5 Acquisition Strategies to Support CIOs Keeping Pace with Innovation

The pace of new technology adoption and innovation to help prevent future disruption while remaining competitive has accelerated beyond all expectations. When the global pandemic first hit, businesses scrambled to get their workforce and operations back online. What would have taken months, suddenly had to happen instantly.

More Info: 300-415: Implementing Cisco SD-WAN Solutions (ENSDWI)

Now, as CIOs continue to drive transformation, there are several ways to get access to the technology needed to recover and grow without having to break your budget.

1. Don’t own it

Pay to use has never been a more attractive model than it is today. With a large proportion of employees in many industries expected to work remotely for the foreseeable future under a hybrid workplace model, the number of office branches is likely to increase. You will need to upgrade your infrastructure so that it can be scaled quickly to support a user experience that keeps employees productive and secure.

Without having to compromise on your priorities, there are options that allow your business to use budget effectively as you plan your recovery. IT-as-a-Service allows businesses to get the technology needed with no upfront costs, and they can pay over time as they use it.  Entire infrastructure solutions can be implemented with supporting technology, software and tools—all paid for using subscription-type models. Not only does this alleviate some of the budgetary pressure, but it also lends itself to an asset-light strategy that many businesses are now striving for.

2. Justifying OpEx over CapEx

As the CIO, you’re trying to lead your organization through digital transformation while making it as painless as possible. With many industries continuing to lean heavily on finance to underpin pandemic related shortfalls in revenue, justifying any CapEx can seem impossible. But, by moving technology costs from CapEx to OpEx you avoid large initial investments, enabling you to shift budget priorities and support key transformation projects. IT financing can simplify accounting by rolling all your technology needs into regular payments, making it easier to track against budgets and allow the business to follow market trends, upscale to evolve, and increase competitiveness.

3. Go green and get more for your money

You can extend available budget and shrink your company’s carbon footprint by using certified remanufactured equipment. This allows you to access equipment at a more competitive price while still receiving the same warranties and product support. In addition, by financing this equipment you can upgrade when you need to and offset the cost against future revenue.

4. Begin with the end in sight. Your CFO will thank you!

Managing technology can be complicated, particularly as we all look to return to some semblance of normal. Creating a lifecycle management plan for the technology needed at this time can help avoid a future of depreciating assets, while also helping you stay ahead with the latest innovations. IT budget planning becomes easier, and you can run your businesses more efficiently with up-to-date infrastructure and the latest software solutions. This helps align OpEx payments with the benefits gained from refresh lifecycles, while managing cash flow and budget needed to further grow your business, as well as removing depreciating assets from your CFO’s balance sheet.

5. True up, true forward. Take the guesswork out of unpredictable usage

As your business evolves and you update your infrastructure to enable the best collaboration and customer experience to remain productive, effective acquisition of the right technology can help you meet your business goals and grow. Forecasting user uptake of new technology is hard enough with all the proper pilots in place, but when new tools are services are stood up in a hurry, predicting capacity can be a huge gamble. However, access to as-a-service, subscription-like models or spreading the cost of your solutions over time allows you to focus on your other priorities and fund other investments.

Cisco is here to support you as you expedite your digital transformation. Along with Cisco Capital, we can help you determine not only what to buy but also how to buy it to match your business requirements and budget strategy. Whatever your plans are, we’re here to meet you where you are.

Source: cisco.com

Continue reading

Establish, Enforce, and Continuously Verify Trust with SD-Access in Simple Steps

To effectively protect precious data resources across campuses from infiltration, exfiltration, and ransomware, Enterprise IT needs deep visibility into everything connecting to the network and the ability to segment devices by access permissions and security policies. The goal is to attain a Zero-Trust Enterprise based on least-privileged access principles that prevents the lateral movement of threats and automatically isolates any offending endpoint or intrusion.

More Info: 200-201: Threat Hunting and Defending using Cisco Technologies for CyberOps (CBROPS)

Today, millions of enterprise endpoints are protected with implementations of Cisco Software-Defined Access (SD-Access), a solution within Cisco DNA Center. Thousands of enterprises are already well along on their journey to obtaining a zero-trust network using endpoint analytics, policy analytics, segmentation, and rapid threat containment capabilities of SD-Access. Now, with the introduction of Continuous Trusted Access with SD-Access Trust Analytics—using AI/ML anomaly modeling and spoofing prevention—the five phases of attaining zero-trust are available to all types of organizations at any stage of their implementation. The complete Cisco SD-Access solution provides inherent flexibility for enterprises to begin or continue the zero-trust journey according to their business priorities and desired outcomes.

This software release will be generally available (GA) in mid-June 2021, or contact your account team for early access.

Existing Networks Benefit from a Flexible Zero Trust Journey

Cisco understands that NetOps and SecOps must build segmentation upon what is already in place, adding capabilities in stages to achieve the desired zero trust outcome for both existing and new network installations. Organizations can use SD-Access to start the journey to zero trust at different stages depending on business priorities.

Adventist Health started its zero trust journey with Cisco AI Endpoint Analytics to find and categorize over 75,000 compute and IoT devices on their multi-state spanning network. Cisco AI Endpoint Analytics uses Deep Packet Inspection (DPI) and advanced AI/ML algorithms to search crowdsourced databases to obtain more granular information about many different device types. Adventist Health even uses the enhanced device visibility from AI Endpoint Analytics to identify devices that are discontinued and no longer supported by manufacturers, which are more susceptible to malware intrusions and other threats. Adventist Health sees AI Endpoint Analytics as an enabling technology that provides the much-needed endpoint visibility and security grouping that will help define their future segmentation policies.

KB Securities needed a more efficient method of managing segmentation access policies as their workforce moved freely among campus buildings. Instead of manually adjusting individual policies, they are using SD-Access segmentation to automatically adjust and apply access policies as the workforce shifts among wired and wireless networks, eliminating time-consuming manual interventions.

One of the largest financial institutions in the world needed a zero trust approach for protecting the organization’s connected endpoints worldwide. IT chose to implement the new SD-Access Trust Analytics to analyze and model normal endpoint behavior to detect anomalies that indicate intrusion attempts before they can cause a data breach of sensitive information.

In SAIC Volkswagen’s new Modularer Elektrobaukasten plant—a modular chassis designed by Volkswagen specifically for electric cars—the production systems need to be on separate networks for reliability and stability reasons. But instead of building distinct networks, SD-Access simply segments the single physical network into multiple logical networks that keep production systems traffic separate, but under the control of one Cisco DNA Center. As a result, the network is more manageable, and IT can more easily connect and secure thousands of IoT and robotic devices throughout the plant. With Cisco SD-Access, SAIC Volkswagen was able to use existing L2 access switches, enabling a smooth migration of services and reducing up-front costs.

Cisco SD-Access provides multiple paths to attaining zero-trust enterprise networks with a faster time to value.

Enterprises Are in Control of Their Zero-Trust Journey

The ability to start the zero trust journey at a point that aligns with the business priority for each enterprise expands the number and types of use cases for Cisco SD-Access. Cisco SD-Access is the only solution in the industry that provides all the capabilities required for Zero-Trust in the workplace with Visibility (endpoint analytics and traffic policy discovery), Segmentation, Continuous Trust Assessment, and Containment that can be implemented in phases to meet each organization’s security goals.

The recent updates to the SD-Access solution lowers the barrier to embark on a zero-trust journey, especially in existing, heterogeneous networks. Each step along the journey adds incremental value as the threat surface diminishes and enterprises gains more control over every endpoint that joins the network by restricting the resources with which they can communicate. For example, a new personal BYOD connecting to the network can be identified, classified, and initially assigned to a security group segment that only has very limited access to enterprise resources until the device and owner are verified.

Implement SD-Access Segmentation Without Routed Access

To support existing estates that use more traditional networking constructs, SD-Access now supports Layer 2 Switched Access including the option of preserving existing VLANs and IP address pools. In this deployment scenario, the SD-Access Fabric originates at the network aggregation layer. The solution offers the flexibility for enterprises to map existing access VLANs to macro/micro segments in the SD-Access Fabric. To minimize lateral movement of threats, enterprises also have the option to extend the micro-segmentation policies to the Layer 2 Switched Access node. These flexible design options enable enterprises to begin their zero-trust journey without re-designing their existing networks.

Cisco SD-Access now supports Layer 2 Switched Access

“Cisco networking devices, Cisco DNA Center, and SD-Access gave us a flexible networking platform that we could adapt to our unique needs. We were able to integrate third-party industrial switches, keep the factory operating efficiently by quickly locating and fixing network issues, and free our highly-trained engineers from day-to-day operational burdens.” – Xiaoqing XU, IT Director, SAIC Volkswagen

Deploy Macro-Segmentation Before Implementing Cisco ISE

The fully automated turnkey fabric-based architecture offered by SD-Access is an attractive alternative to MPLS-based VRF, VRF-lite and other operationally cumbersome legacy segmentation technologies. With Cisco DNA Center release 2.2.2.0, we have disaggregated the capabilities within SD-Access Fabrics. Enterprises now have the option to use SD-Access to rapidly achieve macro-segmentation of networks even in scenarios where Cisco ISE is not currently being used to authenticate endpoints. This option makes it easier for organizations to get started with SD-Access and expand to other use cases at their own deployment pace and schedule.

You Can’t Secure What You Can’t See

One of the early barriers to begin building a zero-trust enterprise is knowing what devices are connecting to the network, which devices and applications they are communicating with, and developing a deep historical perspective to detect anomalies. That’s why many organizations—such as the Adventist Health example—start with Endpoint Analytics to understand the current threat surface and then apply policy analytics to understand the behavior of traffic patterns.

Implementing Continuous Trust Assessment with the new Cisco Trust Analytics enables IT to develop and use models of typical device behaviors, usage, and traffic history to understand “normal” network operations to protect against spoofing attacks. Trust Analytics detects traffic from endpoints that are exhibiting unusual behavior by pretending to be trusted endpoints using MAC Spoofing, Probe Spoofing, or Man-in-the-Middle techniques. When Trust Analytics detects such anomalies, it signals Endpoint Analytics to lower the Trust Score for the endpoint to completely deny or limit access to the network.

Cisco SD-Access Continuous Trust Assessments

Supplementing the network with Cisco Identity Services Engine completes the continuous trust cycle by aggregating device classification, segmentation rules, and trust analytics to monitor, identify, and isolate any detected device anomalies that can indicate a breach or infection. Cisco ISE provides rapid threat containment and remediation by automatically detecting and isolating suspicious devices or people logging in from unusual or unknown locations.

Attaining Zero Trust is a Flexible Journey

While the ultimate goal is a zero-trust state for all devices, applications, and people, each implemented capability of SD-Access enables enterprises to gain greater control over the security of the network. To prioritize desired outcomes, enterprises are in control of the pace of the journey from starting point to end results. The Zero-Trust Enterprise becomes a flexible journey as campus networks grow and adapt to new endpoint devices, IoT technologies, geographic configurations, and applications that can be accessed from anywhere. All these innovations for the flexible journey to zero trust are benefits of Cisco DNA Center release 2.2.2.0. Start your journey to zero trust today with Cisco SD-Access.

Source: cisco.com

Continue reading

Latest Cisco 500-450 Certification Exam Sample Questions and Answers

Cisco UCCEIS Exam Description:

This exam tests a candidate's knowledge of installing and deploying Cisco Unified Contact Center Enterprise (Cisco Unified CCE) solutions. Cisco Unified CCE is part of the Cisco Unified Communications application suite, which delivers intelligent call routing, network-to-desktop computer telephony integration (CTI), and multichannel contact management to contact center agents over an IP network. Skills assessed include install, setup, configure, and troubleshoot the solution.

Cisco 500-450 Exam Overview:

Exam Name:- Implementing and Supporting Cisco Unified Contact Center Enterprise

Exam Number:- 500-450 UCCEIS

Exam Price:- $300 USD

Duration:- 75 minutes

Number of Questions:- 65-75

Passing Score:- Variable (750-850 / 1000 Approx.)

Recommended Training:-

• Administering Cisco Unified Contact Center Enterprise Part 1 (AUCCE1) 2.0
• Administering Cisco Unified Contact Center Enterprise Part 2 (AUCCE2) 2.0
• Deploying Cisco Unified Contact Center Enterprise (DUCCE) 2.0

Exam Registration:- PEARSON VUE

Sample Questions:- Cisco 500-450 Sample Questions

Practice Exam:- Cisco Unified Contact Center Enterprise Specialist Practice Test

Read More:-

• Passing Cisco 500-450 UCCEIS Exam is Now Easy in First Attempt

Continue reading

Unclear on fiber optic breakouts? What you need to know

We often receive questions about fiber optic breakout patch cords for pluggable optic transceivers. If you’re wondering the same thing, the first door to knock on is the fiber cable infrastructure provider for your network. We’ve posted cabling guides for some well-known providers, but there are certainly other options. These guides contain specific part numbers for their breakout patch cords and cassettes for use with many Cisco Optics transceivers.

Why would you use breakouts?

Fiber optic breakouts are useful for many applications. Take for example a 400G port in a switch or router. A breakout structure could make that 400G port equivalent to a high density set of four 100G ports. Breakout connectivity also allows you to upgrade your network hardware one site at a time, so you don’t have to take down the whole network all at once. You could also use breakouts for redundancy in your architecture.

Read More: 300-710: Securing Networks with Cisco Firepower (SNCF)

The fundamental distinction of a breakout application is that it connects network devices (switches, routers, and servers) to other network devices containing ports of different speed without sacrificing port bandwidth. That last part about not sacrificing port bandwidth is key. You could still connect ports of different speed using an adapter. Or you could run a high speed port at a lower speed by filling it with a lower speed optic. For example, 40G QSFP+ optics can work in 100G QSFP28 ports. However, in both of these situations you under-utilize the bandwidth of the higher speed port.

Example of breakout application.

With breakouts, you fully utilize port bandwidth. The most common breakout configuration involves a higher speed QSFP port that connects to four lower speed ports, either SFP lower speed QSFP. For example, Cisco’s QSFP-100G-SR4-S can connect to four different 25G SFP28 ports with a fiber breakout patch cord (or cartridge) and four SFP-25G-SR-S pluggable optic modules. Similar breakouts are possible with some 40G QSFP+ and 10G SFP+ modules.

Which pluggable optics support breakout?

Almost always, a pluggable optic transceiver that uses parallel fiber supports breakout. The Cisco Optics-to-Device Compatibility Matrix online tool shows whether the pluggable optic uses parallel or duplex fiber. Breakout is possible with both SMF (Single-Mode Fiber) and MMF (Multi-Mode Fiber) media type.

In the rare case of an exception, the tool notates if the pluggable optic or network device does not support breakout mode.

Example of rare exception when breakout mode is not supported, indicated in pop-up message in the Cisco Optics-to-Device Compatibility Matrix.

As a baseline reference, these are some of the Cisco pluggable optic transceivers that support 4-channel breakout configurations:

Partial list of Product IDs for Cisco Optics that can be used in breakout configurations.

For a full list and mapping of which optics can connect to each other via breakout, see the Optics-to-Optics Interoperability Matrix. Below is an example.

Cisco Optics-to-Optics Interoperability Matrix example. The far right column indicates whether a fiber optic breakout patch cord is needed.

Fiber optic breakout patch cord pinout diagrams

If your fiber cable vendor doesn’t have a standard breakout patch cord, and you request a custom design, you can use the diagram below as a guide. The patch cord doesn’t depend on the data rate. The main consideration is whether the fiber type is SMF or MMF.

Fiber breakout jumper pinout diagram for SMF. Note the 8 degree angle polish on the MPO connector end face.

Fiber breakout jumper pinout diagram for MMF.

Remember, fiber breakout patch cords or cartridges are for pluggable optic transceivers. If you’re using an AOC (Active Optical Cable) such as QSFP-4X10G-AOCxM or copper cables such as QSFP-4SFP25G-CUxM, the breakout structure may be built into the cable because they are pre-terminated and plug directly into the QSFP or SFP type ports. Therefore, these cables do not need a separate fiber breakout patch cord.

Source: cisco.com

Continue reading

Under Pressure to Secure Your Enterprise? Predict More to Prevent More

Cybersecurity is a top priority for any organization conducting business over the Internet. Protecting your assets encompasses an ever-expanding digital landscape. Any data breach can have a devastating impact on the finances and brand equity of an organization. It’s why cybersecurity is treated as a business risk, rather than merely an IT issue. The importance of security is nothing new, but the global pandemic has made it even more critical.

Rise in Remote Access Authentication

Many of the new security challenges stem from the rapid increase in remote work that occurred almost overnight last year with the global rollout of stay-at-home orders. According to data from Cisco DUO, more organizations across all industries have enabled their employees to work from home, and there’s every indication this could continue for an extended time. Between February and April of 2020, we saw a 60% increase in remote access authentication — a percentage that has held remarkably steady ever since.

For IT Ops, a key challenge was ensuring their business employees could securely access the tools and resources they needed to do their jobs, seamlessly and with no additional friction. At the same time, organizations have had to protect critical information and minimize risk, all while accommodating myriad types of users and devices using unsecured networks. In order to accomplish the above, having visibility and insights into remote work patterns is a must, allowing SecOps and NetOps teams to authenticate and secure enterprise traffic through zero-trust solutions and multi-factor authentication.

Identifying Cyberthreat Patterns

In addition to the expansion of the attack surface due to the shift to remote work, cyber-criminals evolved their attacks to feed on people’s fears around the pandemic. DNS traffic analysis by Cisco Umbrella revealed some startling findings for the first nine months of 2020. For example, among our Umbrella DNS customers:

◉ 91% saw a domain linked to malware

◉ 68% saw a domain linked to cryptomining

◉ 85% saw a domain linked to phishing

◉ 63% saw a domain linked to trojans

In fact, since 2019, trojans and phishing have traded spots in threat ranking. In 2019, trojans were the number two threat at 59%, while phishing was number four with 46% impacted. Over the past year, phishing has risen by nearly 40% in large part due to malicious actors preying on people’s fears about the virus.

If IT teams are to scale and stay ahead of the bad actors in this evolving landscape of cyberthreats, they must be able to proactively monitor and identify malicious traffic and its patterns. It is vastly better to predict and prevent cyberattacks than to try to undo the damage caused by data breaches after the fact.

Threat Targets by Industry

Shifts in the distribution of threat traffic across different business markets since 2019 offer further insight into how to secure your enterprise. In particular, managed service providers (MSPs) have now surpassed financial services as the most impacted markets. In fact, U.S. government agencies have issued recent warnings about the heightened risk of attacks by state actors on MSPs.

Why this jump in MSP threat traffic? MSPs are attractive targets because, unless an MSP has effectively secured its own environment, it is vulnerable to attack by malicious actors who can then hijack remote monitoring management to go after the MSP’s clients. These customers are then at higher risk than the MSP itself. (By contrast, higher education traffic has dropped considerably in the ranking of impacted markets over the past year — from the top spot to the number six spot — most likely due to students being unable to attend classes in person.)

The rise in malware using sophisticated hiding and evasion techniques has made cyber defense teams’ jobs that much harder. In order to secure your data and your enterprise, manual monitoring and intervention is no longer a viable solution. Today’s cyber defenders must have visibility across applications, networks, and devices, along with the ability to leverage machine speed and predictive intelligence to deliver scalable, adaptable protection.

Source: cisco.com

Continue reading

Education, Education, Education: RSA 2021 and the State of Education Security

There is an old maxim in the real estate profession that is used when evaluating the value of a home. Realtors often speak of “location, location, location”, as if the customer involved in the transaction is so unaware of that factor that it requires the incessant repetition. In cybersecurity, however, one area that is in dire need of a recurrent reminder is the area of education, both of cybersecurity professionals, as well as targeting that specialized knowledge towards the education sector.

Resilience, and Investing in People

This year’s RSA conference was started with an inspirational keynote message from CEO Charles (Chuck) Robbins. The theme of this year’s RSA conference was resilience, which is also the key to effective cybersecurity. The vision for a post-pandemic world is one where Cisco will invest more to make the world a safer place, while carrying out that vision in less time than ever.

Part of Cisco’s investment in the future is not only about technology, it is about people. There are around 2.8 million cyber professionals globally, but there are currently more than 4 million unfilled cybersecurity jobs. There is no other industry where the open positions exceed the number of available positions at such a grand scale. This is the equivalent of the entire population of many small countries. Cisco is seeking not only to enable the workforce by looking at the existing talent pool, but by also tapping into unconventional places to find new talent. Unlikely security professionals exist in places like the local coffee shop, the mechanic’s garage, and even the prisons.

This extreme reach for diversity is rooted firmly in history. When the world needed to solve the encryption puzzle used by the enemies in World War Two, they sought people from all walks of life to decipher what seemed like an unbreakable code. They were not all mathematicians. They included librarians, psychologists, and even hobbyists who collected porcelain figurines.

Diversity is a force multiplier towards solving outwardly unsolvable problems.

An Unnoticed Target

Education towards creating a stronger workforce is useless if not applied to business sectors that need it the most. One sector where there is a need for cybersecurity professionals is the area of education. In the 2018 “End-of-Year Data Breach Report” issued by the Identity Theft Research Center (ITRC), there were over 1.4 Million records breached at educational institutions. These numbers closely matched the breach numbers of 2017 for the education sector. However, over the course of 2019, the breached records increased to over 2.4 Million.

While the education sector falls last among the five industries monitored in the ITRC reports, there appears to be a pattern emerging.

Wendy’s Keen Insights

Cisco’s Head of Advisory CISOs, Wendy Nather, and Dr. Wade Baker, of the Cyentia Institute opened the final day of the 2021 RSA conference with by asking the question “What (Actually, Measurably) Makes a Security Program More Successful?”

Wendy stated that she dislikes benchmarks, mostly because some people are not good at it, offering more opinion that measurable results. In order to measure success, we must be more interested in what works. Wendy and Wade drew upon the findings of the Cisco 2020 Security Outcomes Study to discuss a methodology that is measurable, and actionable.

Follow the Patterns

The Security Outcomes Study findings are based on patterns, rather than raw numbers, and this is important when considering the rise in educational breaches. Valuable insights are derived by finding patterns in the data that show clear correlations between security practices, and the outcomes. As a cybersecurity professional, the idea of finding patterns that show clear correlations should resonate deeply, as this is a foundational tenet of your entire discipline of threat intelligence.

Ignoring a pattern just because it is deceptively insignificant at the time can lead to an instance of not seeing the shape of things to come. Are we on the precipice of witnessing a new target? The people at Cisco do not agree with the logic of ignoring it, hoping it will go away.

Why a School is a Good Target

It may seem like a school, or university is not a very lucrative target for a cyberattack, but when one stops to think about it, an educational institution contains a rich variety of valuable information, more than just the books in the student libraries and the fraternity and sorority houses.

Schools are fertile grounds for ideas, and inspirational knowledge. These are the roots of intellectual property.  In fact, some schools are branded as research universities. This means that the information about the students who are working on research, as well as the research itself, are viable targets for a cybercriminal.

How Cisco is Positioned to Protect These Valuable Assets

Cisco is uniquely qualified to protect all learning institutions by offering a wide range of security solutions and products to safeguard all educational institutions, from the earliest grades, all the way up to institutions of higher learning.

Whether it is managing the in-person and remote students and their mobile devices, to fostering a productive learning environment, to protecting sensitive student and research data, Cisco offers a wide range of solutions to meet your goals, and ensure an effective approach to your security vision.

There is more to a security solution than the platform. The depth of information, and flexibility and pragmatism is key towards a full security approach. As described by the CISO of Brunel University, “Cisco backs its products with engineers who are at the top of their game”.

Source: cisco.com

Continue reading

Stretching Cisco Designed Oracle Infrastructures with Low Latency Protocols

Before the pandemic, industries were turned upside down as a digital transformation wave forced IT departments to think of new ways to implement services and address this new business challenge. When business travel starts up again, each of us will see examples: taxi’s replaced by Uber and Lyft; newspapers replaced by a smartphone; radio replaced by Spotify. Each industry struggles to remain relevant. The impact on IT?  The huge growth in applications that draw data from more sources, and the speed to implement required today. Oracle databases and the server infrastructures that support have to support larger workloads without sacrificing performance. The challenge is how to architect these systems to meet uncertain growth requirements yet keep their finance department happy.

Read More: 500-173: Designing the FlexPod Solution (FPDESIGN)

Cisco foresaw this requirement a couple of years ago and invested in a set of Cisco Validated Designs demonstrating the benefits of NVMe (Non-Volatile Memory Express) over Fabrics partnering with Pure Storage initially and more recently with NetApp.

Customers generally fall into two categories:

◉ Those running I/O over ethernet and would more naturally move to RDMA

◉ SAN based customers who desire low latency but within a SAN infrastructure

Cisco has developed a proven solution for each of these two scenarios, see details below.

In 2019, Cisco and Pure Storage tested and validated a FlashStack solution highlighting the benefits of RoCE V2 – Oracle RAC 19c Databases running on Cisco UCS with Pure Storage FlashArray //X90R2 using NVMe-oF RoCE V2 (RoCE  – RDMA over Converged Ethernet version 2). Here the standard FlashStack Converged Infrastructure (depicted below) was set up with NVMe located in the servers and used RoCE to move the data traffic between the servers and the All-Flash storage subsystem.  SLOB (Silly Little Oracle Benchmark) was used to replicate users and the system was scaled to 512 users demonstrating the following benefits:

◉ Lower latency compared to other traditional protocols

◉ Higher IOPS (I/O per second) and scaled linearly

◉ Higher bandwidth to address higher data traffic requirements

◉ Improved protocol efficiency by reducing the “I/O stack”

◉ Lower host CPU utilization, documented at 30% less

◉ Indirectly, as CPU utilization was lowered, more processor cycles are available to process work, therefore fewer Intel processor cores need to be licensed to achieve performance.

This was a welcome design incorporated by many companies from commercial to large enterprise as it addressed a pressing need – how to stretch the IT budget to complete more work on the current system.  The NVMe interface is defined to enable host software to communicate with nonvolatile memory over PCI Express (PCIe). It was designed from the ground up for low-latency solid state media, eliminating many of the bottlenecks seen in the legacy protocols for running enterprise applications. NVMe devices are connected to the PCIe bus inside a server. NVMe-oF extends the high-performance and low-latency benefits of NVMe across network fabrics that connect servers and storage. NVMe-oF takes the lightweight and streamlined NVMe command set, and the more efficient queueing model, and replaces the PCIe transport with alternate transports, like Fibre Channel, RDMA over Converged Ethernet (RoCE v2), TCP.

In 2020, the Pandemic hit.

COVID-19 caused many IT organizations to shift focus from database to remote worker implementations initially conceived as short-term solutions, now moving to longer term designs. Businesses are returning to a focus on stretching their database infrastructure solutions, and Cisco has partnered with NetApp on a new solution to meet this goal.

In April 2021, Cisco and NetApp published a new Cisco Validated Design called FlexPod Datacenter with Oracle 19c RAC Databases on Cisco UCS and NetApp AFF with NVMe/FC. The proven design using NVMe is now proven work with a Fibric Channel twist.

NVMe over Fibre Channel (NVMe/FC) is implemented through the Fibre Channel NVMe (FC-NVMe) standard which is designed to enable NVMe based message commands to transfer data and status information between a host computer and a target storage subsystem over a Fibre Channel network fabric. FC-NVMe simplifies the NVMe command sets into basic FCP instructions. Because Fibre Channel is designed for storage traffic, functionality such as discovery, management and end-to-end qualification of equipment is built into the system.

Almost all high-performance latency sensitive applications and workloads are running on the same underlying transport protocol (FCP) today. Because NVMe/FC and Fibre Channel networks use the same FCP, they can use common hardware components. It’s even possible to use the same switches, cables, and NetApp ONTAP target port to communicate with both protocols at the same time. The ability to use either protocol by itself or both at the same time on the same hardware makes transitioning from FCP to NVMe/FC both simple and seamless.

Large-scale block flash-based storage environments that use Fibre Channel are the most likely to adopt NVMe over FC. FC-NVMe offers the same structure, predictability and reliability characteristics for NVMe-oF that Fibre Channel does for SCSI. Plus, NVMe-oF traffic and traditional SCSI-based traffic can run simultaneously on the same FC fabric.

The design for new FlexPod is depicted below and follows the proven design that has led FlexPod to become a most popular Converged Infrastructure in the market for several years.

The same low latency, high performance benefits of the previous CVD are proven once again in this NVM/FC design.  As such, customers now have a choice as to how to implement a modern SAN to run the heart of their IT shop – the Oracle Database.

Business will continue to challenge their IT departments, some are planned challenges while others are completely unforecasted. Picking a design that can grow to meet these future requirements, where each element in the design can be upgraded independently as circumstances warrant, while meeting performance requirements with an eye toward Oracle licensing costs is the challenge that Cisco’s low latency solutions have met. These are the solutions your organization should take a closer look at for your future Oracle deployments.

Source: cisco.com

Continue reading