Revolutionize how you manage application resources across any environment

The business, application and infrastructure landscape has been changing rapidly over the last few years and even faster this year. Gone are the days where a handful of monolithic applications were running in a single datacenter fully managed by a central team – simpler days.  IT teams are now required to use a diverse set of environments, distributed technologies, architectures, platforms and tools to manage the critical IT resources required to keep their apps running no matter where they reside.

The job of managing all this complexity around how user experiences are delivered through applications is now beyond human scale and has big implications for IT teams and businesses including; application performance issues, time wasted in war rooms and fighting fires, underutilized infrastructure, public cloud overprovisioning, and cost overruns.

According to an Insight IT Modernization survey conducted by IDG, more and more organizations are dealing with similar challenges and realizing  the need for simplifying and streamlining their IT operations to be successful. 67% of survey respondents believe that business transformation efforts cannot proceed effectively without IT modernization.

In order to confront this complexity and ensure success in this new world, organizations are focusing on IT modernization projects in terms of quality of service, cost efficiency, availability, customer experience and more time for innovation

Source: IDG Insight IT Modernization 2020 Survey

But how can this be achieved?

IT modernization means optimizing operating models

To streamline processes and efficiently balance application performance and cost, the only choice is to automate resource management and decisions for workload placement and optimization.  But deciding what workloads to run on which platform, making real-time changes as required to ensure optimal performance and cost across any environment, monitoring and troubleshooting with minimum disruption, are all tasks that take time and resources. And as complexity increases, more and more human resources are required.

This is where AIOps comes in.

To optimize an environment end-to-end, you need access to a constant stream of telemetry data from dozens, hundreds, perhaps thousands of sources. Correlating and continuously analyzing all this data with an intelligent real-time decision engine to understand how everything fits together now and in the future is the way forward. A new generation of open tooling is required to connect all the dots and offer the insights and automated actions to stay ahead of demand, stay ahead of problems, and respond to new projects with confidence.

Rethink Cloud Operations

Recognizing these challenges, Cisco unveiled a new vision for the evolution of Cisco Intersight last month, detailed in a blog by Kaustubh Das, VP/GM of Cisco’s Cloud & Compute group. Cisco Intersight is a modular cloud operations platform that brings together IT teams, tools, infrastructure, and apps and helps operations personnel visualize, optimize, and orchestrate apps and infrastructure, wherever they are.  Delivering on this vision, we are happy to announce that we have released Cisco Intersight Workload Optimizer, the first in a series of powerful new Intersight solutions designed to simplify cloud operations.

Intersight Workload Optimizer (IWO) radically simplifies application resource management at scale to prevent application performance issues while reducing cost. It continuously optimizes critical resources resulting in efficient use of infrastructure whether on premises or in public clouds. It removes the guesswork from ongoing operations and planning for growth.

Turning data into action

IWO accomplishes all this through its AI-enabled decision engine that proactively matches workloads to the resources they need in real-time, using a process of data abstraction, analysis, and automation across the stack. It understands workload interdependencies, resource consumption, and costs from infrastructure to applications.  It leverages telemetry data from a broad third-party ecosystem across a range of endpoints including hypervisors, compute platforms (including Cisco UCS and Cisco HyperFlex), container platforms, public clouds, applications and more, to deliver intelligent recommendations for where to place and how to size and scale resources.

As a result, Intersight Workload Optimizer establishes a common control plane for resources across hybrid cloud environments, helping IT teams to navigate and automate the dynamic resource trade-offs and relevant decisions needed to balance application performance and cost.

After the metrics from registered endpoints have been collected in a common database and normalized into an abstracted model, AI-assisted analysis is done on an ongoing basis in real-time to provide proactive recommendations to right-size resources and recommend or automatically take action as required. This enables smooth operations and ensures a good digital experience for the consumers of any application.

Optimize hybrid cloud deployments

With distributed, multicloud applications becoming a common use case, IWO takes away the pain of having to monitor and manage individual cloud platforms with cloud-specific tools. IWO can provide recommendations on workload placement as well as on types of instances including “spot” or Reserved Instances (RI’s), databases, storage, and other application components. It can also recommend and take actions such as dynamically scaling or shutting down workloads, always optimizing based on performance and cost.

Manage Kubernetes at scale

Kubernetes has become the de facto standard for container orchestration. However, for IT teams, Kubernetes has introduced an additional layer of complexity with a new environment that needs configuring and monitoring on top of existing infrastructure platforms. Intersight Workload Optimizer complements and augments existing Kubernetes capabilities for ongoing day 1 and day 2 operations with the ability to do container right-sizing, pod “move”/rescheduling, cluster scaling, and scenario planning for Kubernetes deployments.

Integration with APM tools

Intersight Workload Optimizer has enhanced integrations with 3rd party Application Performance Management (APM) solutions, including Cisco AppDynamics. The result is deeper visibility, insight and actions based on the relationship between apps and associated infrastructure, leading to even smarter resourcing decisions that are tied back to the actual application user experience. The integration provides a single source of truth for application and infrastructure teams to work together more effectively, avoiding finger pointing and late-night war rooms.

A “Hands-off” Operational Model

By applying the same set of abstraction-analysis-automation principles for any technology in IWO’s broad, third party ecosystem and for all layers of the application and resource stack, IWO is able to deliver powerful capabilities that simplify day-to-day operations for IT team members (sysadmins, v-admins, production and integration teams, cloud architects and DevOps teams etc) in an organization.

Leveraging its agentless architecture that is modularized and delivered as a Service, Intersight Workload Optimizer can rapidly expand any supported ecosystem to meet our customers’ evolving needs, however and wherever they operate. It can truly provide a closed-loop operating model based on extensive and deep visualization between applications and infrastructure, powered by AI, analytics, and automation.

Continue reading

Protecting Workloads Across Any Cloud and Application…Anywhere!

Automating and implementing a secure, zero-trust model for micro-segmentation based on application behavior and telemetry is easy to do using Cisco Secure Workload (formerly known as Tetration). See how your business can seamlessly achieve workload protection by providing:

◉ Reduced attack surface – Automate micro-segmentation through customized recommendations based on your environment and applications.

◉ Remain compliant – Granular visibility and control over application components with automatic detection and enforcement of compliance.

◉ Gain visibility – Track the security posture of applications across your entire environment.

◉ Enable Zero Trust – Implement a zero-trust model via continuous behavioral monitoring and automated enforcement of micro segmentation policies to every workload

New Cisco Secure Workload Learning Module

In the new Cisco Secure Workload Learning Module, we will introduce the Open API, which includes easy to use and comprehensive APIs to perform reporting, make configuration changes, export flow data, and more. We will deep dive into the API endpoints that provide visibility and compliance of workloads, application and policy modeling, and deployment of agents and segmentation. We also review how to install and utilize the Secure Workload Python SDK.

In the first lab we will:

◉ Reserve a sandbox environment to work with

◉ Clone the necessary code from GitHub

◉ Setup Postman and Python environments

◉ Explore simple API requests using Postman and the Python SDK

For the second lab we will cover:

◉ Query & display all sensors in an application scope

◉ Download the agent package and configuration files programmatically

◉ Download & deploy the agent ‘auto-install’ script to an agent in the Secure Workload Sandbox Environment

◉ Query vulnerabilities on all sensors, identify new vulnerabilities introduced with new sensor

Continue reading

Cisco CCNP Security 350-701 Certification | Syllabus | Practice Test

 

Cisco SCOR Exam Description:

This exam tests a candidate's knowledge of implementing and operating core security technologies including network security, cloud security, content security, endpoint protection and detection, secure network access, visibility and enforcements. The course, Implementing and Operating Cisco Security Core Technologies, helps candidates to prepare for this exam.

Cisco 350-701 Exam Overview:

• Exam Name:- Implementing and Operating Cisco Security Core Technologies
• Exam Number:- 350-701 SCOR
• Exam Price:- $400 USD
• Duration:- 120 minutes
• Number of Questions:- 90-110
• Passing Score:- Variable (750-850 / 1000 Approx.)
• Recommended Training:- Implementing and Operating Cisco Security Core Technologies (SCOR)
• Exam Registration:- PEARSON VUE
• Sample Questions:- Cisco 350-701 Sample Questions
• Practice Exam:- Cisco Certified Network Professional Security Practice Test

Related Articles:-

1. CCNP Security 350-701 SCOR Certification: Secrets To Acing The Exam
2. Guidelines to Prepare for CCNP Security 350-701 Certification
3. Secure Your Job by Taking CCNP Security 350-701 Exam
4. CCNP Security 350-701 Exam Information and Tips for Your Exam Preparation in One Guide

Continue reading

A Three-Pronged Approach to Small Business Office Safety

For every small business, it’s essential to keep people healthy and safe. Like the old saying goes, safety first. And now with COVID-19, monitoring workplace hazards is an even higher priority. No matter how small your business might be, as an employer, you need to keep your workers and customers safe without disrupting the flow of business.

Using a combination of smart cameras and sensors, and collaboration tools, you can monitor your workplace and support social distancing and density limit policies. And apps for smartphones and wearables can help with employee health monitoring and contact tracing.

Beyond the technology, you need to take a three-pronged approach to help make sure everyone stays safe during the pandemic and beyond. You need to develop policies to prevent hazards, ensure that your safety procedures are implemented, and respond when emergencies arise.

Fortunately, easy to use technology can help in each of these areas.

1. Develop safety policies and procedures to prevent hazards

Effective workplace hazard monitoring goes hand-in-hand with well-designed safety policies. The US Occupational Health and Safety Administration (OSHA) has issued some general guidelines on preparing workplaces for COVID-19. OSHA recommends that all employers create an infectious disease preparedness and response plan for addressing the coronavirus as well as other potential health hazards. Similar codes exist around the globe. A well-designed plan should consider how workers might be exposed to COVID-19 through other workers, customers, and contacts outside the workplace. It should also factor in workers’ individual risk factors, such as age or pre-existing health conditions.

General preventive measures that OSHA advises employers to implement include:

◉ Exploring policies that can promote social distancing, such as telecommuting or flexible work hours

◉ Providing personal protective equipment, such as masks or goggles, as well as training for using such equipment

◉ Promoting hand washing

◉ Providing hand sanitizer containing at least 60% alcohol when hand-washing facilities aren’t available

◉ Encouraging workers to follow respiratory etiquette practices such as covering coughs and sneezes

◉ Advising sick workers to stay home

◉ Disinfecting surfaces and equipment regularly

◉ Discouraging workers from using other workers’ desks, phones, and equipment when possible

In addition to preventive policies, OSHA advises employers to develop policies and procedures for prompt identification and isolation of potentially infected workers. Such procedures can range from providing a separate room for workers exhibiting COVID-19 symptoms to instructing sick workers to stay home.

Technology can play a major role in helping employers implement these guidelines. For example, by using smart cameras in conjunction with analytics, you can gain a better understanding of how people move around your space so you can redesign workflows. Collaboration tools help simplify remote work and make it easier to manage staggered shifts where some people are in the office and some are not. Remote collaboration tools should include robust security features and be connected using network switches and routers that are user-friendly, flexible, and secure.

2. Monitor your workplace with smart cameras

Smart video cameras can be a valuable tool for monitoring the workplace to promote safety measures against COVID-19. Today’s cameras can be used for far more than simply physical security. They form part of a wireless ecosystem that small businesses can use for a wide range of applications. For example, Cisco Meraki MV smart cameras are used in retail environments for counting customers and analyzing floor traffic patterns to help optimize in-store marketing. That same technology can be deployed to collect information that supports workplace safety policies.

For example, let’s say your facility has a social distancing policy that requires workers to stay at least six feet apart. Just because people know the policy exists doesn’t necessarily mean it will be followed. Surveillance cameras can provide transparency and accountability and help you identify the areas of your facility that are most prone to social distancing issues. Armed with this information, you can take steps to remedy problems in those parts of your premises.

Ideally, a strategic plan for monitoring your small business with surveillance cameras should follow a three-step procedure:

◉ Install a smart camera surveillance system that can show you where people are, where they go, and what they’re doing.

◉ Connect your smart surveillance system to a cloud network that lets you review and analyze footage through a central dashboard

◉ Assess the footage and access the video analytics for object detection and motion heatmaps to support safer workplace policies and procedures

Cutting-edge smart cameras such as Cisco Meraki MV can pick up more information that just images. The built-in intelligence includes motion heatmaps that display relative movement over time so you can see traffic patterns and object detection that shows you where people are, so you can see where they’re congregating and where they linger.

For purposes of preventing COVID-19, you can track where workers and customers are congregating on your premises and whether there are any motion patterns that conflict with your social distancing policies. You can then review these movement patterns and determine whether measures such as installing barriers or rerouting traffic might help promote safer social distancing.

Workplace monitoring also can help you monitor worker behavior. For example, you can make sure hand washing and sanitizing procedures are being followed. Healthcare providers have long been aware that simply having hand hygiene policies does not guarantee their enforcement. On average, healthcare providers wash their hands less than half as often as they should, according to the Centers for Disease Control and Prevention.

A study by the Santa Clara Valley Medical Center found that healthcare workers are twice as likely to comply with hand washing policies when they know they are being monitored. Now some hospitals are installing digital sensors and apps to monitor how frequently workers wash their hands. The MV campers let you view video quickly with motion recap, which summarizes activity into a single image, so you don’t have to scroll through a lot of irrelevant video to get answers.

Smart surveillance cameras can also help promote policies requiring workers to wear masks. When workers know they’re being monitored, they’re more likely to comply with mask mandates. Cameras can help reduce the need for unpleasant confrontations and heavy-handed measures. Surveillance cameras can be particularly useful for monitoring parts of your facility where workers are most likely to neglect social distancing and mask-wearing policies, such as break rooms.

3. Identify and resolve issues

In addition to preventive measures, a viable COVID-19 workplace safety policy must include procedures for identifying and addressing situations where workers are displaying coronavirus symptoms or are already infected. This is another area where using the right technology tools can help you implement safety policies.

Some employers have adopted temperature checks and other diagnostic screening procedures as a way to identify workers with coronavirus symptoms. One way to protect screeners is by using telehealth technology to support social distancing during screening. By pairing smartphones with smart thermometers, you can take your temperature with your iPhone or Android device. Using this type of technology can allow workers to provide temperature readings to employers from a socially safe distance.

Stay safe and wash your hands

The Cisco Designed portfolio includes technology that is curated specifically for small businesses. We can help you set up tools for safe distancing and real-time monitoring.

Continue reading

Regaining Control of the Digital Experience

2020 will likely be remembered as the year that pushed enterprises over the digitization tipping point. In just a few months, enterprises have had to transform how their employees work, how they serve their customers, and in some cases, they have had to also pivot to a new business model. Knowledge workers are now working from anywhere, contact center agents are taking customer calls from their home, patients are electing to visit their physician virtually, and consumers have moved to digital channels.

Some of these changes are temporary, but many are likely here to stay.

This shift has led to a disaggregated digital footprint and hyper-distributed IT environments. As enterprises accelerate their adoption of cloud hosted applications across hybrid and multicloud architectures, applications and services have also become more distributed.

While the perimeter of the IT environment has drastically expanded, IT does not always have full control over the application and infrastructure stack, and connectivity is reliant on unpredictable third-party networks, IT is still responsible for delivering a seamless end user experience.

So how can IT continue to optimize digital experience?

It starts with visibility – with an end-to-end view of the delivery of applications and services over the Internet.

By pairing Application Performance Monitoring (APM) and Network Intelligence, enterprises can get a complete view of the health of their applications and how users experience them.

APM provides proactive visibility into the application delivery, performance, and key performance indicators of business metrics for applications hosted on premise or in the cloud – and managed by IT.

Network Intelligence provides visibility into external dependencies (such as SaaS applications, APIs, DNS, and ISP connectivity) and correlates application layer visibility with hop-by-hop visibility across network paths and Internet routing data.

APM provides visibility for DevOps teams, so that they can make the necessary architectural decisions to deliver optimal application performance. Network Intelligence gives inside-out and outside-in visibility for NetOps and CloudOps teams, so that they can reduce Mean Time to Troubleshoot (MTTT), ensure business continuity and maintain a high-quality end user experience.

While COVID may have accelerated the digital transformation of most enterprises and pushed them over the technology tipping point, “in the end, tipping points are a reaffirmation of the potential for change and the power of intelligent action” (Malcolm Gladwell).

Through the power of two industry leading solutions – AppDynamics and ThousandEyes – we believe that enterprises can take intelligent action and regain control of the digital experience of their employees and customers in a hyper distributed new normal.

Continue reading

All Tunnels Lead to GENEVE

As a global citizen, I’m sure you came here to read about Genève (French) or Geneva (English), the city situated in the western part of Switzerland. It’s a city or region famous for many reasons including the presence of a Cisco R&D Center in the heart of the Swiss Federal Institute of Technology in Lausanne (EPFL). While this is an exciting success story, the GENEVE I want to tell you about is a different one.

GENEVE stands for “Generic Network Virtualization Encapsulation” and is an Internet Engineering Task Force (IETF) standards track RFC. GENEVE is a Network Virtualization technology, also known as an Overlay Tunnel protocol. Before diving into the details of GENEVE, and why you should care, let’s recap the history of Network Virtualization protocols with a short primer.

Network Virtualization Primer

Over the course of years, many different tunnel protocols came into existence. One of the earlier ones was Generic Routing Encapsulation (GRE), which became a handy method of abstracting routed networks from the physical topology. While GRE is still a great tool, it lacks two main characteristics that hinder its versatility:

1. The ability to signal the difference of the tunneled traffic, or original traffic, to the outside—the Overlay Entropy—and allow the transport network to hash it across all available links.

2. The ability to provide a Layer-2 Gateway, since GRE was only able to encapsulate IP traffic. Options to encapsulate other protocols, like MPLS, were added later, but the ability to bridge never became an attribute of GRE itself.

With the limited extensibility of GRE, the network industry became more creative as new use-cases were developed. One approach was to use Ethernet over MPLS over GRE (EoMPLSoGRE) to achieve the Layer-2 Gateway use case. Cisco called it Overlay Tunnel Virtualization (OTV). Other vendors referred to it as Next-Generation GRE or NVGRE. While OTV was successful, NVGRE had limited adoption, mainly because it came late to Network Virtualization and at the same time as the next generation protocol, Virtual Extensible LAN (VXLAN), was already making inroads.

A Network Virtualization Tunnel Protocol

VXLAN is currently the de-facto standard for Network Virtualization Overlays. Based on the Internet Protocol (IP), VXLAN also has an UDP header and hence belongs to the IP/UDP-based encapsulations or tunnel protocols. Other members of this family are OTV, LISP, GPE, GUE, and GENEVE, among others. The importance lays in the similarities and their close relation/origin within the Internet Engineering Task Force’s (IETF) Network Virtualization Overlays (NVO3) working group.

Network Virtualization in the IETF

The NVO3 working group is chartered to develop a set of protocols that enables network virtualization for environments that assume IP-based underlays—the transport network. A NVO3 protocol will provide Layer-2 and/or Layer-3 overlay services for virtual networks. Additionally, the protocol will enable Multi-Tenancy, Workload Mobility, and address related issues with Security and Management.

Today, VXLAN acts as the de-facto standard of a NVO3 encapsulation with RFC7348 ratified in 2014. VXLAN was submitted as an informational IETF draft and then become an informational RFC. Even with its “informational” nature, its versatility and wide adoption in Merchant and Custom Silicon made it a big success. Today, we can’t think of Network Virtualization without VXLAN. When VXLAN paired up with BGP EVPN, a powerhouse was created that became RFC8365—a Network Virtualization Overlay Solution using Ethernet VPN (EVPN) that is an IETF RFC in standards track.

Why Do We Need GENEVE if We Already Have What We Need?

When we look to the specifics of VXLAN, it was invented as a MAC-in-IP encapsulation over IP/UDP transport, which means we always have a MAC-header within the tunneled or encapsulated packets. While this is desirable for bridging cases, with routing it becomes unnecessary and could be optimized in favor of better payload byte usage. Also, with the inclusion of an inner MAC-header, signaling of MAC to IP bindings becomes necessary, which needs either information exchanged in the control-plane or, much worse, flood-based learning.

Compare and Contrast VXLAN to GENEVE Encapsulation Format

Fast forward to 2020, GENEVE has been selected as the upcoming “standard” tunnel protocol. While the flexibility and extensibility for GENEVE incorporates the GRE, VXLAN, and GPE use-cases, new use-cases are being created on a daily basis. This is one of the most compelling but also most complex areas for GENEVE. GENEVE has a flexible option header format, which defines the length, the fields, and content depending on the instruction set given from the encapsulating node (Tunnel Endpoint, TEP). While some of the fields are simple and static, like bridging or routing, the fields and format used for telemetry or security are highly variable for hop-by-hop independence.

While GENEVE is now an RFC, GBP (Group Based Policy), INT (In-band Network Telemetry) and other option headers are not yet finalized. However, the use-case coverage is about equal to what VXLAN is able to do today. Use cases like bridging and routing for Unicast/Multicast traffic, either in IPv4 or IPv6 or Multi-Tenancy, have been available for VXLAN (with BGP EVPN) for almost a decade. With GENEVE, all of these use-cases are accessible with yet another encapsulation method.

GENEVE Variable Extension Header

With the highly variable but presently limited number of standardized and published Option Classes in GENEVE, the intended interoperability is still pending. Nevertheless, GENEVE in its extensibility as a framework and forward-looking technology has great potential. The parity of today’s existing use cases for VXLAN EVPN will need to be accommodated. This is how the IETF prepared BGP EVPN from its inception and more recently published the EVPN draft for GENEVE.

Cisco Silicon Designed with Foresight, Ready for the Future

While Network Virtualization is already mainstream, the encapsulating node or TEP (Tunnel Endpoint) can be at various locations. While a tunnel protocol was often focused on a Software Forwarder that runs on a simplified x86 instruction set, mainstream adoption is often driven by the presence of Software as well as Hardware forwarder, the latter built into the switch’s ASIC (Merchant or Custom Silicon). Even though integrated hybrid overlays are still in their infancy, the use of Hardware (the Network Overlay) and Software (the Host Overlay) in parallel are widespread, either in isolation or as ships in the night. Often it is simpler to upgrade the Software forwarder on a x86 server and benefit from a new encapsulation format. While this is generally true, the participating TEPs require consistency for connections needed with the outside world and updating the encapsulation to such gateways is not a simple matter.

In the past, rigid Router or Switch silicon prevented fast adoption and evolution of Network Overlay technology. Today, modern ASIC silicon is more versatile and can adapt to new use cases as operations constantly change to meet new business challenges. Cisco is thinking and planning ahead to provide Data Center networks with very high performance, versatility, as well as investment protection. Flexibility for network virtualization and versatility of encapsulation was one of the cornerstones for the design of the Cisco Nexus 9000 Switches and Cloud Scale ASICs.

We designed the Cisco Cloud Scale ASICs to incorporate important capabilities, such as supporting current encapsulations like GRE, MPLS/SR and VXLAN, while ensuring hardware capability for VXLAN-GPE and, last but not least, GENEVE. With this in mind, organizations that have invested in the Cisco Nexus 9000 EX/FX/FX2/FX3/GX Switching platforms are just a software upgrade away from being able to take advantage of GENEVE.

Cisco Nexus 9000 Switch Family

While GENEVE provides encapsulation, BGP EVPN is the control-plane. As use-cases are generally driven by the control-plane, they evolve as the control-plane evolves, thus driving the encapsulation. Tenant Routed Multicast, Multi-Site (DCI) or Cloud Connectivity are use cases that are driven by the control-plane and hence ready with VXLAN and closer to being ready for GENEVE.

To ensure seamless integration into Cisco ACI, a gateway capability becomes the crucial base functionality. Beyond just enabling a new encapsulation with an existing switch, the Cisco Nexus 9000 acts as a gateway to bridge and route from VXLAN to GENEVE, GENEVE to GENEVE, GENEVE to MPLS/SR, or other permutations to facilitate integration, migration, and extension use cases.

Leading the Way to GENEVE

Cisco Nexus 9000 with a Cloud Scale ASIC (EX/FX/FX2/FX3/GX and later) has extensive hardware capabilities to support legacy, current, and future Network Virtualization technologies. With this investment protection, Customers can use ACI and VXLAN EVPN today while being assured to leverage future encapsulations like GENEVE with the same Nexus 9000 hardware investment. Cisco thought leadership in Switching Silicon, Data Center networking and Network Virtualization leads the way to GENEVE (available in early 2021).

If you are looking to make your way to Geneve or GENEVE, Cisco makes investments in both for the past, present, and future of networking.

Continue reading

Bring your personal devices to the enterprise network with Cisco User Defined Network

Are your users overloading your network with their devices? It’s no wonder. With streaming services, video game systems, virtual assistants, wireless speakers, and other devices it’s a struggle to meet demands of your network users.

Add chatty protocols such as mDNS and UPnP among others—and it just adds to the damage it can do to your enterprise network. 

The Cisco User Defined Network (UDN) solution is your savior as it helps you meet the growing demand of proliferation of wireless devices.

How does it work? It all begins on a shared network; for example you could have students in a dorm or seniors living in senior living facilities or developers and testers looking to emulate home environment. There’s a lot of devices jockeying for space on the network and not only that, these devices aren’t private. Anyone can see them, and a lot of time, anyone can access them. With Cisco UDN users get their own private partition on the network.  

Now your users can bring their home devices to the enterprise network and control their devices like they do at home. Users will now only see their personal devices on the network even when they are connected to a shared enterprise network. Not only that—and here’s the really cool thing—they can invite other users to their UDN and even share services between their personal devices and their friend’s devices while in their UDN defined partition.  

And it couldn’t be easier. All users have to do is download a new mobile app from Cisco (available for free in the Apple App and Google Play stores). This app allows them to control their UDN-defined partition, you can allow and deny access to your devices with a touch of a button. But get this, users can pre-register their personal devices before they bring them in enterprise network. That means user devices are ready to be used the minute they walk on campus. None of our competitors can say the same thing. The only thing that you have to do is enable the Cisco UDN solution from Cisco DNA Center and it works! 

Now that we told you what Cisco User Defined Network is all about, I’m sure your next question is, “How does it make my job easier and what about the network?” We’ve got you covered, check this out:  

◉ Privacy – Currently, when users connect to an enterprise network, they see all of the devices on the network—not just their own devices. With Cisco UDN, they get the peace of mind that only they can see their personal devices which they have registered through mobile app. And the flip side is no one can see their devices (see below).  

◉ Control – Currently when users authenticate to the shared network, anybody could take control of their devices because they see those devices in the network. With Cisco UDN, malicious users cannot see other devices on network, so they cannot take control of your users’ personal devices.

◉ Manage home device proliferation – You can only say no so many times to your network users to bring their home devices to the network. You know the reasons why not, but they’re not going to listen to you. To add to this frustration, this holiday season there’s a new launch of Xbox Series X, and PlayStation 5. Good luck getting anyone to keep these at home, so these devices on your network are only going to increase in numbers.

◉ Sharing – With Cisco UDN, network users can now share devices and services with each other like they used to do at home with their family and friends. So, whether it’s playing multiplayer on your game consoles, printing on a wireless printer, playing music on your roommates’ new wireless speaker or dropping files to your friend, Cisco UDN makes it just an invitation away. 

So, how does it make all of this possible? When users register their devices through the Cisco UDN mobile app, it creates a personal network for each user like a partition. Only the devices which are present in the partition can recognize each other. Users will not be able to see other devices present on the shared network. So, now they cannot start streaming to other device accidently or share something unless they absolutely want to. If they now wish to share devices with other users, they can invite those users and their selected devices to their UDN and start sharing with them. Cisco UDN gives control to invitee as well as invited user on when they want to join or leave the UDN. 

Figure 1: User Defined Networks in a shared network

Cisco User Defined Network not just helps your network users but also takes into consideration needs for an IT Admin as well in the following ways –

◉ Prevents flooding – By containing multicast traffic such as Bonjour, UPnP, and others inside their UDN partition, it prevents flooding of such packets to entire network as the traffic is now contained within a particular UDN. 

◉ Easy registration of devices – Cisco UDN provides multiple options to register the devices through mobile app via camera scanning, image scanning and other flexibilities to register from anywhere on-prem and off-prem. This gives IT admins peace of mind as they don’t have to handle registration requests when everybody tries to deploy their devices to the network.  

◉ Enablement on location of choice – Cisco UDN provides the option to be enabled only in one part of the network and need not be enabled on entire campus such as in a residential building only or only on specific SSIDs. 

◉ Provide service to subset of users – Through the integration with Active Directory, you can provide the Cisco UDN service to a subset of users and not need to enable to everyone on the network. Basically, you get to choose who can use the UDN solution. For example – you may want to enable only for students living in a dorm and not for all students.  

With Cisco User Defined Network, now you can think about allowing your users to bring any device they want to the enterprise network without having to worry about flooding or privacy. Your users can enjoy a premium home–like user experience even when they are connected to enterprise network. 

Continue reading