FlashStack Data Protection with Veeam: A New Cisco Validated Design

Delivering an optimal user experience for business-critical applications is a non-negotiable element for successful businesses. Architecting infrastructure that meets application and SLA requirements is vital to delivering the superior performance on which great user experiences rest. Today, this infrastructure is often built with the latest compute technology, high-performance flash storage arrays, and enterprise networking. Combining modern data protection and infrastructure is also key to availability, because pairing data protection with the right backup infrastructure can help an organization respond to its unique demands.

Unfortunately, deploying on-premises infrastructure can be complex, time consuming and costly. This is where converged infrastructure from FlashStack comes in. Built in partnership by Cisco and Pure Storage, FlashStack offers everything a modern infrastructure platform needs—more simplicity, more flexibility, and more speed. FlashStack delivers cloudlike experiences and economics to your data center through easy adoption, unified management, and fewer siloes.

FlashStack Data Protection with Veeam

Now, Cisco and Pure Storage have partnered with Veeam—a consistent Leader in the Gartner Magic Quadrant for Data Center and Recovery Solutions—to build a Cisco Validated Design (CVD) that provides a complete set of data protection options for FlashStack. These options use Pure FlashArray//C, Cisco UCS C240 AFF Rack Server or UCS S3260 Storage Server, and Veeam software. FlashStack with Veeam Data Protection provides an end-to-end solution that includes backup and archive to on-premises and public clouds.

These new CVDs offer three target architectures, depending on restore requirements, backup throughput, storage efficiency and capacity, as shown in Figure 1.

FlashStack with Veeam data protection combines two solutions required to deliver optimal user experiences:

Converged infrastructure meets modern data protection

Figure 1  FlashStack backup environment with three potential backup targets

FlashStack provides pre-integrated, pre-validated converged infrastructure that combines compute, network and storage—as I mentioned earlier—into a platform designed for business-critical applications and a wide variety of workloads. This platform delivers maximum performance, increased flexibility, and rapid scalability. And it enables rapid, confident deployment as well as reducing the management overhead consumed by patches and updates.

 Modern infrastructure also needs modern data protection, and Veeam’s data protection platform integrates backup and replication with advanced monitoring analytics and intelligent automation. This platform works with FlashStack to deliver performance and features to help ensure that your data and applications are available while also unlocking the power of backup data.

Depending on your requirements, you can choose from several infrastructure platforms on which to run your data protection environment:

FlashArray//C: fast restores with storage efficiency (dedupe and compression)

Veeam, with FlashArray//C from Pure Storage and Cisco UCS C220 M5 servers, delivers maximum flash-based performance that can handle multiple workloads, while paired with Pure Storage data efficiency features. This solution offers storage capacity without compromise, along with flash-based performance at close to disk economics. It targets multiple workloads and large scale deployments such as:

◉ All-QLC flash storage for cost-effective, capacity-oriented workloads

◉ Advanced data services and technologies for guaranteed data efficiency

◉ Scale-up, scale-out architecture to meet the capacity expansion requirements of data-intensive workloads

◉ Non-disruptive, Evergreen architecture that eliminates risky, complex, and costly upgrades

C240 AFF: fast restores and high backup throughput

Veeam, with Cisco UCS C240 M5 all-flash storage servers, delivers the performance and flexibility needed to run and support virtually any workload, while meeting the requirements of a sophisticated data protection environment.  It features:

◉ Architectural and compute flexibility

◉ Multiple workload capacity

◉ Best-in-class backup and restore performance

◉ Scale-out capability

S3260: Dense platform with optimal restores and high backup throughput

Veeam, with Cisco UCS S3260 M5 storage servers, delivers superior performance with massive scale-up capability and disk economics. This solution includes Cisco Intersight or UCS Manager to reduce cost of ownership, simplify management, and deliver consistent policy-based deployments and scalability.

This dense storage platform, combined with FlashStack and Veeam, offers massive storage capacity and high backup throughput for multiple workloads. You can run Veeam components such as Proxy, Console and Repository on a single compute and storage platform with the ability to scale both compute and storage through Veeam scale-out backup repositories

You can deploy a scale-out backup storage platform on a cluster of Cisco UCS S3260 storage servers, providing an S3 archive target for the Veeam cloud tier. This tier features scale-out backup repository architecture, which makes it possible to move older backup files to more cost-effective cloud or on-premises object storage. Archiving backup in the cloud tier can result in up to 10X savings on long-term data retention costs and help you align with compliance requirements by storing data as long as needed.

Power and data protect your business-critical applications

Organizations are upgrading their infrastructure to accelerate innovation, increase agility, and reduce complexity while enabling rapid scalability. FlashStack brings the latest in compute, network, and storage components together in a single, pre-validated architecture that speeds time to deployment, reduces overall IT costs and deployment risk, and is tailored for specific workloads.If you’re an existing FlashStack customer or use other backup solutions, check out the following links to learn more about how this Cisco Validated Design can power and protect your applications and help you consistently deliver optimal user experiences for the applications that contribute to your success.

Continue reading

Unlock the potential of Application Hosting on Catalyst Access Points – A use case overview

Application Hosting Overview

With the 17.3.1 IOS XE release, Cisco introduced the Application Hosting on Access Point feature. In conjunction with Cisco DNA Center support starting from version 2.1.1, Application hosting on Cisco Catalyst 9100 series Access Points enables developers to create and host applications using Docker style container apps. The Cisco Catalyst series Access Points, through their modular capability and IOx framework, facilitate flexibility for third party software and hardware integration.

Application Hosting Topology

Let’s look into on how this feature solves common use cases and brings value to the customer.

Solution Components

The key components of the solution are the Cisco DNA Center, Catalyst 9800 Series WLC and the Catalyst 9100 Series Access Points. Each component plays a specific role as described below:

Use Cases

Application Hosting on Access Points enables you to develop your own IoT applications while leveraging the IoT capability offered by the Cisco Catalyst Series Access Points. Take a look at some of the common IoT use cases which can leverage Application Hosting:

◉ Retail Store using Electronic Shelf Labels (ESL) for dynamic price automation

◉ Asset monitoring and tracking in healthcare and manufacturing verticals

◉ Smart office monitoring for desk and room occupancy, temperature, humidity and air quality monitoring, window and door monitoring

◉ Building management system (BMS) automation to connect and manage door locks, smart thermostats, lights, and other IoT devices

The above use cases are just a microcosm of the different verticals where Application Hosting comes into play.

Retail Store IoT Use Case

For the purpose of this article, we will focus on one of the most common use cases utilizing the Application Hosting feature on Access Points: Retail Store IOT using Electronic Shelf Labeling (ESL)

What is Electronic Shelf Labeling?

An Electronic Shelf Label is a device that shows a product’s data and price information on its display. Unlike printed labels, the information gets automatically updated if certain criteria like price or product data changes. Besides the increased flexibility in price design, ESL helps simplify processes for store personnel and eliminates need for manual price changes.

This Retail Store IOT ESL retail use case gets addressed via our full stack Application Hosting on Access Points solution, as shown below.

What is an ESL IoT Application?

◉ Cisco partner developed 3rd party IOx application hosted on the Access Point that communicates with ESL tags through an ESL capable USB connector device.

How do we accomplish the ESL solution?

◉ ESL tags deployed throughout the store communicates with compatible ESL IoT applications deployed on the Cisco Access Points. The Cisco DNA Center manages the deployed ESL application on the Cisco Access Point and provides an organized end-to-end solution.

◉ The ESL tags are managed by a partner developed ESL management system (On Prem or Cloud). As an example, one of our partners, SES-Imagotag manages its ESL tags either via their On Prem server or a Cloud based solution.

Next, let’s look at an overview of how an IOx application targeting the Retail IoT ESL use case gets deployed on the Access Point. For the sake of simplicity, we assume here that customer already has the Cisco DNA Center Appliance available and the Access Points are already discovered in the Cisco DNA Center. We work with the partner to help them develop their custom ESL IOx app. Typically this is done via the detailed instructions available at Cisco DevNet.

Solution Overview – How does it work?

The following figure highlights the Application Hosting workflow on the Cisco DNA Center which has this solution enabled starting release 2.1.1.

Cisco users can avail of the detailed steps in the following deployment guide to install and deploy a 3rd party IOx app that will be hosted on the Cisco Access Points. Once deployed on the Cisco DNA Center, the application can be managed via the following options highlighted below:

Additional Use Cases

Another common use case that leverages the Application Hosting capabilities is the Building Management System (BMS). BMS can be used to connect and manage critical building infrastructure such as door locks, smart thermostats, lights, sensors and other IoT devices.

Using the Application Hosting framework, Cisco’s partners can create custom applications catered for their BMS use cases. The custom device management software residing inside the application container on Catalyst Access Points communicates with the building management devices and allows facilities to be managed by a BMS application server. The process is inherently automatable, thus providing operational cost savings.

Refer below a sample topology of the BMS IoT use case. This use case is enabled with a custom USB dongle attached to the Access Point to communicate with the building management devices and managed by an external BMS IoT Management system.

We can clearly see from the above examples that Application Hosting on Catalyst Access Point can enable different use cases and bring tremendous value to our customers.

Customer Feedback

Application Hosting on Access Point feature has been warmly received by Cisco’s partner ecosystem. Cisco initially partnered with SES-Imagotag and conducted an Early Field Trial with REWE International. REWE International is rolling out a containerized version of the SES-Imagotag ESL solution using the application hosting feature. The containerized application will enable REWE International to eliminate the need for an IoT overlay network, simplifying their deployments, streamlining management, and saving them time and money. The EFT was a resounding success as evinced by the glowing feedback from Hans Vasters, Senior Network Architect, REWE International:

◉ “App hosting capabilities on the Cisco access points reduces deployment times by nearly 90 percent by eliminating the need to install additional hardware and bring in IT folks and electricians to set it all up.”

◉ “With App Hosting, we run everything through one system, and Cisco DNA Center enables us to push out the application, make changes and updates, and manage the application across all our stores seamlessly. Our technicians don’t have to invest time onsite to maintain a separate infrastructure. It can all be done remotely.”

◉ “Installation is very easy, it’s just a few clicks. Cisco DNA Center also lets me see when the app is up and running, gives me the status of all access points, lets me know if the application was distributed successfully, and if the container is up and running. That’s a huge advantage because if I think about the effort to distribute software to the stores, Application Hosting makes it quite easy.”

Application Hosting on the Cisco Catalyst 9100 Access Points enables Cisco to extend capabilities of the platform and provide convergence of Wi-Fi and IoT on a single network. Multiple partners have signed up and are on their way to developing their own custom IOx Apps. We are only getting started with the Application Hosting on the Access Point journey!

Continue reading

Intersight Kubernetes Service (IKS) Now Available!

We announced the Tech Preview of Intersight Kubernetes Service (IKS) which received tremendous interest. Over 50 internal sales teams, partners and customers participated and provided valuable recommendations and great validation for our offering and strategic direction. Today we are pleased to announce the general availability of IKS!

Read More: SaaS-based Kubernetes lifecycle management: an introduction to Intersight Kubernetes Service

Intersight Kubernetes Service’s goal is to accelerate our customers’ container initiatives by simplifying the management effort for Kubernetes clusters across the full infrastructure stack and expanding the application operations toolkit. IKS provides flexibility and choice of infrastructure (on-prem, multi-hypervisor, bare metal, public cloud) so that our customers can focus on running and monetizing business critical applications in production, without having to worry about the challenges of open-source or figuring out the mechanics to manage, operate and correlate between each layer of the infrastructure stack.

With Cisco Intersight it can be easy

For IT admins and infrastructure operators IKS means an easy – almost hands-off – secure deployment and comprehensive lifecycle management of 100% open source Kubernetes (K8s) clusters and add-ons, with full-stack visibility from the on-prem server firmware and management up to the K8s application. Initially, ESXi targets will be supported, with bare metal and public cloud integrations coming soon, along with many other features, such as adopted clusters, multi-cluster and vGPU support.

For DevOps teams IKS is so much more than just a target to deploy K8s-based applications.  As a native service of the Intersight platform, DevOps engineers can now benefit from the recently announced HashiCorp partnership and brand new Intersight Service for HashiCorp Terraform, deploying their applications using Infrastructure as Code (Iac) and Terraform. They can also benefit from the native Intersight Workload Optimizer functionality, which means complete mapping of interdependencies between K8s apps and infrastructure, and AIOps-powered right-sizing (based on historical utilization of resources) and auto-scaling.

Let’s take a look at what IKS enables in a bit more detail:

A common platform for full-stack infrastructure and K8s management

The modern challenges for IT admins and infrastructure teams is navigating a hyper-distributed, extremely diverse IT landscape: hybrid cloud infrastructure with on-premises locations (data centers, edge, co-lo) and multiple clouds, heterogeneous stacks and workload requirements (bare metals, virtual machines, containers, serverless), and the need for speed to cater for internal customers (DevOps, SecOps, other IT and LoB users) and ultimately end-users!

The only way to address this complexity is to simplify with a unified, consistent cloud operating model and real-time automation to balance risk, cost and control. This is where Cisco Intersight comes in. Cisco Intersight is a common platform for intelligent visualization, optimization, and orchestration for applications and infrastructure (including K8s clusters/apps). It enables teams to automate and simplify operations, use full-stack observability to continuously optimize your environment, and work better and faster with DevOps teams for cloud native service delivery.

Intersight – The world’s simplest hybrid cloud platform

With IKS and other Intersight services, IT admins can easily build an entire K8s environment from server firmware management, to the hyperconverged layer, to deploying clusters in a few clicks via the GUI or directly using the APIs – and now with Terraform code! In addition, Intersight provides common identity management (SSO, API security), RBAC (two new roles for K8s admins and K8s operators) and multi-tenancy (server/hyperconverged/K8s layers) to support customers looking for a secure, isolated, managed and multi-tenant K8s platform.

IKS regular releases ensures that IT Admins can effortlessly keep K8s versions, add-on versions and security fixes up to date on their clusters. We curate, harden for security and manage essential and optional add-ons (CNI, CSI, L4 and L7 load balancer, K8s dashboard, Kubeflow, monitoring etc) to provide production grade tools to our customers. Those IKS features allow customers to deploy and consume secure, consistent and reliable open-source K8s integrations without becoming CNCF landscape experts, and while maintaining the flexibility to port any other open-source components. Demo video available here.

Continuous Delivery for Kubernetes clusters and apps

IKS supports multiple options to integrate Kubernetes resources into customers’ continuous delivery pipelines, saving precious time and effort in configurations and development. Users can use OpenAPI, python SDK or Intersight Terraform provider. This makes it easy to integrate IKS with customers’ existing Infrastructure as Code (IaC) strategies.

In addition, the Cisco Intersight Service for HashiCorp Terraform (IST) now makes it even simpler to securely integrate their on-prem environments and resources with their IaC plans – a result of our partnership with HashiCorp.

For many, however, the preferred way is to continuously deploy application Helm charts to the clusters. To address this requirement, another IKS feature we will be adding soon will be a Continuous Delivery toolkit for Helm charts, equipping customers with yet another mechanism to deploy and manage their application on their K8s platform.

Full-stack app visualization, AIOps rightsizing and intelligent top-down auto-scaling

Another important Intersight native service that IKS benefits from is Intersight Workload Optimizer (IWO). By installing the IWO agent helm chart on IKS tenant clusters, customers benefit from a comprehensive observability and automation toolkit for their K8s platforms, freeing them to focus on what matters: onboarding application teams and increasing K8s adoption.

Today IWO with IKS works in 3 ways:

◉ First, with IWO, customers can gain insights with interdependency mapping between K8s apps across virtual machines, servers, storage and networks, for simplified, automated troubleshooting and monitoring.

◉ Second, IWO allows DevOps teams to right-size K8s applications without the labor of manually pouring over the real-time traffic data patterns against configured limits, requests or namespace quota constraints, in order to identify the optimal CPU and memory thresholds for horizontal and vertical pod auto-scaler. Instead, IWO automatically detects thresholds based on user-configured policies.

◉ Finally, IWO enables intelligent, top-down auto-scaling – from the K8s app, to the cluster, to the infrastructure layer. Typically, DevOps teams use the Kubernetes default scheduler to handle fluctuating demand for their applications. While this is ok with the initial pod placement, it doesn’t help during the lifecycle of the pod, where actions might need to be taken due to node congestion or low traffic demand. IWO automatically and continuously redistributes IKS workloads and pods to mitigate that node congestion or optimize under-usetilized infrastructure. This results in better scaling decisions.

Source: cisco.com

Continue reading

Our Progress Towards Powering an Inclusive Recovery for All

At Cisco, our purpose is to Power an Inclusive Future for All. And in response to the realities of the past year, this must also mean powering an inclusive recovery for all, with the help of our government partners, customers, partners, communities, and employees. Throughout the pandemic, we’ve put our purpose in action – keeping people working, learning, receiving healthcare, and governing during quarantine and as they return to their workplace. With millions of people – doctors, patients, students, teachers, parents, workers, government leaders, and citizens – facing a new reality and relying on Cisco for all parts of their lives, I want to share the progress we’ve made in making this recovery an inclusive one.

We quickly understood that this wasn’t only a public health crisis, but the greatest disruptor of the way that we work and live in a century. Since the beginning of the pandemic, we have contributed over $500 million in cash and technologies plus $2.5 billion in financing for COVID response that has led to remarkable achievements.

Partnering with Governments and Communities Around the World to Meet the Moment

For the past six years, Cisco’s Country Digital Acceleration (CDA) Program has developed strategic partnerships with governments across the globe, and the trust that was built along the way enabled us to quickly evaluate, fund, and execute 70 projects on six continents to help governments respond to the pandemic’s challenges.

Innovating and Accelerating Digital Governments.

The ability for governments to work remotely was essential to leading their citizens through this crisis, as was delivering public services in new and innovative ways.

◉ We quickly understood that legislatures around the world needed new ways to hold hearings, vote, caucus, and meet with constituents. For example, Webex enabled the United States Congress to hold critical hearings and meetings remotely and to do so in a hybrid environment. To date, the House of Representatives and Senate have held more than 8,500 meetings and hearings on Webex. We also worked with a Cisco partner out of Ireland – Davra – to develop Legislate for Webex, a specialized solution designed for legislative bodies.

◉ In Brazil, our partnership with the National Council of Justice allowed us to quickly ensure citizens across the country would still have access tothe judicial system. We built a virtual courtroom, provided collaboration technology, and conducted trainings for lawyers, judges, and other court  Thousands of witness interviews, meetings, evidence sharing, hearings, and judgment sessions have been held on our Webex-powered solution.

Powering Telemedicine’s Big Moment.

Empowering healthcare workers on the frontlines with Cisco technology has been pivotal in the fight against COVID-19.

◉ In South Africa, we worked with our partners to develop and deploy mobile medical trolleys for the largest hospital in the southern hemisphere, Chris Hani Baragwanath Hospital. Equipped with our collaboration technology, newer doctors and nurses were able to quickly consult with and learn from veteran physicians to best care for a growing number of patients.

◉ In the United Arab Emirates, we’re using our technology to extend telehealth into patients’ homes. Our creation of the teleMEDCARE app for iOS and Android gives patients access to virtual doctors’ appointments via their mobile phones, allowing them to receive the healthcare they need from anywhere and reduce trips to a hospital.

Providing Support for Teachers, Students, and Schools.

Many of us parents know all too well how the pandemic created new challenges for our children’s education. But behind the scenes, school administrators needed to quickly upgrade their networks and find new ways to teach and learn. So we dove in to help K12 and higher education institutions adapt to distance learning.

◉ In Japan, K12 schools struggled to expand their networks to support Wi-Fi needs during the pandemic. So we worked with education partners in the GIGA School program to develop a specialized technology package that allows teachers to easily manage, monitor, and expand the network as needed in a digital classroom environment. And it’s all powered by Webex.

◉ In Germany, the University of Lübeck went from testing Webex with 100 pilot users to 2,600 students and staff using the solution in just six weeks.

Bridging the Digital Divide

All of this work through CDA serves as a reminder that the lack of reliable connectivity is a critical societal issue. Networking and collaboration are the enablers of education, of healthcare, and of the ability to receive government services. But today, nearly half of the world remains unconnected. In the US and Canada, Cisco has worked with the cities of Dallas and Toronto, the State of Arizona, and several local governments in Michigan to provide Wi-Fi access and cloud security technology to vulnerable communities. Cisco is also working to bridge the digital divide on Tribal lands. There is more work to do to close the widening digital divide and Cisco will continue our partnership across the public and private sectors to be that bridge.

Looking Ahead

Beyond the COVID-19 recovery, I continue to see so many ways that we can Power an Inclusive Future for All in the ways that we work, develop skills, and care for the planet.

Embracing and Driving the Future of Work.

This year thrust us into the workplaces of the future. And Cisco is helping develop tools that help teams work together in a hybrid world. But how can we use these tools to help us better manage our time, mental health, and create a more inclusive work experience?

Starting this summer, Webex will offer insights that increase and promote personal well-being as well as build better quality connections and a more inclusive work experience for all. Webex People Insights will enable individuals and teams to set and achieve goals for their meetings and their day. We’re excited to provide this intelligence to leaders and team members so they can better identify when time is well spent…and when it’s not.

Investing in Digital Skills to Power the Workforce of the Future.

The workforce is changing. It’s clear that people are looking for ways to build their IT skills. We see this in our own Cisco Networking Academy Program, a 20+ year program that has helped prepare more than 12.6 million individuals for the workforce of the future with trainings in networking, cybersecurity, and more. Enrollment in our free online classes – such as Intro to Cybersecurity and Intro to IoT – has more than tripled in the first two quarters of FY21 compared to the same period in FY20. Governments too are investing in digital skills and training for their citizens knowing that we’ve all fast forwarded into a digital future. An inclusive recovery includes providing these skills to all who need them. Together with our education and employment partners we’ve made a commitment to develop the workforce of the future and we are proud that citizens are using our Networking Academies as a place to learn and grow.

Playing Our Part in a Sustainable Future for All.

Digitization isn’t the only accelerator to come out of the pandemic. In Europe, for example, lawmakers are understanding that this moment for reinvention allows every industry the opportunity to have a more sustainable future. As the world’s largest provider of networking, collaboration, and security technologies, Cisco’s technologies not only help drive connectivity, productivity, and security, they also help reduce energy consumption and use of natural resources by buildings, cities, and communities.

As a company, Cisco has set ambitious goals to reduce our emissions by 60% by FY22, improve the power efficiency of our products, and commit to more sustainable packaging. We’re making good progress and will do our part to make sure that we’re helping shape a future that is inclusive, digital and green.

Optimism for an Inclusive Future for All

This past year has certainly been hard on all of us. But it’s also been a year of innovation and of thoughtfulness for the people in our lives and our neighbors around the world. It is this innovation and empathy that will continue to drive our work to ensure our recovery truly does benefit us all.

Source: cisco.com

Continue reading

Initiatives to enable progress: Taking action during a global pandemic

Cisco employees continue to seek ways to make an impact, especially during this difficult time. We made this easier by doubling the number of paid days off available for employees to volunteer from five to 10 in 2020. In addition, we increased the annual match for employee giving and volunteering from US$10,000 to US$25,000. Disaster response campaigns launched to address specific crises are matched at US$10,000 per employee per campaign and do not count against the annual match limit.

In addition, Chairman and CEO Chuck Robbins challenged Cisco’s 77,000+ employees to make donations to global nonprofits supporting those most vulnerable to COVID-19, which were matched by the Cisco Foundation. Employees quickly achieved the initial goal of US$750,000 in giving and matching over a 72-hour period, raising US$3.2 million for more than 50 organizations by the end of the fiscal year.

In response to employee demand, Cisco also helped facilitate a menu of virtual volunteering options. Opportunities included translating texts for humanitarian organizations, volunteering for crisis help lines, providing résumé and job interview assistance, donating food and school supplies for children, and more.

Standing up for social justice

In fiscal 2020, Cisco pledged US$5 million in grants to social justice organizations, including nonprofits in our internal Fighting Racism and Discrimination Fund, which continues to provide employee donations and matching contributions to 16 nonprofits focused on social justice. A dynamic team, including Inclusive Communities members (Cisco’s version of EROs), is partnering with Cisco’s Community Impact team to determine how best to build long-term relationships with the nonprofits in the Fund.

Preventing homelessness and serving youth

Long-time Cisco nonprofit partner Destination: Home, a public-private partnership working to end and prevent homelessness year-round in Santa Clara County, California, proactively set up a relief fund designed to help families bridge the gap created by lost jobs during the pandemic. They received thousands of applications that all needed rapid review. Cisco volunteers helped accelerate the application review process and payment by receiving training and then reviewing the applications for funding.

Cisco also has a strong partnership with Covenant House International, an organization providing housing and supportive services to youth facing homelessness. In November 2019, hundreds of Cisco employees slept outside during the Covenant House “sleep out” in cities across the U.S. Sleep outs raise awareness about youth homelessness and funding to support Covenant House programs. During the event, Cisco employees generated over US$1.8 million in support for Covenant House through their donations and Cisco Foundation matching gifts.

In March 2020, Cisco employees helped the Young Professionals Sleep Out event go virtual, allowing communities across the U.S. to connect through a livestreamed Webex event. During the broadcast, participants learned just how difficult the COVID-19 outbreak has been for homeless youth already facing extraordinary challenges.

Through Cisco’s Next Horizon Impact initiative, Cisco Chairman and CEO Chuck Robbins brought together customers, partners, and suppliers to raise tens of thousands of dollars for people in the Bay Area experiencing homelessness as the COVID-19 crisis began. Robbins led a discussion featuring Jen Loving, CEO of Destination: Home, who shared the crisis facing the region’s most vulnerable.

Chief People, Policy & Purpose Officer Francine Katsoudas led a second wave of outreach and discussion with partners and suppliers, along with CEO of Great Place to Work Michael Bush, Loving, and Covenant House California CEO Bill Bedrossian. Bush shared how companies who treat communities well differentiate themselves in the market and will lead as we build a path out of the crisis and back to a thriving economy. These conversations led to an increase in awareness and key relationships as a result of Next Horizon Impact, which will lead to more resources for the homeless community.

Global Citizen impact

Global Citizen is focused on ending extreme poverty by 2030. As Global Citizen’s technology partner, Cisco is foundational to the organization’s ability to engage millions of citizens around the world—our employees among them. In fiscal 2020, over 1200 employees took action on GlobalCitizen.org to advocate for changes in policy, legislation, and leadership behavior to address the root causes of poverty. Actions included signing a petition, sending an email, or participating in social media campaigns.

Staying Earth Aware, virtually

Cisco has observed Earth Day for many years—but we also do much more, organizing a two-month employee volunteerism and awareness campaign that we call Earth Aware. During a typical year, we invite employees to practice sustainable behaviors, like biking to work and properly sorting waste in cafeterias, and host events like on-campus farmers markets. In fiscal 2020, Earth Aware went fully online, featuring virtual presentations on living a zero-waste lifestyle, environmental justice, and cleaning local watersheds, as well as a sustainability trivia event. We even gave employees a virtual tour of the new beehives at our Research Triangle Park campus.

Earth Aware 2020 also included a virtual SustainX, our thought leadership forum on sustainability. During this annual event, we invite internal executives to share what their teams are doing to reduce their environmental impact and external speakers to discuss the innovative ways they are working to improve the environment. In fiscal 2020, leading environmentalist and author Paul Hawken shared existing strategies for drawing down carbon from the atmosphere in order to reduce global warming, and a Cisco Fellow explained how our new 8000 Series routers save significant amounts of power and materials.

Living sustainably year-round

Beyond Earth Aware, Cisco has ongoing opportunities for employees to connect with peers who share a passion for sustainability—and make changes in their lives and in the workplace. Cisco Green is a hub on our internal social media site that enables employees to learn about Cisco’s environmental sustainability activities. It provides links to programs, information, and other tools. For those looking to connect with others, Cisco GreenHouse is an interactive sustainability web platform that helps Cisco employees find likeminded peers worldwide who want to lead more sustainable lives. As a core program featured in Community Impact, Cisco GreenHouse was promoted on the companywide digital portal and more than doubled its active users.

Promoting circular business models

Another way Cisco contributes to sustainability is by helping advance the circular economy. To grow awareness and inspire employees to contribute to Cisco’s circular economy transformation, we publish a quarterly circular economy newsletter, manage a circular economy Webex Teams space, and provide other opportunities to engage throughout the year. In fiscal 2020, we hosted two employee webinars on topics related to circular operations and circular design and launched an internal website with case studies on the Cisco Circular Design Principles. We also regularly convene extended team members and other internal stakeholders through a variety of workgroups, including the Circular Design Working Group, the Circular Economy Regional Leader Network, and the Circular Economy Sales Champion Network.

Connecting employees to how products are made

Launched in fiscal 2020, the Cisco Responsible Sourcing campaign is raising internal awareness of our commitment to source products ethically and sustainably. One element of the campaign is our Champions of Sustainability, a recognition program that highlights the people behind responsible sourcing at Cisco across our Supply Chain Operations and Global Procurement Services. The champions demonstrate a shared commitment to sustainability and drive social and environmental responsibility in how we source goods and services.

We also developed a supply chain human rights training to raise awareness and educate employees on how they can help follow through on our human rights commitments. More than 2400 employees have taken the training, including employees in supply chain operations, customer experience, enterprise networking, and cloud.

Source: cisco.com

Continue reading

2021 Security Outcomes Study: Timely Incident Response as a Business Enabler

Cybersecurity has a set of starting signals as well, but they differ in one aspect. In the event of a cybersecurity event, the team responsible for incident response is not the initial actor. Incident response is based on the same readiness as a world-class performer; however, incident responders only start (metaphorically) after the rest of the horses have left the gate. Absent the catalyst, an active responder would be entirely out of place. This makes the cybersecurity professional the second player in a nail-biting competition.

Cybersecurity as a first responder

One could posit that a cybersecurity incident responder is no different than any other first responder, such as a law-enforcement officer, or a firefighter. This is true, but only in a limited sense. As with all things in the virtual realm, the unseen can be much harder to respond to than a physical event. For example, a firefighter has a much easier time locating a fire than a security analyst has of locating the source of a breach. Indicators of compromise can sometimes be quite ephemeral.

Similar to other first responders, a cybersecurity incident responder must be ready at all times to jump into action at the earliest sign of a problem. The key to a successful, versus a failed incident response, is timeliness.

Timely incident response as a business enabler

Cisco’s Security Outcomes Study addresses the topic of timely incident response. By interviewing 4,800 security professionals, the importance of timely incident response became a clear gauge, not only of security success, but also business enablement. In fact, timely incident response ranked higher than vulnerability remediation deadlines.

The report emphasizes this finding, by stating succinctly:

It may seem odd at first to see incident response (IR) listed as a top business enabler. But IR isn’t just about putting out fires and cleaning up the mess. It’s ultimately about handling unexpected events with minimal impact to the business.

If you work in an environment where everything comes to a halt at the announcement of a vulnerability, and the subsequent deployment of the corrective patch, this finding is transformative. It contemplates the idea that disrupting the business operations to apply patches should perhaps take a secondary role to the ability to respond to an active exploit. This is important, as security is often seen as something that hinders the flow of business, rather than an enabling force. However, incident response, and specifically timely incident response, does not just become a new title that can be slapped onto the front door of the Security Operations Center. Incident response is a discipline, with specific phases, and approaches.

The six stages of incident response

In incident response parlance, there are six classic stages: prepare, identify, contain, eradicate, recover, and lessons learned. (It is fair to note that there are variations on this, but the general rules are all aligned along the same track.)

Which phase would you consider the most important? Consolidation to the most important is probably not the point, as that logic creates a whirlpool of conflicting interests that may be distracting towards the full goal. For instance, while preparation is a primary concern, one can never prepare for everything. The identification phase includes scoping, which is often not performed to the fullest extent that it should be, which introduces quite a number of problems, and the intentions are never realized. This becomes an exercise in circular logic, which is merely a time waster.

When you consider why a musical, or athletic performance is so transfixing, or why we all stop to watch first responders in action, it may be because we are mesmerized by the effortlessness through which these people carry out their tasks. That is the result of constant training. The most important part of incident response is reducing the dwell-time of attackers through early detection, and that, like all other aspects of the kill chain comes through practice.

Incident response is part of a complete security strategy

Timely incident response as a business enabler is surprising, and even more telling is that, among the respondents of the Security Outcomes Study, incident response also ranked highly on the list of components that contribute to a host of other progressive security initiatives, including:

◉ Overall security program success

◉ Creating a strong security culture

◉ Managing top risks

◉ Regulatory compliance

◉ Security cost-effectiveness

Security, and all of IT is often considered a cost center, meaning that it does not generate revenues. However, if we look at cybersecurity as a cost-avoidance strategy, timely incident response takes on an entirely new level of importance. One of the best metrics to demonstrate that money is well-spent in an organization is through the reduction of wasted effort that is wasted. The Security Outcomes Study indicates that there is a high correlation between a successful security program via minimizing wasted effort and timely incident response.

Security readiness is achieved through planning, practice, and continuous improvement. One of the newest components of a solid security program is incident response. It is important to note that disaster recovery is part of a response effort. However, as threats advance, incident response is rising as a leader towards a more complete security strategy.

Sadly, not all organizations are fully invested in the idea of the value of incident response. Nearly 40% of our interviewees designated that their organization did not embrace the importance of timely incident response. Given the other indicators in the report, we can only hope that this trend diminishes over time.

Incident response is not an easy task to accomplish. Imagine if you were able reduce incident response time by up to 85% with a coordinated defense to fully expose, contain, and resolve threats and vulnerabilities. Cisco Secure Endpoint simplifies investigation allowing you to get to the root cause of the incident fast, accelerating remediation.

And what’s more, the threat response feature of Cisco SecureX leverages an integrated security architecture that automates integrations across Cisco Security products to simplify threat investigations and responses. Saving you time and effort by speeding up investigations significantly and allowing you to take corrective action immediately.

Source: cisco.com

Continue reading

Improving Application Experience with Full-Stack Observability

In the not-too-distant past, everything in the application and networking stack was under IT’s control. Workloads lived securely in the on-premise data center—people sat in their campus offices connected to the secure wireless network, and an MPLS service with an SLA connected branch offices to the data center.

Today, workforce productivity depends on cloud and SaaS applications that often rely on the public cloud infrastructure, which in turn depends on the internet as part or all of the WAN connectivity which in turn depends on a multitude of ISPs, CDNs and advanced network services. Hybrid and native clouds applications are mostly containerized, so performance can be affected by the communication paths among the microservices, both in the data center and cloud. The total application experience as perceived by the workforce is dependent on the performance of all the components of applications and network connections acting in concert. If one element falters, the whole experience can be impacted.

NetOps and DevOps need to understand the interdependencies among the component applications and tune the enterprise network and internet paths accordingly. A unifying view can only be provided by the network fabric that monitors and analyzes the full stack of interlacing components: from the foundational network data layer to the software-defined WAN to application containers in the cloud. With the workforce accessing applications from literally everywhere, all the time, IT requires pervasive, real-time monitoring of network, internet, and application performance with auto-healing capabilities. This is Full-Stack Observability, driven by software-defined controllers and network analytics that enable ​action, policy, and automation.

Observability Begins with a Deep Historical View

To improve application experience, IT needs tools to record, analyze, and report on network and application activity at a massive scale to build a deep historical data set against which to apply AI and Machine Reasoning tools. Hybrid and cloud applications consist of multiple micro-components connected by east-west traffic in the data center or cloud service. Continuous monitoring and analysis are needed to optimize application experience because many inter-application communication issues are transitory and difficult to replicate. Application performance needs to be recorded for machine analysis to determine recurring issues and root causes. Full Stack Observability from the perspective of the application requires:

◉ Application end-user experience as measured by ThousandEyes, NetFlow, or AppDynamics;

◉ Dependency graph to the underlying composite application services and infrastructures;

◉ Comprehensive availability and performance data on each of the supporting components such as composite application services, public cloud services, ISPs, networking devices, compute and storage infrastructure.

The irony of having mountains of telemetry and activity logs awaiting analysis by overworked IT teams is that there is too much noise in too much data for humans to deal with in a timely manner. When the volume of data is beyond human scale and below human sensitvity, machine reasoning (MR) automates the analysis of trillions of bytes of switch and router telemetry, wireless radio fingerprints, and network access point interferences to uncover patterns in the chaos, and turn the findings into actionable insights and automated mitigation actions.

Automated Observability with AI Nework Analytics

To make full use of the deep historical and real-time data, IT can take advantage of an Analytics Stack that can:

◉ Use purpose-built applications to augment human engineers in NetSecOps with Insights into network performance and security vulnerabilities

◉ Leverage machine-speed analytics and knowledgebase-driven Machine Reasoning Engine (MRE) to unburden NetSecOps from mundane monitoring tasks to focus on proactive digital transformation projects with DevOps.

◉ Achieve massive collection, storage, and parsing of diverse data lakes—collections of anonymized network and application telemetry based on volume, velocity, and variety of data to compare performance and security metrics.

For several decades, Cisco has been building a data lake of worldwide, anonymized customer telemetry in parallel with a knowledgebase of expert troubleshooting experience, both of which are available to machine reasoning algorithms under the command and control of Cisco DNA Center. With Cisco AI Network Analytics, NetOps can, for example, be forewarned of increases in Wi-Fi interference, network bottlenecks, uneven device onboarding times, and office traffic loads in the more traditional data center and campus network environments.

Observability for cloud-based applications, however, needs a different approach as much of the application infrastructure is not under direct control of IT. Direct internet connections to clouds can be unreliable—especially for latency-sensitive applications—unless they are monitored and automatically tuned using cloud onramps.

Observability into Cisco Cloud OnRamps for each of the major cloud services—Microsoft Azure, Amazon AWS, and Google Cloud, as well as colocation, and SaaS platforms—provides the ability to monitor and set performance parameters that are automatically applied to maintain the proper quality of service based on the type of application and cloud provider. Paths are calculated by tracking characteristics including packet loss, latency, and jitter in the data plane tunnels among cloud workloads and edge devices. Cisco AppDynamics and ThousandEyes provide application layer observability for inter-cloud and intra-cloud dynamics that enables NetOps and DevOps to monitor and identify factors affecting application experience.

Network Analytics + Software-Driven Controllers = Full Stack Observability

AI Network Analytics working in conjunction with Software-Driven Controllers enables Full Stack Observability. Operational intents and security policies defined in software-driven controllers are compared with telemetry and operational anomalies detected by an MRE to automatically adjust operations or isolate rogue devices. Always-on AI Analytics watch over the distributed workforce and workloads at machine-speed, making automatic adjustments or sending alerts with suggested remediations to appropriate levels of IT personnel or to SIEM applications to log and kickoff trouble tickets. Over time, NetOps and DevOps can fine-tune application performance using a consistent flow of insights from analytics to adapt to changes in workloads, workforce, and workplace.

The next shift is using AI and MRE to “personalized” recommendations on updates and patches for controllers. Upgrading controllers carries a certain risk given the complexity and many differences among existing network configurations. Knowing in advance what affect an update can have—and even if it applies to the existing configuration—can bring peace of mind to the process. Does a specific configuration warrant a patch if that issue is not relevant? If not, then there is no reason to force an update that is not required. Are controllers running an OS version with active PSIRT vulnerabilities? NetOps is alerted to put a higher priority on upgrading those specific controllers. Automation and observability go hand in hand to make operation teams more efficient so they can spend time on more valuable tasks.

Observability Provides Operational Simplicity and Serviceability

Full stack observability is the foundation of a new network and security operating model that ensures application experience and trust. The ultimate outcome of attaining full-stack observability is to make all the operations teams—NetOps, SecOps, DevOps and CloudOps—able to work together to raise the levels of serviceability across the application infrastructure. Automations that support full-stack observability simplify operations as well by eliminating many of the time-consuming and tedious tasks of network monitoring and troubleshooting.

Source: cisco.com

Continue reading