Cisco UCS and Cisco MDS

Better together

At a concert, few years ago, the director spoke to the audience and said something that resonated in my mind for long time. His words went like this: the value of the ensemble is greater than the sum of the value of the individual musicians. The meaning was clear. He wanted to illustrate the significance of playing together, as an orchestra, rather than a group of individual sound musicians.

The same concept comes to my mind when I think of the combination of Cisco UCS, and Cisco MDS 9000 storage networking. You can use them independently, or connected to other products. But the combination of Cisco UCS and Cisco MDS delivers unique benefits that exceed the sum of the individual products. The pseudo-mathematical formula 1+1=3 can well express the concept. Alternatively, another way to describe it is the prosaic expression “better together”.

Cisco UCS + Cisco MDS synergy: 1+1=3

The joint adoption of Cisco UCS compute systems and Cisco MDS 9000 Series of storage networking switches provides a significant benefit to the enterprise. Over the years, I have collected information from the many customer opportunities I have been directly involved in. When reflecting on that, I identified a list of synergies and benefits coming from the joint adoption of Cisco UCS with Cisco MDS 9000. I also discovered those benefits can be grouped into three main categories: advanced design options, easier management and better support.

Key advantages

◉ Multiprotocol flexibility allows organizations to deploy Fibre Channel and FCIP on a single chassis and more easily benefit from the advantages of both technologies. Support for SCSI, NVMe and FICON protocols is also available. Moreover, you have the advantage to be fully covered under a Cisco verified solution.

◉ VSANs can logically segregate storage traffic and create multi-tenancy, and they are supported in the Fibre Channel fabric and within Cisco UCS. This capability is only available from Cisco.

◉ VSAN trunking allows the use of the same link for carrying traffic from multiple VSANs, reducing the need for multiple links while segregating traffic. This is a unique Cisco capability.

◉ F-port PortChannels provide link aggregation of multiple Cisco UCS to Cisco MDS 9000 physical links into a single logical channel, as well as fault tolerance and uniform traffic load balancing. This capability is only available from Cisco.

◉ NVMe/FC can boost application performance by reducing latency and minimizing CPU usage for data transfer activities. You also have the advantage to be fully covered under a Cisco verified solution.

◉ Common Operating System and management tools ease network implementation, maintenance, and troubleshooting by relying on the same skill set across SAN, LAN, and computing environments. This is a unique Cisco capability.

◉ Cisco UCS visibility from Nexus Dashboard Fabric Controller allows a single view for all networking elements in a Cisco data center architecture, including Cisco UCS fabric interconnects and server vNICs and vHBAs. This capability is only available from Cisco.

◉ Cisco Intersight integration covering both compute and storage networking provides lifecycle management of Cisco UCS servers, as well as Cisco Nexus 9000 and Cisco MDS 9000 products. This is a unique Cisco capability.

◉ Cisco Intersight Cloud Orchestrator can be used to automate different technology domains with an easy-to-use and low-code workflow designer, enabling IT operations teams to move at the speed of the business. This is a unique Cisco capability.

◉ Smart Zoning reduces the need to implement and maintain large zone databases and eases management and implementation tasks. You also have the advantage to be fully covered under a Cisco verified solution.

◉ Assured interoperability and feature compatibility, avoiding tedious compatibility matrix verification and deployment delays. This capability is only available from Cisco.

◉ Organizations can interact with a single vendor when troubleshooting problems across computing and networking environments. This is a unique Cisco capability.

◉ A variety of support models are available across data center solutions to efficiently manage and coordinate partners to resolve problems. This capability is only available from Cisco.

Key business benefits

When we consider the business implications of the advantages listed above, we can discover that Cisco UCS plus Cisco MDS 9000 integrated solution delivers:

◉ Operational savings from hassle-free firmware upgrades, solution automation with Cisco Intersight and operational simplification with smart zoning

◉ Increased uptime with Cisco support and a single pane of glass for unified visibility, combined with deep traffic analysis and proactive troubleshooting

◉ Application performance improvements from uniform traffic load balancing on uplinks and NVMe/FC end-to-end support, all combined with congestion prevention with MDS 9000 DIRL software.

In short, the Cisco MDS 9000 Series provides superior performance, high availability, and intelligent storage networking for Cisco UCS environments in small, medium and large organizations.

Source: cisco.com

Continue reading

Cisco Nexus Dashboard Orchestrator (NDO): The maestro of the network

Orchestrate your multi-fabric and multicloud network simply

In any symphony you need a good maestro to help orchestrate all the different instruments to produce a harmonious sound.  Everything must be in time and to the beat.   It is the same with your networks.  When running multiple fabrics both on premise, private clouds or public clouds, you need a maestro or orchestrator as well that can be automated and help manage the network and security policies across vast landscapes.

Since it’s early days, Cisco’s Nexus Dashboard Orchestrator (NDO) has been that maestro, allowing network administrators, engineers and cloud operators work together harmoniously to provide a fast, safe and agile network.  We have new versions of NDO, release 3.5 and release 3.6 which will help you build your network capabilities, provide greater ease of use and enhance your security across multiple network fabrics.

What is Cisco NDO

NDO provides consistent network and policy orchestration, scalability, and disaster recovery across multiple data centers through a single pane of glass while allowing the data center to go wherever the data is.

NDO allows you to interconnect separate Cisco® Application Centric Infrastructure (Cisco ACI®) sites, Cisco Cloud ACI sites, and Cisco Nexus Dashboard Fabric Controller (NDFC) sites, each managed by its own controller (APIC cluster, NDFC cluster, or Cloud APIC instances in a public cloud). The on-premises sites can be extended to different public clouds for hybrid-cloud deployments while cloud-first installations can be extended to multi-cloud deployments without on-premises sites. In addition, Nexus Dashboard Orchestrator can be deployed through the Cisco Nexus® Dashboard, which provides a single automation platform to access the data center network’s operational services and tools.

The single-pane network interconnect policy management and the consistent network workload and segmentation policy provided by NDO allows monitoring the health of the interconnected fabrics, enforcement of segmentation and security policies, and performance of all tasks required to define tenant intersite policies in multiple sites through an easy to manage user interface.

What’s New?

NDO is always evolving to meet the needs of the ever-growing hybrid cloud world.  So, what is new now?   Recently Cisco launched NDO release 3.5 and 3.6 which incorporates several enhancements to help orchestrate consistent networks across multi-fabric and multicoud environments.

Key NDO 3.5 Enhancements: 

• BGP for underlay peering with ISN –
• This provides support peering spines with the ISN devices using BGP adjacencies.  It simplifies ISN connectivity using BGP only.
• External connectivity from Cloud Sites
• This allows you to establish external connectivity between Cloud CSRs and external devices with IPsec & BGP, which provides access to cloud resources from external networks (Branch, Campus, Co-lo, Internet)
• Show DCNM object fault info from all sites
• Scalability improvement of 12 DCNM sites

Key NDO 3.6 Enhancements: 

• Configuration drift reconciliation workflow for APIC and NDFC provides:
• NDO workflow that synchronizes and merges any policy config discrepancies/changes made in APIC or NDFC level.
• Ease of Use Improvements
• Scalable static port binding with leaf/port range provisioning
• Bulk update workflow for template objects
• NDO Cloud Enhancements allows:
• Google Cloud connectivity
• Multi-cloud inter-site connectivity between AWS, Azure, and Google Cloud Sites
• Partial mesh EVPN-VXLAN connectivity between on premises and AWS and Azure cloud sites
• Workload connectivity for multicloud without policy
• Proxy support for cloud sites
• SD-Access Campus (DNAC) and ACI Integration – Macro-Segmentation includes automating:
• Connectivity of Campus VN to access DC VRF
• Internet access for Campus VNs through ACI
• Visibility of VN-VRF extension and connectivity status
• NDFC 12.0(2) support

With all these updates customers can continue to enjoy simple orchestration across hybrid cloud environments all through the single interface of the Nexus Dashboard.

Source: cisco.com

Continue reading

300-515 SPVI | CCNP Service Provider | Syllabus | Questions | Exam Info | All You Need to Know

 

Cisco CCNP Service Provider Exam Description:

The Implementing Cisco Service Provider VPN Services v1.0 (SPVI 300-515) exam is a 90-minute exam associated with the CCNP Service Provider and Cisco Certified Specialist - Service Provider VPN Services Implementation certifications. This exam tests a candidate's knowledge of implementing service provider VPN services, including Layer 2, Layer 3, and IPv6. The course, Implementing Cisco Service Provider VPN Services, helps candidates to prepare for this exam.

Cisco 300-515 SPVI Exam Overview:

• Exam Name- Implementing Cisco Service Provider VPN Services
• Exam Number- 300-515 SPVI
• Exam Price- $300 USD
• Duration- 90 minutes
• Number of Questions- 55-65
• Passing Score- Variable (750-850 / 1000 Approx.)
• Recommended Training- Implementing Cisco Service Provider VPN Services (SPVI)
• Exam Registration- PEARSON VUE
• Sample Questions- Cisco 300-515 Sample Questions
• Practice Exam- Cisco Certified Network Professional Service Provider Practice Test

Related Articles:-

1. Why Should You Try to Pass Cisco 300-515 SPVI Exam?
2. Top Preparation Tips for Cisco 300-515 SPVI Exam: Can Practice Tests Help You Succeed?

Continue reading

Attaining Business Resiliency with Cisco Nexus Dashboard Insights

Identifying and Resolving Issues

IT teams require end-to-end visibility to ensure business critical applications are accessible and running effectively. But they often struggle with siloed processes and juggling multiple tool-sets to manage and monitor the network. They also need to ensure the network configuration is compliant with the established business intent. Cisco just released Nexus Dashboard 2.1.2 and Nexus Dashboard Insights 6.0.2 that addresses these issues and enables IT to identify and quickly resolve issues that ultimately enhance workforce productivity and efficiency.

It is often difficult to understand where issues lie in the network. Is it the physical devices, the endpoints, the applications, or the configurations—or possibly something else? Having this lack of knowledge increases the troubleshooting complexity as well as the time it takes to locate pain points.

Nexus Dashboard Insights 6.0 brings innovative One-Click Remediation, with which IT can identify issues in a single dashboard and resolve them with—literally—the click of a button. For example, as shown in the following screenshot, there is an anomaly with an access-entity profile that’s not associated to any of the domains. This issue will have a major impact into the network and applications for the workforce.

To fix this type of problem, NetOps needs to login to the Cisco Application Policy Infrastructure Controller (APIC) and check the application profiles, domains, and cross-check numerous places to make sure it won’t impact any other connections. However, the new One-Click Remediation feature provides NetOps with a diagnostic report and a “fix button” that will immediately resolve the issue. This dramatically reduces the amount of time and steps to identify and resolve an issue.

IT also needs to support business-critical applications by ensuring they are compliant with business intent and security policies. The new Compliance and Pre-Change Analysis features in Cisco Nexus Dashboard Insights provides a proactive approach to ensure configurations are properly setup to ensure applications are meeting the company’s business intent.

For example, a company may have a standard policy to prevent traffic from an internal server to the Internet. IT can create an applicable compliance requirement (shown in screen below) to be notified if the server begins communicating with the internet.

If there is a traffic between the internal server and the internet, then IT will receive a CRITICAL traffic restriction violation based on the compliance policy. IT can then analyze the anomaly to see what configuration is incorrectly allowing the traffic flow. In this example there is a contract allowing the traffic between the internal server and the internet. The new compliance feature enables IT to be proactive and identify issues before they start becoming a threat.

As part of Nexus Dashboard Insights new features, the Pre-Change Analysis enables IT to fix this specific traffic violation issue (by deleting the contract) and to ensure this won’t cause any other issues. Using the Pre-Change Analysis, IT can test the proposed configuration change and evaluate its impact on the network prior to committing any network changes. The following screen shows an example of deleting an existing contract between the internal server and the internet.

IT can also identify if there are any potential issues with a particular configuration change by looking at a snapshot of the current configuration and comparing it with the proposed configuration. IT can also look at all the resources that will be affected by this proposed change.

As shown in the following figure, the compliance requirement is met with the proposed change. IT can confidently make the change and know that there will be no negative impact on the network. With these Cisco Nexus Dashboard Insights features, IT can quickly and easily fix an issue to meet a compliance requirement for their business-critical applications, as well as validate the outcomes of the fix through Pre-Change Analysis before implementing the configuration.

Insights for Network Resiliency

At any point of time, IT strives to maintain network resiliency to securely meet the goals of business operations. Cisco Nexus Dashboard and Nexus Dashboard Insights provides the visibility, trust, and tools that IT needs to be successful. Learn more details about Nexus dashboard Insights from our Resource links below.

Source: cisco.com

Continue reading

Cisco Networking Academy partner NIIT Foundation creatively addresses inclusivity

While the International Monetary Fund (IMF) predicts India’s economy will bounce back strongly from the pandemic — with GDP predicted to grow 12.5 percent in 2021, after an eight percent decline in 2020 — a big challenge is ensuring that the growth is inclusive.

India has achieved a great deal in inclusive growth, lifting as many as 133 million people out of poverty in the last two decades, but it is clear that more needs to be done. Upon the release of India’s Global Human Development Report, The Real Wealth of Nations: Pathways to Human Development, Syeda Hameed, a member of India’s Planning Commission, said “far too many people are being left out of India’s growth story.”

Overcoming the insurmountable

In an emerging market with nearly 1.4 billion people, that may sound like an insurmountable challenge. There are a few factors, especially in the area of education, that indicate a more inclusive future is possible.

As early as 2014, Indian Prime Minister Narendra Modi proclaimed, “I dream of a digital India where quality education reaches the most inaccessible corners driven by digital learning.” In the same year, the Ministry of Skill Development and Entrepreneurship was established, with the aim of matching the supply of skilled candidates with the requirements of employers.

Unfortunately, around the world inequality widened throughout the pandemic. Disadvantaged communities and individuals with poor infrastructure and employment prospects felt the heaviest impact. In an increasingly digitized world, lack of access equates to lack of opportunity.

While technology drives overall economic expansion, it is more specifically digital connectivity that determines access to economic and social opportunity. At Cisco we believe that connectivity is critical to create a society and economy in which all citizens can participate and thrive. And we’re working to make that happen.

Cisco India innovates on inclusivity

Even before the pandemic, Cisco India started to bridge the education divide, with the creation of the Cisco Ideathon in 2019, which fundamentally changed our hiring practices to be more inclusive. The program was open to students from Cisco Networking Academy partner colleges and universities in rural and peri-urban areas, which are not part of the traditional talent supply chain. And top performers are often offered internships or jobs with Cisco.

Cisco Networking Academy equips educators with leading curriculum (licensed free to educational and non-profit institutions), Webex by Cisco, and resources for students that lead to industry-recognized skills and certifications. This is a true end-to-end skills-to-jobs program connecting learners with peers, mentors, and job opportunities through our job-matching engine, Talent Bridge.

Job offers to date have been equally distributed by gender, with a significant number of students hired from rural and peri-urban states, such as Odisha, Uttar Pradesh, Madhya Pradesh, and Rajasthan, where practically no top-tier company traditionally sought top talent before. Through Cisco Networking Academy’s training and education partnership with the NIIT Foundation, these underserved communities can participate in growth opportunities.

Making inclusive magic with the NIIT Foundation

NIIT Foundation, an education NGO, has a mandate to reach the unreached, uncared for, and unattended, to ensure inclusive development. The NIIT Foundation’s mission is to positively impact the underprivileged of the country through educational initiatives and skill development programs.

For its extraordinary work on inclusive education, the NIIT Foundation recently received Cisco Networking Academy’s Be the Bridge Award.

Starting as an Academy Support Center in 2019 with 6,000 learners, the NIIT Foundation quickly grew to support as many as 56,300 student participants. Last year it registered 236 percent growth in student numbers, and a massive 885 percent growth in career student participants.

NIIT Foundation works hard to ensure all Indians have access to the education and skills that jobs of the future require, to ensure inclusive development for all Indians. The NIIT Foundation held its first Skill-a-Thon for Tier 2 and 3 colleges in urban and rural areas in Northern India, using a focused campaign to attract students to career and Cisco Certified Technician (CCT) courses. This event attracted more students to CCT courses than the number of students who participated last year.

Educating the underserved

The organization also launched a pilot program to train people with disabilities on IT Essentials, with plans to scale beyond the current two locations, as well as a program to include India’s LGBTQIA+ community. And we have recently started a program to provide skills training to prison staff and inmates in Indian prisons.

Many underserved institutions in rural parts of India that lack resources and trained instructors have been exposed to the untapped power of the NIIT Foundation’s resources. NIIT even developed ATM-like “Hole-in-the-Wall Learning Stations,” making computers and the internet available for children who would otherwise not have access.

In India, Cisco Networking Academy currently boasts 328,000 students, with 864 partner organizations. Organizations like the NIIT Foundation are helping Cisco achieve its purpose of Powering an Inclusive Future for All.

Source: cisco.com

Continue reading

Integrating Perimeter and Internal Defenses: 5 Facts That May or May Not Surprise

IDC recently had the opportunity to talk to CISOs regarding the integration of Cisco Secure Workload and Secure Firewall. As analysts, we can articulate the technical benefits. The realized benefits can be different when real-life budget and time constraints are applied. Our conversations were quite illuminating. Below are 5 realities that may or may not surprise you when it comes to integrating perimeter and internal defenses:

1. Time is the currency of the day—Ransomware, cryptomining, and supply chain attacks are top of mind until we get into the office; business needs drive the fires to be fought during the day. The ever-present need to move quickly to stay ahead of cybercriminals require tools to “just work. ” According to the CISOs we spoke with, “if you’re limited on funds and don’t have a 20-person security team, you have to do a lot quickly…being able to get these overlapping protections…and they’re talking to each other really shines.”

2. Perimeter and internal defenses is not an “either-or” issue; it is an “and” issue—Firewalls have a prime vantage point, being able to observe all traffic traversing into and out of our infrastructure. But internal defenses are a bit more complicated. Digital transformation though does not wait for pristine security measures and policies to be put in place. Rather, digital transformation can force us to wrap devices or application like workloads and IoT devices in zero-trust policies elegantly or inelegantly; digital transformation does not care. According to the CISOs, “For organizations like hospitals that have IoT devices and new technologies, it’s going to be hard to wrap policies around all those devices. You’ve got some new scanner or a new handheld; how can you protect and lock them down? Maybe you can’t put an agent on some of them. So in a situation like that, with this [Secure Workload + Secure Firewall integration] you can wrap a zero trust policy around securing all those devices.”

3. Integration is real—Let’s acknowledge the elephant in the room; vaporware is a word for a reason. In this instance though, the integration of perimeter and internal defenses is actually happening already.  The integration is going beyond a single pane of glass management console and being driven by a real need to solve real problems. According to the CISOs, “You can get that data from the firewall and then you can use that data to wrap a Tetration [Cisco Secure Workload] workload protection policy around those, even without an agent on there.”

4. Integration enables automation—Time poverty is omnipresent. The holy grail of security is automation, which isn’t possible without deep integration. According to the CISOs, “I can have one block list in SecureX. When I right click on an IP address or SHA-256, I’ve got some automation set up and block it at the AMP level, the firewall level, and a number of places, Stealthwatch…everywhere.”

5. “One throat to choke”—Budget, time and management constraint are real and painful. The CISO of a top 10 bank may not serve these masters, but the CISOs with whom we spoke do. Deeper discounting, simplified buying process, and a “one throat to choke” are intangible, but invaluable benefits of integration. According to the CISOs, “With one company, it makes it a lot easier to get people to work together.”

Integration is a key aspect of digital transformation, and in the security realm can mean the difference between an intrusion attempt and a data breach. However, integration has to mean more than simple co-existence. True integration will improve workflows, productivity, and security outcomes. The level of integration between perimeter and internal defenses may well be the difference maker, as CISOs continue to navigate new and emerging threats, technologies, and business requirements.

Source: cisco.com

Continue reading

Solving Multi-vendor Network Management Complexity with OpenConfig

As the industry moves towards controller managed networks, where the operator describes what and not how to manage, configuring and maintaining networks from a single vendor remains very complex. Add in the need to manage devices from multiple vendors, and the complexity is multiplied.  Yet network operators typically have devices from multiple vendors and must use their models to configure, integrate, test, and manage those devices.

A better way to manage multi-vendor networks is here: The use of models from OpenConfig, which is fully supported in Cisco IOS XE Software.

Why use OpenConfig?

OpenConfig is an effort by network operators in collaboration with vendors to build open, software-defined, vendor-neutral, and model-driven principles for network configuration and management. OpenConfig enables the use of:

◉ Data models for configuration and management using Yang 1.0 that are vendor neutral

◉ Streaming telemetry for monitoring and obtaining incremental updates (SNMP is passé), which enables a Pub/Sub interface that alerts the collector of changes almost as soon as they occur on the device

The OpenConfig participants include large corporations and service providers like Google, British Telecom, Microsoft, Facebook, Comcast, Verizon, and Level 3.

OpenConfig also allows vendors like Cisco to add their own tweaks via extensions to the models.

Figure 1 shows the OpenConfig models, which are published on GitHub.

Figure 1. OpenConfig Models

Cisco’s Embrace of OpenConfig

Many customers with Massively Scalable Data Centers (MSDCs), such as Microsoft, are very interested in OpenConfig as they run huge data centers with devices from multiple vendors. Various other networking vendors such as Juniper and Arista also support OpenConfig models.

The Cisco IOS XE architecture in Figure 2 lends itself to implementation of OpenConfig models with little effort because Cisco IOS XE already supports the OpenConfig enabler:  streaming telemetry.

Figure 2: Cisco IOS XE – Functional Architecture

Cisco developers have tested and implemented many native models for most of the Cisco IOS XE features. Native models are specific to Cisco devices and platforms. We can implement the OpenConfig models so there is no duplication of effort. The request for an OpenConfig data element is converted to the corresponding native data element because Cisco models are typically a superset of what OpenConfig offers.

The architecture diagram in Figure 2 shows how the configuration and operational databases are common for native and OpenConfig models. We only need a way to translate between the native and the OpenConfig model elements.

Typically, we request a configuration or operational data elements, like those listed in Figure 3, and a corresponding native data element associated with it. Cisco IOS XE provides infrastructure to translate the OpenConfig data element to the corresponding native data element. So, the process of supporting OpenConfig models is typically not very hard if the native models for the corresponding OpenConfig models exist.

Figure 3. OpenConfig and Native Interfaces

Implementing Operational Telemetry with Cisco IOS XE

Cisco IOS XE provides two ways to implement operational telemetry, depending on whether the elements have performance implications, such as the number of interfaces and statistics on all the interfaces. These can be large numbers, since Cisco supports modular switching platforms with multiple line cards. Cisco IOS XE provides a way to get the data from the database using FastPath. For environments with fewer interfaces, the mapping infrastructure can be used to get the data from the corresponding native element.

Over the last few months, Cisco IOS XE developers have been actively involved in developing the OpenConfig models in multiple areas on Catalyst 9000 Series switch platforms for a customer in order to fulfill very interesting use cases which involve migration from SNMP. This entailed testing with the use of the customer’s network data platform and optimizing the implementation for scale and performance. The implementation catered to various telemetry types including on-change and periodic notification.

We engaged the customer in a co-development model where we provided an image with the new model implementation and the customer tested it in the network and gave us feedback. This ensured a quick turnaround time for any issues found at the customer site and completion of the use cases with verification in an actual deployment. The development cycle was completed once we completely automated the testing. We used Genie for operations and telemetry and an in-house tool for configuration models. This model of development eliminated the need for tradition DevTest and resulted in quicker delivery to the customer.

We have occasionally run into issues when a certain data element couldn’t be supported, due to the lack of functionality on the device. We have also encountered scenarios when the representation of a data element was inaccurate. Aside from working with the customer on that issue, Cisco is also raising the problem with the OpenConfig taskforce to make changes to the models.

Cisco continues to develop more OpenConfig models and will also upgrade the revision of the current models to the newer versions published in the upcoming releases of Cisco IOS XE. If you’re a network operator struggling with configuring and managing a multi-vendor network, struggle no more—OpenConfig is the way forward.

Source: cisco.com

Continue reading