How to Balance IT Stability and Strong Security

Remember the old days of deploying Anti-Virus (AV) across your organization? Most often, it was a “set it and forget it” approach. It worked back then. Until it didn’t.

This leaves us with a perplexing dichotomy. On the one hand, the mindset of the old AV days still persists, where many companies are reluctant to update, upgrade, or even touch their existing security technology. On the other hand, we found in our recent 2021 Security Outcomes Study that most practitioners believe a technical refresh is the most prudent approach to staying ahead of existing and emerging threats.

So where is the problem? What is it that causes organizations to resist upgrading?

Instability as a Source of Insecurity 

The problem is one of stability. After all the configurations have been tweaked to make a deployed product behave as a finely tuned engine, there is nothing more uncertain than having a vendor announce a new product that has the potential to disrupt your harmonious tech orchestration. To state it more bluntly, people have been burned too many times with the promise of the latest and greatest software that ultimately interrupts their workflow and, in some cases, entirely halts production.

This is the classic struggle between operations and security; they do not always line up. Everything might be flowing smoothly, but when an exploit emerges that an attacker could use to compromise the organization, the security team is viewed by the organization as overly paranoid if they want to make changes, threatening the stability of a perfectly functioning environment. In other instances, the security team may not even have the time to stay on top of necessary updates, leading to “upgrade resistance” even among the security ranks.

Why Is Stability Threatened When a New Product Is Introduced?  

According to our Security Outcomes Study, it would seem that the inability to retain skilled security professionals may be part of the problem. Another factor is that even with a staff of skilled professionals, they are often stretched beyond their capabilities and are expected to do too many tasks in the course of a normal workday. Unfortunately, short staffing and an overworked security team can lead to a lack of testing, which can create issues when it comes to effectively implementing software updates.

How to Ensure Success

Proper training

When we think about the tools needed to succeed, one of the best tools for any staff is training. If you offer training to the staff, you end up not only with a stronger, more skilled team but also a team that feels valued and appreciated. As shown below, role-specific training is one of the top success factors that can help a security team keep up with business demands.

Top security success factors for keeping up with the business

I am often reminded of a joke that I heard where a manager asks, “What happens if we spend money on training and the staff then leaves?” To which the other person responds, “What happens if you don’t train them and they stay?”

It is all about instilling confidence in the team and empowering them to make the correct choices when it comes to what’s best for an organization’s overall infrastructure. For example, testing prior to deployment is an absolute necessity towards the success of any project.

Reliable vendors

Another key to ensuring success is to work with reliable and trustworthy vendors. The vendor relationship is important from a technology standpoint as well as a business standpoint.

How can you combat the fear of new security technology in an organization? You can do so by imparting stability into project plans, which can be achieved by elevating your staff’s qualifications and by working with reputable vendors. As shown below, properly managing vendor security is one of the top success factors for creating a strong security culture within an organization.

Top success factors for creating a strong security culture

Automated, integrated technology

Last but certainly not least, technology itself can help with maintaining a stable and secure environment, while not letting software get out-of-date. In addition to protecting an organization’s infrastructure, security technology should ideally empower teams as well. It should provide security professionals with a boost, not a burden.

Seek out security technology that is streamlined, integrated, and automated. Unfortunately, the culture of procuring a new point product for every new security threat has left us with crushing complexity in many cases. Vendors today must simplify their security offerings by making them work together to reduce the manual processes that often slow down security teams.

By lessening the tedious, time-consuming tasks that stand in the way of fast, effective security, an integrated, automated tool set can help security teams more confidently stay on top of technology updates – and implement them more safely and securely. In time, this confidence can extend over to other parts of the organization and lessen overall resistance to change. After all, you cannot properly secure an organization with stagnant technology.

How Cisco can help

Cisco has been on a mission for several years to simplify and streamline its security capabilities. With the launch of Cisco SecureX, we introduced an integrated platform that incorporates greater visibility, efficiency, and automation into security processes. It brings together our entire Cisco Secure portfolio, as well as many third-party technologies, to streamline and strengthen operations not just for security teams, but for IT and networking groups as well.

With SecureX, these various teams can more easily collaborate – viewing and responding to the same data in the same place – to more quickly and effectively identify and troubleshoot potential issues. Additionally, since SecureX is delivered via the cloud, it is easy to add or update security capabilities as needed, further lessening the burden of proactive tech refreshes.

While there are many steps that can be taken to strengthen security, our Security Outcomes Study suggests that proactive tech refreshes, training, strong vendor relationships, and integration and automation can all go a long way.

Source: cisco.com

Continue reading

Meet the Enchanted Virtual Classroom

Cisco Networking Academy enables distance learning

The COVID-19 pandemic has disrupted the traditional education model for millions of students and teachers around the world, including the nearly 12,000 learning institutions worldwide that participate as Cisco Networking Academy schools. 

The Networking Academy curriculum has been delivered via a hybrid model of in-person and online teaching. So when the pandemic hit, and while many schools, teachers, and students experienced widespread disruption and challenges in making the move to a 100 percent online model, the Networking Academy transition was manageable, and students and teachers were already equipped to operate exclusively online effectively.

Beyond the move to a fully online model, the events of 2020 pushed our engineering teams at Cisco to look for new ways to offer both students and teachers more immersive experiences and better learning engagement opportunities.  

Working hand in hand with Networking Academy instructors, our engineers delivered significant enhancements to Cisco Packet Tracer’s physical mode. Combined with significant increases in the availability of our Cisco Webex collaboration suite, our teams have created what we like to think of as an “Enchanted Virtual Classroom.” 

Welcome to a world of enchantment

The concept of enchantment in the digital world – and specifically the notion of “Enchanted Objects” – has been introduced by David Rose, product designer and lecturer at the MIT Media Lab. According to Rose, Enchanted Objects can be brought to life thanks to specific design guidelines for immersive Internet of Things (IoT) environments that align with fundamental human desires including “omniscience, telepathy, safekeeping, immortality, teleportation, and expression.” 

Rose believes that IoT sensors and actuators embedded in our physical environments can lead to enchanting experiences. 

Within Cisco Networking Academy, we are applying this design philosophy to distance learning. 

Fusing Packet Tracer – which invokes senses of safekeeping (a safe place to make mistakes), omniscience (creating networks from scratch), and expression (telling networking stories relevant to their lives), with Webex – which invokes senses of telepathy (insight into how others think) and teleportation (video collaboration as if we were sharing the same physical space doing labs together) enables useful, purpose-driven, even enchanting distance learning experiences. 

We seek to help address issues that arise from the loss of physically co-located instructors, students, and equipment. A simulation-based microworld, like Packet Tracer 8.0, with enhanced physical mode representations, used in tandem with collaboration software such as Webex, may have synergies that lead to effective and delightful experiences. 

The Charm of Packet Tracer

The new version of Packet Tracer (PT 8.0), released last month, approximates the experiences of the real-world job and classroom lab interactions as shown in Figure 1. 

Using the “Geo” mode (Figure 2) students can explore floor plans, maps, and other background images that help provide context heat maps showing Wi-Fi, cellular, and Bluetooth signals, as well as manipulable cables. This representation encourages tracing a packet across various physical locations. 

With the new Packet Tracer capabilities, students can build “What-if” models, following their own inquiry, using Packet Tracer as a “virtual Lego kit.” Students can also be assigned structured design, configuration, and troubleshooting challenges, using activities that were authored via Packet Tracer’s Activity Wizard and which are automatically graded (as shown in Figure 3). 

Students can interact with a shelf (inventory system) at right, having to choose amongst devices. They can also interact with a pegboard, having to choose among cables, place devices at specific locations on tables (centre) and equipment racks (left), as well as power devices and read status LEDs.

The magic of learning through Webex 

Webex is now integrated within the NetAcad.com platform, making relevant features for teaching more readily available to Networking Academy instructors, including:

◉ Whole-class, lecture-style interaction via video and audio

◉ Breakout lab-group style interaction

◉ Screen sharing with remote annotation, desktop mouse and keyboard sharing, and whiteboarding

◉ Attendance, chat, polling, and notes

We believe Webex can enable interactions like “over the shoulder” coaching and peer-to-peer group collaboration within Packet Tracer labs, creating powerful synchronous and asynchronous distance learning experiences.

We know that human-to-human relationships are central to learning. Cisco Networking Academy is pioneering better distance learning by making enchanted virtual classrooms with playful, simulation-based, collaborative educational interactions a reality. And this is just the beginning.

Source: cisco.com

Continue reading

Radically simplifying unified communications with secure connectivity

Unified Communications (UC) has been defined in more than a few different ways. It’s a set of technologies that continue to advance how individuals communicate with one another. As humans, we have preferences in the way we communicate. We send and we receive communications and sometimes it is more effective to communicate using the method the ‘receiver’ prefers. Also, your preferred method may not be as effective as another method for you – perhaps to keep a record of leave breadcrumbs to information you may need to refer back to. Unified Communications can enhance and optimize these interactions while reducing latency and eliminating both device and media dependency.

94% reduction in unplanned downtime

– Business Value of Cisco SD-WAN Solutions: Studying the Results of Deployed Organizations, IDC, April 2019.

Unified communications integrates communication services including voice, extension mobility and single number reach (as well as other advanced calling features), instant messaging, presence information, video conferencing including data and desktop sharing, with non-real-time communication services such as unified messaging (integrated voicemail, messaging, email, and faxing).

Figure 1. Integrating Unified Communications with Cisco SD-WAN

Cisco SD-WAN Solutions with Integrated UC

Cisco has taken this integration to a new level. By integrating UC with our industry-leading Cisco SD-WAN solution onto a single device, we provide our customers and partners with the opportunity to reduce costs by eliminating the need for a second platform for UC, while simplifying deployment and reducing complexity of the overall solution. For large enterprise datacenters, service providers and colocation providers, the reduction in footprint and time to rack and stack can also be massive. For existing customers with Cisco SD-WAN edge devices, Unified Communications has now been fully integrated in the IOS-XE v17.3 release.

Productivity despite adversity – the ‘Branch of One’ Use Case

In 2020, for many, the place you work from changed. Both the user experience and productivity were negatively impacted. Many questioned, “How can I set up a secure connection to my company network and still have productive interactions using various connectivity tools with the performance required to support them – from the kitchen table?” You need your own branch office. And let’s not forget that a significant other may need similar capabilities from the living room…and maybe the kids need to connect for distance learning from their bedrooms. Then the afternoon arrives, and the kids sign off videoconferencing, but are now streaming movies and playing video games. Bandwidth is limited, so you need to prioritize your videoconference over gaming traffic. You start a late videoconference, but the ‘dinner rush’ starts and the kitchen table seem to become a hostile work environment and you need to switch the videoconference to a mobile device and head to the back yard.

Having a Cisco edge platform with integrated UC enables communications while it simplifies, segments, and secures your connectivity.

Cisco SD-WAN Unified Communications and Voice Integration Benefits

Let’s review some of the main benefits from Cisco’s SD-WAN and UC integration:

Telephony Integration

Cisco is the only vendor to natively integrate analog, digital and IP telephony interfaces directly into the Customer Premise Equipment (CPE)

Reduced OpEx and CapEx

With both UC and SD-WAN within a single CPE, there are less support and licensing costs, as well as eliminating the cost of the UC hardware

VoIP Solution Investment Protection

Many customers have large deployments of IP phones and other VoIP solutions. Integration of UC/Voice on Cisco edge devices ensures that existing equipment investments can be leveraged since they are supported in the cloud with Cisco SD-WAN.

Reduced Complexity

Cisco vManage can orchestrate scalable and consistent UC configurations across the entire enterprise via templates and policies can prioritize specific applications links, with fallback capability in case of link failure or degradation.

Telephony Survivability

Prevents internal and external IP phone outages using Cisco unified SIP SRST enabling the edge device as the fall back IP PBX with access to the PSTN.

Middle-mile Optimization

Cisco is the only vendor extensively partnering with colocation and SDCI Partners for optimization with cloud applications (Cisco WebEx, UCM Cloud and more). Cisco’s Cloud OnRamp functionality provides optimal performance for UC applications hosted in a SaaS cloud.

Ensuring security and communication integrity

Cisco SD-WAN also integrates best-of-breed security with cloud-based Cisco Umbrella or Cisco’s on-premise security portfolio, thereby ensuring the security and integrity of your network and Unified Communications.

The Distinguishing Features of Cisco

Cisco’s rich feature set in this integrated solution meets the most demanding needs of the enterprise. Let’s take a closer look at some of the key features:

Application Visibility

Application visibility is an essential element for any SD-WAN solution, not only from a monitoring standpoint, but also for analytics and policy construction. Traditionally, policies for the WAN required administrators to use IP Addressing, Ports, Layer 4 Protocol, DSCP value, and more to define traffic that should receive any special treatment. This worked in the past, but as applications evolved, policy cannot be built on these criteria. In our multi-cloud world, applications are far more dynamic and often cannot neatly fit within the confines of legacy rules. Cisco’s SD-WAN solution addresses this by utilizing both Qosmos and Network Based Application Recognition (NBAR2) to identify the applications to which it is forwarding traffic. Deep-Packet-Inspection (DPI) engines are invoked directly in the Data Plane and evaluate every packet. By using a complex formula of Layer 3, 4 and 7 information, the engines are capable of identifying which WAN application a particular packet belongs to. The data can then be used within a policy to provide intelligent routing for these applications. If an administrator wants to provide priority to Unified Communications traffic such as a videoconference, they are no longer required to specify DSCP values, ports or IP Addresses. They simply select the Unified Communications Application Family. Qosmos and NBAR2 will do the rest!

Application-Aware Routing

Cisco application-aware routing computes the optimal paths for data traffic, helping assure service levels for UC applications as well as voice traffic. These paths are calculated by tracking characteristics including packet loss, latency, and jitter in the data plane tunnels between edge devices. Cloud OnRamp automates the selection of best performing path to cloud-based UC services, including the choice of DIA for remote locations.

Quality of Service (QoS)

Automation of QoS deployments using Cisco vManage to simplify and assure best quality for voice and video. QoS prioritizes bandwidth for UC and voice traffic. The SD-WAN overlay network examines packets that enter at the edge of the network, while the edge devices are configured to provision QoS. The data traffic will then flow automatically over IPsec connections between edge devices.

You can also modify the packet forwarding flow with centralized and localized data policies. The centralized data policy enables control over traffic based on the address, port, and Differentiated Services Code Point (DSCP) fields in the packet’s IP header. The localized data policy controls the flow of traffic into and out of the edge devices’ interfaces.

Each interface has eight queues on edge devices, numbered 0 to 7. Queue 0 is reserved for both control traffic and low-latency queuing (LLQ) traffic; you must configure any class mapped to queue 0 to use LLQ. All control traffic is transmitted. Queues 1 to 7 are available for data traffic.

Per-VPN topology

Virtual Private Networks (VPNs) provide segmentation and enhanced security in the SD-WAN overlay, much like Virtual Routing and Forwarding instances (VRFs). Each VPN is isolated and has its own forwarding table. Each Interface or sub-interface is explicitly configured under a single VPN, using labels in OMP route attributes and the packet encapsulation to identify it. You can create a separate VPN topology for UC traffic (full mesh).

Packet Duplication and Forward Error Correction

Forward Error Correction (FEC) and Packet Duplication enhancements were added to Cisco SD-WAN. Packet Duplication creates a copy of critical application flows across the SD-WAN fabric. FEC drastically improves audio/video quality over a lossy link such as an internet connection by adding correction packets to the flow. If packet loss occurs, these duplicated/FEC flows can be recovered from a secondary link. This does however come with the requirement of up to doubling the bandwidth allocated for a given application. However, for Unified Communications flows, this may be acceptable when considering these traffic flows are generally smaller. Also, CODEC selection can also help to alleviate the burden that Packet Duplication/FEC incurs.

Data Policy-Traffic Engineering

Data policies affect the flow of data traffic through the network based on fields in the IP packet headers and VPN membership. You can use centralized data policies for application firewalls, service chains, traffic engineering, QoS, and Cflowd. Localized data policies allow you to configure data traffic handling at a specific site, including ACLs, QoS, mirroring, and policing. A centralized data policy such as QoS classification or app-route policies may also impact handling on edge devices. You may also route voice traffic based on data policy with Cisco SD-WAN.

Geo-Redundancy

UC traffic routed through geo-redundant network links enable failover and fallback protections.

In today’s business environment, it’s never been more important to reduce costs. Cisco now offers a robust, integrated UC and secure SD-WAN solution on a single platform to both reduce CapEx and decrease support and licensing costs that reduce OpEx.

We are all doing more with less. Cisco vManage helps reduce complexity with the addition of UC orchestration with configuration via templates and policies for consistency across an enterprise datacenter, network operations center of colocation facility.

With middle-mile optimization and telephony survivability, Cisco offers the business resiliency and options to maximize your performance now, and for future needs.

Integrating UC with Cisco SD-WAN provides benefits regardless of if you are a Multi-national conglomerate with many datacenters, a service provider or a Branch of One.

Continue reading

Balancing Safety and Security During a Year of Remote Working

I have not been inside an office building for 12 months. A sentence I did not imagine writing anytime soon. Last February, everything changed. And when we pause to reflect, we have to consider that, of the many dramatic impacts to our lives, to society, and the world, in the realm of the professional, one of the most impactful changes has been the fact that many of us no longer commute to an office to perform our jobs.

It’s been a year, give or take, since organizations had to provision extraordinary numbers of employees to work remotely as a result of the pandemic. Some companies may consider reopening traditional offices again, but the new work-from-home paradigm has many people contemplating a hybrid model (remote-first seems to be a popular option). In a recent Cisco study, not only were many people currently working remotely, but a substantial percentage of organizations also said that more than half of their employees would still work remotely once pandemic restrictions are lifted.

Source: Cisco Future of Secure Remote Work Report

The pandemic brings new security challenges

In security, we lament about how new initiatives are often instituted with threat protection as an afterthought. This is somewhat true as well of this rush to remote working, especially for companies that had not previously entertained the concept of remote work.

Security cannot remain a secondary thought, and it was quickly understood that remote working led to new security challenges. The concept of “Bring Your Own Device” was in full bloom – maybe “Use Your Own Device” is more accurate given that no one has been bringing anything anywhere. 

While we were working to secure this new environment, there was a dark side brewing; the world of cybercrime saw an opportunity to capitalize on the haste to preserve life, and we saw a rise in cyberattacks. In one analysis by Cisco Talos, pandemic-themed phishing scams emerged over the course of just a few months.

Percent of observed emails tracked by Talos containing pandemic themes

Source: Cisco, “Defending Against Critical Threats, A 12 Month Roundup”

While the pandemic raged on, and cybercrime targeted our fears, there was no slowdown in the everyday threats that carried on with broader targets, as shown in this timeline from a recent Cisco report.

Source: Cisco, “Defending Against Critical Threats, A 12 Month Roundup”

Cisco technology for secure, remote work

At the start of the pandemic, Cisco quickly took action to help our customers securely provision for remote workers. Some of the offerings included extended free licenses and expanded usage counts for Cisco Webex, as well as several technologies for securing remote access and endpoints.

We all know that the pandemic will not last forever, but as mentioned previously, remote work is a viable way to run many businesses. What are some of the best ways to protect your company’s workforce? Cisco has developed the Secure Remote Worker solution, which incorporates many security components needed to embrace this new work setting.

With Cisco, New Castle Hotels and Resorts was able to secure its remote workforce within hours. According to Alan Zaccario, Vice President of IT and Cybersecurity for New Castle:

“Cisco security has definitely proven to be the correct choice, because Cisco enables a strong security posture for remote work. When the rapid move to remote work happened, my biggest concern was helping people configure local printers and scanners, not scrambling to secure the enterprise.”

One thing that we can all agree on is that sitting alone in your room, working remotely, can be a lonely undertaking. That’s why collaboration tools are key to not only keeping the business on track, but also keeping us connected. However, collaboration can sometimes add more complexity, and that is why we have enhanced our Cisco Secure Remote Worker offering by coupling security with collaboration tools that make remote work more secure.

Finally, the Cisco SecureX platform brings all of our security technology (plus third-party technologies) together to protect users and devices wherever they are. SecureX is built into every Cisco product. It is a cloud-native platform that connects our integrated security portfolio and customers’ security infrastructure to provide simplicity, visibility, and efficiency.

SecureX delivers a unified view of customers’ environments, so they no longer have to jump between multiple dashboards to investigate and remediate threats. It also gives customers the ability to automate common workflows across security products from Cisco and third parties to handle tasks such as threat hunting and identifying device vulnerabilities.

“We really can’t afford a misfire with our security spend,” added Zaccario of New Castle. “We understand the Cisco security integrations, and how Cisco’s platform approach protects our investment.”

The tragedies of the pandemic have taught us many important lessons. From a technology perspective, as we all scrambled to create a fully remote workforce, it is nice to know that the capabilities to do so securely have kept pace with the need to protect the health of our most valuable assets, our co-workers.

Source: cisco.com

Continue reading

DevNet Specialized Partners Gain API Insights for Pandemic Challenges

The network connects everything. It stands at the vortex of IT and business. It has the potential to constantly empower, protect and inform all IT and business processes. As users, devices, and distributed applications have grown in number, the networking environment has become exponentially more complex.

Intent-based networking transforms a hardware-centric, manual network into a controller-led network that captures business intent and translates it into policies that can be automated and applied consistently across the network. The goal is for the network to continuously monitor and adjust network performance to help assure desired business outcomes.

Cisco DNA Center is the network management and command center for Cisco Digital Network Architecture (DNA), and it is at the heart of Cisco’s intent-based network. It enables you to:

◉ Configure and provision thousands of network devices across your enterprise in minutes, not hours.

◉ Deploy group-based secure access and network segmentation customized for your business needs.

◉ Monitor, identify, and react in real time to changing network and wireless conditions.

◉ Enhance the overall network experience by optimizing end-to-end IT processes, reducing total cost of ownership, and creating value-added network.

While our networks are evolving and becoming more complex, the world around us has also become even more complex. As nations continue to struggle with the challenges brought on by the COVID-19 pandemic, the workforce is likely eager to return to the office and at the very least, return to some level of normalcy.

Ensuring a safe return to the workplace

Many essential businesses have remained open during these trying times, and as restrictions begin to ease up, many will begin re-opening their offices soon and offering their employees the opportunity to conduct business in-person once again. As the global workforce emerges from their office exile, it is critically important to ensure strong safety measures are in place to minimize the risk and reduce the likelihood of a viral outbreak in the office.

The unique circumstances that businesses face today call for a new breed of innovation to help get through these modern challenges. Developer APIs built on-top of Cisco’s technology can help facilitate that innovation. While traditional business problems solved through APIs are commonly associated with digital experiences, there is a mind shift brewing that begs the questions, “how can these APIs provide better physical experiences in this pandemic world?”  

Like building a network security policy, companies need to be able to have visibility, consistency, scalability, and adaptability across their infrastructure to reduce the attack surface and minimize the potential risks from threats (regardless of whether that threat is digital, physical, or biological). Programmability and APIs are the tools that arm developers and engineers with the visibility, consistency, scalability, and adaptability they need to help their businesses transform and prepare for a safe return to office life. 

Rich APIs can facilitate this new breed of innovation

While these rich APIs can facilitate this new breed of innovation, it is up to our partners to be able to deliver on that innovation. Cisco’s partners have been uniquely positioned to “be the bridge” that gets the world back to the office safely and deliver these new innovations to their customers.  

When it comes to Cisco customers knowing which partners to trust and deliver on that innovation, look no further than our growing list of DevNet Specialized Partners. 

The DevNet Specialization recognizes Cisco partners with demonstrated software skills and business practices that leverage API capabilities of Cisco products and services to deliver successful outcomes to their customers. A DevNet Specialized partner is one that is fully equipped to build and deliver on the innovations needed to make the return to the office safe and effective. 

While there are many benefits to the DevNet Specialization program, such as Ecosystem Exchange placement to co-market with Cisco and pre-sales consulting opportunities, one of the unique benefits we offer to our specialized partners is the exclusive API Insights webinar series, which provides the latest information on Cisco API releases, industry trends, best practices, and technical deep dives on API-related topics. 

The most recent API Insights webinar – offered exclusively to our DevNet Specialized partners – focused on how DNA Center can be leveraged to perform contact-tracing inside of an office building. It began with an overview of the API capabilities provided by DNA Center, making sure that our DevNet Specialized partners had a base understanding needed to advance the conversation.

Cisco DNA Center “Pandemic Proximity” use case

From there, it dove into the “Pandemic Proximity” use case for DNA Center, covering all the implementation details needed to build and deliver this use case to customers. Partners were provided with a deep dive into the technical aspects of this use case and how Cisco technology can better track in-person interactions across the office, as far back as 14 days. 

If a business ever faces the unfortunate challenge of dealing with a viral outbreak in their office, they can use these capabilities, delivered by a DevNet Specialized partner, to understand where the contagious employee was in the office, and who they might have come into contact with. This can help reduce the impact caused by an outbreak, keep more employees safe, and help reduce the disruption to business that this may cause. It also has the potential to save lives in the process. 

While more information will be available in the future about the “Pandemic Proximity” use case for DNA Center, Cisco’s partners in the DevNet Specialization program are uniquely positioned to deliver on this use case today, having gained the necessary insights and knowledge from Cisco experts through the API Insights webinar. Although this quarter’s API Insights event has already concluded, I am already looking forward to what the API experts have in-store for next quarter, and how, together, we can all better the world through programmability and APIs. 

As a reminder, these API Insights webinars are available exclusively to partners that have already achieved their DevNet Specialization. I invite you to learn more about the DevNet Specialization so that you and your teams can also experience these exclusive insights/webinar events, and ultimately you can see how being DevNet Specialized can benefit your teams, your business and the business of your customers.

Continue reading

Real-Time Translations, Improved Search Performance and More in the Webex App March Update

Webex App March Update

As the saying goes, March comes in like a lion and out like a lamb. So does the Cisco Webex app … at least the lion part. In this month’s release, we bring you the much-anticipated king of features: real-time translations in meetings. In messaging, we deliver a 4x improvement in Webex search performance. In Webex Calling, you’ll see key feature enhancements for media optimization, and in Unified CM, new call recording services among other exciting developments.

Meetings in Webex

◉ In late March, Webex will begin a trial of real-time translation* – from English to 100+ languages. That means, non-native English speakers and/or hearing-impaired participants can choose closed captioning translation from English to one of the 108 additional languages supported. Real-time translation aids understanding and creates a more inclusive meeting, where language no longer be a barrier to great collaboration. Imagine the impact real-time translation could have on a virtual global classroom or a multinational company all-hands where better understanding could result in greater engagement. And we have deeply embedded this capability into the Webex UI, so the user experience will be familiar and effortless. See it in action:

Enterprise customers can reach out to their Cisco sales rep to sign up for the real-time translation trial. The trial will also be enabled on Webex.com with some restrictions. We will open the trial more broadly in May when the feature becomes generally available.

◉ Another long-awaited feature: Q&A is now supported in Webex Meetings. Together with previously released features – such as breakout sessions, co-hosts, and hard mute – you now have all the functionality you need to have a great training experience in Webex Meetings. The Q&A capability allows attendees to post questions in the Q&A panel with answers provided by the host and co-hosts. Multiple co-hosts can be assigned to the meeting, so you can have as many Q&A panelists as needed to conduct a highly effective training session. Teachers and corporate trainers now have powerful tools to conduct interactive and effective training sessions in Webex Meetings.

◉ For scheduled meetings, we’ve improved the attendee join experience in the event they join before a meeting starts. Rather than having to hang up and dial back in, they can now wait in the pre-meeting lobby until the host arrives and even notify the host that they are waiting. This feature is already available for Webex Personal Room meetings, so this is making the experience consistent across Webex meeting types.

Messaging in Webex

With a 400 percent improvement in our search performance time, you will now enjoy lightning-fast results when you search for key words in Webex messaging. Webex will return near instantaneous results, which will make you more efficient than ever before. No more endless scrolling through spaces to find that particular message. You’ll also be able to narrow your search and find messages instantly with the addition of In: (In a space) and From: (From a contact) modifiers. These can be selected from the advanced search menu or typed straight into your search box. Or, speed things up with new keyboard shortcuts:

Command + F: Open search bar

Command + F +Shift: Open search in space

◉ Viewing, sending and navigating files are some of the most frequent actions we take every day as we collaborate. With this in mind, we have made major updates to the content tab including a new ‘list’ view option for reviewing files in chronological order, as well and the ability to drag and drop files into this area to share in the space. This enables you to keep all your project assets easily accessible in a space that is well organized.

◉ Team spaces are great when a team project needs to be broken down into smaller sub-groups, allowing more efficient and precise collaboration. Originally, moderators only had control over the ‘General’ space. Now moderators have full control over all spaces within a Team. This gives them extra control and additional features such as the ability to add and remove participants and control the contents of a space including deleting other users’ messages.

◉ When working across multiple spaces, it can be easy to get distracted and forget what you were working on. We have now added ‘forward and back’ arrows on the Webex app header to help guide you through your spaces and keep track of where you were.

Calling in Webex

◉ Making calls has never been easier in Webex. In the desktop client, you’ll now be able to input the phone number in the global search bar and press ‘Enter’ to make the call. You no longer need to navigate your mouse to click the audio or video call buttons. Or speed things up even more with new keyboard shortcuts:

Audio call:

Option + Command + C

Control + Alt + C

Video call:

Option + Command + U

Control + Alt + V

◉ Webex app with Webex Calling: Media optimization (ICE) allows calls between the Webex app to keep media on premise. This helps businesses decrease bandwidth usage, reduce latency, and improve quality performance. No extra hardware or configuration is required. Backend support will launch by the end of March, and when integrated into the Webex app the first week of April, ICE will automatically improve call performance.

◉ Webex app with Unified CM: More controls are coming to call recording. If you’re set up by your administrator to record calls, you can now start and stop recordings as needed during your call, providing flexibility and greater control. If the call is being recorded, the recording continues if you move the call to another device, merge the call with another active call, or make it a conference call. A visual indicator light will be visible to let you know when a call is being recorded.

Webex App Device Integration

◉ In situations where proximity is not available, you can now pair to a device using a 9-character code. For instance, if you’re on a guest network, simply get the code from the device and enter it into the Webex app device panel. Once paired to the device, you can use the device for audio/video, wireless screen share, and device control enabling you to be able to work the way you want with the device of your choice.

◉ Closed captioning is now available on Webex devices for Webex Assistant for Meetings subscribers. Hosts were already able to turn on Webex Assistant for Meetings from their devices. Now, participants and hosts using Webex devices will also be able to see closed captioning, making the experience more aligned across Webex apps and devices.

Continue reading

Enable Consistent Application Services for Containers

Kubernetes is all about abstracting away complexity. As Kubernetes continues to evolve, it becomes more intelligent and will become even more powerful when it comes to helping enterprises manage their data center, not just at the cloud. While enterprises have had to deal with the challenges associated with managing different types of modern applications (AI/ML, Big data, and analytics) to process that data, they are faced with the challenge to maintain top-level network and security policies and gaining better control of the workload, to ensure operational and functional consistency. This is where Cisco ACI and F5 Container Ingress Services come into the picture.

F5 Container Ingress Services (CIS) and Cisco ACI

Cisco ACI offers these customers an integrated network fabric for Kubernetes. Recently, F5 and Cisco joined forces by integrating F5 CIS with Cisco ACI to bring L4-7 services into the Kubernetes environment, to further simplify the user experience in deploying, scaling, and managing containerized applications. This integration specifically enables:

◉ Unified networking: Containers, VMs, and bare metal

◉ Secure multi-tenancy and seamless integration of Kubernetes network policies and ACI policies

◉ A single point of automation with enhanced visibility for ACI and BIG-IP.

◉ F5 Application Services natively integrated into Container and Platform as a Service (PaaS)Environments

One of the key benefits of such implementation is the ACI encapsulation normalization. The ACI fabric, as the normalizer for the encapsulation, allows you to merge different network technologies or encapsulations be it VLAN or VXLAN into a single policy model. BIG-IP through a simple VLAN connection to ACI, with no need for an additional gateway, can communicate with any service anywhere.

Solution Deployment

To integrate F5 CIS with the Cisco ACI for the Kubernetes environment, you perform a series of tasks. Some you perform in the network to set up the Cisco Application Policy Infrastructure Controller (APIC); others you perform on the Kubernetes server(s). Rather than getting down to the nitty-gritty, I will just highlight the steps to deploy the joint solution.

Pre-requisites

The BIG-IP CIS and Cisco ACI joint solution deployment assumes that you have the following in place:

◉ A working Cisco ACI installation

◉ ACI must be integrated with vCenter VDS

◉ Fabric tenant pre-provisioned with the required VRFs/EPGs/L3OUTs.

◉ BIG-IP already running for non-container workload

Deploying Kubernetes Clusters to ACI Fabrics

The following steps will provide you a complete cluster configuration: 

Step 1. Run ACI provisioning tool to prepare Cisco ACI to work with Kubernetes

Cisco provides an acc_provision tool, to provision the fabric for the Kubernetes VMM domain and generate a .yaml file that Kubernetes uses to deploy the required Cisco Application Centric Infrastructure (ACI) container components. If needed, download the provisioning tool.

Next, you can use this provision tool to generate a sample configuration file that you can edit.

$ acc-provision--sample > aci-containers-config.yaml

We can now edit the sample configuration file to provide information from your network. With such a configuration file, now you can run the following command to provision the Cisco ACI fabric:

acc-provision -c aci-containers-config.yaml -o aci-containers.yaml -f kubernetes-<version> -a -u [apic username] -p [apic password]

Step 2. Prepare the ACI CNI Plugin configuration File

The above command also generates the file aci-containers.yaml that you use after installing Kubernetes.

Step 3. Preparing the Kubernetes Nodes – Set up networking for the node to support Kubernetes installation.

With provisioned ACI, you start to prepare networking for the Kubernetes nodes. This includes steps such as Configuring the VMs interface toward the ACI fabric, configuring a static route for the multicast subnet, configuring the DHCP Client to work with ACI, etc.

Step 4. Installing Kubernetes cluster

After you provision Cisco ACI and prepare the Kubernetes nodes, you can install Kubernetes and ACI containers. You can use any installation method you choose appropriate to your environment.

Step 5. Deploy Cisco ACI CNI plugin

When the Kubernetes cluster is up and running, you can copy the preciously generated CNI configuration to the master node, and install the CNI plug-in using the following command:

kubectl apply -f aci-containers.yaml

The command installs the following (PODs):

◉ ACI Containers Host Agent and OpFlex agent in a DaemonSet called aci-containers-host

◉ Open vSwitch in a DaemonSet called aci-containers-openvswitch

◉ ACI Containers Controller in a deployment called aci-containers-controller.

◉ Other required configurations, including service accounts, roles, and security context

For ‘the authoritative word on this specific implementation’, you can click here the workflow for integrating k8s into Cisco ACI for the latest and greatest.

After you have performed the previous steps, you can verify the integration in the Cisco APIC GUI. The integration creates a tenant, three EPGs, and a VMM domain. Each tenant will have the visibility of all the Kubernetes POD’s.

Install the BIG-IP Controller

The F5 BIG-IP Controller (k8s-bigip-ctlr) or Container Ingress Services, if you aren’t familiar, is a Kubernetes native service that provides the glue between container services and BIG-IP. It watches for changes and communicates those to BIG-IP delivered application services. These, in turn, keep up with the changes in container environments and enable the enforcement of security policies.

Once you have a running Kubernetes cluster deployed to ACI Fabric, you can follow these instructions to install BIG-IP Controller.

Use the kubectl get command to verify that the k8s-bigip-ctlr Pod launched successfully.

BIG-IP as a north-south load balancer for External Services

For Kubernetes services that are exposed externally and need to be load balanced, Kubernetes does not handle the provisioning of the load balancing. It is expected that the load balancing network function is implemented separately. For these services, Cisco ACI takes advantage of the symmetric policy-based redirect (PBR) feature available in the Cisco Nexus 9300-EX or FX leaf switches in ACI mode.

This is where BIG-IP Container Ingress Services (or CIS) comes into the picture, as the north-south load balancer. On ingress, incoming traffic to an externally exposed service is redirected by PBR to BIG-IP for that particular service.

If a Kubernetes cluster contains more than one IP pod for a particular service, BIG-IP will load balance the traffic across all the pods for that service. Besides, each new POD is added to BIG-IP pool dynamically.

Continue reading