Cisco IT accelerates its transformation with CX Cloud

As any CIO with a digital transformation agenda can attest, success relies upon establishing clearly defined objectives for each step of the journey – with visibility into the entire IT infrastructure. Also critical is the ability to receive the right information at the right time to help achieve desired outcomes faster. This was especially true during the pandemic when, for example, Cisco enabled – within 10 days – 140,000 employees and partners to work from home.

In Cisco IT, we’re meeting these goals with CX Cloud – a one-stop destination that combines Cisco expertise and best practices with telemetry, AI-/ML-driven insights, use cases, and contextual learning. This cloud-based Software as a Service (SaaS) portal is smoothing the bumps in our digital journey by removing complexity, filling skills gaps, and ultimately accelerating technology adoption.

It accomplishes this by providing:

◉ Full visibility into all of our network assets and contracts

◉ Automated risk detection and mitigation

◉ Actionable data and insights

◉ Ready access to targeted learning resources and expertise, and much more

Let’s take a closer look at how we’re leveraging these and other CX Cloud capabilities to benefit our business.

‘Single source of truth’ with 360-degree insights

CX Cloud provides a secure, single source of truth that enables full visibility of our 100,000-plus IT assets (see Figure 1). CX Cloud’s telemetry ensures we always have the latest information pertaining to purchased and connected assets, security advisories, support cases, and individual success tracks.

Because we now have all of our asset information and security advisories in one place, our engineers no longer need to build reports manually or reconcile across platforms. As a result, they expect to boost their efficiency and improve their operational scale by 50 to 60 percent, allowing them to spend more time on innovation. The bottom line: We’re accomplishing much more with the same number of people.

CX Cloud also lets us keep track of on-premises and cloud-based infrastructure across multiple deployments — with tools to search, filter, and see a 360-degree view of an asset’s hardware and software details. We can access contract and coverage details with key support milestones, while also receiving on-demand diagnostic scans and updated advisories.

Figure 1. CX Cloud provides a “single plane of glass” for viewing 100,000+ Cisco IT assets.

Timely expertise with quick resolution and enhanced security

CX Cloud leverages machine learning to analyze our network and generate a prioritized listing of security advisories (alerts), field notices, and priority bugs (see Figure 2). Each security advisory shows the vulnerabilities, the number of affected assets, IP addresses, and actionable data – ultimately helping us drive faster resolution and enhanced security.

Before we had this tool, our engineers would spend as many as three hours analyzing each potentially impacted device. CX Cloud is dramatically reducing the majority of the time it takes to gather the information from multiple sources, giving our engineers opportunities to focus on higher-value activities.

Figure 2. CX Cloud’s advisories help to eliminate security vulnerabilities

With CX Cloud, we can access use-case-guided expertise and lifecycle resources to help us deploy, manage, and optimize our technology while reducing risks. We can leverage a guided adoption journey to help us deploy and optimize specific use cases, with expert advice tailored to our specific progress (see Figure 3).

CX Cloud enables us to gauge our deployment progress using a combination of telemetry insights and manual actions. We can engage with Cisco and partner expert resources such as best-practices webinars and 1-to-1 coaching. We also enjoy access to extensive eLearning catalog and remote practice labs (Level 2), as well as product documentation and communities.

We’ve found the lifecycle section of CX Cloud to be especially useful when we onboard new people. This feature helps keep us moving forward in our transformation journey, without having to backtrack.

Figure 3. CX Cloud’s lifecycle resources provide expert advice, when and where it’s needed

Speedy resolution and simplified case management

With CX Cloud, we can see all open support cases in a handy list view (provided that each viewer on our team is eligible to review those cases). This easy access is available regardless of whether a viewer is the case owner or not. This built-in support is akin to always having a high-touch operations manager at our fingertips, accelerating collaboration and issue resolution.

Figure 4. CX Cloud makes case management easy

Minimize risks with tailored recommendations and insights

CX Cloud delivers deep intelligence and insights into our network and security posture, allowing us to reduce our operational risk. We can view targeted insights and suggestions that help us optimize our business and solve problems before they happen.

For our Catalyst 9500 switches, we receive software recommendations tailored to our assets and configuration – by risk profile. Combined with Cisco DNA Center software image management (SWIM), this helps us automate software upgrades and ensure all the assets are on the same Golden Image.  Our engineering leaders can also see potential crash risks based on known contributing factors, along with tailored recommendations to minimize risks. With Integrated Secure Operations, we also have visibility into license consumption information and features used.

CX Cloud even lets us quickly identify devices with regulatory compliance (e.g., HIPAA, PCI) violations and view recommended fixes.

Figure 5. CX Cloud’s deep insights help solve problems – before they happen

Ultimately, CX Cloud’s comprehensive suite of use-case-driven solutions work together to help us drive business value across architectures. CX Cloud digitally connects us to the right expertise at the right time, with the right level of engagement to achieve our goals – faster.

Source: cisco.com

Continue reading

Create, Document, and Share Live Code Examples with Jupyter Notebook

Q: How do you eat a whale?

A: One bite at a time… or so the saying goes. Admittedly, I don’t know of anyone who eats whale one bite at a time (or any way otherwise for that matter). But we can all agree that breaking large problems into smaller pieces is a valuable arrow in the quiver of problem-solving techniques. It’s a practice that certainly applies in the world of programming.

Once the problem is broken down and implemented, however, how can we convey what we learned to others? One way is using Jupyter Notebook to combine documentation authored in markdown together with live code. As an example, a developer writes small blocks of Python to vet an algorithm, a function, or syntax. Once verified, it is documented, saved, and the code is then added to the IDE, such as VSCode, where the main Python code is developed.

This post shows a simple Python example that retrieves physical compute inventory claimed in Cisco Intersight. In this example, the items in the inventory are UCS X-Series compute nodes managed by IMM (Cisco Intersight Managed Mode).

What is Jupyter Notebook?

Jupyter Notebook is an open-source web application used to create and share code along with narrative text. It’s used extensively in academia especially by data scientists. If you have experience with Python you may be familiar with IDLE (see the screenshot below). IDLE lets you execute Python code directly from the command line without needing to run a *.py file. You run your line(s) of code and verify things work and when you are finished, you close your session with <cntrl><d> and you move on with life. What if you wanted to share what you tried with someone else? Assuming you copy/pasted the contents of your shell session, would someone else be able to understand what the flow of what you were trying? Could you refer to it later and understand the flow of what you did?

IDLE does the job but it has limitations when it comes to documenting and sharing ideas. Enter Jupyter Notebook, an interactive way of documenting and executing live code from a web-based interface. It runs as an interactive web application supporting markdown and code execution with support for over 100 programming languages (called “kernels”) including Python, PowerShell, and Matlab just to name a few. I’ll show you examples in both Python and PowerShell since those are commonly used to interface with Cisco compute API’s.  

How Jupyter Notebook works – A very simple tutorial

First, be sure to first install Jupyter Notebook if it’s not already on your machine. Once installed, you can launch the browser by entering the command jupyter notebook from the command line. When the command is executed a new browser tab opens with the Jupyter notebook interface. 

In the example below, we use Python 3 as our language of choice with the first entry authored with markdown and the second “hello world” passed to the print function. For the first entry, select Markdown as the type of content to run, enter markdown syntax, followed by simultaneously pressing the <shift> and <enter> keys and voila! The markdown is rendered.

In the next entry, select Code from the highlighted pulldown, enter one or more lines of code, followed by simultaneously pressing <shift> and <enter>. The code runs and the results are displayed just below the code. Well, that was easy!

Pro Tip: Not sure what to pass else you can pass to print? Select the field where you entered the print function and followed by simultaneously pressing the <shift> and <tab> keys. You will see a documentation snippet describing the function.

Show Me a Real-World Example

The examples above are right up there with the ‘hello world’ examples you undoubtedly encountered when learning a new language. Next, let us dive into the real-world scenario of calling the Intersight API to retrieve a list of physical compute items from claimed inventory while documenting how you accomplished it.

The specifics of how to go about making the code authenticate and such are covered in the file itself for this post, the example is cut back for brevity, but you can download the code from DevNet’s Code Exchange if you would like to follow along and try it. The examples available in Python and PowerShell.

Here are the steps taken to retrieve physical compute inventory:

◉ Import the necessary Python modules

◉ Populate the AUTH variable and define the base URL

◉ Run a GET operation on the URI of compute/PhysicalSummaries

◉ Inspect the JSON data returned by the call

◉ Print the results

Documenting and Executing Code

In step 1 below, you see these steps in action broken apart into smaller pieces along with documentation explaining what each step does along with the live code. If fact, we do not need to discuss the steps in this blog since it is already contained in the Jupyter Notebook. Instead, we pass along a few pro tips.

In Step 2, instructions for installing the Python SDK and importing modules are provided with the code for each just below it. Pressing <shift><enter> runs the code and produces a result. The number of lines to execute is up to you and the instructions executed remain in memory.

Pro tip: JSON responses are often lengthy. To manage how you view the output, click the output cell, in this case cell 23. Click once and you see the smaller scrollable window, click twice and you see the full-length listing. If you double-click, the data is hidden. The screenshot below shows the cells with the results hidden.

Finally, if you skip ahead to step 6 you will see the number of UCS X-Series compute nodes currently in our inventory along with how the hardware is completely managed by Intersight by virtue of its management mode also known as IMM (Intersight Management Mode).

Source: cisco.com

Continue reading

Flexible Hybrid Cloud Networking with Infrastructure as Code and Cisco Nexus Dashboard

Applications are becoming the most visible aspect of an organization’s brand. The performance, usability, and reachability of branded apps are of utmost importance since they are a primary interface to customers. To keep up with evolving customer expectations, developers and operations teams are rapidly adopting design patterns using containers and microservices for continuous integration and continuous delivery (CI/CD). In order to enable these innovations to deliver a competitive customer experience, IT relies more and more on a hybrid cloud model.

The enterprise cloud network—including the WAN—keeps application components securely connected and operating in a predictable and performant way. In this sense, the network is an intrinsic part of modern application design and plays an essential role in maintaining KPIs that protect the brand as customers depend on applications to accomplish their daily tasks, including essential services where availability is crucial. Being able to safely automate workflows and have deep visibility into the cloud network, compute infrastructure, and applications has always been a critical need for IT organizations—and even more so in the new hybrid world.

But Hybrid Cloud Gets Challenging

Deploying applications in the cloud is relatively simple for new cloud-native applications. According to IDC research, to gain business agility, enterprises are committing to modernize more than half of their existing applications by 2022, leveraging cloud-native application architectures as a means of achieving their goals.* That’s a significant portion of existing application deployments. For many organizations refactoring these applications to a cloud-native foundation will include integration with exisiting data center services and data repositories, while taking advantage of embedded security policies to protect payment and personal information. This is accelerating the rise of hybrid applications.

The transition to hybrid-cloud introduces new challenges, like the many individual services on a smart watch pulling data from a plethora of sources, but hyper-scaled to serve millions of clients. Established services in an on-premises data center need to be easily accessible to cloud application containers, such as when a cloud-native shopping cart needs to access the payment information on the PCI island in the private data center. The entire communication path needs protection with guaranteed levels of service.

Hybrid cloud requires a simple-to-use, centralized cloud networking platform built to support multiple operator personas—NetOps, DevOps, and CloudOps—to manage a constantly changing constellation of services, data sources, and connections. Historically, provisioning a new application required a handshake between DevOps and NetOps, with NetOps configuring the network before DevOps could deploy the application. This was a manual, error prone process, assuming static dependencies, thus reducing the velocity of change. Thankfully, the increasing adoption of Infrastructure as Code (IaC) tools is helping automate and simplify management of the complex interactions among data centers, hybrid-clouds, networks, and compute infrastructure.

Infrastructure as Code Is the Operational Link Between DevOps and NetOps

IaC automation capabilities are critical for DevOps teams for automating provisioning of cloud infrastructure. DevOps teams can rely on a consistent automation model for infrastructure and workloads across the edge, co-locations, data centers, and public clouds. Depending on the desired outcome, IT teams can leverage IaC tools such as HashiCorp Terraform and Red Hat Ansible, interacting with either Cisco Nexus Dashboard for managing cloud networking services or through Cisco Intersight to manage compute resources.

NetOps can now expose infrastructure services for consumption by the DevOps and CloudOps teams via the Cisco Nexus Dashboard. Using HashiCorp Consul Terraform Sync with Nexus Dashboard, DevOps can directly drive the infrastructure changes needed for application deployment and management while enabling NetOps to monitor the progress in real time, across the global infrastructure. This is made possible by the automation capabilities of Cisco Nexus Dashboard enabling rapid deployment of services, CI/CD pipelines, and seamless collaboration between DevOps, CloudOps, and NetOps.

Take, for example, a Development Team working with the Nexus Dashboard owner to package connectivity permissions for a hybrid-cloud application in an IaC Plan/Playbook. NetOps can use Nexus Dashboard to define the secure connections needed for the application to function among clouds and on-premises services—and only those services. This alleviates the need for DevOps to define and keep track of the network permissions needed for the application. DevOps can make functional changes to a Plan/Playbook using the existing infrastructure and connectivity requirements or NetOps can add new resource connections as needed for updates.

Integrating On-Premises IaC with Cisco Nexus Dashboard

Learning the Ways of IaC for Network Operations

NetOps teams, one of the key operators of Nexus Dashboard, have an opportunity to not only provide valuable assists to DevOps to keep applications up to date and running efficiently, but also to advance their professional career. Learning the principles of IaC by using Terraform or Ansible is an essential skillset that will become even more valuable as organizations continue their move to hybrid application architectures and hybrid cloud operations. To support this learning journey, Cisco DevNet provides classes, learning labs, videos, and sandboxes for experimenting with IaC and Nexus Dashboard services such as Nexus Dashboard Orchestrator. These educational opportunities enable a more productive partnership between NetOps and DevOps teams, improving the deployment and upkeep of vital applications.

Working Together with Cisco Nexus Dashboard and Cisco Intersight

Today, IT teams that base workflows on Cisco Intersight can seamlessly take advantage of Cisco Intersight Service for HashiCorp Terraform. Likewise, network operation teams using Nexus Dashboard as their cloud networking platform will be able to take advantage of Cisco Nexus Dashboard support for HashiCorp Terraform cloud agents. Cisco offers IT teams the flexibility to incorporate IaC models no matter which infrastructure management platform or toolchains they employ to ensure the desire outcomes. With both approaches, Cisco Solution Support provides a single point of contact to support the integration of Nexus Dashboard and Intersight with Terraform Cloud for Business.

Integrating On-Premises IaC with Cisco Intersight

Source: cisco.com

Continue reading

Emerging trends in IoT gateway and edge application management in a cloud native paradigm

The COVID-19 pandemic has thrust the world into an era of massive digital business transformation across industries like manufacturing, utilities, smart cities, oil and gas, and transportation. To meet these new challenges and keep business operations running smoothly, we need cost-effective solutions. Traditionally, IoT solutions were typically used to reduce operational expenses and increase operational equipment efficiency (OEE). With the onset of the pandemic however, the need for managing business operations remotely across these IoT verticals has increased rapidly. This has led to a sudden, unprecedented shift towards an increased adoption of cloud native IoT management applications hosted by public cloud providers in partnership with IoT SaaS vendors. An example for such a use case is remotely managing operations of IOT gateways and edge compute applications deployed on a manufacturing floor. This migration from having personnel onsite managing and accessing devices, IoT gateways, and edge compute applications to remote cloud based management brings a new set of IoT security challenges that are primarily seen in a cloud native application. While cloud native applications are considered reasonably secure in general, there is still room for improvement. Containers, orchestrators, and APIs present in an application’s surrounding infrastructure represent new attack surfaces. In addition to the cloud service itself, each of these layers has an array of user-defined configuration settings intended to help users apply their security policies. This manual configuration is often fraught with opportunities for user error and misconfiguration, opening the IoT applications to potential security attacks.

In addition, new technology and architectural trends are emerging within the functionality of IoT management applications. These new trends change the way gateway management, security, and network management is done for IOT networks. They also alter how edge compute applications run on IoT gateways and integrate with public cloud-based platforms like Amazon Web Services, Microsoft Azure, and Google Cloud. In this technical blog we will discuss some of the emerging architectural trends in the IoT industry. They are classified as the six critical pillars of cloud native IoT management application in a hybrid cloud and multi cloud environment:

◉ Compute scalability

◉ High frequency data processing

◉ Low latency data processing

◉ Robust data processing pipeline

◉ Variety of IoT protocols

◉ Cloud native IoT messaging service

We will discuss these six critical pillars further in detail, but first let’s look at the challenges they are solving.

Challenges of distributed edge IoT data infrastructure

Distributed edge computing makes sense for a variety of use cases in IoT applications. Consider the following challenges with a cloud native integration for the distributed IoT edge:

◉ Bandwidth – traditionally the available WAN network bandwidth is a focus for data centers. However, this focus will shift towards IoT edge computing use cases as many distributed edge IoT deployments emerge.

◉ Latency tradeoff – some IoT use cases would experience increased latency if data processing happened in a cloud or fog layer and there should be a tradeoff to do it in a distributed edge paradigm.

◉ Heterogeneity– in a cluster of gateways deployed at the edge, heterogeneous compute capability of these individual gateways could affect the overall efficiency by adding dissimilar components to handle tasks for the edge compute scenario.

◉ Transparency– conceals the separated components in a distributed edge network to allow the disparate pieces to work in sync.

◉ Concurrency– allows several IoT clients to access shared resources at the edge, which creates concurrent access related problems.

◉ Security– is simpler when all compute resources are consolidated in a centralized data center but not in a distributed edge as in IoT network architectures.

◉ Backup – of dispersed IoT data requires new data protection strategies in a distributed edge IoT to cloud data pipeline paradigm.

5G enabled IoT applications require a highly dynamic response from the end to end IoT system, which creates the need for a distributed event driven edge compute service. To meet these demands, IoT application developers need a flexible and agile development environment like the cloud native approach to quickly create event driven edge compute applications running on IoT gateways. However, introducing such a cloud native approach can come with its own challenges. Take for example fleet management use cases. IoT gateways are deployed on vehicles for continuous monitoring of GPS location, collecting telemetry, and other diagnostic health information. Adding an additional distributed event processing component at the edge for communicating to a cloud native IoT application to manage these gateways could lead to an increased latency, which may eventually create OT operational issues for the end customer. Therefore, it is very important to design the edge application in a resilient and robust manner. Cisco Edge Device Management offers such capability to seamlessly integrate with Cisco IoT Operations Dashboard.

Real-world cloud native IoT illustration of transportation use case

Cisco IR829 Industrial Integrated Services Routers, Cisco Catalyst IR1100 Rugged Series Routers, and Cisco Catalyst IR1835 Rugged Series Router

Further technical challenges that can arise in a distributed IoT Edge compute scenario as follows:

1. In connected vehicle/car related use cases the ECU’s software tech stack embedded in the vehicle is different from those of the cloud application software stack to enable quicker integration based on the API’s exposed by the cloud platforms.

2. Limited vehicle’s embedded computing resources and lack of scalability to directly integrate with a cloud native management application

3. Mobility roaming constraints specific to unstable LTE/4G WAN network link connections for exchanging telemetry data at scale in remote deployments.

4. Limited power supply when engines are switched off. The Cisco 829 Industrial Integrated Services Routers and out other industrial routing gateways with ignition power management capability address this challenge.

5. CAN bus data decoding/encoding via protocol translation at the edge and embedded software development challenges to cater to a wide variety of automotive communication protocols

Implementing IoT cloud-based management application itself should minimize the risks that could otherwise arise from integrating edge and cloud. Enterprises can also take additional steps to ensure that their entire ecosystem is secure-from the cloud to the IoT endpoints running at the edge. We need to consider the following security specific challenges for cloud native IoT application.

◉ End to end observability

◉ Secured edge computing stack

◉ Edge cluster monitoring

◉ Secure IoT cloud convergence

End to End Cloud native IoT architectural Illustration

Embedded code is typically static and tailored to a specific platform. It is tested meticulously to ensure safe, secure, reliable, and deterministic operation. However, Cloud native IoT applications typically run on non-deterministic Linux and have many hidden library and Kubernetes clusters or other infrastructure dependencies.

They often can’t be certified to IoT standards such as IEC 61508, ISO 26262, or DO-178C. Even if they could be certified, the cost of certification is prohibitive as it is proportional to the number of effective source lines of code (eLOC) used in the system. For reference, the Linux kernel alone consists of more than 25 million lines of code. The growing number of security threats and attacks happening in the entire stack of IoT systems increase the need for end to end visibility in a cloud native application architecture. We have built a cloud native IoT Security application to mitigate these threats.

The challenges and emerging architectural trends as discussed above for different IoT use cases in a distributed edge compute environment drive the need for a scalable cloud native IoT management application architecture.

 

Possible solutions

In some IoT use cases, the IoT product architectures across industries would require CEP (complex event processing) or processing high volumes of data in a 3V (volume, velocity, variety) model. This drives the need for the following IoT application capabilities classified as the six pillars of cloud native IoT management application in a hybrid cloud or multi cloud world.

◉ Compute scalability: There is an inherent need for scale up/down capability of compute processing power for building IoT applications. This is due to the variety of OT traffic spanning across IoT architectures in different industries.

◉ High frequency data processing: IoT traffic is highly bursty in nature. Therefore, processing of high volume of data without any adverse performance issues to the end-to-end system performance is critical.

◉ Low latency data processing: The majority of IoT use cases require low latency-based processing of OT traffic flows and data.

◉ Robust data processing pipeline: Since IoT requires a low overhead and no single point of failure in the data processing pipelines from the edge to the cloud, cloud native application architectures are suitable to handle robust data processing pipeline.

◉ Variety of IoT protocols: The number of IoT protocols (connectivity, message queues, streaming data, analytics, databases) and specifications of IoT standard have traditionally dealt with interface specifications and related data models, such as device-to-cloud interfaces. This requires cloud native IoT application architecture support.

◉ Cloud native IoT messaging service: The IoT industry’s definition of cloud native IoT messaging service is as follows:

◉ The standards-based offering doesn’t rely upon the services of a particular cloud vendor.

◉ Transparent, elastic scalability that can accommodate peaks and valleys in telemetry data traffic from IoT devices.

◉ Transparent fault tolerance and high availability that fulfills the service level agreements business critical IoT applications require.

◉ Ability to run on different public cloud platforms.

◉ Open API allows for the integration of the data with other cloud and third-party services.

It is easier to build IoT applications or an IoT platform using cloud native principles for both a hybrid cloud and multi cloud journey for our customers and partners. Traditionally, ICS, cyber-physical systems and other operational technology systems were dependent on embedded compute platforms. But the convergence of OT and IT in Industry 4.0 has created a need for building cloud native IoT applications and AEP’s (Application Enablement Platforms). This need is at odds with legacy embedded code running in traditional OT systems. Cisco has built a cloud native IoT management application, which can manage both, the life cycle of edge compute applications and the IoT gateways in a scalable manner.

Cisco IoT architectural solution

We developed Cisco IoT Operations Dashboard to solve these issues along with the technical debt incurred with Cisco’s legacy IoT management applications and based on the global macro trends seen in IoT. The Operations Dashboard comprises of the following main modules: Cisco Edge Device Management, Cisco Edge Intelligence, Secure Equipment Access, and Cisco Industrial Asset Vision. Cisco Edge Intelligence securely handles traffic routed in a hybrid cloud environment from different I/O devices PLC’s devices/OT systems to IoT applications hosted in the public cloud environment. Secure Equipment Access provides capability to remotely manage access and interact with both the gateways and connected devices. This can be used to directly troubleshoot or monitor the IoT devices in your deployment. Operations Dashboard is a cloud native application for deployment, management monitoring, troubleshooting, and gaining insights into IoT network edge connectivity, which is agnostic to different connectivity technologies.

Operations Dashboard provides the following three key services:

1. Deployment, monitoring, troubleshooting, and gaining insights into the operation of industrial IoT routers and gateways, and connected equipment.

2. Cisco Industrial Asset Vision: Monitoring of facilities and assets using Cisco’s industrial sensors.

3. Cisco Edge Intelligence: Edge to multi cloud data orchestration.

From a security perspective we offer a full stack observability platform with Cisco Cyber Vision, Cisco Telemetry Broker, and Cisco SecureX to complement the end-to-end security stack for a diverse set of IoT use cases. With this new cloud native paradigm, you can define each network edge as a small cloudlet for doing security analytics at the edge locally

Key takeaways

Based on these emerging market trends in the cloud native IoT application management, IoT security, and the IoT gateway management, it’s important for you to take action. Cisco IOT Operations Dashboard is based on cloud native primitives and addresses the above discussed scenarios. It leverages the available cloud native infrastructure and tools for enabling your successful journey to a hybrid and multi cloud architecture, and future-proofs your investment.

Source: cisco.com

Continue reading

Cisco 200-201 CBROPS Exam: How to Succeed and Advantages

Have you been seeking an opportunity to have your skills recognized and approved? If yes, then you have landed on the right webpage. Get the acknowledgment you have always desired by earning the relevant certification. Get your Cisco CyberOps Associate 200-201 certification, and you can prove to your peers and organizations that you can stay abreast and stay current with your job position.

Taking the Cisco 200-201 CBROPS exam is proven to get essential skills to work in the Cisco Cybersecurity Operation domain. The applicants for this exam are the IT professionals who are accountable for networking work. They are likely to have a perfect knowledge of the networking functionalities and features in the CyberOps environment of the Associate level.

The Cisco 200-201 Exam Overview

In this section, you will come across what this exam covers and what to expect in an actual exam concerning a number of questions, time duration, exam cost, and exam topics.

Cisco 200-201 exam also known as Understanding Cisco Cybersecurity Operations Fundamentals (CBROPS). You can schedule the exam through the Pearson VUE platform. Cisco 200-201 exam cost is $300. The exam is taken in the English language and consisting of 95-105 questions that need to be answered in 120 minutes.

Topics Covered in Cisco 200-201 Exam Is As Follow:

• Network Intrusion Analysis;
• Security Monitoring;
• Security Policies and Procedures;
• Security Concepts;
• Host-Based Analysis

Exam 200-201 is associated with the Cisco Certified CyberOps Associate certification, so its core purpose is to verify that the applicant has essential knowledge of cybersecurity operations and methods. You will notice that all exam questions are related to security, along with basic concepts, monitoring process, policies and procedures, and host-based and intrusion analysis.

Keeping this in mind, it is not surprising that most applicants do not know how to study for such a challenging exam appropriately. And if you are one of them, here are some tips you can follow.

Tips for Cisco 200-201 Exam

1. Assess Time and Work Needed Before Scheduling Exam

Everyone owns different training and experience, and so everyone learns differently. As per your familiarity with the exam topics and expertise, you should have time between your exam preparation and the scheduled date. You must understand the exam structure and topics to perceive how much you will require to study well.

Also Read: Help Your Career with Cisco CyberOps Associate 200-201 Exam

2. Make A Practical Timetable and Follow It

Without a proper study plan, it isn’t easy to pass any Cisco certification exam. So, make creating a timetable your priority, considering your work life. Devote at least one to two hours every day, rather than studying for eight to nine hours at one sitting. Studying every day will make you stay focused and dedicated. And assign more time to the topics you are weak in to improve your knowledge. In the case of studying for such a critical Cisco exam, consistency is necessary.

3. Take Cisco 200-201 Practice Test

One month before your scheduled exam, start taking practice test. Cisco 200-201 practice test to evaluate your learning and find out your knowledge gap. Practicing questions will acquaint you with the type of questions and exam environment. Exam anxiety will go away with consistent practice. Also, they gauge your conceptual knowledge of topics and develop an exam temperament.

Advantages of Passing Cisco CyberOps Associate 200-201 Exam

With the Cisco 200-201 exam, you will have the chance to learn the basic skills and get the appropriate knowledge of carrying out Cisco Cybersecurity Operations. Cisco CyberOps Associate certification will demonstrate that you can work with both an upgraded and new understanding of the expected fundamentals.

Passing the Cisco 200-201 exam is the only thing being in your way to establishing the career everyone wants. Here are some of the related job profiles, which you can get after passing your CBROPS exam:

• Network Analyst;
• Systems Administrator;
• Network Administrator.

And this is the most insignificant that you will be able to employ for and receive.

Conclusion

Cisco certification can help you develop and expand your skills and stay updated and more employable. Use Cisco 200-201 practice tests in your preparation journey. They can help you pass this certification exam so you can break into the excellent career opportunities that come with certification. So, don’t miss the opportunity and take it now!

Continue reading

Strategize Wi-Fi 6 upgrade with Cisco DNA Center

It is super exciting to see the rich set of features that Wi-Fi 6 has brought to the table. With the likes of high throughput, power optimization, and broadened security, Wi-Fi 6, as a technology that got enough to tempt the network upgrade. As a result, these promising capabilities could knock off an array of challenging access issues seen in the enterprise network.

In a typical enterprise setup, the network administrator is liable for leading the upgrade with no consequences. It warrants the admin to do due diligence in the planning phase to deal with the task smoothly.

Read More: 300-815: Implementing Cisco Advanced Call Control and Mobility Services (CLACCM)

Following are the top-of-the-mind questions of the administrator on the upgrade. 

1. Which areas need immediate access point upgrade 

2. What sort of Wi-Fi 6 Access points are the best fitting in the region

3. When and how to migrate without network interruption

What, do they sound like inhibitors? How relieving it may be if there is an efficient tool that provides sufficient insights and guidance for successful upgrades? Here it is. We have the Cisco DNA Center at our disposal to accomplish the purpose. Cisco DNA Center has a wide range of features that help right from planning to execution stage of the upgrade tasks.

Planning phase

During the planning phase, the administrator determines the various regions facing different access issues and prioritizes accordingly. Following are some of the typical access issues  

◉ The chokepoints in the access network in the form of excess congestion

◉ Areas that operate high power starving IoT devices

◉ Places where mobile devices struggle uplink performance

◉ Areas having higher interference, and so on. 

Cisco DNA Center Assurance has an exclusive dashboard to give insights into the Wi-Fi 6 readiness of the enterprise network and a set of AI/ML-driven dashboards to detect the regions where the Wi-Fi 6 upgrade makes a difference. With Wi-Fi 6 dashboard, the administrator will get the pattern of which level of Wi-Fi 6 enabled clients are noticed in the network and the regions where they are spotted regularly. This dashboard additionally gives insights into what infra level upgrade is needed to enable Wi-Fi 6 in the network. 

Once the network administrator obtains better information on the different regions for the network upgrade, the next logical step is to identify the appropriate types of Wi-Fi 6 access points to use. The good news is that Cisco offers a bundle of Wi-Fi 6 access points with all sorts of capabilities. Comparing and contrasting the various access points with the requirement will assist in finalizing the appropriate access points.

Upgrade phase

Usually, the network administrator will perform the upgrade activity during the planned maintenance window to prevent the loss of productivity of users. Cisco DNA Center offers a streamlined UI workflow byname “Access Point Refresh” using which the network administrator can conduct the upgrade task more fluidly.

Let us create a workflow task first

The preparatory work done in the planning phase will be handy. The workflow needs this information. Here is a quick digest of the steps involved in the workflow.

◉ At first, using this workflow, the network administrator should create a new upgrade task to capture the information as guided by the workflow. The administrator can edit and save the workflow task any number of times before submitting the replacement work to get triggered.

◉ In the workflow, the network administrator should select the site(s) and then the access points of those sites for replacement. 

◉ Then the administrator must provide the serial ID of the replacing (new one) access points against each to-be-replaced (old one) access point. Cisco DNA Center uses this information to verify that the access point used for the replacement is genuine. 

◉ There are two approaches to provide the new access point details. If the administrator has already connected the new AP to the corresponding switch, Cisco DNAC Center could detect that. As a result, the workflow shows this new AP that the administrator could select and proceed. Otherwise, if the new access point is not yet available to connect to the network or if the administrator plans that activity later, there will be a provision to add the serial ID manually. Cisco DNA Center learns the new AP through PNP or WLC discovery. 

◉ There is also a CSV template to help the administrator capture the old and new access point information in case of bulk replacement. 

Here is some screen captures to visualize the support.

It’s time to trigger the upgrade

Upon completion of the workflow, the administrator should submit the workflow to trigger the replacement activity. This offers many distinct approaches as follows for the admin to accomplish the task conveniently. 

◉ The network admin starts with powering off and removing the old Access Point and afterward adding a new Access point in the same switch.  

◉ On the other hand, if the new Access Point is not available yet, then the workflow task will wait till the new one gets connected to the network. The admin can follow the previous step when the new one is available. 

As part of a successful replacement, the task copies all required config from the old Access Point to the new one and prepares it for serving the clients.

And finally, this workflow also provides the report with the status of the replacement. If any replacement tasks have failed for any interim reason, there is an option to retry the replacement task.

We hope Wi-Fi 6 is rather interesting and the enterprise can conveniently proceed with the upgrade task with Cisco DNA Center.

Source: cisco.com

Continue reading

Eliminate Network Blind Spots with Visibility from Cisco Nexus 9000 Switches and ThousandEyes

Your organization depends on your network. As networks become more and more complex, the question arises: How do you know what the network is really doing?

Today’s data centers can extend far beyond their on-premises physical location. Data and applications can be with a co-location provider or across multiple cloud providers. For many organizations, data is distributed all around the globe in a web of micro-services and containers and, consequently, outside direct view and control.

With this wide variation of locations, the deployment of Cisco Nexus 9000 switches varies as well. They might provide a Data Center Interconnect (DCI), Cloud to Cloud Connectivity, or external connectivity to sites on the Internet. However, across this vast variation in deployment use-cases, one thing is common—there can be blind spots!

Read More: 300-710: Securing Networks with Cisco Firepower (SNCF)

Consider that, whether for the Internet, Cloud Connectivity or Data Center Interconnect, the transport infrastructure is often provided by an external entity. This external entity, either a Service Provider or your Backbone team, more than likely doesn’t give you operational access and visibility into what some might call the “sausage making” of networking. And that limits visibility and therefore control.

Gaining Deeper Visibility

Visibility into transport infrastructure is essential to optimize the efficient and reliable management of the network. Deeper visibility provides key performance indicators (KPI) such as throughput, path information, latency, jitter, and loss. This information assists in rapidly detecting and remediating transient network degradations—those that can only be detected with continuous monitoring of KPIs over time. Even more importantly, recording this data effectively provides visibility back in time to not just mitigate issues, but to identify and correlate their root causes so they can be eliminated before they reoccur.

In the past, IT used a variety of approaches to attempt to collect actionable KPI data. For example:

◉ Placing compute resources in a co-location for the purpose of collecting telemetry data

◉ Connecting a server outside the DMZ for the purpose of measuring performance

◉ Adding a collector to the DCI to provide visibility

Figure 1. A Server Used as a Telemetry Sensor

However, as Figure 1 shows, they might not be in the exact data path through which all traffic will pass. Also, using passive data collection does not provide critical visibility into the network paths that data traverses.

Integration with a ThousandEyes

In August 2020, Cisco completed the acquisition of ThousandEyes, an Internet and cloud intelligence platform capable of expanding visibility into, and delivering insights about, the digital delivery of applications and services over the Internet and the cloud. With Cisco’s strong Cloud and Data Center network portfolio, the integration of the ThousandEyes vantage points into the Nexus 9000 enables unprecedented visibility through ThousandEyes from Nexus 9000 switches.

Instead of placing additional compute resources in co-locations, connecting them outside your DMZ, or adding them to your DCI, you can install ThousandEyes Enterprise Agents on Cisco Nexus 9000 switches. The agents measure across the exact paths that data passes gathering crucial KPIs wherever a Cisco Nexus 9000 is present (see Figure 2).

Figure 2. Cisco Nexus 9000 hosting ThousandEyes Enterprise Agent

ThousandEyes and Nexus 9000 Integration Details

The Cisco Nexus 9000, in ACI or NX-OS mode, provides a hosting environment embedded in the switch’s Network Operating System (NOS) itself. Within NX-OS is a dedicated and secured Linux Container (sLXC) environment for the ThousandEyes Enterprise Agent called Guest-Shell. The agent is hosted in the sLXC and can access the switch’s bridging and routing tables for all its reachability needs. As communication to and from the agent resides in the Nexus 9000 itself, Control Plane Policing (CoPP) can enforce the allowed data-rate for additional protection. Figure 3 shows a schematic diagram of the ThousandEyes Enterprise Agent in a Cisco Nexus 9000 with NX-OS.

Figure 3. ThousandEyes Enterprise Agent hosting in Cisco Nexus 9000 (NX-OS)

Scalability, of course, is a key consideration. With tens, hundreds, or even thousands of switches in a network, simplified agent lifecycle management is crucial. While the ThousandEyes Enterprise Agent can be manually installed into the NX-OS Guest-Shell, the Cisco Nexus Dashboard Fabric Controller (NDFC) provides an integrated workflow to activate the functionality with a single click (see Figure 4).

Figure 4. Agent Install on Cisco Nexus 9000 (NX-OS)

The automated install/uninstall in NDFC, provides all necessary configuration settings so the latest version of the ThousandEyes Enterprise Agent can be directly downloaded from the Cisco Repository. Furthermore, the agent will also be automatically onboarded to the ThousandEyes Dashboard for the Test Setup phase of deployment. While Cisco NDFC provides unified configuration and installation of agents, you can still choose to use other tools such as Ansible Playbooks to perform these tasks.

Better Together for Deep Visibility

Operating a data center network requires a versatile and flexible approach to management with deep visibility into the network, including transport infrastructure. The deep linking and integration of Data Center Interconnect (inter-DC) visibility (ThousandEyes) with data center infrastructure (Cisco Nexus 9000) provides access to the KPIs needed to measure performance, quickly detect and resolve network issues, and correlate root causes to eliminate issues in the future.

Cisco continues to integrate new capabilities into Cisco Nexus Dashboard to provide a granular view into the many corners of the extended enterprise network. Today Nexus Dashboard has deepening integrations with Nexus 9000 switches, Cisco Insights, App Dynamics, and of course ThousandEyes, to improve end-to-end visibility from data center, to cloud, to applications and the workforce. With Cisco Nexus Dashboard as a single-point of control for visibility and insights, IT has the ability to foresee and mitigate many of the potential issues that impact the workforce and business operations before they become impediments to progress and profits. And so, the journey continues…

Source: cisco.com

Continue reading