Emerging trends in IoT gateway and edge application management in a cloud native paradigm

The COVID-19 pandemic has thrust the world into an era of massive digital business transformation across industries like manufacturing, utilities, smart cities, oil and gas, and transportation. To meet these new challenges and keep business operations running smoothly, we need cost-effective solutions. Traditionally, IoT solutions were typically used to reduce operational expenses and increase operational equipment efficiency (OEE). With the onset of the pandemic however, the need for managing business operations remotely across these IoT verticals has increased rapidly. This has led to a sudden, unprecedented shift towards an increased adoption of cloud native IoT management applications hosted by public cloud providers in partnership with IoT SaaS vendors. An example for such a use case is remotely managing operations of IOT gateways and edge compute applications deployed on a manufacturing floor. This migration from having personnel onsite managing and accessing devices, IoT gateways, and edge compute applications to remote cloud based management brings a new set of IoT security challenges that are primarily seen in a cloud native application. While cloud native applications are considered reasonably secure in general, there is still room for improvement. Containers, orchestrators, and APIs present in an application’s surrounding infrastructure represent new attack surfaces. In addition to the cloud service itself, each of these layers has an array of user-defined configuration settings intended to help users apply their security policies. This manual configuration is often fraught with opportunities for user error and misconfiguration, opening the IoT applications to potential security attacks.

In addition, new technology and architectural trends are emerging within the functionality of IoT management applications. These new trends change the way gateway management, security, and network management is done for IOT networks. They also alter how edge compute applications run on IoT gateways and integrate with public cloud-based platforms like Amazon Web Services, Microsoft Azure, and Google Cloud. In this technical blog we will discuss some of the emerging architectural trends in the IoT industry. They are classified as the six critical pillars of cloud native IoT management application in a hybrid cloud and multi cloud environment:

◉ Compute scalability

◉ High frequency data processing

◉ Low latency data processing

◉ Robust data processing pipeline

◉ Variety of IoT protocols

◉ Cloud native IoT messaging service

We will discuss these six critical pillars further in detail, but first let’s look at the challenges they are solving.

Challenges of distributed edge IoT data infrastructure

Distributed edge computing makes sense for a variety of use cases in IoT applications. Consider the following challenges with a cloud native integration for the distributed IoT edge:

◉ Bandwidth – traditionally the available WAN network bandwidth is a focus for data centers. However, this focus will shift towards IoT edge computing use cases as many distributed edge IoT deployments emerge.

◉ Latency tradeoff – some IoT use cases would experience increased latency if data processing happened in a cloud or fog layer and there should be a tradeoff to do it in a distributed edge paradigm.

◉ Heterogeneity– in a cluster of gateways deployed at the edge, heterogeneous compute capability of these individual gateways could affect the overall efficiency by adding dissimilar components to handle tasks for the edge compute scenario.

◉ Transparency– conceals the separated components in a distributed edge network to allow the disparate pieces to work in sync.

◉ Concurrency– allows several IoT clients to access shared resources at the edge, which creates concurrent access related problems.

◉ Security– is simpler when all compute resources are consolidated in a centralized data center but not in a distributed edge as in IoT network architectures.

◉ Backup – of dispersed IoT data requires new data protection strategies in a distributed edge IoT to cloud data pipeline paradigm.

5G enabled IoT applications require a highly dynamic response from the end to end IoT system, which creates the need for a distributed event driven edge compute service. To meet these demands, IoT application developers need a flexible and agile development environment like the cloud native approach to quickly create event driven edge compute applications running on IoT gateways. However, introducing such a cloud native approach can come with its own challenges. Take for example fleet management use cases. IoT gateways are deployed on vehicles for continuous monitoring of GPS location, collecting telemetry, and other diagnostic health information. Adding an additional distributed event processing component at the edge for communicating to a cloud native IoT application to manage these gateways could lead to an increased latency, which may eventually create OT operational issues for the end customer. Therefore, it is very important to design the edge application in a resilient and robust manner. Cisco Edge Device Management offers such capability to seamlessly integrate with Cisco IoT Operations Dashboard.

Real-world cloud native IoT illustration of transportation use case

Cisco IR829 Industrial Integrated Services Routers, Cisco Catalyst IR1100 Rugged Series Routers, and Cisco Catalyst IR1835 Rugged Series Router

Further technical challenges that can arise in a distributed IoT Edge compute scenario as follows:

1. In connected vehicle/car related use cases the ECU’s software tech stack embedded in the vehicle is different from those of the cloud application software stack to enable quicker integration based on the API’s exposed by the cloud platforms.

2. Limited vehicle’s embedded computing resources and lack of scalability to directly integrate with a cloud native management application

3. Mobility roaming constraints specific to unstable LTE/4G WAN network link connections for exchanging telemetry data at scale in remote deployments.

4. Limited power supply when engines are switched off. The Cisco 829 Industrial Integrated Services Routers and out other industrial routing gateways with ignition power management capability address this challenge.

5. CAN bus data decoding/encoding via protocol translation at the edge and embedded software development challenges to cater to a wide variety of automotive communication protocols

Implementing IoT cloud-based management application itself should minimize the risks that could otherwise arise from integrating edge and cloud. Enterprises can also take additional steps to ensure that their entire ecosystem is secure-from the cloud to the IoT endpoints running at the edge. We need to consider the following security specific challenges for cloud native IoT application.

◉ End to end observability

◉ Secured edge computing stack

◉ Edge cluster monitoring

◉ Secure IoT cloud convergence

End to End Cloud native IoT architectural Illustration

Embedded code is typically static and tailored to a specific platform. It is tested meticulously to ensure safe, secure, reliable, and deterministic operation. However, Cloud native IoT applications typically run on non-deterministic Linux and have many hidden library and Kubernetes clusters or other infrastructure dependencies.

They often can’t be certified to IoT standards such as IEC 61508, ISO 26262, or DO-178C. Even if they could be certified, the cost of certification is prohibitive as it is proportional to the number of effective source lines of code (eLOC) used in the system. For reference, the Linux kernel alone consists of more than 25 million lines of code. The growing number of security threats and attacks happening in the entire stack of IoT systems increase the need for end to end visibility in a cloud native application architecture. We have built a cloud native IoT Security application to mitigate these threats.

The challenges and emerging architectural trends as discussed above for different IoT use cases in a distributed edge compute environment drive the need for a scalable cloud native IoT management application architecture.

 

Possible solutions

In some IoT use cases, the IoT product architectures across industries would require CEP (complex event processing) or processing high volumes of data in a 3V (volume, velocity, variety) model. This drives the need for the following IoT application capabilities classified as the six pillars of cloud native IoT management application in a hybrid cloud or multi cloud world.

◉ Compute scalability: There is an inherent need for scale up/down capability of compute processing power for building IoT applications. This is due to the variety of OT traffic spanning across IoT architectures in different industries.

◉ High frequency data processing: IoT traffic is highly bursty in nature. Therefore, processing of high volume of data without any adverse performance issues to the end-to-end system performance is critical.

◉ Low latency data processing: The majority of IoT use cases require low latency-based processing of OT traffic flows and data.

◉ Robust data processing pipeline: Since IoT requires a low overhead and no single point of failure in the data processing pipelines from the edge to the cloud, cloud native application architectures are suitable to handle robust data processing pipeline.

◉ Variety of IoT protocols: The number of IoT protocols (connectivity, message queues, streaming data, analytics, databases) and specifications of IoT standard have traditionally dealt with interface specifications and related data models, such as device-to-cloud interfaces. This requires cloud native IoT application architecture support.

◉ Cloud native IoT messaging service: The IoT industry’s definition of cloud native IoT messaging service is as follows:

◉ The standards-based offering doesn’t rely upon the services of a particular cloud vendor.

◉ Transparent, elastic scalability that can accommodate peaks and valleys in telemetry data traffic from IoT devices.

◉ Transparent fault tolerance and high availability that fulfills the service level agreements business critical IoT applications require.

◉ Ability to run on different public cloud platforms.

◉ Open API allows for the integration of the data with other cloud and third-party services.

It is easier to build IoT applications or an IoT platform using cloud native principles for both a hybrid cloud and multi cloud journey for our customers and partners. Traditionally, ICS, cyber-physical systems and other operational technology systems were dependent on embedded compute platforms. But the convergence of OT and IT in Industry 4.0 has created a need for building cloud native IoT applications and AEP’s (Application Enablement Platforms). This need is at odds with legacy embedded code running in traditional OT systems. Cisco has built a cloud native IoT management application, which can manage both, the life cycle of edge compute applications and the IoT gateways in a scalable manner.

Cisco IoT architectural solution

We developed Cisco IoT Operations Dashboard to solve these issues along with the technical debt incurred with Cisco’s legacy IoT management applications and based on the global macro trends seen in IoT. The Operations Dashboard comprises of the following main modules: Cisco Edge Device Management, Cisco Edge Intelligence, Secure Equipment Access, and Cisco Industrial Asset Vision. Cisco Edge Intelligence securely handles traffic routed in a hybrid cloud environment from different I/O devices PLC’s devices/OT systems to IoT applications hosted in the public cloud environment. Secure Equipment Access provides capability to remotely manage access and interact with both the gateways and connected devices. This can be used to directly troubleshoot or monitor the IoT devices in your deployment. Operations Dashboard is a cloud native application for deployment, management monitoring, troubleshooting, and gaining insights into IoT network edge connectivity, which is agnostic to different connectivity technologies.

Operations Dashboard provides the following three key services:

1. Deployment, monitoring, troubleshooting, and gaining insights into the operation of industrial IoT routers and gateways, and connected equipment.

2. Cisco Industrial Asset Vision: Monitoring of facilities and assets using Cisco’s industrial sensors.

3. Cisco Edge Intelligence: Edge to multi cloud data orchestration.

From a security perspective we offer a full stack observability platform with Cisco Cyber Vision, Cisco Telemetry Broker, and Cisco SecureX to complement the end-to-end security stack for a diverse set of IoT use cases. With this new cloud native paradigm, you can define each network edge as a small cloudlet for doing security analytics at the edge locally

Key takeaways

Based on these emerging market trends in the cloud native IoT application management, IoT security, and the IoT gateway management, it’s important for you to take action. Cisco IOT Operations Dashboard is based on cloud native primitives and addresses the above discussed scenarios. It leverages the available cloud native infrastructure and tools for enabling your successful journey to a hybrid and multi cloud architecture, and future-proofs your investment.

Source: cisco.com

Continue reading

Cisco 200-201 CBROPS Exam: How to Succeed and Advantages

Have you been seeking an opportunity to have your skills recognized and approved? If yes, then you have landed on the right webpage. Get the acknowledgment you have always desired by earning the relevant certification. Get your Cisco CyberOps Associate 200-201 certification, and you can prove to your peers and organizations that you can stay abreast and stay current with your job position.

Taking the Cisco 200-201 CBROPS exam is proven to get essential skills to work in the Cisco Cybersecurity Operation domain. The applicants for this exam are the IT professionals who are accountable for networking work. They are likely to have a perfect knowledge of the networking functionalities and features in the CyberOps environment of the Associate level.

The Cisco 200-201 Exam Overview

In this section, you will come across what this exam covers and what to expect in an actual exam concerning a number of questions, time duration, exam cost, and exam topics.

Cisco 200-201 exam also known as Understanding Cisco Cybersecurity Operations Fundamentals (CBROPS). You can schedule the exam through the Pearson VUE platform. Cisco 200-201 exam cost is $300. The exam is taken in the English language and consisting of 95-105 questions that need to be answered in 120 minutes.

Topics Covered in Cisco 200-201 Exam Is As Follow:

• Network Intrusion Analysis;
• Security Monitoring;
• Security Policies and Procedures;
• Security Concepts;
• Host-Based Analysis

Exam 200-201 is associated with the Cisco Certified CyberOps Associate certification, so its core purpose is to verify that the applicant has essential knowledge of cybersecurity operations and methods. You will notice that all exam questions are related to security, along with basic concepts, monitoring process, policies and procedures, and host-based and intrusion analysis.

Keeping this in mind, it is not surprising that most applicants do not know how to study for such a challenging exam appropriately. And if you are one of them, here are some tips you can follow.

Tips for Cisco 200-201 Exam

1. Assess Time and Work Needed Before Scheduling Exam

Everyone owns different training and experience, and so everyone learns differently. As per your familiarity with the exam topics and expertise, you should have time between your exam preparation and the scheduled date. You must understand the exam structure and topics to perceive how much you will require to study well.

Also Read: Help Your Career with Cisco CyberOps Associate 200-201 Exam

2. Make A Practical Timetable and Follow It

Without a proper study plan, it isn’t easy to pass any Cisco certification exam. So, make creating a timetable your priority, considering your work life. Devote at least one to two hours every day, rather than studying for eight to nine hours at one sitting. Studying every day will make you stay focused and dedicated. And assign more time to the topics you are weak in to improve your knowledge. In the case of studying for such a critical Cisco exam, consistency is necessary.

3. Take Cisco 200-201 Practice Test

One month before your scheduled exam, start taking practice test. Cisco 200-201 practice test to evaluate your learning and find out your knowledge gap. Practicing questions will acquaint you with the type of questions and exam environment. Exam anxiety will go away with consistent practice. Also, they gauge your conceptual knowledge of topics and develop an exam temperament.

Advantages of Passing Cisco CyberOps Associate 200-201 Exam

With the Cisco 200-201 exam, you will have the chance to learn the basic skills and get the appropriate knowledge of carrying out Cisco Cybersecurity Operations. Cisco CyberOps Associate certification will demonstrate that you can work with both an upgraded and new understanding of the expected fundamentals.

Passing the Cisco 200-201 exam is the only thing being in your way to establishing the career everyone wants. Here are some of the related job profiles, which you can get after passing your CBROPS exam:

• Network Analyst;
• Systems Administrator;
• Network Administrator.

And this is the most insignificant that you will be able to employ for and receive.

Conclusion

Cisco certification can help you develop and expand your skills and stay updated and more employable. Use Cisco 200-201 practice tests in your preparation journey. They can help you pass this certification exam so you can break into the excellent career opportunities that come with certification. So, don’t miss the opportunity and take it now!

Continue reading

Strategize Wi-Fi 6 upgrade with Cisco DNA Center

It is super exciting to see the rich set of features that Wi-Fi 6 has brought to the table. With the likes of high throughput, power optimization, and broadened security, Wi-Fi 6, as a technology that got enough to tempt the network upgrade. As a result, these promising capabilities could knock off an array of challenging access issues seen in the enterprise network.

In a typical enterprise setup, the network administrator is liable for leading the upgrade with no consequences. It warrants the admin to do due diligence in the planning phase to deal with the task smoothly.

Read More: 300-815: Implementing Cisco Advanced Call Control and Mobility Services (CLACCM)

Following are the top-of-the-mind questions of the administrator on the upgrade. 

1. Which areas need immediate access point upgrade 

2. What sort of Wi-Fi 6 Access points are the best fitting in the region

3. When and how to migrate without network interruption

What, do they sound like inhibitors? How relieving it may be if there is an efficient tool that provides sufficient insights and guidance for successful upgrades? Here it is. We have the Cisco DNA Center at our disposal to accomplish the purpose. Cisco DNA Center has a wide range of features that help right from planning to execution stage of the upgrade tasks.

Planning phase

During the planning phase, the administrator determines the various regions facing different access issues and prioritizes accordingly. Following are some of the typical access issues  

◉ The chokepoints in the access network in the form of excess congestion

◉ Areas that operate high power starving IoT devices

◉ Places where mobile devices struggle uplink performance

◉ Areas having higher interference, and so on. 

Cisco DNA Center Assurance has an exclusive dashboard to give insights into the Wi-Fi 6 readiness of the enterprise network and a set of AI/ML-driven dashboards to detect the regions where the Wi-Fi 6 upgrade makes a difference. With Wi-Fi 6 dashboard, the administrator will get the pattern of which level of Wi-Fi 6 enabled clients are noticed in the network and the regions where they are spotted regularly. This dashboard additionally gives insights into what infra level upgrade is needed to enable Wi-Fi 6 in the network. 

Once the network administrator obtains better information on the different regions for the network upgrade, the next logical step is to identify the appropriate types of Wi-Fi 6 access points to use. The good news is that Cisco offers a bundle of Wi-Fi 6 access points with all sorts of capabilities. Comparing and contrasting the various access points with the requirement will assist in finalizing the appropriate access points.

Upgrade phase

Usually, the network administrator will perform the upgrade activity during the planned maintenance window to prevent the loss of productivity of users. Cisco DNA Center offers a streamlined UI workflow byname “Access Point Refresh” using which the network administrator can conduct the upgrade task more fluidly.

Let us create a workflow task first

The preparatory work done in the planning phase will be handy. The workflow needs this information. Here is a quick digest of the steps involved in the workflow.

◉ At first, using this workflow, the network administrator should create a new upgrade task to capture the information as guided by the workflow. The administrator can edit and save the workflow task any number of times before submitting the replacement work to get triggered.

◉ In the workflow, the network administrator should select the site(s) and then the access points of those sites for replacement. 

◉ Then the administrator must provide the serial ID of the replacing (new one) access points against each to-be-replaced (old one) access point. Cisco DNA Center uses this information to verify that the access point used for the replacement is genuine. 

◉ There are two approaches to provide the new access point details. If the administrator has already connected the new AP to the corresponding switch, Cisco DNAC Center could detect that. As a result, the workflow shows this new AP that the administrator could select and proceed. Otherwise, if the new access point is not yet available to connect to the network or if the administrator plans that activity later, there will be a provision to add the serial ID manually. Cisco DNA Center learns the new AP through PNP or WLC discovery. 

◉ There is also a CSV template to help the administrator capture the old and new access point information in case of bulk replacement. 

Here is some screen captures to visualize the support.

It’s time to trigger the upgrade

Upon completion of the workflow, the administrator should submit the workflow to trigger the replacement activity. This offers many distinct approaches as follows for the admin to accomplish the task conveniently. 

◉ The network admin starts with powering off and removing the old Access Point and afterward adding a new Access point in the same switch.  

◉ On the other hand, if the new Access Point is not available yet, then the workflow task will wait till the new one gets connected to the network. The admin can follow the previous step when the new one is available. 

As part of a successful replacement, the task copies all required config from the old Access Point to the new one and prepares it for serving the clients.

And finally, this workflow also provides the report with the status of the replacement. If any replacement tasks have failed for any interim reason, there is an option to retry the replacement task.

We hope Wi-Fi 6 is rather interesting and the enterprise can conveniently proceed with the upgrade task with Cisco DNA Center.

Source: cisco.com

Continue reading

Eliminate Network Blind Spots with Visibility from Cisco Nexus 9000 Switches and ThousandEyes

Your organization depends on your network. As networks become more and more complex, the question arises: How do you know what the network is really doing?

Today’s data centers can extend far beyond their on-premises physical location. Data and applications can be with a co-location provider or across multiple cloud providers. For many organizations, data is distributed all around the globe in a web of micro-services and containers and, consequently, outside direct view and control.

With this wide variation of locations, the deployment of Cisco Nexus 9000 switches varies as well. They might provide a Data Center Interconnect (DCI), Cloud to Cloud Connectivity, or external connectivity to sites on the Internet. However, across this vast variation in deployment use-cases, one thing is common—there can be blind spots!

Read More: 300-710: Securing Networks with Cisco Firepower (SNCF)

Consider that, whether for the Internet, Cloud Connectivity or Data Center Interconnect, the transport infrastructure is often provided by an external entity. This external entity, either a Service Provider or your Backbone team, more than likely doesn’t give you operational access and visibility into what some might call the “sausage making” of networking. And that limits visibility and therefore control.

Gaining Deeper Visibility

Visibility into transport infrastructure is essential to optimize the efficient and reliable management of the network. Deeper visibility provides key performance indicators (KPI) such as throughput, path information, latency, jitter, and loss. This information assists in rapidly detecting and remediating transient network degradations—those that can only be detected with continuous monitoring of KPIs over time. Even more importantly, recording this data effectively provides visibility back in time to not just mitigate issues, but to identify and correlate their root causes so they can be eliminated before they reoccur.

In the past, IT used a variety of approaches to attempt to collect actionable KPI data. For example:

◉ Placing compute resources in a co-location for the purpose of collecting telemetry data

◉ Connecting a server outside the DMZ for the purpose of measuring performance

◉ Adding a collector to the DCI to provide visibility

Figure 1. A Server Used as a Telemetry Sensor

However, as Figure 1 shows, they might not be in the exact data path through which all traffic will pass. Also, using passive data collection does not provide critical visibility into the network paths that data traverses.

Integration with a ThousandEyes

In August 2020, Cisco completed the acquisition of ThousandEyes, an Internet and cloud intelligence platform capable of expanding visibility into, and delivering insights about, the digital delivery of applications and services over the Internet and the cloud. With Cisco’s strong Cloud and Data Center network portfolio, the integration of the ThousandEyes vantage points into the Nexus 9000 enables unprecedented visibility through ThousandEyes from Nexus 9000 switches.

Instead of placing additional compute resources in co-locations, connecting them outside your DMZ, or adding them to your DCI, you can install ThousandEyes Enterprise Agents on Cisco Nexus 9000 switches. The agents measure across the exact paths that data passes gathering crucial KPIs wherever a Cisco Nexus 9000 is present (see Figure 2).

Figure 2. Cisco Nexus 9000 hosting ThousandEyes Enterprise Agent

ThousandEyes and Nexus 9000 Integration Details

The Cisco Nexus 9000, in ACI or NX-OS mode, provides a hosting environment embedded in the switch’s Network Operating System (NOS) itself. Within NX-OS is a dedicated and secured Linux Container (sLXC) environment for the ThousandEyes Enterprise Agent called Guest-Shell. The agent is hosted in the sLXC and can access the switch’s bridging and routing tables for all its reachability needs. As communication to and from the agent resides in the Nexus 9000 itself, Control Plane Policing (CoPP) can enforce the allowed data-rate for additional protection. Figure 3 shows a schematic diagram of the ThousandEyes Enterprise Agent in a Cisco Nexus 9000 with NX-OS.

Figure 3. ThousandEyes Enterprise Agent hosting in Cisco Nexus 9000 (NX-OS)

Scalability, of course, is a key consideration. With tens, hundreds, or even thousands of switches in a network, simplified agent lifecycle management is crucial. While the ThousandEyes Enterprise Agent can be manually installed into the NX-OS Guest-Shell, the Cisco Nexus Dashboard Fabric Controller (NDFC) provides an integrated workflow to activate the functionality with a single click (see Figure 4).

Figure 4. Agent Install on Cisco Nexus 9000 (NX-OS)

The automated install/uninstall in NDFC, provides all necessary configuration settings so the latest version of the ThousandEyes Enterprise Agent can be directly downloaded from the Cisco Repository. Furthermore, the agent will also be automatically onboarded to the ThousandEyes Dashboard for the Test Setup phase of deployment. While Cisco NDFC provides unified configuration and installation of agents, you can still choose to use other tools such as Ansible Playbooks to perform these tasks.

Better Together for Deep Visibility

Operating a data center network requires a versatile and flexible approach to management with deep visibility into the network, including transport infrastructure. The deep linking and integration of Data Center Interconnect (inter-DC) visibility (ThousandEyes) with data center infrastructure (Cisco Nexus 9000) provides access to the KPIs needed to measure performance, quickly detect and resolve network issues, and correlate root causes to eliminate issues in the future.

Cisco continues to integrate new capabilities into Cisco Nexus Dashboard to provide a granular view into the many corners of the extended enterprise network. Today Nexus Dashboard has deepening integrations with Nexus 9000 switches, Cisco Insights, App Dynamics, and of course ThousandEyes, to improve end-to-end visibility from data center, to cloud, to applications and the workforce. With Cisco Nexus Dashboard as a single-point of control for visibility and insights, IT has the ability to foresee and mitigate many of the potential issues that impact the workforce and business operations before they become impediments to progress and profits. And so, the journey continues…

Source: cisco.com

Continue reading

How Can You Pass CCNP Security 350-701 SCOR Exam

If you plan to obtain CCNP Security Certification, 350-701 SCOR Implementing and Operating Cisco Security Core Technologies v1.0 exam is one of the requisite exams; you can take Concentration exams to achieve your certification. CCNP Security 350-701 is a professional-level Cisco certification exam that must be cracked to get a Security certified and valued security certification. Through exams, known as the core exam and the security concentration exam of one's option, mark the CCNP Security 350-701 exam.

Cisco 350-701 SCOR Exam Details

The Implementing and Operating Cisco Security Core Technologies v1.0 (SCOR 350-701) exam consist of 90-110 questions that need to be finished in 120 minutes.

This exam measures an applicant's understanding of implementing and operating core security technologies, comprising network security, cloud security, content security, endpoint protection and detection, secure network access, visibility, and enforcement.

Topics Included in Cisco 350-701 SCOR Exam

• Security Concepts (25%)
• Network Security (20%)
• Securing the Cloud (15%)
• Content Security (15%)
• Endpoint Protection and Detection (10%)
• Secure Network Access, Visibility, and Enforcement (15%)

Targeted Audience

The connectivity of software and networking is evolving as the day passes. Security professionals require an entire range of skills and a greater focus on the field of vital technology.

Thus, the following professionals can opt for this exam:

• Systems engineer
• Network administrator
• Consulting systems engineer
• Technical solutions architect
• Network manager
• Security engineer
• Network engineer
• Network designer
• Cisco integrators and partners

Cisco CCNP Security 350-701 Exam Preparation Resources

Acing this 350-701 exam demands a solid grasp of the skills and expertise concerning the topics it includes. To acquire this, applicants have to master all the topics. This can be accomplished in several ways utilizing various preparation resources listed below:

1. Official Training Course

Cisco provides a training course for exam takers to have an in-depth understanding of exam topics. Cisco-certified professionals take such courses. You can ask your doubts in this course and get them solved right away.

2. Online Communities and Forums

Applicants sitting for Cisco 350-701 SCOR exam can prepare for a study forum or an online community. Online communities give the best platform to learn from colleagues and make understanding complex concepts less difficult. Cisco also has a forum on its website where exam takers can interact and learn from professionals and recent exam takers.

Also Read: Is Cisco 350-701 SCOR Worth the Time And Effort?

3. Study Guides

Study guides are beneficial for in-depth learning and learning of concepts. Applicants should utilize them early enough during their preparation phase to avoid rushing when their exam is approaching. The benefit of using a study guide is that one can formulate a self-study plan that works for them. Moreover, you can find the Official Cert Guide for the 350-701 SCOR exam at Cisco Press or Amazon.

4. Videos

Some videos include information about Cisco 350-701 exam topics and give tips on preparing for the exam. Certified professionals or instructors create them. Applicants can obtain these videos from Cisco's website and YouTube also.

5. Cisco 350-701 SCOR Practice Test

Practice tests are a very beneficial study tool for Cisco 350-701 SCOR exam preparation. Practice tests can be used by professionals having busy work lives as they are accessible anytime and anywhere. Applicants who have attempted practice test before an actual exam has a greater possibility of passing the exam with good scores. Moreover, they are an excellent option for you to revise the learned concepts.

Best Platform to Attempt Cisco 350-701 SCOR Practice Test

Taking practice tests online is usually a click away, but this also presents applicants to scam sources that offer useless material. This typically costs applicants their time and money. To avoid this, you should take up practice tests from trusted and reliable websites such as NWExam.com. This website will receive an updated practice test that will help you pass your 350-701 SCOR exam. Attempt practice tests to get familiar with the exam structure and type of questions and reduce stress. This will help you identify your preparation strategy and deal with exam questions.

Conclusion

Passing Cisco 350-701 exam is essential if you want to qualify for the CCNP Security certification. When you finally complete all the requirements and attain the CCNP R&S certification, you will possess outstanding, hands-on skills working with enterprise networks. Our advice about using the practice test from NWExam.com should help you achieve this with ease.

Continue reading

Using Infrastructure as Code to deploy F5 Application Delivery and Cisco ACI Service Chaining

Every data center is built to host applications and provide the required infrastructure for the applications to run, communicate with each other, be accessed by their users from anywhere, and scale on demand.

To achieve this, your data center network must be able to provide different types of connectivity to different applications. This includes east-west connectivity between application tiers, as well as north-south connectivity between users and applications. Both rely on additional application delivery Layer 4 to Layer 7 services like load balancers and web application firewalls.

Cisco ACI and F5 BIG-IP Service Insertion

Cisco ACI’s powerful L4-L7 services redirection capabilities will allow you to insert services and redirect traffic from the source to the destination anywhere in your fabric without needing to change any of the existing cabling. This is where you can insert F5 BIG-IP load balancer, to provide application availability, access control, and security.

Read More: 500-440: Designing Cisco Unified Contact Center Enterprise (UCCED)

This is possible using the Policy Based Redirection (PBR) capabilities of the Cisco ACI fabric by configuring a Service Graph in APIC.

But PBR policy and Service Graphs entail a series of manual configurations. This can be tedious, error prone, and inefficient especially if the same configuration happens very often. On top of that, the configuration of the BIG-IP service itself requires information from the Cisco ACI Service Graph.

Simplified Service Insertion with Cisco and F5

This is why Cisco partnered with F5—a leader in the application delivery and web application firewall space around the Cisco ACI and the F5 BIGIP solutions—to simplify the deployment of F5-powered L4-L7 services using the F5 ACI ServiceCenter App for APIC.

This integration simplifies management of Virtual sever configuration on F5 BIG-IP and Service Graph configuration on Cisco ACI by providing a simple user-friendly UI.

In this blog, we will discuss an evolution of this integration for customers looking at Infrastructure as Code as the means to automatically deploy both Cisco ACI network infrastructure configuration and BIG-IP L4-L7 services for their applications and looking for opportunities to start progressing in their IaC journey.

End-to-End Service Insertion Automation with Infrastructure as Code

As a reminder, Infrastructure as Code is a journey that you can embark at different stages depending on your existing automation knowledge and needs. The goal of this journey is to translate manual tasks into reusable, robust distributable code and apply software development techniques such as version control (git), automated testing and CI/CD to achieve those goals.

The first step in an Infrastructure as Code journey is to start by selecting a language or a toolset to express our intent for our Infrastructure as actual code. For this integration, we decided to join forces with HashiCorp, the leader in infrastructure automation and a shared partner of Cisco and F5 and chose HashiCorp Terraform as the Infrastructure provisioning tool and using HCL (HashiCorp Configuration Language) to define service configuration as our code.

F5 and Cisco both have verified HashiCorp Terraform providers, making it easy to create the needed configuration on both sides using HCL (HashiCorp Configuration Language) as our code.

To further simplify automation of the numerous configuration items, Cisco and F5 have worked together on a set of Terraform modules which provide best practices defaults for most of the configuration items and allow users to override specific items of the configuration.

By providing a single workflow, all the dependencies are taken care of, and the usage of the overall solution is simplified. Modules also defines outputs that can be passed from one module to the next and modules can depend on each other to represent the dependency relationship they have with each other.

As part of this solution, a simple workflow with 3 Terraform modules has been created:

◉ The Cisco ACI Service Graph Terraform module allow the user to create and deploy a complete service graph for Policy-Based Redirection (PBR) with the required bridge domains and other necessary constructs as documented in the Cisco ACI Policy-Based Redirect Service Graph Design white paper

◉ The F5 BIG IP VLAN Self IP Terraform module configures the interfaces of the BIG-IP (physical or virtual) facing the ACI fabric with the correct VLANs, and Self-Ips configuration.

◉ The F5 BIG IP AS3 HTTP Service Terraform module configures an HTTP Service using F5 Application Services 3 extension (AS3) to provide a load balancing function with a specific Virtual server (VIP) and the recommended configuration when used in conjunction with Cisco ACI PBR.

Instantiation of the modules allows the user to pass the parameters necessary and use default parameters for the rest of the configuration hiding all their internal complexity to the user. The following is an example of the instantiation of the different modules and their dependencies:

module "cisco-aci-service-graph" {

    source = "./modules/service-graph-lb-pbr"

    tenant              = var.aci_tenant

    vmm_provider_dn     = var.aci_vmm_provider_dn

    vmm_domain_name     = var.aci_vmm_domain_name

    vmm_controller_name = var.aci_vmm_controller_name

    vm_name             = var.aci_bigip_vm_name

    vnic                = var.aci_bigip_vnic

    device_name         = var.aci_bigip_device_name

    device_mac_address  = var.aci_bigip_provider_mac

    device_ip_address   = var.selfip_int

    provider_bd_subnets         = var.aci_provider_bd_subnets

    consumer_bd_subnets         = var.aci_consumer_bd_subnets

    provider_service_bd_subnets = var.aci_provider_service_bd_subnets

    consumer_service_bd_subnets = var.aci_consumer_service_bd_subnets

}

module "bigip_vlan_selfip" {

    source       = "./modules/vlan_selfip"

    vlan_int_tag = replace(module. cisco-aci-service-graph.internal_vlan, "vlan-", "")

    vlan_ext_tag = replace(module. cisco-aci-service-graph.external_vlan, "vlan-", "")

    selfip_int   = var.selfip_int

    selfip_ext   = var.selfip_ext

}

module "as3_http_app" {

    source      = "./modules/as3http"

    server1     = var.server1

    server2     = var.server2

    vip_address = var.vip_address

    snat        = var.snat

}

You can see that the “bigip_vlan_selfip” module uses the output of the cisco-aci-service-graph module to pass the VLAN automatically derived from the ACI VMM domain integration. This removes the need to statically define a VLAN and allow the reuse of this plan over and over. You can also see that the module definition uses a lot of variables creating a reusable piece of code that can be instantiated multiple times with different sets of variables.

With this joint solution, deploying BIG-IP application services on an ACI network infrastructure with a Terraform workflow and applying Infrastructure as Code principles, can greatly simplify, automate, optimizes, and accelerate the entire application deployment lifecycle in turn improving time to value.

To better collaborate with other members of your organization on provisioning this solution, HashiCorp Terraform Cloud can be used to provide remote state storage allowing your state file (which provides a system of record for what you have provisioned) to be stored securely and remotely.

Continue reading

Is the CCNP Enterprise 300-410 ENARSI Certification Worth It?

Listing the CCNP Enterprise certification on your resume demonstrates that you possess the skills required to work competently with enterprise networking solutions. The core focus of this certificate is that you can take it according to your choices. That is why it includes the core exam, which any applicant should take, and six concentration exams to let the applicants select their field of specialization. Cisco 300-410 ENARSI: Implementing Cisco Enterprise Advanced Routing and Services is one of these exams and one of the most sought-after picks among the exam takers.

Details of Cisco 300-410 ENARSI Exam

The area of specialization of this Cisco CCNP Enterprise 300-410 ENARSI exam includes the details of the implementation process needed for Cisco enterprise advanced routing and services.

Cisco 300-410 Exam Includes the Following Topics:

• Layer 3
• VPN services
• Infrastructure security
• Infrastructure services
• Infrastructure automation

To know all the exam syllabus topics in detail, click here. Cisco 300-410 ENARSI exam comprises 55-65 questions answerable in 90 minutes. So, to deal with all the questions, you must work on your time management and exam-taking skills. Cisco 300-410 ENARSI exam is available in Japanese and English languages.

Reasons to Opt for Cisco 300-410 ENARSI Exam

Reasons to opt for this certification exam is that it fetches incredible benefits. The core benefit is the skills you acquire. If you prefer to opt for this exam, upon passing this exam, you will get the following skills:

• MPLS operations, comprising LSR, LSP, label switching, and LDP;
• Bidirectional Forwarding Detection;
• BGP, OSPF, and EIGRP;
• Route reflector;
• IPv6 First Hop security features;
• Neighbor relationship & authentication;
• SNMP & NetFlow.

Also, if you prepare with great deliberation and master all the required topics, you will be able to carry out the following tasks:

• Troubleshooting device management;
• Configuring policy-based routing;
• Troubleshooting administrative distance;
• Verifying VRF-Lite;
• Troubleshooting possible network problems with the use of the Cisco DNA Center assurance;
• Configuring and verifying DMVPN;
• Troubleshooting manual & auto-summarization with any routing protocol;
• Troubleshooting control plane policing;
• Troubleshooting the network performance issues with the use of IP SLA.

These are just a few of the skills you learn and the expertise you get if you go for the 300-410 ENARSI exam. Of course, it all depends on the skills you need for your job role, not the positions that require these.

A Brief Overview of Cisco 300-410 ENARSI Exam Preparation

Passing this Cisco exam can be difficult in some cases, but you can make it a lot easier by using appropriate study resources. There are plenty of study materials you can find online for Cisco exam preparation, but you should begin with the official resources provided by the Cisco website. Cisco offers many study resources, such as training courses, labs, study guides, and much more. Apart from this, you can also go for practice tests offered by NWExam.com. It would be best not to underestimate the importance of practice tests because they will take you a long way no matter what you do.

Preparing for the Cisco 300-410 Exam: Study Resources

Attempting Cisco 300-410 ENARSI practice tests will impart you an idea about the actual exam and the kind of questions to expect.

Benefits of Passing Cisco 300-410 ENARSI Exam

Passing the core 350-401 ENCOR and the 300-410 ENARSI exams gives you the CCNP Enterprise certification. This is one of the vital benefits of clearing this exam. Other benefits are listed below:

1. Cisco 300-410 ENARSI Certification Makes you More Employable

Cisco 300-410 certified professionals are way more employable than their non-certified peers. With the CCNP Enterprise certification, which you achieve after passing the 300-410 exam, you will have an advantage over other candidates who are not certified. The potential organizations will acknowledge you first for the position they offer.

2. It Confirms Your Skills

Passing Cisco 300-410 exam confirms that you have the knowledge and skills required to implement and troubleshoot advanced routing technologies and services. The certification will demonstrate to the employers that you can execute and troubleshoot Layer 3, infrastructure services, and VPN services. And a lot of organizations require professionals with such skills.

Upgrade Your Career with New CCNP Enterprise 300-410 Certification

3. It Boosts Your Knowledge

The Cisco 300-410 exam is not just about passing it and becoming certified. Still, it is a superb way of obtaining high-level knowledge in executing and troubleshooting the most advanced technologies and services. By going through the diligent preparation method, you will learn a lot along the way.

Conclusion

Choosing which concentration exam to take is what you need to do if you receive the certification that will suit your job role. That is why Cisco offers six options to make your resume stand out, and choosing one of the exams can earn your certificate different from the certifications of other candidates. So, if Cisco 300-410 is the exam you require, prepare for it with great deliberation and deal with it with an excellent score with the help of a practice test.

Continue reading