Sunday, 7 November 2021

Catalyst 9000 Simplifies Network-Based Threat Detection Using Inline Security Telemetry

The term Catalyst is synonymous with accelerating change, stimulating actions, and facilitating transformations. The Cisco Catalyst 9000 family of switches and access points support these qualities for enterprise networks around the world, making it the fastest ramping product in Cisco’s history. Based on a powerful and flexible Programmable ASIC with Unified Access Data Plane (UADP) that unites wired and wireless data planes, the enterprise networking platform has delivered continuous innovations since its introduction, including:

◉ Purpose-built Zero-Trust Fabric for campus to branch with Cisco SD-Access

◉ Docker-based application hosting enabling use cases such as running ThousandEyes Agents on the switch

◉ Network-Based Application Recognition Engine (NBAR) for identification and control of 2000+ applications

As enterprise networks expand from centralized data centers and campuses to support a distributed workforce and thousands of edge IoT devices, IT faces unique security challenges. While the workforce can take advantage of zero-trust multi-factor authentication to ensure proper access security, IoT devices cannot. Now Cisco is leveraging the programmability of the UADP ASIC to deliver zero-trust security for the world of IoT devices.

Zero Trust for IoT Using Network Telemetry Analytics

IoT devices should be continuously assessed to check for unusual behavior such as pretending to be trusted endpoints using MAC Spoofing, Probe Spoofing, or Man-in-the-Middle techniques. IoT devices—typically smart building technologies such as lighting, HVAC, and security cameras—need to be segmented from Information Technology assets to prevent threats from moving laterally in the network. The key to segmenting IoT devices is to accurately profile and classify them according to type, communication protocols, and traffic patterns. To implement Zero Trust with least privilege access, both historical and real-time traffic telemetry needs to be available to Trust Analytics to detect sudden changes in device behaviors.

To attempt to accomplish this in the past, overlay solutions required spanning of live traffic from switches to collectors that run analytics on samples of telemetry. These additional components, as depicted in Figure 1, introduce deployment, configuration, and maintenance complexity, thereby increasing the TCO as well as IT overhead.

Cisco Prep, Cisco Preparation, Cisco Exam Prep, Cisco Tutorial and Materials, Cisco Certification, Cisco Learning, Cisco
Figure 1. Typical Overlay Model for Telemetry Generation

The unique way Catalyst 9000 switches and access points solve this problem—in conjunction with Cisco SD-Access—is by generating inline telemetry directly on the switches. This capability, based on the power of the UADP ASIC, eliminates the need to make copies of traffic from every switch to send to multiple services—exporters, brokers, collectors, and analyzers for each kind of traffic—to generate the necessary security telemetry. The capability to stream full telemetry information directly from Catalyst switches provides operational status of the network as well as Deep Packet Inspection of traffic flows so that Cisco DNA Center can detect the true purposes of device-to-device communications. Since DPI telemetry is generated directly by Catalyst switches, the need for expensive extraneous appliances is eliminated, as shown in Figure 2.

Another advantage is that since all Catalyst 9000 switches are generating telemetry simultaneously, there is no single point of failure—such as when a data broker is offline—increasing the reliability of catching abnormal traffic patterns being generated by an attempted infiltration by a threat actor.

Cisco Prep, Cisco Preparation, Cisco Exam Prep, Cisco Tutorial and Materials, Cisco Certification, Cisco Learning, Cisco
Figure 2. Deep Packet Inspection and Telemetry Generation with Catalyst 9000 Switches

Maintaining Zero-Trust Across Campuses


Wired and wireless traffic telemetry in one platform provides an expansive view across the campus for pinpointing security anomalies and threats from devices of all types. Cisco SD-Access plus Catalyst 9000 switches and access points uniquely provide traffic telemetry to Cisco DNA Center to identify device types, categorize devices by security group tags, and monitor every device for behavior anomalies.

For example, with all traffic telemetry streaming from Catalyst 9000 switches and access points, Cisco DNA Center can analyze the traffic being generated by each individual device and identify the type—security cameras, motion sensors, lights—tagging them with access policies for segmentation. Should a camera start talking in laptop language from a man-in-the-middle attack, the trust level of the camera will automatically be downgraded and isolated to prevent the lateral spread of an infection.

Cisco Prep, Cisco Preparation, Cisco Exam Prep, Cisco Tutorial and Materials, Cisco Certification, Cisco Learning, Cisco
The Cisco SD-Access Zero-Trust Journey

Connect, Secure, and Automate with Catalyst 9000 Infrastructure


The software-defined network fabric consisting of Cisco Catalyst switches and access points becomes a vast matrix of sensors supplying data for security analytics that monitor, detect, isolate, and report on threats as they occur. The Catalyst 9000 family of switches provides real-time security telemetry from millions of devices across multiple campus sites, from inner to outer edge of the network for endpoint analytics, policy analytics, and trust analytics to connect, secure, and automate the enterprise.

Source: cisco.com

Saturday, 6 November 2021

End-to-End Flow State Validation with Nexus Dashboard Insights Connectivity Analysis

Most IT operations folks are familiar with vaguely worded statements like “My application performance is bad,” “The network is slow,” and “Sometimes it works but sometimes it doesn’t.” Often, there’s very little concrete information to work with when attempting to diagnose network performance problems. Any number of possible culprits across a variety of different devices could be wholly or partially contributing to an issue. That leads to the question: “How do you quickly and definitively identify the issue?”

After ruling out the obvious, and some not-so-obvious, signs of a network issue–things like drop counters massively incrementing on an interface, incorrectly applied QoS or security policies, or insidious microbursts–the IT operator is often left with nothing else to do than delve deep into the guts of the network fabric to ensure that all devices and paths between a source and a destination have proper network state, in both the control plane and the data plane.

The Old Way

How does an IT operator approach this problem? The “Old Way” involves a tedious, error-prone, multi-step workflow to validate that the network is behaving as intended.

First, the leaf switches that have the problematic source and destination device attached must be identified. In this era of multi-tenancy, virtual machine mobility, and dynamic workload placement, identifying the edge devices is not as straightforward as it might seem. The approach typically involves logging into a random leaf switch and checking the local Address Resolution Protocol (ARP) table to see if the target IP happens to be directly attached in one of the virtual routing and forwarding (VRF) instances active on the switch.

Failing that, we can check the routing table in the appropriate VRF, hopefully identifying which remote switch has the IP attached. Next, login to that switch, check the local ARP table, identify the virtual LAN (VLAN) of the endpoint, and then check the media access control (MAC) table to find the physical interface. Repeat the process for the destination IP address. It’s tedious work, but necessary for ultimately identifying the leaf switches involved.

Figure 1 illustrates the typical workflow for identifying where a given endpoint attaches to the network fabric. In this case, we’re looking for host 172.16.112.96 in VRF “tenant1”.

Cisco Nexus Dashboard Insights Connectivity Analysis, Cisco, Cisco Exam Prep, Cisco Tutorial and Materials, Cisco Preparation, Cisco Guides, Cisco Career, Cisco Skills, Cisco Jobs
Figure 1. Identifying an Endpoint Location

Once we’ve identified the edge switches with the target endpoints attached, the next task is to identify all the possible paths through the fabric that can be used by those endpoints to communicate and which devices sit in each of those paths. We’ll take a simple spine-leaf topology where each leaf switch connects to four spine switches that provide the leaf-to-leaf interconnection.

If one of our endpoints is on switch “leaf5-ex”, we first identify the destination Virtual Tunnel Endpoint (VTEP) of the other endpoint via “show ip route”, then identify the underlay routing paths available to reach that VTEP. For a simple topology it may be obvious which devices are part of the end-to-end path. In other cases, we can use Cisco Discovery Protocol (CDP) or Link Layer Discovery Protocol (LLDP) neighbor details to identify the device IDs and host names of the transit devices.

Cisco Nexus Dashboard Insights Connectivity Analysis, Cisco, Cisco Exam Prep, Cisco Tutorial and Materials, Cisco Preparation, Cisco Guides, Cisco Career, Cisco Skills, Cisco Jobs
Figure 2. Identifying Paths and Devices

Depending on the topology, we may need to repeat this process multiple times to identify all relevant devices and paths. The goal is to identify to which leaf switches the endpoints are attached, the switches that interconnect them, and the interfaces that make up the available paths.

Next, we must validate that the control plane routing and forwarding state on every device along each of the paths is correct and consistent with the data plane state. We must connect to each device and check a variety of components, which may include routing protocol state, routing information base (RIB) state, spanning-tree state, interface status and health, and so on. We may also need to run one or more consistency checkers, which is logic built into NX-OS to ensure that the forwarding state known to the control plane is consistent with the contents of the Forwarding Information Base (FIB) and other hardware tables programmed into the ASIC hardware. This validation can be time-consuming and error prone. Wouldn’t it be nice if there was an easier way?

The Easy Way


It turns out, there is an easier way! Nexus Dashboard Insights, with its powerful Connectivity Analysis tool, takes the elements of tedium and human error out of the process of validating the end-to-end path between two endpoints in the network fabric. With minimal operator interaction, the Connectivity Analysis tool ensures that all fabric devices have up-to-date diagnostic capabilities, identifies which leaf switches the targeted endpoints are connected to, identifies all possible paths between those endpoints, and then ensures that both control plane and data plane states are valid and consistent to enable end-to-end network connectivity through all relevant devices.

NOTE: As of Nexus Dashboard Insights version 6.0, the Connectivity Analysis tool is available for NX-OS-based fabrics. A planned future release will introduce similar functions for Application Centric Infrastructure (ACI) fabrics as well.

Not only does the Connectivity Analysis tool validate the end-to-end network state, it also generates an intuitive path view showing all network devices in the path and highlighting any issues encountered that could affect successful communication between the target endpoints.

Figure 3 shows the main Connectivity Analysis screen when you open Nexus Dashboard Insights, presenting a summary of all prior analysis jobs with their current state (Completed, Failed, In Progress, etc.) as well as a button for creating a New Connectivity Analysis job. Of course, a Representational State Transfer (RESTful) API is also available for automating creation of new analysis jobs and querying their status.

Cisco Nexus Dashboard Insights Connectivity Analysis, Cisco, Cisco Exam Prep, Cisco Tutorial and Materials, Cisco Preparation, Cisco Guides, Cisco Career, Cisco Skills, Cisco Jobs
Figure 3. Connectivity Analysis Tool in Nexus Dashboard Insights

Taking the earlier example, if we’re debugging an issue between a known source and destination endpoint, we can create a new Connectivity Analysis job and simply plug in the source IP, destination IP, and VRF information. The tool can analyze both Virtual Extensible LAN/Ethernet VPN (VXLAN/EVPN) flows as well as “Classic” Layer 2 or Layer 3 flows and provides an option to run the analysis in Quick mode or Full mode. Figure 4 shows the Analyze Connectivity screen where you enter the required information and control the various job options.

Cisco Nexus Dashboard Insights Connectivity Analysis, Cisco, Cisco Exam Prep, Cisco Tutorial and Materials, Cisco Preparation, Cisco Guides, Cisco Career, Cisco Skills, Cisco Jobs
Figure 4. Connectivity Analysis User Input

In Quick mode, the Connectivity Analysis tool simply validates the basic control plane, forwarding health on relevant devices, including all overlay and underlay routes and interfaces, while also generating a visualization of the path topology between source and destination. In Full mode, multiple additional checks are performed, including a complete analysis of consistency between software and hardware forwarding state in all relevant forwarding tables.

Figure 5 shows the completed job summary, the topological view of all the network devices and paths between the source and destination, and a full Event Log with details of the job.

Cisco Nexus Dashboard Insights Connectivity Analysis, Cisco, Cisco Exam Prep, Cisco Tutorial and Materials, Cisco Preparation, Cisco Guides, Cisco Career, Cisco Skills, Cisco Jobs
Figure 5. Completed Connectivity Analysis Job Summary

Double-clicking any network node opens details for that device. Figure 6 shows the detail view (in this case for the device “spine2-fx2”), including summary data, path information, and detailed interface information for the relevant interfaces, with a description and status of each validation check performed as part of the analysis.

Cisco Nexus Dashboard Insights Connectivity Analysis, Cisco, Cisco Exam Prep, Cisco Tutorial and Materials, Cisco Preparation, Cisco Guides, Cisco Career, Cisco Skills, Cisco Jobs
Figure 6. Job Details for an Individual Switch

While the examples above uncovered no problems, if a job encounters an issue on one or more nodes, the tool shows all the details of the failure and impacted devices. For example, Figure 7 shows a failed job where an inconsistency was discovered between the software state and the hardware programming on a spine node.

Cisco Nexus Dashboard Insights Connectivity Analysis, Cisco, Cisco Exam Prep, Cisco Tutorial and Materials, Cisco Preparation, Cisco Guides, Cisco Career, Cisco Skills, Cisco Jobs
Figure 7. Connectivity Analysis Discovering an Issue

Double-clicking on the failed node (spine1-fx2) reveals the cause of the failure (as shown in Figure 8). A control-plane route was not programmed into the hardware correctly, resulting in an inconsistency. Since the failure is on a spine node, such a programming failure can result in sporadic issues. For flows that hash to other spine nodes, performance is not impacted, but any flows hashing to the mis-programmed spine could be black-holed.

Cisco Nexus Dashboard Insights Connectivity Analysis, Cisco, Cisco Exam Prep, Cisco Tutorial and Materials, Cisco Preparation, Cisco Guides, Cisco Career, Cisco Skills, Cisco Jobs
Figure 8. Failed Node Details

Uncovering such situations can vastly reduce the time required to conduct root cause analysis for forwarding issues in a large fabric. With the option in Nexus Dashboard Insights to collect detailed technical support data from the fabric and upload it to Cisco with just a few clicks, triaging issues locally or with Cisco TAC and driving them to resolution becomes considerably less time-consuming and work intensive.

Key Takeaways


The Connectivity Analysis tool provided by Nexus Dashboard Insights delivers a new level of simplicity and efficiency to the traditionally error-prone and time-consuming task of validating the end-to-end path between endpoints experiencing performance issues or packet loss. With just a few key pieces of information, the Connectivity Analysis tool does all the heavy lifting for you: identifying the leaf switches to which those endpoints attach, discovering all the possible paths between those endpoints through the fabric, and validating the health and consistency of each device and path involved.

Armed with the resulting data, IT operators can either rapidly prove that the network is “innocent” and that the problem likely lies with the host or application or, if a problem does exist in the network, identify the exact nature of the problem and the devices involved. With the additional capability in Nexus Dashboard Insights to easily collect logs and other technical support data and upload it to Cisco via the Cisco Intersight Cloud, tracking down problems in the network and driving them to rapid resolution is easier than ever before!

Source: cisco.com

Wednesday, 3 November 2021

Connecting people, places, and things – Cisco Networking innovations for hybrid work

Cisco Prep, Cisco, Cisco Exam, Cisco Exam Prep, Cisco Study Materials, Cisco Career, Cisco Skills, Cisco Jobs, Cisco Materials

The world is changing and the structure of connectivity between users, businesses, and devices has entered a new dimension. The rate of transformation has accelerated, including major advances in collaboration and access to applications and data from anywhere. However, remote connectivity has enlarged the attack surface for cyber criminals and troubleshooting outside your corporate border is challenging.

Our customers are looking for solutions for hybrid work, providing agility for users to securely connect from work, home and everywhere in between. Businesses must empower their hybrid workforce with seamless access to cloud applications and high-quality collaborative experiences. IT is also tasked with maintaining security, control, and governance across devices, networks, clouds and those applications.

Our latest Networking innovations provide advanced analytics and insights to improve operations for remote IT operators, along with greater integration with storage and cloud providers for more seamless and secure access to applications and data. Learn more about how these innovations can improve the user experiences to support hybrid work environments below.

Cisco Prep, Cisco, Cisco Exam, Cisco Exam Prep, Cisco Study Materials, Cisco Career, Cisco Skills, Cisco Jobs, Cisco Materials
Wireless 3D Analyzer in Cisco DNA Center

Simplified Operations for the Workforce and Workspace


To better support the demands of the hybrid workspace, the Cisco DNA Center release 2.2.3 brings exciting upgrades that enable IT to improve wireless performance, facilitate zero trust networking, and support smart building deployments.

With the new Wireless 3D Analyzer, Cisco announces the first true 3D wireless indoor propagation tool. Use your mouse to move around and visualize where signal is propagating through the actual architectural design of your office. You can simulate adding walls or reorganizing the workspace to accommodate your return to office plan. Then do a simulation of the new wireless network design to support this new plan so that you buy what you need without over-dimensioning. And IT teams can simulate this office redesign without being in the office themselves.

Cisco Prep, Cisco, Cisco Exam, Cisco Exam Prep, Cisco Study Materials, Cisco Career, Cisco Skills, Cisco Jobs, Cisco Materials
Now you can enjoy real time visibility over your zero-trust network like never before. Across both your offices and remote workers, a new policy analytics dashboard gives you complete policy and endpoint status at a glance. You’ll see alerts for any attempted policy violations, including spoofing detection, and a granular trust score engine for specific details on endpoint security decision parameters.

Deploying Smart Buildings means supporting more and more IoT endpoints. Network teams struggle to get complete visibility for PoE switch capacity and actual endpoint power consumption without visiting remote branches. Our new PoE Analytics dashboard can show your team actual power usage, available power, and in which ports. The tool then monitors these devices for unusual power consumption and other anomalies. Need to send five new IP cameras to the office in Singapore? Now you can tell the local team what switch ports have power and monitor the usage.

We are also making it easier to add on other Cisco DNA software products to your network with the Cisco DNA Expansion Pack. This new offer allows you to enhance your Cisco Networking solutions with SD-Access, Zero Trust Networking, Encrypted Traffic Analytics (ETA), digital experience monitoring, location analytics and assurance. It provides flexible way to purchase Cisco Identity Services Engine (ISE), Cisco DNA Spaces, Cisco ThousandEyes, Secure Network Analytics (Stealthwatch) and other licenses, appliances, and services in one convenient bundle.

Putting IT in control of Internet traffic


Hybrid work has also shifted traffic patterns, where more traffic runs across the Internet. To securely scale out your network to the Internet, Cisco SD-WAN provides a software-defined approach to managing across your users, branches, clouds and the Internet. Businesses are moving to a multicloud environment that requires secure connectivity everywhere and visibility that extends from into your enterprise network and beyond into the cloud.

Now, more than ever, enterprises need agility to adjust their business models as they continue their journey to the cloud. In this release, we are offering greater interconnection with Cloud and SDCI partners, enhanced multitenancy support and several other advancements for Cisco SD-WAN.

Cisco Prep, Cisco, Cisco Exam, Cisco Exam Prep, Cisco Study Materials, Cisco Career, Cisco Skills, Cisco Jobs, Cisco Materials

Cisco SD-WAN Cloud Interconnect with Equinix delivers seamless, automated connectivity to multiple IaaS and SaaS environments, without all the complexity. The joint solution enables customers to create network connections to their multicloud deployments with greater agility, reduced operating costs, and increased speed to market compared to classic connectivity options. ​

Managing multi-domain networks and applications has created complexities and IT requires a simple approach. The integration of Cisco SD-WAN Cloud Hub with Google Cloud Service Directory allows enterprises to automate SD-WAN policy for custom applications in multicloud based on application profile. ​The solution bridges DevOps and NetOps; now DevOps can define traffic profiles in Google Cloud Service Directory and NetOps can translate those profiles into network policies.

Cisco Cloud OnRamp for IaaS: Azure Secure vWAN extends the SD-WAN policy seamlessly to Microsoft Azure and then it provides analytics via telemetry for troubleshooting in Azure as well as secures connectivity to every type of traffic flow. Cisco is the first Enterprise SD-WAN Partner to support an additional layer of security with support for service chaining with Azure Firewall in the Azure Virtual WAN Hub. This process has traditionally been manual and tedious. With this integration, the guesswork is removed, and customers can save time by automatically securing any traffic whether it originates from branch to host vNets, or vNets to Branch, branch to internet or vNet to Internet.

Cisco Prep, Cisco, Cisco Exam, Cisco Exam Prep, Cisco Study Materials, Cisco Career, Cisco Skills, Cisco Jobs, Cisco Materials
Many customers rely on a Managed Service Provider (MSP) to build out their SD-WAN. Recent enhancements in Cisco SD-WAN Multitenancy increases both scalability and security, which will increase capacity and density to scale and reduce costs for MSPs as well as large enterprises that require multitenancy. The addition of Reverse Proxy adds a layer through which access to Cisco vManage occurs using a Proxy server providing an encrypted bi-directional communications path. The shared control, management, and orchestration plane across multiple tenants will reduce CapEx. Single pane of glass for management and operations of multiple tenants reduces OpEx and flexibility is increased with support for on-prem and cloud, API support and support for KVM and ESXi.​

The Cisco vManage User Interface (UI) has been updated providing a highly visualized and more intuitive user experience that simplifies network management and onboarding of SaaS, IaaS, and security for network operators with expanded pre-configured templates and guided step-by-step configuration.

In a previous release, we provided integrated Unified Communications on the Cisco SD-WAN platform – eliminating the need for a separate UC platform with the associated acquisition and support costs. In this release, we are offering further platform consolidation incorporating the 5G connectivity into Cisco SD-WAN Edge platforms with the new 5G Pluggable Interface Module (PIM) and Cisco mGig WAN module (NIM). ​This eliminates the need for a separate gateway. Manage up to 3.3Gbps of cellular edge routing in Cisco SD-WAN with direct internet access at the branch and connect to multicloud applications regardless of broadband availability.

In addition to all this news, look out for an exciting announcement next week on how Cisco will provide more customer choice and flexibility in expanding Cisco DNA Software capabilities.

Cisco continues to innovate to address the hybrid workplace transformation the world is undergoing. A secure, agile network has never been more important, and our solutions will help you enable a safe return to the workplace, secure work from home and anywhere access to multicloud applications.

Source: cisco.com

Tuesday, 2 November 2021

Simplify Hybrid Cloud Networking with Cisco Nexus Dashboard

Simplicity is the ultimate sophistication.  – Leonardo da Vinci

For IT, complexity is the antithesis of agility. However, with the increased demand for remote healthcare, distance learning, hybrid work, and surging dependence on online retail, there is an urgent shift to hybrid and cloud-native applications to keep up with the necessary digital transformations—thus adding complexity.

Hybrid cloud is now the reality for nearly all enterprises. Workloads are distributed across on-premises, edge, and public clouds. However, seamless operations of hybrid cloud applications across distributed environments needs to address stringent location-dependent requirements such as low latency, regional data compliance, and resiliency. Adding to the complexity is the additional need for governance—compliance, security, and availability—to which networking teams need to adhere. The need for visibility and insights closer to where data is created and processed—on-premises, cloud, and at the edge—is also critical.

Cisco Hybrid Cloud Networking, Cisco Nexus Dashboard, Cisco Preparation, Cisco Career, Cisco Exam Prep, Cisco Certification
Hybrid Cloud Networking Challenges
 
How does an operations’ team deal with this complex new hybrid cloud networking reality? They need three operational capabilities:

◉ Obtain a unified correlated and comprehensive view of the infrastructure.
◉ Gain the ability to respond proactively across people, process, and technology silos.
◉ Deliver speed of business, without increasing operating costs and tool-sprawl.

It is a multidimensional challenge for IT to keep applications and networks in sync. With the ever-increasing scope of the roles of NetOps and DevOps, an automation toolset is needed to accelerate hybrid cloud operations and securely manage the expansion from on-prem to cloud.

Flexible Hybrid Cloud Networking with Cisco Nexus Dashboard


Cisco Nexus Dashboard 2.1, the newest of Cisco’s cloud networking platform innovations, will help IT simplify transition to hybrid applications using a single agile platform. Besides bridging the gap in tooling, one of the major capabilities of the Nexus Dashboard is enabling a flexible operational model for different personas—NetOps, DevOps, SecOps, and CloudOps—across a plethora of use cases.

Cisco Hybrid Cloud Networking, Cisco Nexus Dashboard, Cisco Preparation, Cisco Career, Cisco Exam Prep, Cisco Certification
Cisco Nexus Dashboard: One Scalable, Extensible Platform Across Global Hybrid Infrastructure

Conventionally, operators relied on disjointed tools for specific functions across connectivity, visibility, and security. With multiple capabilities being natively integrated into the Cisco Nexus Dashboard, as well as 3rd party services, Cisco is simplifying the overall experience for IT.

Operators can now manage their hybrid cloud network infrastructure with ease from a single automation and operations platform, Cisco Nexus Dashboard—whether they are running Cisco Application Centric Infrastructure (ACI) or Cisco Nexus Dashboard Fabric Controller (NDFC) in their hybrid cloud infrastructures.

New innovations with Nexus Dashboard 2.1 include availability on AWS and Azure marketplaces; Nexus Dashboard One View, which provides a single cohesive view of all the sites being managed and the services installed across Nexus Dashboard clusters; advanced endpoint analytics; scalable connectivity through Nexus Dashboard Orchestrator (NDO); Nexus Dashboard Insights (NDI); Nexus Dashboard Data Broker (NDDB) service; and many more capabilities. Let’s look at five capabilities of Cisco Nexus Dashboard 2.1 that are delighting customers.

1. Hybrid Cloud Connectivity at Scale with Nexus Dashboard Orchestrator

New hybrid cloud capabilities include support for Google Cloud—in addition to AWS and Azure integrations—and connectivity automation capabilities to enable new use cases, such as:

◉ External Connectivity: Cloud VPCs/VNet to external devices (branch router, SD-WAN edge, colocation routers, or on-prem routers)

◉ Hybrid Cloud Connectivity: Automate connectivity for GCP, AWS, and Azure clouds and on-premises ACI sites using BGP and IPSec

◉ Stitching connectivity: Cloud VPCs/VNET, On-Prem VRFs, including route management

Connectivity is established by BGP peering and IPSec tunnels connecting the cloud site’s Cloud Services Routers (CSR) or Google Cloud’s Native Cloud Router, to the external devices. Once connectivity is established, IT can enable route leak configurations to allow subnets from the external sites to establish connectivity with the cloud site’s VPCs/VNETs.

Cisco Hybrid Cloud Networking, Cisco Nexus Dashboard, Cisco Preparation, Cisco Career, Cisco Exam Prep, Cisco Certification

2. Change Management Workflow with Nexus Dashboard Orchestrator

In a modern enterprise IT team, there are typically multiple personas involved from design to deployment. The design team (Designer Persona) can create and edit the Nexus Dashboard Orchestrator templates and send them to the deployment team (Approver/Deployer Persona) for approval. The deployment team reviews and approve templates ahead of a change management window and queues the templates for deployment during the actual change management window.

Starting with the latest version, Nexus Dashboard Orchestrator 3.4(1) release, a structured persona-based change management workflow provides additional operational flexibility. Three personas for template management—Designer, Approver, and Deployer roles—are available. An admin can assume one of these roles or a combination of them.

◉ Designers: Create and edit template application policies and sends them to Approvers for review and approval.
◉ Approvers: Review the templates and either approves for deployment or rejects the proposed changes and sends it back to the Designer to update the template based on comments.
◉ Deployers: Deploys templates or initiates a rollback to previous version of template.

When Approvers review the templates, they have a GitHub-style “diff view” to clearly compare the before and after changes so they can easily review, approve, reject, and comment on the template differences.

Cisco Hybrid Cloud Networking, Cisco Nexus Dashboard, Cisco Preparation, Cisco Career, Cisco Exam Prep, Cisco Certification

Deployers have two additional new capabilities for effective change management operations:

◉ Configuration preview: Preview of the exact configuration—XML Post and graphical views—that will be deployed to the sites so the Deployer can decide to proceed or abort deployment commit.

◉ Template versioning / rollback: Each template is automatically versioned during save or deploy, giving the Deployer the ability to rollback to previous template versions. During rollback the Deployer can see the GitHub style diff between two versions and decide to proceed with the rollback.

Since Nexus Dashboard Orchestrator change management is fully API based, IT can integrate the workflow with in-house tools currently in use.

3. Unify Hybrid Cloud Operations with Nexus Dashboard One View

With Nexus Dashboard 2.1, IT can operate their distributed environment across multiple clusters from a single focal point of control, with the ability to span visibility into fabrics. The scale out architecture adapts to growing operational needs while the One View capability provides a single pane of glass experience, with support for Single Sign On (SSO) and Role Based Access controls (RBAC). This enables operators to consume insights, advisory, and assurance stack as a unified offering to address prevention, diagnosis, and remediation.

Cisco Hybrid Cloud Networking, Cisco Nexus Dashboard, Cisco Preparation, Cisco Career, Cisco Exam Prep, Cisco Certification
Cisco Nexus Dashboard One View
 
Nexus Dashboard 2.1 takes visibility of network traffic up a notch with support for flow drops, giving IT the ability to identify packet drops in the network as well as the location and reasons. Flows impacted due to events in a switch like buffer, policer, forwarding drops, ACL drops, policer drops, etc. are identified using Flow Table Events (FTE).

Cisco Hybrid Cloud Networking, Cisco Nexus Dashboard, Cisco Preparation, Cisco Career, Cisco Exam Prep, Cisco Certification
Cisco Nexus Dashboard Data Broker

In addition, Cisco Nexus Dashboard Data Broker (NDDB) is a one of the newest Nexus Dashboard service that facilitates visibility by filtering the aggregated traffic and forwarding traffic of interest to the tools for analysis. It is a multi-tenant-capable solution that can be used with both Cisco Nexus and Cisco Catalyst fabrics.

4. Predictive Change Management with Nexus Dashboard Insights

IT can now predict the impact of the intended configuration changes to reduce risk.

◉ Test and validate proposed configurations before rolling out the changes
◉ Proactive checks to prevent compliance violations, while minimizing downtime and Total Cost of Ownership
◉ Continuous assurance to address compliance and security posture

Cisco Hybrid Cloud Networking, Cisco Nexus Dashboard, Cisco Preparation, Cisco Career, Cisco Exam Prep, Cisco Certification
Predictive Change Management with Nexus Dashboard Insights

5. Nexus Dashboard APIs: Automation and Operational Agility for NetOps and DevOps

Cisco Nexus Dashboard now enables a rich suite of services through APIs for third-party developers to build custom apps and integrations. Nexus Dashboard APIs enable automation of intent using policy, lifecycle management, and governance with a common workflow. For example, IT can consume ITSM and SIEM solutions with ServiceNow and Splunk apps available through Nexus Dashboard.

Cisco Hybrid Cloud Networking, Cisco Nexus Dashboard, Cisco Preparation, Cisco Career, Cisco Exam Prep, Cisco Certification

The HashiCorp Terraform and Red Hat Ansible modules published for Nexus Dashboard enables DevOps, CloudOps, and NetOps teams to drive infrastructure automation, maintain network configuration as code, and embed the infrastructure config as part of the CI/CD pipeline for operational agility.

Our Customers Love Nexus Dashboard, and You Will Too!


As a unified, simple to use automation and operations platform, Cisco Nexus Dashboard is the focal point that customers such as T-Systems can use to build, operate, monitor, troubleshoot, and manage their hybrid cloud networking infrastructure.

Cisco Hybrid Cloud Networking, Cisco Nexus Dashboard, Cisco Preparation, Cisco Career, Cisco Exam Prep, Cisco Certification

Are You Ready for Simplicity?


In IT operations, network automation is the key to simplify hybrid cloud complexity, meet KPIs, and increase ROI. Incorporating the needs of NetOps, DevOps, SecOps and CloudOps for full lifecycle operations is table stakes to make this a reality. The latest updates to Cisco Nexus Dashboard deliver the simplicity expected by IT operations teams to become a trusted partner in their digital transformation journey.

Source: cisco.com

Saturday, 30 October 2021

Cisco wireless 3D analyzer: A game changer in simplifying WiFi planning, monitoring, and troubleshooting

Wireless connections are ubiquitous and have become a part of our daily lives. But planning and then maintaining a Wi-Fi network, optimized for today’s radio coverage and capacity requirements, may not be a daily or even yearly task for an otherwise seasoned network administrator.

While wireless technologies are ubiquitous, they still interact with the physical environment.  Architecting the best coverage for a specific environment depends on many different factors like obstacles (walls, doors, windows), building geometry and materials as well as the number of users and intended usage. Looking across verticals demonstrates a wide range in complexity that can be encountered within different environments. For example, covering a moderate sized Enterprise Office space could be as simple as correctly placing some APs with omni-directional antennas, while covering a high ceiling warehouse means directional antennas to cover the space and more engineering to get it right. The challenge is that RF, unless visualized somehow, is invisible.  Seeing the RF in enough context to determine the correct angles, power, coverage, and capacity needs requires good tools.

Our new solution

Cisco Wireless 3D Analyzer changes the overall planning and maintenance experience for network operators. It provides a visual 3D immersive experience that simplifies many of the aspects of the processes mentioned above. At the same time its deep analysis ensures insights into the key success factors required.

Typical workflow for a new site looks like this:

◉ Planning, laying out the deployment at scale and analyzing the proper placement.

◉ Deployment of the equipment and on-boarding the site.

◉ Coverage validation, ensuring that the coverage meets the designed requirements.

◉ Tuning of the network configurations to optimize the coverage and capacity.

Adding the floor map to the management server to monitor static 2D heat maps.

Cisco Wireless 3D Analyzer allows the user to perform these planning and deployment operations remotely on their laptop well before ever placing products on the floor space. Post deployment, the Cisco Wireless 3D Analyzer correlates the existing telemetry data along with the predictive results to provide a unified view of everything needed to dynamically monitor the complex interactions occurring daily on the network. This drastically reduces the OPEX needed for the same operations, while providing a simplified and intuitive user experience.

Solution building blocks

Here are the main components of the solution

Cisco Wireless 3D Analyzer, Cisco Wireless, Cisco Prep, Cisco Preparation, Cisco Guides, Cisco Learning, Cisco Career, Cisco Jobs
Figure 1 – 3D Analyzer Solution Building Blocks

Cisco Wireless Network is the overall network infrastructure consisting of APs, sensors, switches, wireless controllers, Cisco Identity Services Engine (ISE) and other network resources. It is needed to provide the edge services for the client devices.

Cisco DNA Center is the single point in the system that provides Day 0 with automation of provisioning and on-boarding tasks to life cycle monitoring/management and analysis. It also imports floor maps of the customer buildings.

Cisco Wireless 3D Analyzer is a web-app that runs on the network administrator’s browser. Moreover, it connects to Cisco DNA Center through https. The system uses state of the art 3D visualization and General-Purpose GPU technologies to build predictive models of the floorspace’s wireless environment. It allows the user to have 3D visual representations of the network coverage, its capacity, and many related insights on the same.

Cisco Wireless 3D Analyzer brings the wealth of wireless telemetry data already available in Cisco DNA Center and combines this with the powerful context that the interactive 3D model can provide. The analyzer not only allows the user to see all this information in context, but also allows the powerful analysis engine to combine thousands of data points and provide actionable conclusions. The system minimizes the manual tuning, requiring a site visit, to optimize the network. The systems, using over-the-air measurements, allows verification of proper operations or gives clear indications on what will require some tuning, not just on Day 0, but for the life cycle of the deployment to Day n.

How does it work?


The Cisco Wireless 3D Analyzer provides both Life Cycle Management and Planning within an immersive 3D operational experience.

Planning

Given a CAD or Ekahau Project file, that contains data regarding walls and materials, the app generates a 3D model of the environment and uses predictive modeling to display the RF coverage from the floor to the ceiling. Input for the model relies on telemetry available to accurately describe the current power, channels, and even antenna coordinates dynamically to render the environment. The powerful analysis engine looks at the millions of interactions between the access points, client devices, sensor APs, and the described physical environment across the 3D floor area. The 3D Analyzer can dynamically identify and isolate for view any service level issues discovered.

Cisco Wireless 3D Analyzer, Cisco Wireless, Cisco Prep, Cisco Preparation, Cisco Guides, Cisco Learning, Cisco Career, Cisco Jobs
Figure 2 – Planning Prediction (iso-surfaces view)

Maintenance

Unlike a traditional static 2D heat map, the Cisco Wireless 3D Analyzer also correlates real time data from the network. This is possible through the Cisco DNA Center telemetry and the Catalyst stack architecture, sensors, and assurance data. It allows correlation of the predictive results with the actual measured ground truth in the 3D floor map. This not only provides visual assurance of the accuracy, but a dynamic way to alert to harmful changes in the physical world.  The 3D environment is augmented with the access points’ runtime health score as well as other critical data at multiple levels within the “virtual reality”.  See the health scores below inside the colored tear drops.

Cisco Wireless 3D Analyzer, Cisco Wireless, Cisco Prep, Cisco Preparation, Cisco Guides, Cisco Learning, Cisco Career, Cisco Jobs
Figure 3 – Prediction and Measurement (point cloud view)

Also please note that available sensor measurements are also integrated into the overall big picture of your network.  Sensors are shown above in the circles labeled S.

The below chart illustrates the main data flows driving the 3D Analyzer’s view of the physical world. It’s a lot of correlation, and an unprecedented view of the network’s context.

Cisco Wireless 3D Analyzer, Cisco Wireless, Cisco Prep, Cisco Preparation, Cisco Guides, Cisco Learning, Cisco Career, Cisco Jobs

The Cisco Catalyst network provides live data to Cisco DNA Center, which is drawn on by Cisco Wireless 3D Analyzer. Using the floor maps, actual inventory HW models and current configurations, the app can generate the predictions and their correlation with the live data, providing a full 3D context rich visualization environment.

Key use cases


Here are a few use cases that Cisco believes brings new efficiencies and accuracy to your view of the network.

Visual insights

The Cisco Wireless 3D Analyzer correlates the predicted data along with telemetry inputs, analyzes the results, and provides insights into the networks behavior. In the example below, the system detected that 67% of the floor’s RSSI coverage falls below the user-configured KPI (Key Performance Indicator) of -70dBm. With a single mouse click on the Insight, the environment is configured instantly to highlight the exact location of deficiency, instantly providing a clear and actionable view.

Cisco Wireless 3D Analyzer, Cisco Wireless, Cisco Prep, Cisco Preparation, Cisco Guides, Cisco Learning, Cisco Career, Cisco Jobs
Figure 4 – Visual Insights

Detection of Channel Interference

On a wireless network, interference is the opposite of performance.  By changing the view to “interference” the visualization now highlights areas where the network interferes with itself.  In addition, the APs and Channel selections responsible are highlighted clearly to quickly provide context and identify the source.

The 3D analyzer not only detects and alerts to these issues, but it also allows the administrators to safely model solutions in real time without making changes to the configurations in the physical world.

Cisco Wireless 3D Analyzer, Cisco Wireless, Cisco Prep, Cisco Preparation, Cisco Guides, Cisco Learning, Cisco Career, Cisco Jobs
Figure 5 – Co-Channel Interference Detection

The system can detect multiple types of interferences (co-channel, adjacent-channel, neighbor), together with interferences coming from other floors. Here is a multi-floor 3D representation of coverage that could create interference.

Cisco Wireless 3D Analyzer, Cisco Wireless, Cisco Prep, Cisco Preparation, Cisco Guides, Cisco Learning, Cisco Career, Cisco Jobs
Figure 6 – Multi-floor coverage 3D visualization

High Ceiling Environment Analysis

High ceiling environments, such as a warehouse, constitute challenging use cases, often mis-treated in design practice. Increasingly, it is not enough to only provide good coverage at the floor level. With automation and operations taking users to all levels within the physical environment, it has become increasingly important to understand the effectiveness of coverage from the floor to the ceiling. A 2D map can show the RF at an assumed user level but visualizing the coverage at every level in between can become a chore. The 3D visualization not only displays this but will allow the visualization to show as a scan with 6-inch resolution in elevation slices. The resulting visualization allows the user to visualize different configurations and effective solutions based on the modeled environments data in terms of shelves, racks, boxes, and capacity levels.

Cisco Wireless 3D Analyzer, Cisco Wireless, Cisco Prep, Cisco Preparation, Cisco Guides, Cisco Learning, Cisco Career, Cisco Jobs
Figure 7 – Warehouse view

The coverage predictions consider all these obstacles, together with the actual antenna data to provide holistic floor views. Optimal efficiency is not an accident, it is planned. Through the lifecycle of the network, plans can and do change. The 3D analyzer can help watch it for you.

Cisco Wireless 3D Analyzer, Cisco Wireless, Cisco Prep, Cisco Preparation, Cisco Guides, Cisco Learning, Cisco Career, Cisco Jobs
Figure 8 – Warehouse point cloud view

Cisco Wireless 3D Analyzer, Cisco Wireless, Cisco Prep, Cisco Preparation, Cisco Guides, Cisco Learning, Cisco Career, Cisco Jobs
Figure 9 – Automatic Elevation Scanner

The picture above shows an elevation scanning playback. It allows users to get insights about coverage at each elevation from floor to ceiling.

First Person View 

Invoking the first-person view allows the administrator to step into the modeled environment and view it from the user plane.  The constant telemetry readouts while moving through the environment and mousing over the deployed assets all lead to an unprecedented ability to understand the physical environment.  All this without even getting in the car.

Cisco Wireless 3D Analyzer, Cisco Wireless, Cisco Prep, Cisco Preparation, Cisco Guides, Cisco Learning, Cisco Career, Cisco Jobs
Figure 10 – First Person View

Antenna Propagation

Challenging high ceilings, or high-density environments often require specific antennas to achieve desired results. It can be difficult for many people to visualize how a particular antenna type will fit into the coverage environment. With the Cisco Wireless 3D Analyzer this becomes easy. The administrator can visualize the coverage patterns at all RSSI values and see how an angle could be optimized. Moreover, the administrator can check how a different antenna can provide the optimal solution to the challenge.

Cisco Wireless 3D Analyzer, Cisco Wireless, Cisco Prep, Cisco Preparation, Cisco Guides, Cisco Learning, Cisco Career, Cisco Jobs
Figure 11 – Antenna propagation view

Being able to visualize changes to existing or new solutions within a known environment not only allows for quick assessments for fluid change management, but also provides a safe environment to build confidence and skills in the management staff. Wireless is much more fun when you can see it. By the way, you get all of this “before” ever setting a foot on the site.

Source: cisco.com

Friday, 29 October 2021

Appearing For CCNA 200-301 Exam? CLICK HERE.

Making the first steps in IT can be challenging. But, there are many solutions to make this path more straightforward, and one of them is obtaining a certification. And if you want to establish a career corresponding to networking, consider passing the CCNA 200-301 exam that will get you the CCNA certification and qualify you to get entry-level jobs as a network engineer and network administrator, to mention a few.

Overview of CCNA 200-301 Exam

Before sitting for the CCNA 200-301 exam, it is vital to know all the information concerning it. The certification exam has a duration of 120 minutes, consisting of 90-110 questions, and is taken in the English and Japanese languages. To schedule the exam, you require to create an account on the Pearson VUE website.

The CCNA 200-301 exam syllabus is split into different sections. To pass the exam, the applicants must prove a solid comprehension of the following CCNA topics:

  • Security Fundamentals – 15%
  • IP Services – 10%
  • Automation & Programmability – 10%
  • Network Fundamentals – 20%
  • IP Connectivity – 25%
  • Network Access – 20%

The percentage designates the number of questions corresponding to each domain that will be asked in the exam. Keep in mind that other topics can also be incorporated in the exam without former notice. Still, to raise your odds of passing the CCNA 200-301 exam, you better stick to these topics.

The opportunity of the available networking jobs is broad since the test emphasizes networking topics and security, automation, and others. At the same time, you require to know some preparation strategies to include the CCNA syllabus with ease and boost your IT career. Let’s dive into the exam preparation tips.

Tips for CCNA 200-301 Exam Preparation

1. Obtain CCNA 200-301 Exam Information

A vital step in studying for any exam is to obtain a list of the topics to be studied. And the more comprehensive it is, the more attention you should pay to this phase. Regarding the CCNA 200-301 exam, you can find a complete outline from Cisco’s official webpage. Moreover, it’s also vital to know what types of CCNA exam questions, how much time you’ll be given, and other facets.

2. Make the most of the Available Resources

There are a lot of study resources available for the 200-301 exam available online to help you know what to expect and what to center your preparation on. Official training courses, study guides, practice tests, and videos will help you in understanding everything required.

Why Take CCNA Practice Test to Ace CCNA 200-301 Exam?

To some extent, it is not good to depend only on the official study resources and books for the CCNA 200-301 exam preparation. Make sure you add on these resources with the CCNA practice test since learning with them is one of the best means for evaluating yourself and recognizing knowledge gaps.

Must Read: CCNA 200-301 Exam: Details, Preparation Options and Career Scope

Most applicants think that taking the CCNA practice test is answering a series of questions, but this is the whole thing. A practice test makes you familiar with the exam environment and time limitations.

CCNA practice test follows the same pattern as the actual CCNA 200-301 exam and helps you figure out your weaknesses and strong areas. But, you must ensure that you are performing practice tests from authentic and verified platforms only.

Why Obtain CCNA Certification?

  • CCNA certification benefits employers and employees in the IT field. Many applicants have experienced career or pay boost after acquiring the CCNA certification by passing CCNA 200-301 exam.
  • It has been noticed that CCNA certified professionals are designated to receive higher-paying jobs when compared to other non-certified peers.
  • IT professionals or Networks engineers with a CCNA certification hold great possibilities of getting a promotion if they are presently working in an IT organization.
  • The knowledge acquired throughout the preparation of CCNA 200-01 exam preparation can be implemented in real-world scenarios.
  • 93% of employers all over the world consider that CCNA certified professionals are more well-versed and add more value to their organizations.
  • All of the Cisco organizations and partners are known to prefer and employ people with CCNA certification.
  • Even a top-class network engineer with 90% marks in graduation is required to confirm his IT skills with CCNA certification.

Wrap Up

Passing the CCNA 200-301 exam may be tough, but it is surely possible. And utilizing the resources mentioned in this article can enhance your odds of success. Use the CCNA practice test to gauge your knowledge and test-taking skills in advance, pass the exam, and start your rise on the IT career ladder.