More than connectivity: Wi-Fi as a lens to analyze business impact during a global crisis

The year 2020 has brought about changes in the way people go about their daily lives. The pandemic is reshaping society in ways that are unfamiliar and sudden. To understand what industries can expect when the pandemic slows down and also better prepare for any future crisis, they need to analyze and take measure of how the pandemic changed the customers’ behavior towards businesses and its physical spaces. For example — are there fewer retail customers now as compared to before the pandemic? How has their visit frequency changed and are they spending more time now in-store or less? There is an assumption that market segments like transportation and hospitality would be impacted more than others like Healthcare, but is there real data to prove it?

One of the ways to get answers to these questions and more is to leverage a technology that we are all familiar with – Wi-Fi. Wi-Fi is now an essential service available everywhere, from enterprise workspaces to coffee shops, from universities to malls. Given the pervasiveness of Wi-Fi and the close correlation between wireless client count and visitor/user count in a physical space, we are better able to understand user presence and behavior.

Cisco DNA Center + Cisco DNA Spaces

Cisco DNA Center and Cisco DNA Spaces cover more than 10 million client devices, more than one million access points, and digitize close to 2.8 billion square feet of enterprise airspace. With such a massive anonymized data set (until the end of April 2020) in hand and with the broad coverage of deployments that Cisco has, we set out to analyze how businesses in different market segments were affected by the pandemic. We take some of the observations from the real world and see if the data collected by Cisco also shows similar observations.

Overall impact on wireless client count

While new infection cases were being reported in early February in countries outside of China, such as South Korea and Italy, much of the rest of the world continued along with business as usual. In the beginning of March, the seriousness of the pandemic was being felt throughout the world. News about possible restrictions to mitigate the transmission of the virus were being announced around the second week of March, culminating with a national emergency declaration on March 13th in the United States.

Given the shelter-in-place orders that were mandated in mid-March across many geographies, there was a sudden and severe drop experienced in people density across many businesses and market segments.

If we look at the overall wireless client count from Cisco DNA Center deployments around the world — including all regions and market segments — it began dropping in the week of March 16th with a sharp fall continuing until the end of March:

Total Wireless client count trend

There was a 62.35% drop in client count from March 9th until March 30th.

To understand which regions contributed the most to the fall, look at the overall client count split by regions. Almost every region showed a similar trend of declining count starting from the second week of March:

Client count by region

The data collected by Cisco DNA Spaces also aligns with this observation and shows that the drop in user visits was universal and happened across all geographies. Most countries experienced record drop-offs in the same week despite differing social distancing policies.

Drop in visits during week of March 16th relative to the previous week

People presence in the US also dropped suddenly in a single week beginning Monday the 16th:

Daily trend in visits to out-of-home locations

While the decline has been similar between the different regions, the recovery since the second week of April has been different. While the Americas and Asia Pacific, Japan and China (APJC) are showing a modest increase in client count numbers by 5.58% and 3.22%, Europe, the Middle East, Africa and Russia (EMEAR) region is leading the recovery with an increase of 49.43%. Within the EMEAR region, the biggest contributors to the recovery have been Professional Services, Government and the Financial Services segment.

Wireless clients per market segment (EMEAR)

Impact on user presence in different market segments

Understandably during stay at home orders, verticals like Hospitality, Transportation and Education were expected to be impacted much more than other more essential verticals like Healthcare, as they had to continue working at the same or higher scale. The data collected from our customers validates this.

To measure the impact of user presence in different market segments, we take the latest client count for that segment and compute the percentage change from the historical average for that market segment. This analysis reveals the top three segments that were most impacted and least impacted:

The Education segment is one of Cisco’s largest, with close to 1.5 million clients reported through Cisco DNA Center. With universities and schools closed down for the academic year two-and-a-half months early, this segment was severely impacted. The client count went down by 77.02% in the last three weeks of March:

Wireless client count trend in Education market segment

While one might suspect that a pandemic would cause user presence to jump in the Healthcare market segment, the data collected shows that it has in fact seen a drop in user presence as well, though it was relatively lower than other segments. The reason for this drop is because people are preferring to do virtual or on-phone appointments with their Healthcare teams during this crisis. Additionally, people were pushing their elective surgeries and non-critical appointments out to a later date. We see this in New York, one of the hardest hit states, as emergency room visits in New York City health and hospital locations were down by 50% in March. In Providence, Rhode Island, the volume of heart attack patients fell by about 50% in March. Physicians suspect that this was because patients with mild heart attacks or strokes were going to family doctors or outpatient clinics instead of visiting the ER.

We filtered out the data for just the Healthcare segment to see if our observation correlates with this.

Wireless client count trend in Healthcare market segment

Notice the dip in the month of March. The fear of visiting hospitals did indeed impact the Healthcare market segment.

Regional differences

It would be interesting to analyze how the impact on businesses has been different in different countries based on the timelines of the pandemic, their approach to mitigating the impact of the virus, and other unique incidents that happened in their regions.

China

On December 31, 2019 China first reported cases of COVID-19 to the World Health Organization (WHO). By March 19th, China reported that there were no new local transmissions for the first time since the pandemic began.

This timeline is very different from the rest of the world. While the rest of the world was entering the initial stage of the transmission of the virus, China was on its way to a recovery. As a result, we should expect a difference in the data that we see from China as compared to the rest of the world.

The wireless client trend for China shows a dip after 2nd week of January. The steep drop continues until the first week of February (decline of 91.5%) after which it shows a recovery:

We observe that businesses in China started recovering much earlier than the rest of the world. And given the weekly increase in client count after the first week of February, the recovery seen in China appears to be quite aggressive.

Looking at the change in client count (as of April 27) as compared to the historical average across the market segments, we can see that China is showing above average count in all segments except Government and Education:

The Manufacturing segment in China showed an interesting trend. There are two dips seen in the client count trend for Manufacturing. The first dip is understandable — this is when the pandemic was at its worst in China. But the second dip (decline of 41.46%) unexpectedly occurred in April when China should have been out of this crisis.

Looking at this a bit deeper, there is one customer from Guangzhou that had a much bigger contribution to the drop in the Manufacturing segment than the rest. The client count for this deployment dropped in April by 98.1% in two weeks and contributed to the overall drop for this segment. This correlates with the news of an outbreak in Guangzhou and the shutdowns in the region because of this localized outbreak.

Wireless client count trend from a Manufacturing customer in Guangzhou

Overall, looking at the trends of all the market segments, China is showing recovery.

United States

The United States started seeing the first few reports of the infection in January 2020. By March 13th, a national emergency was declared and a number of states went into lockdown after that. After more than a month of severe lockdown measures, a few states started to open up in a phased manner. Given this shifted timeline as compared to China, we should expect to see some interesting insights by analyzing the telemetry data.

In sharp contrast to China, the US shows a steep decline (54% drop) in client count in the second week of March. This correlates with the timeline of the response in the US because of closures and lockdowns on businesses occurred only in the second week of March.

Beginning in April, the client count trend for the US showed some stabilization and a very slow growth in the last few weeks of April. This observation correlates well with the news about businesses coming out of the lockdown in a phased manner at the end of April.

Other than Healthcare, all of the market segments in the US are showing a client count below the average. With social distancing becoming the norm and schools and universities shut down, market segments like Hospitality, Media and Entertainment, Transportation and Education have been hit the worst.

Looking at the week-by-week changes starting on March 9, we can see steep declines in multiple segments. We see a bit of a stabilization when April begins and then after the second week we see a slow increase in client counts across different segments.

We observe that businesses in the US are slowly trying to come out of the lockdown. While it is not as aggressive as China, the progress is still happening.

While China is showing growth with its top customers, the customers in the US with the highest number of unique client counts are still showing decline in count in the last week (as of April 27th). Since most of the large customers (as far as unique client counts goes) in the US are from the Education segment, this is expected. Schools and universities may remain closed until much later this year, so the recovery in this segment will take time.

Retail has been an interesting market segment in the US to analyze. At the end of February 2020, the seriousness of the virus was first being felt in the United States. Infections spiked in Europe and the number of cases were rising in the United States. The fear of lockdown and running out of stock of essentials led to “panic shopping” in a lot of regions in the US. We can clearly see this phenomenon if we zoom into the retail segment in the US and check the client trend:

There are spikes seen in the client count trend for the beginning of March before the lockdowns in the US were announced. After that, near the end of March, the spikes died down, but the trend never really dropped very low. This is because grocery shopping is one of the essential businesses that had to be kept open.

Diving deeper into the retail segment, Cisco DNA Spaces shows interesting insights into sub-categories in this segment.

By looking at percentage change in weekly visits across the sub-categories in Retail between first week of March and last week of April, we see that Convenience and Groceries categories were less affected than other categories.

Wireless client count trend in US Retail sub-categories segment

We also observe that while the number of visits to retail outlets have fallen during this crisis, the time spent by shoppers per visit to the store has remained largely stable.

Another interesting observation in Retail segment is that the drop in visits by customers was agnostic to local social distancing regulations. We looked closely at the visits data from a Lifestyle retailer with stores across four states – California, Florida, Texas, and New York. These states announced shelter-in-place orders at different times and the level of restrictions were also different, but the timing and pattern of decline in visits was identical across all the locations.

Sweden

Sweden, the country that adopted the unique and controversial approach to stopping COVID-19, kept most of its businesses including primary schools and non-essential businesses open while encouraging people to work from home if possible. It relied on ‘herd immunity’ to stop the transmission by letting the stronger population get infected and develop immunity while protecting the high-risk population. What does the data tell us about the impact of this pandemic on Sweden, and on its businesses as a result of this unique approach?

Unlike most of the other countries impacted by the pandemic, Sweden had very minimal impact in the month of March and it shows very aggressive recovery in the last week of April:

In the last few weeks of April, the EMEAR region has shown the fastest recovery (49.43% growth in client count since 2nd week of April) when compared to AMERICAS (+5.58%) and APJC (+3.22%). And within EMEAR, if we take a snapshot of the top few deployments with highest client counts, most of them are from Sweden, and the count is higher than average in the last week of April:

Client count change in Sweden

This makes Sweden kind of an outlier as compared to the other Nordic countries and it could be attributed to their unorthodox approach.

India

On January 30, 2020 India reported its first case of the virus. By mid-March the number of confirmed cases escalated to more than a 100. The government started imposing travel restrictions and states began to issue shutdown orders or asking institutions to work in limited capacities. Finally, on March 24, the government issued an order for complete lockdown of the nation.

This sequence of events can be seen in the overall client trend for India. After the second week of March, there is a rapid decline (a drop of 95.97%) in client count and it bottomed out at the end of March. This is in line with the earlier observation where globally user presence dropped suddenly. After the steep drop, the trend line has remained flat:

The Government of India and all the State Governments took strict measures to make sure no one violates or defies the lockdown restrictions. All market segments were severely impacted because of these stringent measures exercised by the government:

Average client count change in India

A week-by-week analysis shows that user presence in some segments like Technical Services had already started getting significantly impacted starting mid-March.

Client count drops in March for India

There is an explanation for this observation. Out of an ‘abundance of caution’ a lot of employees had already started working from home. Multi-national companies were asking their global teams to work from home even before the Government of India announced the nationwide lockdown because of COVID-19.

One can also notice that after March 30th, there has hardly been any change in the client count. This can be attributed to the fact that the lockdown restrictions are being strictly enforced in India with legal actions taken against violators.

Continue reading

Harvesting Threat Intelligence with the SecureX Threat Response API

It is widely known that there are never enough resources to staff every Security Operation Center (SOC). Organizations are struggling to cope with the massive number of new attacks, which makes it ever more important to stay up to date with the vast number of threats that could be just around the corner. Enter Cisco Talos, Cisco’s threat intelligence research group and a well-respected source for threat intelligence information.

What is Threat Intelligence?

According to Wikipedia, “cyber threat intelligence is information about threats and threat actors that helps mitigate harmful events in cyberspace”. Wikipedia also points out that the “sources include open source intelligence, social media intelligence, human intelligence, technical intelligence, or intelligence from the deep and dark web”.

There are different forms of threat intelligence:

◉ Tactical: this type of intelligence can be used to identify the threat actor of a specific attack. Examples can be Indicators of Compromise (IoCs) like IP addresses, domains and file hashes.

◉ Operational: this type of intelligence focuses more on the Tools, Techniques and Procedures (TTPs) of the attacker.

◉ Strategic: this type of intelligence focuses more on high-level cyber risks and can be used to create a strategy for a company.

What is the SecureX Threat Response API?

The SecureX Threat Response platform is a tool that aggregates and correlates the capabilities of many Cisco and third-party security products (called “modules”). This tool can be leveraged for “threat hunting” in a customer’s environment to help keep their environments secure. It does this by connecting to the API’s of the various products, and by doing so is able to retrieve information. This process is called “enrichment.” Enrichment focuses both on internal sightings and external threat intelligence. At the same time, Threat Response can take actions in a subset of the connected products. This process is called “response”.

Some products can only provide enrichment, while others can do both enrichment and response. Cisco Security customers can use Threat Response to quickly identify a root cause of a cyber-attack, by using any text (containing IoCs) as an input. This text can then be enriched both from internal monitoring modules (“Do I have any infected hosts?”), and from threat intelligence modules (“Are these IoCs bad?”). And it enables customers to quickly take response actions to remediate the threat.

The SecureX Threat Response relation graph graphically shows how the observables in an investigation are connected.

If you’re a Cisco Security customer, guess what … You have access to Threat Response at no extra cost. The Threat Response APIs can be leveraged to automate a big chunk of the threat hunting process, and mainly the enrichment process.

How to harvest threat intelligence, and hunt the threats?

The internet contains many free sources of threat intelligence that can be used in addition to the Cisco Talos feeds. Using the SecureX Threat Response API, it is possible to harvest this and discover internal security events. This process is what was earlier described as “enrichment”, where both internal and external modules are checked for hits. There is a big community out there that shares new IoCs related to new cyber-attacks and malware campaigns.

So how can I harvest my threats?

Below are two examples that take a free source from the internet (blogs and Twitter) and parse them for IoCs. Both scripts then check for “target sightings” and automatically adds IoCs to SecureX Casebook. If there are any hits on internal targets, it will add a “HIGH PRIORITY” tag to the Case. The scripts will also send a Webex Teams alert to a configured Space (e.g. the Space used by a SOC). Check out the links below to find out more!

1. Searching threat intelligence blogs

The Cisco Talos blog is a perfect example of one of those free sources of threat intelligence that can be found on the internet. Their blog highlights threats and other information they find on a regular basis. However, who has the time to read all these blog posts, search through all their security tools for hits, and take action on them? Using the Threat Intelligence API, I was able to search the Talos blog (and others!) and pull out the exact information I needed to remediate my threat. Find out how on my DevNet Automation Exchange post:

2. Scouring Twitter Hashtags (e.g. #OPENDIR)

You can do a similar things with Twitter. The #opendir Twitter hashtag is used by many threat intelligence researchers to post their findings on new threats. This is a perfect example of one of those free sources of threat intelligence that can be found on the internet. Matching this information source with the connected Threat Response modules, gives you relevant hits to help protect your organization for unwanted threats.

Some example Tweets from the #opendir hashtag.

These are just two examples of what you can do with these awesome API’s.

Continue reading

Cisco and IBM Security Simplified: Mapping the Story

“The more things change, the more they stay the same” can be true even with security.

Although our security tools and workflows have certainly become much stronger over the years, some challenges haven’t changed:

◉ Businesses still worry about their intellectual property being compromised and/or leveraged for nefarious use.

◉ Deploying a secure defense is still complex; many companies can find themselves deploying 50 to 100 different tools from 50+ vendors in an attempt to protect their businesses.

◉ There is still a lack of qualified security personnel, which becomes even more problematic given the large number of vendors and tools that must be managed.

◉ It is still difficult to explain the toolsets and processes required to secure a modern enterprise.

Expanding on that last point, a year ago, we began working with IBM to find a way to explain joint Cisco and IBM security value propositions in a way that is easier for our customers and partners to understand.

We’ve been told by customers that if we can reduce their vendor count from 50+ vendors to “something you can count on your fingers and toes,” it would improve not only technical efficiency for their response teams, but also offer operational efficiency to legal and finance teams through contract simplification. In response, over time and through a number of integrations, Cisco and IBM have jointly developed a comprehensive security story, greatly simplifying your vendor and tools landscape. Now, while I can’t say in good conscience that Cisco and IBM can address all your security concerns, integrated Cisco and IBM tools and services can meet a majority of your security needs and our technology ecosystems can fill in the gaps.

The result of our efforts to better explain these Cisco and IBM security value propositions is what I call “subway map” journeys.

Mapping a customer’s security journey with integrated solutions

Initially, we began by looking at the top three areas of concern for our customers:

◉ Insider threats: threats living inside the network

◉ Ransomware: malicious software that blocks system access

◉ Compliance: the need to meet and maintain compliance requirements

When customers explore how to protect their businesses against these three use cases, they typically deploy a number of tools, which can be viewed as subway stops along the security journey (Figure 1).

Figure 1: Security journey subway map

The three colored lines in this subway map are aligned with each use case. In each journey, the light blue and dark blue stops represent Cisco and IBM products, respectively. Also notice the subway car moving through the stops. The shortage of security personnel means many of our customers rely on services from Cisco and IBM to help transport them to their destination, whether through consulting before an engagement, integration services during deployment, or managed services afterward.

You can look at the briefs for Ransomware, Compliance, and Insider Threats workflows on the IBM and Cisco Security Solutions page, but let’s take a quick look now at Insider Threat and discuss how it’s been impacted by the ongoing pandemic.

Insider threats

In the case of insider threats, the primary concern is that an employee or other insider has gained privileged access to the network and can obtain company secrets or customer data. In response, a security solution must:

◉ Block causes of a potential compromise

◉ Restrict access to limit the scope of loss if the network is compromised

◉ Quickly identify and prioritize threats

◉ Detail the response plan so operators can move quickly to mitigate damage

As shown in Figure 2, the integrated Cisco and IBM defense against insider threats includes the following tools:

◉ Cisco Identity Services Engine (ISE) orchestrates who is using the network and creates policies for where they are allowed to go.

◉ Cisco Firepower Threat Defense (FTD) provides enforcement points and detection through NGFW/NGIPS functionality.

◉ Cisco Stealthwatch provides visibility into traffic on the network—so we know policies are being observed—while also providing insight into what policies could/should be.

◉ Cisco Advanced Malware Protection (AMP) enables file inspection across endpoints, the intrusion prevention system (IPS), email, and the web (ESA/WSA) to reduce points of compromise.

◉ IBM QRadar combines alerts from multiple sources and analyzes user activity to detect malicious insiders.

◉ IBM Resilient helps companies understand and orchestrate a response plan across people, process, and technology.

◉ IBM Guardium activates data loss prevention (DLP) to further the solution through classification of sensitive assets and data protection.

Figure 2.  Insider threats subway journey

Going forward

Stay-at-home orders have created a new set of challenges for many businesses during the pandemic. While the tools mentioned in the previous section remain relevant to combating insider threats, the relative importance of technologies such as Cisco Duo for MFA, Cisco AnyConnect for VPN access, Cisco AMP4EP, and Cisco Umbrella in protecting remote and mobile workers has increased. The changes in the way our customers leverage our tools also impacts the way we focus integration surface between our companies. As you may have guessed, consumption of AMP4EP logs in QRadar has is an area we’ve seen increase and we’ve received great feedback on the recently published Cloud Security app for QRadar (Figure 3) as well.

Figure 3.  Cisco Cloud Security Dashboard in QRadar

In addition, as many of you have heard by now, Cisco has been focusing heavily on improving usability and workflow for customers leveraging our tools. That work has culminated in the recently launched Secure X tool. I’m happy to say that we have integrated Secure X into QRadar, so that customers can get hover-over information from Secure X directly in QRadar and also pivot into Secure X for additional drill-downs and investigation details.

Continue reading

Cisco Meeting Server 3.0 Feature Release

Premise-Based Conferencing Option with Cisco Meeting Server 3.0

“Going to the cloud” seems to be the talk of the town; however, the cloud is not everyone’s cup of tea. If that’s your case, we hear you, and we care about you. Cisco continues to offer a premise-based conferencing option just for you.

Let me tell you about our latest Cisco Meeting Server 3.0 feature release.

Just because you are not on the cloud, doesn’t mean your platform can’t be like the cloud. Cisco is working hard to align user experiences between Webex and CMS in order to simplify scenarios where customers use both. With this new release, we have a greater number of concurrent web app sessions, new web app in-meeting controls, and branding capabilities to give meetings your companies look and feel.

Better Meeting Experiences

The engineering team has been hard at work delivering agile feature releases every four months, with features you can use now while working remotely or from home. We are also continuously working to keep CMS a user friendly and intuitive platform.

Scalability – CMS extends its industry-leading scale with the web app. The web app scales to the same capacity as SIP calls on the CMS callbridge for internal calls and calls over a VPN.

Web App – Anyone can join a meeting quickly without installing anything by using the web app powered by WebRTC technology. With web app, users can create, join, and manage their meetings using their preferred browsers including Chrome, Firefox, Safari, Edge, or Yandex. New in-meeting features with the latest release include:

◉ Add/drop participants
◉ Mute others or all
◉ Branding
◉ Start a recording or streaming session
◉ Name labels
◉ Lock / unlock
◉ Making participants important

More Advanced Features with the 3.0 Release

The 3.0 release also brings more advanced features like separate windows for video and content to allow users to use two screens or just to optimize how they use their desktop. Below is an example of branding now available with the Meeting Server web app.

Self-management – Administrators can provision templates allowing users to create their own spaces based upon admin defined templates. Other options include setting PIN’s for hosts or guests and adding additional members to the space.

Smart licensing – This release also changes licensing, where Cisco Meeting Management (CMM) is required with all deployments for licensing usage reporting, plus integration with Cisco Smart Licensing.

Smart licensing is a new way of thinking about licensing. It can be applied to all Cisco products and is now available through CMM for CMS clusters. Smart licensing simplifies managing licensing for CMS, which means no more license files must be applied to servers. It provides key information about software entitlement and utilization in one centralized process. CMM will be mandatory for all new customers. Smart Licensing is required for new customers, optional for existing customers.

TMS - Cisco TMS provides centralized control for on-site and remote video systems and a deployment and scheduling system for your entire video network. TMS for scheduling now supports Oath authentication with O365 & Exchange hybrid deployments. TMS for higher education customers allows CMS recording to be configured when scheduling with the help desk.

In Conclusion

All of these new Cisco Meeting Server features gives your company the tools you need for getting business done, weather meeting in the office, from home or on the road. Existing customers with valid support contracts can find this new version on the software download center.

Cisco Meeting Server Web App – Feature List Comparison

Continue reading

Renown Health: Supporting patients during a global crisis

Last week you read about Reno, Nevada’s Renown Health’s recent upgrade to Cisco Catalyst products including switches, access points, and controllers. When I spoke with Dustin Metteer, IT Manager at Renown Health, he also explained that they’ve developed new safety protocols for COVID-19 and have built out tented testing centers and new field hospitals to support a potential influx of patients from across the state.

No visitors, no problem: filling the gap with technology

With strict protocols to ensure the safety of all in its facilities, no visitors are allowed at Renown Healthcare hospitals. Patients are often quarantined by themselves for extended periods of time and can get lonely. To help combat this loneliness, the hospital purchased hundreds of Apple iPads and handed them out to different departments to allow patients to communicate with their families.

Something I didn’t discuss with Dustin, as it didn’t make any difference in their decision to offer this gesture of kindness, is Cisco’s wireless partnership with Apple. Cisco and Apple have partnered to provide a better overall wireless experience to end users and IT managers, and this equates to better connectivity for users and improved troubleshooting data for engineers to solve issues faster. A win for all.

Standing up testing sites and field hospitals

For hospitals across the world, COVID-19 has meant preparing for a worst-case scenario should they move beyond capacity. To provide safe testing away from the main hospital building, Renown Health started with a single parking lot tent testing site. To connect the tent to the hospital network and its applications, Dustin and team ran a fiberoptic cable out to the tent, plugged in a Cisco Catalyst 9300 UPOE+ switch and instantaneously had connectivity and 90 watts of power per port for Cisco IP phones, Cisco access points, and a handful of desktop computers, with room to add more. This has now been replicated multiple times as needed across their other hospitals and urgent care facilities in the system.

The Big Ask

Following the initial rollout of tented testing centers, Dustin received a call about building out a temporary field hospital.  As Dustin explains, “We got a big ask, they wanted us to convert our parking garages into field hospitals.” This ask included designing a network for a facility that could house up to 2100 beds to care for those infected with COVID. If you’re familiar with a modern hospital room, you know they include lots of connected devices for monitoring, alerting, and communicating with staff. To support this need, the final design consisted of Cisco POE switches, Cisco access points and wireless controllers, and Cisco IP phones. The deadline: two weeks.

With not much time to make this happen, Dustin pulled together some spare equipment, mapped out and designed the network, and worked tirelessly to get the hardware deployed, software updated, and all his policies set. He had 14 days but completed the task in just 10. And while Dustin was working on the network side of things, he didn’t forget to give a shout out to the construction crew and electricians, and especially the Army Corps of Engineers. “They wrapped the entire garage, inflated it, brought in HVAC, all kinds of stuff, just great work.”

Repurposing old equipment gets the job done

The network that Dustin deployed in the parking garage includes five Cisco Catalyst 9300 UPOE+ switches and 30 Cisco Aironet 3702 access points. Giving a nod to his appreciation for the latest gear, Dustin says, “We had to use what was available quickly. I would’ve like to have used the Catalyst 9120 AP’s but we had to make do with what we had.”

Because Renown had recently gone through a refresh at several of their hospitals, they had equipment on hand that was already spun and ready to go. This made the job go a lot smoother and reduced network equipment expenses for the field hospital.

Renown is continuing to support COVID patients and as the disease ebbs and flows, the hospital will adjust its facilities and do its best to make space available to care for its patients across the state. This might include adding new field hospitals, testing sites, and other areas to support patients and staff during the pandemic.

Soapbox time

In closing, I’d like to say that I can’t wait for this horrible disease to be done and over with so we can all get back to our regular lives. That said, I find the work we do together as humans inspiring, especially when we work together for the betterment of mankind. Hearing Dustin’s story gives me hope: to hear what’s possible, to hear that a parking garage can be converted into a fully functioning hospital in less than two weeks, to know we will get past this pandemic and that technology will help play a major role. I’m an optimist, I’m also logical, and I know that it will take a lot of work, dedication, and an enduring effort to get us back to where we once were.

Source: cisco.com

Continue reading

The Transformation of Software Testing

Traditional development and testing cycles have been a limiting factor for increasing the speed of creating and releasing new functionality as well as improving the quality of final releases. When much of a development team’s time is taken up with the looping, iterative cycle of design-develop-test-debug, a lot of creativity gets squeezed out of processes and people. Longer development cycles prevent new features—especially those specifically requested by customers—from being released on a timely basis. When customers have limited insight into how those features are being designed and implemented, they can be reluctant to implement them without extensive and time-consuming testing.

A trickier legacy issue to address is that IT buyers have lost trust in existing software development processes to deliver high quality code in dot zero releases. Instead they wait by default for future point deliveries, expecting more acceptable quality before even considering testing a release. Resolving this trust issue is a root driver of the transformation of testing.

We discussed the necessary shift in mindset required to digitize software development by making every person a developer and democratizing the entire process. We also touched on the value of integrating testing developers into the early design and develop stages. In this second post, we will examine in more detail this shift in testing to understand how it transforms the entire development cycle to the benefit of customers as well as developers.

Our goal in the Cisco platform independent group, which provides routing and control plane protocols and DevOps tools to the XE, XR and NX software development teams, is to digitize and transform processes and skillsets to create a hyper-efficient development organization. In particular, we are integrating the development of unit, integration, feature, system, and solution tests into the early stages of the development cycle with real-world use cases based on diverse customer network hardware and software configurations and topologies. How do we capture this detailed customer information? We listen. We share. We communicate.

Bidirectional Communication with Customers Critical in Early Development Stage

We are engaging customers much earlier in the development lifecycle with a goal to build a bidirectional communications channel between Cisco development and customers. First, we listen to understand customer requirements, topologies, and traffic patterns and feed those parameters into our design documents. We request customers’ device configuration files so we can prepare test plans incorporating an appropriate mix of “live in the field” hardware and software environments. We then verify with customer IT teams our design specifications to ensure a mutual understanding of goals. By providing insights into feature functionality and sharing test plans, customers can better prepare for implementation before the final release. Customers can also share their proposed test plans with our teams so that special use cases can be incorporated into our test plans as well.

Cisco customers have been eager to participate in early engagement opportunities to provide real-time feedback on specific feature designs and implementations. A participating customer related to our teams that the recent collaboration with Cisco Engineering “…was fruitful as it ensured that Cisco’s implementation of a specific feature was matching our expectations. Early engagement helps us understand new features so we can create successful design documents as well as train our certification teams. This early collaborative process also helps our team avoid ‘working as designed’ surprises during our testing.”

These collaborations among Cisco development teams and customers result in a reimagining of test design and procedures that permeate the development lifecycle.

Reimagining Testing Throughout Development

As we’ve previously discussed, within our platform-independent teams, everyone is a developer—from solution architects and designers to coders and testers. Each role plays a hand in ensuring the solutions and tools we build meet our customers’ requirements—whether internal teams or external enterprise IT organizations.

One key method of transforming testing efficiency and completeness is to integrate developers into the process who have in-depth experience with customer implementations, configurations, and troubleshooting. They participate upfront in the design stage to ensure that new features will work in real-world brownfield as well as greenfield environments. This change makes it possible to evolve from thinking primarily in terms of individual features that are designed, developed, and tested in isolation, to a customer-oriented solution approach. While each feature is coded with specific functionality by design, each must also be implemented as part of a complete networking ecosystem. Applying this philosophy not only helps identify unintended feature interactions, but also moves defect discovery to much earlier in the development cycle, in effect flattening the curve of found defects throughout the development cycle—a primary goal of testing transformation.

New features are not the only testing points to emphasize during the design phase. Since the main “users” of networking software are highly-trained technical professionals, serviceability is key to keeping them productive. For example, interfaces providing data such as telemetry and error codes, as well as CLI formats, are designed from the technical users’ point of view. In design documents, we consider how to expose sufficient debug information to enable faster problem resolutions, but without overwhelming technicians with irrelevant details. Here we are applying machine reasoning to assist in triaging issues. Ease of configuration of network devices and Day 2 management are also critical considerations for testing usability and serviceability. Training and automated checklists ensure that developers are abiding by serviceability guidelines and applying serviceability measurement to code during development.

New software releases are also scrutinized to minimize any unexpected changes in default behaviors. From release to release, behavior testing ensures that:

◉ Software doesn’t consume more memory or processing capacity than in a previous release unless a new feature requires it and is thoroughly documented to prepare the customer.

◉ New releases are backward compatible with supported hardware and software.

◉ Scale and performance do not degrade but stay consistent or improve.

Ultimately our goal in reimagining testing is to build a lasting bridge to quality to ensure our customers have trust in each and every release. While we have always performed intensive feature testing to validate functionality, integration, scalability, and usability, we are emphasizing a significant focus on solution level testing to ensure high levels of performance, interoperability, reliability, security, and conformance. Combined, these layers of testing will provide greater assurance that releases will perform as expected in a multitude of customer environments. We are building this bridge to quality with a unified development infrastructure for testing.

Unified Development Infrastructure Increases Automation and Consistency

Software in the process of being coded is often tested in virtual testbeds that can be quickly modified. This usually works fine for unit and integration testing. However, the further along the development cycle, the more complex the testing and interactions with the environment. Virtualized testing may not uncover all the issues that will be discovered in real-world configurations.

To address this gap, we are building flexible testbeds based on real hardware—routers, switches, servers, access points and software—that mimic real network deployments and operations. Since testbeds are based on a common infrastructure and environment, they enable reuse, code sharing, and complimentary software testing. Unifying topologies and infrastructure in development and testing improves efficiency by uncovering issues earlier in the cycle.

The next phase, already in progress, is to create “topology on demand” testbeds that enable developers to design tests based on a variety of environments and have them automatically configured, based on network devices customers are actually using. We are also creating new tools to automate whole testing processes with reusable Test Blocks. These will enable developers to pick and choose from a library of pre-constructed tests. In turn, the tests are run with automation tools that perform the processing and recording of results. The testing process becomes more of an intellectual design exercise compared to manually assembling and running test after test with slight variations—a boon for developers working on tight timelines.

Transformation of Software Testing Benefits Developers and Customers

Reimagining and transforming the development testing cycle is paying off at Cisco in multiple ways. Internally, new tools for automating testing processes are making work more efficient and more engaging for developers at every stage of the software cycle. As we involve customer teams earlier in the development cycles, they are regaining trust in software release readiness and are willing to deploy new solutions sooner after release with more confidence.

Continue reading

Introducing the Cisco C240 SD M5 Server for the Performance Edge

Supporting applications at the edge with high-performance, easy to manage UCS C240 SD M5 Server

As more data and processing needs exist and are growing rapidly at the edge, providers and customers are exploring methods to avoid the bandwidth, latency, and overall costs of backhauling content to the traditional data center. Instead, the industry is moving towards enabling the more intense computational needs closer to where this data and content is gathered and presented.

According to IDC (1), 50% of new enterprise IT infrastructure deployed will be at the edge by 2023, and there will be an 800% increase in the number of apps at the edge by 2024. The industry is already looking for innovative methods to uniformly operate in this greatly scaled out environment.

We talked with many customers looking at these needs in areas such as service providers, hosting providers, enterprise branch, retail, defense, and many others, they have shared some common requirements:

◉ Solution optimized for a compact and tactical environment

◉ Simple on-boarding to management and orchestration tools by non-IT personnel

◉ Autonomous operations, with an ability for simple periodic updates

◉ Easy access and maintenance by non-IT personnel

◉ Performance that traditionally resides within today’s Data Center

◉ Enhanced security to operate within shared-use multi-access facilities

◉ Flexible options along with global 24×7 support

Cisco used these customer requirements to guide us as we developed a new UCS server platform for our customers. Our teams have been working hard on this problem and we are excited to announce the new Cisco C240 SD M5 server.

Introducing the Cisco UCS C240 SD M5

The Cisco UCS C240 SD M5 is available today and delivers a performance edge solution integrated with our Cisco Intersight offering to allow the same advantages in edge that existing Cisco customers consume in their data centers today.

The Cisco UCS C240 SD M5 delivers the following key capabilities for customers:

◉ Simplicity: Easy deployment and connection to network and power

◉ Turnkey: Simple onboarding into already defined policy

◉ Cloud or Virtual Appliance Managed: Simple Intersight claiming, Cloud or Connected/Private Virtual Appliance

◉ Economic: Match workload density needs to ratio’s only seen inside traditional DC with full performance – while fewer device touches and full Intersight management means reduced operational costs

◉ Future Proof: Standard peripherals and accelerators supported as rest of UCS line

◉ Agile: Intent based Intersight template definition of many edge sites from a single policy

◉ Complete Stack at Edge: When combined with HX and HXAP (both of which will be available late 2020 on the C240 SD M5) you have platform for full stack management to match storage, SD-WAN, servers, network all in a coordinated fashion

Optimized for a compact and tactical environment

The Cisco UCS C240 SD M5 is built for environments within and outside a traditional data center with some key points below. The C240SD M5 Server:

◉ Can be stacked up to 4 high without racking – or in 2 and 4 post racks

◉ Can be installed against rear wall with minimum 6” rear clearance

◉ Is just under 22” deep

◉ Can be powered by 120/240VAC or -48VDC

◉ Users can connect 2 nodes together directly with 10GE cable for workload live-migration

◉ Can be deployed with 1 or 2 Intel Xeon SP processors (configuration options will change)

◉ 24 DIMM slots supporting up to 256GB DDR4, or add 128/256/512GB PMEM modules to a maximum of 9TB

◉ 2-6 SAS/SATA/NVMe Drives, 2 M.2 Drives

◉ 2-6 PCIe slots (Gen3 with 2 x16, 4 x8)

◉ Will have future NEBS L3 qualification

◉ Unit has optional internal M.2 boot drives

◉ Has a tamper-evidence device that will raise alarms in multiple management systems

◉ FCS operation up to 10,000 ft, testing in progress to 13,000 ft

◉ FCS temp range from 10-40C, testing in progress to 50C (and peripheral options come into play)

◉ Shock in operation a 10g, and non-operational to 20g

Simple on-boarding to management and orchestration tools by non-IT personnel

In order to gain the advantage of remote installations without IT staff travel, Cisco has invested in methods to ease the onboarding of the C240 SD M5 both in situations where a pre-staging can be done, and also developing a low-touch deployment that will be allow direct shipments to remote sites. These methods will allow remote staff who have limited compute expertise to perform an installation of the Cisco edge solution. Some key elements include:

◉ Staging Intersight pre-claim today

◉ Intersight onboarding directly by non IT remote staff in near future

◉ Remote config setup, validation, and OS installation via policy

◉ Operational analytics

In summary the customer can stage at a partner today, units for global deployment, or in near future just deploy at these global locations with no staging required. All state to be installed on that server (config, options, OS/Hypervisor, Analytics, etc.) can be done not only remotely – but in the policy already defined within Intersight.

Autonomous operations, with an ability for simple periodic updates

In many of these types of edge deployments, having a model that is not connected to the cloud is a mandatory element. Cisco has many deployment models starting with simple stand-alone device management through our Cisco Integrated Management Controller that can be configured via multiple scripting and API methods. To take this further, based on our customer requirements we have developed the Intersight Connected Virtual Appliance which maintains a relationship with Cisco for real-time analytics and support, or the Private Virtual Appliance that has no connectivity back to Cisco. The latter provides isolation in the customer environment much like perpetual isolated software components common today.

To allow a capability of keeping updates for latest support and features ,the connected appliance can operate disconnected for up to 90 days – when the connection can be re-established, or in the case of the private appliance disconnected for same duration before customers are asked to update the appliance via a downloaded package.

Easy access and maintenance by non-IT personnel

The C240 SD M5 has a key advantage of all front access, where only rear components are the redundant fan modules. The components allow for easy replacement with easy access should maintenance be required.

Performance that traditionally resides within today’s Data Center

In many edge platforms today, the processing and peripheral/storage needs are much smaller for far edge points of the environment. Using those platforms to address the performance needs of hosting workloads, processing of data and video, transcoding, etc. are forcing higher processing and peripheral needs into the space between DC and edge. The Cisco UCS C240 SD M5 fits into that space and offers the performance of the full suite of most Intel Xeon SP models, Intel N3000 FPGA devices, nVidia T4 devices, up to 6 PCIe slots (2 x16), SAS/SATA or in combination with 6xNVMe.

As customers look to deploy SD-WAN solutions that include edge sites, methods to store large amounts of data where it is generated at the edge, process that data at the edge, our solution when combined with HyperFlex and HyperFlex Application Platform in the coming quarter will provide a full-stack solution to those locations with a single point of management and analytics.

Enhanced security to operate within shared-use multi-access facilities

As the data, business processing, and key Intellectual Property move outside the well-defended DC into these edge locations, the ability to secure these elements moves from an over the top add-in into a integrated strategy. Cisco UCS C240 SD M5 bases our security in our Cisco ACT2 technology that validates the hardware, the booting process, all firmware components up the stack. Cisco also supports Self Encrypting Drives in this solution, so that a unit will brick if removed. Cisco also includes tamper sensing within the solution that will allow central alarming.

Flexible options along with global 24×7 support

Customers we have talked with envision using the C240 SD M5 offering in combination of bare metal workloads, container workloads, standard virtual server hosting, Cisco HyperFlex solution, and more generally in a variety of storage heavy or PCIe dense deployments.

Cisco has multiple methods in the C240 SD M5 for sharing support information with Cisco TAC, including the fully connected TAC offering inside Intersight. All of the benefits of Cisco Intersight from an infrastructure automation and orchestration perspective are available to the C240 SD M5 at launch.

Customer Focused, Operate at Scale

Customers desire a platform for performance edge needs that is agile, simple, and economic. The new Cisco UCS C240 SD M5 delivers on that promise by providing a turn-key platform that is simple to deploy and operate and reduces the burden of IT staff. Future options for new acceleration technologies, driven by Intersight intent based policy and centrally managed will remove significant roadblocks to a modern performance edge. Operating at the scale of thousands or higher is much more straightforward with the UCS C240 SD M5 and Intersight together.

Continue reading