Tuesday, 5 October 2021

Using Infrastructure as Code to deploy F5 Application Delivery and Cisco ACI Service Chaining

Every data center is built to host applications and provide the required infrastructure for the applications to run, communicate with each other, be accessed by their users from anywhere, and scale on demand.

To achieve this, your data center network must be able to provide different types of connectivity to different applications. This includes east-west connectivity between application tiers, as well as north-south connectivity between users and applications. Both rely on additional application delivery Layer 4 to Layer 7 services like load balancers and web application firewalls.

Cisco ACI and F5 BIG-IP Service Insertion

Cisco ACI’s powerful L4-L7 services redirection capabilities will allow you to insert services and redirect traffic from the source to the destination anywhere in your fabric without needing to change any of the existing cabling. This is where you can insert F5 BIG-IP load balancer, to provide application availability, access control, and security.

Read More: 500-440: Designing Cisco Unified Contact Center Enterprise (UCCED)

This is possible using the Policy Based Redirection (PBR) capabilities of the Cisco ACI fabric by configuring a Service Graph in APIC.

But PBR policy and Service Graphs entail a series of manual configurations. This can be tedious, error prone, and inefficient especially if the same configuration happens very often. On top of that, the configuration of the BIG-IP service itself requires information from the Cisco ACI Service Graph.

Simplified Service Insertion with Cisco and F5

This is why Cisco partnered with F5—a leader in the application delivery and web application firewall space around the Cisco ACI and the F5 BIGIP solutions—to simplify the deployment of F5-powered L4-L7 services using the F5 ACI ServiceCenter App for APIC.


This integration simplifies management of Virtual sever configuration on F5 BIG-IP and Service Graph configuration on Cisco ACI by providing a simple user-friendly UI.

In this blog, we will discuss an evolution of this integration for customers looking at Infrastructure as Code as the means to automatically deploy both Cisco ACI network infrastructure configuration and BIG-IP L4-L7 services for their applications and looking for opportunities to start progressing in their IaC journey.

End-to-End Service Insertion Automation with Infrastructure as Code


As a reminder, Infrastructure as Code is a journey that you can embark at different stages depending on your existing automation knowledge and needs. The goal of this journey is to translate manual tasks into reusable, robust distributable code and apply software development techniques such as version control (git), automated testing and CI/CD to achieve those goals.


The first step in an Infrastructure as Code journey is to start by selecting a language or a toolset to express our intent for our Infrastructure as actual code. For this integration, we decided to join forces with HashiCorp, the leader in infrastructure automation and a shared partner of Cisco and F5 and chose HashiCorp Terraform as the Infrastructure provisioning tool and using HCL (HashiCorp Configuration Language) to define service configuration as our code.

F5 and Cisco both have verified HashiCorp Terraform providers, making it easy to create the needed configuration on both sides using HCL (HashiCorp Configuration Language) as our code.

To further simplify automation of the numerous configuration items, Cisco and F5 have worked together on a set of Terraform modules which provide best practices defaults for most of the configuration items and allow users to override specific items of the configuration.

By providing a single workflow, all the dependencies are taken care of, and the usage of the overall solution is simplified. Modules also defines outputs that can be passed from one module to the next and modules can depend on each other to represent the dependency relationship they have with each other.

As part of this solution, a simple workflow with 3 Terraform modules has been created:


◉ The Cisco ACI Service Graph Terraform module allow the user to create and deploy a complete service graph for Policy-Based Redirection (PBR) with the required bridge domains and other necessary constructs as documented in the Cisco ACI Policy-Based Redirect Service Graph Design white paper

◉ The F5 BIG IP VLAN Self IP Terraform module configures the interfaces of the BIG-IP (physical or virtual) facing the ACI fabric with the correct VLANs, and Self-Ips configuration.

◉ The F5 BIG IP AS3 HTTP Service Terraform module configures an HTTP Service using F5 Application Services 3 extension (AS3) to provide a load balancing function with a specific Virtual server (VIP) and the recommended configuration when used in conjunction with Cisco ACI PBR.

Instantiation of the modules allows the user to pass the parameters necessary and use default parameters for the rest of the configuration hiding all their internal complexity to the user. The following is an example of the instantiation of the different modules and their dependencies:

module "cisco-aci-service-graph" {
    source = "./modules/service-graph-lb-pbr"
    tenant              = var.aci_tenant
    vmm_provider_dn     = var.aci_vmm_provider_dn
    vmm_domain_name     = var.aci_vmm_domain_name
    vmm_controller_name = var.aci_vmm_controller_name
    vm_name             = var.aci_bigip_vm_name
    vnic                = var.aci_bigip_vnic
    device_name         = var.aci_bigip_device_name
    device_mac_address  = var.aci_bigip_provider_mac
    device_ip_address   = var.selfip_int
    provider_bd_subnets         = var.aci_provider_bd_subnets
    consumer_bd_subnets         = var.aci_consumer_bd_subnets
    provider_service_bd_subnets = var.aci_provider_service_bd_subnets
    consumer_service_bd_subnets = var.aci_consumer_service_bd_subnets
}

module "bigip_vlan_selfip" {
    source       = "./modules/vlan_selfip"
    vlan_int_tag = replace(module. cisco-aci-service-graph.internal_vlan, "vlan-", "")
    vlan_ext_tag = replace(module. cisco-aci-service-graph.external_vlan, "vlan-", "")
    selfip_int   = var.selfip_int
    selfip_ext   = var.selfip_ext
}

module "as3_http_app" {
    source      = "./modules/as3http"
    server1     = var.server1
    server2     = var.server2
    vip_address = var.vip_address
    snat        = var.snat
}

You can see that the “bigip_vlan_selfip” module uses the output of the cisco-aci-service-graph module to pass the VLAN automatically derived from the ACI VMM domain integration. This removes the need to statically define a VLAN and allow the reuse of this plan over and over. You can also see that the module definition uses a lot of variables creating a reusable piece of code that can be instantiated multiple times with different sets of variables.

With this joint solution, deploying BIG-IP application services on an ACI network infrastructure with a Terraform workflow and applying Infrastructure as Code principles, can greatly simplify, automate, optimizes, and accelerate the entire application deployment lifecycle in turn improving time to value.

To better collaborate with other members of your organization on provisioning this solution, HashiCorp Terraform Cloud can be used to provide remote state storage allowing your state file (which provides a system of record for what you have provisioned) to be stored securely and remotely.

Monday, 4 October 2021

Is the CCNP Enterprise 300-410 ENARSI Certification Worth It?

Listing the CCNP Enterprise certification on your resume demonstrates that you possess the skills required to work competently with enterprise networking solutions. The core focus of this certificate is that you can take it according to your choices. That is why it includes the core exam, which any applicant should take, and six concentration exams to let the applicants select their field of specialization. Cisco 300-410 ENARSI: Implementing Cisco Enterprise Advanced Routing and Services is one of these exams and one of the most sought-after picks among the exam takers.

Details of Cisco 300-410 ENARSI Exam

The area of specialization of this Cisco CCNP Enterprise 300-410 ENARSI exam includes the details of the implementation process needed for Cisco enterprise advanced routing and services.

Cisco 300-410 Exam Includes the Following Topics:

  • Layer 3
  • VPN services
  • Infrastructure security
  • Infrastructure services
  • Infrastructure automation

To know all the exam syllabus topics in detail, click here. Cisco 300-410 ENARSI exam comprises 55-65 questions answerable in 90 minutes. So, to deal with all the questions, you must work on your time management and exam-taking skills. Cisco 300-410 ENARSI exam is available in Japanese and English languages.

Reasons to Opt for Cisco 300-410 ENARSI Exam

Reasons to opt for this certification exam is that it fetches incredible benefits. The core benefit is the skills you acquire. If you prefer to opt for this exam, upon passing this exam, you will get the following skills:

  • MPLS operations, comprising LSR, LSP, label switching, and LDP;
  • Bidirectional Forwarding Detection;
  • BGP, OSPF, and EIGRP;
  • Route reflector;
  • IPv6 First Hop security features;
  • Neighbor relationship & authentication;
  • SNMP & NetFlow.

Also, if you prepare with great deliberation and master all the required topics, you will be able to carry out the following tasks:

  • Troubleshooting device management;
  • Configuring policy-based routing;
  • Troubleshooting administrative distance;
  • Verifying VRF-Lite;
  • Troubleshooting possible network problems with the use of the Cisco DNA Center assurance;
  • Configuring and verifying DMVPN;
  • Troubleshooting manual & auto-summarization with any routing protocol;
  • Troubleshooting control plane policing;
  • Troubleshooting the network performance issues with the use of IP SLA.

These are just a few of the skills you learn and the expertise you get if you go for the 300-410 ENARSI exam. Of course, it all depends on the skills you need for your job role, not the positions that require these.

A Brief Overview of Cisco 300-410 ENARSI Exam Preparation

Passing this Cisco exam can be difficult in some cases, but you can make it a lot easier by using appropriate study resources. There are plenty of study materials you can find online for Cisco exam preparation, but you should begin with the official resources provided by the Cisco website. Cisco offers many study resources, such as training courses, labs, study guides, and much more. Apart from this, you can also go for practice tests offered by NWExam.com. It would be best not to underestimate the importance of practice tests because they will take you a long way no matter what you do.

Preparing for the Cisco 300-410 Exam: Study Resources

Attempting Cisco 300-410 ENARSI practice tests will impart you an idea about the actual exam and the kind of questions to expect.


Benefits of Passing Cisco 300-410 ENARSI Exam

Passing the core 350-401 ENCOR and the 300-410 ENARSI exams gives you the CCNP Enterprise certification. This is one of the vital benefits of clearing this exam. Other benefits are listed below:

1. Cisco 300-410 ENARSI Certification Makes you More Employable

Cisco 300-410 certified professionals are way more employable than their non-certified peers. With the CCNP Enterprise certification, which you achieve after passing the 300-410 exam, you will have an advantage over other candidates who are not certified. The potential organizations will acknowledge you first for the position they offer.

2. It Confirms Your Skills

Passing Cisco 300-410 exam confirms that you have the knowledge and skills required to implement and troubleshoot advanced routing technologies and services. The certification will demonstrate to the employers that you can execute and troubleshoot Layer 3, infrastructure services, and VPN services. And a lot of organizations require professionals with such skills.


Upgrade Your Career with New CCNP Enterprise 300-410 Certification

3. It Boosts Your Knowledge

The Cisco 300-410 exam is not just about passing it and becoming certified. Still, it is a superb way of obtaining high-level knowledge in executing and troubleshooting the most advanced technologies and services. By going through the diligent preparation method, you will learn a lot along the way.

Conclusion

Choosing which concentration exam to take is what you need to do if you receive the certification that will suit your job role. That is why Cisco offers six options to make your resume stand out, and choosing one of the exams can earn your certificate different from the certifications of other candidates. So, if Cisco 300-410 is the exam you require, prepare for it with great deliberation and deal with it with an excellent score with the help of a practice test.

Saturday, 2 October 2021

Using INFRAM to Modernize Today’s Healthcare

Cisco Prep, Cisco Tutorial and Material, Cisco Learning, Cisco Guides, Cisco Preparation, Cisco Study Materials

Healthcare has been digitally transforming during the past several years, but it is now happening at such speed and scale, it is driving convergence of technology and business strategies like never before. From demands on clinicians to integrate technology into their workflows and leverage data insights in real-time, to patient expectations to use a myriad of digital tools throughout their care journey, the need to modernize healthcare is here.

Read More: 350-901: Developing Applications Using Cisco Core Platforms and APIs (DEVCOR)

Today, healthcare organizations invest heavily in infrastructure, along with multi-year network support plans. But much of these investments remain shelf ware without a roadmap for implementation and adoption. A foundational digital infrastructure is key to building a digital healthcare system – one that focuses on the outcomes of the individual, connects all areas of the organization, and provides care when, where and how it is needed, safely and securely.

To support the rising demands for connected digital ecosystems, healthcare leaders need to evaluate their current infrastructure and its ability to support future workloads. INFRAM can help.

What is INFRAM?

The Infrastructure Adoption Model (INFRAM) assesses and maps technology infrastructure capabilities required to reach clinical and  strategic goals while meeting international benchmarks and standards. The assessment is a global eight-stage (0-7) model for reviewing infrastructure adoption and capabilities maturity. By using the adoption model, healthcare providers can help improve care delivery, reduce cyber and infrastructure risk, and create a pathway for infrastructure development tied to business and clinical outcomes.

Cisco Prep, Cisco Tutorial and Material, Cisco Learning, Cisco Guides, Cisco Preparation, Cisco Study Materials

INFRAM Architectural domains and capabilities:


◉ Transport: Software-defined network across the hospital campus
◉ Mobility: High-availability wireless with services supporting data, voice, video, location, and beyond
◉ Collaboration: Secure, reliable video, voice, and text– enabling better clinical communications
◉ Security: Intelligent automation– enforcing policies for network access and device management
◉ Data Center: On-premises, enterprise-wide hybrid cloud application and automation

The INFRAM Value: Digitally Transformed Healthcare Organizations


INFRAM Maturity Readiness Services give healthcare leaders a clear path to assess the infrastructure needed to drive successful outcomes within their organizations. Depending on gaps identified with an INFRAM assessment, detailed design and execution plans are developed, including KPIs for measuring value and outcomes. This includes:

◉ Optimized Applications Experience: Experience is a new measure for defining a value-based care organization. The data that applications capture will enable transformation and using that data to optimize workflows and operations will drive growth and profitability. The more you see, the more you solve. The more you solve, the more resilient and agile your healthcare organization becomes.
◉ Application Enablement: This includes the development, design, and facilitation of:

   ◉ Reimagined Applications: running in hybrid combinations (on-premise, cloud and multi-cloud environments) that allow for flexible distribution of workloads and data, based on the strategic and tactical needs of the organization.
   ◉ Flexible and Inclusive Hybrid Work: an environment that leverages communications and collaboration platforms and supports clinical collaboration experiences​.
   ◉ A Secure Enterprise: based on an automated, security policy-governed network, with integrated solutions for identity and access management.
   ◉ A Cross-architecture, Integrated Infrastructure: to support transformative and consistent experiences with an end-to-end Campus, WAN and data center design and implementation, based on Software Defined Networking.

Additionally, healthcare organizations reap other benefits by leveraging INFRAM, such as  IT and business alignment, budget planning and assistance with comprehensive strategic and readiness plans, support for acquisition evaluation and negotiations, and the ability to leverage existing product investments for quick gains.

Cisco’s Customer Experience INFRAM Program


Since the inception of the INFRAM model in 2018, Cisco has worked closely with HIMSS as a key collaborator on the pilot program, along with other organizations from around the world. So, it was only natural that Cisco was the model’s first Certified Partner, engaging and assisting our clients in advancing through maturity model stages. Today, our Customer Experience (CX) team in the Americas delivers two INFRAM services.

INFRAM Assessment


This service delivers two reports focusing on:

◉ Strategy and Outcome Alignment that gathers the evidence needed to create compelling business cases for investment, linking stakeholder experiences, outcomes, and technology.

◉ Assessment and Gap Analysis that includes an analysis and actionable project plan to identify and remediate capability gaps in the technology infrastructure.

INFRAM Planning


This offer provides strategy roadmaps aligned to a costed program delivery plan, and includes:

◉ A 12–36-month blueprint and investment schedule tailored to infrastructure, systems and applications transformation that aligns business strategies and outcome to technical capabilities.       

By using INFRAM as a strategic blueprint, healthcare providers can help improve care delivery, reduce cyber and infrastructure risk, and create a pathway for infrastructure development tied to rapidly evolving business and clinical outcomes. This helps ensure that healthcare organizations are better prepared to leverage fully digital infrastructures to meet the patient care needs of today and tomorrow.

Thursday, 30 September 2021

Be Successful In Your CCNP Enterprise 300-420 ENSLD Exam Preparation

Making it viable for professionals to prefer what they want to specialize in is excellent. Cisco extends many opportunities to anyone who wants to get a qualification in a definite area of networking technology. One of the leading fields is learning how to design Cisco-based enterprise networks. With the Cisco CCNP Enterprise 300-420 ENSLD exam, the applicants can acquire skills allowing them to accomplish these tasks efficiently. You need to know more about this certification exam and what it signifies to you as an IT-based professional. This article was drafted precisely to give you guidelines for this Cisco CCNP Enterprise exam. So, keep on reading.

Why Should You Obtain Cisco Certifications?

Being the industry leader in providing Networking certifications, Cisco fetches many benefits that you can relish after passing its exams.

Above all, you will obtain knowledge and skills that will help you perceive your field far and wide. The Cisco program offers you renewed and structured practice that will help you boost confidence in your work and skills. Another benefit is adaptability, as with the gained skills, you will reinforce your current strengths and explore new interests. And this leads you to one more benefit – excellent job opportunities.


Cisco 300-420 ENSLD Exam: Your Way Towards CCNP Enterprise Certification

You will be acknowledged as a worthwhile and successful worker in the eyes of any organization. Being a responsible person who wants to flourish in their career will lead you to your career development. And ultimately, all these benefits give you two other benefits: great opportunities and higher pay packages.

Information About Cisco 300-420 ENSLD Exam

This is the app time for any professional who aspires to coordinate their skills with the networking demands of the job market. Cisco 300-420 ENSLD, also termed Designing Cisco Enterprise Networks, is the appropriate Cisco certification exam for you.

For the CCNP certification, this is the second exam you will have to take. The first one is the Cisco 350-401 ENCOR exam. It leads you through core enterprise technologies. And 300-420 ENSLD, which you can prefer from six other exams, helps you concentrate on a technology area of your preference. It is, hence, an elective exam, also called a concentration exam.

Cisco CCNP Enterprise 300-420 ENSLD Exam Preparation

To get through any exam, you have to study for it by understanding what this exam involves. Studying its topics is the best place to begin. The Cisco 300-420 ENSLD exam assesses your skills and knowledge in enterprise-based design.

The Cisco 300-420 ENSLD exam topics you need to learn to involve:

  • Advanced addressing as well as routing solutions;
  • Advanced campus networks for enterprise;
  • WAN targeting enterprise networks;
  • Network-based services;
  • Automation.

To study all the objectives thoroughly before the exam day, you require to develop a study plan that will suit you. It is all going, to begin with, your frame of mind and your prospects. Make sure you coordinate your perceptions and expectations well with the exam prerequisites. Seek to know everything that means for this explicit exam. This involves topics and what study materials to obtain. All the details about the exam structure and study materials are available on the Cisco official website. This will give an explicit idea of what to expect in an actual exam. It is also created in a way to direct you to the right way of preparation.

Moreover, before sitting for the Cisco 300-420 certification exam, you require to reach your study goals. These are the goals you established before starting the preparation process. They should cover your intention, time, and prospects. Your core task here is to pass the exam. Accomplishing it demands dedication and the use of materials that endorse your study goals.

One of the best resources to utilize for Cisco 300-420 ENSLD exam preparation is to enroll in a training course offered by Cisco itself.

Another best means for this certification exam preparation is to practice the concepts you learn practicing in labs. The hands-on method guarantees you master all the expected skills. This is how you can be qualified to get through your exam and do well in your future tasks.

Also Read: Ease Your Way Towards the CCNP Enterprise 300-420 ENSLD Exam

To reinforce your preparation, you must take 300-420 ENSLD practice tests. This method has been verified to work with most exam applicants. They help you get a comprehensive idea of the real exam and know where you require to improve or study more. This will help you improve your time management skills and gives you the vibe of an actual exam environment.

You can also avail other study resources such as study guides, online videos, online forums, and blogs. All the resources are easily available on the Internet so that you can complement your learning.

If you make the most out of the available study resources, you will get a flying score in your Cisco 300-420 ENSLD exam. The official training courses, study guides, practice tests, hands-on labs, blogs, and online forums are designed to get the most out of your preparation.

Conclusion

Achieving success in any field, together with your professional life, is what it means. The Cisco CCNP Enterprise 300-420 exam assures that you gain the necessary IT skills. Passing this certification test will draw many benefits. One of them is amazing job opportunities as an enterprise network design expert. Your outstanding skills will ensure your success in your career. Get ready to take your networking career a step further with this Cisco CCNP Enterprise exam!

Redefining the Cost Models for APAC Broadband Operators

SP360: Service Provider, Cisco Preparation, Cisco Learning, Cisco Career, Cisco Guides, Cisco Exam Prep, Cisco Certification, Cisco Study Materials

In a market approaching 5.7 billion mobile subscriptions in 2021, broadband can sometimes feel to play second fiddle in Asia & Oceania (Omdia). However, 670 million broadband subscriptions are nothing to be sniffed at – especially in a region with hundreds of millions more underserved or unserved at all.

More Info: 350-901: Developing Applications Using Cisco Core Platforms and APIs (DEVCOR)

The global pandemic only exacerbated the need for high-quality fixed broadband services. For consumers, this was driven by the need to access digital healthcare, education, and entertainment services – in 2020 alone Omdia calculates Asia and Oceania OTT video subscriptions rose by 22 percent to more than 550 million. For service providers, the massive rise in this video and digital content traffic means they need more scalable broadband networks to deliver the best broadband services and to better supplement mobile networks which are also under strain from rises in data-intensive video and digital services. Operators also need their infrastructure deployments to be more cost-efficient to connect the millions still to be connected in the Asia & Oceania region.

SP360: Service Provider, Cisco Preparation, Cisco Learning, Cisco Career, Cisco Guides, Cisco Exam Prep, Cisco Certification, Cisco Study Materials
The Asia & Oceania broadband subscribers are generally concentrated in high broadband penetration markets like China, Japan, & South Korea, but there is plenty of potential in low penetration countries like India & Indonesia with broadband penetration rates below 20%.

This pressure on operators to build out and improve the operations of their broadband networks comes at a time when they are moving towards distributed and cloud-native network architectures, as part of the latest iteration of Network Functions Virtualization (NFV) and software-defined networking (SDN). The development of these technologies was originally focused on core network functions, but are now becoming more common closer to the edge.

One such development is in Broadband Network Gateways (BNGs). Traditionally BNGs have been hardware-centric solutions, appliances with tightly coupled hardware and software. If operators needed to scale a deployment they would deploy more BNG appliances. To keep up with anticipated demand this model necessitates service providers to plan and deploy BNG nodes months or years in advance of expected demand.

Cloud-native BNG solutions promise to change these cost dynamics in two key ways:

◉ Disaggregation of hardware from software
   ◉ Provided operators have the deployed hardware infrastructure in place they can spin up BNG software licenses as required to meet demand, reducing upfront investment costs, and time to revenue for BNG solutions.
   ◉ There is the potential to re-purpose existing BNG hardware appliances or use commoditized hardware to maximize existing BNG investments, rather than having to rip & replace all existing hardware.
◉ Implementation of Control /User Plane Separation (CUPS) architecture
   ◉ This allows operators to simplify BNG configuration by only configuring a handful of BNG control plane nodes to manage the potentially 100s of BNG user plane BNG nodes that make up the network.
   ◉ This leads to greater levels of network automation, supporting streamlined OPEX, and greater levels of network optimization to provide a better quality of service for end-users.

Figure 2 shows an example of what a cloud-native BNG solution deployment could look like. From these changes in cost dynamics, Omdia believe there is scope for total cost of ownership (TCO) savings vs traditional deployment models in the region of 10-30% over a five-year period.

SP360: Service Provider, Cisco Preparation, Cisco Learning, Cisco Career, Cisco Guides, Cisco Exam Prep, Cisco Certification, Cisco Study Materials
Figure 2. Example of distributed deployment and a cloud-native BNG stack

To achieve these savings operators do need to prioritize investment in supporting skillsets to manage and automate cloud-native BNG solutions. These investments will in time make a clear difference to the deployments themselves and the wider business as operators look to orchestrate and automate cloud-native network solutions across network domains. Telenor is an example of an operator who is beginning to reap the benefits of broad skillset and organizational investment in the context of their network transformations. In 2019 Telenor reskilled approximately 6.4% of its employees, investing in virtualization, cloud, automation, and other adjacent technical skillsets. This supported an OpEx decrease of 7% YoY on a constant currency basis in 2020 (excluding figures from Telenor’s acquisition of Finland’s DNA).

The Omdia “Evolution of the BNG in Asia and Oceania” white paper focuses on the changing nature of BNG solutions and what they mean for operator cost models and the ability to develop services to support new revenue streams.

Tuesday, 28 September 2021

Mitigating Dynamic Application Risks with Secure Firewall Application Detectors

Cisco Secure Firewall Application, Cisco Preparation, Cisco Learning, Cisco Guides, Cisco Career, Cisco Tutorial and Materials

As part of our strategy to enhance application awareness for SecOps practitioners, our new Secure Firewall Application Detectors portal, https://appid.cisco.com, provides the latest and most comprehensive application risk information available in the cybersecurity space. This advance is important because today’s applications are not static.

Read More: 500-450: Implementing and Supporting Cisco Unified Contact Center Enterprise (UCCEIS)

In fact, applications are continuously evolving as new technologies and services emerge. This dynamic space creates new cybersecurity challenges like continuous changes to application relationships and hierarchies. This unstoppable dynamic creates blind spots that often increases risk.

Secure Firewall users are entitled with their base license to Application Visibility & Control for:

◉ Network traffic discovery with application-level insight

◉ Analyzing and report on application usage

◉ Classify and manage application sessions (including web browsing, multimedia streaming, and peer-to-peer applications)

◉ Monitor application usages and anomalies

◉ Build reporting for capacity planning and compliance

◉ Enforce quality-of-service (QoS) policies and service guarantees for latency-sensitive applications (such as voice over IP [VoIP] and interactive gaming)

◉ Implement fair-use policies and manage network congestion by optimizing application-level traffic

The unique capabilities available in Secure Firewall Application Detectors provide insight into application protocols such as:

◉ HTTP and SSH, which represent communications between hosts.

◉ Clients, like web browsers and email applications, which run on endpoints.

◉ Web applications, including MPEG video and social media, which comprise content or requested URLs for HTTP traffic.

In addition, you can leverage the relevant application data available within the portal to write and tune effective security policies based on specific application identification fields. For each application listed, the user can find the following details distributed across six fields:

◉ Application Name

◉ Description – A brief description of the application.

◉ Categories – A general classification for the application that describes its most essential function. Example categories include web services provider, e-commerce, ad portal, and social networking.

◉ Tags – Predefined tags that provide additional information about the application. Example tags include webmail, SSL protocol, file sharing/transfer, and displays ads. An application can have zero, one, or more tags.

◉ Risk – The likelihood that the application is used for purposes that might be against your organization’s security policy. The risk levels are Very High, High, Medium, Low, and Very Low.

◉ Business Relevance – The likelihood that the application is used within the context of your organization’s business operations, as opposed to recreationally. The relevance levels are Very High, High, Medium, Low, and Very Low

Cisco Secure Firewall Application, Cisco Preparation, Cisco Learning, Cisco Guides, Cisco Career, Cisco Tutorial and Materials

Furthermore, the new Secure Firewall Application Detectors website offers web application sorting capabilities, providing insight on relationship/hierarchy between applications and an intuitive advanced searching engine using any of these existing fields, or the simplicity and flexibility provided by keyword searching.

Cisco Secure Firewall Application, Cisco Preparation, Cisco Learning, Cisco Guides, Cisco Career, Cisco Tutorial and Materials

The new site is publicly available from any device with internet browsing capabilities, and assists users with rapid identification of web applications as key artifacts leveraged for security operations use cases such as:

◉ Detection of malicious or abusive use of applications, protocols, ports.

◉ Ability to research across applications using similar protocols, ports, or behaviors.

◉ Initial layer for a defense in depth strategy providing protection for web applications (XSS, CSRF, etc) based on network artifacts.

◉ Securing vulnerable applications whose source codes are not reviewed properly or are unpatched and may leave an open door for communication exploits.

◉ Applying hot fixes for newly discovered vulnerabilities in applications that are using unexpected communication ports, protocols.

Cisco Secure Firewall Application Visibility and Control is constantly adding application detectors through the Cisco Vulnerability Database (VDB). VDB is a central repository of known vulnerabilities, as well as fingerprints for operating systems, clients, and applications. The Secure Firewall Application Detectors website is powered by VDB and assists users in quickly determining if a particular application increases the risk of compromise.

The accuracy and maintenance of VBD is advanced by the new portal, as users can easily submit new application detector requests and add customized applications into the database, or even dispute the risk categorization of already registered applications. The submission request is easily accessible from the website.

Cisco Secure Firewall Application, Cisco Preparation, Cisco Learning, Cisco Guides, Cisco Career, Cisco Tutorial and Materials

Saturday, 25 September 2021

Automating AWS with Cisco SecureX

Cisco SecureX, Cisco Exam Prep, Cisco Tutorial and Material, Cisco Learning, Cisco Guides, Cisco Study Material, Cisco Career

The power of programmability, automation, and orchestration

Automating security operations within the public clouds takes advantage of the plethora of today’s capabilities available and can drive improvements throughout all facets of an organization. Public clouds are built on the power of programmability, automation, and orchestration. Pulling all of these together into a unified mechanism can help deliver robust, elastic, and on-demand services. Services that support the largest of enterprises, or the smallest of organizations or individuals, and everywhere in between.

Providing security AND great customer experience

The success of the major public cloud providers is a testament itself to the power of automation. Let’s face it, Cyber Security isn’t getting any easier, and attackers are only getting more sophisticated. When considering the makeup of today’s organizations, as well as those of the future, a few key points are worth consideration.

Read More: 500-173: Designing the FlexPod Solution (FPDESIGN)

First, the shift to a significantly remote workforce it here to stay. Post-pandemic there will certainly be a significant number of employees returning to the office. However, the flexibility so many have gotten used to, will likely remain a reality and must be accounted for by SecOps teams.

Secondly, physical locations, from manufacturing facilities and office space, to branch coffee shops, not everything has the ability to go virtual and we, as security practitioners, are left with a significant challenge. How do we provide comprehensive security, alongside seamless customer, and top-notch user experience?

Clearly the answer is automation

Cisco SecureX, Cisco Exam Prep, Cisco Tutorial and Material, Cisco Learning, Cisco Guides, Cisco Study Material, Cisco Career
The SecureX AWS Relay Module consolidates monitoring your AWS environment.

Leveraging the flexibility of Cisco’s SecureX is a great place to begin your organization’s cloud automation journey. Do this by deploying the SecureX AWS Relay Module. This module immediately consolidates monitoring your AWS environment, right alongside the rest of the security tools within the robust SecureX platform. Within the module are three significant components:

◉ Dashboard tiles providing high level metrics around the infrastructure, IAM, and network traffic, as a means of monitoring trends and bubbling up potential issues.

◉ Threat Response, with features that facilitate deep threat hunting capabilities by evaluating connection events between compute instances and remote hosts, while also providing enrichment on known suspicious or malicious observables such as remote IP addresses or file hashes.

◉ Response capabilities allow for the immediate segmentation of instances as a means of blocking lateral spread or data exfiltration, all from within the Threat Response console.

Cisco SecureX, Cisco Exam Prep, Cisco Tutorial and Material, Cisco Learning, Cisco Guides, Cisco Study Material, Cisco Career
The SecureX enterprise grade workflow orchestration engine offers low or no-code options for automating your AWS, environment

Customizable automaton and orchestration capabilities


The SecureX Relay Module provides some great capabilities, however there are many operations that an organization needs to perform that fall outside the scope of its native capabilities. To help manage those, and provide highly customizable automaton and orchestration capabilities, there is SecureX Orchestration. This enterprise grade workflow orchestration engine offers low or no-code options for automating your AWS, environment and many, many, more.

Cisco SecureX, Cisco Exam Prep, Cisco Tutorial and Material, Cisco Learning, Cisco Guides, Cisco Study Material, Cisco Career

SecureX Orchestration operates by leveraging workflows as automation mechanisms that simply go from start-to-end and perform tasks ranging from individual HTTP API calls, to pre-built, drag and drop, operations known as Atomic Actions. These “Atomics” allow for the consumption of certain capabilities without the need to manage the underlying operations. Simply provide the necessary inputs, and they will provide the desired output. These operations can be performed with all the same programmatic logic such as conditional statements, loops, and even parallel operations.

Cisco SecureX, Cisco Exam Prep, Cisco Tutorial and Material, Cisco Learning, Cisco Guides, Cisco Study Material, Cisco Career
Libraries of built-in Atomics (including for AWS) let you conduct custom operations in your cloud environment through simple drag and drop workflows.

Included with every SecureX Orchestration deployment are libraries of built-in Atomics including a robust one for AWS. From operations such as getting metrics, to creating security groups, or VPC’s, a multitude of custom operations can be conducted in your cloud environment through simple drag and drop workflows. Do you have a defined process for data gathering, or routine operations that needs to be performed? By creating workflows, and assigning a schedule, all of these operations can be completed with consistency and precision, freeing up time to address additional business critical operations.

Cisco SecureX, Cisco Exam Prep, Cisco Tutorial and Material, Cisco Learning, Cisco Guides, Cisco Study Material, Cisco Career

A more effective SecOps team


By combining built in SecureX Orchestration workflows with additional custom ones critical to your organizations processes, end-to-end automation of time sensitive, business critical tasks can be achieved with minimal development. Used in conjunction with the SecureX AWS Relay module, and your organization has at its disposal a fully featured, robust set of monitoring, deployment, management, and response capabilities that can drastically improve velocity, consistency, and the overall effectiveness of any organizations SecOps team.