TrustSec – 9800 vs 8540 Wireless LAN Controller deployment

To protect business critical data, the network needs to be segmented. But traditional methods are complex. Cisco TrustSec provides a simple way to segment and apply polices uniformly across the network.

More Info: 300-715: Implementing and Configuring Cisco Identity Services Engine (SISE)

Traditional network segmentation approaches use IP address-based access control lists (ACLs), VLAN segmentation, and firewall policies that require extensive manual maintenance. Therefore, every device in the network that needs to enforce security policies would require manual configuration. For instance, any change to policies would mean manually updating the ACLs for all the devices uniformly which is error prone. With IOT and BYOD the scale factor will make it very difficult to use traditional ACLs.

Having a single centralized security policy database would be easy to maintain and policies can be uniformly enforced. This is where trustSec becomes relevant. TrustSec provides an end-to-end secure network where each entity is authenticated and trusted by its neighbors. Above all, it provides consistent policy set across the network.

This blog provides an overview of how trustSec as a solution is deployed on 9800 and 8540 Wireless LAN Controller. In addition, some key feature differentiators is also highlighted.

Terminology

Security Group

Used for grouping users and endpoints that should have a similar access control policy.

Security Group Tag (SGT)

It is a unique security group number that gets assigned to the security group.

TrustSec Capable Device

Devices that are capable of understanding SGT (hardware or software based).

Protected Access Credential (PAC)

Shared credential used to mutually authenticate Trustsec capable devices with ISE.

Environment (Env) Data

ISE provides ENV data information to a trustSec capable device. It consist of : Server list, expiry/refresh timeout and device SGT.

◉ Server list – It provides the list of radius servers which can be used for authentication and authorization.

◉ Expiry/Refresh timeout – Configurable timer on ISE which will let the administrator know how often the device should refresh the environment data.

◉ Device SGT – This is the SGT assignment for the device.

Security Group Access Control List (SGACL)

Access and permission are provided based on the SGT information.

With increase in number of source and destination the ACL size could grow exponentially making it difficult to maintain. In other words, it takes a lot of effort for an administrator to manually update ACL across network devices. For example, here is a pictorial representation of how trustSec as a solution can make things easy for an administrator.

Key components

There are three components within TrustSec domain.

1. Classification: Client classification at ingress by centralized policy database (ISE) and assigning unique S-SGT to client based on client identity attributes.

2. Propagation: Propagation of IP to SGT binding to neighboring devices using SXPv4 or inline tagging.

3. Enforcement: SGACL download at enforcement point for (S-SGT, D-SGT) and enforcing the policy.

Given below are some details about trustSec implementation on 8540 and  9800 Wireless LAN controllers.

Classification

It happens on ISE at the ingress and the clients get the SGT based on client identity attributes. So, the ISE acts as the central policy manager providing SGT for the clients.

Propagation and Enforcement

There are two modes for SGT propagation:

SXPv4

SXP is a control protocol which propagates IP address to Security Group Tag (SGT) binding information across network devices. Using the SGT and SGACL information, the endpoint device(WLC or AP) can enforce traffic.

8540 Central switching

The controller can act ONLY as a speaker. This means that the SGT information of the wireless client is  propagated to the enforcement point by the controller. But enforcement happens at the AP for the traffic towards the client.

9800 Central switching

The controller can act as Listener, Speaker and both mode. In listener mode, controller can enforce traffic. Whereas controller in both mode can enforce and as well as propagate SGT information to the enforcement point.

An important difference between 8540 and 9800 controller in central switching deployment – On 8540, the enforcement happens on the AP. Whereas, on 9800 enforcement happens on the WLC.

Local switching

The Access point acts as Listener, Speaker and both modes. In listener mode, the access point can enforce traffic. On the other hand, access point in both mode can enforce and propagate SGT information to the enforcement point. This functionality is common between 8540 and 9800 deployments.

Inline tagging

Inline tagging involves tagging each packet egressing the controller by inserting a CMD header.

For inbound packets (towards client), the CMD header is stripped if present. The client S-SGT is used to find SGACL associated with (S-SGT, D-SGT) for enforcement.

8540 Central switching

WLC performs inline tagging for all packets sourced from wireless clients that reside on the WLC by tagging it with Cisco Meta Data (CMD) tag. For packets inbound (towards client), WLC strips the packet of the CMD header and pushes the SGT information to the AP for enforcement. Note that the enforcement doesn’t happen on WLC.

9800 Central switching

The WLC performs inline tagging for all packets sourced from wireless clients. For the inbound traffic (towards client), WLC strips the CMD and learns the SGT information from the meta data header. WLC will enforce the traffic using the SGT information.

 

Local switching

AP performs inline tagging for all packets sourced from wireless clients that reside on the AP by tagging it with Cisco Meta Data (CMD) tag. On the other hand, for packets inbound (towards client) AP will strip the CMD header and act as an enforcement point. This functionally is common between 8540 and 9800 deployments.

In a nutshell, propagation and enforcement happens on the WLC or AP depending on the deployment method (Central and Flex local switching) and the type of controller (9800 or 8540) deployed in the network.

TrustSec – Key feature comparison

Source: cisco.com

Continue reading

Enjoy Incredible Benefits by Passing Cisco 300-425 ENWLSD Exam

Cisco is an international organization widely known for producing specialized gadgets and systems. The organization is presently the best designer in the best-in-class system administration equipment list. Therefore, obtaining the certification of this vendor is an excellent solution for the career of any IT professional. One of the current and popular tracks offered by Cisco is CCNP Enterprise. That is why, in this blog, we will check out the details of the Cisco 300-425 ENWLSD exam, which is one of the certification examinations needed for earning this professional-level certificate, and explore the benefits it can bring. So, let's dive into it!

A lot of professionals want to earn this certificate and get it to validate their skills in delivering enterprise networking solutions. This brings us to what we require to obtain this certification.

Essential Information About Cisco 300-425 exam

The CCNP Enterprise certification track, which the Cisco CCNP 300-425 ENWLSD Exam is a part of, doesn't need any formal requirement. Hence, everyone can sit for this exam and its associated certification. The only crucial thing is to master all the skills evaluated in this exam. Certainly, you can have tremendous knowledge behind your back with three to five years of experience, but this is not a compulsory requirement.

Cisco 300-425 ENWLSD is a certification exam designed for IT professionals who want to obtain CCNP Enterprise. To obtain this certification, they should pass one core exam (350-401 ENCOR) and one concentration exam (to choose their supplementary knowledge domain). Cisco 300-425 is from the concentration exam group. Other exams that you can take instead of this one are as follows:

• Cisco 300-410 (Implementing Cisco Enterprise Advanced Routing and Services);
• Cisco 300-415 (Implementing Cisco SD-WAN Solutions);
• Cisco 300-420 (Designing Cisco Enterprise Networks);
• Cisco 300-430 (Implementing Cisco Enterprise Wireless Networks);
• Cisco 300-435 (Automating Cisco Enterprise Solutions).

The 300-425 ENWLSD exam is geared towards demonstrating one's knowledge of wireless network design, comprising wired & wireless infrastructure, Mobility & WLAN high availability, and site surveys. This is an excellent certification exam for the mobility network engineers and wireless site survey engineers who are typically engaged in implementation, network design, and planning. It is also apt for those professionals who want to build a career in the IT sector, especially in wireless enterprise networking.

Cisco 300-425 ENWLSD Exam Structure

The Cisco CCNP 300-425 ENWLSD syllabus includes four topics from which most or all of the exam questions are taken. These objectives cover Mobility (25%), Wireless Site Survey (25%), WLAN High Availability (20%), and Wired and Wireless Infrastructure (30%). These are the subjects that the applicants should master to pass this exam. You can get mastery over them by enrolling in a training course offered by Cisco's official website. In addition, you can get some valuable and reliable prep resources from many websites: these resources involve study guides, practice tests, videos, and Cisco blogs.

Cisco 300-425 ENWLSD exam comprises 55-65 questions, which need to be completed in a 90-minutes. To pass the exam, you need to obtain a score of 750-850 out of 1000. The exam cost is $300.

Also Read: 300-425, ENWLSD Certification: Study Guide & Career Benefits

You can take the exam in English only. To schedule this exam, you must visit the Pearson VUE platform. You can register for this exam from the official Cisco certification webpage by clicking on the link offered at the bottom of the page.

Your path to Success for CCNP Enterprise 300-425 ENWLSD Certification Exam

What Are the Benefits of Passing the Cisco 300-425 ENWLSD Exam?

There are so numerous benefits of passing the Cisco 300-425 ENWLSD exam. Let's look at them closer.

Acquiring Advanced Skills and Knowledge

The Cisco 300-425 ENWLSD exam equips the applicants with the relevant knowledge and skills to adequately represent the systems of wireless network design for producing a network design solution. It also reveals how the Enterprise Composite Network Model can competently streamline the complications of modern networks. The exam also equips you with the ability to design the enterprise campus in wired and wireless infrastructure modular fashions. It will also allow you to design an enterprise WAN network along with a network addressing plan.

Additionally, this exam is intended to help the applicants know how to choose the ideal routing protocols for a network. Furthermore, CCNP Enterprise 300-425 certification equips them with the expertise to evaluate security solutions for a network. All of these abilities are an essential part of the correct working process of the whole organization. Therefore, organizations want to employ those professionals who own this knowledge.

Enjoy Brilliant Career Opportunities with Cisco 300-425 ENWLSD Certification

Being a Cisco certified professional is something that creates new opportunities for you within your country and overseas. The hiring managers will find your resume appealing, and you will hold a higher chance of acquiring a well-paid job position or get a promotion in your existing company. Adding the CCNP Enterprise certification to your CV will make you stand out from the group. And even if you choose to continue your current job, the skills you will get through Cisco 300-425 exam preparation will help you become more productive in your job role.

Some of the job positions you can follow after passing the Cisco 300-425 exam include the following:

• System Engineer;
• Network Administrator;
• Senior System Administrator.

Conclusion

Cisco 300-425 ENWLSD can be a difficult certification exam if you don't study thoroughly. We recommend that you go through all the details and learn all the topics before sitting for it. Make good use of available study resources to pass this exam and earn the sought-after CCNP Enterprise certificate.

Continue reading

How to Prepare for Cisco 300-410 (ENARSI) Certification?

Cisco ENARSI Exam Description:

This exam certifies a candidate's knowledge for implementation and troubleshooting of advanced routing technologies and services including Layer 3, VPN services, infrastructure security, infrastructure services, and infrastructure automation. The course, Implementing Cisco Enterprise Advanced Routing and Services, helps candidates to prepare for this exam.

Cisco 300-410 Exam Overview:

• Exam Name:- Implementing Cisco Enterprise Advanced Routing and Services
• Exam Number:- 300-410 ENARSI
• Exam Price:- $300 USD
• Duration:- 90 minutes
• Number of Questions:- 55-65
• Passing Score:- Variable (750-850 / 1000 Approx.)
• Recommended Training:- Implementing Cisco Enterprise Advanced Routing and Services (ENARSI)
• Exam Registration:- PEARSON VUE
• Sample Questions:- Cisco 300-410 Sample Questions
• Practice Exam:- Cisco Certified Network Professional Enterprise Practice Test

Related Articles:-

• Cisco 300-410 ENARSI Exam and Practice Tests: Details Not to Be Missed
• Preparing for the Cisco 300-410 Exam: Study Resources
• Upgrade Your Career with New CCNP Enterprise 300-410 Certification
• Sharpen Your Confidence With Practice Test – and Passing Cisco 300-410 Exam Will Be Super Easy

Continue reading

CX Cloud—expertise and insights at our fingertips

Over the years Cisco IT has built many tools to manage support. We had one tool to track subscriptions, another to keep tabs on service contracts, and yet another to view asset lifecycle information. The problem? We spent too much time correlating information scattered across the different interfaces. When we received a security alert on one interface, for instance, we had to go into another interface to identify the affected assets.

Supporting the Cisco network is much more efficient now that we use Cisco CX Cloud. Think of CX Cloud as a one-stop destination for all information we need (Figure 1). No more searching across disparate, unconnected tools. Everything is in one place. CX Cloud is saving us time. Revealing issues we didn’t know about. Helping us more quickly respond to vulnerability alerts to keep the network secure. And giving us new insights into network health.

Figure 1. All support information in one place

I asked Chris Groves, Cisco IT director of network services, how CX Cloud makes his job simpler. Here are his top four:

◉ Monitoring case status (Figure 2). “At the top of my list is how easy it is to see open cases,” Chris told me. “In two clicks I can see every TAC case, who opened it, and whether it’s for firewall, remote access, data center, Cisco Virtual Office, etc. Never underestimate the power of the mundane.”

Figure 2. TAC case status at a glance

◉ Time savings. Before, when we received an advisory about a potential security vulnerability we’d start by identifying all assets at risk. That alone took several hours. Next, we’d figure out the right mitigation steps and plot out our strategy. After that we’d track progress. Along the way we’d use several tools. With CX Cloud, we can easily see all affected assets in one place, along with suggestions for mitigation (Figure 3). If an incident affects 500 assets, just being able to see all of them in one place saves us about 15 hours of work.

Figure 3. Selecting an advisory shows all assets at risk

◉ Faster response to vulnerabilities. Chris likes the convenience of seeing all advisories right on the dashboard—sorted by criticality. For example, field notices about less-important issues, like a button prone to sticking, are listed separately. “We can’t patch everything at once, so we check the CX Cloud dashboard to see which advisories have the biggest impact in our network,” he said.

◉ New insights. If Chris sees that a large portion of cases involve the same product or place in the network, he checks if the support team needs help. He might even suggest a product change to the business unit. He can also spot chronic issues and monitor the results of support initiatives.

As Customer Zero, we influenced the product

Cisco IT was Customer Zero for CX Cloud, meaning that we were the first to use it in production so we could provide input on features and share our experiences with other customers. With our feedback, initial setup time dropped from 6 hours to 30 minutes. We also suggested features on the product roadmap, like the ability to tag advisories with recommended actions and to filter cases by team or product group.

Though we’ve just started using CX Cloud, we’re already seeing the business value. Consolidating support information in one place helps us more efficiently manage our network, keeping it secure and available. As Chris summed it up, “CX Cloud is like having high-touch support right at your fingertips.”

Source: cisco.com

Continue reading

Enable Digital Transformation with Cisco SD-WAN

Cisco SD-WAN unlocks new possibilities with our network infrastructure, the new architecture is replacing the long-established role of the wide-area network (WAN), connecting our users at the branch office location to applications hosted on servers in the datacenters.  

Often VPN (Virtual Private Network) tunnels or Multiprotocol Label Switching (MPLS) were implemented for segregation of data and security. This approached worked well for years, but as our customer moved into a mobile digital application world and their data move to the cloud, a new approached was required. 

It’s a multi-cloud world

We live in a multi-cloud world, where using multiple clouds from multiple providers has become the new normal. Cisco SD-WAN has proven effective in helping Cisco partners accelerate their adoption of multi-cloud environments and drive business solutions for their customers. It helps them manage multiple network providers, ISP circuits, and connect branches to clouds. Cisco SD-WAN allows customers to deliver on-demand branch connectivity to their ISP and cloud providers directly from the SD-WAN controller. 

Model-Driven Programmability

Adding Cisco SD-WAN programmability via the vManage REST APIs has opened even more possibilities for extending automation to any task. Such as:

◉ Template-driven infrastructure deployment service, allowing engineers to define building blocks and create abstractions for the deployments of required sets of resources.  

◉ Update or delete the deployed resources with ease without many changes to the configurations. 

◉ Provisions the reference of one resource definition to another, thus enabling the creation of dependencies and controlling the order of creation of resources. 

Many Cisco partners are leveraging these APIs to create custom automated sequences for managing, monitoring, configuring, and troubleshooting the SD-WAN environment based on their specific needs. 

Getting the details via developer experience

The Cisco SD-WAN API allows Cisco partners to focus more and more on their developer experience. Product managers, marketers, and engineers alike have an interest in evaluating and improving how a developer uses APIs and the benefits they bring. That’s why Cisco DevNet is dedicated to delivering an excellent developer experience with SD-WAN.  It’s a dedication that pays off over many developer interactions, as they use the SD-WAN documentation, sandbox, and other resources. 

Are we doing this right though?

A mentor once told me “Feedback is feedback, no matter if this is valuable feedback or bad feedback. Asking the right people for feedback will help you grow.” Hearing from our DevNet Specialized partners is key to improving the quality and content for Cisco SD-WAN API, and programmability in general. So, when it came to feedback on the SD-WAN Dev Center, I took the opportunity to speak with our DevNet Specialized Partners at the recent API Insights webinar. The webinar – offered exclusively to our DevNet Specialized partners – was focused on the Cisco SD-WAN Dev Center, new plans, and upcoming opportunities.

The webinar featured a live presentation and demo of how partners can execute Cisco SD-WAN REST API calls for role-based access control (RBAC), based on the Resource Groups feature, and how this can be used for Cisco SD-WAN deployments. The presentation showed how this feature helps to simplify network administration, restrict blast perimeter, and meet compliance requirements. 

API Insights webinars are available exclusively to partners who have already achieved their DevNet Specialization. I invite partners to learn more about the DevNet Specialization so they, and their teams, can experience these insights webinar events, and see how being DevNet Specialized can benefit your teams, your business, and the business of your customers.

Source: cisco.com

Continue reading

Complete and continuous remote worker visibility with Network Visibility Module data as a primary telemetry source

Navigating the new normal

Organizations are currently facing new challenges related to monitoring and securing their remote workforces. Many users don’t always use their VPNs while working remotely – this creates gaps in visibility that increase organizational risks. In the past, many organizations viewed these occasional gaps in visibility as negligible risks due to low overall volumes of non-VPN-connected remote work. However, today, that’s no longer the case, as organizations and workers have been thrust into a new “work from home (WFH) era.”. This not only led to an explosion in the need for remote access from anywhere and on anything – effectively expanding threat surfaces and concurrently increasing opportunities for attackers – but – as if that weren’t enough – organizations were also hit with a wide-ranging and prolonged employee activity visibility blackout. This left security teams scrambling to adapt as this sudden “visibility blackout” further exacerbated overall organizational security risk levels.

Read More: 300-410: Implementing Cisco Enterprise Advanced Routing and Services (ENARSI)

Nostalgically remembering the good old days…

Back in olden times, circa late 2019 – back in the heydays of employee-activity visibility via on-premises network monitoring, and way, way back when people’s work-week routines involved commuting to the office, clocking in, logging onto the corporate network, and doing work in between water cooler breaks – organizations using Secure Network Analytics had absolute, total visibility into everything that their employees were doing. Back then, before the WFH era – security teams could instantly glean deep insights into practically everything that was being hosted within, interacting with, and connecting to their corporate networks. And despite these being simpler times, security teams still had to be incredibly agile, up to speed with rapidly changing and evolving technologies, and always ready to react to security incident-related fire drills at a moment’s notice.

Amidst the arms race that is network security, SecOps professionals must always be comfortable with high-pressure situations and fast-paced environments. It just comes with the territory. Plain and simple. It’s a job that requires a thick skin and continuous adaptation. I have always been impressed with security professionals’ ability to embrace such complexity and ambiguity, remain calm and collected, and just focus on the task at hand and execute. And I especially admire the ones that are naturally energized by their work and thrive on it. However, last year’s abrupt exodus away from corporate offices marked a paradigm shift that left even the best security teams in the dark and effectively lent a whole new meaning to the age-old adage, “the only constant is change”.

New WFH blind spots

To illustrate, in today’s new WFH era, whenever remote workers don’t use their VPNs, organizations are 100% blind to what their employees are doing. This prevents security teams from successfully establishing baselines of normal worker behavior and continuously monitoring them, concomitantly preventing them from being able to alert on anomalous activity and hindering their ability to detect certain types of threats. As a result, SecOps teams have been left in the dark and have been finding themselves asking questions like, have any of our users visited malicious URLs? Is anyone exfiltrating sensitive proprietary data? Have any users’ devices been unintentionally compromised and are now demonstrating command and control (C&C) activity? Are we facing compliance-related and broader organizational risks due to employees running outdated and vulnerable operating systems that need to be patched?

Obtaining complete and continuous remote worker visibility with NVM data

To adapt to this modern conundrum, Secure Network Analytics recent release 7.3.1 began to address this whole “WFH visibility blackout conundrum” by making endpoint Network Visibility Module (NVM) data a primary telemetry source to provide organizations with continuity in remote worker monitoring and visibility without requiring NetFlow telemetry to be present. But that was just phase 1 – now, with release 7.3.2, we’ve further extended this capability with the Data Store now supporting all NVM telemetry record collection to offer 100%-complete and continuous remote worker visibility. So now, whenever a user either works on-network or remotely – be it at home or a local coffee shop – and thus off-network without tunneling through a VPN, or if they are optimizing their remote work experience through split tunneling, all their activity is stored locally. With Network Visibility Module data being a primary telemetry source, whenever workers do eventually turn their AnyConnect VPNs back on, the NVM module phones home and sends logs of all their user activities back to Secure Network Analytics.

This gives security practitioners the continuity in visibility that they need by allowing them to monitor remote worker activities through the collection and storage of NVM endpoint records. Security teams can now gain visibility into activities that they were previously blind to, such as:

◉ Downloading and hoarding of large amounts of sensitive company data

◉ Data exfiltration or the sharing of sensitive company data to an external source

◉ Visiting malicious IP addresses and/or inadvertently installing trojans or other malicious processes

◉ Running older operating system versions with vulnerabilities that need patching

Et cetera. The list of potentially suspicious activities goes on, regardless of whether they are unintentional or motivated by an insider that has gone rogue.

Additionally, with Release 7.3.2, customers that are using NVM data along with a Data Store deployment are also gaining the following benefits:

◉ NVM telemetry records can be collected, stored, and queried in the Data Store

◉ New NVM reports that are now available in the Report Builder application

◉ The ability to define customized security events based on NVM data-specific criteria

◉ All Endpoint Concentrator functions are now fully managed by the Flow Collector

Figure 1. A Secure Network Analytics deployment enabled with both the AnyConnect Secure Mobility Client and the Data Store. User endpoints generate NVM data with rich and granular device context – such as IP addresses, host and usernames, machine types and models, which operating systems and versions are running, the processes that launched network connectivity, MAC addresses, hash information, and more – that is all collected and stored in the Data Store.

Extend the zero-trust workplace to anywhere on any device

In fact, not only does deploying the NVM module software meet the challenges outlined above by extending visibility beyond the walls of the enterprise network to enable more efficient remote worker monitoring, but it also extends the zero trust workplace to anywhere globally and on any device by providing security practitioners with visibility into who is online and what they’re doing by capturing additional granular user device context such as IP addresses, host/user names, machine types and models, which operating system and version is running, the processes that launched network connectivity, MAC addresses, hash information in case potentially harmful files are being shared and traversing the network, and more.

Drastically comprehensive and context-rich visibility is simply table stakes in our “new normal”

Despite efforts to begin transitioning back to the office, with some organizations embracing hybrid models going forward, a significant paradigm shift has already occurred – WFH is here to stay. Having pervasive visibility into remote worker activities is no longer a negligible risk that could be ignored. Nor should any NDR solution portray it as a “nice to have” rather than a “need to have” capability. Now, in today’s “new normal,” with users capable of connecting to the enterprise network from literally anywhere and on literally any device, the need for continuity in visibility across all remote activity has never been more pronounced.

Modern problems require modern solutions. Nowadays, organizations need NDR solutions that offer an unparalleled breadth and depth of visibility across their modern, distributed networks. Secure Network Analytics delivers the most comprehensive, granular, and continuous visibility into remote worker activities through the Network Visibility Module, as well as best-in-breed and industry-leading behavioral analytics to alert on suspicious and anomalous network activity.

Source: cisco.com

Continue reading

Cisco Nexus Dashboard: Cloud Operational Platform for Observability

One of the things that used to keep me up at night is that troubleshooting a data center network typically involved multiple disparate teams, each having a different view of the network, user interface, and the applications it supports. Historically, it took probing the network manually with complex questions and use the answers derived from custom scripting, spreadsheets, and CLIs for troubleshooting and remediation.

Read More: 300-815: Implementing Cisco Advanced Call Control and Mobility Services (CLACCM)

And with scaling into the multi-cloud in modern data center fabrics, the size and scope of deployments are growing into hundreds or even thousands of devices. This results in operational complexity, and the cost of managing these devices has exponentially grown as it takes longer to troubleshoot issues using multiple tools and methods. These multiple tools result in disparate user experiences that result in a lot of time and manual processing spent on troubleshooting and tracking critical network events across global networks. It often requires time to hone into misbehaving devices or collect and analyze data across multiple devices. That can result in downtime which quickly becomes expensive.

Traditional data center network management tools and approaches assume a velocity and volume of change that is well below what is enabled by the cloud and is unable to meet the demands of cloud native applications and digital business.

Cisco Nexus Dashboard is designed to automate, monitor, and analyze your network infrastructure. Innovative architectural approaches were implemented to provide automation and visibility at scale. Nexus Dashboard Insights simplifies operations for our customers with a modern, stateless microservices architecture that can scale horizontally, leveraging open-source infrastructure code. Insights delivers dynamic correlation, impact analysis, proactive alerts, failure prediction, and remediation, along with operational data visualization. These capabilities help consolidate the number of operational tools needed and reduces application downtime, Mean Time to Identify (MTTI), Mean Time to Resolution (MTTR), and the operating costs. 

Driving automation and visibility at scale 

Here are the key architectural components of the Nexus Dashboard Insights architecture: 

Collectors: Nexus Dashboard Insights incorporates universal telemetry collectors. These collectors support multiple input plugins for collecting software and hardware telemetry data streamed from networking infrastructure devices like routers, switches, firewalls, and load balancers.  

Data lake: Insights pipeline supports data encoded in JSON or GPB, which gets transformed and stored in a data lake for further processing. Telemetry data from legacy devices that do not support streaming telemetry is retrieved using REST API or SSH and then put into the pipeline for transformation.  

Analytics Engine: The analytics engine pipeline uses a serverless compute model. It handles tasks such as data enrichment, anomaly detection, data aggregation, and resource scoring by splitting them into modular tasks with associated task specifications. These tasks are processed independently, and the results are saved in the distributed data lake.  

Nexus Dashboard Operations Intelligence Platform

Architecture for deep visibility and operational simplicity 

Today, we are leveraging best-in-class AI/ML technologies to automate a number of these tasks which were being done manually on CLIs or using custom python scripts. This has led to powerful forecasting and anomaly detection use cases to generate an alert based on analytics of the time-series network data, paving the path towards proactive and predictive capabilities. 

Insights proactively streams software and hardware telemetry from across the fabric. It uses AI/ML technology to create a network-specific baseline for different Key Performance Indicators (KPIs). These baselines are continuously updated to reflect dynamic network behavior. An anomaly alert is generated when the network state crosses the thresholds band set around the baseline. These anomalies can further trigger user-specified actions such as generating email notifications or auto-remediation.  

Insights has been built on the principle that beyond identifying a problem in the network, there is a strong need to make the complex monitoring of IT operations simple. We embarked on an automation journey starting with taking additional steps to identify the impact caused by the issue/s and the resulting remediation steps.  

We address the architectural demands placed on the modern networks by: 

1. Hardware and software telemetry: Deep expertise in analyzing hardware and software telemetry:  Increases the completeness and accuracy of data that helps monitor, troubleshoot in real-time.  

2. Future-proof support: Future-proof support for infrastructure devices using capabilities specified in Industrywide supported open standards (both existing and in planning stages) 

3. Lead with AIOps: Building closed and continuous feedback loop automation into remediation by utilizing AIOps capabilities. Monitor and root cause issues and scale support needs by leveraging a DevOps toolchain to enable development to be very agile resulting in real-time automated pattern discovery. 

This allows us to automate and manage legacy data-intensive processes while simultaneously embracing new cloud-driven data frameworks. 

Cisco Nexus Dashboard Alerts Summary

Stay tuned to the next set of blogs that will delve into upcoming Nexus Dashboard capabilities and use cases based on this new “built from the ground up” architectural approach. 

◉ One view: With Single Sign-On (SSO) and Role-Based Access Control (RBAC), operate your geographically distributed multi-site environment across multiple Cisco Nexus Dashboard clusters from a single point of control.  

◉ Microburst detection: Insights into network microburst and flows. Expose and locate invisible microbursts, locate congestion hotspots, and protect application performance. 

◉ Anomaly analysis: Solving “Needle in a Timestack” problem for CRC/FCS errors. Compare and contrast time-synced data of multiple parameters to derive a deeper understanding of issues and behaviors.

Source: cisco.com

Continue reading