Cisco Intersight Gets a New Look

New User Interface Signals Milestone for Hybrid Cloud Operations Platform

Cisco Intersight, Cisco’s hybrid cloud operations platform, passed a major milestone with the recent release of its new user interface (UI). The UI introduces Cisco’s new branding for its Cloud Networking and Computing software portfolio, brings Nexus Cloud (Cisco’s cloud-managed platform for networking) into the Intersight platform, and improves readability and task findability.

Consistent User Experience

“One of our priorities for the software-as-a-service offerings in Cisco’s Networking and Computing portfolio is to provide a consistent and familiar user experience, no matter which product someone’s using,” said Jeff New, Cisco Intersight Product Manager. Intersight is the first platform to introduce Cisco’s common UI that will be rolled out across its data center computing, networking, and security solutions to provide a more consistent experience for customers.

Cloud Networking, Newest Intersight Platform Service

Intersight’s new UI also introduces cloud-managed networking as the platform’s newest IT operations service. This signals the next step in the platform’s vision to simplify IT operations through a cloud operations model that extends the principles of the cloud to the entire cloud/network IT stack. Nexus Cloud will debut as a service on Cisco Intersight following its current tech preview.

Intersight users can select the IT operations functions they need to perform using the multi-service selector

To easily access Intersight’s services, the new UI introduces a multi-service selector. From the selector, users can choose:

◉ Infrastructure Service – visualize, control, and automate Cisco UCS, HyperFlex, and third-party computing devices

◉ Cloud Orchestrator – automate workflows with a drag-and-drop designer to accelerate delivery of apps and infrastructure

◉ Workload Optimizer – ensure applications get resources when and where needed, at the lowest cost

Nexus Cloud – deploy, manage, and operate your Cisco Nexus networks from the cloud

◉ My Dashboard – personalize a multi-service dashboard using widgets for capabilities across the services on the Intersight platform

◉ System – Claim devices, licensing, identity access management, and other account settings

Intersight users will have access to the functions they have licensed and their corresponding permissions. Once users are in a specific service, they’ll find capabilities in a familiar way.

Command Palette – Get to Actions and Information Quickly

Intersight is a comprehensive solution for hybrid cloud operations with a robust feature set. Intersight users have asked for a faster way to find specific objects in their environments as well as the actions they want to take.

To do this, we’ve introduced the Command Palette. Based on a simple search approach, users can input what they want to do and select from the search results. (“Command K” for Mac users and “Control K” for PC users.) The command palette shows suggestions based on your current context and items you’ve used recently.

Users who took part in the tech preview of the new UI report being pleased with the shortcut to specific tasks they want to execute. This lets them launch operations and begin working in fewer clicks.

Cisco Intersight users can find actions fast using the Command Palette.

Users can find actions fast using the Command Palette

The new UI also improves readability. The classic Intersight UI presented information in a dense way with heavy text on a single screen. In the new UI, users will find that readability is improved with more relevant information on individual screens and more space that allows users to focus on what’s most important.

One UI, Multiple Benefits

“The new UI is more than an improved look and feel,” said New. “The release of the new UI marks the next significant milestone on our vision to deliver a flexible hybrid cloud operations platform to help customers simplify IT operations. Cloud networking joins the suite of Intersight services, with more to come. And through the common UI, we’re lowering the learning curve for customers of Cisco software so it’s easier to get up and running.”

Source: cisco.com

Continue reading

CCT Routing and Switching 100-490 RSTECH Exam: Get to Know How to Pass

Cisco CCT Routing & Switching certification emphasizes on the skills needed for onsite support and sustenance of Cisco routers, switches, and working environments. Technicians in this field must be able to recognize Cisco router and switch models, cabling, accessories, and interfaces; perceive the Cisco IOS Software operating modes and recognize ordinarily found software; and be able to utilize the Cisco Command Line Interface (CLI) to link and service products. One must pass the Cisco 100-490 RSTECH exam to obtain the CCT Routing & Switching certification.

CCT Routing & Switching 100-490 RSTECH Exam Information

The applicant is only said to be completely prepared once they understand and master the essential information for any exam. The CCT Routing and Switching (100-490 RSTECH) exam evaluates an applicant's understanding and expertise concerning the following objectives.

Cisco 100-490 RSTECH Exam Objectives

General Networking Knowledge (25%)

Cisco Equipment and Related Hardware (20%)

Cisco IOS Software Operation (29%)

Service-Related knowledge (26%)

Basic Details of Cisco 100-490 Exam

Let us dive into the basic details of the Cisco 100-490 RSTECH exam. The exam comprises 55-65 multiple-choice questions. This Cisco exam is available in the English language. Also, the Cisco CCT Routing and Switching (100-490 RSTECH) certification is valid for three years.

Studying for CCT Routing and Switching 100-490 RSTECH Exam

If you want to obtain the CCT Routing and Switching certification, you need to pass Cisco 100-490 RSTECH exam. If you consider this exam as another task to accomplish, you will be able to carry it out with amazing results. Just concentrate on learning and mastering all the exam syllabus topics; the rest will be pretty easy whenever you are taking any exam; one of the initial things you will require to do is to obtain the right study resources.

The first platform from where you should begin is the Cisco official website. Cisco itself offers many learning materials for those who want to utilize official resources. You can come across many learning materials on the official website, like the Cisco community, 100-490 RSTECH study guide, training courses, practice tests, and much more. The Cisco community is the ideal place to join in to solve all the questions you have with other members of the community. All the details of these learning resources can be found on the certification's official webpage.

And to perform the CCT Routing and Switching practice exam, you can explore the nwexam website. This is the best website providing practice tests for the Cisco certification exam. They help you assess your preparation level for the exam topics as well as equip you with exam-taking skills. The practice tests will equip you with knowledge and skills but also helps you get familiar with an exam environment before facing the actual exam.

Additional Tips for CCT Routing and Switching Exam

During the preparation stage, not only study resources are important, but also the steps that you take. When you are studying for the CCT Routing and Switching 100-490 RSTECH certification exam, try to make a study plan so that you can learn the syllabus topic within time and assign enough time for each of them. Take into account all the resources available and give each of them an identical time during every week of your preparation. But don’t overlook counting your free time with your family, responsibilities, and other pleasing things you require.

If you want to pass this CCT Routing and Switching exam on the first shot, it is best to concentrate on studying the essential objectives. Thus, you should attempt as many practice tests as possible because they will make a huge difference. Once the exam day reaches, you should ensure that you sleep well the night before and don’t learn anything new on this day. If you start revising concepts instead of just giving yourself a break before the actual exam, there is a possibility that you might start to ignore important details. Have faith in your exam preparation and take your certification exam smoothly.

Pro Tip: Don’t be frightened to use multiple resources because this might be the thing that will help you pass the exam.

Conclusion

Passing the CCT Routing and Switching 100-490 RSTECH exam will demonstrate to organizations that you hold all the skills needed for onsite support and maintenance of Cisco routers, switches, and operating environments.

Cisco certifications are greatly appreciated in the professional world, and if you hold one, it will be a shining star on your CV. Obtaining the CCT Routing and Switching certification will smooth your career path, so why not grab this opportunity and put all your efforts into this milestone?

Continue reading

Vacationing and IT Operations Part 3: Manage the Change

You are looking forward to a day of island hopping. The cruise has been booked, swimming trunks and snorkels packed – you are ready to dive right in. Alas, on the day of the trip the weather gods decided to rain on your parade. Literally. Now what? You can’t afford to waste a precious vacation day cooped up in a hotel room but it’s too late to plan an alternative.

Continuously Optimize for changes

Thankfully, your hotel has an awesome concierge desk. They have been monitoring the weather forecast and proactively created a few alternate options should things not go according to plan. Within minutes of your cruise being canceled, you get a call from the concierge desk offering day passes to the local indoor amusement park. Wave pool, bowling, rides, food court – the whole nine yards. Wouldn’t it be great if your IT infrastructure was this smart in handling change?

Change Management

Change is the only constant. Your IT team knows this too well. Maintaining the health of an ever-changing hybrid cloud environment is not easy: multiple layers of heterogeneous infrastructure, distributed workloads, and applications across different platforms, dynamically changing, require constant monitoring, and decisions about cost, performance and compliance are made at the speed of the cloud. This is a challenge beyond the human scale, and it requires the power of data and analytics to solve.

Transform data into insights across your entire environment

A key part of the value proposition of Intersight is how the platform optimizes your environment and constantly adapts to changes.

Increase your situational awareness and remediate faster to stay ahead of problems

Intersight leverages intelligence across all layers

Starting with Cisco Intersight Infrastructure Services, hardware and firmware are monitored to help ensure that your systems are always compliant with the Cisco Hardware Compatibility List (HCL)—any unsupported configurations cause automatic alerts. At the same time, Cisco Intersight Workload Optimizer analyzes and correlates telemetry across your full stack, from your physical servers to virtualized resources, Kubernetes clusters, and application components, wherever they are, to visualize application and infrastructure dependencies.

In addition, Cisco Intersight offers an always-on connection to the Cisco Technical Assistance Center (TAC), constantly monitoring your environment to help identify configuration issues before they become problems. It watches for anomalous infrastructure events, capturing log information and providing centralized alerts about failure notifications or policy violations.

Reduce risk and costs – optimize performance

Automate complex workload placement decisions with intelligent recommendations

All this telemetry and intelligence captured by Intersight across the different layers of your stack is used to automate tasks and decisions that would be otherwise manual, enabling your environment to truly scale. Using an AI-powered recommendation engine, Intersight continuously assures application performance by automating scaling and placement actions, provisioning resources to meet demand, or correcting misconfigurations to avoid disruptions and unnecessary costs.

Intersight gets smarter over time and adapts better to your unique needs with historical data feeds, producing better real-time recommendations and advanced scenario modelling outputs. Examples of automated tasks include applying security patches and operating system upgrades for physical servers, to licensing for databases on your virtual machines, to resizing and moving workloads for performance and cost, auto-scaling Kubernetes clusters, or applying user access policies across all layers of infrastructure etc.

Finally, Intersight can automatically generate and forward Cisco TAC support cases when required and even raise service requests and return material authorizations (RMAs) automatically.

With complete visibility into on-premises and public cloud application requirements, resource utilization, availability, and costs, Cisco Intersight can improve your overall situational awareness, reduce risk and cost, and free your teams to focus on more important things.

The show must go on

Cisco Intersight can help you smoothly manage disruptions and reduce risk and cost, through complete visibility into on-premises and public cloud application requirements resource utilization, and availability. Allowing your teams to free their focus for more important things, like soaking up that awesome wave pool. Rain or shine.

Source: cisco.com

Continue reading

Scaling the Adoption of Private Cellular Networks

1. Private Networks

Private networks are essential to every enterprise. Enterprises use private networks to integrate information systems into their operations and to continue their digital transformation through technology integration into business processes. Over the past twenty years, Wi-Fi has become an essential component of nearly every private network. Wi-Fi accelerates digital transformation and supports a wide variety of enterprise-specific value propositions.

Back in the early 2000s, Cisco’s own analysis estimated that Wi-Fi adoption by its employees was resulting in staff being 86 minutes more productive per day than their tethered counterparts. More recently, analysis of Wi-Fi adoption by retailers indicates improvements in top and bottom lines, with positive impact on customer loyalty, increased insights through the use of wireless network analytics and increased sales. Other examples include industrial predictive maintenance use cases that are delivering 10-20% increases in equipment uptime and 5-10% decreases in overall maintenance costs. One report indicates that Wi-Fi is being used in 34% of such deployments across different industry sectors. Finally, in sports and entertainment, digitization is transforming the fan experience. At the SoFi stadium, the private network uses a massive deployment of more than 2500 Cisco Access Points to deliver the fastest and most reliable fan experience, that is reported to have resulted in the most digitally engaged set of spectators.

Across all verticals, from carpeted office, through to retail, manufacturing and sports and entertainment, Wi-Fi based private networks have proved themselves adept at supporting the widest range of business needs and value chains.

2. Complementary wide-area cellular technology

In parallel with enterprise adoption of local-area Wi-Fi networks, several industry segments have integrated cellular wide-area technology into their business processes. The earliest use cases adopting wide-area cellular technology have focused on the benefits offered by the wide area coverage offered by public cellular providers. In contrast to the local-area private Wi-Fi networks, public cellular coverage supports nationwide service. Phone based systems that connect vehicle users have always been an important segment for public cellular providers. But now we see integration of cellular modem technologies into the latest utility meter offerings, where the cellular connectivity is able to provide near real time visibility of energy consumption to utility customers. The wide area coverage ensures that a uniform solution can be offered across a particular geography.

Transportation systems that integrate cellular modems leverage the same wide area capability. The latest connected warning signs now benefit from secure connectivity from road-side control cabinets to the central data centre. Fleet management solutions use wide area cellular connectivity to improve vehicle maintenance, lower fuel consumption as well as automated logging of odometers, rev-meters and accelerometers.

Over the years, public cellular providers have adapted their product and services to enable a range of different verticals to integrate cellular modems that benefit from wide area connectivity into their business processes while supporting a range of different business relevant value propositions.

3. The emergence of private metropolitan-area cellular networks

The coverage advantage of public cellular systems has driven adoption by those use cases that necessitate national or international coverage. So called “metropolitan area network” use cases can similarly benefit from this coverage advantage. One of the earliest examples of such is the Australian regulator ACMA that permits use of 3GPP defined 1800 MHz cellular frequencies for supporting point-to-multipoint systems for private networks in regional and remote areas of Australia. This has led to the adoption of private cellular networks by mining and energy companies that have operations that span over significant distances and where the increased range of cellular based point-to-multipoint systems offer clear advantages compared to local Wi-Fi based unlicensed alternatives.

In the US, many utility companies used to operate private metropolitan-area networks based on WiMAX technology. These have now transitioned to private LTE based systems, enabled by the recent innovation in spectrum licensing associated with CBRS. Now airports are using these new licenses to operate private LTE networks, leveraging the extended range offered by cellular frequencies to enable better coverage of the apron where aircraft are parked to support baggage and maintenance use-cases.

In the UK, from 2019, Ofcom took the decision to augment its approach to licensing spectrum for cellular operation, with the introduction of shared access to spectrum for a newly introduced 5G band. The specific 5G band covers 400 MHz of spectrum between 3.8 and 4.2 GHz. Ofcom’s rationale for the novel approach was to “enable the deployment of private networks with greater control over security, resilience and reliability”. Ofcom has made two types of local license available:

◉ a low power license that authorizes the licensee to deploy as many radio access points within a 50 metre radius of a defined reference point. The radio access points have a maximum emitted power of 24 dBm (for a 20 MHz carrier) and an antenna height limited to 10 metres above ground.

◉ a medium power licensed that authorizes the licensee to deploy a single radio access point at a defined rural location where the radio access point has a maximum emitted power of 42 dBm (for a 20 MHz carrier).

Previously businesses wanting to benefit from integrating cellular service into their business operations had to engage with public cellular operators that had been licensed exclusive spectrum. Now, these new regulatory approaches are allowing businesses to deploy local and metropolitan cellular systems independently of public operators.

4. Standardization of 3GPP Non-Public Networks

5G is targeted at fulfilling the requirements from different industrial segments. In order to meet such expectations, 3GPP Release 16 defines enhancements to the 5G system to support Non-Public Networks (NPNs). This introduces two new cellular identifiers, a Non-Public Network Identity (NID) and a Closed Access Group Identity (CAG-ID), enabling devices to perform non-public network identification, discovery and selection as well as enabling the NPN to implement access controls. In release 16, the NPN can be deployed in two different configurations:

◉ “stand-alone” mode (S-NPN) where the NPN is deployed in isolation of a public cellular network, and

◉ in“public network integrated” mode (PNI-NPN) where the NPN leverages 5GS functionality delivered by the public cellular network, including SIM/identity management.

The PNI-NPN deployment can, subject to agreed policies, enable an enterprise device to seamlessly transition between the NPN access network and the public cellular network. In contrast, the Release 16 S-NPN is considered isolated from other networks. However, release 17 has seen further enhancements with the ability for a device to access the S-NPN using credentials owned by a separate credential holder (CH) entity. The credential holder can be a private enterprise, or can be a public cellular operator, enabling a SIM-based public cellular identity to be used to authenticate a device on an S-NPN. Note, whereas such a scenario would conventionally be referred to as “roaming”, 3GPP’s use of roaming is limited to using another public cellular operator’s visited network and hence 3GPP refers to authentication between S-NPN and CH as “interworking”.

These latest NPN capabilities, when coupled with the new approaches to licensing cellular frequencies, are specifically aimed at broadening the applicability of private cellular networks to the widest range of businesses.

5. Operating inter-connected networks

Operating interconnections between networks, be that peering interconnect, an ISP service or roaming, always requires a technical framework and a financial framework that are referenced in terms defined in legal agreements agreed between parties.

The GSM Association came into existence to drive matters essential for the implementation of a pan European roaming service. Since its inception back in the 1990s, GSMA’s remit has since broadened to address services and solutions that underpin interoperability and make mobile work across the world. Serving its operator members, GSMA defines how to operationalize the roaming reference points defined by 3GPP to enable their operator members to support international roaming. This includes defining international roaming agreements, operating systems to enable collecting and sharing roaming related business and technical information, and procedures that enable the exchange of roaming signalling between different operators.

In contrast to the unified inter-operator cellular system operationalized by GSMA, historically the private wireless industry has taken a decentralized approach, with each individual wireless hotspot provider defining their own legal terms and getting end-users to agree to those before being able to access via the private network. This decentralized approach has not inhibited private wireless hotspot adoption, with some estimates of over 500 million Wi-Fi hotspots available worldwide. However, more recently it has inhibited usage, as users avoid the required user engagement necessary to accept the hotspot’s legal terms.

6. Scalability

How to scale interconnect is a significant issue for private networks. While GSMA has been successful in scaling roaming between the 800 public cellular operators, there are still challenges in scaling GSMA interconnect. This requires the use of roaming hub providers to scale operations. Importantly, such hub models are predicated on the use of financially settled service that can be used to pay for the services of the roaming hub provider. In contrast, the businesses that have deployed private wireless networks frequently do not require financial remuneration from another enterprise in exchange for providing access, be that from a third party private enterprise or a public cellular operator. Without financial remuneration to enable conventional hub models, an alternative approach to scaling may be required for private networks.

Another key aspect of scaling private networks is related to the dimensioning of inter-connected signalling that is a function of the geographical coverage of the private wireless access network and the number of subscribers served by a particular credential holder. Public cellular networks provide nationwide coverage to 10s of millions of subscribers. Such scale drives significant roaming signalling traffic between cellular providers that enable assumptions related to longevity of signalling connections to be embedded into technical procedures that support bidirectional signalling between all public cellular operators. In contrast, early data from the Wireless Broadband Alliance (WBA) on adoption of its OpenRoaming federation, a system designed to operate with private wireless networks, indicates that dimensioning in private deployments may be as low as one thousandth of that experienced by a conventional public cellular network.

With some forecasting 1 million private cellular networks by the end of the decade, a thousand times the current number of public cellular networks, we can anticipate the future scalability challenges of being able to support 1000 times more networks, each with 1/1000th of the signalling load.

7. Interconnecting 3GPP Non-Public Networks

The opportunity of being able to interconnect 3GPP Non-Public Networks with third party systems is aimed at fulfilling 5G’s opportunity at serving different industrial segments. The challenges faced include defining the technical framework to simplify adoption of interconnect functionality, agreeing procedures that are amenable to the administrators of information technology (IT) and operation technology (OT) systems in separate businesses while simultaneously supporting the unique scaling attributes of private networks and separate credential holders.

Complementing the technical framework, a legal framework that enables legal teams in private enterprises, individual credential holders and public cellular operators to scale is required. The legal terms need to ensure cellular devices, be that end-user smartphones or embedded cellular modems, experience a great service when using the private wireless networks. Finally, the interconnect systems should not assume that financial remuneration for providing wireless service is going to be available to fund the operation of hubs to scale interconnect across the millions of private networks.

Simplification and scaling of private 5G solutions is going to be critical to ensure the full potential of 5G can be harnessed. The 5G DRIVE (Diversified oRAN Integration & Vendor Evaluation) project led by Virgin Media O2 and part-funded by the UK DCMS, Cisco and co-partners is targeted at defining the use of the new 5G Security Edge Protection Proxy (SEPP) roaming interface to connect public and private 5G networks. Cisco is invested in solving the key problem of how best to integrate private 3GPP Non-Public Networks with established public cellular networks, affordably, securely and at scale. Cisco will use its membership of the 5GDrive project to showcase its 5G-as-a-Service offer that is aimed at lowering the barriers to adoption for 3GPP Non-Public Networks as well sharing key learnings from its incubation of the OpenRoaming systems from an internal Cisco proof-of-concept to an industry standard supporting roaming across over a million private hotspots. Watch out for upcoming blogs where we will be sharing more information about proof of concept demonstrations of how SEPP-based roaming could be adapted to lower barriers to adoption for private enterprises.

Source: cisco.com

Continue reading

How to Use Presence Web Services

Presence of mind

Jabber is so last decades. Webex and its competition are the best modern means of messaging. But Cisco IM&P, a companion server to Cisco Call Manager, is still the best way to subscribe to user presence updates.

Suppose you have a group of employees to whom you assign tasks as they come in. If you can watch the presence of that group, you’ll know who is available, who is away, who is on the phone, etc. You can build an application that automatically assigns tasks according to the presence of the users.

The Presence Web Services (PWS) API, a feature of Cisco IM&P, is ideal for this kind of application. In my experience as a former developer support engineer, I noticed many developers don’t quite understand how to use PWS properly. I hope that by the time you’re done reading this, you’ll have a good grasp of everything involved in making PWS work for you.

Here’s a condensed breakdown of the steps:

1. Log in an application user with app username and password

a. This operation returns the application user session key

2. Use the application user session key to log in an end user

a. This operation returns an end user session key

3. Create a web service to handle presence notifications

a. Run this web service to listen on a common port, e.g., 8080

4. Use the application user session key to register the URL of your web service as an endpoint

a. This returns an endpoint ID

5. Use the end user session key to subscribe to one or more end user contacts

a. This returns a subscription ID

6. Create a script to fetch the subscribed presence, using the subscription ID

a. For example, get_subscribed_presence.py

In steps 1 and 2, there’s a choice called “force=”. If you set “force=true”, the server will return a new session key every time. I recommend you use “force=false”, so that it keeps re-using the same session key. This covers a multitude of programming sins.

In Step 3, it is important to use a common port, like 80, 82, 8080, etc. If your web service is based on Python and you use the Flask library, the default port for Flask is 5000, which will not work. You must tell flask to use one of the common ports, instead.

Once you have completed steps 1 through 5, any change in the presence of the contacts in your step 5 subscription will trigger a REST GET operation on the endpoint. The GET will pass two parameters: The subscription id which should always be 1 with these scripts, and etype, which should always be “PRESENCE_NOTIFICATION”.

Your application should then use the subscription ID to fetch all the presence changes for that subscription. The API for that is getSubscribedPresence. The script that invokes getSubscribedPresence is, coincidentally, get_subscribed_presence.py.

The sample scripts use REST, but you can also use SOAP.

No problemo!

A common problem occurs when you run your endpoint after a contact’s presence already changed. The server will send a presence notification to the endpoint, but the endpoint isn’t running, so that notification never gets to the endpoint, and the endpoint doesn’t fetch the subscribed presence information. This is a problem because, if for any reason you don’t fetch the presence values on that subscription, the server will stop sending future notifications until you do.

So, the script you create in Step 6 is a fail-safe. Suppose a contact, Carlotta Tendant, switches from AVAILABLE to AWAY. The server will notify the web service at the endpoint URL that a change in presence occurred. If your endpoint isn’t active, or it does not pick up the notification and fetch the presence information, the server will stop sending presence notifications until you fetch that presence information.

It is important to know that the presence notification doesn’t send any contact information or the fact that Carlotta is now AWAY; it just notifies the web service that a presence has changed for one or more contacts for that subscription. Your web service must fetch the information about the contact and the contact’s presence.

To avoid the possibility of missed notifications, run the get_subscribed_presence.py script once everything is set up and ready and your endpoint is running. This grabs the information for the users and their presence, and thus clears the queue for the server to send new presence notifications.

There is another reason the web service may not receive a notification. If the Cisco IM&P server CPU usage reaches 80% or higher, the server stops sending notifications until the CPU usage drops below 80%. Here’s how to compensate for that possibility. Write your app to perform a get subscribed presence at an interval of every 10 minutes (or whichever seems best), just to make sure that if, for any reason, your application did not act on a presence notification, the queue will clear, and notifications will continue.

Scripts

WARNING: Don’t use my sample scripts on a production server. These are for instructional purposes only.

My sample scripts are as follows:

pws-create.py

pws-delete.py

endpoint.py

get_subscribed_presence.py

And there are some data files the script uses to get information about the server, the host for the endpoint, app user, end user, and the contacts for your presence subscription.

serverparams.json (points to your Cisco IM&P server and the host IP address for the endpoint)

appuser.json (has the application username and password)

enduser.json (has the end user name. You use the session key from your application user login)

contacts.list (the list of contacts for which you will subscribe to get presence notifications)

Order Up

Here’s how you run the scripts, in order.

1. python3 pws-delete.py

    1. This removes all endpoints and subscriptions so you can start fresh

2. python3 pws-create.py

    1. This sets up the endpoint and subscribes to the presence of contacts in list. It uses serverparams.json to identify your Cisco IM&P server and the IP address of the host where your endpoint will run.

3. python3 endpoint.py

    1. This is the endpoint script. It uses the Flask Python library to work as a web service.

4. python3 get_subscribed_presence.py 1 BASIC_PRESENCE (or RICH_PRESENCE)

   1. You run this after the endpoint web service is up and running. This clears out any pending subscription updates and notifications so that the queue is empty and future notifications will work.

If you look at the code in the sample endpoint script, for the web service endpoint doesn’t include the code to fetch the subscription presence. I put all that into the get_subscribed_presence.py script. My endpoint simply executes the script externally like so:

subprocess.run("python3 get_subscribed_presence.py "+id+" "+etype, shell=True)

The endpoint will know the value of id and etype and pass the values when it runs get_subscribed_presence.py. If you want to run the script yourself, however, you need to pass values at the command line, for example:

python3 get_subscribed_presence.py 1 BASIC_PRESENCE

You can also use RICH_PRESENCE instead if that’s what you want. If you’re done everything correctly, the subscription id will always be 1, which is why you pass the number 1 to the script at the command line.

The sample script doesn’t do anything with the presence information. It prints it to the console where you run the endpoint web service. Your application must perform your needed task, such as updating a display of contacts and their presence. 

Source: cisco.com

Continue reading

Cisco Champions the Powerful, Evolving Networking Software Stack

With the interconnection of billions of devices in public and private networks and many applications and services moving to the cloud, software is increasingly becoming independent of and abstracted from hardware. At public cloud vendors like Amazon Web Services, Google Cloud Platform, and Microsoft Azure, hardware has been commoditized and software has taken center stage.

At Cisco, resellers and enterprise customers put complex solutions together using our products. The integration of switches, routers, and other gear with software used to require up to a one-year qualification cycle. But with the cloud providers, it’s immediate. Today, more native cloud concepts have been added to Cisco IOS XE software. Quarter by quarter, our enterprise software is becoming more efficient and cost-effective, more automated, and more programmable.

From Physical to Virtual to Cloud Native 

The first incarnation of Cisco enterprise cloud-enabled products was the virtualization of physical hardware devices in the cloud as virtual machines. They had all the existing concepts and features customers were used to in existing physical Cisco platforms.

In recent years we’ve been moving from physical to virtual to cloud-native products. As customers are becoming more aware and ready to consume cloud-native features, Cisco IOS XE is being enriched to provide those features. At 190 million lines of code―more than 300 million when vendor software development kits (SDKs) and open-source libraries are added―Cisco IOS XE runs 80+ platforms for access, distribution, core, wireless, and WAN layers. It facilitates a myriad of combinations of hardware and software, forwarding, and physical and virtual form factors.

Why Cisco? 

Prospective Cisco customers and competitors may ask, why spend $5000 for an enterprise switch when you can spend $1000? The answer is that our customers know that buying a cheaper switch may lack the features they need. Less expensive gear will also potentially add to their maintenance costs because the components may not be as good as Cisco’s.

Another reason to buy Cisco is due to the breadth of our enterprise portfolio. Any one company can do one vertical market well. With IOS XE, we have integrated everything across the networking software stack, and across the entire enterprise network, and we’re working to keep it simple across multiple network domains.

Efficiency and Cost-effectiveness 

With networking becoming increasingly feature-rich and complex, simpler networking software translates to greater efficiency, a smaller headcount, and fewer onsite visits to fix problems. For example, Cisco IOS XE provides simplified app hosting using a Docker image in a container and deployment using device controller tools. It supports third-party, off-the-shelf applications built using Linux toolchains that allow business apps to run at the network edge.

Other examples include the simplification of development, debugging, and device validation with Cisco Platform Abstraction (CPA) and unified software tracing that integrates traces from software running anywhere in a network for more complete visibility into 100+ processes in real-time. Another example of Cisco IOS XE simplicity is virtualization technology that runs over optical fiber, enabling switches to be physically located up to thousands of miles away from each other.

The Power of Automation 

Cisco IOS XE is becoming more and more self-driving. Cisco developers are increasingly taking away the manual tasks required to manage the network by automating them. That makes networks easier and cheaper to maintain and faster to debug.

Examples include the automation of image upgrades using Cisco DNA Center and support for programmable microservices to replace manual device upgrades, repurposing, and management. Other automated processes include streaming telemetry and analytics in all layers of software that run at the speed of events observed (e.g., faster than two million route updates per second) to handle the huge scale of networking operations.

Programmability 

Systems administrators in enterprise companies are constantly upgrading, repurposing, and managing thousands of switches. An advanced networking software stack must be able to manage multi-vendor networks using native and open-source data models. Cisco IOS XE supports a suite of Google Remote Procedure Call (gRPC)-based microservices that simplify and lighten workloads with programmability. They allow administrators to programmatically manage Cisco enterprise devices.

The IOS XE Development Environment  

A lot of enterprise software takes years to develop. The Cisco software development environment rolls out new solutions in months.

Developers spend 60-70% of their time developing software instead of application logic. The IOS XE development environment is automating as many common capabilities (like show commands, tracing, telemetry, export for dashboard, hand wiring HA code, testing base ISSU compatibility checks, and mocking for unit tests) as possible to avoid the need to hand code them. With hand coding, every one of these features would require developers to generate two-to-three times as much code. Hand coding is also not amenable to automated, flexible deployments and in the current development trajectory will not fit into the low-footprint devices we ship.

The Cisco Enterprise Networking software development team works at a solution level, conducting pre-qualification testing and providing the tools to control an entire enterprise dashboard from a single dashboard.

Source: cisco.com

Continue reading

Cisco Secure Firewall on AWS: Build resilience at scale with stateful firewall clustering

Organizations embrace the public cloud for the agility, scalability, and reliability it offers when running applications. But just as organizations need these capabilities to ensure their applications operate where needed and as needed, they also require their security does the same. Organizations may introduce multiple individual firewalls into their AWS infrastructure to produce this outcome. In theory, this may be a good decision, but in practice—this could lead to asymmetric routing issues. Complex SNAT configuration can mitigate asymmetric routing issues, but this isn’t practical for sustaining public cloud operations. Organizations are looking out for their long-term cloud strategies by ruling out SNAT and are calling for a more reliable and scalable solution for connecting their applications and security for always-on protection.

To solve these challenges, Cisco created stateful firewall clustering with Secure Firewall in AWS.

Cisco Secure Firewall clustering overview

Firewall clustering for Secure Firewall Threat Defense Virtual provides a highly resilient and reliable architecture for securing your AWS cloud environment. This capability lets you group multiple Secure Firewall Threat Defense Virtual appliances together as a single logical device, known as a “cluster.”

A cluster provides all the conveniences of a single device (management and integration into a network) while taking advantage of the increased throughput and redundancy you would expect from deploying multiple devices individually. Cisco uses Cluster Control Link (CCL) for forwarding asymmetric traffic across devices in the cluster. Clusters can go up to 16 members, and we use VxLAN for CCL.

In this case, clustering has the following roles:

Figure 1: Cisco Secure Firewall Clustering Overview

The above diagram explains traffic flow between the client and the server with the insertion of the firewall cluster in the network. Below defines the roles of clustering and how packet flow interacts at each step.

Clustering roles and responsibilities 

Owner: The Owner is the node in the cluster that initially receives the connection.

◉ The Owner maintains the TCP state and processes the packets. 

◉ A connection has only one Owner. 

◉ If the original Owner fails, the new node receives the packets, and the Director chooses a new Owner from the available nodes in the cluster.

Backup Owner: The node that stores TCP/UDP state information received from the Owner so that the connection can be seamlessly transferred to a new owner in case of failure.

Director: The Director is the node in the cluster that handles owner lookup requests from the Forwarder(s). 

◉ When the Owner receives a new connection, it chooses a Director based on a hash of the source/destination IP address and ports. The Owner then sends a message to the Director to register the new connection. 

◉ If packets arrive at any node other than the Owner, the node queries the Director. The Director then seeks out and defines the Owner node so that the Forwarder can redirect packets to the correct destination. 

◉ A connection has only one Director. 

◉ If a Director fails, the Owner chooses a new Director.

Forwarder: The Forwarder is a node in the cluster that redirects packets to the Owner. 

◉ If a Forwarder receives a packet for a connection it does not own, it queries the Director to seek out the Owner.  

◉ Once the Owner is defined, the Forwarder establishes a flow, and redirects any future packets it receives for this connection to the defined Owner.

Fragment Owner: For fragmented packets, cluster nodes that receive a fragment determine a Fragment Owner using a hash of the fragment source IP address, destination IP address, and the packet ID. All fragments are then redirected to the Fragment Owner over Cluster Control Link.  

Integration with AWS Gateway Load Balancer (GWLB)

Cisco brought support for AWS Gateway Load Balancer (Figure 2). This feature enables organizations to scale their firewall presence as needed to meet demand.

Figure 2: Cisco Secure Firewall and AWS Gateway Load Balancer integration 

Cisco Secure Firewall clustering in AWS

Building off the previous figure, organizations can take advantage of the AWS Gateway Load Balancer with Secure Firewall’s clustering capability to evenly distribute traffic at the Secure Firewall cluster. This enables organizations to maximize the benefits of clustering capabilities including increased throughput and redundancy. Figure 3 shows how positioning a Secure Firewall cluster behind the AWS Gateway Load Balancer creates a resilient architecture. Let’s take a closer look at what is going on in the diagram.

Figure 3: Cisco Secure Firewall clustering in AWS

Figure 3 shows an Internet user looking to access a workload. Before the user can access the workload, the user’s traffic is routed to Firewall Node 2 for inspection. The traffic flow for this example includes:

User -> IGW -> GWLBe -> GWLB -> Secure Firewall (2) -> GLWB -> GWLBe -> Workload

In the event of failure, the AWS Gateway Load Balancer cuts off existing connections to the failed node, making the above solution non-stateful.

Recently, AWS announced a new feature for their load balancers known as Target Failover for Existing Flows. This feature enables forwarding of existing connections to another target in the event of failure.

Cisco is an early adaptor of this feature and has combined Target Failover for Existing Flows with Secure Firewall clustering capabilities to create the industry’s first stateful cluster in AWS.

Figure 4: Cisco Secure Firewall clustering rehashing existing flow to a new node

Figure 4 shows a firewall failure event and how the AWS Gateway Load Balancer uses the Target Failover for Existing Flows feature to switch the traffic flow from Firewall Node 2 to Firewall Node 3. The traffic flow for this example includes:

User -> IGW -> GWLBe -> GWLB -> Secure Firewall (3) -> GLWB -> GWLBe -> Workload

Source: cisco.com

Continue reading