Tuesday, 12 July 2022

Networking Demystified: Protecting Endpoints is Job #1

Networking Demystified, Cisco Career, Cisco Skills, Cisco Tutorial and Materials, Cisco Preparation, Cisco Learning, Cisco Materials, Cisco News

Enterprise networking is a constantly evolving set of technology solutions. From an engineering perspective, it presents an endless series of fascinating problems to solve as we strive to connect more people, devices, and applications around the world. Cisco customers also have a seemingly endless list of use cases that they need our help in solving as they progress through their own digital transformations. We are starting this “Networking Demystified” blog post series to explore different aspects of networking technology that impact everyone today. This first deep dive is into the “mystery” of protecting endpoints like your laptop, phone, sensors, cameras, and the other thousands of types of devices that are so critical to running our modern world. Join us on this journey and maybe you too will be the next engineer to solve the hard problems of enterprise networking.

So, what is an endpoint? In simple terms, it is a device that connects to a network to serve a purpose: from something as simple as delivering IoT sensor data, to connecting people socially or professionally, accessing SaaS and cloud applications, or performing machine to machine exchanges of information to solve complex problems. Endpoints are everywhere. In our homes, office spaces, manufacturing floors, hospitals, and retail shops—literally everywhere, serving a multitude of purposes.

The Good, the Bad, and the Ugly

In an ideal world we expect all endpoints will behave the way they are supposed to and do no harm, just like the people interacting with the endpoints. But in the real world this is not actually the case. As a result, we need to categorize endpoint behavior into The Good, The Bad, and The Ugly.

◉ Good endpoints follow all the rules for network onboarding, use secure protocols for access, have up-to-date secure software installed, and do only what they are supposed to do.

◉ Bad endpoints are those outliers that still do what they are supposed to do but have loopholes which can be exploited to create security and performance problems.

◉ Ugly endpoint behavior can be categorized as being actively exploited and creating problems from local to global scale.

So, what do we do? We reward good behavior by providing the right level of access to permitted network resources. We punish bad and ugly behavior by restricting access or completely isolating an endpoint from the network based on how it is behaving.

But wait, how do we decide on the levels of access? We need to know what the endpoint is, before giving it the required access because we cannot protect what we don’t know. A printer does not need access to financial servers. Similarly, a CT scanner in hospital does not need access to patients’ medical records. But if we do not know whether the endpoint is a printer or a CT scan machine, how can we manage their behavior? We can assign a generic access policy to endpoints so that they can do their job, but that opens up a host of security problems. So how to identify and tag endpoints to determine the right access? Follow the breadcrumbs—the trail endpoints leave on the network as they communicate with other endpoints.

Great, that seems easy! So now our endpoints and network are secured. Unfortunately, not yet. Will endpoints behave in the same way all the time? They may not! If we want to secure all endpoints, we need to continuously monitor them to identify any change in behavior so that the network can act on the next steps, which could be a warning to the endpoint owner, a restriction on access via segmentation, or a more severe punishment—such as completely cutting off network access—until the behavior is fixed.

So, we need technology that focuses on how to identify endpoints effectively to assign the right level of network access, plus continuously monitoring endpoint behavior to determine when endpoints are acting abnormally. At Cisco, we think about this a lot. At a global scale there will soon be 30 billion+ endpoints connected by various private and public networks as well as the internet. Around 30-40% of endpoints may be of an unknown type when they first connect. This creates an incredibly large threat surface available for the bad guys to compromise endpoints and networks. To defend the enormous range of endpoints requires innovative networking access protection technologies. With the biggest market share in endpoint connectivity, Cisco understands the problem of secure access to defend networks and assets.

Breadcrumbs, Surgical Procedures, and Analytics

Let’s talk about the methods that Cisco uses to identify endpoints and defend the network before diving into some of the technical details.

Each type of endpoint coming on the network uses different protocols throughout its lifetime. For some of the protocols, these details are readily available in the network and can be used to understand the endpoint type. That is one of the simplest approaches. For some protocols, the information about endpoint identity is hidden deep inside the packets and we need a surgical procedure called Deep Packet Inspection (DPI) to reveal their secrets. Like any surgical procedure when surgeons open the human body to diagnose or fix the problem, DPI opens up and examines protocol packets until enough information is extracted to enable an endpoint to be identified. Since no two protocols work in same exact way (no two operations are same, right?), the challenge is to catalog each protocol and then methodically plan protocol operations (analytics) to identify endpoints.

With this in mind, you might think that endpoint classification using DPI must require special separate hardware in the network. Fortunately, with Cisco’s innovative application recognition technology embedded in Cisco Catalyst switches, you don’t need any new hardware. All processing of endpoint types occurs within the IOS XE switching software. How cool is that? The capability adds up to a lot of CapEx savings.

With Cisco’s Deep Packet Inspection technology, we can reduce the unknown endpoint count significantly. But is that enough? Not really, because the number of endpoints connecting to a network is going to increase exponentially, with manufacturers creating new types of endpoints that use different types of protocols to communicate. Just trying to keep pace with the changing types of endpoints is going to be a huge challenge. Does it mean we leave these newer endpoints on network operating without supervision—remember, you can’t protect what you don’t know.

Bring on Cisco AI/ML Analytics, the solution to reduce the number of unknown endpoints. AI/ML Analytics identifies endpoints and groups them according to similar operating and protocol characteristics and show them in context to IT. As AI/ML Analytics learns more about millions of endpoints across enterprise networks, its understanding improves significantly to assign endpoint identities with increasing accuracy. The result is that hundreds of thousands of endpoint identities can be categorized with minimal effort from IT.

The Next Level of Access Security

The above technologies help identify endpoint types and assist in applying the right access policy for an endpoint to do its job. But the story doesn’t end there. Using continuous, anomaly-focused monitoring, any change in endpoint behavior can be detected, enabling access decisions to be automatically updated. A simple example could be an IoT sensor device that usually delivers telemetry to a controller, but is suddenly communicating with other endpoints, indicating the device may be compromised. AI/ML Analytics detects that it is not behaving as per its normal traffic pattern and raises an alert for IT to examine or quarantine the device as needed to secure the network.

So, what is Cisco doing to expand this technology? The solution offering that combines these multiple technologies is called Cisco AI Endpoint Analytics, which is destined to be the single pane of glass for understanding endpoint identity and trust. It is currently being offered as an application on Cisco DNA Center. We are also extending the technology to other Cisco solutions, such as Cisco Identity Services Engine (ISE), to enhance and automate endpoint profiling.

Networking Demystified, Cisco Career, Cisco Skills, Cisco Tutorial and Materials, Cisco Preparation, Cisco Learning, Cisco Materials, Cisco News
Figure 1. Cisco AI Endpoint Analytics on Cisco DNA Center

Join Cisco in Making IT More Secure


So how can you help? What we discussed here is just the beginning of development activities for reliably determining endpoint identity and behavioral monitoring. It is an evolving area that needs a lot of attention and exploration to continuously improve the techniques employed. In fact, many of us consider endpoint protection as Job #1. It’s an exciting area to work in, knowing the impact you can have on helping to secure our ever-more interconnected world.

If you were to join Cisco, what is there to do to make your mark in this space? A lot! We are working on four key areas in AI Endpoint Analytics: Endpoint Identity, Endpoint Behavior, Enforcement, and Endpoint Data Analytics.

So, would you like to be part of the Cisco AI Endpoint Analytics journey and proudly tell others that you help protect endpoints everywhere? Because without secure, defended endpoints, there is no network!

Source: cisco.com

Thursday, 7 July 2022

Deliver Industrial Wireless to Enable Digital Transformation

Cisco, Cisco Career, Cisco Skills, Cisco Jobs, Cisco Guides, Cisco Certification, Cisco Tutorial and Material, Cisco Digital Transformation, Cisco Materials

As industrial plants look to digital transformation to take their operations to the next level, industrial wireless becomes a key enabler. It’s hard to imagine a smart, digitalized facility not leveraging wireless technology because the cost of laying cables can be enormous.

A key consideration is that wireless designed for enterprise environments doesn’t necessarily have the capabilities required to run reliably in an industrial environment. Industrial environments face unique challenges and conditions, including dense infrastructure and hazardous environments. Overcoming these challenges requires a different approach.

This is where the collaboration between market leaders Cisco in IT solutions for enterprise networking and Emerson in OT solutions comes in. Together, we create wireless access solutions designed for the toughest industrial environments, helping customers improve productivity, safety, and security.

Our newest joint solution combines the Emerson Wireless 1410S Gateway with the Cisco Catalyst IW6300 Heavy Duty Series Wi-Fi Access Point, enabling facilities to create a robust, secure wireless infrastructure from the two leading IT and OT providers.

Oil and gas customer example

As an example, an oil and gas customer realized they needed to understand the correlations among people, processes, and asset data. Understanding those correlations required the installation of wireless infrastructure–such as Wi-Fi and WirelessHART–across the refinery. These technologies are often deployed in industrial environments to connect mobile devices, access points, and sensors on plant floors and in control rooms.

Cisco, Cisco Career, Cisco Skills, Cisco Jobs, Cisco Guides, Cisco Certification, Cisco Tutorial and Material, Cisco Digital Transformation, Cisco Materials
More specifically, this refinery needed to address several IOT use cases–for example, deploying wireless sensors for digital transformation applications such as:

◉ Corrosion monitoring

◉ Vibration monitoring of rotating equipment

◉ Acoustic monitoring of steam traps and pressure relief valves (PRVs)

◉ Performance monitoring of heat exchangers and cooling towers

In addition, the customer deployed wireless technology to:

◉ Support plant employees and operators while performing their physical rounds and duties

◉ Collect and analyze data to improve operational performance

◉ Backhaul reliability and monitoring data independent of the control system

As result, the installed Cisco and Emerson joint solution provides:

◉ Wireless connectivity across the plant, eliminating the need to collect information manually

◉ Instant visibility into data from devices monitoring the most critical assets for operators on the plant floor

◉ The ability to quickly assess the health of those critical assets, greatly improving operator productivity

Operators and control room engineers now focus more on value-added tasks because they need less time to:

◉ Communicate with the control room to deal with antiquated processes

◉ Collect and analyze data to improve operational performance

Integrating security

Security is obviously a pressing topic for all IT and OT professionals. To help improve the security posture of the joint Cisco and Emerson solutions, Emerson is integrating with Cisco SecureX. This integrates the Cisco Secure portfolio with the Cisco and Emerson infrastructure, speeding detection, response, and recovery.

If you’d like to improve worker productivity, security and operational excellence around your industrial set of use cases, consider leveraging the investment Cisco and Emerson have made to help you digitally transform your industrial environment, improve worker productivity, and build operational excellence.

Source: cisco.com

Tuesday, 5 July 2022

What IT loves about Webex Control Hub

Webex Control Hub, Cisco Exam, Cisco Exam Prep, Cisco Tutorial and Materials, Cisco Preparation, Cisco Learning, Cisco Career, Cisco Skills, Cisco Jobs

We work from just about anywhere. Coffee shops, airplanes, kitchen tables. The nature of our work is hybrid and when we aren’t in shared spaces with our colleagues, we rely on our collaboration suite to keep us connected. As the collaboration leader for video endpoints across Cisco, my day revolves quite heavily around Webex and delivering consistent collaboration experiences to Webex users.

As we work across the world using collaboration tools both internally and externally, managing that experience is becoming more complex. With earlier tools, learning when, where, and why our collaboration services, devices, or applications faltered was like trying to find a rogue brace in 100,000 lines of code. Shortly after we migrated to our Cisco Collaboration Meeting Rooms Cloud solution, we began working on Webex Control Hub. Ever since, we’ve become smarter about pinpointing those rogue braces.

Control Hub is a centralized collaboration management portal that offers troubleshooting, analytics and compliance capabilities for our collaboration portfolio. We have multiple services, like Webex Meetings, Webex App, Webex Devices, Webex Calling, and with Control Hub, we get to see what’s happening across the board in our environment. In a word, it’s amazing.

Diving into Webex data to troubleshoot

In the past, let’s say Fernando called to escalate a connection issue he had with Webex Meetings. We’d have to wait on Cisco Technical Assistance Center (TAC) to get backend Webex data and send it our way. Then, we’d go down a rabbit hole trying to pinpoint the issue, pulling information from different sources while trying to piece together a picture of what went wrong. Meanwhile Fernando is frustrated he can’t join calls. It’s affecting his work productivity. It’s not great for business.

Today, when Fernando says he has a problem, we find it quickly. Control Hub populates a single dashboard with data from our entire environment, from aspects like users, devices, places, and services. Control Hub visually organizes that data to show me where Fernando is having issues, whether it’s a network issue, or a loose cable on his Cisco Webex Desktop Pro device. It’s a user-friendly interface, and in an instant, I spot when Fernando’s call is disrupted, for how long, what his bandwidth was, his latency – I get the entire picture, not pieces.

Webex Control Hub, Cisco Exam, Cisco Exam Prep, Cisco Tutorial and Materials, Cisco Preparation, Cisco Learning, Cisco Career, Cisco Skills, Cisco Jobs
An administrator’s view of Webex Control Hub

If Fernando was on a conference call at the time of his connection issue, Control Hub offers up meeting information in a single view. All the participants, the types of endpoint clients they’re using, the meeting type, how long it takes to join the meeting, and network statistics of the call are visible. As an admin, joining the call to evaluate it in real time and troubleshoot live is an option.

In Control Hub, we pull logs from a device, whether it’s on the network or not. We comply with data privacy in every region, and while we can’t see everything, alerts and some diagnostics pop up, which is always better than nothing. We get way more troubleshooting capabilities for devices that aren’t on the network.

When viewing the logs, the simple dashboard reports when changes happen, and this information is collected. It narrows down the field of what is going on when a user says, ‘my device isn’t working’.

I’ve helped Fernando within a few minutes instead of a few hours. With analytics, I’ve identified if this is a particular pattern other users may be having and proactively monitor or alert them before it becomes an issue. Control Hub enables us to be more efficient, more resilient, and more focused on providing an exceptional collaboration experience.

Winning with user and device management


Managing thousands of devices and users comes with its own nuances, not to mention security protection challenges. Control Hub simplifies provisioning, authentication, and authorizing users on our Webex platform. We ensure that only successfully authenticated users are accessing spaces and services they’re meant to, using Key Management Service (KMS) – meaning unauthorized users will not be able to join your calls or spaces.

Once users are added, we manage their services and settings from Control Hub. This makes onboarding so much more straightforward. When new hires join Cisco, they turn their laptops on, sign in, and get straight to work meeting their new colleagues. When employees refresh their laptops or buy a new device, they don’t need to go through a long migration or setup. They log in, authenticate with Single Sign-On and Duo, and it works. We download device logs and push configuration changes to devices as well. It helps us make the collaboration experience better for everyone.

We also run proactive scripts that help us monitor devices regularly. These scripts perform audits on the devices for status, and if something pops up a couple of times, we open a case. The reason we do this is to make sure that the devices in our demo centers and offices are working to specification. Meaning, if Sam walks into a conference room in San Jose one week and into Bangalore another, her experience of the devices is consistent, no matter where she is in the world.

Simplified support and APIs


A lot of internal development went into simplifying the bot creation process with BotLite, a bot-making platform powered by MindMeld and Webex Teams. Using bots transforms so much of our work in terms of how we’re able to better support our user base and how our user base becomes more comfortable with self-service.

German Cheung, a Cisco technical systems engineer, has developed diverse tools via Webex Bots that add a lot of value to our services. The BVE Support bot, for example, provides various tools to our multi-tiers support teams based on their roles without breaking apart the role-based access permission in Control Hub. With the intelligent workflows and automations built into the bot, our support teams can interact with the bot to check, diagnose, pinpoint, and fix the issues in a few clicks. The bot helps to standardize the procedures of diagnosis, troubleshooting, validation and fixing. It also helps to reduce human intervention and the misconfiguration caused by human errors. MTTR (Mean Time to Repair) has decreased significantly. The bot remediates issues caused by access permissions, case escalations, and repeated steps. For example, one bot tool, UCM Calling Enablement in Webex, completes all checks across multiple infrastructures and services, and fixes issues automatically in about 15 seconds. Manually, that task usually takes anywhere from several minutes to several hours. The bot resolves cases quickly and more importantly, the user experience is that much better.

A great deal of information comes from various contributing platforms that help us make calls, launch applications, and develop bots. When we think of Webex, it’s not only about video endpoints and Webex meetings. We also have Webex apps that encourage engagement or streamline our workspaces too, like Miro, Slido, and M365. We manage those configurations within Control Hub.

Cisco IT has a culture of developing creative solutions. Webex has an open architecture; it allows you to develop your own solution. If we don’t offer it, it means the APIs are there if you need to develop something, just for your company and your users.

Needles in haystacks are painful and unnecessary


Is there a way to avoid twenty-questions when a senior leader says, ‘my device isn’t working’? Yes. What about when a user encounters dropped calls in Webex? Sure. Data is a beautiful thing when it’s used insightfully. While it’s still a work in progress, Control Hub gives us more time to make a great collaboration experiences even better – and with exceptional support.

Source: cisco.com

Thursday, 30 June 2022

Deployment Options Expand with New Cisco DNA Center Virtual Appliance

Virtualization technology has changed the world of IT and enabled cloud computing. It has also been embraced by Cisco customers due to its flexibility and cost benefits. That demand is behind our recent announcement at Cisco Live of the Cisco DNA Center Virtual Appliance, which gives customers new deployment options for our network controller, whether deployed within the company data center or in public and private clouds.

Why a Virtual Appliance?

A virtual appliance provides operational flexibility and choice. For new Cisco DNA Center customers, choosing a Cisco DNA Center Virtual Appliance for deployment in their data center eliminates additional capital expenditures, supply chain worries, long lead times for orders, and truck rolls.

There are many other benefits of a virtual appliance: Eliminating lengthy and expensive compliance and certification checks; fast, automated deployment; and high availability, implemented with the use of native features. A virtual appliance in the cloud can also scale out; with the Cisco DNA Virtual Appliance in the cloud, customers can manage up to 5,000 devices.

Multiple Options for New and Existing Cisco DNA Center Customers

The Cisco DNA Center Virtual Appliance is designed to be deployed in a public cloud service starting with AWS (and later Microsoft Azure and Google Cloud Platform) or in a VMware ESXi (and later Hyper-V and KVM) virtual environments located on-premises or in a co-location facility (Figure 1).

Cisco DNA Center Virtual Appliance, Cisco Networking, Cisco Exam Prep, Cisco Certification, Cisco Career, Cisco Skills, Cisco Learning, Cisco Tutorial and Material, Cisco Prep
Figure 1. On-premises and Cloud Versions

These virtual appliances from Cisco have feature parity with today’s physical Cisco DNA Center platform (Figure 2). Additionally, customers can take advantage of native high availability features from AWS and VMware to deliver quality performance and minimize downtime.

Cisco DNA Center Virtual Appliance, Cisco Networking, Cisco Exam Prep, Cisco Certification, Cisco Career, Cisco Skills, Cisco Learning, Cisco Tutorial and Material, Cisco Prep
Figure 2. Feature Parity Across Physical and Virtual Appliance Versions

We’re providing our customers with options because some customers, especially government agencies with strict security requirements, don’t want to deploy management solutions in the cloud. They require physical Cisco DNA Center appliances and Cisco will continue to provide them. We fully support the air gap capability to ensure that networks can be physically isolated from unsecured networks like the public Internet or an unsecured LAN.

Cisco DNA Center Deployments, License Portability, Prime Migrations


Current DNA Center customers wanting to expand to the cloud can quickly, easily, and cost-effectively add a separate instance of Cisco DNA Center Virtual Appliance to remote offices or branches, maintaining a physical appliance in their central data center. This hybrid approach is seamless due to license portability and the choice of different platforms. You can easily deploy Cisco DNA Center in the data center or in a cloud, using the same license.

Cisco DNA Center Virtual Appliance is an option for customers migrating from Cisco Prime management infrastructure to Cisco DNA Center. Cisco Prime Infrastructure (current Release 3.10 Patch 1) includes a Cisco DNA Center coexistence and migration feature that allows users to easily export data from Cisco Prime Infrastructure to Cisco DNA Center. The two management and control systems can be operated in parallel so IT teams can train and get familiar with Cisco DNA Center before a complete system migration is performed. Teams can begin to migrate as soon as they are comfortable with the new paradigm for NetOps, AIOps, SecOps, and DevOps capabilities that Cisco DNA Center offers.

The Cisco DNA Center Virtual Appliance is here. Now you can manage and troubleshoot your network using Cisco DNA Center as a physical or a virtual appliance. Or deploy both types of appliances, on-premise or in the cloud. Then sit back and manage your network with a steady hand using guided Cisco workflows specific to job roles in NetOps, AIOps, SecOps, or DevOps.

Source: cisco.com

Tuesday, 28 June 2022

Cisco Catalyst 9200CX Series switches now in Compact size

Cisco Catalyst 9200CX Series, Cisco Exam Prep, Cisco Tutorial and Material, Cisco Certification, Cisco Career, Cisco Jobs, Cisco Skills, Cisco Learning

Hybrid work has become prevalent everywhere and it is here to stay. It is important for your network to be able to handle business demands more efficiently and remotely. This is especially emphasized in extended small enterprise and campus locations. Cisco Catalyst 9200 Series switches offer trusted network capabilities, with more flexibility, energy efficiency, and ease.

Hybrid work extended

Just 2 or 3 years ago, you probably didn’t even know what it was like to do hybrid work outside of the office. Now, you cannot imagine doing your job without it. You can be working in the office, or hybrid working in a café, with a nice breeze, reviewing security anomalies.

Hybrid work is a reality and connectivity needs are changing every day. In some cases, deployments are temporary installations or have smaller more efficient requirements. You need a versatile network that is predictable and not just in the small branch offices but also extended onto your campus and temporary settings. You need this network to make your hybrid work, work. All of these needs are addressed by the trusted and powerful backend infrastructure the Cisco Catalyst 9000 switches can deliver.

Connect with flexibility

Cisco has been focused on delivering products to support hybrid work. Cisco offers more flexibility in network deployments with more power density per size at a lower cost, efficient power options, and secure Zero Trust networks to simplify IT jobs.

Imagine a switch that offers PoE (Power over Ethernet) so you can connect more power-hungry devices like laptops, monitors, lighting, HVAC, and refrigerators into a previously siloed network, therefore enabling more flexibility for secure hybrid networks. All this can be supported with the Cisco Catalyst 9200 Series switches. It allows you to work more flexibly, more confidently, remotely, and in small business branches and campuses, extending your hybrid work environments.

Efficient Smart Buildings

Energy efficiency impacts the bottom line and is environmentally friendly – so it is a win-win in your operations. PoE ports bring switches closer to the endpoints while facilitating efficient power usage and consolidated networks. This is especially practical in smart buildings to provide sustainable and healthier spaces to meet the demands of hybrid work.

The Catalyst 9200 Series switches, with Class 6 Power PoE devices, can offer efficiencies, from less power consumption to reducing power losses on some models.

Lower energy bills AND help the planet without compromising your connectivity. Yes, please!

Connect with ease to ‘set it and forget it’

IT teams love the Catalyst 9200 switches because of features like Zero-Touch Provisioning (ZTP) and flexible power options. ZTP is a ‘must have’ feature for small branches where IT teams can automatically set up devices using a switch feature – and eliminate most of the manual labor and travel expenses associated with branch upkeep.

Executive-level C-Suite decision makers love Catalyst 9200 Series switches because they are predictable and can help to reduce costs so lean IT teams can ‘set it and forget it’ when doing out-of-the-box installations at small branches and other sites.

What else is new?

The Cisco Catalyst 9200CX compact models extend their Layer 3 network access with all the features of the Catalyst 9200 Series switches, plus even more flexibility with its smaller size, and more energy-efficient fanless operation. The smaller footprint and quieter fanless design mean the switch can go in more places where other switches cannot, such as under desks, in closets, on the wall, and at the checkout counter for retail point of sale (POS) installations.

More use-cases include locations that are easy to set up and easy to dismantle, such as ATM rentals, small office home offices (SOHO), extended hospitals, mobile clinics, classrooms, cruise ships, sports games, festivals, events, and pop-up kiosks.

One quick look and you will notice something different about the Catalyst 9200CX models. The enclosure is designed to reduce the costs of cooling and be more environmentally friendly.

Additional Key Benefits of Catalyst 9200CX

◉ Naturally cooled fanless operation

◉ Multiple port choices with incredible speeds, some uplinks increase from 1G to 10G

◉ AC/DC power convergence with increased power efficiencies and reduced conversion losses

◉ Zero Trust security with policy-based segmentation, for less downtime

◉ Built-in micro-SSD (Solid State Drive) card slot for the “offline” setup

Source: cisco.com

Sunday, 26 June 2022

Autonomous Operations in Mining

Trend Overview

By the end of 2021, Caterpillar has hauled more than 4 billion tons of product and driven more than 145 million kilometers autonomously. As an aside, that’s the distance of a round trip to Mars. Autonomous technology is mature.

Autonomous Operations in Mining, Cisco Certification, Cisco Career, Cisco Skills, Cisco Jobs, Cisco Learning, Cisco Preparation, Cisco Mining, Cisco Tutorial and Materials

Perhaps haulage is the simplest of all autonomous problems to solve and has the most significant return on investment. In 2017, Rio Tinto identified that in one year, each of their autonomous trucks had 700 more production hours than an average conventional truck. Autonomous trucks are 15% less expensive to operate and generate up to 30% more productivity.

With these substantial benefits, you would think mines would be trending to full autonomy. Here are a two of the most significant challenges.

Reliable wireless coverage everywhere

Reliable and pervasive wireless access to the autonomous system is critical for all elements of an autonomous environment. For the haulage use case, the path of haul trucks is well defined and only covers a small percentage of a full mine. Coverage in that well defined region is much less costly than full and reliable coverage of a mine.

Use cases like autonomous dozing, autonomous operation of service vehicles, and other systems could be anywhere in the mine.

Reliable instrumentation and control software

In the Caterpillar example above, all the critical components are controled by Caterpillar. Most new Caterpillar equipment can be bought with all the sensors and actuators required for autonomous operation. Cat Command is the autonomous system that coordinates all the vehicles in the autonomous zone. Even vehicles that are not Caterpillar need to be fitted with Cat Command software so they can be seen in the autonomous system.

In today’s mine there are numerous vehicles, gauges, valves, and measurement points that are not connected and may not even have the sensors required for autonomous operation.

Every mining company needs to make a business decision about which processes or activities should become autonomous in their mines.

Industry POV

Cisco’s infrastructure solutions are a critical part of an autonomous mining solution. Here are a two practical ways that Cisco technology makes autonomous projects more successful.

Reliable wireless coverage

Cisco Wifi was the early favorite for wireless connectivity to autonomous trucks. Caterpillar and Sandvik have done extensive testing with Cisco wifi and continue to support this technology. Since then, many mining companies have started testing and deploying LTE in hopes that it will provide broader mine coverage at a similar price point and provide more consistent connectivity. Now, Cisco is starting to see an increase in its Ultra Reliable Wireless for autonomous use cases as well, mostly because of its price point and very high reliability.

The important consideration Is that Cisco has solutions in all three of these technologies for autonomous operation in an integrated architecture.

Broad instrumentation partnerships

The culture at Cisco is one of partnership. These companies include autonomous system providers, instrumentation vendors, analytics platforms, and numerous other technologies that provide a platform for autonomy.

Although haulage solutions are usually self contained systems with very few outside elements, other autonomous systems will likely have a lot more diversity in their sensors, actuators, software and analytics. This approach will require a rich ecosystem of partners like the one that Cisco operates in.

Source: cisco.com

Saturday, 25 June 2022

Our future network: insights and automation

Insights and automation will power our future network. Think of it as a circular process: collect data from network infrastructure. Analyze it for insights. Share those insights with teams to help them improve service. Use the insights to automatically reprogram infrastructure where possible. Repeat. The aim is to quickly adapt to whatever the future brings—including new traffic patterns, new user habits, and new security threats.

Cisco Certification, Cisco Learning, Cisco Preparation, Cisco Jobs, Cisco Tutorial and Material, Cisco Automation

Now I’ll dive into more detail on each block in the diagram.

Insights


Data foundation. Good insights can only happen with good data. We collect four types of data:

◉ Inventory data for compliance reporting and lifecycle management
◉ Configuration data for audits and to find out about configuration “drift”
◉ Operational data for network service health monitoring
◉ Threat data to see what parts of our infrastructure might be under attack—e.g., a DDoS attack on the DMZ, or a botnet attack on an authentication server

Today, some network data is duplicated, missing (e.g., who authorized a change), or irrelevant. To prepare for our future network, we’re working to improve data quality and store it in centralized repositories such as our configuration management database.

Analytics. With a trusted data foundation, we’ll be able to convert data to actionable insights. We’re starting by visualizing data—think color-coded dials—to make it easier to track key performance indicators (KPIs) and spot trends. Examples of what we track include latency and jitter for home VPN users, and bandwidth and capacity for hybrid cloud connections. We’re also investing in analytics for decision support. One plan is tracking the number of support tickets for different services so we can prioritize the work with the biggest impact. Another is monitoring load and capacity on our DNS infrastructure so that we can automatically scale up or down in different regions based on demand. Currently, we respond to performance issues manually—for instance, by re-routing traffic to avoid congestion. In our future network we’ll automate changes in response to analytics. Which leads me to our next topic: automation.

Automation


Policy and orchestration. February 2022 marked a turning point: we now fulfill more change requests via automation than we do manually. As shown in the figure, we automatically fulfilled more than 7,500 change requests in May 2022, up from fewer than 5,000 just six months earlier. Examples include automated OS upgrades with Cisco DNA Center Software Image Management (SWIM), compliance audits with an internally developed tool, and daily configuration audits with an internal tool we’re about to swap out for Cisco Network Services Orchestrator. We have strong incentives to automate more and more tasks. Manual activities slow things down, and there’s also the risk that a typo or overlooked step will affect performance or security.

Cisco Certification, Cisco Learning, Cisco Preparation, Cisco Jobs, Cisco Tutorial and Material, Cisco Automation
In our future network, automation will make infrastructure changes faster and more accurate. Our ultimate goal is a hands-off, AIOps approach. We’re building the foundation today with an orchestrator that can coordinate top-level business processes and drive change into all our domains. We are working closely with the Cisco Customer Experience (CX) group to deploy Business Process Automation solution. We’re developing workflows that save time for staff by automating pre- and post-validation and configuration management. The workflows integrate with IT Service Management, helping us make sure that change requests comply with Cisco IT policy.

Release management. In the past, when someone submitted a change request one or more people manually validated that the change complied with policy and then tested the new configuration before putting it into production. This takes time, and errors can affect performance or security. Now we’re moving to automated release pipelines based on modern software development principles. We’re treating infrastructure as code (IaC), pulling device configurations from a single source of truth. We’ve already automated access control list (ACL) management and configuration audits. When someone submits a change to the source of truth (typically Git), the pipeline automatically checks for policy compliance and performs tests before handing off the change for deployment.

The Road Ahead


To sum up, in our future network, the only road to production is through an automated pipeline. Automation helps us adapt more quickly to unexpected change, keeps network configuration consistent worldwide, and reduces the risk of errors. We can’t anticipate what changes our business will face between now and 2025—but with insights and automation, we’ll be able to adapt quickly.

Source: cisco.com