Get Back to a Safe Workspace Faster with Cisco CX Location-Based Analytics

The advent of COVID-19 has affected the way people live and conduct business. It has necessitated new business and epidemiological practices for ensuring business continuity. Many businesses and institutions around the world have moved from absorbing the effects that lead to most workspaces being shut by enabling their employees to work remotely and securely by leveraging video conferencing and VPN solutions. The return to normalcy requires the implementation of specific measures that will help businesses prepare to return to their usual physical workspaces. In some locations around the world, campuses that were closed are beginning to re-open, and employees are gradually returning to work through a phased approach. However, now more than ever, organizations need to ensure their workspaces offer the most secure and safe working environments, which strictly adhere to the COVID-19 guidelines for social and physical distancing.

Some of the most common questions emanating from customers in this situation include the following:

◉ “I want to see how my business is impacted by COVID-19. How can I ensure my campus is safe to re-open?”
◉ “How can I provide personalized customer experiences while ensuring social distancing?”
◉ “How can I ensure the number of employees attending work is within the safe threshold?”
◉ “How can I track and alert employees if the number of people within the campus at a given time poses a threat to the safety and health security of all in attendance?”

Get Help Safely Returning to Your Campus with the Cisco CX offer for Cisco DNA Spaces

Cisco offers a location-based analytics solution—Cisco® DNA Spaces—which digitizes physical spaces to provide you with insight about people throughout your workspaces, including how, where, and when they move through your location. It collects data from your existing Cisco Wi-Fi access points to provide information about people, including employees, customers, patrons and visitors, as well as things, such as assets and sensors, within your properties. Built with a variety of applications (apps), Cisco DNA Spaces sets up workplace density thresholds to monitor the number of employees in buildings across campus, provides notifications when thresholds are reached, shares safety information, and enables rapid response to incidents via proximity reporting.

In line with this, Cisco Customer Experience (CX) has introduced a new Service offer that helps you deploy and address your use cases with Cisco DNA Spaces. The Cisco CX offer for Cisco DNA Spaces delivers our new Advise and Implementation Service that helps with design, configuration, deployment and post-implementation support of Cisco DNA Spaces, which empowers businesses to analyze data from their workspaces and define actionable insights to accelerate office re-openings.

Our CX experts analyze your current environment and requirements, advise you on the best solution design and configuration for agreed upon use case(s), and tests and validates the desired functionality prior to production use. You’ll get expert help with right-fit use-case implementation, including a knowledge transfer session and post-implementation support to enable ongoing use of the solution and help you maintain essential business operations. We’ll make sure you can take full advantage of these location-based services to leverage critical visibility throughout your physical workspace locations, which plays a crucial role in managing the safe return of people to your workspaces.

Two levels of Advise and Implementation packages are available for Cisco DNA Spaces—small and large packages—based on the size of your organization. You’ll have the option to get support for up to five buildings (or 30 floors or shops) to cover your physical workspaces, smart captive portals for enhanced customer experience, CX post-deployment use assistance, and more.

How Cisco CX Simplifies and Accelerates Your Safe Workspaces

Next-generation sensing capabilities are already built into your Cisco Wi-Fi access points—such as Cisco Catalyst®, Aironet®, and Meraki®. However, they need to be turned on and aligned, and Cisco CX will do that for you. If you don’t already have them, Cisco CX can quickly deploy new Cisco Wi-Fi access points for you. We’ll take care of complete connectivity between your Cisco Wi-Fi access points, Cisco network, and the cloud-based Cisco DNA Spaces solution. Furthermore, the granular data collected by your Cisco Wi-Fi access points feeds the Cisco DNA Spaces apps. From this app data, you can then leverage advanced analytics to achieve powerful insights into end-user behavior​—how people use, move, and occupy spaces. The following apps are seamlessly bundled in our Cisco DNA Spaces solution:

◉ Right Now App​: Sets workplace density thresholds to monitor the number of employees in Wi-Fi enabled zones across campus.​

◉ Notification Trigger: Uses a rule engine to power an API, which triggers notifications when thresholds set by the Right Now App are crossed. Keep your teams updated at all times with automated notifications via Webex Teams™, SMS, or email.​​

◉ Impact Analysis App​: Helps you determine whether your operations need to be adjusted for the improved safety of your people by measuring the effectiveness of your back-to-safe-workspaces policies, including whether it’s safe to introduce more people into your physical workspaces.

◉ Proximity Reporting App​: Delivers historical analytics, allowing you to trace the steps of your Wi-Fi connected people. This app reports the presence and path down to individual users, while also reporting who else was present, allowing you to investigate incident impact across employees and zones by tracing proximity.

◉ Engagements App​: Shares contextually triggered safety information with employees based on where
they are in any of your buildings. ​The rule engine drives dynamic engagements based on each building classification as well as individual employee personas for more relevant information.

With the data stream created by Cisco Wi-Fi access points and fed to the bundled Cisco DNA Spaces apps, you can gauge the effectiveness of your back-to-work policies, and determine when it’s safe to allow more people back into your office. This includes the ability to determine if there is an area in any of your workspace zones where people are clustering and breaking your distancing guidelines. The real-time analytics offered by Cisco DNA Spaces make it easy to monitor the number of people across campus, including the effectiveness of your distancing policies with workspace density thresholds throughout all your monitored zones and across points of ingress and egress. Notification triggers generated by policy breaks and proximity reporting help you take action to keep your people safe. Your employees can also receive safety information triggered contextually based on their presence in any of your monitored physical zones. All this can be managed through a single, cloud-based pane of glass to simplify how you consume and leverage location services to keep your people safe.

Safety Can’t Wait—Start Your Location-Based Analytics Today

If you plan to re-open your campus gradually, we’ll work at your pace, easing into a broader rollout and expanding to deploy more specific use cases when you’re ready. Regardless of your rollout scheme, you’ll enjoy easy procurement and fast deployment. Leverage the right expertise to get up and running quickly with Cisco DNA Spaces in days, versus weeks, all while prioritizing the safety of your people.

Continue reading

5 Important Fundamentals of Your Account Based Marketing Program

Are you a B2B marketing professional looking to set up, or improve, your Account-Based Marketing (ABM) strategy? Perhaps you have a program up and running or are looking to implement one soon.

If you’re feeling the urgency behind ABM, it’s for good reason. This is a growth strategy that has been proven to deliver the highest ROI of any B2B marketing strategy or tactic (according to the ITSMA, who has been advocating for this approach for many years.)

You’re also not alone. In a recent study by SiriusDecisions, 93% of respondents stated that ABM is very or extremely important.

The benefits of ABM are numerous:

◉ Greater focus – ABM allows your Sales and Marketing teams to focus time, budget, and efforts on those accounts that are most likely to drive revenue for you. Think of it as a “zero waste” strategy.

◉ Larger deals – Deals generated through ABM tend to be larger, with better buy-in and executive support.

◉ Increased close rates – Companies report higher close rates with those accounts engaged through ABM.

◉ Faster deals – Because the right individuals within the right accounts are targeted, ABM deals tend to get stuck less, and move quicker.

◉ Integration – ABM by nature integrates your sales and marketing teams who now work together against the same account criteria list.

I believe B2B organizations with large and complex sales have a great deal to be gained by implementing an account-based approach. Some say this is always the way B2B was meant to be. I tend to agree.

Wherever you are in your journey, here are the most important fundamentals that can dictate success for your ABM programs:

1. ABM is strategic. Some mistakenly approach ABM as a tactic, failing to invest appropriately in resourcing, executive buy-in or change management to bring it to life. This should be a highly strategic growth initiative that combines people, processes, and technology.

What’s important is to realize that simply buying ABM technology is, itself, not enough to see results. Like any other core marketing technology, how you shift the behaviors of your team will truly make all the difference.

2. Leave lead-centric practices behind. While ABM can run simultaneously to traditional demand generation within a pilot program, it truly is a new mindset to adopt.

The lead-based marketing automation and lead management approaches popularized throughout the 2010’s have been a kind of “normal” for the B2B industry. In this approach:

– Deals are comprised of individual leads
– Deals are high-velocity, taking hours, days or weeks
– Deal sizes are low, and there’s a lot of them

But, for those organizations with large and complex deals, traditional lead-based demand gen is often not appropriate. This is where ABM is appropriate, as it involves:

– Many stakeholders
– Months-to-years time to close
– Low quantity, highly-defined universe of target accounts
– Large deal size

3. Marketing has a different role to play in ABM. Because ABM requires different motions than lead-based marketing, the resourcing and responsibilities for a marketing team deploying ABM will look different. For example, the way your team may spend their time will include working with Sales to define accounts, and their goals and plans. They may also be responsible for gathering account intelligence and building engagement strategies, from content to live events.

In ABM, Marketing is a true partner with Sales, targeting the same list of high-value accounts, and working together to engage those accounts over the lifecycle of the account’s journey – from awareness to engagement to close, then after the deal to renewal and expansion.

4. Multi-channel is the best ABM approach. On that note about channels, the explosion of digital marketing has introduced more ways to engage individuals within our target accounts than ever. But, for an ABM program to be successful, we have to leverage them in a more focused way.

Here’s how B2B teams use all channels in ABM:

– Email marketing looks different with ABM. Sales owns more early-stage email outreach with highly personalized, tailored, and targeted notes.
– Direct mail is used to send custom, bespoke assets appropriate for a small amount of specific accounts.
– Field events are more targeted as well, used to nurture relationships with key accounts in cities they are more concentrated in. These can be VIP experiences, lunch and learns, breakfast roundtables, or panels.
– Digital ads are used to serve content to specific accounts by IP addresses, or a list of contacts.

5. ABM requires leading with insight. Corporate Visions found that 74% of buyers chose the sales rep that was FIRST to provide value and insight. This aligns with research from Edelman and LinkedIn that reveals thought leadership enhances B2B decision-makers trust in a vendor (88%), their perception of a vendor’s capabilities (88%), their respect of that organization (90%) and even convinces 61% to pay a premium because it demonstrates deep thinking and other virtues important to them.

Because ABM is inherently outbound (whereas traditional lead generation let us publish content and attract leads in an inbound model) the quality of our outreach is held to a much higher standard.

Unfortunately, only 15% of decision-makers say the thought leadership they read is very good or excellent. This presents an enormous opportunity for B2B marketing leaders to improve, and for those with strong thought leadership programs in place today to differentiate and thrive.

It can feel like ABM is only the B2B marketing industry’s hottest new buzzword. But, I think of it as a far more critical industry transition. ABM gives our department a way to serve our businesses in more strategic, impactful ways.

Continue reading

Enhancing the Single Pane for Webex Edge for Devices

Bringing the Most Modern Experience of Webex to any Device with Webex Edge for Devices

Earlier this year, we released Webex Edge for Devices with our CE 9.10 software release for Webex Rooms. This enabled administrators to easily link their on-premises registered devices to the Webex Platform, delivering an enhanced feature set which included device analytics and diagnostics for on-premise deployed rooms.

Webex Edge for Devices is bringing the most modern experience of Webex to any device regardless of how it is provisioned today. We have had an amazing uptake of this new deployment model, which has in turn generated a wide range of feature requests, and I couldn’t be more excited to announce a new set of features that Webex Edge for Devices customers will receive from the Webex platform.

Creating a Better Experience for Administrators and End-Users

With the 9.12.3 release, we released the ability to use a HTTPS proxy on the device to connect to the Webex Platform. This gives more flexibility for administrators to allow traffic to flow through proxies as it leaves their corporate network!

For Webex Meetings 

The next two features are related to Webex Meetings. Now, customers can search for a PMR (Personal Meeting Rooms) directly on devices which have been linked with Webex Edge for Devices through the “Join Webex” button. This makes it even easier to join Webex Meetings!

For Administrators

The other Webex Meetings feature is for the administrators. When you need to troubleshoot a device, you can now get access to the same data our full cloud registered systems have. This includes drill down minute by minute diagnostics over packet loss, jitter, latency and even resolution for all Webex Meetings!

For Configurations

The next one is a big one. Our customers have been asking for a while when they will be able to configure devices from Control Hub? Well, now is the time! With CE 9.13, customers can opt into configurations controlled from Control Hub instead of UCM or TMS. This truly makes Control Hub the single pane of glass to manage every workflow. The ability to bulk edit configurations for Control Hub is also just around the corner. This paired with the upcoming configuration API means it is possible to add programmability if you want to make large sweeping changes.

Workspaces

The final feature I want to mention is something we just recently released, namely Workspaces! People have been asking me if this works for both cloud registered and Webex Edge for Devices linked workspaces? The answer is Yes! Workspaces delivers real time metrics directly from your workspaces into Control Hub and brings value for every activity in the space.

Continue reading

Fukui-ken Saiseikai Hospital deploys Cisco DNA Center for IT transformation

The acceleration of medical device digitization has led to an explosion in the number of new devices on the Fukui-Ken Hospital network. Cisco DNA Center provides the solution for policy, security, and assurance.

IT departments everywhere are dealing with the explosion of new devices and users on the campus network. Provisioning, securing, and maintaining performance of constantly growing networks is daunting for us all. Hospitals are probably the most affected by this because of the sheer number of healthcare and life-saving devices that they require. The Fukui-ken Saiseikai Hospital, located in Fukui City, Japan has deployed Cisco DNA Center in order to accelerate their digital transformation with greater efficiency.

Mr. Masaru Takeuchi, Medical Information Division Section Leader, defined the hospital’s challenges as a lack of visibility and control over network access as well as inconsistent IT staff proficiency in managing complex network issues and troubleshooting. Mr. Takeuchi outlines that Cisco DNA Center, with Cisco Identity Services Engine (ISE) addressed all of their challenges from policy and security, to automation and orchestration and, of course, assurance. He knew that automating the lifecycle management would result in greater IT efficiencies, but he wanted to first focus on a stable, well performing infrastructure: “First we are going to build the reliable infrastructure that is necessary for automation. The implementation of Cisco DNA Center provides real-time visualization. By constantly monitoring and analyzing the health of the entire network to quickly identify signs of trouble, it is possible to take proactive measures, thereby enhancing assurance.

The Fukui-ken hospital IT staff focused on setting up network access controls and threat detection, in compliance with their security policies. This is done via the policy section of Cisco DNA Center where endpoints are categorized into groups and each group is given a set of policies that determine what types of data traffic and network resources that endpoint can access. Once their policies were set up, Cisco DNA Center simply updates policies in all switches, wireless controllers, access points, and routers. Policies follow users and endpoints, so there is no more need for ultra-complex QoS and IP-based segmentation.

Now the team can focus on operating a policy-based, zero-trust infrastructure. Doing this is a cinch with Cisco DNA Assurance, one of the main features in Cisco DNA Center. As I noted above, there was inconsistency in the IT staff proficiency in managing complex network issues and troubleshooting. Meaning that some of the level-one engineers did not have the experience to diagnose complex issues without consulting a more experienced staff member. When Cisco DNA Assurance raises a network “Issue” it then offers guided remediation on steps to resolve that issue (see screenshot below). Any suggestion that can be resolved through a Cisco DNA Center configuration will have a “RUN” button next to it, for one-click resolution. This allows level-one engineers to fix complex network challenges quickly and independently. It also serves as a platform for learning as each issue that is remediated provides greater experience and, ultimately, improved network literacy.

As the Fukui-ken hospital IT team grow their network they plan on implementing more capabilities within Cisco DNA Center. Enabling AI/ML analytics will allow them to compare wireless service areas and locate opportunities for Wi-Fi service improvement. Cisco DNA Automation will provide time savings for device lifecycle management and improve consistency in device configuration. Cisco DNA Center is a full-featured intent-based network controller that brings the elements of security, automation, and assurance together for a complete operations and management platform. As Fukui-ken Hospital decides to integrate these additional capabilities into Cisco DNA Center their existing Cisco DNA Advantage subscription gives them immediate access to deploy and use those new capabilities on their existing hardware.

The trend in modern hospitals is the acceleration of medical device digitization and the reduction in on-site operational staff. The Fukui-ken hospital IT team is building a campus network to support this trend and take them into the next phase of healthcare.

Source: cisco.com

Continue reading

Three requirements to securely connect your industrial network

Digital transformation initiatives are driven by the desire to make data-driven business decisions. Whether you’re looking to increase production, reduce waste, or improve safety, the answer resides in your data: collecting it, analyzing it, and learning from it. But what happens when your data lives in extreme locations? Perhaps in places of severe heat, cold, humidity, salinity, or dust? How do you gather information with such harsh conditions? And how do you do it securely?

The first step is to converge to a single IP network. Network convergence is a proven formula for pulling together all the data in your environments. Cisco has been helping hundreds of thousands of organizations to converge their voice, video, data, and IoT networks to a single IP network. We’ve been doing this for over 30 years, and we know it works. A single network is easy to manage and operate and reduces your total cost of ownership. However, the primary challenge with a converged network is that it needs to be secure. There are three elements you need to securely connect an industrial network: 1) purpose-built hardware, 2) digitally signed and authentic security software, and 3) extensible architectures.

1. Choosing the right hardware

Start with the right hardware. For industrial internet of things (IIoT), the network hardware must satisfy the requirements of both the operational technology (OT) department and the IT department. At a high level, OT runs point on operations and understands how the organization produces its goods or services. IT connects the network and wants to make sure it’s done securely. OT and IT each have different priorities, goals, and concerns, yet the hardware has to meet both sets of requirements.

In addition to meeting the requirements of both OT and IT, the network hardware you select for connecting the industrial network should have a hardware trust anchor. A hardware trust anchor ensures that whatever software runs on the hardware will do so in a secure manner. To this end, the hardware should have an anti-theft, anti-counterfeiting, and anti-tamper chip that is completely immutable, meaning that it cannot change. Also look for built-in cryptography functions, secure storage for certificates and objects, and certifiable entropy for random number generators.

2. Selecting the right software

Going up the technology stack, the next component you need to securely connect the industrial network is the right software. Complement the secure hardware with digitally signed images, a secure boot process, and runtime defenses to ensure the software is secure and hasn’t been tampered with.

What is meant by digitally signed images? When we compile an image at Cisco, we execute a hash function on the binary code. The result of that hash function is encrypted using Cisco’s private key, and that signature is embedded right within the software image. At boot time, two things happen: 1) the local machine computes its own hash based on the binary of the software image, and 2) it decrypts the information they’re in, looking for that signature and making sure the two match. This process provides reassurance that the software hasn’t been tampered with and that it’s safe to boot up. Digitally signed images are an important component to a secure boot process.

Now that the software has securely loaded on the device, the network administrator has at his or her disposal the most powerful and secure networking operating system in the industry: Cisco IOS XE, which contains over 1,300 security feature commands and keyword options.

Cisco IOX XE also supports application-hosting in containers so that they can run on networking devices. Leveraging this application-hosting capability, Cisco has recently delivered an OT-specific security solution, namely Cisco Cyber Vision.

Cisco Cyber Vision provides innovation in OT security. For example, Cisco doesn’t require customers to install dedicated hardware sensors, but rather virtualizes their sensor to run as an application on network infrastructure, such as Cisco Catalyst Industrial Ethernet (IE) switches or Cisco ISR Industrial Routers (IR) or even Cisco Catalyst 9300 switches (which may be found in some industrial environments, albeit in temperature-controlled cabinets/rooms). Cisco’s unique approach of using a software sensor for OT protocols is not only an industry-first, but also the most scalable solution in this space, as it allows for the security solution to simply scale with the network infrastructure itself.

Another innovation that Cisco brings to OT security is the use of distributed analytics and OT flow metadata to minimize bandwidth impact. The Cyber Vision sensors running on the network devices perform deep packet inspection (DPI) on all OT flows. However, rather than mirroring these flows to a central analytics engine (i.e. the Cisco Cyber Vision Center) these sensors summarize OT flows as metadata, similar to NetFlow records (though the metadata Cyber Vision uses far exceeds the data contained in NetFlow records). Cisco Cyber Vision goes beyond NetFlow by detailing attributes of the devices sending and receiving the flows, the OT protocols used, the commands sent and received, and even the specific variables that these commands reference. As an analogy, while NetFlow can tell you who is talking to who, Cyber Vision metadata can tell you not only who is talking to who, but also the languages they are speaking, as well as specific details of their conversation. And the summary of these flows is highly efficient, typically consuming only 2-5 percent of incremental bandwidth.

3. Architectural integrations

The third piece in the tech stack is architectural integrations. Look for security solutions that leverage the existing network hardware to provide visibility into network traffic, and to identify and stop potential threats. Both IT and OT can benefit from having complete visibility of the OT environment, but IT cannot afford the operational overhead required to support a separate SPAN network. By integrating sensors into network hardware, IT can see anomalous behavior anywhere in the environment, while OT can obtain new and deeper insights into operations.

Ideally, the security solution also integrates with the technology used by the Security Operations Center (SOC) to monitor, investigate, and remediate security incidents in the IT environment. This way, the SOC has all the information it needs in one location to reduce the time to detect and respond to a security incident. Security analysts can see, for example, whether an attack originated in the IT environment and moved laterally to the OT environment, or if an attack entered the OT environment via something like a vulnerable device.

How Cisco can help

Cisco’s industrial-grade network hardware and Cisco Cyber Vision are designed to work together to meet the three requirements for securely connecting an industrial network. Our ruggedized networking switches and routers are built to withstand the harshest environmental conditions while delivering enterprise-level networking capabilities, including a hardware trust anchor. Our software uses digitally signed images to validate that software has not been tampered with, and Cisco Cyber Vision leverages the network architecture to deliver visibility and control over the OT environment. Cyber Vision also provides real-time threat detection and integrates with the SOC.

Continue reading

Cisco Network Upgrades Prepare Businesses for Grand Reopen

Cisco Systems is proud to announce new network products and upgrades to help businesses across all sectors plan for grand re-opens and move toward a more digital model. Pluggable switching modules (SM-X) for the ISR 4000 imbue the popular branch router with the same Unified Access Data Plane (UADP) programmable ASIC that is the powerhouse of the Catalyst 9000 family; while the pluggable Embedded Services Process module (ESP-X) enables better cloud performance for businesses equipped with ASR 1000s via much greater throughput capabilities and accelerated crypto performance. Finally, the new Cisco 1100 Series Terminal Services Gateway (1100 TSG) gives businesses with growing on-premise hardware footprints—such as cloud service providers and sensitive enterprises—a secure remote console for better Out of Band Management (OOB).

Whether a business is prepared to open or still planning a modified experience—Cisco is there with the right technology.

Supporting a New Edge

Efforts to reopen businesses and resume economic operations are not simple but can be executed with proper connectivity, automation and a transformed layout. Inevitably, these grand re-opens will create a new edge where throughput and privacy needs are enormous; where connectivity must be simple and consistent; and where networking is intent-based.

The places we used to go to work, travel, watch, consume, shop and unwind will transform with richer digital experiences, such as custom shopping offers delivered to the user device, or smart check-out and debit where all a shopper needs to do is grab the item and leave. These are places where we carry phones, use touch screen kiosks, swipe tablets, check smart-watches and rely on anything and everything else that connects to the internet. Meanwhile, a larger, more distributed workforce operating from home and accessing sensitive data over a hybrid WAN create challenges.

How IT teams equip and manage these edge locations will define their success—whether or not the experience is good or the end-user opts for a competitor as a result. Ensuring that successful experience requires more than routing. Only Cisco offers branch and cloud edge locations true network intelligence—dynamic routing over the most accurate internet map at consistent and incredible speeds. Cisco knows these locations need to host applications, pack compute and run services on location in a single platform. They need built in security no matter what their architecture looks like. Resilience is a must. Cisco offers it all with a quality customers trust.

The Cisco SM-X and ESP-X prepare your business for the future with a better network fabric, while the 1100 TSG provides simpler, more secure management.

ISR 4000 SM-X

When building out a network solution for a transformed branch, physical space restrictions can hinder plans. It’s impossible to fit a whole rack in the branch and stack whatever solutions are necessary—much as one does at headquarters or a campus. A single platform for each branch location must provide a variety of “full-stack” virtualized services from dynamic link selection to security, and be small enough to fit under a desk or in a closet.

The ISR 4000 is the world’s leading branch router, containing flexible technology for a variety of services and a trustworthy design. The latest SM-X release extends your ISR 4000 performance and investment even further to include switching capabilities on par with the Cisco Catalyst 9000 Series, and extends your network fabric to include Layer 2 to Layer 7 control—MAC to application. The SM-X also provides a variety of PoE options for Wireless support, along with access switching and Inter-VLAN routing.

ASR 1000 ESP-X

Cloud applications are prized for their simplicity, yet the IT teams responsible for their delivery now face greater complexity in an emerging network region called the cloud edge. This new region consists of anything from core locations to high-volume branches with Dedicated Internet Access (DIA), and any other location in a WAN where the network is opened to the internet.

Success in the cloud edge is by performance and security converging. The ASR 1000 ESP-X includes the 3rd Generation Cisco Quantum Flow processor, a powerful Layer 3 forwarding ASIC. The ESP-X provides customers more than 265 Gbps of both IPv4 and IPv6 throughput, along with IPSec that is more than 2X better performing than previous generations and QoS performance impact for total encryption and reliable application delivery at the edge. Reach more than 2X better scale compared to previous generations for classic NAT, Carrier-Grade NAT and Zone Based Firewall, an important capability for edge locations that experience bandwidth demands in great bursts or waves.

1100 TSG

Businesses with large hardware footprints, such as IaaS providers, Telcos, and sensitive enterprises such as finance and governmental organizations, need a simple way to manage their environment. The global nature of these businesses demands that they do it from half-way across the world. With so much data, connectivity and compliance regulations at stake, such convenience must never sacrifice build quality and security.

Enter the Cisco 1100 TSG.

The Cisco 1100 Terminal Services Gateway is a console server that provides simpler and more remote and out-of-band (OOB) management with the trustworthy build quality our customers expect. The top-of-rack solution offers integrated asynchronous ports, optional switching, and simplified Ethernet. It also supports secure tunnels, such as IPSec, generic routing encapsulation (GRE), and Cisco Dynamic Multipoint VPN, all at scale.

The 1100 TSG also supports Advanced LTE modules that can use the latest in wireless technology for backup connectivity when managing the WAN.

Together, the Cisco ISR 4000 SM-X, ASR 1000 ESP-X and 1100 TSG show that Cisco is prepared to transform business in their grand re-open into a new edge. Only Cisco offers powerful, reliable products with a build quality customers trust.

Continue reading

As the landscape evolves, so must the enterprise backbone

Most organizations today take advantage of cloud services. From software as a service (SaaS) to infrastructure as a service (IaaS), these cost-effective solutions help accelerate business and offer new opportunities for innovation.

Within the Cisco network, we’ve seen an impact from changing traffic patterns as our clients adopt to Cloud Services. We see more and more traffic going to the Internet and cloud services, and this level of traffic is growing at a very fast rate. This change meant we saw a 200 percent increase in peak Internet and cloud traffic within just 12 months. During that time, growth across our internal, private enterprise backbone also rose steadily, primarily due to large transfers between data centers. We quickly realized the traditional enterprise network is not ready to deliver the scale and resiliency needed to support this drastic shift in traffic patterns.

Technologies such as cloud, bring your own device (BYOD), and Internet of Things (IoT) require us to think differently about security. The enterprise network is becoming more segmented and each segment has different connectivity and security needs. Previously, the private backbone was a single, flat network; it now needs to deliver multi-tenancy and the ability to extend security segments across the globe.

These challenges have put us on an evolutionary path from a traditional enterprise backbone design to a software-defined and cloud-ready backbone. (Figure 1)

Figure 1. New software-defined design in the Cisco Cloud Backbone

From an enterprise-like backbone to a service-provider-like backbone

Cisco IT is deploying a new global backbone powered by Cisco ASR 9000 Series Aggregation Services Routers running Cisco IOS-XR software. This highly scalable and programmable platform provides a strong foundation for the new backbone and will allow us to operate more like a service provider for our internal clients.

Although our initial priority is to address Internet and backbone scalability challenges, we also need to offer more advanced services to support our users. For example, can you imagine a day, a few hours, or even a couple of minutes without access to the Internet and your business-critical SaaS apps? To avoid this potential disruption, our new backbone needs to deliver an always-on and excellent user experience. It needs to detect failure conditions and automatically steer traffic over resilient peering connections across the globe.

By more intelligently routing traffic over the new backbone and augmenting it with cheaper bandwidth, we hope to increase capacity without affecting our telecom budgets. By supporting multi-tenancy, the new backbone will be able to deliver customized services for each of our internal tenants and extend security zones globally.

From the beginning, we are taking a “no command line interface” approach, which will allow us to deploy and operate the new backbone through software. The goal of this approach is to translate the user’s intent and program it into the network within minutes instead of days.

Where Are We in our Journey?

Although standardization and simplification has always been top of mind for Cisco IT, over the 20 years of its existence our backbone has become a complex environment. This complexity makes the transition to a new backbone design a high-risk and cumbersome effort. Before using the new backbone design to deliver more advanced services, we know that it’s key to take the time to build a rock-solid foundation. This foundation work includes:

◉ Deploying Cisco ASR 9900 Series routers in 13 colocation facilities and Cisco campus buildings globally

◉ Addressing challenges of Internet route table growth

◉ Implementing a hierarchical Global Border Gateway Protocol (BGP) AS109 network

◉ Migrating existing tenants onto the new backbone

When the foundation work is completed, we will evaluate user needs in order to focus on deploying network capabilities that deliver the most business value.

Future objectives include improvements for:

◉ Delivering global network as a service

◉ Speed of delivery through programmability and automation

◉ Assurance through streaming telemetry

◉ Multi-tenancy and traffic steering through multiprotocol label switching (MPLS) and segment routing

IT needs to assure the enterprise backbone evolves to support internal business users. Cisco IT has started this transformation. Our users expect ordering IT network services to be as simple as shopping online. This new backbone will enable us to more efficiently connect our clients to Internet and SaaS applications, extend security zones globally, and interconnect sites, private clouds, and public clouds.

Continue reading