How Can Webex Control Hub Help You, the IT Admin?

A Day in the Life of the IT Admin

8:50 AM (EST): It’s the start of a typical workday, and you’ve been notified that users are having trouble joining meetings and experiencing poor video quality. You’re an IT admin at an enterprise in the middle of a large product launch, and critical virtual meetings across your leadership teams are reporting technical issues with their meetings.

As IT admins, we’ve all been through periods when the services we provide are experiencing higher than normal workloads — the type of scenario we’ve planned for. But layer on top of that a forced remote work environment brought on by a pandemic and the scenario expands, requiring additional resources, expansion of our collaboration footprint, and additional capacity. We’ve all had to pivot to the new normal.

8:53 AM (EST): You set out to tackle the issue as you normally would, but now, with Webex Control Hub, you have visibility in real-time into what’s happening across your collaboration ecosystem, along with actionable insights as to how to address it.

Digging deeper into Control Hub, you can see the dramatic increase in the total number of meetings — a trend you’ve been watching for the past month as your firm ramped up preparations for the launch.

Dig in further, you can confirm a significant increase in the number of participants. You see poor video quality indications and that colleagues in the London area are having trouble joining meetings. Plus, diving into a specific meeting that ended 20 minutes ago, you can see that your VP of product marketing, based outside London, has significant issues with their device.

Diagnosis? You first discover that their Desk Pro doesn’t have the latest patch installed. Second, after verifying with ThousandEyes that VP’s internet service provider is having issues, you can confirm the network issue on the provider’s network status pages.

8:57 AM (EST): Armed with this near real-time insight, you can act! You quickly notify the VP of product marketing that your team is remotely installing the latest firmware patch for the Desk Pro. Plus, you communicate that their provider is aware of their network traffic issue and working to resolve it within the hour.

9:37 AM (EST): You receive notification that your VP’s firmware has been updated and that the internet provider has resolved their issue — all in time for a critical meeting marketing has with analysts and media at the top of the hour. You set a Webex Notification in Control Hub to track your VP’s meetings so that you can get an email alert in case you VP has any media quality issues.

Reducing IT’s Response Time While Empowering Long-Term Planning

Webex Control Hub received a significant revamp. With an improved user experience design, faster load times, trending charts with summary statistics, and contextual filtering capabilities, gaining visibility into the performance of your organization’s collaboration has become easier and in near real time. The result is a dramatic decrease in your team’s response time.

At the same time, with Control Hub, the partnership between your team and the business is bolstered by real insights into adoption and performance. As your organization looks to the future and planning for hybrid work environments is being debated, a better understanding of trends becomes a vital tool in planning for success. You’re able to identify gaps and weaknesses, highlight opportunities to improve, and document models that work well.

9:48 AM (EST): You continue with your morning, reviewing incident reports and monitoring systems. All services are stable, the engine is humming, and you’re free to move on to the next part of your day. You spend the following 30 minutes preparing for your meeting with the head of HR, where you’ll be reviewing the latest version of an internal HR monitoring tool. This tool provides a top-level view of the company’s team collaboration and meeting trends, leveraging data from Webex through Control Hub APIs and other data sources.

Webex Control Hub: An Essential IT Admin Tool

At Webex, we’re working to make sure Control Hub increases your ability to monitor and manage your collaboration experiences. We understand the role IT admins play in managing these complex ecosystems and how you participate in the planning for new work models, growth, and employee engagement.

Source: cisco.com

Continue reading

A Framework for Continuous Security

Technology is at the core of business today. Maintaining the resiliency of critical data, assets, systems, and the network is mission-critical; crucial to meeting business goals. As a result, development operations (DevOps) professionals must continuously improve the overall resilience —along with the security posture — of workloads, software, and applications (Figure 1). To do this at scale and speed requires the integration of a suite of application security tools in the continuous integration/continuous delivery (CI/CD) pipelines that automate posture assessment and provide visibility to help manage security risks.

At Cisco, we learned early on that application security processes were inhibiting our business agility. We knew we had to embrace an Agile and DevOps culture as early adopters to deliver software products based on business demands rapidly and iteratively. Agile DevOps without application security automation leads to a “hurry up and wait” situation, where some processes move quickly only to be bogged down by others. With evolving technologies such as cloud, Docker, Kubernetes, open-source as well as daily and frequent release cycles, it is hard for application security teams to keep up with the threat landscape. In a typical modern application development and deployment technology stack, 80% of the code base is comprised of third-party software. Only 20% is custom code. Most of the security breaches we have seen in recent years were entirely preventable had there been necessary security measures taken, not only for the custom code but also for the third-party software.

We set out to create a DevSecOps culture that empowers the application teams to continuously build and deploy secure applications instead of being gated by a central security function. To do this, we integrated and orchestrated a suite of application security tools within CI/CD pipelines under a program called Continuous Security Buddy (CSB) for CI/CD pipeline edition. It enables the development teams to ramp up their application security program while making application security transparent and friction-free.

Figure 1: DevSecOps – Security Implementation as Code

We used the following basic principles in the design of the program:

◉ Co-design and co-develop the security automation solution so it can work for the DevOps teams

◉ Integrate the DevSecOps workflow and empower the developers by giving them the flexibility to choose their application security tools

◉ Propagate security compliance requirements and hence eliminate the security friction points between security and development teams that impact development velocity

Co-design and Co-development of the Solution

We initially co-designed and co-developed CSB for CI/CD re-usable automated security capabilities using joint scrum planning with teams from Cisco Webex. To encourage adoption across development teams, we created an innovative, configurable rollout of CSB for CI/CD shared libraries to simplify the process.

Shared libraries are a collection of pipeline code made for Jenkins that can be used by any pipeline to reference any available code quickly. With one line of code in Jenkins, developers can access all the security scans available in the shared library. The shared library framework simplifies the code contribution workflow via the inner-source process and reusable code configuration in the pipeline by any team using Jenkins.

We quickly learned that we needed to provide CI-agnostic solutions for teams that used other CI tools. We offered such a solution using containers that are published in a centralized repository for development teams to access via Docker.

Security Scan Flexibility

Users can choose what type of automated security scans they want to configure and run. For example, a production pipeline may consist of a binary image scan, static code analysis scans, and a way to view a consolidated report of scans. The final step in the automation process is to send the scan results aligned to Security Control Framework (SCF) to a centralized security platform to meet compliance requirements. These features are all available as part of the shared library and the user needs to add configuration parameters to run it. As part of the CI process, security scans are configured and triggered to run whenever there is a code change. Developers can then continuously monitor the scan results for any new security issues.

Automated Compliance Reporting

Using the CSB for CI/CD shared library, teams can view reports generated from each security scan on the Jenkins dashboard and identify any failing security issues. Teams can also send the security results data to a centralized interface to Jira to help in various assessment processes, such as reviews by security architects. A consolidated report is generated (as shown in Figure 2), which shows an overall compliance score that considers which scans were enabled in the job, (e.g., binary scans, static code analysis, and dynamic scans). Developers can then use this report to view any quick fixes to improve the security posture.

Figure 2. CSB for CI/CD Scan Report

Measuring Progress and Success

After initial development with our Webex team, we scaled the CSB CI/CD approach across several business units at Cisco. We measured the agility, reliability, efficiency, quality, and success of the CSB for CI/CD shared library to ensure the system was operating effectively.

With the program now in place for over a year, some of business value we were able to deliver is captured in Figure 3.

Figure 3. CSB for CI/CD Benefits

Continue reading

Best Tips for Passing Cisco 300-715 SISE Exam Hassle-Free

Cisco claimed the new CCNP Security Certification aims to allow network security engineers expected to design, deploy, maintain, and administer end-to-end network security solutions. Implementing and Configuring Cisco Identity Services Engine v1.0 (SISE 300-715) has been created to qualify applicants for Cisco CCNP Security 300-715 SISE exam and obtain a certificate. Cisco 300-715 SISE exam is comprising of 55-65 questions answerable in 90 minutes.

The CCNP Security 300-715 SISE Exam's core objective is to sharpen the skills and improve applicants' knowledge concerning implementing routing and switching protocols in a Data Center environment.

Cisco 300-715 SISE exam assess your knowledge of Cisco Identify Services Engine, including:

• Architecture and deployment
• Policy enforcement
• Web Auth and guest services
• Profiler
• BYOD
• Endpoint compliance
• Network access device administration

How Can You Prepare for the CCNP Security 300-715 SISE Certification Exam?

To pass the Cisco 300-715 SISE exam, you need to have a thorough preparation plan because passing the Cisco certification exam is not a cakewalk. All the more, your performance will always impart to your potential employers how skilled you are in network security technologies. Thus, you have to study smartly. Here is how you can pass your Cisco 300-715 exam effortlessly and that too with a good score:

1. Go through Cisco 300-715 Exam Objectives

To stay consistent and study the required concepts, you need to ensure that you soak up every topic included in the Cisco 300-715 syllabus. Moreover, you can use the exam objectives as a blueprint or a checklist to make out the gaps in your knowledge.

2. Take Exam Preparation Sincerely

Preparing for Cisco 300-715 SISE exam should be your #1 priority before you even think of scheduling your exam. Ensure that you take up your preferred learning method because preparation can be an intimidating task if you use methods that annoy you. The preparation process should be absorbing and stimulating. If you like video tutorials, then explore youtube, where you will find a significant number of videos related to the Cisco 300-715 SISE exam and relevant technology.

3. Utilize Cisco 300-715 SISE Practice Tests

You know what they say, practice makes perfect! This is why you should take as many Cisco 300-715 SISE practice tests as possible before your scheduled exam date. To help you consistently revise the concepts you studied, it is also going to help you find out the distinct topics where you have to work on your skills.

Besides, you will get an idea of what the actual exam appears to be, eliminating the shock factor in the Cisco 300-715 SISE exam. When you are doing the practice tests, you enhance your time management skills. There are 90-110 questions that you are expected to answer in the CCIE 400-101 exam, and you will have about one and half a minute for every question.

4. Engage in the Online Community

There is nothing more intense than correlating with fellow peers who have the same vision as you. An online community is an excellent platform for sharing ideas, taking challenges, and finding extra preparation materials. The online community members are real exam takers and seasoned experts who can tell you how Cisco 300-715 SISE exam is set and help you solve problems you may encounter during your preparation. Therefore, the online community pretends a vital role in ensuring that you get support and extensive training.

5. Formulate a Plan for Your Exam Day

Before the actual exam day arrives, plan it properly not to get stressed during the exam. Ensure that you have everything that you require before you start your 300-715 SISE. You can create a list to make sure that you have not left anything behind. Be calm and rest well so that you can be active and energetic on this momentous day.

6. Free Your Mind

Yes, free your mind! Your time to shine has ultimately come. Take control of your thoughts and direct all the energy to the exam you are about ace. Avoid thinking of your work responsibilities or any other commitment. Be focused – keep in mind that you have delivered your best for the exam preparation so that you can get a flying score in the Cisco 300-715 exam.

7. Read the Questions Carefully

During the exam, you have to concentrate on every word of every question. Many people have failed their Cisco exams because of the hurry and anxiety. Pay close attention to the terms that are somehow pointed out in the text (uppercase/bold type). If you get stuck, apply the elimination method. By eliminating the most unlikely options, you can get the correct answer.

Conclusion

If you wish to ace the Cisco 300-715 exam on the first try, try to concentrate on covering all the topics and prepare for all types of questions. If you have some experience working with network security technologies, it should surely help. Just make sure to take out the maximum of studying with practice tests once you feel all the topics covered, and crack your exam! Happy Learning!!

Continue reading

DevNet Automation Bootcamps Overcome the Forgetting Curve

We’ve all heard about the learning curve – showing the relationship between time spent studying material and proficiency.

The Learning Curve

Research indicates that there are multiple factors that impact the technology learning curve – or how quickly people can learn new technologies.

Some of them include:

◉ Motivation – this can come from internal motivation, work related motivation, or even the accountability provided by a good instructor

◉ Relevancy – training that is immediately relevant to your situation is more engaging

◉ Training modality – training that is multi-modal – visual, aural, kinesthetic (or see, hear, do) focused is, all else being equal, more successful than single modal

◉ Complexity of topic – more complex topics (ACI) are more difficult than simple topics (making a cheese sandwich).

◉ Repetition – repetition over several days

What many people don’t realize is that there is an analogous “forgetting curve,” which is surprisingly steep. Students sometimes leave a 5-day training and get back to their home environments and feel frustrated because they can’t do what they learned.

Forgetting Curve

DevNet Automation Bootcamps help your team focus, learn, and retain

The same factors that make it easier to learn new ideas, also help combat the forgetting curve. The newly launched DevNet Automation Bootcamp is based on recent andragogy research about not just how adults learn, but how to help them retain their knowledge.

The goal of a bootcamp is to maximize your team’s ability to leave with the knowledge, skills, and confidence to implement what you’ve learned.

Automation Bootcamps flatten the forgetting curve by providing an immersive training experience where we:

1. Focus on what you are most motivated to learn – the ideal customer for the Bootcamp has a goal, a big change, for example an implementation, taking over work from a vendor, building a new team, or implementing a new technology. The students generally need the skills, and they need them soon.  They know that they will be using what they learn within the next few months.  They are motivated.

2. Provide just the training you need and remove training you don’t – Every lecture and lab is relevant – the Cisco team starts by interviewing the customer and learning exactly what they need to know to succeed, and creating a tailored outline – focusing on the areas the customer needs and taking out any training they don’t need. This maximizes classroom time as all topics are identified as important for the success of their project.

3. Deliver training based on technical learning research and styles – the bootcamp brings together the best of instructor led training and self-paced training in a robust format that maximizes student learning and retention.

4. Reduce complexity – the mix of tailored content, multi-modal learning, repetition, and bootcamp style labs helps students internalize complex topics and take the learning back to their home environments and succeed.

5. Repeat concepts at different levels to lock in knowledge and build confidence – The training is broken up into three portions, and each portion reiterates and deepens the core knowledge of the topics:

◉ 5-days of instructor led training –This is foundational training focusing on the concepts, paradigms, and a deep introduction to the core concepts reinforced with over 40% labs

◉ 2-3 weeks of self-paced training with regular instructor led review sessions, leveraging the “flipped classroom” model and using repetition to settle the learning into the retention parts of the brain

◉ 4-days of hands-on deep dive lab where the students are taking their knowledge and applying it in hands on labs and building end-to-end solutions and/or troubleshooting real issues

In the 5-Day instructor-led training, you’ll work with Cisco experts to identify topics specific to your situation. In the 4-day deep dive lab, you’ll extend the skills you gained in the 5-day class

Examples of Automation Bootcamps Topics

ACI Troubleshooting and Operations Immersion Bootcamp

◉ 5-Day Instructor-led training – May include an introduction to ACI (fabric infrastructure, configuration) and ACI Operations (configuration management, monitoring, and troubleshooting)

◉ 4-day Deep Dive Lab – May include building an ACI fabric and troubleshoot issues and then explore ACI Multisite, ACI Multipod, hypervisor integration, complex ACI configuration problems.

ACI Automation Bootcamp

◉ 5-Day Instructor-led training – May include an introduction to automation (Python, APIs, and more) and then dive into ACI automation with Python, SDKs, tools, and more.

◉ 4-day Deep Dive Lab – May include exploring automation actions, tools, toolkits, SDKs and doing deep labs on ACI REST API interface, ACI API Inspector, ACIToolkit, Ansible, pyATS, and CI/CD pipelines using GitLab-CI.

NSO Automation Bootcamp

◉ 5-Day Instructor-led training – May include intro to NSO (components, use cases, installation, NETCONF/YANG, manage devices) NSO services, administration, and DevOps.

◉ 4-day Deep Dive Lab – May include exploring introductory techniques such as installation, the network CLI and config database, and more. Or choose to practice advanced topics such as Python-powered services, advanced YANG constructs, northbound integratiosn, and more.

NX-OS Automation Bootcamp

◉ 5-Day Instructor-led training – May include an intro to automation (Python, APIs, and more) and exploration of NX-OS automation (day-zero provisioning, on-box / off-box programmability, and telemetry).

◉ 4-day Deep Dive Lab – May include performing complete automation actions and learning the roles of tools, toolkits, and SDKs. You will build gain immersive experience with technologies such as NX-API CLI and NX-API REST, model-driven programmability, GuestShell, Ansible, NX-SDK, pyATS, CML, and CI/CD pipelines using GitLab-CI.

Meraki Automation Bootcamp

◉ 5-Day Instructor-led training – May include intro to automation (Python, APIs, and more) and Meraki automation (workflows, APIs, and more)

◉ 4-day Deep Dive Lab – May include exploring Meraki Dashboard and REST, Meraki action batches, and troubleshoot common Meraki issues, or focus on automation provisioning and configuration.

SDA Product Immersion Bootcamp

◉ SDA 5-Day Instructor-led training – May include an introduction to SDA (Cisco SDA fundamentals, provisioning, policies, wireless integration, and border operations) and SDA operations (operating, managing, and integrating Cisco DNA Center, and understanding programmable network infrastructure)

◉ SDA 4-day Deep Dive Lab – May include performing complete SDA implementation tasks. You will build an SD-Access fabric network and nodes and then solve common issues using troubleshooting use cases.

Continue reading

Introduction to Terraform with ACI – Part 2

If you haven’t already seen Part 1 of this blog series, please have a read through. This section will cover ACI + Terraform, and we’ll include a couple of new topics – Terraform importing and data resources.

Read More: 200-901: Developing Applications and Automating Workflows using Cisco Core Platforms (DEVASC)  ​​​​​​​

1. Introduction to Terraform

2. Terraform and ACI​​​​​​​

3. Explanation of the Terraform configuration files

4. Terraform Remote State and Team Collaboration

5. Terraform Providers – How are they built?

Code Example

https://github.com/conmurphy/intro-to-terraform-and-aci

Lab Infrastructure

You may already have your own ACI lab to follow along with however if you don’t you might want to use the ACI Simulator in the DevNet Sandbox.

ACI Simulator AlwaysOn – V4

Terraform ACI Provider and Resources

As explained in the previous post, a Terraform provider is responsible for understanding API interactions and exposing resources.

A Terraform resource describes one or more infrastructure objects, for example in an ACI Tenant, EPG, Contract, BD.

This post will cover the ACI Terraform Provider which includes a large number of resources.

The full list of available resources can be found from the following link.

https://www.terraform.io/docs/providers/aci/index.html

800

Terraform Resource vs Data Sources

Until now we’ve only looked at the provider resource, for example “aci_tenant”.

resource "aci_tenant" "my_terraform_tenant" {

  name        = "tenant_for_terraform"   

  description = "This tenant is created by the Terraform ACI provider"

}

Terraform also includes a concept known as data sources.

Data sources allow a Terraform configuration to make use of information defined outside of Terraform, or defined by another separate Terraform configuration.

https://www.terraform.io/docs/configuration/data-sources.html

It’s important to note that while resources are read/write, data sources are read only. This means we can include information in our configuration file for objects that we may not manage.

For example in the case of ACI, perhaps we want to manage our own app profiles and EPGs in a shared tenant however don’t want Terraform to have any control of the tenant itself.

We can define the shared elements (tenant, BD, VRF, contracts etc) as data sources (read only), and the ANP/EPGs as resources which will be created and deleted by Terraform.

provider "aci" {

  # cisco-aci user name

  username = "${var.username}"

  # cisco-aci password

  password = "${var.password}"

  # cisco-aci url

  url      =  "${var.apic_url}"

  insecure = true

}

data "aci_tenant" "my_shared_tenant" {

  name = "my_shared_tenant"

}

data "aci_bridge_domain" "my_shared_bd" {

  tenant_dn   = "${data.aci_tenant. my_shared_tenant.id}"

  name        = "my_shared_bd"

}

resource "aci_application_profile" "terraform_app" {

  tenant_dn = "${data.aci_tenant. my_shared_tenant.id}"

  name       = "demo_app_profile"

}

resource "aci_application_epg" "my_web_epg" {

    application_profile_dn  = "${aci_application_profile.terraform_app.id}"

    name                            = "db_epg"

    description                   = "%s"

    annotation                    = "tag_epg"

    exception_tag               = "0"

    flood_on_encap            = "disabled"

    fwd_ctrl                    = "none"

    has_mcast_source            = "no"

    is_attr_based_e_pg      = "no"

    match_t                         = "AtleastOne"

    name_alias                  = "alias_epg"

    pc_enf_pref                 = "unenforced"

    pref_gr_memb                = "exclude"

    prio                            = "unspecified"

    shutdown                    = "no"

  }

As you can see above we have defined two data sources (my_shared_tenant and my_shared_bd). These are then referenced in the aci_application_profile resource using the format, “${data.aci_tenant. my_shared_tenant.id}“.

Remember from the previous post that some properties such as IDs are computed behind the scenes without the need to hard code values.

NOTE: You’ll need to ensure that any data sources you’re referencing already exist in the ACI fabric. For example the bridge domain, “my_shared_bd”, already exists in the tenant, “my_shared_tenant” in our lab. If these data sources don’t already exists you will receive an error.

So using these two concepts we can build the desired configuration for our ACI fabric. Some Terraform ACI configuration has already been provided above and in the previous post. To help you get started the ACI Business Unit have created a large number of example configuration files which you can find from the following link.

https://github.com/terraform-providers/terraform-provider-aci/tree/master/examples

Additionally, for any customer configuration you may want to create, the following document includes the entire list of available resources for the ACI provider.

https://www.terraform.io/docs/providers/aci/index.html

These resources should give you a good start on your journey to managing ACI with Terraform.

But wait, there’s more! There are a couple of questions that are often asked in relation to the ACI provider.

◉ Is this only for greenfield deployments?

◉ Can I configure everything through Terraform?

◉ What happens if I manually configure ACI?

Importing With Terraform

ACI may already exist in many customer environments when they start to use Terraform. Alternatively, a customer new to ACI and Terraform may not want to learn both at the same time, choosing to first learn ACI and then migrate configuration to Terraform.

Luckily Terraform supports (for some providers) the importing of existing configuration to address these common scenarios.

terraform import

Remember there are two main files we’re working with, the configuration (.tf) and the state (terraform.tfstate) files.

Currently the “Terraform Import” command will only import what it learns about the existing infrastructure into the state (terraform.tfstate) file. It will not automatically append this into the configuration file.

This is a manual process you must complete.

https://www.terraform.io/docs/import/index.html​​​​​​​

Step 1 – Add the new resources to the configuration (.tf) file.

resource "aci_tenant" "myTenant" {

}

You only need to define the resource.

If you configure a property such as a name and then import from an existing resource, the values will be overwritten.

resource "aci_tenant" "myTenant" {

  name = “myTenant1”

}

In this example if the ACI tenant is named “myTenant”, when first importing Terraform will use “myTenant” in the state file. The configuration file is not updated on an import and therefore “myTenant1” will not be changed. Later when you run the apply command, Terraform will update the ACI fabric with the new name, “myTenant1”

Step 2 – Run the import command

Terraform identifies ACI objects with their Distinguished Name (Dn) and the Terraform resource ID is the absolute path of ACI object in the DMIT.

For example, the ID of an ACI tenant, myTenant, is uni/tn-myTenant. The ID of an ACI VRF, vrf1, in myTenant is uni/tn-myTenant/ctx-vrf1

The import command is used as follows:

terraform import <resource name> <resource id>

e.g terraform import aci_tenant.myTenant uni/tn-myTenant

We added the aci_tenant.myTenant resource to the configuration file in Step 1. This command is now assigning an ID, the ACI Tenant Dn (uni/tn-myTenant), to the resource and will also import existing configuration.

Step 3 – Repeat for all required resources

This used the ACI tenant as an example however you may also need to import other resources such as bridge domains, VRFs, EPGs, contract. You would repeat the steps above for each of these resources. First add them all as resources and then run the import command referencing the name of the resource and the ACI Dn as ID.

ACI REST Resource

There are many properties of ACI that can be configured, however not all exist as Terraform resources in the ACI provider. For this reason the aci_rest resource was created and allows you to configure ACI Objects through the REST API. Any Model Object that is not supported by the provider can be created/managed using this resource.

As a result, anything that can be configured through the ACI REST API can be configured and managed by Terraform. Either through a native resource (e.g. aci_tenant), or using the API (aci_rest resource).

Here’s an example of creating an L3Out.

resource "aci_rest" "rest_l3_ext_out" {

  path       = "/api/node/mo/${aci_tenant.tenant_for_rest_example.id}/out-test_ext.json"

  class_name = "l3extOut"​​​​​​​

  content = {

    "name" = "test_ext"

  }

}

These is the same configuration you would find in a Python script making raw calls to the ACI API, only this is wrapped in a Terraform resource.

Note as well that you can still reference existing variables or properties such as the aci_tenant id.

https://www.terraform.io/docs/providers/aci/r/rest.html

Config Drift

“What happens if someone manually configures a resource Terraform is managing?”

This is a common question not only for Terraform but anytime we are using external tools to manage infrastructure.

In the case of ACI we can test it out and see what happens.

Step 1 – First create a tenant, my_terraform_tenant, with the following description.

resource "aci_tenant" "my_terraform_tenant" {

  name        = "tenant_for_terraform"   

  description = "This tenant is created by the Terraform ACI provider"

}

Step 2 –  Login to the GUI and under the Tenant -> Policy, update the description.

Step 3 – Run the terraform plan command and see what will happen

You should see that one change will be made to reconfigure the tenant description.

This validates what we have previously learnt. Terraform will attempt to maintain consistency between the desired configuration (.tf files) and the current state (terraform.tfstate file) of the infrastructure. If it notices that the state has been changed (manually in our case), it will reconfigure the infrastructure.

800800

Modifying Attributes vs Resources

Be aware that the outcome above may not always be the same when working with Terraform and ACI. Let’s run another test and see what happens.

Step 1 – Create a tenant, BD, and subnet with the following configuration.​​​​​​​

resource "aci_tenant" "myTenant" {

  name        = "myTenant"   

}

resource "aci_bridge_domain" "bd_for_subnet" {

  tenant_dn   = "${aci_tenant.myTenant.id}"

  name        = "bd_for_subnet"

  description = "This bridge domain is created by the Terraform ACI provider"

}

resource "aci_subnet" "demosubnet" {

  bridge_domain_dn                    = "${aci_bridge_domain.bd_for_subnet.id}"

  ip                                  = "10.1.1.1/24"

  scope                               = "private"

  description                         = "This subject is created by Terraform"

}

Step 2 – Through the ACI GUI, create a new subnet in the same bridge domain. I’ve used 172.16.1.1/24 as an example.

Step 3 – Run the terraform plan again and have a look at the output. You shouldn’t see any changes.

Step 4 – Delete the 10.1.1.1/24 subnet from the bridge domain, keeping the new subnet.​​​​​​​​​​​​​​

Step 5 – Run another plan and see the output. You should see that Terraform will add back the 10.1.1.1/24 subnet when applied. However it doesn’t know about the new subnet ,172.16.1.1/24, so this is left untouched.

This means we again have two subnets on the bridge domain.

Why is this happening?

Terraform tracks resources by an ID and a name. When it notices that a property (e.g. description) in a resource (e.g. aci_tenant) has changed, it updates the infrastructure to match what is in the configuration file. This is what happened with the description. Note that the ID and name of the resource didn’t change, it was still the same ACI tenant.

If you’ve worked with ACI you’ll know that you can’t rename objects. This is inherent to how ACI stores information. All objects have a unique distinguished name and this name is used when connecting various objects together. You can see this in the configuration above where a subnet points to the distinguished name of the bridge domain in which it resides.

As also previously mentioned, the Terraform ACI provider uses the Dn as the ID for the resource.

In the case of ACI a subnet is an object with a distinguished name. Since we can’t edit the name (10.1.1.1/24) we need to delete it and recreate it with a different name (172.16.1.1/24). This results in a new object and Dn and therefore a new Terraform resource and ID.

However the old subnet resource (10.1.1.1/24) still exists in the Terraform state file, while the new one hasn’t been imported. As a result, Terraform re-implements the 10.1.1.1/24 subnet and nothing happens to the 172.16.1.1/24 subnet.​​​​​​​

If you update the subnet in the Terraform configuration file you’ll see that Terraform takes care of the “renaming”. It will first delete the old subnet and then recreate a new one, making it appear as though it has been renamed.

Final Thoughts

Terraform is an extremely powerful and flexible tool however as you’ve seen so far, there are cases that may result in unexpected behaviour. Like any deployment, it’s always best to understand how you will use Terraform in your environment. The ACI simulator is a great way to learn, test, and plan any changes you wish to make before pushing to production.

Source: cisco.com

Continue reading

Use Success Tracks to Deliver Lifecycle Solutions

As customers look for ways to accelerate their digital transformation journeys, we must have offers and capabilities to help them move faster. Almost every customer is deploying and integrating new technology solutions into their existing infrastructure systems and data sources – and seeking to do this in a shortened timeframe. IT leaders need help to define a clear path to their desired outcomes while minimizing complexity and having access to the right resources at the right time.

Cisco Customer Experience (CX) has introduced a new service portfolio that can help customers find a faster path to value and accelerate their business outcomes.  It’s a new lifecycle-focused services portfolio called Success Tracks that includes a comprehensive suite of capabilities designed for specific use cases.  Success Tracks digitally connects customers to the right expertise, learning, insights, and support at the right time. We’ve introduced Success Track for Campus Network, with additional architectures, such as Security and Data Center, planned for release in 2021 and beyond.

While Success Tracks provides incredible value for customers, it also provides an excellent opportunity for partners to grow their business. How? Partners can access  critical customer insights throughout their technology adoption journey, providing valuable insights they can use to assess their customer’s needs and gaps and promptly address them. In essence, Success Tracks serves as a platform to enable partners to capture more customer opportunities.

Here’s a quick snapshot of what Success Tracks is and the opportunities where you can capitalize on to grow your business.

Success Tracks

CX Success Tracks is a suite of service solutions built from the existing services portfolio, combined with new features that digitally connect customers to the right expertise, learnings, insights, and support at the right time using a use case guided journey.​ Use cases are defined with specific customer outcomes and are essential for outlining and executing a roadmap for achieving success.

The CX Success Track suite of capabilities built from existing services and combined with new features, that provides expert resources, trusted support, insights and analytics, and contextual learning.  and digitally connecting customers through a new Customer Experience (CX) Cloud.

Customers engage and consume these capabilities and manage their technologies all in one place through a new digital platform called CX Cloud.

Opportunities for Partners

Success Tracks leverages automation and machine learning through Cisco intellectual capital and provides valuable customer information to partners via a new Partner Experience (PX) Cloud platform (see below).  It provides a new way to engage with Cisco and with customers.

You can  access information on your customer’s lifecycle, assets and coverage, advisories, cases, and other critical insights and analytics. Leverage this information to  increase your understanding of your customer’s technology adoption journey and  recommend services that can help your customer’s increase the use and adoption of their investments. Let’s review two examples.

The “Personalized Exposure Checks” feature provides information on relevant bugs, PSIRTS, and Field Notices for specific devices. When deploying new devices for the customer, you can access Personalize Exposure Checks, scan the device, detect any known vulnerabilities, and then provide remediation services for known issues to validate new devices have the latest updates and protection.

The “Optimal Software Version” feature provides recommendations to help identify the best version for upgrades and optimal software performance. You can provide services to help customers simplify their networks by configuring a minimum number of software versions across all devices, determine when it is best to schedule and perform software updates, and monitor their devices to ensure software versions are up-to-date across the network.

These examples provide just a fraction of the many potential opportunities you take advantage of to help your customers accelerate their success, while expanding your business growth and profitability.

Continue reading

Become DevNet Professional by Passing Cisco 350-901 DEVCOR Exam

The Cisco Certified DevNet Professional 350-901 DEVCOR exam evaluates your knowledge of software development and design, comprising using APIs, Cisco platforms, application deployment and security, and infrastructure and automation. This exam assesses an applicants' understanding of software development and design, including using APIs, Cisco platforms, application deployment and security, and infrastructure and automation. Cisco Certified DevNet Professional exam enriches your employability and makes your educational records shine.

Who is the Targeted Audience for the Cisco 350-901 DEVCOR Exam?

The Cisco 350-901 DÉCOR exam is intended for those professionals or developers who have some years of experience designing and maintaining custom-designed applications constructed on Cisco technology and employing the Cisco platforms. This Cisco certification will authenticate your skills and knowledge associated with developing, designing, and debugging an application using the Cisco APIs, media, and infrastructure.

The Cisco 350-901 exam is specially designed for the following professional.

• Network engineers: Have a plan to sharpen their skills in software and automation.
• Developers: Have the plan to inflate expertise in automation and DevOps.
• Solution architects: Have the plan to move on Cisco ecosystem.
• Infrastructure developers: Have a plan to design in tough production environments.

Advantages of passing Cisco 350-901 DEVCOR Exam:

Now that you know what you require to do to pass the Cisco 350-901 DEVCOR exam, aren't you interested in knowing the advantages of this certification? As Cisco is an international vendor acknowledged by organizations worldwide, Zachariah z your access to corporations will be more comfortable. Hiring managers will consider you a top applicant when they see the Cisco Certified DevNet Professional certification on your resume since Cisco is considered as a leading IT vendor in the IT field and a reputable provider of the most renowned IT certifications.

Read: What to Expect from Cisco DevNet Professional Certification?

After earning this professional certification, you can anticipate an excellent career boost. You will also have more possibilities to get a higher position in your organization and be acknowledged as a valuable team member. According to the Payscale website, you can earn annually about $95,385 with this professional certification.

Top Tips to Prepare for Cisco 350-901 DEVCOR Exam

Preparing for any Cisco exam demands a great deal of time and hard work. But all that would be put to waste if you don't use it adequately. So here are a few tips you can follow to achieve an excellent score in the actual exam:

1. Know the Exam Objectives

First of all, you have to have a clear idea about the result you want to achieve and determine what topics you should study. Generally, the objectives of a syllabus give thought to what the exam expects of you. So, you can use them as a road map for your preparation. By doing so, you can center your efforts on what is most essential.

2. Get Reliable Study Materials

The internet is huge, and you can discover numerous resources created by people claiming they are legal and authentic. But you must perceive that most of them are fake. And if you obtain them for your exam preparation, they can do more harm than good. To evade this, you have to make sure that whatever study resources you use are valid and updated.

3. Make a Study Schedule and Follow It

Most candidates fail to study all the Cisco 350-901 DEVCOR exam objectives in time and end up cramming the night before the scheduled exam. Even though some argue to remember better when doing that, it's not completely true. You will be successful in recalling little surface details while you blank out most of the basic knowledge. But if you study as per your study schedule, you can be sure to have a solid grasp of all the syllabus topics before the exam and not leave out anything important.

4. Cisco 350-901 Practice Exams

If you wish to excel at what you do, you have to have practiced it. Having way makes it simpler for you to remember whatever you studied, and today you can find several options helping to acquire practical skills in practicing your knowledge. For instance, you can use the practice test for Cisco 350-901 DEVCOR exam.

Practice tests make you familiar with the exam structure and kind of questions you will be asked, so you may identify your weak points and work on them. You'll also be in a position to know how to manage your time intelligently.

5. Correct your Mistakes

Correcting your mistakes is vital if you want to better your score. If you don't completely check where you made a mistake and are not trying to understand the concept in a better way, you will be turn out to make the same mistakes again and again.

6. Actively Participate in Discussions

Try to find a study partner or join online forums or communities. This will present you with different questions that will get you thinking in a wider spectrum. It will show you that you don't know many aspects and will help you strengthen your knowledge. An added benefit of participating in online discussions/communities would be that you can share resources and get guidance from professionals in the field.

7. Develop Interest

Doing something without any interest will only stress your mind and give you unsatisfactory results. The same applies when it comes to studying. So, try to do things in a new and interesting way so that your study time becomes more fruitful. Explore some different types of studies like books, practice tests, youtube videos, etc. Also, you can compensate yourself after completing a chapter or so, for instance.

Conclusion

The world today is very competitive, and the same can be said for Cisco exams. If you want to pass them, you have to be study hard and be smart. So, employ practice tests and other reliable resources to prepare for your 350-901 DEVCOR exam and make use of the tips mentioned above. It's the sure way to breeze through the exam to get yourself Cisco DevNet Professional certification.

Continue reading