Get Ready to Crack Cisco CCNP Enterprise 300-425 Certification Exam

 

Cisco CCNP Enterprise 300-425 Exam Description:

The Designing Cisco Enterprise Wireless Networks v1.0 (ENWLSD 300-425) exam is a 90-minute exam associated with the CCNP Enterprise and Cisco Certified Specialist - Enterprise Wireless Design certifications. This exam certifies a candidate's knowledge of wireless network design including site surveys, wired and wireless infrastructure, mobility and WLAN high availability. The course, Designing Cisco Enterprise Wireless Networks, helps candidates to prepare for this exam.

Cisco 300-425 ENWLSD Exam Overview:

• Exam Name: Designing Cisco Enterprise Wireless Networks

• Exam Number: 300-425 ENWLSD

• Exam Price: $300 USD

• Duration: 90 minutes

• Number of Questions: 55-65

• Passing Score: Variable (750-850 / 1000 Approx.)

• Recommended Training: Designing Cisco Enterprise Wireless Networks (ENWLSD)

• Exam Registration: PEARSON VUE

• Sample Questions: Cisco 300-425 Sample Questions

• Practice Exam: Cisco Certified Network Professional Enterprise Practice Test

Related Articles:

• 300-425, ENWLSD Certification: Study Guide & Career Benefits

• A Developed Plan of Action for Cisco 300-425 ENWLSD Exam Preparation

Continue reading

Stop playing whack-a-mole and put threats to rest with Cisco Stealthwatch Cloud

I was recently able to grab some time with a Cisco customer to hear about their experience with Cisco Stealthwatch Cloud, a SaaS-based Network Detection and Response (NDR) solution. Aspire Technology Partners, a Managed Security Service Provider, explained their use of the product for one of its customers that was in a dangerous situation involving some slippery malware floating around in the network. As I worked on this case study, I couldn’t help but think of one thing in particular…The North Carolina State Fair.

I am a relatively new North Carolina resident. Prior to working from home, I was no stranger to the commute up I-40 to building 9 of Cisco’s RTP campus. As I found my way around my new home state, I kept hearing that the NC State Fair is a rite of passage for new residents. I decided to check it out. What an experience that was. I got to see a monster truck show, a lot of farm animals and the world’s largest pumpkin. I also ate more fried food on a stick than my heart could handle. We also got to play whack-a-mole, a game that requires you to smash each mole as they poke their heads out of the machine with a mallet. As you progress, you earn points for each successful ‘whack’. Unfortunately, you can never really win since they never stop popping up.

Without an NDR tool like Stealthwatch Cloud in place, the modern Security Operations Center (SOC) is effectively doing the same thing. Their endpoint and perimeter solutions, while critical to network safety, are playing whack-a-mole: stomping on malware and isolating devices as they become infected while still knowing that the network is still at risk. Without east-west monitoring and visibility into encrypted traffic, businesses are susceptible to subsequent attacks once malware has established a foothold on the network. If your security team can’t identify how threats are accessing the network, malware could stay hidden for months…or even years.

Aspire Technology Partners was working with a customer who deployed an Incident Response (IR) team to contain a threat, believed to be ransomware, that was surfacing all over their network. The Aspire SOC team decided to deploy Stealthwatch Cloud to track the malware through east-west traffic monitoring. Here are a few reasons why Stealthwatch Cloud was critical to not only detecting the threat, but also stopping it dead in its tracks:

Stealthwatch Cloud deploys almost instantly

The Aspire SOC team deployed Stealthwatch Cloud on the customer’s private network in just 2 hours. This allowed the team to immediately start digging through east-west flows to hunt down the threat.

Stealthwatch Cloud detects threats behaviorally

Stealthwatch Cloud uses the network itself as a sensor, and offers both automated threat detection and the ability to search manually for threats. The team needed to identify the foothold of the attacker, and with comprehensive visibility provided by Stealthwatch Cloud, was able to discover that the malware found its way into the network via a vulnerable 3rd party device. No endpoint or agent-based solution could have figured this out.

Built-in remediation methods enable quick response to threats

Stealthwatch Cloud offers a wealth of integrations with 3rd party and Cisco solutions that allow users to go one step further and communicate across their organization, pivot into other tools to carry on an investigation and much more. Alerts come alongside their supporting observations that contain bits of context that users can leverage as they continue to investigate. A simple firewall rule blocked out this malware for good.

So, stop playing whack-a-mole, unless you’re at the fair. Even with proper agent-based and perimeter protection, your network may still be at risk. You can fill that gap and gain comprehensive visibility on-prem or in the cloud with Stealthwatch Cloud.

Continue reading

The Must-Know Techniques to Prevent IT Downtime

Everyone in IT knows the feeling. It’s the little voice in your head that pings you out of nowhere, and asks:

“Have I covered everything? Are we as prepared as we should be for an outage? How much does our resiliency plan have to change?”

You’re certainly not alone. Over the past three years, 96% of IT leaders have experienced at least one significant outage. In the same period, the average U.S. organization experienced 10 IT blackouts or brownouts.

Outages have become alarmingly close to common. Thankfully, there are strategies you can introduce to prevent unexpected downtime before it happens – and get the reassurance of comprehensive network insight to preempt issues.

The true cost of IT outages

When an organization’s network goes down, the effects can be anywhere from inconvenient to catastrophic. In total, IT outages cost North American businesses $700 billion every year.

These losses aren’t confined to revenue. Losses can impact internal productivity, mitigation costs, and even the brand. Just one hour’s downtime can cost an average of $250,000 to $300,000, depending on the size of an organization and its industry.

In the new era of ‘the customer experience’ – where expectations for a superior experience and network access continue to grow – the stakes for staying connected have never been higher.

The basics of incident prevention

The biggest challenge in preventing brownouts and blackouts is identifying root causes in advance and preempting their effects. To achieve this, your organization needs proactive processes to monitor your network, identify risks, and take preemptive actions.

However, monitoring can be difficult for understaffed IT teams, who are focused on the delivery of immediate business goals. Monitoring takes time, and automation is required to identify risk faster, accelerate remediation and reduce the chance of error.

There is another way. Cisco Business Critical Services (BCS) augments your team with analytics and expertise. By investing in experts who’ll continuously engage with your IT professionals and share proactive recommendations to prevent incidents, your teams can get greater visibility into their IT infrastructure to improve uptime, performance, and availability.

Become an expert by learning from others

It’s one thing to understand what could go wrong in your organization. The next step is learning from other businesses’ experiences, and how their outages can help prevent yours.

Thanks to advances in predictive analytics and machine learning, businesses now have access to global intelligence to predict weak points in their own networks. For example, Cisco’s BCS experts draw on their anonymized and proprietary database collected and aggregated from over 30 million devices worldwide.

By cross-referencing our data with your devices, we can help you identify and mitigate vulnerabilities before they impact your organization. Empowered by Cisco intellectual capital, our expertise – powered by analytics, insights, and automation – can help your IT teams avoid costly downtime.

How to review an outage

Likewise, if an outage does take place, a consistent, proactive approach is critical to reaching a positive outcome. As part of Cisco BCS Advantage, our Expert Incident Review recommends best practices to shore up your own incident review framework, then practice it, to improve your network stability and performance:

Turn adversity into opportunity

Network brownouts and blackouts are costlier than ever. But with incident prevention, regular reviews, access to Cisco experts, analytics, insights, and more, IT decision makers are well-positioned to deliver an always-on network.

Continue reading

Cisco Data Centers Segment Routing Traffic Engineering for Service Providers

We are entering a new Era moving to 5G in global pandemic

As we move into the exciting era of 5G and witness an ever-growing number of new devices coming online, the transport network is finding its overall capacity tested in ways we’ve never seen before. Millions of mobile voice, data, and video users and millions more Internet of Things (IoT) devices connecting 24 hours per day means handling this traffic load will present a real challenge in the future.

Cisco predicts* there will be 50 billion devices connected to the Internet by 2020. Advancements in 5G make it more possible to connect industrial IoT, cars, virtual education, smart communities, industrial machinery, and robotics around the world, all piped through the same ultra-fast network.

There is a new perspective on the modern workplace. The first half of 2020 will go down in history as one of the most tumultuous times in living memory. The number of people working from home worldwide has doubled during the corona virus crisis. The pandemic is likely to cause a permanent increase in remote working even after the crisis. With little notice, this culminated in many businesses having to shift a large proportion of their workforce to a home working model – Leading to humongous reliability on technology to communicate and collaborate within an enterprise and between businesses.

Where Service Providers stand nowadays?

We’re living in a world where application loyalty has become a real measure of brand loyalty. Service Providers are striving to make the application capable of reaching the end-user quickly enough to prevent the degradation of the experience. Network slicing and segment routing provide intelligent routing and traffic differentiation required to efficiently support this distributed architecture.

Service Providers end to end network starts with a fabric relying on the Cisco Nexus 9000 Switches, which provide the foundation for data centers, data centers interconnection with the core and segment routing traffic engineering SR-TE for network slicing.

Segment Routing Operation

Segment routing divides the network into “segments” where each node and link could be assigned a segment identifier, or a SID, which gets advertised by each node using standard routing protocol extensions (ISIS/OSPF or BGP), eliminating the need to run additional label distribution protocols.

As service providers architect the 5G transport domains, leveraging segment routing with traffic engineering is the next generation network design direction.

Nowadays, many Service Providers are moving to Segment Routing because it allows the network to differentiate the way it delivers applications with unmatched simplicity and scalability.

We have engineered segment routing to the NX-OS software code on Nexus 9000 series switches. The unprecedented growth requires Service Providers to transform their networks, and Segment Routing is becoming one of the keys to successfully paving the way to that transformation.

Segment Routing Traffic Engineering (SR-TE)

Segment Routing Traffic Engineering (SR-TE) provides a simple, automated, and scalable architecture to engineer traffic flows in a network. SR-TE takes place through a tunnel between a source and destination pair where it uses the concept of source routing, where the source calculates the path and encodes it in the packet header as a segment.

TE is a discipline that assigns traffic flows to network paths in order to satisfy Service Level Agreements (SLAs). For example, assume that a service provider maintains an SLA with a customer. The SLA guarantees low loss but does not guarantee low latency. Therefore, the service provider might apply a TE policy to that customer’s traffic, which forces it to take low loss paths.

Nowadays, Cisco Nexus 9000 series switches enables customers with segment routing for traffic engineering (SR-TE), which enables Services Providers not needing to maintain a per-application and per-flow state. Instead, it simply obeys the forwarding instructions provided in the packet. This is the corner stone capability to have 5G networking slicing within a backhaul network.

SR-TE utilizes network bandwidth more effectively than traditional MPLS-TE networks by using ECMP at every segment level. It uses a single intelligent source and relieves remaining nodes from the task of calculating the required path through the network.

What is Network Slicing and what the Nexus Switching platform with NX-OS offers to Service Providers?

Network slicing is a flexible, scalable architecture that allows the multiplexing of virtualized, independent networks on the same physical infrastructure, taking advantage of concepts such as Software Defined Networking (SDN) and Network Function Virtualization (NFV). It enables the management of multiple logical networks as virtually independent business operations on a common physical infrastructure.

With end-to-end network slicing, Services Providers differentiated services can be offered on the same network infrastructure with guaranteed SLAs, creating a sizable opportunity. As the underlying virtualized 5G networks become more complex, automation is essential to operate at scale to contain costs. And an open environment is critical to enable new industry partners to develop new services and drive revenue.

It offers the ability to partition mobile networks into a set of virtual resources, and each “slice” can then be allocated for different purposes. It is a key concept in 5G and a way to utilize the network in a more intelligent and cost-effective way than ever before.

How Does Network Slicing Differ from Segment Routing?

Network slicing and segment routing are two separate functions that work together to improve the end-user experience.

Segment routing is gaining popularity as a means of simplifying Multi-Protocol Label Switching (MPLS) networks. We see segment routing changing the way MPLS networks function and facilitating the adoption of SDN. Because segment routing directs traffic on a stateless, flexibly defined path, it has the benefit of being programmed by an SDN controller or locally by the head-end source-based routing.

Introducing Service Provider 5G Networking with SR on NX-OS – SRTE – Flow-based Traffic Steering

Cisco NX-OS provides a seamless protocol gateways functionality that merges the border leaf/spine and the MPLS provider edge router into a single device (WAN Edge) to provide Layer 3 external connectivity to data center fabric.

Unified data plane in transport MPLS SR hand-off

Seamless Protocol Gateways

Data Center deployments have adopted VxLAN EVPN for its benefits such as EVPN control-plane learning, multitenancy, seamless mobility, redundancy, simple expansions, and proportional multipath for VNF.

Within the data center fabric, VxLAN QoS enables Service Providers to provide Quality of Service (QoS) capabilities to traffic that is tunneled in VXLAN. This includes classifying traffic and assign different priorities, and queuing & scheduling process which allows to control the queue usage and the bandwidth that is allocated to traffic classes.

For large scale deployments involving several VRFs extending to the core transport, configuration and operations becomes cumbersome especially using VRF-Lite with large number of routing sessions. A single control plane session (MP-BGP EVPN) is used for all VRFs instead of having per-VRF session between VxLAN EVPN fabric node and core network.

Cisco Nexus functionality seamlessly interconnects VxLAN EVPN fabric with Segment Routing L3VPN by allocating a per VRF (tenant) label and advertises to the L3VPN peer(s) across the Telco core transport network providing an end-to-end traffic classes path control by matching the 5-tuples and/or DSCP values which is a key 5G network slicing concept.

This functionality seamlessly interconnects VxLAN EVPN fabric with Segment Routing L3VPN by allocating a per VRF (tenant) label and advertises to the L3VPN peer(s) across the Telco core transport network providing an end-to-end traffic classes path control by matching the 5-tuples and/or DSCP values which is a key 5G network slicing concept.

Continue reading

Why Being Different Is Better

At last year’s Partner Summit, Cisco Channel Chief Oliver Tuszik talked about how partners can “own their edge” to uniquely differentiate themselves and help them perform today while transforming for the future. You may also recall his hilarious comparison to a monkey. Although he and the monkey share 99% of the same DNA, the 1% makes them very different beings. That 1% difference in a business context is a competitive advantage that leads to greater partner margin, revenue, and material business outcomes for customers. It is why differentiation is a big focus for Cisco and our partners.

When we talk about differentiation within the Strategic Partner Organization, we’re referring to how we work with our global partners to create a unique competitive advantage that showcases our joint capabilities for customers. How do we do this?  We use a combination of co-developing technology, integrating platforms with APIs, creating new go-to-market initiatives, and building new solutions and joint architectures that open up new buying center budgets within customers. This differentiation is the secret sauce that gives Cisco and our partners the competitive edge to deliver business outcomes.

Differentiation at Work

Here are a few real-world examples of how Cisco and some of our global strategic partners are driving differentiated business outcomes:

NTT

NTT Ltd. provides customers with outcome-based solutions powered by investments and strategic collaboration with Cisco. Our partnership centers around the joint development of consumption and adoption models for software (and services) that delivers on the promise of client-centric, data-driven, managed services. Seamless access to accurate and actionable data is the key differentiator for NTT Ltd., which is integrating more than 160 APIs and telemetry from Cisco platforms, products and programs into their service layer and managed center portal. API integration and telemetry allow customers to realize the full value of software licenses, easily track ROI and build new opportunities for innovation and growth, while ensuring a delightful, data-driven customer experience.

SAP

Through Cisco’s AppDynamics Business IQ for SAP, customers can visualize their SAP application performance and measure how that performance impacts their business health. The solution, which also monitors non-SAP business processes, uses machine learning algorithms to flag operation bottlenecks and provide root cause analysis so customers can remediate the issue. Read our SAP Partner Executive Robert Madl’s August blog “Monitoring SAP Business Processes with Cisco AppDynamics” for more details.

Schneider Electric Industries

Industry 4.0 is enabling digital transformation and delivering business outcomes such as increased agility and productivity gains while reducing operating costs for customers in manufacturing and industrial plants. Cisco and Schneider Electric Industries are committed to take advantage of this market with our joint differentiated solution architecture EcoStruxureTM. Our latest offer, SecureConnect EcoStruxure, leverages Schneider’s market leading IIoT applications integrated with Cisco’s industrial networking, edge intelligence and end-to-end security solutions. It was recently deployed by a large global mining company, which used asset optimization and asset tracking. Additional industry use cases include predictive maintenance and remote monitoring.

Deloitte

Another example of partner differentiation is the collaboration between Cisco and Deloitte. We team together to leverage Deloitte’s cyber strategy and transformation experience with Cisco’s industry leading security portfolio of products. Combining our joint strengths, we helped a large healthcare provider bridge security capability gaps, identify and align on key security priorities, and achieve security objectives through a Security Enterprise Agreement (EA) Value Assessment. The Assessment is designed to provide an objective third-party evaluation of EA value over the agreement’s term, providing customers with data to develop an actionable strategy to realize the highest value of a Cisco Security EA.

NetApp

Our customers live in a hybrid cloud world. They seek consistent and reliable ways to manage their data—whether in the data center, at the network edge or in the public cloud. You’re likely aware that Cisco and NetApp’s converged infrastructure platform FlexPod has supported mission critical applications for over a decade. But did you know that FlexPod offers an elegant solution for modern, hybrid cloud environments? FlexPod leverages NetApp’s Data Fabric, a part of their ONTAP storage operating system, to accelerate digital transformation by simplifying and integrating data management across cloud and on-premise environments.

Continue reading

Top 5 reasons to keep your Identity and MFA providers in sync

By now, you may have heard about SecureX, Cisco’s new integrated platform that simplifies the security experience. SecureX is built into the Cisco security portfolio, and connects your entire security ecosystem for simplicity, better visibility, and greater operational efficiency. SecureX sign-on is one of the key features of SecureX – it’s giving users instant access to the platform and all of their applications and data, while keeping the identity provider (IdP) and multi-factor authentication (MFA) in sync.

Is your organization using an IdP and MFA provider? You can make life easier for your SecOps team, while strengthening your organization’s cybersecurity posture, improving compliance and increasing visibility without adding tasks to your team. This post will describe a new automated process that can do all these for you.

Background

With SecureX sign-on, we are using several identity providers (like Okta, Auth0, Azure AD and Cisco security) as our applications need and see fit. We chose Duo to be our multi-factor authentication (MFA) provider as it gave us great visibility into our customers’ security posture and is a very flexible MFA. Now we needed to have our Identity and MFA Providers in sync.

An identity provider (abbreviated IdP or IDP) is a system entity that creates, maintains, and manages identity information for principals while providing authentication services to relying applications within a federation or distributed network.

Multi-factor authentication is an authentication method in which a computer user is granted access only after successfully presenting two or more pieces of evidence (or factors) to an authentication mechanism: knowledge (something only the user knows), possession (something the user and only the user has), and inherence (something the user and only the user is).

Multi-factor authentication reduces the incidence of online identity theft, because the victim’s password would no longer be enough to give a thief permanent access to their information.

Why do my Identity and MFA providers need to be synchronized?

Here are 5 reasons to keep them in sync:

1. General security hygiene. Keeping user names and deletion in sync to avoid two split brain databases is always a good idea – you never know when you are going to try to research an issue.

2. User deletion. For both compliance and security reasons, if I delete a user, I want him gone from all my databases. Almost every IDP has 50% ghost accounts and cleaning them up is important.

3. Reset user’s credentials. The number #1 reason for calls to our call centers are lost phones and mistaken registration. Allowing for a simple way to reset from one place that permeate everywhere.

4. Policy is king. Keeping the data in sync allows me to create dynamic policies that traverse the single provider.

5. Reporting. Providing meaningful reports, with groups in place I can show specific admins how their domains look like.

Why not use SCIM?

System for Cross-domain Identity Management (SCIM) is a standard for automating the exchange of user identity information between identity domains, or IT systems.

User identities synchronization can be achieved using the SCIM specification, however not all MFA providers want to use or can use SCIM. This SDK keeps users synchronized between service providers in this case.

How this works

A user can update his profile details in the IdP service.

An admin can perform the following actions in the IdP service:

◉ Create/delete a user

◉ Create/rename/delete a group

◉ Associate/disassociate a user to a group

◉ Disable/reenable a user

◉ Reset MFA for a user

◉ Supported Identity Providers

This list is expected to grow with time

◉ Okta

◉ Auth0

Supported MFA Providers

This list is expected to grow with time

◉ Duo Security

Deployment

The Webhooks endpoint can run anywhere, even on-prem.

Deployment scripts to AWS, Azure and Google Cloud are provided via Terraform.

Supported Cloud Providers

◉ AWS

◉ Azure

◉ GCP

Continue reading

Economic Benefits of Virtualizing the CCAP Core with a Microservices Based Architecture

Architecture

Service providers are going through a digitalization journey. And one aspect of that journey is the virtualization of their service delivery infrastructure. At Cisco, we are making that transition easier for our customers by creating a common virtualization platform across mobile 5G, cable vCCAP, and Telco vBNG. This helps operators reduce their cost to virtualize the infrastructure and enable them to rapidly tap into new revenue opportunities.

When it comes to virtualization for cable, we did not virtualize the legacy CCAP, we re-architected the platform from the ground up to come up with a microservices-based architecture. That is what became our Cloud-native Broadband Router(cnBR). Why? That was the only way to get to ours and our customers’ end goal which is a hybrid, Multi-cloud, and Multi-Access Edge Compute(MEC) based cable broadband platform. cnBR has four major types of microservices: Data Plane(DP), Control Plane(CP), Real-Time(RT), and Management Plane(MP) that we can deploy at any location in the network or the cloud. cnBR’s microservices-based architecture enables webscale operations such as auto-healing, autoscaling, load balancing, and fault-tolerance at the infrastructure layer.

Evolution

With cnBR’s microservices-based architecture, you can start with a simple on-prem appliance like architecture that is familiar to your operations and IT organization. And as you gain familiarity, you can evolve into a hybrid and multi-cloud world by moving some of the microservices to public cloud platforms. The move of some of the microservices to public cloud platforms such as GCP, Azure, and AWS will reduce operational burden, extend reach, and augment capacity. Figure 1 shows the phased deployment evolution of the cnBR architecture:

Figure 1: Evolution of cnBR Architecture

Phase 1: Centralized on-Prem and cloud-native appliance – In this phase, you will start with all the microservices running in the hub or Datacenter.

Phase 2: Multi-Access Edge Compute(MEC) – Here, you will slowly move some of the microservices closer to the edge in an Edge compute platform or a node that has a compute board to enable a MEC architecture. This will focus on shifting the data plane(DP) and real-time(RT) microservice to MEC platform.

Phase 3: Hybrid Cloud – This phase moves the management plane(MP) and control plane(CP) microservices to a private or public cloud and keeps data plane(DP) & Real-Time(RT) microservices at the edge

Phase 4: Multi-cloud – This phase provides flexibility in enabling the management and control plane microservices to run in any public cloud environments with minimal friction.

 Why Migrate to a Microservices based Architecture?

With microservices-based architecture, you can improve:

– Time to market: you can get features in weeks vs months, 

– Agility:  you enable hitless and maintenance windowless upgrades, 

– Scale: you gain seamless and on-demand auto-scaling which gives you unprecedented cluster level redundancy and scale,

– Cost: you can lower TCO with reduced footprint and facilities cost.

Why Cisco’s cnBR?

The virtualization of the access infrastructure is one way to add more capacity. To better understand how operators can virtualize and reap immediate business benefits with cnBR, we looked at CAPEX and standard operational costs like space, power & cooling while increasing the scale of the microservices-based architecture. We also did the same scaling and cost analysis of a legacy appliance-based CCAP solution so we can compare the savings. What we found is a compelling business value of going to a microservices-based architecture. These are additional benefits to the service/feature velocity and operational efficiency enabled by agile webscale operations of microservices-based architecure.

The analysis included scenarios where bandwidth per service group is increased from 1 Gbps to 5 Gbps in the downstream while the upstream is increased from 100 Mbps to 500 Mbps. The average Capex Savings was 29%, average OPEX savings were 42% and the average space(RU) savings were 73%. Figure 2 highlights the savings as the bandwidth scales up.

Figure 2 . Business benefits of cnBR as system bandwidth scales up

To help do your own analysis, we have created an easy to use vCCAP economics calculator. You can do your own analysis based on your current network configuration and long-range plan(LRP). Figure 3 highlights the type of summary output you can get from the vCCAP Economics Tool.

Figure 3. Summary of Capex, Opex comparison between cnBR and traditional CCAP

Continue reading