Renown Health: Supporting patients during a global crisis

Last week you read about Reno, Nevada’s Renown Health’s recent upgrade to Cisco Catalyst products including switches, access points, and controllers. When I spoke with Dustin Metteer, IT Manager at Renown Health, he also explained that they’ve developed new safety protocols for COVID-19 and have built out tented testing centers and new field hospitals to support a potential influx of patients from across the state.

No visitors, no problem: filling the gap with technology

With strict protocols to ensure the safety of all in its facilities, no visitors are allowed at Renown Healthcare hospitals. Patients are often quarantined by themselves for extended periods of time and can get lonely. To help combat this loneliness, the hospital purchased hundreds of Apple iPads and handed them out to different departments to allow patients to communicate with their families.

Something I didn’t discuss with Dustin, as it didn’t make any difference in their decision to offer this gesture of kindness, is Cisco’s wireless partnership with Apple. Cisco and Apple have partnered to provide a better overall wireless experience to end users and IT managers, and this equates to better connectivity for users and improved troubleshooting data for engineers to solve issues faster. A win for all.

Standing up testing sites and field hospitals

For hospitals across the world, COVID-19 has meant preparing for a worst-case scenario should they move beyond capacity. To provide safe testing away from the main hospital building, Renown Health started with a single parking lot tent testing site. To connect the tent to the hospital network and its applications, Dustin and team ran a fiberoptic cable out to the tent, plugged in a Cisco Catalyst 9300 UPOE+ switch and instantaneously had connectivity and 90 watts of power per port for Cisco IP phones, Cisco access points, and a handful of desktop computers, with room to add more. This has now been replicated multiple times as needed across their other hospitals and urgent care facilities in the system.

The Big Ask

Following the initial rollout of tented testing centers, Dustin received a call about building out a temporary field hospital.  As Dustin explains, “We got a big ask, they wanted us to convert our parking garages into field hospitals.” This ask included designing a network for a facility that could house up to 2100 beds to care for those infected with COVID. If you’re familiar with a modern hospital room, you know they include lots of connected devices for monitoring, alerting, and communicating with staff. To support this need, the final design consisted of Cisco POE switches, Cisco access points and wireless controllers, and Cisco IP phones. The deadline: two weeks.

With not much time to make this happen, Dustin pulled together some spare equipment, mapped out and designed the network, and worked tirelessly to get the hardware deployed, software updated, and all his policies set. He had 14 days but completed the task in just 10. And while Dustin was working on the network side of things, he didn’t forget to give a shout out to the construction crew and electricians, and especially the Army Corps of Engineers. “They wrapped the entire garage, inflated it, brought in HVAC, all kinds of stuff, just great work.”

Repurposing old equipment gets the job done

The network that Dustin deployed in the parking garage includes five Cisco Catalyst 9300 UPOE+ switches and 30 Cisco Aironet 3702 access points. Giving a nod to his appreciation for the latest gear, Dustin says, “We had to use what was available quickly. I would’ve like to have used the Catalyst 9120 AP’s but we had to make do with what we had.”

Because Renown had recently gone through a refresh at several of their hospitals, they had equipment on hand that was already spun and ready to go. This made the job go a lot smoother and reduced network equipment expenses for the field hospital.

Renown is continuing to support COVID patients and as the disease ebbs and flows, the hospital will adjust its facilities and do its best to make space available to care for its patients across the state. This might include adding new field hospitals, testing sites, and other areas to support patients and staff during the pandemic.

Soapbox time

In closing, I’d like to say that I can’t wait for this horrible disease to be done and over with so we can all get back to our regular lives. That said, I find the work we do together as humans inspiring, especially when we work together for the betterment of mankind. Hearing Dustin’s story gives me hope: to hear what’s possible, to hear that a parking garage can be converted into a fully functioning hospital in less than two weeks, to know we will get past this pandemic and that technology will help play a major role. I’m an optimist, I’m also logical, and I know that it will take a lot of work, dedication, and an enduring effort to get us back to where we once were.

Source: cisco.com

Continue reading

The Transformation of Software Testing

Traditional development and testing cycles have been a limiting factor for increasing the speed of creating and releasing new functionality as well as improving the quality of final releases. When much of a development team’s time is taken up with the looping, iterative cycle of design-develop-test-debug, a lot of creativity gets squeezed out of processes and people. Longer development cycles prevent new features—especially those specifically requested by customers—from being released on a timely basis. When customers have limited insight into how those features are being designed and implemented, they can be reluctant to implement them without extensive and time-consuming testing.

A trickier legacy issue to address is that IT buyers have lost trust in existing software development processes to deliver high quality code in dot zero releases. Instead they wait by default for future point deliveries, expecting more acceptable quality before even considering testing a release. Resolving this trust issue is a root driver of the transformation of testing.

We discussed the necessary shift in mindset required to digitize software development by making every person a developer and democratizing the entire process. We also touched on the value of integrating testing developers into the early design and develop stages. In this second post, we will examine in more detail this shift in testing to understand how it transforms the entire development cycle to the benefit of customers as well as developers.

Our goal in the Cisco platform independent group, which provides routing and control plane protocols and DevOps tools to the XE, XR and NX software development teams, is to digitize and transform processes and skillsets to create a hyper-efficient development organization. In particular, we are integrating the development of unit, integration, feature, system, and solution tests into the early stages of the development cycle with real-world use cases based on diverse customer network hardware and software configurations and topologies. How do we capture this detailed customer information? We listen. We share. We communicate.

Bidirectional Communication with Customers Critical in Early Development Stage

We are engaging customers much earlier in the development lifecycle with a goal to build a bidirectional communications channel between Cisco development and customers. First, we listen to understand customer requirements, topologies, and traffic patterns and feed those parameters into our design documents. We request customers’ device configuration files so we can prepare test plans incorporating an appropriate mix of “live in the field” hardware and software environments. We then verify with customer IT teams our design specifications to ensure a mutual understanding of goals. By providing insights into feature functionality and sharing test plans, customers can better prepare for implementation before the final release. Customers can also share their proposed test plans with our teams so that special use cases can be incorporated into our test plans as well.

Cisco customers have been eager to participate in early engagement opportunities to provide real-time feedback on specific feature designs and implementations. A participating customer related to our teams that the recent collaboration with Cisco Engineering “…was fruitful as it ensured that Cisco’s implementation of a specific feature was matching our expectations. Early engagement helps us understand new features so we can create successful design documents as well as train our certification teams. This early collaborative process also helps our team avoid ‘working as designed’ surprises during our testing.”

These collaborations among Cisco development teams and customers result in a reimagining of test design and procedures that permeate the development lifecycle.

Reimagining Testing Throughout Development

As we’ve previously discussed, within our platform-independent teams, everyone is a developer—from solution architects and designers to coders and testers. Each role plays a hand in ensuring the solutions and tools we build meet our customers’ requirements—whether internal teams or external enterprise IT organizations.

One key method of transforming testing efficiency and completeness is to integrate developers into the process who have in-depth experience with customer implementations, configurations, and troubleshooting. They participate upfront in the design stage to ensure that new features will work in real-world brownfield as well as greenfield environments. This change makes it possible to evolve from thinking primarily in terms of individual features that are designed, developed, and tested in isolation, to a customer-oriented solution approach. While each feature is coded with specific functionality by design, each must also be implemented as part of a complete networking ecosystem. Applying this philosophy not only helps identify unintended feature interactions, but also moves defect discovery to much earlier in the development cycle, in effect flattening the curve of found defects throughout the development cycle—a primary goal of testing transformation.

New features are not the only testing points to emphasize during the design phase. Since the main “users” of networking software are highly-trained technical professionals, serviceability is key to keeping them productive. For example, interfaces providing data such as telemetry and error codes, as well as CLI formats, are designed from the technical users’ point of view. In design documents, we consider how to expose sufficient debug information to enable faster problem resolutions, but without overwhelming technicians with irrelevant details. Here we are applying machine reasoning to assist in triaging issues. Ease of configuration of network devices and Day 2 management are also critical considerations for testing usability and serviceability. Training and automated checklists ensure that developers are abiding by serviceability guidelines and applying serviceability measurement to code during development.

New software releases are also scrutinized to minimize any unexpected changes in default behaviors. From release to release, behavior testing ensures that:

◉ Software doesn’t consume more memory or processing capacity than in a previous release unless a new feature requires it and is thoroughly documented to prepare the customer.

◉ New releases are backward compatible with supported hardware and software.

◉ Scale and performance do not degrade but stay consistent or improve.

Ultimately our goal in reimagining testing is to build a lasting bridge to quality to ensure our customers have trust in each and every release. While we have always performed intensive feature testing to validate functionality, integration, scalability, and usability, we are emphasizing a significant focus on solution level testing to ensure high levels of performance, interoperability, reliability, security, and conformance. Combined, these layers of testing will provide greater assurance that releases will perform as expected in a multitude of customer environments. We are building this bridge to quality with a unified development infrastructure for testing.

Unified Development Infrastructure Increases Automation and Consistency

Software in the process of being coded is often tested in virtual testbeds that can be quickly modified. This usually works fine for unit and integration testing. However, the further along the development cycle, the more complex the testing and interactions with the environment. Virtualized testing may not uncover all the issues that will be discovered in real-world configurations.

To address this gap, we are building flexible testbeds based on real hardware—routers, switches, servers, access points and software—that mimic real network deployments and operations. Since testbeds are based on a common infrastructure and environment, they enable reuse, code sharing, and complimentary software testing. Unifying topologies and infrastructure in development and testing improves efficiency by uncovering issues earlier in the cycle.

The next phase, already in progress, is to create “topology on demand” testbeds that enable developers to design tests based on a variety of environments and have them automatically configured, based on network devices customers are actually using. We are also creating new tools to automate whole testing processes with reusable Test Blocks. These will enable developers to pick and choose from a library of pre-constructed tests. In turn, the tests are run with automation tools that perform the processing and recording of results. The testing process becomes more of an intellectual design exercise compared to manually assembling and running test after test with slight variations—a boon for developers working on tight timelines.

Transformation of Software Testing Benefits Developers and Customers

Reimagining and transforming the development testing cycle is paying off at Cisco in multiple ways. Internally, new tools for automating testing processes are making work more efficient and more engaging for developers at every stage of the software cycle. As we involve customer teams earlier in the development cycles, they are regaining trust in software release readiness and are willing to deploy new solutions sooner after release with more confidence.

Continue reading

Introducing the Cisco C240 SD M5 Server for the Performance Edge

Supporting applications at the edge with high-performance, easy to manage UCS C240 SD M5 Server

As more data and processing needs exist and are growing rapidly at the edge, providers and customers are exploring methods to avoid the bandwidth, latency, and overall costs of backhauling content to the traditional data center. Instead, the industry is moving towards enabling the more intense computational needs closer to where this data and content is gathered and presented.

According to IDC (1), 50% of new enterprise IT infrastructure deployed will be at the edge by 2023, and there will be an 800% increase in the number of apps at the edge by 2024. The industry is already looking for innovative methods to uniformly operate in this greatly scaled out environment.

We talked with many customers looking at these needs in areas such as service providers, hosting providers, enterprise branch, retail, defense, and many others, they have shared some common requirements:

◉ Solution optimized for a compact and tactical environment

◉ Simple on-boarding to management and orchestration tools by non-IT personnel

◉ Autonomous operations, with an ability for simple periodic updates

◉ Easy access and maintenance by non-IT personnel

◉ Performance that traditionally resides within today’s Data Center

◉ Enhanced security to operate within shared-use multi-access facilities

◉ Flexible options along with global 24×7 support

Cisco used these customer requirements to guide us as we developed a new UCS server platform for our customers. Our teams have been working hard on this problem and we are excited to announce the new Cisco C240 SD M5 server.

Introducing the Cisco UCS C240 SD M5

The Cisco UCS C240 SD M5 is available today and delivers a performance edge solution integrated with our Cisco Intersight offering to allow the same advantages in edge that existing Cisco customers consume in their data centers today.

The Cisco UCS C240 SD M5 delivers the following key capabilities for customers:

◉ Simplicity: Easy deployment and connection to network and power

◉ Turnkey: Simple onboarding into already defined policy

◉ Cloud or Virtual Appliance Managed: Simple Intersight claiming, Cloud or Connected/Private Virtual Appliance

◉ Economic: Match workload density needs to ratio’s only seen inside traditional DC with full performance – while fewer device touches and full Intersight management means reduced operational costs

◉ Future Proof: Standard peripherals and accelerators supported as rest of UCS line

◉ Agile: Intent based Intersight template definition of many edge sites from a single policy

◉ Complete Stack at Edge: When combined with HX and HXAP (both of which will be available late 2020 on the C240 SD M5) you have platform for full stack management to match storage, SD-WAN, servers, network all in a coordinated fashion

Optimized for a compact and tactical environment

The Cisco UCS C240 SD M5 is built for environments within and outside a traditional data center with some key points below. The C240SD M5 Server:

◉ Can be stacked up to 4 high without racking – or in 2 and 4 post racks

◉ Can be installed against rear wall with minimum 6” rear clearance

◉ Is just under 22” deep

◉ Can be powered by 120/240VAC or -48VDC

◉ Users can connect 2 nodes together directly with 10GE cable for workload live-migration

◉ Can be deployed with 1 or 2 Intel Xeon SP processors (configuration options will change)

◉ 24 DIMM slots supporting up to 256GB DDR4, or add 128/256/512GB PMEM modules to a maximum of 9TB

◉ 2-6 SAS/SATA/NVMe Drives, 2 M.2 Drives

◉ 2-6 PCIe slots (Gen3 with 2 x16, 4 x8)

◉ Will have future NEBS L3 qualification

◉ Unit has optional internal M.2 boot drives

◉ Has a tamper-evidence device that will raise alarms in multiple management systems

◉ FCS operation up to 10,000 ft, testing in progress to 13,000 ft

◉ FCS temp range from 10-40C, testing in progress to 50C (and peripheral options come into play)

◉ Shock in operation a 10g, and non-operational to 20g

Simple on-boarding to management and orchestration tools by non-IT personnel

In order to gain the advantage of remote installations without IT staff travel, Cisco has invested in methods to ease the onboarding of the C240 SD M5 both in situations where a pre-staging can be done, and also developing a low-touch deployment that will be allow direct shipments to remote sites. These methods will allow remote staff who have limited compute expertise to perform an installation of the Cisco edge solution. Some key elements include:

◉ Staging Intersight pre-claim today

◉ Intersight onboarding directly by non IT remote staff in near future

◉ Remote config setup, validation, and OS installation via policy

◉ Operational analytics

In summary the customer can stage at a partner today, units for global deployment, or in near future just deploy at these global locations with no staging required. All state to be installed on that server (config, options, OS/Hypervisor, Analytics, etc.) can be done not only remotely – but in the policy already defined within Intersight.

Autonomous operations, with an ability for simple periodic updates

In many of these types of edge deployments, having a model that is not connected to the cloud is a mandatory element. Cisco has many deployment models starting with simple stand-alone device management through our Cisco Integrated Management Controller that can be configured via multiple scripting and API methods. To take this further, based on our customer requirements we have developed the Intersight Connected Virtual Appliance which maintains a relationship with Cisco for real-time analytics and support, or the Private Virtual Appliance that has no connectivity back to Cisco. The latter provides isolation in the customer environment much like perpetual isolated software components common today.

To allow a capability of keeping updates for latest support and features ,the connected appliance can operate disconnected for up to 90 days – when the connection can be re-established, or in the case of the private appliance disconnected for same duration before customers are asked to update the appliance via a downloaded package.

Easy access and maintenance by non-IT personnel

The C240 SD M5 has a key advantage of all front access, where only rear components are the redundant fan modules. The components allow for easy replacement with easy access should maintenance be required.

Performance that traditionally resides within today’s Data Center

In many edge platforms today, the processing and peripheral/storage needs are much smaller for far edge points of the environment. Using those platforms to address the performance needs of hosting workloads, processing of data and video, transcoding, etc. are forcing higher processing and peripheral needs into the space between DC and edge. The Cisco UCS C240 SD M5 fits into that space and offers the performance of the full suite of most Intel Xeon SP models, Intel N3000 FPGA devices, nVidia T4 devices, up to 6 PCIe slots (2 x16), SAS/SATA or in combination with 6xNVMe.

As customers look to deploy SD-WAN solutions that include edge sites, methods to store large amounts of data where it is generated at the edge, process that data at the edge, our solution when combined with HyperFlex and HyperFlex Application Platform in the coming quarter will provide a full-stack solution to those locations with a single point of management and analytics.

Enhanced security to operate within shared-use multi-access facilities

As the data, business processing, and key Intellectual Property move outside the well-defended DC into these edge locations, the ability to secure these elements moves from an over the top add-in into a integrated strategy. Cisco UCS C240 SD M5 bases our security in our Cisco ACT2 technology that validates the hardware, the booting process, all firmware components up the stack. Cisco also supports Self Encrypting Drives in this solution, so that a unit will brick if removed. Cisco also includes tamper sensing within the solution that will allow central alarming.

Flexible options along with global 24×7 support

Customers we have talked with envision using the C240 SD M5 offering in combination of bare metal workloads, container workloads, standard virtual server hosting, Cisco HyperFlex solution, and more generally in a variety of storage heavy or PCIe dense deployments.

Cisco has multiple methods in the C240 SD M5 for sharing support information with Cisco TAC, including the fully connected TAC offering inside Intersight. All of the benefits of Cisco Intersight from an infrastructure automation and orchestration perspective are available to the C240 SD M5 at launch.

Customer Focused, Operate at Scale

Customers desire a platform for performance edge needs that is agile, simple, and economic. The new Cisco UCS C240 SD M5 delivers on that promise by providing a turn-key platform that is simple to deploy and operate and reduces the burden of IT staff. Future options for new acceleration technologies, driven by Intersight intent based policy and centrally managed will remove significant roadblocks to a modern performance edge. Operating at the scale of thousands or higher is much more straightforward with the UCS C240 SD M5 and Intersight together.

Continue reading

What happens to the Cisco Live Network Infrastructure when the conference goes virtual?

This is a question the Technology Experiences Team (TechX), Cisco’s dedicated team of infrastructure engineers and project managers, asked themselves this year. When our annual, in-person conference suddenly went virtual, it rendered our hardware a little redundant. So, what do we do with the technology we’d usually deploy for our customers at events?

TechX is chartered with the support of events and trade shows throughout the calendar year. It is our fun and often exhilarating task to implement Cisco’s technologies and sometimes our very latest solutions. Supporting our customers, event staff, and partners to host Cisco Live, and building an enterprise class network for 28,000+ people in just a few days is certainly an undertaking.

With no physical events this year, all that amazing Cisco technology is suddenly useless, right? Well, fortunately not. My job within the team is to build out and support the Data Center (DC) for our shows. The DC is home for all those applications that make the event and supporting it a success. Our applications portfolio includes: Cisco Identify Services Engine (ISE), Cisco Prime Network Registrar (CPNR – DNS/DHCP), Cisco DNA Center, virtual Wireless LAN controllers, FTP, Cisco Network Services Orchestrator (NSO), Data Center Network Manager (DCNM), vCenter, various flavors of Linux based on our Engineers preference, NTP, Active Directory, Remote Desktop Services, Application Delivery Controllers (ADC), Cisco Video Surveillance Manager, Grafana, NetApp Snap Center, Ansible hosts, Mazemap Lipi server, Find my Friends server, web hook servers, Database hosts, and the list goes on.

What did we do with a DC that supports all of those wonderful applications you may well ask? Well, we did two things. First we deployed Folding@home virtual machines, which as many of you well know is a distributed network of compute power using almost any machine to crunch numbers, helping scientists at Stanford University work toward cures for diseases. What better use of a large Data Center? Not only are we repurposing our infrastructure instead of retiring it, we’re doing our part to help with a healthcare crisis. In fact, Cisco as a whole is using its compute power across the company to contribute, and you can see our progress with the Folding@home project. Cisco’s team ID is 1115, and our group is called CiscoLive2016, as that’s the first time we deployed Folding@home during that very show.

Other important questions arise from this such as:

◉ What are we using to host Folding@home?
◉ How did we deploy the virtual machines?
◉ How are we monitoring our compute?
◉ How do we monitor our progress in terms of the Folding@home project?

What are we using to Host Folding@home?

We deploy two types of compute cluster at Cisco Live, one traditional data center solution with storage and blade servers (UCS B series), known as a Flexpod. The second, a hyperconverged cluster known as Cisco Hyperflex. The Flexpod is a collaborative solution that comprises VMware’s vSphere virtualization software, NetApp’s storage clusters, Cisco’s UCS Blade Servers, and Nexus Data Center switches. In this case we’re using UCS B200 M4 split over two chassis combined with a NetApp MetroCluster IP for a total of 16 Blades. The Metro cluster is a fully redundant storage system that replicates all data between two arrays. As such, if you lose one, the other will allow you to recover your lost data. Typically, these are installed at two different locations, which isn’t possible at Cisco Live due to space and cabling restrictions. You’ll see how we configure it below.

The MetroCluster actually ships with two Nexus 3232C switches to create the IP connectivity between both clusters. The UCS Chassis uses a boot from SAN method, to load their ESXi OS from the Metro Cluster IP. Due to UCS’s service profiles, if we were to lose a blade, we may simply replace the blade and boot the exact same operating system, used by the old host, without the need to re-install ESXi. A service profile is essentially a set of variables that make a host or server operable.  These variables include UUID, MAC address, WWPN’s and many other pieces of information. When we insert a new blade it would take on the appearance of the fold blade using the information created within the profile. This allows it to masquerade as the old host and permits a compute hotswap. Here’s a basic diagram of our design.

Flexpod Design Diagram

How are we monitoring our Compute?

The other awesome thing about Cisco’s compute platform is we have a cloud-based monitoring system called Cisco Intersight. We use this each year to ensure our servers are running without error. You may also access the servers’ management interfaces, UCS Manager, from Intersight, making it a consolidated GUI across multiple sites or deployments. Here’s a Dashboard screen capture of how that looks. We actually have an error on one host which I need to investigate further. It’s great to have a monitoring system, especially whilst we’re all working from home.

How did we deploy the Virtual Machines?

Being a busy guy, I didn’t want to manually deploy all 40 virtual machines (VMs), carrying out a lot of error prone typing of host names, IP addresses and VM specific parameters. Bearing in mind, there would be a great deal of repetition as each VM is essentially the same. Instead I decided to automate the deployment of all the VMs. The great news is, some of the work has already been done as VMware themselves have produced a Folding@home ‘ova’ image running their Photon OS. The image is optimized to run on ESXi and can be installed using ova/ovf parameters. These are basically settings, such as IP address, hostname and information specific to the Folding@home software install taken prior to installation. There are some installation posts regarding deployment and also in the download itself. Please see the link at the end of this post.

Using Python scripting and VMware’s ovftool, a command line tool for deploying ovf/ova files, I was able to take the image and pass all the ova parameters to the ovftool. The ovftool then actually builds a VM on a specified host taking all of your desired settings. Using Python, I can loop over all of these parameters x number of times, in my case forty, and execute the ovftool command forty times.  This was a joy to watch, as VM’s started to appear in my vCenter all of a sudden and I could sit back and drink my cappuccino.

After the installation I was able to monitor, using VMware’s vCenter how our hosts were running. Using Folding@home’s largest VM’s installation, which uses more processing power, I was able to push our cluster to around 75% CPU utilization on each host as can be seen below. Some hosts were spiking a little, so I needed to make some adjustments, but we continued to crunch numbers and use our otherwise idle compute for a greater good.

How do we monitor our progress in terms of the Folding@home project?

Digging into Folding@home, I was able to learn the project has an Application Programming Interface or API. The API allows access to the statistics programmatically. Again, using Python alongside InfluxDB and Grafana, I was able to create a dashboard that the team could view in order to monitor our progress. Here’s a sample that I’ve annotated with numbers so we can refer to each statistic individually.

1. Teams work units, the amount of data crunched over time

2. The score assigned to our team over time

3. Cisco System’s group position out of all companies contributing to the project

4. Within the Cisco Systems group, our own position within the project

5. TechX work units as a numerical value

6. TechX’s Score as a numerical value

I was going to go into what we used our Hyperflex for, but I may leave that to another article as this one is getting a little long!

Continue reading

Cisco Managed Services Offers To Support Partners Across Their Portfolio Journey

Today’s customers are relentlessly focused on accelerating business outcomes throughout their lifecycle journey. Cisco and our partners have worked together for many years to develop and successfully deliver technology innovations across all industries. To help our partners continue to build on their roles as trusted advisors, we have built a Customer Experience Success Portfolio, which opens up multiple service opportunities.

Cisco understands that not all partners have the same focus areas or business models. They may be at different stages in developing new technologies, architectures, and solution portfolios. That’s why Cisco offers a range of services to support partners, regardless of where they are in their journey.

Some partners may have plenty of their own engineering resources and have already successfully developed and deployed their own solutions to customers. For these partners, Cisco Technical Assistance Center (TAC) offers support services for escalations and troubleshooting.

Cisco also offers mentoring and training services for partners who are building a new practice around a new technology and may need help with their initial installs.

Some partners may focus on a very specific architecture, but might need to respond to an opportunity with requirements that are outside their area of expertise. Not everyone can invest the resources to become proficient in every technology or solution that Cisco offers. Cisco’s advanced services experts can help partners fill gaps in their offerings and seize more opportunities.

In some cases, a partner may wish to completely offload the management and operation of a new solution for their customer. They may want to avoid the time and expense of building a new security or network operations center. Or maybe their business model or customer installed base can’t justify building out their own management and operations.

For partners who have already built out their own managed services practice, Cisco Managed Services can help capture more of this market opportunity if they lack capabilities in certain areas or can’t scale fast enough to accommodate specific customer needs. Cisco can help you win more managed services opportunities right away, without having to wait to build your own capabilities.

Cisco Managed Services offers enable partners to address these types of specific market opportunities.

Many of our partners might have not heard about Cisco Managed Services. They may be unaware that Cisco Managed Services has been serving a select group of large strategic enterprise customers over the past sixteen years.  We wanted to find a way to package up and share what we’ve been learning into a partner-ready go to market offer.

Now you can take advantage of all the knowledge, intellectual property, and experience that Cisco has accumulated, to help your customers achieve the outcomes they are seeking.

According to IDC, companies are spending more than $21 billion for around-the-clock monitoring and management of security operations centers today. Managed security services are now the fastest growing segment of the IT security sector, with a compound annual growth rate of 14.2 percent, and IDC estimates that the overall market will be $32.2 billion by 2022.

Managed Detection and Response (MDR) lets customers apply advanced security across the cloud, network, and endpoints. It is delivered by an elite team of researchers, investigators, and responders, together with integrated intelligence, defined investigations, and response playbooks supported by Cisco Talos threat research.

Cisco MDR leverages Cisco’s world-class integrated security architecture to deliver industry-leading 24x7x365 threat detection and response. It helps customers reduce mean time to detect, and lets them contain threats faster with relevant, meaningful, prioritized response actions.

According to Markets and Markets, companies will have spent $31 billion on enterprise collaboration in 2019. By 2024, the projected total available market will be $48.1 billion, with a compound annual growth rate of 9.2 percent.

Cisco UCM Cloud provides a complete collaboration, security, and networking solution from Cisco that simplifies the move to the cloud. It lets customers move from their current on-premise model, where they are responsible for maintaining Cisco UC Manager, to an as-a-service model from Cisco.

Unified Communication as a Service, Powered by Cisco UCM Cloud is a managed service that wraps around the Cisco UCM Cloud solution, simplifying your customers’ ongoing management of a cloud-based UC platform. CX Managed Services can help you make the most of this growing market opportunity. Our offerings can complement your managed voice, video, and contact center offers, to help support customers’ heterogeneous environments and a flexible transition to the cloud.

Cisco is dedicated to helping you unlock the potential of the growing managed services market, to help you grow your practice. We want to complement your portfolio and drive pull-through opportunities both for technology solutions, as well as value add on partner services.

Continue reading

Cisco APIs Help Partners Address Demand for Work From Home

Achieve amazing end user experiences

You are telling me I can get my entire music library on just that battery powered hard drive and have room for 10,000+ more songs! It was a whole new process that took some work to sort, tag, and rip all my CDs. This sea change in the way of doing something I had been doing for years created a user experience so valuable, it was impossible to return to the old way of doing things.

Technology really shines when it can fundamentally change a process to achieve amazing end user experiences. As we forge ahead in this new environment, I was reminded of 1998 and how MP3s changed my world.

Work from home can pose new challenges to IT

Nobody predicted tens of thousands of people that used to go into the office every day would be suddenly working from home. It has forced some interesting evaluation of our business processes; do we need floors of cube farms to get work done? According to Business News Daily in March, they found work from home workers to put in an average of 1.4 more days per month or more than three additional weeks of work per year. It appears that the claims of workers being more productive working remote has some real data to back it up. While this level of change is a good thing for corporations’ top line, it can pose some new challenges to IT.

Up until recently the bandwidth coming into the data center was more than sufficient to support cloud data set backups, sync with our remote data center, and provide Internet access and VPN access for our employees. However, when your 7,000 employees leave those LAN connected branches and all WFH (Work From Home), the experience can suffer dramatically.

Addressing the new demand for work-from-home

At Cisco, we have long had a vision that the most important measurement of IT performance is employee and customer experience which is why we continue to make strategic acquisitions such as Application Dynamics and the soon to close ThousandEyes.

Effectively addressing this new demand in this hyper connected world means scaling workloads across multiple clouds. But how do you ensure the experience for an employee in a WFH environment over a VPN or HTTPS session is getting the application experience required for them to get that extra 1.4 days in each month? A dashboard of application and network health, regardless of where that application is being hosted or consumed would provide IT the agility it needs to know and address any issues before they become real problems.

Using the SDKs and Cisco APIs

Using the SDKs and APIs from App-D, vManage SDWAN, ThousandEyes, and Tetration would allow a DevNet certified partner to build just such a health application to offer as part of a managed service, standalone app, or other competitive differentiator for their customers.

The flow could look something like this:

• Customer moves front-end web-scale applications to AWS, Azure, and Google Cloud while others with low-latency dependencies stay in the DC (could automatically be moved by Cisco CloudCenter)
• Application Dynamics agents monitor the application stack in the DC and in the cloud while automatically injecting javascript into the remote browsers to monitor the user experience.
• Tetration applies workload-protection policies at the OS/instance level and reports connectivity and dependency information back. These policies are maintained consistently across on-premises DC and public cloud environments.
• Cisco Viptela SDWAN ensures application demand is being balanced across the multi-cloud environment for high availability
• ThousandEyes actively monitors the network traffic paths across internal, external, SaaS, carrier and Internet networks in real time, reporting hop by hop issues such as path changes, bandwidth constraints, round-trip latency, packet loss, and QoS remarking.
• The DevNet Certified partner utilizes APIs, SDKs, etc. from each of those products.
• Validate the workload is spun up in the preferred cloud provider
• Validates Tetration cloud workload-protection matches the DC workload-protection and dependencies are connected
• vManage reports that the applications are being securely delivered and balanced between clouds with minimal latency
• ThousandEyes validates there are no alerts on transitory or peering AS routes to AWS, SalesForce, or O365
• App-D sees the CPU, Memory, and application calls are at appropriate levels and response times from the workload and at the clients desktop are well within spec.

The Dashboard is updated: Virtual workload secure, responding, and scaled. Client’s side responding, WAN available, and secure. Success! We have deployed our WFH solution providing the same or better experience as if we are sitting in the cubes, but with the comfort of being in our pajamas with our dog laying on our feet. Technology shines when it drives change and simplicity, offering better ways of doing things.

Cisco APIs help partners to adapt

Cisco DevNet Certified partners and Cisco APIs allow us to easily adapt and show how IT can truly shine in a hyperconnected world.

Now to get back to sorting another batch of MP3s, you have to have tunes while thinking about how we can change the world.

Continue reading

Cisco Secure Cloud Architecture for Azure

Workloads and applications are moving from a traditional data center to the public cloud as the public cloud provides an app-centric environment. Microsoft Azure offers critical features for application agility, faster deployment, scalability, and high availability using native cloud features. Microsoft Azure recommends tiered architecture for web applications, as this architecture separates various functions. There is the flexibility to make changes to each tier independent of another tier.

Figure1 shows a three-tier architecture for web applications. This architecture has a presentation layer (web tier), an application layer (app tier), and a database layer (database tier). Azure has a shared security model, i.e., the customers are still responsible for protecting workloads, applications, and data.

Figure 1: Azure three-tier web architecture

In addition to the native cloud security controls, Cisco recommends using security controls for visibility, segmentation, and threat protection.

Figure 2: Three key pillars of Cisco recommended architecture

Cisco recommends protecting workloads and applications using Cisco Validated Design (CVD) shown in figure 3. We focused on three-essential pillars (visibility, segmentation, and threat protection) of security validating this cloud security architecture.

This solution brings together a Cisco, Radware, and Azure to extend unmatched security for workloads hosted in the Azure environment.

◉ Visibility: Cisco Tetration, Cisco Stealthwatch Cloud, Cisco AMP for Endpoints, Cisco SecureX Threat Response, and Azure Network Security Group flow logs.

◉ Segmentation: Cisco Firepower Next-Generation Virtual Firewall (NGFWv), Cisco Adaptive Security Virtual Appliance (ASAv), Cisco Tetration, Azure Network Security Group

◉ Threat Protection: Cisco Firepower Next-Generation Virtual Firewall (NGFWv), Cisco Tetration, Cisco AMP for Endpoints, Cisco Umbrella, Cisco SecureX Threat Response, Azure WAF, Azure DDoS, Radware WAF, and Radware DDoS.

In addition to visibility, segmentation, and threat protection, we also focused on Identity and Access Management using Cisco Duo.

Figure 3: Cisco Validated Design for Azure three-tier architecture

Cisco security controls used in the Cisco Validated Design (Figure 3):

◉ Workload level

      ◉ Cisco Tetration: Cisco Tetration agent on Azure instances forwards “network flow and process information” this information essential for getting visibility and policy enforcement.

     ◉ Cisco AMP for Endpoints: Cisco AMP for Endpoints offers protection against Malware.

◉ VNet level

     ◉ Cisco Umbrella (VNet DNS settings): Cisco Umbrella cloud offers a way to configure and enforce DNS layer security and IP enforcement to workloads in the VNet.

     ◉ Cisco Stealthwatch Cloud (NSG flow logs): SWC consumes Azure NSG flow logs to provided unmatched cloud visibility. SWC includes compliance-related observations, and it provides visibility 

into your Azure VNet cloud infrastructure.

◉ Perimeter

     ◉ Cisco Next-Generation Firewall Virtual (NGFWv): Cisco NGFWv provides capabilities like a stateful firewall, “application visibility and control”, next-generation IPS, URL-filtering, and network AMP in Azure.

     ◉ Cisco Adaptative Security Appliance Virtual (ASAv): Cisco ASAv provides a stateful firewall, network segmentation, and VPN capabilities in Azure VNet.

     ◉ Cisco Defense Orchestrator (CDO): CDO manages Cisco NGFWv and enables segmentation and threat protection.

◉ Identity

     ◉ Cisco Duo: Cisco Duo provides MFA service for Azure console and applications running on the workloads.

◉ Unify Security View

      ◉ Cisco SecureX Threat Response: Cisco SecureX Threat Response has API driven integration with Umbrella, AMP for Endpoints, and SWC (coming soon). Using these integrations security ops team can get visibility and perform threat hunting. 

Azure controls used in the Cisco Validated Design (Figure 3):

◉ Azure Network Security Groups (NSGs): Azure NSG provides micro-segmentation capability by adding firewalls rules directly on the instance virtual interfaces. NSGs can also be applied at the network level for network segmentation.

◉ Azure Web Application Firewall (WAF): Azure WAF protects against web exploits. 

◉ Azure DDoS (Basic and Standard): Azure DDoS service protects against DDoS. 

◉ Azure Internal and External Load Balancers (ILB and ELB): Azure ILB and ELB provide load balancing for inbound and outbound traffic.

Radware controls used in the Cisco Validated Design (Figure 3):

◉ Radware (WAF and DDoS): Radware provides WAF and DDoS capabilities as a service.

Cisco recommends enabling the following key capabilities on Cisco security controls. These controls provide unmatched visibility, segmentation, and threat protection and help in adhering security compliances.

In addition to the above Cisco security control, Cisco recommends using the following native Azure security components to protect workloads and applications.

Secure Cloud for Azure – Cisco Validated Design Guide (July 2020)

For detailed information on Secure Cloud Architecture for Azure, refer to our recently published Cisco Validated Design Guide. This design guide is based on the Secure Cloud Architecture Guide. The Secure Cloud Architecture Guide explains cloud services, critical business flows, and security controls required for the cloud environment to protect workloads. This guide covers the Cisco Validated Designs for workload protection in Azure three-tiered architecture. This also includes cloud-native security controls and Radware WAF/DDoS for workload protection in the cloud.

Continue reading