How to Use Ansible with CML

How can Ansible help people building simulations with Cisco Modeling Labs (CML)?

Similar to Terraform, Ansible is a common, open-source automation tool often used in Continuous Integration/Continuous Deployment (CI/CD) DevOps methodologies. They are both a type of Infrastructure as Code (IaC) or Infrastructure as Data that allow you to render your infrastructure as text files and control it using tools such as Git. The advantage is reproducibility, consistency, speed, and the knowledge that, when you change the code, people approve, and it gets tested before it’s pushed out to your production network. This paradigm allows enterprises to run their network infrastructure in the same way they run their software and cloud practices. Afterall, the infrastructure is there to support the apps, so why manage them differently? 

Although overlaps exist in the capabilities of Terraform and Ansible, they are very complementary. While Terraform is better at the initial deployment and ensuring ongoing consistency of the underlying infrastructure, Ansible is better at the initial configuration and ongoing management of the things that live in that infrastructure, such as systems, network devices, and so on. 

In a common workflow in which an operator wants to make a change to the network, let’s say adding a new network to be advertised via BGP, a network engineer would specify that change in the code or more likely as configuration data in YAML or JSON. In a typical CI workflow, that change would need to be approved by others for correctness or adherence to corporate and security concerns, for instance. In addition to the eyeball tests, a series of automated testing validates the data and then deploys the proposed change in a test network. Those tests can be run in a physical test network, a virtual test network, or a combination of the two. That flow might look like the following:

The advantage of leveraging virtual test networks is profound. The cost is dramatically lower, and the ability to automate testing is increased significantly. For example, a network engineer can spin up and configure a new, complex topology multiple times without the likelihood of old tests messing up the accuracy of the current testing. Cisco Modeling Labs is a great tool for this type of test. 

Here’s where the Ansible CML Collection comes in. Similar to the CML Terraform integration covered in a previous blog, the Ansible CML Collection can automate the deployment of topologies in CML for testing. The Ansible CML Collection has modules to create, start, and stop a topology and the hosts within it, but more importantly, it has a dynamic inventory plugin for getting information about the topology. This is important for automation because topologies can change. Or multiple topologies could exist, depending on the tests being performed. If your topology uses dynamic host configuration protocol (DHCP) and/or CML’s PATty functionality, the information for how Ansible communicates with the nodes needs to be communicated to the playbook. 

Let’s go over some of the features of the Ansible CML Collection’s dynamic inventory plugin. 

First, we need to install the collection: 

ansible-galaxy collection install cisco.cml 

Next, we create a cml.yml in the inventory with the following contents to tell Ansible to use the Ansible CML Collection’s dynamic inventory plugin: 

plugin: cisco.cml.cml_inventory 

group_tags: network, ios, nxos, router

In addition to specifying the plugin name, we can also define tags that, when found on the devices in the topology, add that device to an Ansible group to be used later in the playbook:

In addition to specifying the plugin name, we can also define tags that, when found on the devices in the topology, add that device to an Ansible group to be used later in the playbook:

• CML_USERNAME: Username for the CML user
• CML_PASSWORD: Password for the CML user
• CML_HOST: The CML host
• CML_LAB: The name of the lab 

Once the plugin knows how to communicate with the CML server and which lab to use, it can return information about the nodes in the lab: 

ok: [hq-rtr1] => { 

    "cml_facts": { 

        "config": "hostname hq-rtr1\nvrf definition Mgmt-intf\n!\naddress-family ipv4\nexit-address-family\n!\naddress-family ipv6\nexit-address-family\n!\nusername admin privilege 15 secret 0 admin\ncdp run\nno aaa new-model\nip domain-name mdd.cisco.com\n!\ninterface GigabitEthernet1\nvrf forwarding Mgmt-intf\nip address dhcp\nnegotiation auto\nno cdp enable\nno shutdown\n!\ninterface GigabitEthernet2\ncdp enable\n!\ninterface GigabitEthernet3\ncdp enable\n!\ninterface GigabitEthernet4\ncdp enable\n!\nip http server\nip http secure-server\nip http max-connections 2\n!\nip ssh time-out 60\nip ssh version 2\nip ssh server algorithm encryption aes128-ctr aes192-ctr aes256-ctr\nip ssh client algorithm encryption aes128-ctr aes192-ctr aes256-ctr\n!\nline vty 0 4\nexec-timeout 30 0\nabsolute-timeout 60\nsession-limit 16\nlogin local\ntransport input ssh\n!\nend", 

        "cpus": 1, 

        "data_volume": null, 

        "image_definition": null, 

        "interfaces": [ 

            { 

                "ipv4_addresses": null, 

                "ipv6_addresses": null, 

                "mac_address": null, 

                "name": "Loopback0", 

                "state": "STARTED" 

            }, 

            { 

                "ipv4_addresses": [ 

                    "192.168.255.199" 

                ], 

                "ipv6_addresses": [], 

                "mac_address": "52:54:00:13:51:66", 

                "name": "GigabitEthernet1", 

                "state": "STARTED" 

            } 

        ], 

        "node_definition": "csr1000v", 

        "ram": 3072, 

        "state": "BOOTED" 

    } 

} 

The first IPv4 address found (in order of the interfaces) is used as `ansible_host` to enable the playbook to connect to the device. We can use the cisco.cml.inventory playbook included in the collection to show the inventory. In this case, we only specify that we want devices that are in the “router” group created by the inventory plugin as informed by the tags on the devices: 

mdd % ansible-playbook cisco.cml.inventory --limit=router 

ok: [hq-rtr1] => { 

    "msg": "Node: hq-rtr1(csr1000v), State: BOOTED, Address: 192.168.255.199:22" 

} 

ok: [hq-rtr2] => { 

    "msg": "Node: hq-rtr2(csr1000v), State: BOOTED, Address: 192.168.255.53:22" 

} 

ok: [site1-rtr1] => { 

    "msg": "Node: site1-rtr1(csr1000v), State: BOOTED, Address: 192.168.255.63:22" 

} 

ok: [site2-rtr1] => { 

    "msg": "Node: site2-rtr1(csr1000v), State: BOOTED, Address: 192.168.255.7:22" 

} 

In addition to group tags, the CML dynamic inventory plugin will also parse tags to pass information from PATty and to create generic inventory facts:

If a CML tag is specified that matches `^pat:(?:tcp|udp)?:?(\d+):(\d+)`, the CML server address (as opposed to the first IPv4 address found) will be used for `ansible_host`. To change `ansible_port` to point to the translated SSH port, the tag `ansible:ansible_port=2020` can be set. These two tags tell the Ansible playbook to connect to port 2020 of the CML server to automate the specified host in the topology. The `ansible:` tag can also be used to specify other host facts. For example, the tag `ansible:nso_api_port=2021` can be used to tell the playbook the port to use to reach the Cisco NSO API. Any arbitrary fact can be set in this way. 

Getting started 

Trying out the CML Ansible Collection is easy. You can use the playbooks provided in the collection to load and start a topology in your CML server. To start, define the environment variable that tells the collection how to access your CML server: 

% export CML_HOST=my-cml-server.my-domain.com 

% export CML_USERNAME=my-cml-username 

% export CML_PASSWORD=my-cml-password 

The next step is to define your topology file. This is a standard topology file you can export from CML. There are two ways to define the topology file. First, you can use an environment variable: 

% export CML_LAB=my-cml-labfile 

Alternatively, you can specify the topology file when you run the playbook as an extra–var. For example, to spin up a topology using the built in cisco.cml.build playbook: 

% ansible-playbook cisco.cml.build -e wait='yes' -e cml_lab_file=topology.yaml 

This command loads and starts the topology; then it waits until all nodes are running to complete. If -e startup=’host’ is specified, the playbook will start each host individually as opposed to starting them all at once. This allows for the config to be generated and fed into the host on startup. When cml_config_file is defined in the host’s inventory, it is parsed as a Jinja file and fed into that host as config at startup. This allows for just-in-time configuration to occur. 

Once the playbook completes, you can use another built-in playbook, cisco.cml.inventory, to get the inventory for the topology. In order to use it, first create a cml.yml in the inventory directory as shown above, then run the playbook as follows: 

% ansible-playbook cisco.cml.inventory 

PLAY [cml_hosts] ********************************************************************** 

TASK [debug] ********************************************************************** 

ok: [WAN-rtr1] => { 

    "msg": "Node: WAN-rtr1(csr1000v), State: BOOTED, Address: 192.168.255.53:22" 

} 

ok: [nso1] => { 

    "msg": "Node: nso1(ubuntu), State: BOOTED, Address: my-cml-server.my-domain.com:2010" 

} 

ok: [site1-host1] => { 

    "msg": "Node: site1-host1(ubuntu), State: BOOTED, Address: site1-host1:22" 

} 

In this truncated output, three different scenarios are shown. First, WAN-rtr1 is assigned the DHCP address it received for its ansible_host value, and ansible port is 22. If the host running the playbook has IP connectivity (either in the topology or a network connected to the topology with an external connector), it will be able to reach that host. 

The second scenario shows an example of the PATty functionality with the host nso1 in which the dynamic inventory plugin reads those tags to determine that the host is available through the CML server’s interface (i.e. ansible_host is set to my-cml-server.my-domain.com). Also, it knows that ansible_port should be set to the port specified in the tags (i.e. 2010). After these values are set, the ansible playbook can reach the host in the topology using the PATty functionality in CML. 

The last example, site1-host1, shows the scenario in which the CML dynamic inventory script can either find a DHCP allocated address or tags to specify to what ansible_host should be set, so it uses the node name. For the playbook to reach those hosts, it would have to have IP connectivity and be able to resolve the node name to an IP address. 

These built-in playbooks show examples of how to use the functionality in the CML Ansible Collection to build your own playbooks, but you can also use them directly as part of your pipeline. In fact, we often use them directly in the pipelines we build for customers. 

Source: cisco.com

Continue reading

Using the Knowledge Store on Cisco Observability Platform

Build custom observability solutions

Cisco Observability Platform (COP) enables developers to build custom observability solutions to gain valuable insights across their technology and business stack. While storage and query of Metric, Event, Log, and Trace (MELT) data is a key platform capability, the Knowledge Store (KS) enables solutions to define and manage domain-specific business data. This is a key enabler of differentiated solutions. For example, a solution may use Health Rules and FMM entity modeling to detect network intrusions. Using the Knowledge Store, the solution could bring a concept such as “Investigation” to the platform, allowing its users to create and manage the complete lifecycle of a network intrusion investigation from creation to remediation.

In this blog post we will teach the nuts and bolts of adding a knowledge model to a Cisco Observability Platform (COP) solution, using the example of a network security investigation. This blog post will make frequent use of the FSOC command to provide hands-on examples. If you are not familiar with FSOC, you can review its readme.

First, let’s quickly review the COP architecture to understand where the Knowledge Store fits in. The Knowledge Store is the distributed “brain” of the platform. The knowledge store is an advanced JSON document store that supports solution-defined Types and cross-object references. In the diagram below, the Knowledge Store is shown “connected” by arrows to other components of the platform. This is because all components of the platform store their configurations in the knowledge store. The Knowledge Store has no ‘built-in’ Types for these components. Instead, each component of the platform uses a system solution to define knowledge types defining their own configurations. In this sense, even internal components of the platform are solutions that depend on the Knowledge Store. For this reason, the Knowledge Store is the most essential component of the platform that absolutely nothing else can function without.

To add a more detailed understanding of the Knowledge Store we can understand it as a database that has layers. The SOLUTION layer is replicated globally across Cells. This makes the SOLUTION layer suitable for relatively small pieces of information that need to be shared globally. Any objects placed inside a solution package must be made available to subscribers in all cells, therefore they are placed in the replicated SOLUTION layer.

Solution Level Schema

Get a step-by-step guide

From this point we will switch to a hands-on mode and invite you to ‘git clone git@github.com:geoffhendrey/cop-examples.git’. After cloning the repo, take a look at https://github.com/geoffhendrey/cop-examples/blob/main/example/knowledge-store-investigation/README.md which offers a detailed step-by-step guide on how to define a network intrusion Type in the JSON store and how to populate it with a set of default values for an investigation. Shown below is an example of a malware investigation that can be stored in the knowledge store.

Malware Investigation

The critical thing to understand is that prior to the creation of the ‘investigation’ type, which is taught in the git repo above, the platform had no concept of an investigation. Therefore, knowledge modeling is a foundational capability, allowing solutions to extend the platform. As you can see from the example investigation below, a solution may bring the capability to report, investigate, remediate, and close a malware incident.

If you cloned the git repo and followed along with the README, then you already know the key points taught by the ‘investigation’ example:

1. The knowledge store is a JSON document store
2. A solution package can define a Type, which is akin to adding a table to a database
3. A Type must specify a JSON schema for its allowed content
4. A Type must also specify which document fields uniquely identify documents/objects in the store
5. A solution may include objects, which may be of a Type defined in the solution, or which were defined by some different solution
6. Objects included in a Solution are replicated globally across all cells in the Cisco Observability Platform.
7. A solution including Types and Objects can be published with the fsoc command line utility

Provide value and context on top of MELT data

Cisco Observability Platform enables solution developers to bring powerful, domain specific knowledge models to the platform. Knowledge models allow solutions to provide value and context on top of MELT data. This capability is unique to COP. Look for future blogs where we will explore how to access objects at runtime, using fsoc, and the underlying REST APIs. We will also explore advanced topics such as how to generate knowledge objects based on workflows that can be triggered by platform health rules, or triggers inside the data ingestion pipeline.

Source: cisco.com

Continue reading

Cisco wins Manufacturing Solution of the Year award for integrating industrial security with networking

We are thrilled to announce that Cisco’s unified OT security and networking architecture is named “Smart Manufacturing Solution of the Year” in the 2024 IoT Breakthrough Awards.

Industrial security can be a complex undertaking, and yet OT security is quintessential for modern Industrial IoT (IIoT) operations. IIoT systems generally contain a variety of interconnected systems and technologies, each with its own security needs. Some of these are older and not designed with modern security threats in mind. Furthermore, OT teams, with their limited resources, may not be able to dedicate adequate time and personnel to security, and IT teams often do not understand operations well enough. Potential production losses resulting from increased security measures can also sometimes conflict with the need to address security concerns.

OT security has, therefore, traditionally been an afterthought and built using a piecemeal approach, relying on a patchwork of solutions provided by different vendors, each designed to provide only a single security function. Customers are forced to deploy point solutions that lead to unnecessary hardware deluge, increased complexity, and an overall security solution that does not scale or deliver.

An integrated network and security architecture

At Cisco we take a simpler, scalable, and more effective approach by integrating security functions directly into the network fabric. Our innovations enable the industrial network to replace the many one-function point products.

Figure 1: Cisco industrial switches and routers integrate security functions and help eliminate many separate products

With a unified industrial security and networking architecture, Cisco brings simplicity and scale to both connect and protect operations. It reduces complexity by delivering visibility, segmentation, remote access, and other security services on Cisco industrial switches and routers without the need to introduce additional hardware.

1. Visibility into connected assets, network traffic, and assessing existing asset vulnerabilities is recognized as the first step in securing operations. Traditional security vendors provide a deep packet inspection (DPI) server for this purpose to which you need to span traffic from your switch ports, adding to the network complexity and costs. Cisco Cyber Vision runs within Cisco industrial devices and performs the same functions without the extra server, complications, and expense.

2. The second step once visibility is established is to partition your industrial network into smaller segments to contain any malware that may find its way inside, but in a way that allows legitimate traffic to flow unhindered. Traditionally, this network segmentation has been done with sets of firewalls or Access Control Lists (ACL) configuration in switches. Both are either expensive, difficult to get right and maintain, or both. Native capabilities in Cisco Industrial Ethernet Switches allow dynamic and automated multiple levels of segmentation without the firewalls or manual ACLs.

Figure 2: Cisco industrial equipment runs Cyber Vision for visibility and segmentation policies

3. A third necessity is to enable operations personnel to securely access industrial assets remotely. Traditionally, organizations have depended on solutions like VPNs that require frequent manual updates to firewall rules and jump server settings, potentially unsecure methods such as cellular gateways, to name a few. With the Secure Equipment Access solution, Cisco industrial network equipment enables secure zero-trust network access (ZTNA) by embedding ZTNA gateway functionality without the need for extra servers. Enabling remote access is now just a software feature to activate in your Cisco industrial network.

Figure 3: Cisco industrial networking hosts a ZTNA gateway for secure remote access

Put the award-winning solution to work for you

We have not only designed an award-winning architecture, but we have also made it easy for you to adopt it, meeting you in your security journey where you are and guiding you gradually to where you want to be. Our four-step process can lead you from building a solid security foundation, through visibility, remote access, and segmentation to incident reporting and response.

Figure 4: Cisco four-step journey for industrial security

The network embedded security architecture scales across all OT use cases like manufacturing, transportation, utilities, oil & gas, renewable power generation, and mining among others.

Source: cisco.com

Continue reading

How Can 350-501 SPCOR Exam Help You Obtain CCNP Service Provider Certification?

Obtaining the Cisco Service Provider certification validates your expertise in service provider solutions. The recently introduced Cisco Service Provider certificate makes you eligible for skilled and advanced-level positions in the field of specialist network technologies. This article will explore the details of the Cisco 350-501 SPCOR certification.

To attain the CCNP Service Provider certification, you must pass two exams: one core exam and one concentration exam of your choice:

The core examination, Implementing and Operating Cisco Service Provider Networks Core Technologies v1.0 (SPCOR 350-501), focuses on assessing your comprehension of fundamental aspects such as core architecture, service provider infrastructure, networking, automation, services, quality of service, security, and network assurance. Completing this core exam is mandatory for obtaining the CCIE Service Provider certification. Passing this examination enables you to acquire both certifications.

The concentration exam underscores specialized subjects related to industry-specific topics, including but not limited to VPN services, advanced routing, and automation.

Cisco 350-501 SPCOR Exam Details

The Cisco 350-501 SPCOR exam is a 120-minute test that covers 90-110 questions on the following topics:

Architecture (15%)

Networking (30%)

MPLS and Segment Routing (20%)

Services (20%)

Automation and Assurance (15%)

The test is offered in English, and the fee for the exam is $400.

Quality Study Materials and Various Preparation Alternatives for Exam Prep

There are specific methods for thoroughly understanding exam details and topics. Various preparatory resources have been designed to instill confidence in candidates preparing for any Cisco test, ensuring their success and eventual certification as specialists. The following are some of the widely used study materials available for applicants:

The instructor-led training course provided by Cisco

Hands-on labs offered by Cisco.

Reference books and study guides.

Practice tests

YouTube video tutorials.

Be sure to utilize these resources wisely to achieve the necessary scores. Nevertheless, more than merely having a wealth of excellent materials is required. It is crucial to remain dedicated and maintain consistency in your studies.

Cisco 350-501 SPCOR Exam Preparation Tips

1. Setting Clear Goals for Exam Preparation

Start your preparation journey by defining clear study objectives. Create a realistic study schedule that aligns with your daily routine. Setting achievable goals will help you stay focused and motivated throughout preparation.

2. Utilizing Official Cisco Resources

Cisco provides official study materials that are tailored to the exam objectives. Leveraging these resources ensures that you cover the essential topics comprehensively. Additionally, explore Cisco's online courses and webinars for interactive learning experiences.

3. Exploring Third-Party Study Resources

While official resources are crucial, supplement your study materials with reliable books and study guides from reputable authors. Engage with online forums and discussion groups to exchange insights with fellow exam takers and gain diverse perspectives.

4. Hands-On Practice and Lab Exercises

Theory is vital, but hands-on practice is equally important. Set up a virtual lab environment to apply your knowledge in a practical setting. This approach enhances your understanding of concepts and boosts your confidence in tackling real-world scenarios.

5. Effective Time Management

Balancing work, study, and personal life can be challenging. Develop time-saving study techniques and adhere to a well-structured schedule. Efficient time management is critical to covering all exam objectives thoroughly.

6. Staying Updated with Industry Trends

The world of networking is dynamic, with constant advancements. Stay informed about industry trends and incorporate real-world scenarios into your study sessions. This ensures that your knowledge is exam-oriented and relevant in the ever-evolving field.

7. Building a Support Network

Joining study groups and seeking guidance from experienced professionals can significantly enhance your preparation. Share insights, ask questions, and learn from others' experiences. A support network provides motivation and a valuable source of information.

8. Mock Exams and Self-Assessment

Practice tests are invaluable in gauging your preparedness. Take mock exams to identify weak areas and focus on improving them. Regular self-assessment ensures that you enter the exam confidently and well-prepared.

9. Mindfulness and Stress Management

Exam anxiety is natural, but managing stress is crucial. Incorporate mindfulness techniques and relaxation exercises into your routine. A calm mind enhances cognitive function and effectively helps you tackle exam-related stress.

10. Continuous Learning Beyond the Exam

Certifications open doors, but the learning journey continues after the exam. Consider certifications as a part of your broader career development. Explore additional resources for ongoing education and professional growth.

11. Common Mistakes to Avoid

Be aware of common pitfalls in exam preparation. Whether it's procrastination, lack of focus, or over-reliance on certain study materials, understanding and avoiding these mistakes will contribute to your success.

Conclusion

In conclusion, success in the Cisco 350-501 SPCOR exam requires a well-rounded and strategic approach to preparation. You can enhance your chances of success by setting clear goals, utilizing diverse resources, and maintaining a support network. Remember, the journey is as important as the destination.

Continue reading

Synchronizing Technology and Organizational Culture for Optimal Outcomes

Understanding the Challenge of Martec’s Law and Strategically Adopting Technology

Martec’s Law states that technology changes faster than organizations can adapt and poses a critical challenge to government agencies. To make the most of rapid technological advancements and maximize their impact, agencies need a well-planned approach for prioritizing, adopting, and integrating the most significant of these technologies. This is where the role of an experienced customer success-focused partner becomes crucial to guiding agencies through the maze of strategic technological change.

Effective Application of Martec’s Law to Enhance Organizational Outcomes

The strategic application of Martec’s Law can help agencies orchestrate and align their technology adoption leveraging both Moore’s Law, highlighting the rapid growth in computing power, and Metcalfe’s Law, focusing on the exponential impact and value of network connected entities. This approach encourages agencies to synchronize their tech adoption, enabling them to fully leverage the fast pace of tech advancements to boost their results. Handling this challenge successfully is key to enhancing enterprise visibility and analytics, enabling automation and orchestration across their enterprise, thereby contributing to superior government mission and business success.

Figure 1. Technology changes vs organizations change

Leveraging Cisco’s Insights and Best Practices

Cisco, one of the world’s leading technology companies, has successfully navigated these challenges over the last several decades. The insights and best practices we have gained can greatly assist our clients in their digital transformations, thereby maximizing outcomes, and preventing major disruptions within their culture and organization.

Orchestrating Technological and Cultural Change: A Customer Success Focus

To successfully navigate digital transformation complexities, agencies can benefit from a seasoned ally to optimize their technology choices and management. Cisco’s innovative approach, which includes a customer-experience organization and Customer Success Executives (CSE), helps customers adopt technology effectively within their specific cultural and organizational environments. This collaboration helps accelerate network and infrastructure modernization, automation, and security, ensuring future-ready enterprises.

Addressing Current (and Future) Federal Mandates with an Integrated Multi-Architecture Approach

The increasing requirements of federal mandates are driving a digital transformation of our government.  A customer success executive can assist government agencies in prioritizing technologies to achieve these required outcomes and be prepared to deliver on requirements in future federal directives.  An integrated, multi-architectural viewpoint can help agencies make a dramatic leap up the technological change curve to achieve their digital transformation better and address mandate requirements.  Cisco offers focused strategy and training to clients, guiding them towards a digitally-enabled future from their analog past.

Figure 2. Adoption changes accelerate your outcomes

Conclusion: Seizing the Opportunity to Shape the Future

The time is ripe for federal agencies to take advantage of Martec’s Law. With guidance from Cisco customer success executives, agencies can maximize the value from their tech investments, modernize networks, automate processes, and enhance cross-architecture orchestration. Now is the time to accelerate your agency’s transformative journey toward technological and organizational evolution.

In a Nutshell

Federal agencies are on the cusp of a technology-driven transformation that can optimize their mission outcomes. The challenge lies in keeping pace with rapid tech advancements and aligning these with the organization’s strategic goals. Expert guidance from your Cisco Customer Success Executive can help you navigate this journey, modernize your networks, and successfully adopt digital transformation strategies. Reach out today and start your transformation.

Source: cisco.com

Continue reading

AIOps Drives Exceptional Digital Experience Through Network Assurance

The distributed workforce―and the distributed applications and services they consume―have vastly changed the enterprise network paradigm. Many connections—such as private cloud, internet, public cloud, multicloud, and software-as-a-service (SaaS) networks—now begin and end outside of the traditional corporate infrastructure. The coexistence of these complex connections creates new layers of operational complexity for teams responsible for ensuring predictable performance and quality of service.

What is needed to combat this complexity is a network assurance platform that includes true end-to-end visibility capabilities. Insight is needed into users and their devices, locations, and connected things, as well as into access networks, network services, multiple clouds, and corporate enterprise data centers and applications (Figure 1). A solution that combines these different data sets and uses artificial intelligence and machine learning (AI/ML) to analyze the data, can help drive decisions that make network operations proactive and predictive, instead of reactive.

Figure 1. Span of end-to-end visibility required (click to enlarge)

In our 2023 Global Networking Trends Report, nearly half (47%) of respondents said they are prioritizing the adoption of predictive network analytics over the next two years, primarily to help with managing the connectivity and digital experience of their remote workforce.

A predictive network analytics solution requires the ability to correlate massive amounts of network data in real time and at tremendous scale. By continuously analyzing performance data and applying predictive modeling to forecast conditions and recommend actions, predictive capabilities can become a reality. Predictive analytics empowers teams to avoid adverse application impacts to distributed workers and to ensure the best possible user experience.

Predictive analytics for SD-WAN and an internet-centric world

For the software-defined WAN (SD-WAN), a platform that uses artificial intelligence for IT operations (AIOps) can provide predictive analytics to forecast performance (Figure 2). AIOps refers to the strategic use of AI, ML, and machine reasoning (MR) technologies to simplify and streamline IT processes and optimize the use of IT resources. By correlating and analyzing real-time and historical SD-WAN performance data and applying predictive models, AIOps can use these forecasts to deliver per-site recommendations for optimal path selection by application type to deliver an optimal experience based on available paths.

By integrating predictive analytics into SD-WAN solutions, IT teams can improve dynamic enforcement of application service levels with intelligent routing across alternative paths before any degradation occurs.

Figure 2. Predictive analytics through a continual feedback loop (click to enlarge)

Combining traffic data sets from an organization’s ecosystem of ISPs, cloud providers, SaaS applications, and other external services, further enriches predictive analytical systems. Operations teams can rapidly identify, escalate, and remediate issues with providers using internet telemetry data. When outage behavior is detected, a root cause can be identified and shared with providers to prioritize fixes or escalate to peers and transit providers.

Predictive analytics at work in the real world 

When Insight Global—one of the largest staffing agencies in the United States—allowed its employees to return to the office, they leveraged information from ThousandEyes’ WAN Insights to optimize its SD-WAN policies and improve application experiences proactively and continuously. Once the solution was in place, they gained greater visibility into critical network environments and routing, and Insight Global’s IT team was better able to detect and avoid potential issues before those issues could impact the business.

Predictive and proactive operations is the way forward

It’s time to move from reactive to proactive operations management through end-to-end visibility and AI/ML-powered predictive analytics. It’s time for a consistent way of automating operations, analyzing and diagnosing issues, and assuring the user experience across all the different networking domains.

We believe strongly in this way forward. It’s the cornerstone of Cisco’s approach to network assurance and Cisco’s Networking Cloud vision—a unified management experience platform for on-premises and cloud operating models to simplify IT, everywhere, at scale.

Source: cisco.com

Continue reading

5 Environmental Sustainability Trends for 2024

Reflections from COP28 and looking ahead to next year.

The 28th Conference of the Parties (COP28) to the United Nations Framework Convention on Climate Change (UNFCCC) was recently held in Dubai, UAE, and brought government officials and heads of state, business leaders, young people, climate scientists, journalists and various experts together to accelerate global efforts to adapt to and mitigate the impacts of climate change.

Reflections from COP28

I had the opportunity to spend a full week in meetings and sessions, and am energized by the engagement – early numbers of delegates indicate this is the most attended COP ever.

A common thread pulled through discussions surrounded the criticality of public/private partnerships. When we think about climate change, this is the crisis of our lifetime. The progress we make in this decade will be critical for future generations. As we look ahead to 2024, one thing is clear: we must drive action and we must do it together.

As I reflect on the conversations I had at COP28, five trends rose to the top and should be top of mind for all of us as we move into the new year.

Environmental sustainability trends for 2024 and beyond

1. 2024 will be a year of accounting for progress on climate action.

• In 2015, the UN-brokered Paris Agreement established an international treaty on climate change. To limit global warming to 1.5°C, greenhouse gas (GHG) emissions must peak before 2025 at the latest and decline 43% by 2030. Plans and targets were made by countries and organizations globally to achieve this.
• As we get closer to that milestone, it’s becoming increasingly clear that there is no consistent or accurate way to measure progress, both within countries and industries, and globally, to hold us accountable.
• Pressure is growing on both the public and private sector, with demands for mandatory reporting now a worldwide refrain.
• Regulatory bodies are now considering approaches that can deliver concrete outcomes, but data sources are varied in quality, reporting is fragmented, and many organizations lack the technology to generate and analyze the data they require.
• 2024 could see this come to a head with the emergence of new industry standards with a focus on GHG emissions accounting and climate impact materiality. The tech industry can play a critical role in delivering enabling technologies that will help companies monitor and assess their footprint.

2. The world’s energy delivery systems will start to show major cracks in the next three years. Governments worldwide must prioritize and incentivize smart grid development in 2024 to avoid major issues.

• Many traditional ‘power grids’ are already being stretched to their limits, and increasingly common weather phenomena will continue to add more and more stress. In the U.S., the North America Electric Reliability Corporation warned that much of the U.S. power grid is at an increased risk of failure during major storms or long cold snaps this winter.  (Source: 2023–2024 NERC Winter Reliability Assessment)
• At the same time, the growth of renewables demands a more efficient grid to allow renewables to become more viable and avoid the conversion losses all too common in today’s grids. (Source: Digitalizing Europe’s energy system to power the green energy revolution)
• Micro grids have already begun to show their viability, which may start encouraging more ideas in harnessing them.
• In order to avoid dangerous and costly failures of energy delivery systems, businesses and the public sector must begin now to address the future needs of the grid.

3. The growth of artificial intelligence (AI) creates an opportunity to use this new technology to further our sustainability goals.

• We know that AI workloads increase demand for electricity and water as they place enormous demands on data center infrastructure. (Source: The AI Boom Could Use a Shocking Amount of Electricity) But the benefits of AI for sustainability have the potential to outweigh that impact.
• Like many other areas, data will be crucial to tackling sustainability challenges. With the promise of AI to make sense of data and offer crucial insights, sustainability could benefit greatly from the application of AI.
• AI is only as good as the data it is being fed. So, the emergence of AI may also help solve another major challenge in sustainability: accurate and consistent measurement and the need for centralized and common tooling.

4. A 20-year-old technology, Power over Ethernet (PoE), will finally get its moment in 2024.

• Power over Ethernet (the coupling of connectivity and power delivery on the same cable) was first adopted as an IEEE standard in 2003. Since then, use cases for PoE have been varied, but fairly niche, as the vastly preferred method of electrical connectivity remains copper wiring.
• The need for buildings to become smarter has never been greater. Building operations and construction accounted for an estimated 37% of CO2 emissions globally in 2021. PoE will allow builders, owners and tenants to use the network to deliver power and connectivity together, enabling a true smart building.

5. Nature-based solutions to climate change will gain traction.

• Technological developments are an important part of strategies to mitigate climate change, but discussions at COP28 reinforced the critical role of nature-based solutions, like protecting forests or restoring coastal marshes.
• We must innovate and fill gaps in our understanding of nature-based solutions and when to use them. We must deliver climate mitigation, safeguard biological diversity, improve food security, and create more inclusive and resilient communities.
• Anticipate an uptick in projects that leverage nature’s capabilities, such as afforestation, reforestation, and sustainable land management.

We’re at a pivotal moment, but with bold, strategic, and collective action, I believe we can help mitigate the worst outcomes of climate change, ensuring the opportunity to build an inclusive future for all.

Source: cisco.com

Continue reading