Thursday, 9 July 2020

Industrial NetDevOps Enables Your Industrial Network with Programmability and Automation

Cisco Prep, Cisco Tutorial and Material, Cisco Study Material, Cisco Exam Prep

Industrial NetDevOps solves real-world problems 


◉ Breaking down the barriers and building a closer alignment between the IT and OT departments ◉ Increase network change management, incident management and security
◉ Lower OT expenses and downtime while increasing your network effectiveness and agility

These crucial and well-desired subjects are exactly what Industrial NetDevOps is trying to solve. And DevNet has the tools and learning resources to help you start with that journey right away:

◉ Free Webinar, July 14th — Register Now
◉ New Learning Labs
◉ New Scripts on Code Exchange

What is Industrial NetDevOps?


Industrial NetDevOps brings the culture, tools, technical methods and best practices from DevOps to Industrial Networks.

Instead of using SNMP and CLI, you configure, manage and monitor industrial network devices via standardized network device APIs and software automation tools. Industrial NetDevOps workflows use Open Source, standards and Python scripts alongside commercial devices and tools to deliver fast-responsive and secure industrial networks.

DevOps is a set of practices that combines software development (Dev) and IT operations (Ops). Similar to DevOps, in the industrial space are industrial operations professionals who understand and control the equipment (OT/Dev), but need support from their IT colleagues to make OT-data meaningful, OT-devices accessible and better aligned with other business systems (IT/Ops).

The vision of Industrial NetDevOps is taking the full advantage of both teams by working together: Creating a single source of truth for network configurations (e.g. with Git), making small but well tested changes to the network, deploy configuration changes though APIs, use automation to save time and costs, enable automated IT network services for operations professionals, get real-time health data of your network and OT devices and many more.

Cisco Prep, Cisco Tutorial and Material, Cisco Study Material, Cisco Exam Prep

What has changed? Why move now?


Operations leaders recognize that operational data they use to support real-time decision making could create additional value for the company. The vision of a fully connected factory is real, the transformation is happening right now. Therefore, the industrial network needs to be as responsive, agile and secure as it has ever been.

Cisco realized this movement and is leading it: The industrial switch series IE3x00, the embedded switch ESS3300 and the industrial router IR1101 are running IOS XE (same as on the Catalyst 9000 Series) which enables model-driven programmability with open APIs and data models such as NETCONF/RESTCONF & YANG. Also, the Cisco Catalyst 9800 Series Wireless Controller supports model-driven programmability along with traditional APIs.

Furthermore, the network controller and orchestration software Cisco DNA Center supports an extensive REST-API as well as the industrial security software Cisco Cyber Vision. As you can see, Cisco’s industrial software and hardware is ready for the transformation!

What are the Use-Cases which you can start right now?


To give you a better understand of how powerful Industrial NetDevOps can be with our Cisco industrial solutions, here are some use-cases which will get you started. However, there are many more!

◉ Enable or disable remote access with just one REST-API Call: By simply defying a service as a python script which will execute pre-defined NETCONF commands to create, enable and disable ACLs on specific industrial hardware, for example the IE3400.

Cisco Prep, Cisco Tutorial and Material, Cisco Study Material, Cisco Exam Prep

◉ Deploy your desired IOS configuration for hundreds or thousands Cisco IE switches automated with the software automation tool Ansible and just one command. For example, configure the IND bootstrap-, specific ISE-, PROFINET-, CIP-, PTP-configuration and so on with one centralized tool or even application of yours.

◉ Get fully automated and tailored reports about the health of your network and IT/OT devices via the REST APIs of Cisco Cyber Vision and Cisco Industrial Network Director. In the same process-chain, analyze the report with other Cisco tools: Check each DNS query what has been made in your industrial network with the Cisco Umbrella Investigate API to see if some requests were malicious and highlight the originators.

◉ Enable ChatOps in your Industrial Environment: Operations professionals can easily change the network configuration and many other application settings via simple text messages on Cisco Webex Teams (see the example below with the IR1101). What changes the OT worker is allowed to make will be pre-defined by the IT team.

Cisco Prep, Cisco Tutorial and Material, Cisco Study Material, Cisco Exam Prep

How does the Toolset of Industrial NetDevOps look like?


It depends on your use-cases and requirements what skills are important – you do not need to know them all! Here is breakdown of which technologies and tools will help you further to enable Industrial NetDevOps:

◉ Programmability Basics: Understanding REST-APIs and Python (or any other programming language) are the basics for programmability which will help you automating your tasks and can solve specific IT/OT challenges.

◉ Device Level: In order to leverage the APIs directly on your industrial device (e.g. IE3400) for a single configuration change or getting device operational data, get started with NETCONF/RESTCONF and YANG.

Cisco Prep, Cisco Tutorial and Material, Cisco Study Material, Cisco Exam Prep

◉ Controller & Orchestrator Level: If you manage your industrial hardware with Cisco DNA Center, Industrial Network Director, Kinetic GMM or vManage, you can simply do that with the REST-APIs and automate your tasks with Python for example.

◉ Configuration Management: If you want to change the IOS configuration on hundreds or thousands of devices, get started with the software automation tools Ansible, Puppet, Chef or others.

Cisco Prep, Cisco Tutorial and Material, Cisco Study Material, Cisco Exam Prep

◉ Network Verification: If you want to know if your IOS configuration on which of your IE3400s has changed in the last weeks or months or want to test your IOS configuration, definitely get started with the Cisco framework pyATS.

◉ Security: Especially in an industrial environment network security is highly important. Together with the industrial security software Cisco Cyber Vision (REST-API capable), Cisco Firepower & FirePower Threat Defense (REST-API capable), the ruggedized Cisco Industrial Security Appliance ISA3000, Cisco Stealthwatch (REST-API capable) and Cisco Identity Services Engine (pxGrid API) enable your network to talk to these security tools and the other way round.

◉ Telemetry and Monitoring: To visualize your collected data from your industrial device (e.g. IR1101 in the image below), get started with streaming telemetry and the TIG-stack (Telegraf, InfluxDB and Grafana), ELK-stack (Elasticsearch, Logstash and Kibana) or any other preferred databases and dashboards.

Cisco Prep, Cisco Tutorial and Material, Cisco Study Material, Cisco Exam Prep

Where should I deploy the Industrial NetDevOps tools?


As usual, this depends on your architecture, devices, and industry. However, if we look at the Converged Plantwide Ethernet (CPwE) Architecture, it makes sense to include these tools in the Industrial Zone as seen in the image below.

Cisco Prep, Cisco Tutorial and Material, Cisco Study Material, Cisco Exam Prep

Source: cisco.com

Wednesday, 8 July 2020

Get Back to a Safe Workspace Faster with Cisco CX Location-Based Analytics

Cisco Prep, Cisco Guides, Cisco Learning, Cisco Tutorial and Material, Cisco Certifications

The advent of COVID-19 has affected the way people live and conduct business. It has necessitated new business and epidemiological practices for ensuring business continuity. Many businesses and institutions around the world have moved from absorbing the effects that lead to most workspaces being shut by enabling their employees to work remotely and securely by leveraging video conferencing and VPN solutions. The return to normalcy requires the implementation of specific measures that will help businesses prepare to return to their usual physical workspaces. In some locations around the world, campuses that were closed are beginning to re-open, and employees are gradually returning to work through a phased approach. However, now more than ever, organizations need to ensure their workspaces offer the most secure and safe working environments, which strictly adhere to the COVID-19 guidelines for social and physical distancing.

Some of the most common questions emanating from customers in this situation include the following:

◉ “I want to see how my business is impacted by COVID-19. How can I ensure my campus is safe to re-open?”
◉ “How can I provide personalized customer experiences while ensuring social distancing?”
◉ “How can I ensure the number of employees attending work is within the safe threshold?”
◉ “How can I track and alert employees if the number of people within the campus at a given time poses a threat to the safety and health security of all in attendance?”


Get Help Safely Returning to Your Campus with the Cisco CX offer for Cisco DNA Spaces


Cisco offers a location-based analytics solution—Cisco® DNA Spaces—which digitizes physical spaces to provide you with insight about people throughout your workspaces, including how, where, and when they move through your location. It collects data from your existing Cisco Wi-Fi access points to provide information about people, including employees, customers, patrons and visitors, as well as things, such as assets and sensors, within your properties. Built with a variety of applications (apps), Cisco DNA Spaces sets up workplace density thresholds to monitor the number of employees in buildings across campus, provides notifications when thresholds are reached, shares safety information, and enables rapid response to incidents via proximity reporting.

In line with this, Cisco Customer Experience (CX) has introduced a new Service offer that helps you deploy and address your use cases with Cisco DNA Spaces. The Cisco CX offer for Cisco DNA Spaces delivers our new Advise and Implementation Service that helps with design, configuration, deployment and post-implementation support of Cisco DNA Spaces, which empowers businesses to analyze data from their workspaces and define actionable insights to accelerate office re-openings.

Our CX experts analyze your current environment and requirements, advise you on the best solution design and configuration for agreed upon use case(s), and tests and validates the desired functionality prior to production use. You’ll get expert help with right-fit use-case implementation, including a knowledge transfer session and post-implementation support to enable ongoing use of the solution and help you maintain essential business operations. We’ll make sure you can take full advantage of these location-based services to leverage critical visibility throughout your physical workspace locations, which plays a crucial role in managing the safe return of people to your workspaces.

Two levels of Advise and Implementation packages are available for Cisco DNA Spaces—small and large packages—based on the size of your organization. You’ll have the option to get support for up to five buildings (or 30 floors or shops) to cover your physical workspaces, smart captive portals for enhanced customer experience, CX post-deployment use assistance, and more.

How Cisco CX Simplifies and Accelerates Your Safe Workspaces


Next-generation sensing capabilities are already built into your Cisco Wi-Fi access points—such as Cisco Catalyst®, Aironet®, and Meraki®. However, they need to be turned on and aligned, and Cisco CX will do that for you. If you don’t already have them, Cisco CX can quickly deploy new Cisco Wi-Fi access points for you. We’ll take care of complete connectivity between your Cisco Wi-Fi access points, Cisco network, and the cloud-based Cisco DNA Spaces solution. Furthermore, the granular data collected by your Cisco Wi-Fi access points feeds the Cisco DNA Spaces apps. From this app data, you can then leverage advanced analytics to achieve powerful insights into end-user behavior​—how people use, move, and occupy spaces. The following apps are seamlessly bundled in our Cisco DNA Spaces solution:

◉ Right Now App​: Sets workplace density thresholds to monitor the number of employees in Wi-Fi enabled zones across campus.​

◉ Notification Trigger: Uses a rule engine to power an API, which triggers notifications when thresholds set by the Right Now App are crossed. Keep your teams updated at all times with automated notifications via Webex Teams™, SMS, or email.​​

◉ Impact Analysis App​: Helps you determine whether your operations need to be adjusted for the improved safety of your people by measuring the effectiveness of your back-to-safe-workspaces policies, including whether it’s safe to introduce more people into your physical workspaces.

◉ Proximity Reporting App​: Delivers historical analytics, allowing you to trace the steps of your Wi-Fi connected people. This app reports the presence and path down to individual users, while also reporting who else was present, allowing you to investigate incident impact across employees and zones by tracing proximity.

◉ Engagements App​: Shares contextually triggered safety information with employees based on where
they are in any of your buildings. ​The rule engine drives dynamic engagements based on each building classification as well as individual employee personas for more relevant information.

Get Back to a Safe Workspace Faster with Cisco CX Location-Based Analytics

With the data stream created by Cisco Wi-Fi access points and fed to the bundled Cisco DNA Spaces apps, you can gauge the effectiveness of your back-to-work policies, and determine when it’s safe to allow more people back into your office. This includes the ability to determine if there is an area in any of your workspace zones where people are clustering and breaking your distancing guidelines. The real-time analytics offered by Cisco DNA Spaces make it easy to monitor the number of people across campus, including the effectiveness of your distancing policies with workspace density thresholds throughout all your monitored zones and across points of ingress and egress. Notification triggers generated by policy breaks and proximity reporting help you take action to keep your people safe. Your employees can also receive safety information triggered contextually based on their presence in any of your monitored physical zones. All this can be managed through a single, cloud-based pane of glass to simplify how you consume and leverage location services to keep your people safe.

Safety Can’t Wait—Start Your Location-Based Analytics Today


If you plan to re-open your campus gradually, we’ll work at your pace, easing into a broader rollout and expanding to deploy more specific use cases when you’re ready. Regardless of your rollout scheme, you’ll enjoy easy procurement and fast deployment. Leverage the right expertise to get up and running quickly with Cisco DNA Spaces in days, versus weeks, all while prioritizing the safety of your people.

Tuesday, 7 July 2020

5 Important Fundamentals of Your Account Based Marketing Program

Cisco Prep, Cisco Tutorial and Material, Cisco Guides, Cisco Learning, Cisco Certification

Are you a B2B marketing professional looking to set up, or improve, your Account-Based Marketing (ABM) strategy? Perhaps you have a program up and running or are looking to implement one soon.

If you’re feeling the urgency behind ABM, it’s for good reason. This is a growth strategy that has been proven to deliver the highest ROI of any B2B marketing strategy or tactic (according to the ITSMA, who has been advocating for this approach for many years.)

You’re also not alone. In a recent study by SiriusDecisions, 93% of respondents stated that ABM is very or extremely important.

The benefits of ABM are numerous:

◉ Greater focus – ABM allows your Sales and Marketing teams to focus time, budget, and efforts on those accounts that are most likely to drive revenue for you. Think of it as a “zero waste” strategy.

◉ Larger deals – Deals generated through ABM tend to be larger, with better buy-in and executive support.

◉ Increased close rates – Companies report higher close rates with those accounts engaged through ABM.

◉ Faster deals – Because the right individuals within the right accounts are targeted, ABM deals tend to get stuck less, and move quicker.

◉ Integration – ABM by nature integrates your sales and marketing teams who now work together against the same account criteria list.

I believe B2B organizations with large and complex sales have a great deal to be gained by implementing an account-based approach. Some say this is always the way B2B was meant to be. I tend to agree.

Wherever you are in your journey, here are the most important fundamentals that can dictate success for your ABM programs:

1. ABM is strategic. Some mistakenly approach ABM as a tactic, failing to invest appropriately in resourcing, executive buy-in or change management to bring it to life. This should be a highly strategic growth initiative that combines people, processes, and technology.

What’s important is to realize that simply buying ABM technology is, itself, not enough to see results. Like any other core marketing technology, how you shift the behaviors of your team will truly make all the difference.

2. Leave lead-centric practices behind. While ABM can run simultaneously to traditional demand generation within a pilot program, it truly is a new mindset to adopt.

The lead-based marketing automation and lead management approaches popularized throughout the 2010’s have been a kind of “normal” for the B2B industry. In this approach:

– Deals are comprised of individual leads
– Deals are high-velocity, taking hours, days or weeks
– Deal sizes are low, and there’s a lot of them

But, for those organizations with large and complex deals, traditional lead-based demand gen is often not appropriate. This is where ABM is appropriate, as it involves:

– Many stakeholders
– Months-to-years time to close
– Low quantity, highly-defined universe of target accounts
– Large deal size

3. Marketing has a different role to play in ABM. Because ABM requires different motions than lead-based marketing, the resourcing and responsibilities for a marketing team deploying ABM will look different. For example, the way your team may spend their time will include working with Sales to define accounts, and their goals and plans. They may also be responsible for gathering account intelligence and building engagement strategies, from content to live events.

In ABM, Marketing is a true partner with Sales, targeting the same list of high-value accounts, and working together to engage those accounts over the lifecycle of the account’s journey – from awareness to engagement to close, then after the deal to renewal and expansion.

4. Multi-channel is the best ABM approach. On that note about channels, the explosion of digital marketing has introduced more ways to engage individuals within our target accounts than ever. But, for an ABM program to be successful, we have to leverage them in a more focused way.

Here’s how B2B teams use all channels in ABM:

– Email marketing looks different with ABM. Sales owns more early-stage email outreach with highly personalized, tailored, and targeted notes.
– Direct mail is used to send custom, bespoke assets appropriate for a small amount of specific accounts.
– Field events are more targeted as well, used to nurture relationships with key accounts in cities they are more concentrated in. These can be VIP experiences, lunch and learns, breakfast roundtables, or panels.
– Digital ads are used to serve content to specific accounts by IP addresses, or a list of contacts.

5. ABM requires leading with insight. Corporate Visions found that 74% of buyers chose the sales rep that was FIRST to provide value and insight. This aligns with research from Edelman and LinkedIn that reveals thought leadership enhances B2B decision-makers trust in a vendor (88%), their perception of a vendor’s capabilities (88%), their respect of that organization (90%) and even convinces 61% to pay a premium because it demonstrates deep thinking and other virtues important to them.

Because ABM is inherently outbound (whereas traditional lead generation let us publish content and attract leads in an inbound model) the quality of our outreach is held to a much higher standard.

Unfortunately, only 15% of decision-makers say the thought leadership they read is very good or excellent. This presents an enormous opportunity for B2B marketing leaders to improve, and for those with strong thought leadership programs in place today to differentiate and thrive.

It can feel like ABM is only the B2B marketing industry’s hottest new buzzword. But, I think of it as a far more critical industry transition. ABM gives our department a way to serve our businesses in more strategic, impactful ways.

Monday, 6 July 2020

Enhancing the Single Pane for Webex Edge for Devices

Bringing the Most Modern Experience of Webex to any Device with Webex Edge for Devices


Earlier this year, we released Webex Edge for Devices with our CE 9.10 software release for Webex Rooms. This enabled administrators to easily link their on-premises registered devices to the Webex Platform, delivering an enhanced feature set which included device analytics and diagnostics for on-premise deployed rooms.

Webex Edge for Devices is bringing the most modern experience of Webex to any device regardless of how it is provisioned today. We have had an amazing uptake of this new deployment model, which has in turn generated a wide range of feature requests, and I couldn’t be more excited to announce a new set of features that Webex Edge for Devices customers will receive from the Webex platform.

Creating a Better Experience for Administrators and End-Users


With the 9.12.3 release, we released the ability to use a HTTPS proxy on the device to connect to the Webex Platform. This gives more flexibility for administrators to allow traffic to flow through proxies as it leaves their corporate network!

For Webex Meetings 


The next two features are related to Webex Meetings. Now, customers can search for a PMR (Personal Meeting Rooms) directly on devices which have been linked with Webex Edge for Devices through the “Join Webex” button. This makes it even easier to join Webex Meetings!

Cisco Tutorial and Material, Cisco Exam Prep, Cisco Tutorial and Material, Cisco Guides

For Administrators


The other Webex Meetings feature is for the administrators. When you need to troubleshoot a device, you can now get access to the same data our full cloud registered systems have. This includes drill down minute by minute diagnostics over packet loss, jitter, latency and even resolution for all Webex Meetings!

Cisco Tutorial and Material, Cisco Exam Prep, Cisco Tutorial and Material, Cisco Guides

For Configurations


The next one is a big one. Our customers have been asking for a while when they will be able to configure devices from Control Hub? Well, now is the time! With CE 9.13, customers can opt into configurations controlled from Control Hub instead of UCM or TMS. This truly makes Control Hub the single pane of glass to manage every workflow. The ability to bulk edit configurations for Control Hub is also just around the corner. This paired with the upcoming configuration API means it is possible to add programmability if you want to make large sweeping changes.

Cisco Tutorial and Material, Cisco Exam Prep, Cisco Tutorial and Material, Cisco Guides

Workspaces


The final feature I want to mention is something we just recently released, namely Workspaces! People have been asking me if this works for both cloud registered and Webex Edge for Devices linked workspaces? The answer is Yes! Workspaces delivers real time metrics directly from your workspaces into Control Hub and brings value for every activity in the space.

Saturday, 4 July 2020

Fukui-ken Saiseikai Hospital deploys Cisco DNA Center for IT transformation

Cisco Exam Prep, Cisco Certification, Cisco Learning, Cisco Prep, Cisco Guides

The acceleration of medical device digitization has led to an explosion in the number of new devices on the Fukui-Ken Hospital network. Cisco DNA Center provides the solution for policy, security, and assurance.

IT departments everywhere are dealing with the explosion of new devices and users on the campus network. Provisioning, securing, and maintaining performance of constantly growing networks is daunting for us all. Hospitals are probably the most affected by this because of the sheer number of healthcare and life-saving devices that they require. The Fukui-ken Saiseikai Hospital, located in Fukui City, Japan has deployed Cisco DNA Center in order to accelerate their digital transformation with greater efficiency.

Mr. Masaru Takeuchi, Medical Information Division Section Leader, defined the hospital’s challenges as a lack of visibility and control over network access as well as inconsistent IT staff proficiency in managing complex network issues and troubleshooting. Mr. Takeuchi outlines that Cisco DNA Center, with Cisco Identity Services Engine (ISE) addressed all of their challenges from policy and security, to automation and orchestration and, of course, assurance. He knew that automating the lifecycle management would result in greater IT efficiencies, but he wanted to first focus on a stable, well performing infrastructure: “First we are going to build the reliable infrastructure that is necessary for automation. The implementation of Cisco DNA Center provides real-time visualization. By constantly monitoring and analyzing the health of the entire network to quickly identify signs of trouble, it is possible to take proactive measures, thereby enhancing assurance.

The Fukui-ken hospital IT staff focused on setting up network access controls and threat detection, in compliance with their security policies. This is done via the policy section of Cisco DNA Center where endpoints are categorized into groups and each group is given a set of policies that determine what types of data traffic and network resources that endpoint can access. Once their policies were set up, Cisco DNA Center simply updates policies in all switches, wireless controllers, access points, and routers. Policies follow users and endpoints, so there is no more need for ultra-complex QoS and IP-based segmentation.

Now the team can focus on operating a policy-based, zero-trust infrastructure. Doing this is a cinch with Cisco DNA Assurance, one of the main features in Cisco DNA Center. As I noted above, there was inconsistency in the IT staff proficiency in managing complex network issues and troubleshooting. Meaning that some of the level-one engineers did not have the experience to diagnose complex issues without consulting a more experienced staff member. When Cisco DNA Assurance raises a network “Issue” it then offers guided remediation on steps to resolve that issue (see screenshot below). Any suggestion that can be resolved through a Cisco DNA Center configuration will have a “RUN” button next to it, for one-click resolution. This allows level-one engineers to fix complex network challenges quickly and independently. It also serves as a platform for learning as each issue that is remediated provides greater experience and, ultimately, improved network literacy.

Cisco Exam Prep, Cisco Certification, Cisco Learning, Cisco Prep, Cisco Guides

Cisco Exam Prep, Cisco Certification, Cisco Learning, Cisco Prep, Cisco Guides
As the Fukui-ken hospital IT team grow their network they plan on implementing more capabilities within Cisco DNA Center. Enabling AI/ML analytics will allow them to compare wireless service areas and locate opportunities for Wi-Fi service improvement. Cisco DNA Automation will provide time savings for device lifecycle management and improve consistency in device configuration. Cisco DNA Center is a full-featured intent-based network controller that brings the elements of security, automation, and assurance together for a complete operations and management platform. As Fukui-ken Hospital decides to integrate these additional capabilities into Cisco DNA Center their existing Cisco DNA Advantage subscription gives them immediate access to deploy and use those new capabilities on their existing hardware.

The trend in modern hospitals is the acceleration of medical device digitization and the reduction in on-site operational staff. The Fukui-ken hospital IT team is building a campus network to support this trend and take them into the next phase of healthcare.

Cisco Exam Prep, Cisco Certification, Cisco Learning, Cisco Prep, Cisco Guides

Source: cisco.com

Friday, 3 July 2020

Three requirements to securely connect your industrial network

Digital transformation initiatives are driven by the desire to make data-driven business decisions. Whether you’re looking to increase production, reduce waste, or improve safety, the answer resides in your data: collecting it, analyzing it, and learning from it. But what happens when your data lives in extreme locations? Perhaps in places of severe heat, cold, humidity, salinity, or dust? How do you gather information with such harsh conditions? And how do you do it securely?

The first step is to converge to a single IP network. Network convergence is a proven formula for pulling together all the data in your environments. Cisco has been helping hundreds of thousands of organizations to converge their voice, video, data, and IoT networks to a single IP network. We’ve been doing this for over 30 years, and we know it works. A single network is easy to manage and operate and reduces your total cost of ownership. However, the primary challenge with a converged network is that it needs to be secure. There are three elements you need to securely connect an industrial network: 1) purpose-built hardware, 2) digitally signed and authentic security software, and 3) extensible architectures.

1. Choosing the right hardware


Start with the right hardware. For industrial internet of things (IIoT), the network hardware must satisfy the requirements of both the operational technology (OT) department and the IT department. At a high level, OT runs point on operations and understands how the organization produces its goods or services. IT connects the network and wants to make sure it’s done securely. OT and IT each have different priorities, goals, and concerns, yet the hardware has to meet both sets of requirements.

Cisco Exam Prep, Cisco Tutorial and Material, Cisco Certification, Cisco Learning, Cisco Prep

In addition to meeting the requirements of both OT and IT, the network hardware you select for connecting the industrial network should have a hardware trust anchor. A hardware trust anchor ensures that whatever software runs on the hardware will do so in a secure manner. To this end, the hardware should have an anti-theft, anti-counterfeiting, and anti-tamper chip that is completely immutable, meaning that it cannot change. Also look for built-in cryptography functions, secure storage for certificates and objects, and certifiable entropy for random number generators.

2. Selecting the right software


Going up the technology stack, the next component you need to securely connect the industrial network is the right software. Complement the secure hardware with digitally signed images, a secure boot process, and runtime defenses to ensure the software is secure and hasn’t been tampered with.

What is meant by digitally signed images? When we compile an image at Cisco, we execute a hash function on the binary code. The result of that hash function is encrypted using Cisco’s private key, and that signature is embedded right within the software image. At boot time, two things happen: 1) the local machine computes its own hash based on the binary of the software image, and 2) it decrypts the information they’re in, looking for that signature and making sure the two match. This process provides reassurance that the software hasn’t been tampered with and that it’s safe to boot up. Digitally signed images are an important component to a secure boot process.

Now that the software has securely loaded on the device, the network administrator has at his or her disposal the most powerful and secure networking operating system in the industry: Cisco IOS XE, which contains over 1,300 security feature commands and keyword options.

Cisco IOX XE also supports application-hosting in containers so that they can run on networking devices. Leveraging this application-hosting capability, Cisco has recently delivered an OT-specific security solution, namely Cisco Cyber Vision.

Cisco Exam Prep, Cisco Tutorial and Material, Cisco Certification, Cisco Learning, Cisco Prep

Cisco Cyber Vision provides innovation in OT security. For example, Cisco doesn’t require customers to install dedicated hardware sensors, but rather virtualizes their sensor to run as an application on network infrastructure, such as Cisco Catalyst Industrial Ethernet (IE) switches or Cisco ISR Industrial Routers (IR) or even Cisco Catalyst 9300 switches (which may be found in some industrial environments, albeit in temperature-controlled cabinets/rooms). Cisco’s unique approach of using a software sensor for OT protocols is not only an industry-first, but also the most scalable solution in this space, as it allows for the security solution to simply scale with the network infrastructure itself.

Another innovation that Cisco brings to OT security is the use of distributed analytics and OT flow metadata to minimize bandwidth impact. The Cyber Vision sensors running on the network devices perform deep packet inspection (DPI) on all OT flows. However, rather than mirroring these flows to a central analytics engine (i.e. the Cisco Cyber Vision Center) these sensors summarize OT flows as metadata, similar to NetFlow records (though the metadata Cyber Vision uses far exceeds the data contained in NetFlow records). Cisco Cyber Vision goes beyond NetFlow by detailing attributes of the devices sending and receiving the flows, the OT protocols used, the commands sent and received, and even the specific variables that these commands reference. As an analogy, while NetFlow can tell you who is talking to who, Cyber Vision metadata can tell you not only who is talking to who, but also the languages they are speaking, as well as specific details of their conversation. And the summary of these flows is highly efficient, typically consuming only 2-5 percent of incremental bandwidth.

3. Architectural integrations


The third piece in the tech stack is architectural integrations. Look for security solutions that leverage the existing network hardware to provide visibility into network traffic, and to identify and stop potential threats. Both IT and OT can benefit from having complete visibility of the OT environment, but IT cannot afford the operational overhead required to support a separate SPAN network. By integrating sensors into network hardware, IT can see anomalous behavior anywhere in the environment, while OT can obtain new and deeper insights into operations.

Ideally, the security solution also integrates with the technology used by the Security Operations Center (SOC) to monitor, investigate, and remediate security incidents in the IT environment. This way, the SOC has all the information it needs in one location to reduce the time to detect and respond to a security incident. Security analysts can see, for example, whether an attack originated in the IT environment and moved laterally to the OT environment, or if an attack entered the OT environment via something like a vulnerable device.

How Cisco can help


Cisco’s industrial-grade network hardware and Cisco Cyber Vision are designed to work together to meet the three requirements for securely connecting an industrial network. Our ruggedized networking switches and routers are built to withstand the harshest environmental conditions while delivering enterprise-level networking capabilities, including a hardware trust anchor. Our software uses digitally signed images to validate that software has not been tampered with, and Cisco Cyber Vision leverages the network architecture to deliver visibility and control over the OT environment. Cyber Vision also provides real-time threat detection and integrates with the SOC.

Wednesday, 1 July 2020

Cisco Network Upgrades Prepare Businesses for Grand Reopen

Cisco Prep, Cisco Tutorial and Material, Cisco Learning, Cisco Exam Prep

Cisco Systems is proud to announce new network products and upgrades to help businesses across all sectors plan for grand re-opens and move toward a more digital model. Pluggable switching modules (SM-X) for the ISR 4000 imbue the popular branch router with the same Unified Access Data Plane (UADP) programmable ASIC that is the powerhouse of the Catalyst 9000 family; while the pluggable Embedded Services Process module (ESP-X) enables better cloud performance for businesses equipped with ASR 1000s via much greater throughput capabilities and accelerated crypto performance. Finally, the new Cisco 1100 Series Terminal Services Gateway (1100 TSG) gives businesses with growing on-premise hardware footprints—such as cloud service providers and sensitive enterprises—a secure remote console for better Out of Band Management (OOB).

Whether a business is prepared to open or still planning a modified experience—Cisco is there with the right technology.

Supporting a New Edge


Efforts to reopen businesses and resume economic operations are not simple but can be executed with proper connectivity, automation and a transformed layout. Inevitably, these grand re-opens will create a new edge where throughput and privacy needs are enormous; where connectivity must be simple and consistent; and where networking is intent-based.

The places we used to go to work, travel, watch, consume, shop and unwind will transform with richer digital experiences, such as custom shopping offers delivered to the user device, or smart check-out and debit where all a shopper needs to do is grab the item and leave. These are places where we carry phones, use touch screen kiosks, swipe tablets, check smart-watches and rely on anything and everything else that connects to the internet. Meanwhile, a larger, more distributed workforce operating from home and accessing sensitive data over a hybrid WAN create challenges.

Cisco Prep, Cisco Tutorial and Material, Cisco Learning, Cisco Exam Prep

How IT teams equip and manage these edge locations will define their success—whether or not the experience is good or the end-user opts for a competitor as a result. Ensuring that successful experience requires more than routing. Only Cisco offers branch and cloud edge locations true network intelligence—dynamic routing over the most accurate internet map at consistent and incredible speeds. Cisco knows these locations need to host applications, pack compute and run services on location in a single platform. They need built in security no matter what their architecture looks like. Resilience is a must. Cisco offers it all with a quality customers trust.

The Cisco SM-X and ESP-X prepare your business for the future with a better network fabric, while the 1100 TSG provides simpler, more secure management.

ISR 4000 SM-X


When building out a network solution for a transformed branch, physical space restrictions can hinder plans. It’s impossible to fit a whole rack in the branch and stack whatever solutions are necessary—much as one does at headquarters or a campus. A single platform for each branch location must provide a variety of “full-stack” virtualized services from dynamic link selection to security, and be small enough to fit under a desk or in a closet.

The ISR 4000 is the world’s leading branch router, containing flexible technology for a variety of services and a trustworthy design. The latest SM-X release extends your ISR 4000 performance and investment even further to include switching capabilities on par with the Cisco Catalyst 9000 Series, and extends your network fabric to include Layer 2 to Layer 7 control—MAC to application. The SM-X also provides a variety of PoE options for Wireless support, along with access switching and Inter-VLAN routing.

ASR 1000 ESP-X


Cloud applications are prized for their simplicity, yet the IT teams responsible for their delivery now face greater complexity in an emerging network region called the cloud edge. This new region consists of anything from core locations to high-volume branches with Dedicated Internet Access (DIA), and any other location in a WAN where the network is opened to the internet.

Success in the cloud edge is by performance and security converging. The ASR 1000 ESP-X includes the 3rd Generation Cisco Quantum Flow processor, a powerful Layer 3 forwarding ASIC. The ESP-X provides customers more than 265 Gbps of both IPv4 and IPv6 throughput, along with IPSec that is more than 2X better performing than previous generations and QoS performance impact for total encryption and reliable application delivery at the edge. Reach more than 2X better scale compared to previous generations for classic NAT, Carrier-Grade NAT and Zone Based Firewall, an important capability for edge locations that experience bandwidth demands in great bursts or waves.

1100 TSG


Businesses with large hardware footprints, such as IaaS providers, Telcos, and sensitive enterprises such as finance and governmental organizations, need a simple way to manage their environment. The global nature of these businesses demands that they do it from half-way across the world. With so much data, connectivity and compliance regulations at stake, such convenience must never sacrifice build quality and security.

Enter the Cisco 1100 TSG.

The Cisco 1100 Terminal Services Gateway is a console server that provides simpler and more remote and out-of-band (OOB) management with the trustworthy build quality our customers expect. The top-of-rack solution offers integrated asynchronous ports, optional switching, and simplified Ethernet. It also supports secure tunnels, such as IPSec, generic routing encapsulation (GRE), and Cisco Dynamic Multipoint VPN, all at scale.

The 1100 TSG also supports Advanced LTE modules that can use the latest in wireless technology for backup connectivity when managing the WAN.

Together, the Cisco ISR 4000 SM-X, ASR 1000 ESP-X and 1100 TSG show that Cisco is prepared to transform business in their grand re-open into a new edge. Only Cisco offers powerful, reliable products with a build quality customers trust.