Cisco Industrial Ethernet, speaking the language

I detailed the robust hardware design of our Industrial Ethernet switches that enables them to withstand harsh environments. In this blog, I will focus on their software features – particularly the support of industrial communications protocols – further cementing the “purpose” in these purpose-built products.

Cisco’s IE (Industrial Ethernet) switches are designed to leverage as much of Cisco’s technology as possible. This includes hardware and software features. Customers expect our software features to behave consistently across product families, including the IE Switching products. Cisco IE switches also run IOS or IOS-XE. There are differences. One difference between Enterprise and Industrial Switching is support for industrial protocols.

What’s a protocol? Protocols define the set of rules by which devices communicate with each other. The internet runs on a protocol referred to an IP. Industrial communications have been using protocols since before IP became as popular as it is today. Every industry seems to have its own set of protocols. Cisco IE switches support a vast majority of these protocols enabling them to be part of any industrial networking solution.

Protocol support is one of many reasons that makes Cisco IE Switching popular

Our Industrial Ethernet (IE) switches are the global market leader in Industrial Ethernet Switching for several reasons:

1. Offer a portfolio of din rail and rack mount of industrialized switching products to fit multiple use cases

2. Have a high quality, built-to-purpose ruggedized hardware design for reliability in industrial deployments

3. Leverage Cisco’s network management and security technologies

4. Support of protocols that enables industrial customers to easily incorporate Cisco’s networking products into their deployments and solutions.

Why support industrial protocols?

In short, because these protocols are vital for the functionality of any modern industrial operation.

Cisco builds network devices to be deployed in a wide variety of industrial networks and solutions. No two industrial networks are alike. There’s a wide variety of requirements and use cases. And there is at least one protocol used in every industrial solution. The networking infrastructure must support all requirements, use cases, and protocols, no matter what they are.

We like to think we don’t have a technology bias. While focusing on our key competency, networking, we will build what customers want to deploy. This applies as well to support of industrial protocols. We are not promoting or supporting one industrial protocol over another. We are not bound to any one technology, solution set, or protocol.

End users, system integrators, and anyone putting together a solution want to use the tools and applications they know and trust and at the same time take advantage of the state-of-the-art networking technology. To enable the tools and applications used in industrial deployments, our IE switches support industrial protocols used to build solutions based on Ethernet networks. Failure to support an industrial protocol often eliminates a networking product as a viable option.

What does support for industrial protocol mean?

Just like the varied industries and protocols, support any one protocol means different things. Protocols differ widely, thus support does too. If you must have a single definition of support, support for an industrial protocol can be equated to ‘speaking the language’. Our IE switches support the communication of industrial protocols enabling end devices to communicate effectively and efficiently.

Figure 1: communication flow through the Cisco IE switch

PROFINET and Ethernet/IP CIP are two protocols commonly used by industrial automation and control systems (IACS). Our IE switches are certified compliant to these two protocols by including the software stacks for them. It’s the same software stack as the IACS components. For PROFINET and Ethernet/IP, the Cisco IE switches really do speak the language. Applications using PROFINET or Ethernet/IP can discover and automatically setup Cisco IE switches as a part of the solution, thus avoiding manual procedures.

For other protocols, support may mean recognition. GOOSE is a good example of such a protocol. Our IE switches do not need to support the GOOSE software stack. Protocols such as GOOSE use Layer2 Ethernet or Layer3 Internet protocol. Users can build quality of service policies to prioritize the communication of these protocols. The Cisco IE switch can recognize and prioritize industrial protocol running on standard Ethernet or Internet protocol based messages in the network ensuring end to end quality of service. Regardless of the interaction and support for industrial protocols, Cisco IE switches provide fast, reliable, and secured transport.

What about safety protocols?

Especially safety protocols. Such as PROFIsafe, and CIP Safety.

Support for any protocol implies support for the safety portion of the protocol. Industrial automation (eg: manufacturing) solutions prioritize support for safety protocols. If a protocol has a safety component, then our IE switches support the safety protocol. Most of the time this means recognizing the protocol or the safety messages in the protocol and building a quality-of-service policy to prioritize the communication end to end.

What about Cyber Vision?

Cisco Cyber Vision is an application that runs on Cisco IE switches and uses deep packet inspection to analyze all traffic passing through the switch and identify industrial protocols in use.

Cyber Vision does more than ‘speak the language’. Using its knowledge of industrial protocols, Cyber Vision can identify industrial assets and determine if the payload in these protocols is within operating bounds. It also provides security posture assessments of IACS components.

The application running on our IE switches report a summarized version of its findings to the Cyber Vision center, where end users get a real-time visual representation of all the communications on their operational network.

The figure below is an example of how Cyber Vision enables users to visualize communication between devices. It recognizes which device is speaking which protocol amongst other things.

Figure 2: Cybervision visualizes device communication flows

Cyber Vision is a security tool to increase visibility into operational networks. You can’t secure what you can’t see.

Closing

Ultimately, it’s about giving you, the customer, what you want and what you need. You want the latest and greatest technology because you’re investing for the long term. You want quality, which is why you’ve chosen IE switches from Cisco.  You want ease of use. You want to build systems and solutions with the tools you know, trust and which you already have invested in.

Failure to provide any of the above means the customer must compromise. Nobody wants that. With Cisco IE Switching, you don’t have to.

Appendix

Brief Description of select industrial protocols (with examples)

If you’re new to industrial networking, you can find a brief overview of the main industrial protocols below.

Why so many protocols? Different industries have different protocols they have developed over the years to meet their needs. Most industrial protocols leverage the Internet protocol (IP) for communication. But not always.

Table summarizing a few industrial protocols (not exhaustive)

Source: cisco.com

Continue reading

What does neuroscience have to do with the Internet?

It’s time for a new approach to the Internet

The Internet has never been so dynamic in more than 40 years of existence. The massive adoption of cloud has paved the way for scores of SaaS applications being hosted “on the Internet.” At the same time, organizations are making hybrid work a part of their strategy moving forward. As a result, employees working from home expect the same level of security and application experience as they have at the enterprise campus. In turn, IT organizations are routing much more of their corporate data across the Internet extending into multiple clouds. And of course, connectivity continues to evolve with traditional link types but also with the rollout of 5G and other new Satellite links.

In such a highly distributed and dynamic environment it becomes extremely hard to keep up by using only traditional and reactive approaches. But just as the complexity of our networking environments is increasing, so also, we can take advantage of recent innovations in cloud, compute, and data aggregation capabilities to improve the Internet.

Reactive measures don’t go far enough

For its entire existence, as a networking industry we’ve pretty much applied the same reactive approach each time an Internet failure occurs. By reactive I mean that we wait until the Internet breaks (path failure) and then reroute traffic along an alternate path (using IGP, MPLS/IP Fast Reroute, etc.). This approach of protection and restoration relies heavily on fast detection of failure followed by rerouting traffic. While a reactive approach is effective and necessary, it’s far less than ideal. The problem is that our processes never learn from any of the previous failures. So, in effect, the same issues could repeat themselves over and over, requiring the same fixes. But consider the possibilities when we tap the power of AI/machine learning and statistical modeling and apply predictive analytics to the Internet to avoid incidents before they occur.

Enabling the Internet with learning capabilities

Surprisingly, we have never enabled the Internet with learning capabilities! A plethora of technologies have been designed and deployed, capable of fast reaction, adapting to changing conditions but without any learning capability (except for quick adaptations after detecting issues such as with TCP windowing, routing convergence, and route dampening to mention a few).

So, what would a learning Internet look like?

How many times have you heard people comparing the brain to a computer? And that AI engineers are trying to mimic the human brain? There is too much to cover in a blog but let me share some thoughts. First, the brain is a network of networks and in this way, the Internet shares similarities with it. [Sidenote: stay tuned for a white paper on that subject I will publish with a famous neuroscientist in 2022—Adeel Razi.] Of course, we know that part of what makes us human is cognition and consciousness along with our ability to learn.

Second, we learn as our brain builds a model of the world (there are multiple theories on the learning models, with even some poorly understood capabilities of one-shot learning), makes use of sensing (vision, audition, touch, etc.) to adapt and learn, but also perform higher order planning functions in the prefrontal cortex (PFC). What if we enabled the Internet with learning “the same way” our brains learn? The Internet can use models (statistical /machine learning), sensing (telemetry), and self-healing (planning). By enabling the Internet with the ability to learn and predict, we can take preventative actions alongside traditional reactive measures for a more comprehensive approach.

What a predictive Internet would look like

Science fiction? Not at all. Although being able to replicate the brain’s ability to predict is far from being possible with today’s AI technologies, enabling the Internet with the ability to learn is already here.

At Cisco we have been working on the Predictive Internet for over two years, starting with a deep analysis of millions of paths seeking for signals that could be used by an ML/AI engine to learn and predict. And no, there is no magic “algorithm” but rather a plethora of technologies for telemetry processing and training models to then learn and predict. Our Predictive engine is now capable of predicting short- and long-term events thus avoiding issues before they happen. There is no magic there, simply being able to learn and apply more than a decade of ML/AI product developments that perform with very high accuracy, at scale.

Could a Predictive engine predict all issues? Not at all …. but the engine has been tuned to predict as many events as possible with extremely high accuracy. More soon …

Source: cisco.com

Continue reading

Application-centric Security Management for Nexus Dashboard Orchestrator (NDO)

Nexus Dashboard Orchestrator (NDO) users can achieve policy-driven Application-centric Security Management (ASM) with AlgoSec

AlgoSec ASM A32 is AlgoSec’s latest release to feature a major technology integration, built upon a well-established collaboration with Cisco — bringing this partnership to the front of the Cisco innovation cycle with support for Cisco Nexus Dashboard Orchestrator (NDO) allows Cisco ACI – and legacy-style Data Center Network Management – to operate at scale in a global context, across data center and cloud regions. The AlgoSec solution with NDO brings the power of intelligent automation and software-defined security features for ACI, including planning, change management, and micro-segmentation, to global scope. There are multiple use cases, enabling application-centric operation and micro-segmentation, and delivering integrated security operations workflows. AlgoSec now brings support for EPG and Inter-Site Contracts with NDO, boosting their existing ACI integration.

Let’s Change the World by Intent

Since its 2014 introduction, Cisco ACI has changed the landscape of data center networking by introducing an intent-based approach, over earlier configuration-centric architecture models. This opened the way for accelerated movement by enterprise data centers to meet their requirements for internal cloud deployments, new DevOps and serverless application models, and the extension of these to public clouds for hybrid operation – all within a single networking technology that uses familiar switching elements. Two new, software-defined artifacts make this possible in ACI: End-Point Groups (EPG) and Contracts – individual rules that define characteristics and behavior for an allowed network connection.

ACI Is Great, NDO Is Global

That’s really where NDO comes into the picture. By now, we have an ACI-driven data center networking infrastructure, with management redundancy for the availability of applications and preserving their intent characteristics. Using an infrastructure built on EPGs and contracts, we can reach from the mobile and desktop to the datacenter and the cloud. This means our next barrier is the sharing of intent-based objects and management operations, beyond the confines of a single data center. We want to do this without clustering types, that depend on the availability risk of individual controllers, and hit other limits for availability and oversight.

Instead of labor-intensive and error-prone duplication of data center networks and security in different regions, and for different zones of cloud operation, NDO introduces “stretched” EPGs, and inter-site contracts, for application-centric and intent-based, secure traffic which is agnostic to global topologies – wherever your users and applications need to be.

Having added NDO capability to the formidable, shared platform of AlgoSec and Cisco ACI, region-wide and global policy operations can be executed in confidence with intelligent automation. AlgoSec makes it possible to plan for operations of the Cisco NDO scope of connected fabrics to be application-centric and enables unlocking the ACI super-powers for micro-segmentation. This enables a shared model between networking and security teams for zero-trust and defense-in-depth, with accelerated, global-scope, secure application changes at the speed of business demand — within minutes, rather than days or weeks.

Key Use Cases

Change management — For security policy change management this means that workloads may be securely re-located from on-premises to public cloud, under a single and uniform network model and change-management framework — ensuring consistency across multiple clouds and hybrid environments.

Visibility — With an NDO-enabled ACI networking infrastructure and AlgoSec’s ASM, all connectivity can be visualized at multiple levels of detail, across an entire multi-vendor, multi-cloud network. This means that individual security risks can be directly correlated to the assets that are impacted, and a full understanding of the impact by security controls on an application’s availability.

Risk and Compliance — It’s possible across all the NDO connected fabrics to identify risk on-premises and through the connected ACI cloud networks, including additional cloud-provider security controls. The AlgoSec solution makes this a self-documenting system for NDO, with detailed reporting and an audit trail of network security changes, related to original business and application requests. This means that you can generate automated compliance reports, supporting a wide range of global regulations, and your own, self-tailored policies.

The Road Ahead

Cisco NDO is a major technology innovation and AlgoSec and Cisco are delighted and enthusiastic about our early adoption customers. Based on early reports with our Cisco partners, needs will arise for more automation, which would include the “zero-touch” push for policy changes – committing EPG and Inter-site Contract changes to the orchestrator, as we currently do for ACI and APIC. Feedback will also shape a need for automation playbooks and workflows that are most useful in the NDO context, and that we can realize with a full committable policy by the ASM Firewall Analyzer.

Source: cisco.com

Continue reading

Automated, Simplified Timesaver for Cisco Enterprise Software Customers: Cisco Smart Licensing with Policy

Cisco Smart Licensing using Policy is a new solution that simplifies license management across Cisco enterprise products running Cisco IOS XE. Managing licenses using automation, policy, and streamlined processes is getting kudos from customers. They no longer have to install unique licenses on every Cisco device and keep track of those licenses manually, an especially difficult process in large companies with thousands of devices.

Cisco Licensing and Cisco Smart Licensing Using Policy

At Cisco, we have a trust-but-verify model where most software usage is allowed upfront and trued up after the fact, when Cisco Smart Software Manager (CSSM) can correlate the usage with the purchases. Most Cisco software licenses are unenforced. Customers don’t have to complete any licensing-specific operations, such as registering or generating keys before they start using the software and the licenses that are tied to it. Less than a handful of export-controlled and enforced licenses require Cisco authorization before use.

An example of an enforced license is the Media Redundancy Protocol (MRP) Client license, which is available on Cisco’s Industrial Ethernet Switches. Export-controlled licenses are export-restricted by U.S. trade-control laws. An example of an export-controlled license is the High-Speed Encryption (HSECK9) license, which is available on certain Cisco Routers.

The required authorization for enforced licenses is an authorization code, which must be installed in the corresponding product instance. License usage is recorded on each Cisco device with timestamps.

Cisco Smart Licensing Using Policy is a software license aggregator solution that provides a seamless, automated experience for customers. Instead of having to manually configure Cisco devices to synchronize with CSSM, Cisco Smart Licensing Using Policy simplifies and automates Day-0 and Day-1 operations.

Cisco can tweak the policy for trusted customers to alter when devices report, how frequently, and which devices and licenses require reporting. If no changes are made to configurations that impact license usage, reporting occurs once a year. If changes are made, there is a suggested but not mandatory 90-day window for reporting.

Automated Collection of Software Usage Data

A Resource Utilization Measurement (RUM) report with usage measurements is continually generated by each Cisco product instance. The reports give a complete time series analysis of license usage at each customer site.

Software usage information is transmitted to the CSSM and customers use the My Cisco Entitlements (MCE) dashboard to manage all their Cisco products and services from a centralized portal. CSSM helps them manage current requirements and review usage trends to plan for future license requirements. Additional licenses can be purchased if software is being overused while features that are being paid for but not used can be highlighted and turned on.

Multiple options are available for license usage reporting (Figure 1).

Figure 1. Cisco Smart Licensing with Policy Reporting Options

Customers can report usage information directly to CSSM, use a controller (like Cisco DNA Center or Cisco vManage), or deploy Smart Software Manager On-Prem (SSM On-Prem) to administer products and licenses on their premises using a Cisco UCS server. Offline reporting for closed networks is also available. Customers can download usage information onto a storage device like a thumb drive, and then upload the data to CSSM.

Cisco Smart License Utility

Some Cisco customers don’t want to have to deploy a Cisco UCS, use a Cisco controller, or have devices directly connected to the Internet. So Cisco Smart License Using Policy was developed based on intense customer interest and input. This small footprint utility has a subset of functionality found on Cisco SSM On-Prem. It runs on Windows and Linux, with Mac OS coming, and automates the transmission of software usage reports from a Cisco product for reporting to

a Smart Account on Cisco SSM. It is also capable of managing trade-controlled software authorization codes per product as required.

The utility collects usage reports from the product instance and uploads them to the corresponding Smart Account or Virtual Account – online, or offline, using files. Similarly, the RUM report acknowledgement (ACK) process is collected online or offline and sent back to the product instance. The Cisco Smart License Utility also sends authorization code requests to CSSM and receives authorization codes from CSSM.

Figure 2 shows the CLI for a Cisco Integrated Services Router (ISR) with reporting for four different feature licenses. ACK corresponds to reported and acknowledged reports. UNACK reports have yet to be acknowledged by CSSM. OPEN reports have yet to be sent to CSSM.

Figure 2. CLI with Cisco Smart Licensing Usage Report

Figure 3 shows a screen shot of Cisco Smart Licensing Utility with a sample report with the device’s product ID and serial number, date of last report filed, and acknowledgement of usage report.

Figure 3. Smart License Utility Interface

For environments where devices are not directly connected to the Internet, the Cisco Smart License Utility triggers workflows with usage reports from all relevant devices and these can be put on a laptop and uploaded as a file to CSSM.

Cisco Smart Licensing with Policy improves the existing implementation of Smart Licensing by addressing the pain points customers have had with the PAKs reporting model. It streamlines usage reporting across topologies, introduces an easy-to-understand policy to govern reporting frequencies, and provides a frictionless Day 0/Day 1 experience.

Source: cisco.com

Continue reading

Cisco SD-WAN: Driving Network Efficiency and Accelerating Cloud Integration with AWS Cloud WAN

In today’s world, enterprise customers are dominantly focused on their users and applications. The bridge that stitches them together is the Enterprise WAN, which not only needs to align with the growing complex needs of its users but also needs to be secure, scalable, resilient, and programable. Cisco SD-WAN brings together users, branches, applications, and data centers (on-prem or cloud) under one cohesive architecture to meet today’s expectations. Cisco vManage provides a single pane of glass to provision, operate, and manage this network.

The enterprise cloud footprint is growing at a rapid pace, resulting in complex policies and designs for connectivity across enterprise sites and workloads in the cloud. Traditional AWS cloud-native service like AWS Transit Gateway is a regional construct, which performs well in a design involving transit gateway peering across a small number of AWS Regions. As more Regions are added, the network can get exponentially complex with additional transit gateway peering. Also, separate route tables for segmentation add another layer of complexity to the network.

Questions we typically hear from our customers are:

1. How do I easily deploy and manage a cloud network for segmented users, applications, and other resources dispersed across regions, while maintaining a hardened security posture?

2. Can my network be agile enough to quickly adapt to changing policies and application requirements?

3. What is the impact on the user experience for a multi-region application?

4. My users connected to region X are having inconsistent experiences accessing an application in region Y. What can I do?

5. Can I use the Cloud Service Provider (CSP) backbone as a faster way to connect my sites instead of less reliable internet?

It basically drills down to having a more robust means to connect site-to-site, site-to-cloud workloads, and inter-Region workloads in AWS. This is exactly what the Cisco SD-WAN and AWS Cloud WAN integration can offer.

AWS Cloud WAN

AWS Cloud WAN is a managed WAN solution that was announced at AWS re:Invent 2021. It enables users to build a multi-Region global WAN network on the AWS backbone using simple policy statements. It removes the need to stitch together multiple Regions as is the case with AWS Transit Gateway.

The key building blocks of the AWS Cloud WAN architecture are:

◉ Cloud WAN: Cloud WAN is a managed WAN service that allows enterprises to establish network connectivity across the Region using the AWS backbone. Cloud WAN can be enabled in a Region that is near to sites, users, or workloads. Cloud WAN includes CNE (Core Network Edge) which is a Regional Connection Point. Resources are connected to CNE using attachments like VPC, VPN, etc.

◉ Core Network Policy (CNP): A single JSON policy document that defines the whole configuration of the Cloud WAN. It lists the Regions through which the Cloud WAN extends. It carries the segment information which is used for routing separation. It also defines how the VPC and VPN attachments are connected to the network segments, along with route leak configuration for shared services use-cases.

◉ Attachments: Attachments are a way to connect resources to the Cloud WAN. The types of attachments are VPC, VPN, Connect, and TGW.

◉ Core Network Edge (CNE): The regional connection point managed by AWS in each Region, as defined in the Core Network Policy. Every attachment connects to a Core Network Edge.

Based on CNP configuration, AWS Cloud WAN will create CNE in the configured Regions. The CNEs across all the Regions will automatically peer with each other. Cloud WAN also carries segment information across the Region, thus automatically creating end-to-end routing domain for each individual segment. Resources are attached to the CNE and are mapped to a segment.

This Cloud WAN architecture’s built-in automation manages the complexity and provides customers with a simple plug-n-play approach to deploy and manage the cloud network.

Cisco SD-WAN Integration

The Cisco SD-WAN Cloud OnRamp for Multicloud with AWS, provides enterprise customers the following capabilities to deploy a secure SD-WAN fabric over a reliable AWS Cloud WAN backbone.

1. Automation: The integrated solution gives users the automation to integrate their SD-WAN policies with AWS cloud-native constructs for reliable and consistent sites and cloud deployments. Cisco vManage simplifies the process of creating and managing the Core Network Policy (CNP) document and AWS manages the implementation details.

2. Security: AWS Cloud WAN’s built-in network segmentation enables seamless integration with Cisco SD-WAN to provide end-to-end segmentation. Using a simple workflow in Cisco vManage, enterprise customers can deploy carrier grade transport (across Regions) using the AWS backbone.

3. Observability: Cisco SD-WAN integration with AWS Cloud WAN simplifies operations by enabling visibility for the SD-WAN overlay and AWS Cloud WAN underlay in the vManage portal.

Cisco vManage will:

◉ Discover workload VPC across regions

◉ Tag the VPC attachment to map to a desired segment (VPN)

◉ Deploy Cloud Gateway (CGW)

◉ Instantiate CNE in the required region

◉ Instantiate Transit VPC (TVPC) with pair of Cisco SD-WAN virtual edge routers

◉ Establish VPN or Connect attachment and BGP peering between CNE and SD-WAN virtual edge router for each segment/VPN

◉ Realize Intent by mapping SD-WAN VPN to AWS Cloud WAN segments

With the help of Cloud Gateway (CGW), the Cisco SD-WAN fabric is extended to the edge of the AWS Cloud in the desired Region. As shown in the topology above, Cisco vManage manages the SD-WAN policy across the fabric. This enables vManage to push consistent SD-WAN policies to the branches and Cisco SD-WAN virtual edge router in the TVPC. With the AWS Cloud WAN integration, vManage can create and update the CNP document. Using API calls, vManage pushes the CNP to AWS. AWS Cloud WAN then updates necessary configuration based on the policies defined in the CNP documents. Thus, Cisco SD-WAN intuitively helps create and manage end-to-end segments from the users to the application.

Automation Workflow

Cloud OnRamp for Multicloud automation follows a simple 4 step workflow. Users can follow these simple steps to implement AWS Cloud WAN integration:

1. Setup

Customer selects the solution and defines global parameters for the AWS Cloud WAN integration.

2. Discover

Customer uses the Discover option to discover host VPCs (workload VPCs) in the cloud. These VPCs can now be tagged with the segment name which attaches them to the desired VPN.

3. Deploy

At this step we deploy CGW in the AWS Region. Repeat this step for all the required AWS Regions to build a multi-region AWS Cloud WAN network.

4. Declare Intent

As a final step, users can map SD-WAN VPNs to AWS Cloud WAN segments by simply clicking on the specific matrix to establish the intended connections. In the example below, VPN 61 is mapped to SALES segment. VPN2 and VPN10 are being configured to map to TEST and PROD segments respectively.

That’s all it takes to bring up the AWS Cloud WAN integration using vManage.

The complimenting partnership between Cisco and AWS delivers a simplified WAN for:

◉ Unified Management – leverage an intuitive workflow to deploy site-to-cloud and site-to-site connectivity over a reliable backbone network, with end-to-end visibility and assurance, via single UI, Cisco vManage.

◉ Security – The built-in segmentation in AWS Cloud WAN not only simplifies VPN mapping with Cisco SD-WAN but also enables propagation of unified business-intent policies across the network.

◉ Reduced TCO – Reduce deployment time for overlay and underlays, ability to dynamically deploy in software is critical as traditional MPLS circuits takes weeks or months to provision. Significantly lower OpEx through improved performance and a reliable, on-demand consumption model provisioned through Cisco vManage.

To summarize, Cisco SD-WAN and AWS Cloud WAN integration will simplify Site-to-Cloud, Site-to-Site, and inter-region workload use-cases for the customers. This alleviates customers from dealing with the complexity of today’s WAN requirement and focuses on their users, applications, and core business.

Source: cisco.com

Continue reading

Cloud and the Hybrid Future of Work

Nothing in the world is as it once was. Things we used to take for granted—such as dining out, going to the movies, or throwing birthday parties for four-year olds—are forever changed. However, as personal as those changes are, nothing compares to the tectonic shift that has occurred in work. Prior to the pandemic, the percentage of people working remotely was in the single digits. Today, it’s more than 60% in some industries. And, in a recent study, 70% of employees said they would quit their jobs if they couldn’t work from home at least a few days a week.

For knowledge workers, the benefits are many—from no commute to learning to bake bread. But companies benefit as well. Productivity and morale have gone up, and facilities costs have gone down.

Without the cloud, this overnight shift would have been impossible. The cloud makes it easier for users to access their applications and information from anywhere—just click and go. But, for IT departments, it’s not so simple. More clouds, more users, more locations and more applications—often built with application mesh—lead to more complexity. And complexity is rarely easy to master.

This is where Cisco can help.

Due to the breadth of our portfolio, we’re uniquely positioned to help you harness the power of your clouds. Cisco solutions align with the way you actually use the cloud to deliver a consistent experience to all users, connect multiple clouds, support the future of work, secure your cloud workloads and simplify cloud operations.

In this blog, the third in a series of five, we’ll take a look at how companies using the cloud need to think about work differently. We’ll talk about what that looks like, the challenges involved and how Cisco can help.

Over the next few weeks, we’ll roll out more blogs to highlight other ways you use the cloud.

An Unplanned Social Experiment

The “work from home” question has been quietly argued for more than a decade. While technology made it possible, there was a wide range of sentiment on whether it was more or less productive. Then COVID. During this forced social experiment, the question stopped being a question. Employees had to immediately pull up stakes and decamp for home.

Nearly two years later, as offices slowly start to open, we’re starting to rethink the future of work. This won’t be a simple question about working from the home or the office, because the future of work is hybrid. Where some will work full-time on site. Others full-time off site. And still others will work in a mixed mode – moving between locations on any given day or time. And it all cases, working better.

H-m-m. Kind of sounds like something the cloud is good at making possible.

The cloud, by its very nature, supports both the agility and the location-independent needs of hybrid work, which requires a set of capabilities optimized for secure, consistent delivery—regardless of location. That’s why cloud has played such a huge role in the business response to the pandemic. Let’s take a look at what that means for a hybrid work future.

Home at the Office

Perhaps the best way to think about hybrid work is to re-think what an office is. Companies used to think of campus and branch offices. Simple enough. Now add hundreds or thousands of home offices. Not so simple. Every home office is effectively a branch office for one person—with the same demands for application performance and secure access but with substantially fewer IT resources.

Let’s start with secure access. As mentioned in an earlier blog, security and access are often at odds. The employee wants access that’s easy to use. If it’s difficult to connect, the employee may become frustrated and work around the security measure, actually increasing risk.

The company and its IT department understand the need for easy access but their larger concern is security. And easy access can imply it’s easy for anyone to get onto the network—including bad actors.

I outlined the key elements for secure access in my last blog, including policy, segmentation, zero trust framework and malware detection.

Application Experience

Application experience is critical as employees work from home. The employee is going to expect the same application experience they’ve come to know when they’re in the office. Anything less will negatively impact productivity and employee satisfaction.

Quality application experience doesn’t just happen. It demands new levels of visibility as applications become more distributed. This visibility starts with application components in the service mesh where developers need to see where each component of the application resides and how they connect at the user to deliver the application. You need to be able to see this journey from cluster to user to see where any potential application component performance issue may reside.

These distributed applications often connect over the internet via infrastructure that the company doesn’t own or manage. Each hop in that journey can negatively impact the overall application experience. As a result, you need to have visibility that follows the application through the infrastructure. More importantly, you need to augment that visibility with artificial intelligence that can turn simple visibility into actionable insights. Cisco ThousandEyes, AppDynamics and Intersight moves you beyond domain monitoring into end-to-end visibility, insights, and actions. They transform siloed data into actionable insights to help IT teams optimize for cost and performance, maximize digital business revenue, and deliver exceptional digital experiences—anywhere on the cloud.

Office Intrigue

As more employees head back to the office, companies have an important decision to make. Do they opt for the short term fix and simply do what they’ve always done. Or do they invest in the long term and build out the office of the future. And, in the long term, cloud is a key consideration.

As companies plan for the future, many have indicated that employees will work from home two or three days per week and in the corporate office the rest of the week. Those days in the office won’t be a replay of the past. This will impact how facilities are managed and applications are delivered.

The number of employees on-site and the hours they work will vary widely. As a result, corporate facilities will have to be able to cost-effectively support a hybrid workforce. The office will need to be able to accommodate this ebb and flow of employees—both in space and in network capacity.

The variability of used space is an important consideration for smart buildings and IoT devices to improve energy efficiency based on occupancy. There is some cloud component of this. However, the bigger cloud element may be IT capacity. As companies move to the cloud, they may rethink how to provision the workspace infrastructure. Rather than build out their network for a full complement of employees, they may consider a smaller investment and use the cloud to support their peak occupancy.

The workload in the corporate offices will also change. With a hybrid work environment, 60 percent or more of the participants in a meeting will be working off site. As a result, the cloud-based, distributed applications used from the home office need to seamlessly connect with the applications in the office. Essentially, hybrid cloud connectivity.

The bottom line, there will be more demand for distributed applications and collaboration even with the return to office. The applications themselves must promote better collaboration for a hybrid workforce. And the application performance—as discussed above—must be comparable between the on-site and off-site participants. Solutions such as Cisco Intersight or Cisco Nexus dashboard which can help manage your cloud network operations are essential for a seamless end user experience for any workload across any infrastructure whether on prem, multi cloud or edge.

Will every company look like this? Doubtful. No two companies have ever looked the same. As with everything surrounding this pandemic, no one really knows the shape of the final solution. And every company will determine their path forward. However, we do see trends coalescing around a hybrid work model. And that will only accelerate the demand for effective cloud solutions such as those available from Cisco.

Source: cisco.com

Continue reading

5 Resolutions for Small Businesses in 2022

A new year is a great time to reflect on the past 12 months and create goals for the year ahead. This is especially important for small businesses, which have been so dramatically affected by the pandemic. As with many disruptive events, the pandemic has provided many lessons for small businesses to pull from.

We’ve narrowed it down to five resolutions small businesses should consider as you take on 2022.

1. Accelerate Innovation Whenever Possible

As COVID upended operations and sent companies of all sizes and all industries into chaos, it also revealed that innovation doesn’t always require a big budget, massive resources, or years to implement.

Small businesses had to embrace and accelerate innovation in order to survive. Many of us thought remote work and digital transformation were still a few years away and would come on gradually, but COVID quickly proved that notion wrong. We also learned that companies could pivot to remote workforces and online business models almost instantaneously. All it took was a crisis to show many small businesses that they are indeed capable of innovating quickly and cost-effectively.

As you journey into 2022, don’t overlook additional opportunities to accelerate innovation within your organization.

2. Embrace Change – Even in Your Technology

It can be hard to make meaningful change (hello, New Year’s resolutions), especially when that comes with a price tag. For small businesses, one of the priciest changes is most often with their technology solutions. Why fix something that’s not really broken?

With cloud-based services, managed networks, WiFi access, video conferencing, virtual desktops and more, small businesses discovered the benefits of new technology in the past 18 months. Benefits like keeping employees productive, collaborating, secure, and engaged — while also supporting a strong customer experience. These services even proved to be manageable in-house, reducing the need for external IT.

In 2022, keep an eye out for ways to further embrace change. This can be as simple as adopting a new conferencing solution or an end-to-end security platform.

3. Focus on the (Hybrid) Future

It’s important to remember that the work model changes imposed on us all over the last year and a half are likely here to stay. That means we still have some growing to do to transition from a fully remote to a hybrid work environment.

You might still have on-premises tech that was used to support your predominantly in-person workplace, plus whatever new technology your team embraced as you went remote. Video calls, remote file access and offsite employees are here to stay, which means your IT needs to work in a whole new way. It’s worth evaluating your current set up so you can efficiently and securely accommodate this new working model in 2022 and beyond.

4. Make the Move to Cloud-based Solutions

Pre-pandemic, the shift to cloud-based solutions was progressing slowly, with most small businesses still employing on-premises IT – servers, networks, desktop computers, and more. Cloud-based IT took off over the past year when businesses learned they could seamlessly move their technology, critical applications, and data off-premises and into the cloud.

This enabled employers to grant remote workers access to virtual desktops and applications from anywhere, with all the data and tools they need to remain productive and engaged. It also allowed businesses to reduce IT requirements, as well as costs (and headaches) in the process.

In 2022, cloud-delivered solutions and software-as-a-service (SaaS) will continue to deliver high value and enable small businesses to accelerate innovation and scale as needed. It’s like getting two resolutions in one.

5. Repeat: Security, security, SECURITY!

Pre-COVID, many small businesses may have felt a false sense of security, thinking themselves too small for hackers to hassle with. But the truth is – hackers don’t care how small your business is, they care about how weak your security is. So if you thought you were flying under their radar, think again.

Cybersecurity attacks can be devastating, and hackers seized the opportunity when businesses had employees began working from different locations and sometimes on personal devices. The good news is that, with cloud-based solutions, it’s now easier and more affordable than ever to safeguard your data, devices, and business from attacks like these.

If you only resolve to do one thing as a small business in 2022, we highly encourage you to rethink your cybersecurity solutions. A powerful, yet simple, security approach can help protect your entire business – from your email to your network to your endpoints.

New Year, New Technology

With the new year in full swing, now is a good time to evaluate your current technology and see what, if anything, needs to be adjusted. Some questions to ask yourself:

◉ Are my technology environment and equipment ready to meet the moment and react to future crises?

◉ Do we have a flexible infrastructure than can easily adapt to change?

◉ Will our network bandwidth scale to meet the demands of an office full of people and days when most are working from home?

◉ Are we adequately protecting our people and their data?

◉ Will we continue collaborating through video conferencing or offering services and products online?

For some additional insights on these questions, check out recent episodes of the Cisco Designed “Small Business, Big Solutions” podcast to take a deeper dive into these topics and more.

Source: cisco.com

Continue reading