Saturday, 4 February 2023

Enforcing Zero Trust Access with Cisco SD-WAN

As applications become distributed across clouds, data centers, SaaS, and to the edge, enterprises need to enable secure access to these applications for their workforce from anywhere. Implementing Secure Access Service Edge (SASE) is a preferred method for enabling secure access to distributed applications by a hybrid workforce and the growing number of IoT devices.

Zero trust is one of the most common starting points for enterprises that are embarking on their SASE journey. Many enterprises are either in the process of adopting zero trust or have already adopted it. The initial transition was primarily driven by a large number of remote workers as a result of the pandemic. However, many enterprises are now transitioning to hybrid environments with the workforce distributed from campuses to branches to home offices.

This hybrid work environment, along with increasing reliance on distributed cloud and SaaS applications, requires a network architecture that provides scalable and distributed zero-trust security enforcement close to endpoints and people using them. This maximizes bandwidth utilization of the WAN link while ensuring that there is no central choke point where all the traffic needs to be redirected. In addition, in order to thwart real-time threats, IT needs the network to continuously monitor and assess the security posture of devices after application access is granted.

The latest enhancements in the SD-WAN security architecture are designed to support this new paradigm of distributed applications and hybrid workforces. Now, the tight integration between Cisco SD-WAN and Cisco Identity Services Engine (ISE) enables IT to employ zero trust security functions for the traffic that goes through an SD-WAN fabric.

Cisco ISE Configures Security Posture in SD-WAN Fabric for Zero Trust


Delivering a Zero Trust methodology for SD-WAN traffic requires four key functionalities: application access policies based on the desired security posture (who can access what); security controls for admitted traffic; continuous enforcement; and immediate adaptation to security posture changes—all enforced with a consistent model for on-prem, mobile, and remote devices and workforce.

Cisco ISE supports the configuration of security posture policies in SD-WAN fabric. When a person’s device or an IoT endpoint connects to the network, the posture of the device is evaluated based on the configured policy, and an authorization decision is made based on that outcome. For example, an outcome of a device posture evaluation can be compliant, non-compliant, or unknown. This outcome of device posture evaluation determines an authorization policy, which can include the assignment of a Security Group Tag (SGT) and other authorization attributes to the device and owner. Details about how this is configured in Cisco ISE are captured in this technical article and video.

In addition, Cisco ISE shares the security group tags and session attributes with the Cisco SD-WAN ecosystem. This information can be leveraged by IT to create identity groups and associate security policies in Cisco vManage to enable access by specific user groups to applications over the SD-WAN fabric all the way to the edge.

The images of Cisco vManage console in Figures 1 – 3 illustrate the process of how Cisco vManage learns a set of security group tags from ISE.

Cisco Certification, Cisco Prep, Cisco Tutorial and Materials, Cisco Guides, Cisco
Figure 1: Identity groups pulled from ISE and shown in Cisco SD-WAN vManage

Cisco Certification, Cisco Prep, Cisco Tutorial and Materials, Cisco Guides, Cisco
Figure 2: Creation of identity lists which includes a group of security groups – identity lists are used in the security policy configuration

Cisco Certification, Cisco Prep, Cisco Tutorial and Materials, Cisco Guides, Cisco
Figure 3: Security policy configuration based on identity lists

Monitoring of Security Posture Guards Against Attacks


Cisco ISE also supports a periodic reassessment of device posture. Any change in the posture will cause a change of authorization which results in a different security policy being implemented in the SD-WAN edge. This enables the network and endpoints to work in unison to enable zero trust capabilities. Following are three use cases to illustrate what is possible with the deep integration of Cisco ISE and SD-WAN solutions.

◉ IT can configure a posture policy that requires an Anti-Malware Protection (AMP) agent running on endpoints to identify malicious files. When the owner of a device connects to the network, the posture is evaluated and determined to be compliant with a running AMP agent. The compliant status results in a specific SGT being assigned to the traffic and associated authorization access. As an added benefit in this case, SD-WAN router will not execute the network AMP functionality when it is being run on the endpoint. However, if the AMP process on an endpoint is terminated either voluntarily or involuntarily, ISE will detect this through periodic posture assessment. The endpoint’s non-compliant status will result in a more restrictive SGT being assigned. On the SD-WAN router, a policy for non-compliant traffic will result in the execution of the network-based AMP function for the traffic originating from that endpoint. As a result the network and end-point work in unison to ensure that the right policies continue to execute properly.

◉ IT can configure posture policy that prevents the insertion of a USB device in an end-point. When a device connects to the network without a USB attached, the posture is evaluated by ISE as compliant, and therefore traffic from the device is allowed to pass through the network. If a USB is connected to the device, ISE will immediately detect the non-compliant status and do a change of authorization, assigning a different SGT which can be used by the SD-WAN edge to block all traffic from the device as long as the USB is attached.

◉ With Software-Defined Remote Access (SDRA), another key technology of Cisco SD-WAN, the traffic from remote workers and their devices is processed by the SD-WAN edge as well as subjected to ISE posture evaluation. This means that all the functions for accessing applications based on posture are applicable and available to both on-prem and remote endpoints.

Start the Journey to SASE with Zero Trust-Enabled Cisco SD-WAN


Cisco SD-WAN connects the workforce and IoT devices to any application using integrated capabilities for multicloud, security, and application optimization—all on a SASE-enabled architecture. Zero trust is a key capability of SASE, along with SD-WAN, enterprise firewalls, a cloud access security broker, secure web gateways, malware protection, intrusion prevention system, URL filtering, and DNS-layer protection.

As organizations make progress on their journey to SASE, Cisco SD-WAN’s rich security capabilities enable Zero Trust functions across SD-WAN traffic to secure the network and devices in a scalable, optimal, and cost-effective way.

Source: cisco.com

Saturday, 28 January 2023

Common Database Infrastructure in Cisco IOS XE Software Simplifies 160+ Enterprise Devices

Developed by a global team of more than 3000 software engineers, Cisco IOS XE Software powers more than 160 Cisco enterprise platforms for access, distribution, core, WAN, and wireless — with many different form factors and combinations of hardware and software. One of the main reasons the software stack can encompass such a large portfolio of enterprise networking products is due to a common database and database-centric programming model across all platforms.

It started with the Cisco 1000 Series Aggregation Services Router (ASR 1000) in 2004, where every state update to the data path went into and out of an in-memory database. Since 2015 and Cisco IOS XE version 16.1.1, many more platforms have been added, due in large part to the software stack’s consolidated database features that work across all platforms. From one platform supported by IOS XE to 160 in six years is an incredible industry run rate.

Here are some of the most useful and robust database features used across all Cisco devices that run Cisco IOS XE.

In-memory Database Power and Capturing Application Intent


Configuration and operational data in IOS XE devices are stored in in-memory NoSQL graph databases. In addition to providing atomicity, consistency, isolation, and durability (ACID) functionality, IOS XE supports validation and default values, dependency management, replication, notifications, subscriptions, and consolidation.

Application database intent ― including schema, defaults, validation, and graph model ― are captured in a Domain Specific Language (DSL) called The Definition Language (TDL) that was developed by Cisco. Using TDL, developers can describe what they want to do, what data they want to model, and the rules for validation. Then the TDL compiler generates database interaction code in the language of choice for the application (e.g., C, Java, Python), as shown in Figure 1. If developers want to use a new language, they can still use the intent captured in TDL to generate code.

Cisco Certification, Cisco Career, Cisco Prep, Cisco Tutorial and Materials, Cisco Guides, Cisco Skills, Cisco Jobs
Figure 1. Utilizing DSL to Capture Database User Intent

Decoupling intent from implementation code provides tremendous architectural flexibility. For IOS XE, the back end is written in C to provide optimal performance. The front end uses a formal query system and can be in any language. We use a custom compiler with a Model-View-Controller (MVC)-based architecture to perform the magic of converting intent to front-end APIs.

This approach eliminates the need for data conversion for clients querying the database. As shown in Figure 2, applications can natively interact with the database through APIs regardless of the language of choice. The database can also be read by other applications and/or infrastructure (e.g., Web UI, CLI-based show commands, and other monitoring services).

Cisco Certification, Cisco Career, Cisco Prep, Cisco Tutorial and Materials, Cisco Guides, Cisco Skills, Cisco Jobs
Figure 2. Cisco IOS XE Applications Natively Interact with the Database

Runtime Infrastructure for Cisco IOS XE


Although the database infrastructure in IOS XE can use secondary storage as the database store, most of the applications use in-memory databases that reside in RAM. A transactional engine specifies ACID guarantees (e.g., a process launched by some user must request modifying the database and signal when it is done modifying it). Failure to complete the process results in the database being rolled back so it is never in an inconsistent state.

Cisco Certification, Cisco Career, Cisco Prep, Cisco Tutorial and Materials, Cisco Guides, Cisco Skills, Cisco Jobs
Figure 3. Runtime Infrastructure for Cisco IOS XE

The raw lookup data structure layer includes the infrastructure for indexing algorithm tables (e.g., hash tables, binary search trees). The graph layer is where user-specific database configurations like table connections, default values, and validation enforcement are performed. For example, a Wireless Lan Controller (WLC) tracks Access Points (AP) and clients connected to it. Clients are connected to the WLC through the AP. This wireless operational state may be modeled as AP and client tables, with each record in the AP table connected to a client table. It is important to note this is the internal state of the application. With IOS XE database runtime, this state can now be consolidated, exported, replicated for SSO, etcetera, while being performant enough to support the high-scale requirements for wireless.

Other Functions Enhanced with IOS XE Database Features


◉ Fast reload – On reload, a persistent, version-aware, binary configuration can be read faster than any text representation. In the past, reloading software on Cisco platforms could take up to 7 minutes. With Extended Fast Software Upgrade (xFSU), it takes 30 seconds or less. The hardware is never powered off and traffic keeps flowing while the control plane is maintained in an operational state during the reload process.

◉ Stateful Process Restart – Externalizing an IOS XE device’s configuration and operational state allows stateful restart processes. By saving the device’s state externally, it can be restarted and will continue where it left off.

◉ Horizontal Scaling – Consolidation of a device’s operational state allows for the elastic and horizontal scaling of processes based on changing application traffic patterns. There may be multiple copies of the same process, each with its own database, but Cisco enables databases to be consolidated into a single database, providing a global view, which makes it easier to spawn more processes horizontally.

◉ Stateful Switchover (SSO) – Databases on active and standby devices in a high availability configuration are continuously synchronized through replication to keep the standby device in a hot state, able to become active in case of a failure. Like stateful process restart, at the device level, SSO synchronizes one device through replication continuously.

◉ In-Service Software Upgrade (ISSU) – To ensure that versions of Cisco IOS XE that are running are correct across supervisor engines and other devices, databases in Cisco IOS provide per-object versioning support with build time checking for violations. This helps ensure a reliable ISSU.  ISSU orchestrates the upgrade on standby and active processors one after the other and then switches between them in the control plane so that there is zero effective downtime and zero traffic loss.

◉ Monitoring and Global Device View – A device running IOS XE provide a global view of its complex and varied operations, based on the consolidation of databases, which allows for greater real-time insights into configuration and operational data. Analysts can subscribe to specific data sets and request to be alerted when any changes occur to monitor the device more proactively.

Summary of Database Benefits in Cisco IOS XE


Database features in Cisco IOS XE allow devices to be reloaded in seconds, to maintain a state during restart and switchover. Applications can consume database records natively without any translation required. Intent can be gathered and code generated in any development language, ensuring resilience to regressions. Databases used by each device are consolidated into a global view, enabling the horizontal scaling of processes. The system supports version skew operation with per-object versioning.

It’s all relatively seamless across all 160+ Cisco IOS XE devices.

Source: cisco.com

Tuesday, 24 January 2023

Enabling Metaverse and next generation content the right way

Cisco Certification, Cisco Prep, Cisco Tutorial and Materials, Cisco Career, Cisco Guides, Cisco Prep

Content publishers and communication service providers (CSPs) are experiencing a transformation from broadcast television to streamed content from the internet. Fueling this transformation is competition from new providers that want to produce tailored content for their subscribers, allowing them to differentiate themselves among the competition and win viewership attention. And up to now, this streaming content has been mostly video and not bi-directional, but that will soon change.

The metaverse and applications like remote surgery or drone delivery services are on the horizon but can’t arrive while the network still struggles with common problems like asymmetrical bandwidth speeds, scalability, and variable latency conditions resulting from congestion and transport distance. Buffering and pixelization are bad during a video stream, but those delays may prove deadly during remote surgery or autonomous driving. Therefore, CSPs, content publishers, and other players within the infrastructure ecosystem need to evolve from traditional content delivery network (CDN) architecture and move compute power to the edge near the consumption point.

Visualize an evolved metaverse or immersive application this way: instead of jumping on a treadmill or spin bike and joining an online exercise class displayed on a screen, you put on a virtual reality (VR) headset and meet class participants first in a virtual gym room. You could engage other participants in conversation, high fives, and have a more three-dimensional, immersive experience. The experience would show you passing other participants, a changing landscape to mimic the actual physical environment, and sights and sounds along the way.

Expanding on this even further, your local store could have a virtual store front where you shop for items that are then sent home via a drone delivery service. Utilizing a ‘virtual proximity’ algorithm, the store front and personnel avatars would be localized to represent your nearby store. This way the application can expand upon the sense of community and convenience you feel by shopping locally and engaging with the same personnel that you see when you visit in person.

These realistic, immersive experiences are what providers want to deliver as they’re more engaging, more authentic, and will create new markets that can drive new revenue streams. For this to become reality, providers need greater quality control within CSP transport networks as well as to have content and any artificial intelligence (AI) or machine learning (ML) enabled contributions located deeper into the network, closer to their end users. By having this control and access, providers can have assurances that the network will supply the quality of experience subscribers expect. And for critical decision services like autonomous driving or flying drone action points, the compute power must be in the market to avoid disastrous outcomes.

Latency can be overcome by shortening distances and moving content as close as possible to end consumers—dropping the distance traveled from peering points and reducing the likelihood of encountering congestion and avoiding the cost associated with transporting traffic. Adding compute power to the same edge location means the CSP is creating a localized intelligent node that is capable of massive throughput supporting millions of simultaneous stream connections while not adding complexity to network management or operations.

These intelligent node deployments need to be easy to manage, economical, scalable, and sustainable. To maintain the simplicity in design, the economic feasibility and sustainability of the systems that are being put in place need to be leading edge with throughput capacity, adaptive to fluctuating traffic demands, flexible in deployment options, and rack, power, and space efficient. Recent announcements from Cisco supporting disaggregated data center designs for web scalers support these efforts to create more intelligent nodes in support of a more content-rich network.

The design for these nodes needs to include the compute power to serve the in-demand applications, but the server counts don’t need to be so large as to off-set the economics for the location or potential positive environmental impacts. To help keep the design and deployments streamlined, both content providers and CSPs need deep network observability to identify the tangible performance numbers and affecting factors. With tools such as Thousand Eyes or Crosswork Network Insights that can provide full-stack observability and a level of detail, workload distribution could become a hybrid deployment between the edge or larger aggregation computing locations. This could be a deterministic deployment model where application workloads are centrally located in large cloud centers when the workloads demand large compute power but have a higher latency tolerance. Conversely, applications with a lighter computing need that have lower latency requirements would be located at the edge to optimize their performance.

The deterministic workload deployments, along with improved quality of service parameters deployed through the network, will create a network design to serve as the foundation for immersive experiences that can be localized to foster community building and create connections that build an inclusive future for all.

Source: cisco.com

Sunday, 22 January 2023

Launch Your Cybersecurity Career with Cisco CyberOps Certifications | Part 1

Every day, organizations worldwide contend with increasing malicious activity by criminal organizations and nation-state sponsored threat actors. There is a tremendous demand for security professionals who are trained to defend against these malicious threats. These professionals are the backbone of effective security teams. 

When organizations build security teams to address sophisticated cyber threats, they typically begin by constructing a security operations center (SOC). Modern organizations rely on SOC teams to vigilantly monitor security systems, rapidly detect breaches, and quickly respond to and remediate security incidents. To succeed in these crucial tasks, SOCs are desperately seeking more qualified cybersecurity professionals.

Cisco CyberOps Certification Evolution


Cybersecurity Career, Cisco CyberOps Certifications, Cisco Certification, Cisco Tutorial and Materials, Cisco Guides, Cisco Learning, Cisco Prep, Cisco Preparation
In 2016, Cisco introduced the Global Cybersecurity Scholarship program to help close this cybersecurity skills gap. Alongside an investment of $10 million in the program to increase the pool of talent with critical cybersecurity proficiency, Cisco also introduced a new CCNA CyberOps certification to prepare candidates to begin a career working with associate-level cybersecurity analysts within SOCs. At the time, candidates had to pass two exams (SECFND + SECOPS) to earn this valuable certification. 

In 2020, Cisco redesigned the certification requirements and introduced the one-exam CCNA certification. For example, to earn the CCNA CyberOps certification, candidates had to only pass the CBROPS exam. At the professional level, candidates still had to pass two exams: for CCNP CyberOps, those exams were and still are the CBRCOR core exam and the CBRFIR concentration exam. 

In 2022, with the release of the new Cisco U. digital learning experience, the SOC Tier 1 Analyst learning path was introduced. The Cisco U. digital learning experience is built around the learner and the SOC Tier 1 Analyst learning path is specifically designed to ready learners for the SOC environment. With targeted quick-start pre-skill assessments, modular learning that addressed various aspects of the SOC experience, advanced search to refresh skills and topics, and a focus on goal setting, Cisco U. is designed to work for everyone’s unique journey.   

Cisco SOC Tier 1 Analyst Learning Path 


The SOC Tier 1 analyst role is the entry-level position within the security operations center. The SOC Tier 1 analyst, or triage specialist, has sysadmin and scripting programming skills, as well as one or more relevant cybersecurity-related certifications, such as the Cisco Certified CyberOps Associate, Cisco Certified CyberOps Professional, or CCNA. To help grow the skills necessary to operate effectively as a SOC Tier 1 analyst, Cisco created the Security Operations Center (SOC) Tier 1 analyst Learning Path training. This learning path is a collection of courses designed to help learners master the concepts and tasks needed for the SOC Tier 1 analyst job role and functions as a roadmap, guiding learners and providing visibility into their mastery of necessary SOC analyst skills and concepts.  

The goal of Cisco’s SOC Tier 1 Analyst Learning Path training is to teach the fundamental skills required to begin a career working as an entry-level associate SOC analyst within a threat-centric security operations center.

Cybersecurity Career, Cisco CyberOps Certifications, Cisco Certification, Cisco Tutorial and Materials, Cisco Guides, Cisco Learning, Cisco Prep, Cisco Preparation

The training explores common attack vectors, malicious activities, and patterns of suspicious behaviors typically encountered within a threat-centric security operation center. It includes videos, example scenarios, hands-on-labs, and knowledge assessments (review questions). As the student advances down the learning path, they will be exposed to the foundational concepts and practices behind a security operations center and will gain the tactical knowledge and skills that SOC teams require to effectively detect and respond to the growing numbers of cybersecurity threats.  

Note: The SOC Tier 1 Analyst Learning Path consists of the CBROPS course with some additional cyber security content, plus some CCNA Implementing and Administering Cisco Solutions 1.0 content. 

SOC Analyst Job Outlook 


According to the U.S. Bureau of Labor Statistics, employment of information security analysts is projected to grow 33 percent from 2020 to 2030, much faster than the average for all occupations.   

Cisco CyberOps certifications are designed to satisfy the actual needs of SOC teams. CCNA and CCNP certifications prepare individuals to pursue a career working as an analyst in the SOC and the different levels of certification are intended to develop the skills necessary for advancement.  Below is a recent Cisco job posting for a SOC Cyber Security Analyst opening with the job position overview and responsibilities. Successfully completing the Cisco CCNA/CCNP Cyber Ops certifications fulfills many of the job requirements.

Cybersecurity Career, Cisco CyberOps Certifications, Cisco Certification, Cisco Tutorial and Materials, Cisco Guides, Cisco Learning, Cisco Prep, Cisco Preparation

Source: cisco.com

Thursday, 19 January 2023

Communication Service Providers: the Potential Power Behind an Inclusive Internet

Gartner defines communication service providers (CSPs) as those who offer telecommunications services, media, information, content, entertainment, and applications services over networks. We know them as our telecommunications companies, our cable service provider, our satellite broadcast operators, and our cloud communications providers. CSPs are arguably the most important players to enable an accessible, affordable, secure, trustworthy, sustainable, and inclusive internet. But, to play a leadership role in defining the Internet for the Future, CSPs must fundamentally transform.

CSP industry economics are challenging


The current economics of the CSP industry are challenging. CSP market cap share of the internet (including infrastructure, connectivity, devices, and value-add digital services) fell from just under 30 percent in 2010 to less than six percent in 2021. CSP revenue growth is now at low single-digits at best and return on invested capital (ROIC) is barely above the cost of capital. Meanwhile, CapEx as a percentage of revenue has remained high as leading operators such as AT&T, Verizon, and Deutsche Telekom roll out their 5G networks.

Cisco SP360: Service Provider, Cisco Career, Cisco Skills, Cisco Jobs, Cisco Tutorial and Materials, Cisco Prep, Cisco Preparation, Cisco Certifiction

CSPs must transform


To play a leadership role in defining the Internet for the Future — while also delivering positive returns to shareholders — CSPs will need to fundamentally transform. The next five years are crucial as CSPs plan to invest about $2 trillion in their networks, especially to connect rural areas and provide access to the economically disadvantaged. These companies will need to increase their ROIC by more than three percentage points, meaning boosting annual top-line growth by at least four percent, reducing operating costs by at least 10 percent year-over-year, and reducing CapEx intensity of their business by at least five percent. Achieving these benchmarks will require a fundamental rethink of the CSP business model. In the remainder of this post, we offer a road map for achieving this.

Roadmap to success: transition to platform business model


The primary shift for CSPs will be to create a platform architecture and business model to provide open-access connectivity to any service provider: a “connectivity platform as a service” (CPaaS). This layer is enabled by connectivity infrastructure as a service (CIaaS), which in turn enables customer-facing everything as a service (XaaS). Platforms lead to innovation speed by leveraging third party development. Three key areas will define success in delivering the Internet for the Future:  modernization and automation, deeper partnerships, and B2B2X business models.

Cisco SP360: Service Provider, Cisco Career, Cisco Skills, Cisco Jobs, Cisco Tutorial and Materials, Cisco Prep, Cisco Preparation, Cisco Certifiction

Modernization and automation


CSPs will need to make major shifts in their technology architecture to take advantage of potentially massive new opportunities. Investments in these five network domains will make possible a higher degree of automation and virtualization:

◉ Service and infrastructure orchestration. CSPs can move toward a leaner, cloud-native operations support system (OSS) and to ground their business support system (BSS) in microservices that are decoupled from outdated legacy infrastructure, opening new business opportunities and monetization models.

◉ Access. CSPs can use a virtualized radio access network (VRAN) or an open radio access network (ORAN) to drive disaggregation and standardization, leading to increased vendor diversity and new partnership models while reducing the total cost of ownership across upgrade cycles. CSPs with strong integration capabilities can see significant cost savings and time-to-market benefits.

◉ Edge/MEC. Multi-access edge computing (MEC) provides an excellent platform for delivering business and consumer services while deriving the fullest value from network infrastructure. In addition, operators can benefit from the broader MEC application market to drive monetization of new and emerging 5G use cases. This is an area that will require major investments as operators increase the coverage, capability, and capacity of their MEC networks.

◉ Transport. Convergence and delayering provide a great opportunity for service providers to make their transmission networks simpler and more intelligent, unlocking capacity while simultaneously reducing CapEx and supporting delivery of new revenue streams through network as a service (NaaS) offerings.

◉ Core. 5G core deployments will enable network slicing, which will help drive new organic service revenue while further strengthening NaaS capabilities. Public-cloud offerings will help a broader range of CSPs handle ever-increasing core workloads.

Software defined networks (SDNs) and network functions virtualization (NFV) will help decouple software and upgrade cycles and lower the costs of upgrades and maintenance. In turn, increased virtualization and open standards will enable service providers to design, configure, and manage network capacity more efficiently. Similar benefits can be achieved in flattening transmission networks (e.g., with Routed Optical network solutions) where current design rules, lack of visibility, and manual configuration result in over-dimensioning and over-provisioning. Legacy transmission networks run at an average utilization rate of less than 30 percent. VRAN and ORAN will both extend these life cycles and increase the use of third-party hardware. The lengthening of life cycles, along with a reduced need for manual upgrades and repairs, will help improve productivity in network functions.

Cisco SP360: Service Provider, Cisco Career, Cisco Skills, Cisco Jobs, Cisco Tutorial and Materials, Cisco Prep, Cisco Preparation, Cisco Certifiction

CSPs must invest in deeper partnerships


CSPs will not be able to deliver the Internet for the Future unless they fundamentally change the way they think about and implement partnerships.

◉ Hyperscalers would benefit from CSP points of presence such as central offices and base-band locations. In return, hyperscaler investments in MEC could help service providers tap into the broader application-developer market.

◉ Infrastructure Providers. While CSPs already have models in place to share towers, fiber and data center virtualization and open standards will allow for more sharing in areas such as RAN.

◉ Carrier-neutral infrastructure providers.  Tower companies and data centers are also well-positioned to drive MEC growth and could be ideal partners for service providers and hyperscalers, helping to drive standardization within markets. However, this model has limitations in terms of monetization and may raise concerns related to the hosting of CSPs’ organic networks and IT workloads.

◉ Equipment vendors. CSPs can deepen their partnerships with equipment vendors, like Cisco, to manage equipment as a service, shifting CapEx to OpEx —thereby sharing investment risks and rewards.

◉ CSPs could consider partnering with their competitors (other CSPs serving the same markets) in areas ranging from infrastructure sharing to active co-investment efforts.

◉ Solidifying government partnerships will be needed. For example, we must support the creation of a centralized infrastructure entity within single nations, as we have seen in Australia, Singapore, Mexico, Jordan, and elsewhere. Such partnerships could help CSPs cut CapEx and operational expenses.

Implementing B2B2X business models


Finally, these rising technologies will be levers not only for savings, but also growth—the kind of growth that CSPs urgently need to remain competitive and deliver on the infrastructure of the future internet. One promising avenue for growth is the boosting of consumer ARPU growth with differentiated, personalized offerings. The rollout and adoption of 5G will help enable this, especially as the metaverse evolves.

Aligning with Cisco’s purpose


It’s clear that the Internet for the Future needs to be more accessible, broadly distributed, secure, trustworthy, and ecologically sustainable. And it needs to achieve these qualities while also becoming even bigger, faster, and more capable than it already is. If CSPs can embrace transformation, they can become one of the most consequential drivers of an inclusive internet for all.

Source: cisco.com

Tuesday, 17 January 2023

Three Best Practices to Enable Partner Success on AWS Marketplace

Cisco Career, Cisco Skills, Cisco Jobs, Cisco Tutorial and Materials, Cisco ISV, Cisco Prep, Cisco Preparation

More than a month has passed since AWS re:Invent and the AWS Marketplace continues to accelerate as a new route to market for ISVs and channel partners. Here are a few proof points to consider: ISVs are reporting 80% larger deal sizes when transacting on AWS, 40% shorter sales cycles (from 5 months down to 3 months), and 27% more deals closed through AWS Marketplace versus other channels. These numbers help validate that ISVs and channel partners are gaining exposure to the large customer base on AWS Marketplace, which last year accounted for billions of dollars in transactions.

As a partner-led organization, Cisco is committed to being where our customers are while working together with our channel partners. And this includes — more than ever — transacting via the AWS Marketplace. Working as One Team — Cisco, AWS and our mutual channel partners — our customers rely on us to help them achieve or exceed their outcome objectives and user experience expectations.

So let’s look at the three best practices Cisco and our partners are following to maximize the value we deliver to our customers by leveraging AWS Marketplace for success:

1. List the right products


The AWS Marketplace is an online software store that allows ISV and channel partners to market and sell their software and services to AWS customers around the world. Therefore, it’s important that Cisco lists the products from its large, market-leading portfolio that truly deliver value to AWS customers. Today, this includes offerings that enable several use cases, such as cloud and data center networking, multi-cloud, IoT, security, full-stack observability, and hybrid work.

Most recently, Cisco has added the collaboration use case by listing the Cisco Webex Suite Named User offering on AWS Marketplace and through the AWS private offer. The Webex Suite Named User offers a per-user, subscription-buying model that enables customers and partners to provide the Webex Suite service to individuals, teams or departments, and to add additional named users as adoption grows. Webex Suite Named User includes a comprehensive set of cloud-based collaboration tools, including cloud calling, meetings, messaging, webinars (1K), polling, Vidcast and whiteboarding.

2. Align the sales teams around co-selling


Because AWS Marketplace represents a new route to market, Cisco and our channel partners’ sales teams need to be aligned with multi-partner co-selling motions transacting on AWS Marketplace or via CCW. Multi-partner co-selling is a sales strategy where two or more partner companies sell together offering holistic solutions. This approach can lead to increased deal sizes and profitability by enabling partner access to new decision makers and new buying centers, including AWS Marketplace.

The reality is that no single vendor — even companies the size of Cisco — has all the skills, knowledge and intellectual property required to deliver complete solutions that meet the business outcome that customers want. It takes a partner co-selling team to drive digital transformation for our customers.

Cisco enjoys market leadership in several architectures and use cases. Complementing our product offerings, our channel partners have incredible reach as trusted advisors into their customers’ technology stacks, as well as a robust menu of value-added services. And when those services are combined with Cisco offerings, we can deliver solutions that more precisely meets our customers’ unique needs. Add AWS Cloud and AWS Marketplace to this joint value proposition and you have an unbeatable combination.

However, enabling co-selling takes focus and change management. For instance, sales compensation models must be adjusted to motivate co-selling which results in AWS Marketplace bookings. Trust is the foundation of sales, so a defined communication plan centered on co-sell wins is paramount to ensuring the right behaviors are placed on the spotlight for all to see. This then triggers a domino effect of repeatable wins and undeniable trust.

3. Invest in developing processes to ensure operational success


Booking through AWS Marketplace requires partners to invest resources in building the operational foundation to process the bookings. For instance, when booking through AWS Marketplace, the partner generally sees margin — not topline — revenue. This can create required changes with existing sales compensation models that pay on topline revenue. That said, partners that manage their customers’ annual spend commitment per the predetermined AWS Enterprise Discount Program could recognize topline revenue.

In other words, integrating co-sell pipeline markers and data into a partner’s current sales pipeline may require planning and change management of existing processes. For instance, changes may be required with existing sales compensation models to properly motivate co-selling behavior with Cisco and AWS.

Accelerating opportunity and growth


Many will argue that the AWS Marketplace is still nascent with plenty of growth opportunities available for Cisco and our partners on the near- and long-term horizons. The AWS Marketplace value proposition is just too strong to ignore. It makes it easy for customers to buy, provision, and instantly gain value from their purchases. Individual buyers can make their purchases independently, while taking advantage of AWS Marketplace’s single platform to manage and pay for software and services. In addition, software purchases made on AWS can be used to “burn down” customers’ committed spends.

Partners! Now is the time to engage with us and AWS and be part of the journey that brings incredible value to our mutual customers running on AWS.

Source: cisco.com

Thursday, 12 January 2023

You got legacy devices, we got Cisco DNA Center

It is a well-established fact that Cisco builds amazing hardware which is reliable and built to last. Perhaps one of the best testimonials of Cisco’s quality is the sheer amount of “legacy” devices still in production across the globe. In fact, it is not uncommon to see devices with uptime of over a decade. While many networking professionals are very proud of the uptime, this is part of the reality of some network infrastructures.  Let’s define what a legacy device is:

leg·a·cy (adjective)
“denoting or relating to software or hardware that has been superseded but is difficult to replace because of its wide use.”

Cisco has developed Cisco DNA Center as the next-generation platform, which provides not only network management and monitoring but is also feature-rich with advanced AIOps, automation, and security capabilities. However, it is also important to note that Cisco DNA Center can support and bring the latest and greatest in Cisco’s monitoring and management capabilities to many of your legacy devices, not just the newest  Cisco Catalyst 9000 product family.

With the most recent release, Cisco DNA Center now supports all devices up to 2015 (541 legacy devices). Note that the legacy device support in Cisco DNA Center does not imply the EOL devices are now TAC supported; if the device has reached its end of support, that is still the case.

Cisco customers can easily move from Prime Infrastructure to Cisco DNA Center with their SNMP-based legacy devices and be able to consolidate their monitoring tools to an advanced platform without having to leave their legacy devices behind.

Emphasis on Tool Consolidation


With Cisco’s commitment to helping our customers streamline and optimize their IT operations. In coming releases of Cisco DNA Center, Cisco will be incorporating MIB2 support, which will not only allow additional legacy Cisco device support but also enable monitoring of many 3rd party non-Cisco devices using Cisco DNA Center. This functionality will enable IT organizations to consolidate their monitoring platforms, as many IT organizations are struggling with the number of tools, the fragmentation between the different tools, and the “islands” of support.

What functionality is available on Cisco DNA Center for legacy devices?


Given that the legacy devices are limited to the SNMP protocol and CLI interfaces, Cisco DNA Center provides a range of capabilities given the capability of the target platform, there for some of the capabilities are limited, unlike the full capabilities of the modern Cisco Catalyst 9000 device family. Below is a list of functionalities available for legacy devices:

◉ Inventory – Legacy devices will appear in inventory which means they will generate some level of alerts and issues as provided by the SNMP protocol.
◉ Topology – Inventory devices, once placed in the hierarchy, will also appear on the topology view within Cisco DNA Center.
◉ SWIM (Software Image Management) – With end-of-life devices, software for many of the legacy devices is no longer updated, but Cisco DNA Center will provide limited SWIM functionality to many legacy devices for image management.
◉ Change config audit (CCA) – Limited support is provided for many devices with Configuration backup and config change audit functionality.
◉ Template Provisioning is available for select Nexus and Legacy Catalyst, which meet the minimum device software.

What is the Cisco DNA Center licensing requirement for legacy devices?


For legacy device support, please contact your partner or Cisco sales representative.

From Prime Infrastructure to Cisco DNA Center

With legacy device support going back to all devices since 2015, moving from Prime to DNA Center is easier than ever, allowing your organization to consolidate tools with legacy device monitoring and leverage all the advanced features with your newer Cisco Catalyst 9000 device family using Cisco DNA Center.

By adding legacy devices to Cisco DNA Center, customers can now leverage the following capabilities:

◉ Consolidate their monitoring tools with both new and old equipment

Cisco Exam, Cisco Tutorial and Materials, Cisco Career, Cisco Skills, Cisco Jobs, Cisco Prep, Cisco

◉ Leverage Cisco DNA Center’s monitoring and alerting system

◉ Be able to see legacy equipment on DNA topology maps

Cisco Exam, Cisco Tutorial and Materials, Cisco Career, Cisco Skills, Cisco Jobs, Cisco Prep, Cisco

◉ Ability to see legacy device health with DNA Center health score

Cisco Exam, Cisco Tutorial and Materials, Cisco Career, Cisco Skills, Cisco Jobs, Cisco Prep, Cisco

◉ Detailed device view with Device 360 with details of device information, device neighbor-ship, event viewer, and interface details.

Cisco Exam, Cisco Tutorial and Materials, Cisco Career, Cisco Skills, Cisco Jobs, Cisco Prep, Cisco

◉ Ability to run CLI commands on switch from DNAC

Cisco Exam, Cisco Tutorial and Materials, Cisco Career, Cisco Skills, Cisco Jobs, Cisco Prep, Cisco

Cisco understands that many of our customers still have legacy devices and that in large networks, refreshes can take time to complete, but it does not mean that your organization can not start benefiting from Cisco DNA Center today.  If you have a current version of Cisco DNA Center, you already have all you need.  Now, you simply need to add your legacy devices to Cisco DNA Center!

Source: cisco.com