Three requirements to securely connect your industrial network

Digital transformation initiatives are driven by the desire to make data-driven business decisions. Whether you’re looking to increase production, reduce waste, or improve safety, the answer resides in your data: collecting it, analyzing it, and learning from it. But what happens when your data lives in extreme locations? Perhaps in places of severe heat, cold, humidity, salinity, or dust? How do you gather information with such harsh conditions? And how do you do it securely?

The first step is to converge to a single IP network. Network convergence is a proven formula for pulling together all the data in your environments. Cisco has been helping hundreds of thousands of organizations to converge their voice, video, data, and IoT networks to a single IP network. We’ve been doing this for over 30 years, and we know it works. A single network is easy to manage and operate and reduces your total cost of ownership. However, the primary challenge with a converged network is that it needs to be secure. There are three elements you need to securely connect an industrial network: 1) purpose-built hardware, 2) digitally signed and authentic security software, and 3) extensible architectures.

1. Choosing the right hardware

Start with the right hardware. For industrial internet of things (IIoT), the network hardware must satisfy the requirements of both the operational technology (OT) department and the IT department. At a high level, OT runs point on operations and understands how the organization produces its goods or services. IT connects the network and wants to make sure it’s done securely. OT and IT each have different priorities, goals, and concerns, yet the hardware has to meet both sets of requirements.

In addition to meeting the requirements of both OT and IT, the network hardware you select for connecting the industrial network should have a hardware trust anchor. A hardware trust anchor ensures that whatever software runs on the hardware will do so in a secure manner. To this end, the hardware should have an anti-theft, anti-counterfeiting, and anti-tamper chip that is completely immutable, meaning that it cannot change. Also look for built-in cryptography functions, secure storage for certificates and objects, and certifiable entropy for random number generators.

2. Selecting the right software

Going up the technology stack, the next component you need to securely connect the industrial network is the right software. Complement the secure hardware with digitally signed images, a secure boot process, and runtime defenses to ensure the software is secure and hasn’t been tampered with.

What is meant by digitally signed images? When we compile an image at Cisco, we execute a hash function on the binary code. The result of that hash function is encrypted using Cisco’s private key, and that signature is embedded right within the software image. At boot time, two things happen: 1) the local machine computes its own hash based on the binary of the software image, and 2) it decrypts the information they’re in, looking for that signature and making sure the two match. This process provides reassurance that the software hasn’t been tampered with and that it’s safe to boot up. Digitally signed images are an important component to a secure boot process.

Now that the software has securely loaded on the device, the network administrator has at his or her disposal the most powerful and secure networking operating system in the industry: Cisco IOS XE, which contains over 1,300 security feature commands and keyword options.

Cisco IOX XE also supports application-hosting in containers so that they can run on networking devices. Leveraging this application-hosting capability, Cisco has recently delivered an OT-specific security solution, namely Cisco Cyber Vision.

Cisco Cyber Vision provides innovation in OT security. For example, Cisco doesn’t require customers to install dedicated hardware sensors, but rather virtualizes their sensor to run as an application on network infrastructure, such as Cisco Catalyst Industrial Ethernet (IE) switches or Cisco ISR Industrial Routers (IR) or even Cisco Catalyst 9300 switches (which may be found in some industrial environments, albeit in temperature-controlled cabinets/rooms). Cisco’s unique approach of using a software sensor for OT protocols is not only an industry-first, but also the most scalable solution in this space, as it allows for the security solution to simply scale with the network infrastructure itself.

Another innovation that Cisco brings to OT security is the use of distributed analytics and OT flow metadata to minimize bandwidth impact. The Cyber Vision sensors running on the network devices perform deep packet inspection (DPI) on all OT flows. However, rather than mirroring these flows to a central analytics engine (i.e. the Cisco Cyber Vision Center) these sensors summarize OT flows as metadata, similar to NetFlow records (though the metadata Cyber Vision uses far exceeds the data contained in NetFlow records). Cisco Cyber Vision goes beyond NetFlow by detailing attributes of the devices sending and receiving the flows, the OT protocols used, the commands sent and received, and even the specific variables that these commands reference. As an analogy, while NetFlow can tell you who is talking to who, Cyber Vision metadata can tell you not only who is talking to who, but also the languages they are speaking, as well as specific details of their conversation. And the summary of these flows is highly efficient, typically consuming only 2-5 percent of incremental bandwidth.

3. Architectural integrations

The third piece in the tech stack is architectural integrations. Look for security solutions that leverage the existing network hardware to provide visibility into network traffic, and to identify and stop potential threats. Both IT and OT can benefit from having complete visibility of the OT environment, but IT cannot afford the operational overhead required to support a separate SPAN network. By integrating sensors into network hardware, IT can see anomalous behavior anywhere in the environment, while OT can obtain new and deeper insights into operations.

Ideally, the security solution also integrates with the technology used by the Security Operations Center (SOC) to monitor, investigate, and remediate security incidents in the IT environment. This way, the SOC has all the information it needs in one location to reduce the time to detect and respond to a security incident. Security analysts can see, for example, whether an attack originated in the IT environment and moved laterally to the OT environment, or if an attack entered the OT environment via something like a vulnerable device.

How Cisco can help

Cisco’s industrial-grade network hardware and Cisco Cyber Vision are designed to work together to meet the three requirements for securely connecting an industrial network. Our ruggedized networking switches and routers are built to withstand the harshest environmental conditions while delivering enterprise-level networking capabilities, including a hardware trust anchor. Our software uses digitally signed images to validate that software has not been tampered with, and Cisco Cyber Vision leverages the network architecture to deliver visibility and control over the OT environment. Cyber Vision also provides real-time threat detection and integrates with the SOC.

Continue reading

Cisco Network Upgrades Prepare Businesses for Grand Reopen

Cisco Systems is proud to announce new network products and upgrades to help businesses across all sectors plan for grand re-opens and move toward a more digital model. Pluggable switching modules (SM-X) for the ISR 4000 imbue the popular branch router with the same Unified Access Data Plane (UADP) programmable ASIC that is the powerhouse of the Catalyst 9000 family; while the pluggable Embedded Services Process module (ESP-X) enables better cloud performance for businesses equipped with ASR 1000s via much greater throughput capabilities and accelerated crypto performance. Finally, the new Cisco 1100 Series Terminal Services Gateway (1100 TSG) gives businesses with growing on-premise hardware footprints—such as cloud service providers and sensitive enterprises—a secure remote console for better Out of Band Management (OOB).

Whether a business is prepared to open or still planning a modified experience—Cisco is there with the right technology.

Supporting a New Edge

Efforts to reopen businesses and resume economic operations are not simple but can be executed with proper connectivity, automation and a transformed layout. Inevitably, these grand re-opens will create a new edge where throughput and privacy needs are enormous; where connectivity must be simple and consistent; and where networking is intent-based.

The places we used to go to work, travel, watch, consume, shop and unwind will transform with richer digital experiences, such as custom shopping offers delivered to the user device, or smart check-out and debit where all a shopper needs to do is grab the item and leave. These are places where we carry phones, use touch screen kiosks, swipe tablets, check smart-watches and rely on anything and everything else that connects to the internet. Meanwhile, a larger, more distributed workforce operating from home and accessing sensitive data over a hybrid WAN create challenges.

How IT teams equip and manage these edge locations will define their success—whether or not the experience is good or the end-user opts for a competitor as a result. Ensuring that successful experience requires more than routing. Only Cisco offers branch and cloud edge locations true network intelligence—dynamic routing over the most accurate internet map at consistent and incredible speeds. Cisco knows these locations need to host applications, pack compute and run services on location in a single platform. They need built in security no matter what their architecture looks like. Resilience is a must. Cisco offers it all with a quality customers trust.

The Cisco SM-X and ESP-X prepare your business for the future with a better network fabric, while the 1100 TSG provides simpler, more secure management.

ISR 4000 SM-X

When building out a network solution for a transformed branch, physical space restrictions can hinder plans. It’s impossible to fit a whole rack in the branch and stack whatever solutions are necessary—much as one does at headquarters or a campus. A single platform for each branch location must provide a variety of “full-stack” virtualized services from dynamic link selection to security, and be small enough to fit under a desk or in a closet.

The ISR 4000 is the world’s leading branch router, containing flexible technology for a variety of services and a trustworthy design. The latest SM-X release extends your ISR 4000 performance and investment even further to include switching capabilities on par with the Cisco Catalyst 9000 Series, and extends your network fabric to include Layer 2 to Layer 7 control—MAC to application. The SM-X also provides a variety of PoE options for Wireless support, along with access switching and Inter-VLAN routing.

ASR 1000 ESP-X

Cloud applications are prized for their simplicity, yet the IT teams responsible for their delivery now face greater complexity in an emerging network region called the cloud edge. This new region consists of anything from core locations to high-volume branches with Dedicated Internet Access (DIA), and any other location in a WAN where the network is opened to the internet.

Success in the cloud edge is by performance and security converging. The ASR 1000 ESP-X includes the 3rd Generation Cisco Quantum Flow processor, a powerful Layer 3 forwarding ASIC. The ESP-X provides customers more than 265 Gbps of both IPv4 and IPv6 throughput, along with IPSec that is more than 2X better performing than previous generations and QoS performance impact for total encryption and reliable application delivery at the edge. Reach more than 2X better scale compared to previous generations for classic NAT, Carrier-Grade NAT and Zone Based Firewall, an important capability for edge locations that experience bandwidth demands in great bursts or waves.

1100 TSG

Businesses with large hardware footprints, such as IaaS providers, Telcos, and sensitive enterprises such as finance and governmental organizations, need a simple way to manage their environment. The global nature of these businesses demands that they do it from half-way across the world. With so much data, connectivity and compliance regulations at stake, such convenience must never sacrifice build quality and security.

Enter the Cisco 1100 TSG.

The Cisco 1100 Terminal Services Gateway is a console server that provides simpler and more remote and out-of-band (OOB) management with the trustworthy build quality our customers expect. The top-of-rack solution offers integrated asynchronous ports, optional switching, and simplified Ethernet. It also supports secure tunnels, such as IPSec, generic routing encapsulation (GRE), and Cisco Dynamic Multipoint VPN, all at scale.

The 1100 TSG also supports Advanced LTE modules that can use the latest in wireless technology for backup connectivity when managing the WAN.

Together, the Cisco ISR 4000 SM-X, ASR 1000 ESP-X and 1100 TSG show that Cisco is prepared to transform business in their grand re-open into a new edge. Only Cisco offers powerful, reliable products with a build quality customers trust.

Continue reading

As the landscape evolves, so must the enterprise backbone

Most organizations today take advantage of cloud services. From software as a service (SaaS) to infrastructure as a service (IaaS), these cost-effective solutions help accelerate business and offer new opportunities for innovation.

Within the Cisco network, we’ve seen an impact from changing traffic patterns as our clients adopt to Cloud Services. We see more and more traffic going to the Internet and cloud services, and this level of traffic is growing at a very fast rate. This change meant we saw a 200 percent increase in peak Internet and cloud traffic within just 12 months. During that time, growth across our internal, private enterprise backbone also rose steadily, primarily due to large transfers between data centers. We quickly realized the traditional enterprise network is not ready to deliver the scale and resiliency needed to support this drastic shift in traffic patterns.

Technologies such as cloud, bring your own device (BYOD), and Internet of Things (IoT) require us to think differently about security. The enterprise network is becoming more segmented and each segment has different connectivity and security needs. Previously, the private backbone was a single, flat network; it now needs to deliver multi-tenancy and the ability to extend security segments across the globe.

These challenges have put us on an evolutionary path from a traditional enterprise backbone design to a software-defined and cloud-ready backbone. (Figure 1)

Figure 1. New software-defined design in the Cisco Cloud Backbone

From an enterprise-like backbone to a service-provider-like backbone

Cisco IT is deploying a new global backbone powered by Cisco ASR 9000 Series Aggregation Services Routers running Cisco IOS-XR software. This highly scalable and programmable platform provides a strong foundation for the new backbone and will allow us to operate more like a service provider for our internal clients.

Although our initial priority is to address Internet and backbone scalability challenges, we also need to offer more advanced services to support our users. For example, can you imagine a day, a few hours, or even a couple of minutes without access to the Internet and your business-critical SaaS apps? To avoid this potential disruption, our new backbone needs to deliver an always-on and excellent user experience. It needs to detect failure conditions and automatically steer traffic over resilient peering connections across the globe.

By more intelligently routing traffic over the new backbone and augmenting it with cheaper bandwidth, we hope to increase capacity without affecting our telecom budgets. By supporting multi-tenancy, the new backbone will be able to deliver customized services for each of our internal tenants and extend security zones globally.

From the beginning, we are taking a “no command line interface” approach, which will allow us to deploy and operate the new backbone through software. The goal of this approach is to translate the user’s intent and program it into the network within minutes instead of days.

Where Are We in our Journey?

Although standardization and simplification has always been top of mind for Cisco IT, over the 20 years of its existence our backbone has become a complex environment. This complexity makes the transition to a new backbone design a high-risk and cumbersome effort. Before using the new backbone design to deliver more advanced services, we know that it’s key to take the time to build a rock-solid foundation. This foundation work includes:

◉ Deploying Cisco ASR 9900 Series routers in 13 colocation facilities and Cisco campus buildings globally

◉ Addressing challenges of Internet route table growth

◉ Implementing a hierarchical Global Border Gateway Protocol (BGP) AS109 network

◉ Migrating existing tenants onto the new backbone

When the foundation work is completed, we will evaluate user needs in order to focus on deploying network capabilities that deliver the most business value.

Future objectives include improvements for:

◉ Delivering global network as a service

◉ Speed of delivery through programmability and automation

◉ Assurance through streaming telemetry

◉ Multi-tenancy and traffic steering through multiprotocol label switching (MPLS) and segment routing

IT needs to assure the enterprise backbone evolves to support internal business users. Cisco IT has started this transformation. Our users expect ordering IT network services to be as simple as shopping online. This new backbone will enable us to more efficiently connect our clients to Internet and SaaS applications, extend security zones globally, and interconnect sites, private clouds, and public clouds.

Continue reading

Webex Meetings June 2020 Update: Transcriptions, Background Blur and Mobile Grid View

Webex Meetings Updates

June brings some good news, which is something we can all use! This month’s edition will provide you with updates on Webex Assistant, blurred backgrounds, and VDI support as well as insights to improved user experience with Webex Meetings on desktop and mobile. We are continuously working to keep Webex Meetings a user friendly and intuitive platform which is why I am excited to share these updates with you.

Webex Assistant Trials Have Started + Webex Assistant Edits on iOS and Android

You can now use just your voice with Webex Assistant to handle some of the mundane meeting tasks and enhance your Webex Meetings experience. Now, in trial, Webex Meetings gives you live transcription, automated closed captioning and highlights, voice commands, recorded transcripts and post-meeting support such as keyword search across your recording meetings. The 90-day free trial is available and to all Cisco customers*. Contact your collaboration sales specialist or account manager for more information on how to sign up.

Webex Assistant is officially supported on this month’s update and will be orderable toward the end of the month. Webex Assistant is also coming to the Webex Meetings mobile app. For iOS and Android users, after a meeting, mobile hosts and content owners will be able to:

- Edit transcript

- Edit/remove the highlights/title of the record

- Share highlights/transcript to others

For the Desktop

MAC background blur – You can already do this today on iOS devices, but we’re now bringing it to Mac users. And just in time, because this feature will be very useful while working from home or from an open workspace. You can now blur the background of your webcam video when joining Webex Meetings and Webex Events from a Mac. The blur capability can help clean up a messy or unprofessional background and quickly get you ready for your video call.  It offers privacy and removes items from your background that may detract from your meeting. So, go ahead and join a video meeting from anywhere without worrying about what others might see behind you. And very soon, you’ll be able to choose a different background altogether. Stay tuned for that!

Choose Scheduler for Webex Meetings Desktop App – Webex site meeting scheduler has been added as a customization option to the Schedule button in the desktop app. This is a great benefit for those who do not use Outlook as their scheduling tool. IT administrators can choose the setting and deploy it to all users on their site.

VDI supporting VMWare and Citrix with Ubuntu and eLux – I am excited to announce the availability of the early field trials (EFT) of Cisco Meetings VDI now being supported on VMWare with Windows thin clients and Citrix with Ubuntu and eLux thin clients. Now end users can experience optimized audio and high definition video on their VDI desktops in the same way as laptop devices with minimal latency and high fidelity.  Administrators can download the VDI plug-in for these thin-client platforms from their Webex site to easily deploy to their end-users.

Improved Call Me option – Put this in the no brainer category. Whether connecting to your meeting audio from your computer or from your mobile/desk phone, we want the experience to be as simple as possible. With the June update, you now can very easily add or edit a phone number more intuitively when dialing in from mobile using the Call me feature. It is now more clear where a user needs to add (or edit) their phone number.

Mobile Updates

Increased grid view: iOS and Android

Want to see everybody in the meeting when you’re on mobile? With this month’s update, we’ve added the number of videos and made a video grid view the default layout for meetings! This enhances the quality of mobile meetings by allowing you to see more of your meeting participants at the same time, including your own self-view in the grid.

Android:

◉ phone user’s default meeting setting will be a 3×2 grid view for landscape mode

◉ tablet user’s default setting will be a 3×3 grid view in landscape mode

◉ Tablet user’s default setting will be a 4×2 grid view in portrait mode

iPhone:

◉ (Beta) a 3×2 grid view for landscape mode

◉ 2×2 grid view will be the default setting for portrait mode

◉ An additional 3×3 grid view is available for iPhone landscape mode that can be turned on in-app settings.

Both Android and iOS users can revert to their original grid view via their in-app settings.

Smart Meeting Bandwidth detection – Your mobile meetings will no longer be interrupted when you experience poor network connections. Mobile users will be prompted to turn off video when they are experiencing low bandwidth so that the audio quality remains strong. This feature is available for iOS and Android.

Mute/Unmute from the lock screen – When you are walking to your car while in a meeting, you will be able to mute and unmute your audio from your lock screen. No more awkward pauses while fumbling with things in your hand, trying to type in your passcode to answer a question in a meeting.

One Tap to Join for Android users – Android users now only have to touch one button to join a meeting. No more being late to your meetings because you are searching emails for access codes and passwords.

Continue reading

When it comes to security, how many vendors is too many?

How many security vendors do you have in your environment? 10? 25? 50? Are you finding this number manageable, or is it difficult to monitor and maintain solutions from so many different companies? And what about security alerts? Are you able to investigate all the alerts you’re receiving, or are there just too many to address?

If you’re like many other organizations today, you’re getting inundated with alerts, have too many interfaces to pay attention to, and therefore wish to secure your environment with fewer products and vendors. According to the below figure from our 2020 CISO Benchmark Report, in 2017, 50% of organizations were receiving 5,000 or fewer daily security alerts. Now, only 36% of organizations fall into this category. And the amount of organizations that receive 100,000 or more daily alerts has grown from 11% in 2017 to 17% in 2020 – an albeit small, but still troubling rise. This number should be going down, not up.

Not surprisingly, 81% of respondents in our survey said they find managing a multi-vendor environment to be challenging. And 28% find it ‘very challenging.’

Does any of this sound familiar? Are you struggling to manage a constant deluge of security alerts from multiple products? Are you spending more time being reactive than proactive when it comes to security?

An intricate spider web versus tangled shoelaces

What if instead of stringing various security solutions together, they were all intertwined into a single, unified platform? What if instead of resembling a pile of tangled up shoelaces, your security infrastructure looked more like an intricately woven spider web? A spider web whose various threads connect and work together as a system to efficiently catch prey (aka attackers).

Webs enable a spider to catch prey more effortlessly, without having to chase it down. This serves as a great metaphor for what we’re trying to do with Cisco SecureX. Recently launched at our Cisco Live digital event, Cisco SecureX is a platform designed to help security teams more holistically combat threats while saving time.

Cisco SecureX – A platform approach to security

Cisco SecureX provides integration between our security portfolio, third-party offerings, and customers’ core infrastructure to dramatically streamline protection. The integrated approach strengthens defenses by fostering automation and reducing the need to manually toggle between various security technologies to figure out what’s going on. Cisco SecureX delivers pervasive visibility across the enterprise to allow for faster threat detection and mitigation, simplified workflows, and better collaboration – without you first having to untangle a pile of mismatched shoelaces.

Embedded and included with all of our security products, Cisco SecureX is not a new offering that you have to buy. Instead, it unites your existing security stack to make each product work better as they share intelligence and automate remediation. And, it provides one view into these products from a single interface to make things clearer and minimize complexity, thus freeing up time for your team to better understand and utilize each of your security products. That way, you can finally get the full benefits from your investments.

Vendor consolidation on the rise

With Cisco SecureX, we are responding to our customers’ challenges of having too many alerts and products to manage, and a subsequent desire for simplification. Through our CISO Benchmark Report, we see that the trend of reducing the number of security vendors within the enterprise environment is growing. Today, 86% of organizations are using between 1 and 20 security vendors, and only 13% are using over 20. According to the below chart, organizations continue to use fewer vendors each year.

The Cisco SecureX platform provides broad coverage across your entire network and all threat vectors. It can help reduce redundancies among your security infrastructure and decrease the need to continuously add new vendors and products to the mix. Instead, the open, scalable platform can enable you to simply add new functionality as it becomes available or as new threats arise.

Addressing cyber fatigue

This new approach couldn’t come at a better time, as 42% of respondents in our CISO Benchmark survey say they are suffering from cyber fatigue (defined as virtually giving up on proactively defending against malicious actors). Of those suffering, 93% receive more than 5,000 alerts every day, indicating that complexity appears to be one of the main causes of security burnout.

In fact, our data shows that due to a lack of time and resources, today’s organizations are only able to remediate 50% of legitimate security threats. Think about that. Fifty percent! That’s not a great number.

Here are some better numbers:

◉ 95% of customers say that our security platform helps them take action and remediate.

◉ 98% of customers find that the unified view provided by Cisco SecureX enables rapid threat response.

◉ 91% of customers say that our security platform helps their teams collaborate more.

All of this leads to stronger, less complicated security.

According to Steve Martino, Cisco’s own CISO, “I need visibility to help my team understand what’s happening in our environment, whether it’s on prem, in the cloud, or wherever it is. If I have to do it through 20 or more vendors, I’m never going to get that visibility across all of it.” Providing that visibility, and more systematic security, is exactly what Cisco has set out to do.

Continue reading

Tips on How to Host a Great Virtual Event

Hosting a Virtual Event with Webex Events

Let’s face it… hosting a virtual event can sound pretty daunting. But don’t stress, we are here to help! Let’s pretend the big day is right around the corner and so far, you’ve scheduled your virtual event/webinar with Webex Events and the attendees are registered.

Now you may be trying to figure out “how can I keep everyone engaged?” or “how will I be able to reach my full audience?” or simply “OMG – How do I NOT screw this up?”

Well, sit back, relax, and let us help you navigate your way through hosting a great virtual event.

Days Before the Event

Recruit an event team– It may be helpful to have team members at your side during the event. Look into having a moderator to help with introductions, to transition between talking points, to interact with audience members through chat, and to deliver closing statements.  Also, identify a Q&A response person(s) who will manage the polling and Q&A panel. This will help you focus on delivering the best quality content. The “event team” (Q&A responders, moderators, etc) should be invited to the event as panelists instead of attendees.

Set up a time to rehearse- Schedule a 30-minute “practice event” through Webex Events with those that are helping you with the event (panelists). Make sure everyone understands the event format, which controls to use, and what their role is.

Check internet connection- Run the “health checker” report during your rehearsal to make sure you are fully connected. For optimal internet connectivity, we suggest hardwiring your internet connection.

Day of the Event

Minimize background noise – Ensure you are in a quieter location with minimal distractions. Less background noise will give your audience a better chance of hearing you clearly.

Check-in with the preview window- Chose your audio and video delivery platform whether that is your computer, video device, phone, or headset. We suggest using a headset/mic for optimal audio. The preview window also gives you a chance to check your background. Your kids’ playroom doesn’t make the best virtual event background? We get it. Customize your background by choosing one of the virtual backgrounds or apply a simple blur effect.

Be camera-ready- If you look good, then you will feel good. If that means jeans and a tee-shirt, great. If that means a blazer and a tie, then that is cool too. However, solid colors do work better for the camera. Being camera ready will help set the tone for the entire event.

Showtime – During the Event

Turn on video – Now that you are dressed for the part, make sure your video is actually turned on. Face to face interaction goes a long way. Turning on video creates a more intimate, realistic environment.

Join early and Turn on the practice session – Host, panelists and other event team members can join a practice session, while the audience is joining, without being seen or heard by the attendees. This session allows the host and panelists to communicate with each other without the attendees being able to listen in. It allows the host and panelists to connect, get on the same page, and make sure things are working properly before going live. When you’re ready to go live, end the practice session. Now it’s showtime!  (You can now be seen and heard by the attendees.)

Join your audience early- Once you are finished with the practice session, close the practice session to join in with the attendees. Join your attendees 15-25 minutes early to allow the audience to get settled and figure out audio/video before the session begins.

Identify the schedule- Create a clear event agenda and stick to it. Be clear as to what the purpose of the event is and what information will be covered.

And if need be, don’t forget to record!

Extend Your Reach

Live stream capabilities – Reach as many people as possible by live streaming your event through platforms such as Facebook Live or LinkedIn. (link to live streaming article) Live streaming your event will enable you to reach a wider audience.

Engage Your Audience

Emphasize the Q&A panel – Highlight the Q&A panel to encourage your audience to ask questions that may come up along the way. Designate a team member to help answer questions.

Videos/Content Sharing – Show a video or share content that you have created for the event. Break up the pace to keep your audience on their toes.

Ask for interactions (hand raise) – Work in commentary that allows your audience to identify with a statement using the hand raise feature. For example, ask your audience to raise their hand if it is their first time joining a virtual event or if they are tired of being stuck at home. The chat panel and polling feature also facilitate event interaction.

Continue reading

Meeting the Network Requirements of NVMe Storage with Cisco Nexus 9000 and ACI

One of the interesting things about working with Cisco’s high-end data center switches is seeing how well they adapt to new challenges.  We put a lot of engineering and R&D into products like the Nexus 9000, and for us it’s not just “faster and denser and more reliable.”  We like the challenges that network managers throw at us, and we like to help solve their problems.

Recently, a new type of storage transport “NVMe-over-fabric (NVMe-oF)” has been evolving, and we’re excited to see it shake up the world of storage area networking.  Until now, network managers haven’t had much of a challenge when it comes to storage: the network was so fast and the spinning hard drives so slow that natural network upgrades to 10G Ethernet (iSCSI) and faster Fibre Channel (FCP) speeds have kept storage managers happy.

What we’ve found in testing these new NVMe ultra-fast solid-state storage SANs in our labs is that things aren’t so simple anymore.  Storage teams now have the ability to saturate data center networks with incredibly fast devices. And this means that network managers need to look closely at this new generation of storage to understand what is different—and how they can meet the performance demands of truly high-speed storage.

NVMe storage offers multiple transport options namely NVMe-FC for Fibre channel fabric and NVMe-RoCEv2, NVMe-TCP for IP storage. Fibre channel networks can seamlessly handle NVMe-FC traffic and for IP storage we found some very interesting challenges for the network manager including:

◉ Flexibility – Integrate NVMe systems into existing networks using evolving protocols.

◉ Security – Securely deliver networking to NVMe storage systems, ensuring that clients and servers are isolated and that network connections between devices are tightly controlled.

◉ Performance – Deliver a high-performance network that meets the strict latency and loss requirements of these new storage protocols, even in the face of congestion and oversubscription.

◉ Visibility – Look deep across a whole network fabric to ensure that SLAs are being respected from end-to-end, all the way from client to server, and that capacity is available to handle failover events.

◉ Manageability – Accurately and easily deploy complex configurations, including access controls and traffic engineering across large switch fabrics.

We found that Cisco Cloudscale ASIC Powered Nexus 9000 switches and ACI Fabrics are great at meeting the challenges of NVMe-oF for IP based storage systems in data centers. We have done some testing and the findings are written in a white paper that does a deep dive into these five areas with testing results and configuration advice for network managers.

Here’s a summary of our results:

Cisco believes that different workloads will utilize different NVMe transport options and Cisco switches can provide the support for all three options (i.e. NVMe-FC, NVMe-RoCEv2, NVMe-TCP) today. We’re also working on a companion white paper showing how NX-OS powered Cisco MDS 9000 family products are taking the advantages of NVMe-FC innovations including, but not limited to, the NVMe analytics engine on the Cisco MDS 64GFC ASIC. Stay tuned for the NVMe-Anywhere whitepaper.

Continue reading