, then take response actions without leaving the console.

◉ Simplify incident management: Coordinate security incident handling across technologies and teams by centralizing and correlating alerts and triaging those that are high priority.

Now we’re continuing our mission of simplifying security and building on Threat Response core capabilities with SecureX, a built-in platform experience included with Cisco Security products. SecureX will make life even easier for Security Operations, and will also benefit Network Operations and IT Operations. Let’s talk about this evolution.

Is SecureX just a cool new name for Threat Response?


Since we announced SecureX at RSA Conference in February, you might be wondering, what’s the difference between Threat Response and SecureX? Are they one and the same – and SecureX is just a sleek rebranding?

The short answer is no. If Threat Response is like the Instacart of today, SecureX is the reimagined seamless grocery shopping experience we’ve envisioned above. Whether it’s the grocery or cybersecurity industry, the goal is always simplification. SecureX builds upon Threat Response’s core concepts of integrating your security products – both Cisco and third-party tools – to simplify security operations. Leveraging the success of Threat Response with Security Operations teams, SecureX takes this foundation to the next level to drive collaboration between SecOps, NetOps, and ITOps. SecureX simplifies security through:

1. Unifying visibility across your entire security environment.

2. Enabling automation in workflows to maximize your operational efficiency by eliminating repetitive tasks and human error.

3. Adding more out-of-box interoperability to unlock new potential from your Cisco Security investments and cascade them across your existing security infrastructure.

Cisco Prep, Cisco Guides, Cisco Tutorial and Material, Cisco Learning, Cisco SecureX

Figure 2: SecureX connects your entire security infrastructure

Enhanced Threat Response capabilities, now part of SecureX


Now as a key component of SecureX, Threat Response is enhanced to unlock even more value from your investments. Here’s how:

◉ You already know that Threat Response aggregates and correlates security context from multiple technologies into a single view, but now as SecureX threat response, users will have a customizable dashboard with ROI metrics and operational measures. And when you leave the dashboard, SecureX follows you to maintain contextual awareness and improve collaboration wherever you are in your Cisco Security infrastructure.

◉ Users will now be able to cut down investigation time even further by automating threat hunting and investigation workflows. With the orchestration feature in SecureX, users can set up event-based triggers to periodically hunt for indicators of compromise, create or add to a casebook, and post a summary in a chat room for collaboration.

◉ Threat Response had been rapidly growing its partner ecosystem, and SecureX not only expands the ecosystem instantly upon commercial availability but extends past it to include your core infrastructure. Together, our out-of-box interoperability with built-in and pre-packaged integrations from Cisco or select technology partners reduces the time spent integrating multiple technologies, or worse, working across multiple consoles. We’ll continue to support custom integrations via APIs, so any of the features of SecureX will work with your existing investments.

Similar to the reimagined grocery experience, SecureX brings greater efficiency and simplification in the midst of major market forces. The enhanced visibility, automation, and integrated platform capabilities with SecureX threat response further reduces mean dwell time by accelerating investigations and MTTR for SecOps. Without having to swivel between multiple consoles or do the heavy lifting integrating disjointed technologies, you can speed time to value and reduce TCO. SecureX will enable better collaboration across SecOps, NetOps, and ITOps – and ultimately simplify your threat response.

Monday, 18 May 2020

Intelligent Data Center Operations from Anywhere

The current business climate has forced all of us to adapt to new routines and new business processes. Never have the demands for data services been higher, nor has security for these services been more critical. These changes have placed a significant burden on data center operators who may be currently working from home.

If you are one of these data center operators and you are responsible for remotely supporting computing infrastructure, you may be leveraging a VPN connection to access data center-based tools to help you manage your compute devices. This can be effective, but there is a more modern, secure, and efficient way that’s also securely accessible from anywhere in the world.

Meet Cisco Intersight:


Cisco Prep, Cisco Tutorial and Material, Cisco Learning, Cisco Certification

Cisco Intersight is a SaaS-based, intelligent operations platform that enables monitoring, deployment, compliance, telemetry, and more for your data center infrastructure. With its highly secure, device-to-service connections otherwise known as Device Connectors, Intersight can extend its reach to review and/or manipulate even the lowest-level components in your computing infrastructure. For instance, Intersight can intelligently:

◉ Configure or reconfigure server or HyperFlex clusters in their entirety; from the lowest level component, to installing an operating system

◉ Define policies and standards for consistent device configuration

◉ Update device firmware

◉ Compare server, firmware, OS, and driver versions to validate compliance with the Hardware Compatibility List (HCL)

◉ Display device-specific health, alarms, and detailed hardware inventory

◉ Integrate with Cisco’s Technical Assistance Center (TAC) to display contract status, streamline support case activity and analysis, and automatically initiate failed hardware Return Material Authorizations (RMAs)

◉ Analyze storage capacity and predict storage consumption

◉ Display inventory and metrics via customizable dashboard interfaces and widgets

◉ Provision Cisco Validated Designs and Solutions, such as HyperFlex SD-WAN

◉ Connect from the Intersight Portal, through a secure tunnel, to KVM interfaces

◉ Orchestrate and Automate infrastructure workflows

◉ Integrate with 3rd party solutions such as Pure Storage and VMware vCenter

◉ Reveal exactly how security vulnerabilities and advisories are affecting specific components in your infrastructure and how you can remediate

◉ Integrate and provide more fidelity to your ServiceNow ITSM platform

◉ And more…

Cisco Prep, Cisco Tutorial and Material, Cisco Learning, Cisco Certification

Intersight leverages a Continuous Integration/Continuous Deployment (CI/CD) Model, so new functionality and capabilities are consistently being added.

Sunday, 17 May 2020

Wi-Fi 6 OFDMA: Resource unit (RU) allocations and mappings

OFDMA (Orthogonal Frequency Division Multiple Access) is arguably the most significant feature of Wi-Fi 6. In a nutshell, it allows multiple clients to transmit or receive from an Access Point at the same time by sharing available bandwidth. OFDMA’s spectral efficiency improves transmission latency or delay in RF environment, which has moderate to high congestion level. Additionality, it will also increase throughput in certain Wi-Fi 6 deployments due to reduction in collisions and contention time.

Let’s look at various concepts of this technology at length. OFDMA allows sub-carriers in a channel bandwidth to be grouped into smaller portions called “Resource Units” (RU). These individual RU’s are assigned to different stations, which allows Access Points to serve them simultaneously during uplink and downlink transmissions.

Cisco Prep, Cisco Guides, Cisco Learning, Cisco Tutorial and Material, Cisco Certification

These Subcarriers are further split into granular component called tones. It simply means that a RU consists of a group of tones. So how do we derive and visualize RU’s?

In Wi-Fi 6, subcarrier spacing is 78.125 KHz, which is four tmes narrower than 802.11ac’s 312.5 KHz.

Based on this, we can build a formula to calculate the number of tones for different bandwidths. i.e. Number of tones = (BW in MHz) x (0.078125 MHz).

The above formula gives us total tones of 256, 512 and 1024 for 20MHz, 40MHz and 80MHz respectively.

Are all of these used for data transmission? Certainly, not. Few of them are DC (direct conversion), Guard and unused (Null Sub carriers) tones. Hence, we have usable RU tones of 26, 52, 106, 242 and 996, which includes data and pilot subcarriers.

To condense, a single RU consists of minimum 26 tones and maximum of 996 tones.

In relation to bandwidth, it’s quite visual from below diagram that each 26 tone RU corresponds to approximately ~2MHz, 52 tones to ~4Mhz, 106 tones to ~8Mhz and so on.

RU Locations with Channel widths


Cisco Prep, Cisco Guides, Cisco Learning, Cisco Tutorial and Material, Cisco Certification

Resource Unit Map


Next up, we will establish correlation between RU’s and Channel bandwidth. The below table represents Subcarriers per channel width mapping. It basically shows the number of OFDMA users for a particular tone at any given bandwidth. In 80Mhz, a maximum of 37 users are supported with 26 tone RU’s. In 40Mhz, a maximum of 18 users are supported with 26 tone RU’s. Similarly, in 20Mhz, a maximum 9 users are supported with 26 tone RU’s. Fields with user value as 1 is a SU (single user) case, where whole spectrum is allocated to one user.

Cisco Prep, Cisco Guides, Cisco Learning, Cisco Tutorial and Material, Cisco Certification

Plot among tones, Bandwidth and number of users.

RU allocations can happen with a combination of tones. For example – if there are three stations associated, then the AP can assign 106 tones to the first two users and 26 tones to the third user. The AP can also assign 52 tones to the third user. These RU allotment decisions are dynamically made by the AP based on the client’s traffic type and its available amount for transmission. The AP learns the client’s buffer status by using a periodic sounding mechanism.

Latency sensitive real time voice and video applications are primary candidates for OFDMA.

Other applications involving large data packets can either choose MU-MIMO or SU transmission mode.

RU allocations within Channel Access


A Wi-Fi 6 AP still contends with non-Wi-Fi 6 stations for getting access to channels using EDCA.

EDCA provides contention-free access to the channel for a period known as Transmit Opportunity (TXOP), during which a station can transmit maximum frames.

RU allotments in both downlink and uplink directions are performed by the AP on a per TxOP basis.

During a TxOP, the AP can serve multiple Wi-Fi 6 users using single MU PPDU or data packet.

EDCA incorporates Access categories (AC) i.e. Voice, Video, Best Effort and Background. Hence, stations which needs to send data in the same access category are served together using Multi-user (MU) OFDMA packets. Stations with different AC tags are served using different MU data packets.

Do you have High density wireless deployment with latency sensitive application traffic? If yes, then now is the time to upgrade to Wi-Fi 6. It will also enhance IOT devices efficiency and performance in both 2.4GHz and 5GHz bands. OFDMA is an answer to issues like unavailability of network access and choppy voice or video in crowded places like Offices, Schools, Malls, Airports, Hospitals and even at homes with multiple streaming devices.

During these unprecedented times of social distancing, the significance of Wi-Fi is more than ever.

Cisco’s Wi-Fi 6 certified Catalyst 9100 Access Points (9130, 9120 and 9115) have full DL and UL OFDMA capabilities. In terms of client support, Intel, Samsung, Huawei and Apple are powered with Wi-Fi6 features.