Tuesday, 12 March 2019

Accelerating Insights and Analytics with VAPP & Cisco Meraki APIs

Extend and Expand Your Cisco Meraki Dashboard Capabilities


Digital Transformation has drastically changed customer’s habits: they want to do business anytime, anywhere, and on their preferred device. In order to successfully engage these “always-connected” customers, organizations have to provide an ideal digital environment where everything can be arranged quickly and easily.

Cisco Tutorial and Material, Cisco Learning, Cisco Certifications, Cisco Meraki APIs

The Power Of Simplicity

Cisco has always worked to simplify powerful technology letting our users stay focused on their core business. As part of this vision, Cisco Meraki has built a cloud-based dashboard that customers around the world can use to easily manage their IT network infrastructure.

From the very beginning, our engineers have been focused on providing innovative features and extremely simple functionalities. In some cases, however, trying to address custom applications or specific use cases would have compromised the dashboard usability.

Why APIs make things different

The changing consumer experience is now made possible by exposing APIs which create extremely enticing possibilities and provide untold opportunities. Cisco is aware of how important it is to work closely with companies like Bizmate, in which the key strategy is to invest heavily in APIs allowing our partners and developers to build more specialized use cases.

VAPP – VIEW® Application Portal

In this background, Cisco and Bizmate have worked together to provide a new application portal specially designed for Cisco users adding value to the Cisco Meraki platform and building digital solutions for customers and partners.

VAPP provides pre-built web applications in a cloud computing environment with normalized authentication, APIs integration, event-driven workflows, rule-based actions and so much more.

VAPP easily integrates with the Cisco Meraki infrastructure and processes data, thanks to the vast extended library of available connectors in VIEW® – Real Time Intelligence. This innovative architecture, based on non-relational databases and inference engines, delivers a large amount of streaming data flow in order to help decision-making through precise and timely information on the status of the processes and assets involved.

VAPP Interactive Dashboards summarize the information available in a single view with immediate impact, and allows the user to extend and expand the Cisco Meraki dashboard capabilities. These Dashboards facilitate parameter tracking and indexes of interest through a dynamic and easily customizable comprehensive set of Apps to interact with data from Cisco Meraki network.

Let’s take a closer look at some of the best VAPP apps.

Concentration Map

Get insights on your user’s concentration and movements by analyzing their behaviors with the help of interactive maps. Concentration Map provides more comprehensive connections between data and location to help you understand data at finer detail. By bringing real-world context to your analysis, maps are unique in their ability to help to generate insights and make predictions that would not be possible using traditional tables and charts.

◈ Improving customer experience or targeted marketing.

Combine geospatial location, ease of access, context and proximity to make relevant marketing offers or improve experiences. This enables marketers to proactively meet customer needs.

◈ Improving safety.

Whether it’s responding to emergency situations, offering services to employee or improving procedures, all organizations are candidates for location analytics based on this app.

◈ Optimizing business processes.

Adding the location context of assets – manufacturing, assembling, logistics, distribution and servicing – helps optimize businesses process and adds value for organizations.

Configuration Backup

This App can backup and restore your Cisco Meraki Network configuration. Creating configuration backups enables you to later restore a configuration.

This is useful when you want to revert the equipment settings to an earlier configuration. You can perform the restoration as a single operation instead of manually reconfiguring each setting in the current configuration. You can either save backups on the server or export backups to an external host.

◈ Save time and effort with network backups.

Launch an instant and reliable backup for your Wi-Fi, VPN, and firewalls configuration.

◈ Store configuration data centrally.

Organize configuration backups to enable quick and easy searches. Search for and locate a configuration file to restore.

◈ Quickly recover from device or configuration failures.

Reduce downtime by easily replacing a device configuration from the archives. Quickly recover from failed configuration changes by restoring a previous known good configuration.

◈ Get alerts on errors.

Monitor for failed backup, and execute corrective actions as required.

Wi-Fi Coverage Survey

Wi-Fi Coverage Survey is a complete Wi-Fi site surveying app. Site surveys are performed in real-time producing more informative views of your wireless coverage.

Wi-Fi Coverage Survey App automatically supports network architects and engineers to define the areas over which signal levels need improvements. You won’t need to move around and collect Wi-Fi data of the entire area, the data will be automatically collected by VAPP which measures wireless signal in real-time and with actual data provided by your network users.

◈ Automatically monitor your Wi-Fi Infrastructure.

Analyze the coverage and the correct propagation of your Wi-Fi network signal to improve its performance.

◈ Dynamic Heatmaps.

Wi-Fi Coverage Survey heatmaps allows to perform Wi-Fi site survey easier and faster. It works by defining locations (maps, buildings) in specific geographic areas.

◈ Data Storage & Comparisons.

By performing Wi-Fi measurements, this App stores details of device location, signal level and other relevant data. You can compare coverages over different days and understand which conditions caused the change.

The examples above are just a few of the applications available on the VAPP marketplace. They represent a smarter approach to IT management and network data analysis based on data collected from Cisco devices.

VAPP gives you end-to-end visibility across your business processes allowing you to effectively monitor your assets, proactively address issues and provide the level of service expected by your customers. Thanks to Cisco APIs, VAPP enterprise-ready applications tie the right metrics together into real-time dashboards that help you focus on things that matter on your business.

Monday, 11 March 2019

In Praise of the QSFP – from 40GbE to 400GbE and Beyond

The networking industry is currently testing 400GbE products and is already looking forward to how the next generation will be built. The past few years were full of industry debate around the “right” pluggable form factor for 400GbE. However, that debate seems to have ended, resulting in nearly every Ethernet equipment manufacturer building QSFP-DD based solutions.

The motivations for sticking with the QSFP-based form factor are clear. There is always intense market pressure to quickly accelerate to a single form factor and for good reason. A single form factor drives significant cost reductions, and cost reduction is critical at high volumes. LightCounting estimates (gated content) that volume from the first five years of 400GbE modules will be 20x larger than the first five years of 100GbE, due to simultaneous adoption in multiple markets, including both Service Provider and Cloud Data Center.

This overlap of key markets all wanting to deploy 400GbE simultaneously means the industry cannot spend the next five years optimizing form factors like it did for 100GbE. With every system vendor now building 400GbE products based on QSFP-DD, 400GbE will be the first speed transition where the initial form factor will also be the high-volume, dense form factor that can support all reaches and media.

There were some critical lessons learned from the 100GbE journey that should be applied to 400GbE. Even though a dense form factor called CFP4 was defined and built, it lacked backwards compatibility with the dense 40GbE QSFP+ module and, as a result, was ignored. There is no reason to suggest something similar won’t happen in the 400GbE module market if we don’t learn from the past.

It’s important to consider how it was possible to extend the QSFP form factor from 40GbE to 400GbE, in order to better understand what’s possible beyond 400GbE.

Necessity is the Mother of Invention


As the co-chair of the QSFP-DD MSA, I had the unique experience to watch the collective motivation and intense collaboration that went on to bring QSFP-DD to market. With the goal of enabling the optical module costs to reduce as fast as possible, it was clear that a single form factor that supported all reaches was mandatory. History has shown this is the key to volume adoption in the networking industry. It was also agreed that supporting backwards compatibility had operational value to many and would further accelerate the desired volume adoption/cost reductions.

Given the success of QSFP28 for 100GbE, it was evident that developing a compatible solution would also be a success, if achievable. However, it wasn’t going to be easy and required overcoming technical risk. It would be far less difficult to relax the design goals and start from scratch, but our innovation experience told us the risk was manageable and it was possible to properly address all of the challenges.

Just within Cisco, we have developed nearly 300 unique linecard designs based on QSFP modules. This enormous body of experience informed us it was possible to innovate and address the thermal and high-speed electrical challenges. We knew from our close relationships with the leading component technology developers that they could see a path to fitting all the necessary components into the available space and again it was an acceptable risk. Advanced integration was enabling solutions all the way from 3m copper cables to Metro-reach coherent optical modules. The main concern was if the systems could drive and cool the modules.

Two years later, we are building and testing QSFP-DD systems and modules capable of driving 400 Gbps Ethernet electrical interfaces and being able to cool 20W modules with margin. The 20W target enables the 400ZR+ coherent DWDM optical modules capable of an impressive reach of greater than 1000km. The widely supported QSFP-DD MSA is now working to update its specs with these latest thermal capabilities. And all this without sacrificing backwards compatibility leading us to have confidence of broad industry adoption and market success.

Cisco Tutorial and Material, Cisco Learning, Cisco Study Material, Cisco Guides

Figure 1: QSFP-DD module showing integrated heatsink on nose that enables 20W system cooling. This is anticipated to support any 400ZR+ variant

The deep experience that Cisco and the industry has with QSFP-based designs has enabled this continual innovation. According to Dell’Oro, by the end of 2019, approximate 70 million QSFP (all rates) ports will have cumulatively shipped making it clear why supporting backwards compatibility supports many users in their network operations or investment protection goals.

Beyond 400GbE to 800GbE


While 400GbE deployments of QSFP-DD are at the start of their long deployment cycle, we’re already looking forward to what comes next. With the development of 100 Gb/s electrical SerDes happening in IEEE 802.3, we can expect future ASICs to be driving 100 Gbps signals towards these modules. QSFP modules again offer a clear advantage as we can use QSFP112 modules for 400 GbE interfaces (such as 400GBASE-DR4) and also QSFP112-DD for 800GbE capable modules (such as dual 400GbE). The interchange of these will be equally important as well as the backwards compatibility with the QSFP56-DD that we’ve been talking about for 400GbE.

The experience and innovation brought to bear in making this first generation of QSFP-DD feasible for 400GbE has opened a number of innovation opportunities that allow us to have confidence that supporting 800GbE will happen. Multiple system design approaches and configurations are already in the labs testing out support for 100

Gbps electrical SerDes and are looking very positive. The advances and innovation in thermal performances that we’ve seen already for the 400GbE work are not at the limits of what is possible as we further innovate and make progress. All the while, power is being reduced as chips move to 7nm from the current 16nm processes.

In Praise of QSFP


More than decade ago, when QSFP+ was in its early days of 40GbE development no one would have predicted that we’d be considering 800GbE variants. However, the market success of the approach and the flexibility of system design has driven a continual series of innovations to match the ongoing market needs. We’ve not seen the end of this and QSFP based modules have a strong and healthy future ahead. The networking industry is privileged to have so much technical, commercial and deployment experience with these modules that it continues to be foundational in everything we build.

Sunday, 10 March 2019

Shaping the Future of Contact Centers and Customer Experiences

Five Factors Shaping the Contact Center and Customer Experience in the Next Five Years


In the words of author and entrepreneur Seth Godin, “It’s easier to love a brand when the brand loves you back.” So how do you love your customer back? Companies that put their customers at the center of everything they do can make transformational changes to their business and their customers’ experience. This doesn’t happen overnight. It requires clear vision, cultural changes, and an honest, in-depth look at the technology that your business and your customers use through the day and forward. Your customer relationships are perpetual, and either reinforced or derailed across many touchpoints. So their journey, and the tools that enable it, must be cohesive and engaging.

Cisco Tutorial and Material, Cisco Guides, Cisco Learning, Cisco Study Materials

All solid relationships are built on healthy communication and mutual understanding. And of course, it’s no different with your customers. To build deeper, more meaningful relationships, you must truly listen to and understand them.

But in a world where we use so many different technologies, platforms, and channels in our personal lives, the expectations around ‘listening’ have changed. To do so effectively now requires that we transform our businesses with modern technology and modern processes, all designed to meet our customers where they are. Burdensome, complicated paths that keep them from accessing the resources and information they need don’t work. And while the contact center isn’t the only customer touchpoint along the way, it plays a massively disproportionate role in forging deeper relationships with your customer and for your business.

Here is my view of the top five factors reshaping the contact center and customer experience in the next five years.

1) Customer Experience Matters


According to futurist and innovation expert Nicholas Webb, we’re currently in the experience economy.

He says that a customer’s experience across every touchpoint, in both digital and non-digital channels, is what determines the success of a company. I couldn’t agree more.

When I look back at the hundreds of experiences I’ve had with companies as a consumer, there are only a few that I feel know me and love me back. And those are the ones that have set the bar by which I judge all others. They show interest in me and are invested in me. They know me and my situation.

There are three main elements shaping your customers’ experience.

◈ The data that you have spread across a multitude of systems and applications provides you with tremendous insight about your customers’ experience as they navigate an often multi-stop process within your organization. Understanding and analyzing that data can tell you so much about how your customers are experiencing your brand, so that actions can be taken to make their journey better. This leads to brand loyalty and customer retention.

Agents, whether digital or human, are seen as the difference-makers in creating meaningful customer interactions. They play a key role because they are entrusted to engage with your most precious resource – your customers. And their role directly correlates with how your customers make buying decisions. Investing in a modern, intuitive, omni-channel, AI-enabled agent client will go a long way in enhancing the agent’s state of mind, productivity, and job satisfaction.

◈ The channels your customers use to communicate with you, when siloed, hinder your agents’ productivity and your customers’ ability to easily engage with you. A thoughtfully integrated omni-channel experience enables you to optimize your workforce, while delivering a fluid experience that ranges from self-serve to assisted care, along with history and context of the interaction, to create highly personalized customer engagements.

2) Hybrid Is A Powerful Path To Cloud


Transitioning your on-premises contact centers to the cloud creates enormous opportunities for growth and innovation, but it can also create disruption that most companies simply can’t afford. Both from a cost and technology perspective, this move doesn’t just mean swapping the technology. It means changing the way your processes work, re-training your employees, shifting IT operational responsibilities, and redefining how you interact with your customers.

Nothing this important happens overnight. Taking a step-by-step approach is the most rational way to make this important transition. The contact center is one of the most interconnected applications in the enterprise, with dozens of integrations to multiple systems. This is one of the reasons cloud penetration hasn’t kept pace with other apps like email, CRM, and ERP.

Hybrid cloud services are a clever way to start benefiting from cloud innovation while continuing to run your critical operations without interruption. By adopting and integrating modern cloud services and technologies such as analytics and artificial intelligence (AI) to your on-premises deployments, you can begin to slowly “cloud-enable” your contact center to capture the benefits quickly, cost-effectively, and with minimal risk.

3) Artificial Intelligence To Create Contextual, Suggestive, And Predictive Experiences


Put yourself in the shoes of a contact center agent who works with a number of different and often disconnected systems, sorts through loads of information and content, and tries to find the right expert to help solve a question or issue. All this while possibly dealing with a frustrated customer. It sounds overwhelming because it is overwhelming. If you’re wondering why agent turnover rates are so high, this is why.

Using artificial intelligence (AI) and machine learning (ML) technologies to provide bot self-services and virtual customer assistants to help agents with real-time context, cognition, and intelligence, is one of the most effective ways to make their work-life easier and solve information overload. According to a survey conducted by the Aberdeen Group, agents spend 17% of their time searching for relevant knowledge to do their job. AI helps you predict what each customer will need next, and it puts context around the customer experience and delivers it across every channel. AI removes mundane tasks and ensures agents have information at their fingertips, so that they can care for each customer at a highly tailored, individualized level.

4) Cloud Analytics – Consolidate It, Share It, And Take Action


We have plenty of data about our customers. The problem is that it’s coming from different sources, configured in different formats, and managed by individual business units, making it difficult to get a single view of the customer. It’s no wonder I see a lot of blank stares when this topic comes up.

Cisco Tutorial and Material, Cisco Guides, Cisco Learning, Cisco Study Materials
The solution is to consolidate the data from all these sources and look for the meaning in the data. How does it tell a story that you can act upon? How does it enable your agents? How does it help your customers? To bring it to life, look for patterns in things like purchasing, demographics, heavy traffic periods, customer comments, and social media transactions. Make some comparisons. Why is your campaign not working? How do you know your customers don’t want self-service? Why are customers reaching you more during a certain day or time? Why aren’t they buying this fantastic product?

The only way to compute and analyze this abundance of priceless data is with cloud-based analytics reporting. This will give you valuable business information and a complete view of your customer’s journey in real-time and historically so you can improve operational efficiencies, financial performance, and your customer interactions in new and innovative ways.

5) Removing Silos To Serve Customers Better


I’ve already mentioned the importance of the agent and the impact that information overload has on the agent’s ability to deliver timely, exceptional service to your customers. Agents simply can’t do it alone. They need to be intimately connected to the rest of your organization, and the best way to do this is by giving them quick and easy access to experts using unified communications (UC) and team collaboration technology.

According to the Aberdeen Group, companies that empower their agents with unified communications experience a 68% greater annual increase in customer profit margins. That’s a big deal! By helping agents reach anyone in your organization via chat or email or calling them from wherever they happen to be, you’re not only making your agents more efficient, you’re going above and beyond to improve your customers’ experience, and they will notice.

A seamlessly integrated contact center with UC is also an effective strategy for helping your business continue even during weather-related or other types of emergencies. While many inquiries to the contact center will be automated using AI, the remainder will be exceptions and, by nature, are more complex and likely to require the help of a colleague or expert. Removing the pressure from agents as they’re problem solving in real-time with your customers, empowers them to build deeper relationships with colleagues, be more productive, and have greater job satisfaction. You’ll benefit by reducing agent costs, improving first contact resolution, and providing a heightened experience for both employees and your customers.

Friday, 8 March 2019

3 Unexpected Ways to Boost IT Efficiency, Uptime and Resolve Issues Quickly

Like the engine is to a race car, IT is at the heart of your business—to keep it running around the clock, deliver new products and services, drive transformation, and extend to new markets globally. So, it’s no surprise two of the top three operational priorities for CIOs include delivering a stable IT and increasing operational efficiencies.

Keeping your IT engine secure and running at optimal performance, while meeting the needs of your business can be a lot to juggle. With limited time and resources, we know your time is best spent on what matters most for your business. In fact, forty-six percent of IT use outsourcing to access skills and thirty-two percent plan to increase their outsourcing spend.

Having the right IT services pit crew in place who not only has the expertise to keep your network up and running but delivers business value is critical. And if something goes wrong, they can resolve it quickly, so you can focus on more important matters.


Here are three things to consider that will enhance efficiency, uptime, and resolve problems quickly to help maintain a stable IT.

1. Have better visibility to operate more efficiently


A key part of keeping everything running smoothly and error-free is knowing exactly what is installed in your network. To do this you have a couple of different options, each with their own considerations. To see what you have running on your network, you have to go through the process of accessing each device manually or running different manual scripts to collect parts of the information needed to create an inventory view. Depending on how many devices you need to manage, the first option is very labor intensive, while the latter can be error prone. If you happen to miss a device, you won’t be able to see that piece of hardware, leaving it open to potential vulnerabilities – and adding more manual efforts to your plate.

Cisco Smart Net Total Care makes having insights in your installed base effortless and automated with its integrated smart capabilities through the Smart Net Total Care portal and collector software which automatically collects device information on Cisco products. Once the collector is installed and configured, it can run automated network discoveries, automated network inventories, and automated inventory uploads back to Cisco. With the click of a mouse you can view your installed base data, helping you manage your Cisco devices easier and operate more efficiently. “The automation on the Smart Net Total Care backend makes a small team’s performance large in executionand impossible to do otherwise,” John Baldwin, IT Manager for Infrastructure Projects and Architectures, Pella.

Cisco Tutorial and Material, Cisco Study Material, Cisco Guides, Cisco Learning

2. Ensure devices are up-to-date and secure to maximize uptime


Keeping all of the devices in your network secure and up-to-date is critical. Part of preventing any potential vulnerabilities is making sure that your devices are running code that isn’t impacted by known critical bugs or PSIRTs, and is aligned with compliance rules. However, when a problem does arise, you have to access that device, obtain the software version and type, and manually search cisco.com to find any issue associated with that specific product type and software version. When you need to get information on your device’s lifecycle you need to manually look for all of that data using End-of-Life and End-of-Sales product bulletins for each device. If you have thousands of devices you’re tasked with tracking and keeping secure, that is a daunting task.

The Smart Net Total Care portal gives you visibility into your devices, including what IOS you’re running to help ensure you’re using the appropriate code versions across your devices, eliminating the potential for more vulnerabilities. In addition, PSIRT, BUG and automatic lifecycle data correlation and custom reports help you manage your device security more efficiently. “We can see which device are covered and at what service level, so we can appropriately cover devices to minimize risk within our environment,” Operations Manager, Service Provider.

Cisco Tutorial and Material, Cisco Study Material, Cisco Guides, Cisco Learning

3. Get an accurate view of your devices to resolve issues quickly


When you face a network downtime or device issue, time is always of the essence, especially if you have thousands of devices to maintain. And that’s not just the time spent in finding the number to call support. It starts with having to gather all of the device-level information you need just to open a case to get the problem resolved. That includes the device serial number, product ID, and contract number related to that device. Depending on the kind of inventory view you have (and how comprehensive it is), all of this data could take you a long time to gather. This does nothing but delay your time to issue resolution and take up even more of your limited time.

Smart Net Total Care can help you reduce your time spent in resolving issues drastically by giving you a clear and accurate view of your device information. The portal software does all of the correlation of your collected device serial numbers, product IDs, and contract numbers automatically, which means you don’t have to spend time looking for information. You can also initiate a Technical Assistance Center (TAC) case directly and instantly within the portal if you experience an issue, shortening your time to resolution even more. “Greater visibility across the network allows us tobetter prioritize and plan ahead for updates and replacement of equipment, assuringthe continuous operation of the company.”.

Cisco Tutorial and Material, Cisco Study Material, Cisco Guides, Cisco Learning

Whether you’re a large or small enterprise, Cisco’s Smart Net Total Care delivers world-class technical support that keeps your organization running smoothly, while driving business value.

Wednesday, 6 March 2019

Cisco Stealthwatch Cloud and Microsoft Azure: reliable cloud infrastructure meets comprehensive cloud security

Isn’t it great when the enterprise technology solutions you use to achieve various business outcomes partner and work seamlessly with each other? Cisco and Microsoft have done just that to provide you with a scalable and high-performance cloud infrastructure along with easy and effective cloud security.

In 10 minutes or less, Cisco Stealthwatch Cloud extends visibility, threat detection, and compliance verification to Microsoft Azure without agents or additional sensor deployments within your cloud environment.

A new way to think about security


Enterprises are continuously adopting the public cloud for many reasons, whether it’s greater scalability, better access to resources, cost savings, increased efficiency, faster time to market, or overall higher performance. While the move to the cloud offers great opportunities, it also means that the old ways of thinking about security aren’t working for most organizations anymore, especially when it comes to visibility in the cloud.

Cisco Stealthwatch, Cloud and Microsoft Azure, Cisco Security, Cisco Guides, Cisco Learning

Often this lack of visibility leads to challenges surrounding network traffic analysis, identity and access management, compliance and regulation, and threat investigation. We all know of organizations that have made security mistakes related to configuration and inadvertently exposed their private data, resulting in serious repercussions. Of course, training can be improved, configurations checked, and automated tools used to validate configuration parameters, but these efforts only address the preventative aspects of security practice.  Organizations also need to actively watch what is actually happening with their cloud assets and catch the threats that aren’t prevented. Active breach detection starts with improved visibility.  Complete visibility gives you a way to protect your cloud infrastructure in real-time, so you can be agile and address issues as they arrive.

Cloud security: a shared responsibility


While your cloud provider manages security of the cloud, security in the cloud is the responsibility of the customer. You as a customer retain control of what security you choose to implement in the cloud to protect your content, platform, applications, systems and networks, no differently than you would in your company’s private datacenter.

How do you know what is happening to data in the cloud? How do you know you’ve configured your cloud assets to be secure? How do you recognize cloud assets starting to communicate with new, possibly hostile internet sites?  How do you do it in real time and quickly enough to mitigate data loss?

To answer these questions, it’s critical to have an active breach detection solution for your public cloud. And for that solution to be effective, the cloud provider needs to enable the right visibility to tap into valuable cloud network and configuration telemetry. 

Cisco and Microsoft: better together


Cisco Stealthwatch, Cloud and Microsoft Azure, Cisco Security, Cisco Guides, Cisco Learning

In the continuous effort to provide customers with industry leading solutions, Cisco has been working with Microsoft to bring Cisco Steathwatch Cloud to Azure. Stealthwatch Cloud, a software as a service (SaaS) active breach detection solution based on security analytics, can now deliver comprehensive visibility, and effective threat detection in Azure environments in as little as 10 minutes.

Traditionally, organizations have tried to overlay a patchwork of agents across cloud assets to detect bad activity. This approach requires significant costs and effort to deploy, maintain, and manage in dynamic environments such as the cloud. Importantly, it frequently doesn’t scale with your cloud environment with regard to cost.  But Stealthwatch Cloud can deploy within your Azure environment with no need for an agent and scales up and down according to your actual cloud traffic utilization.

How does it work?


Microsoft provides Azure Network Security Group (NSG) flow logs that contain valuable information on north-south and east-west traffic within an Azure virtual network. Flow logs show outbound and inbound flows on a per flow basis, the network interface (NIC) the flow applies to, 5-tuple information about the flow (Source/destination IP, source/destination port, and protocol), if the traffic was allowed or denied, and in Version 2, throughput information (Bytes and Packets, and the NSG rule applied to the traffic). Organizations use this information to audit activity on their cloud network.  Stealthwatch Cloud can natively consume NSG flow logs V2 via APIs, without having to deploy any agents or sensors.

Additionally, Microsoft has also introduced Azure virtual network TAP (Terminal Access Point) that allows you to continuously and easily stream your virtual machine network traffic to Stealthwatch Cloud like a traditional, physical network SPAN or TAP. You can add a TAP configuration on a network interface that is attached to a virtual machine deployed in your virtual network. The destination is a virtual network IP address in the same virtual network as the monitored network interface or a peered virtual network. This approach provides access to not just flow logs, but also other network traffic like DNS data.

Cisco Stealthwatch, Cloud and Microsoft Azure, Cisco Security, Cisco Guides, Cisco Learning

Stealthwatch Cloud can be powered by both NSG flow logs v2 and vTAP data. Stealthwatch Cloud analyzes this data using entity modeling to identify suspicious and malicious activity. For every active entity on the network, Stealthwatch Cloud builds a behavioral model – a simulation of sorts – to understand what the entity’s role is, how it normally behaves, and what resources it normally communicates with. Then it uses this model to identify changes in behavior consistent with misuse, malware, compromise, or other threats.

For instance, if an Azure resource normally only communicates with internal hosts, but suddenly it begins sending large amounts of data to an unknown external server, it could be a sign of data exfiltration. Stealthwatch Cloud would detect this behavior in real-time and alert your security team.

Friday, 1 March 2019

Cisco and Verizon to Demonstrate the Benefit of Multi-Haul Transport

Internet Traffic Trends and Network Pressure


Internet traffic and connected devices continue to grow. In North America, between 2017 and 2022, average broadband speeds are projected to grow 2.1x times to 94Mbps. Average Wi-Fi speeds are projected to grow 2.2x to 84Mbps, and average mobile connection speeds are projected to grow 2.6x to 42Mbps. The average smartphone will generate 14GB of traffic per month in 2022 – up 2.5x from 2017. [Source – Cisco VNI report]

The traffic mix is changing. Video will continue to dominate at 82% of all Internet traffic in 2022. However, there are significant new trends emerging. In the past few years, service providers have observed a pronounced increase in traffic associated with gaming. The launch of season 5 of Fortnite in July last year drove peak internet traffic overnight 5x to 37Tbps. Fortnite is only increasing in popularity with over 200 million registered players as of December 2018 and the recent announcement of a record $30M prize pool for the Fortnite World Cup. Online live Internet video also has the potential to drive large amounts of traffic as it replaces traditional broadcast viewing hours. According to Ooyala’s State of the Broadcast Industry 2019, sports are going to be a major catalyst for live streaming, and streaming is a much-needed solution for sports leagues that have seen a decline in ratings and ad revenues. Also of note is the growth of video surveillance traffic. This traffic is of a very different nature than live or on-demand streaming and represents a steady stream of upstream video camera traffic, uploaded continuously for commercial applications.

As Internet traffic grows and becomes more dynamic, optical transport networks for sub-sea, terrestrial long haul and metro need more capacity. The ability to deploy capacity quickly is equally important to handle the increasingly dynamic nature of the traffic. The concept of a multi-haul transport platform, as introduced by Andrew Schmitt of Cignal AI, becomes very appealing for achieving this ability to scale with speed while maintaining operational simplicity – a single platform for all requirements. A critical element of the multi-haul optical platform is the flexibility of the coherent optics to be tuned to fine granularity in order to meet the reach-capacity target of any given network.

Benefits of the Cisco NCS 1004


The Cisco NCS 1004 delivers multi-haul coherent DWDM transponders that provide state-of-the-art performance using granular baud-rate + bits per symbol tuning and time-hybrid modulation. Each 2RU form-factor NCS 1004, powered by Acacia’s Pico Digital Signal Processor chip, provides 8 coherent DWDM ports that operate from 100G to 600G. The FEC, baud-rate (or bits per symbol) and line rate combinations result in well over 6000 different ways to configure the NCS 1004 coherent DWDM trunk ports. Such flexibility is unprecedented.

Verizon Trial


We partnered with Verizon to demonstrate the benefits of the granular control of the NCS 1004 in a real-world environment. Ten fibers in Verizon’s 80km Dallas loop were used with NCS 2000 SMR flex-grid ROADMs to build an 800km network. Channelized ASE noise loading was provided by NCS 2000 equipment.

Cisco Tutorial and Materials, Cisco Certifications, Cisco Study Materials, Cisco Learning

Three scenarios were tested – 1) 400G over 10x80km i.e. 800km, 2) 500G over 5x80km i.e. 400km, 3) 600G over 80km. It is important to note that in the testing, we used a single transponder carrier per channel per Verizon’s request. For each scenario listed above, we lowered the baud-rate (raised bits per symbol) to trade off excess margin for more capacity.

For 400G over 800km, we started with the highest baud-rate possible at 71.7Gbd/s with a corresponding modulation of 3.88 bits/symbol. This gave us a Q-margin of 2db and fit into 87.5Ghz. We then traded off the excess margin on the link for additional capacity. The optimal point as per testing was 61.72Gbs/s with a corresponding modulation of 4.5 bits/symbol and Q-margin of 1db. This signal fit into 75Ghz and resulted in a fiber capacity of 25.6Tbps. This test was similarly repeated for 500G over 400km and 600G over 80km.

We achieved the following maximum capacities for Verizon’s network:

◈ 25.6Tbps @ 400G over 800km with 75Ghz spacing
◈ 32Tbps @ 500G over 400km with 75Ghz spacing
◈ 35.4Tbps @ 600G over 80km with 81.25Ghz spacing

The below chart captures our test results for how we traded excess margin for more capacity in Verizon’s network.

Cisco Tutorial and Materials, Cisco Certifications, Cisco Study Materials, Cisco Learning

After the successful completion of the tests, Glenn Wellbrock, Director of Transport, Verizon, commented, “We are happy to be the first to trial 600G on our metro network. More importantly, we were able to validate the highly granular control of the NCS 1004 to trade margin for capacity with 500G over 400km and 400G over 800km. This is a real customer advantage as we can now put significantly more capacity on a single fiber pair.”

Cisco is very excited about the results. We are moving very quickly to support our customer requests for more bandwidth and for the flexibility that multi-haul brings to maximize Verizon’s network.

Sunday, 24 February 2019

New Wireless Frontiers for the Enterprise: 5G, Wi-Fi 6, and CBRS

2019 is going to be an incredible year in wireless networking. Enterprises are going to be able to take advantage of several important innovations.

Cisco Tutorial and Material, Cisco Guides, Cisco Learning, Cisco Certifications

First, 5G carrier-based wireless is going to start rolling out broadly, bringing a promise of dramatically better performance to mobile workers and the enterprise. Additionally, standards-based Wi-Fi 6 will be available in 2019. Wi-Fi 6 will dramatically improve the wireless experience, and it will enable new use cases for wireless that weren’t possible before. Quick on the heels of both of these rollouts will be CBRS (Citizens Broadband Radio Service, also known as OnGo), an extension of LTE that offers a new band of uncrowded spectrum. It will be especially valuable for mission-critical IoT applications.

With so much changing in how we connect, we are looking at a rare opportunity to combine technological change with strategic planning, as we explore how new wireless capabilities will change the way our businesses operate.

Common Tech


Before we get into the changes we’ll see in network planning due to these technologies, we have to understand how they’re different — and how they are actually coming together.

In 2019, both carrier-based mobile connectivity (LTE and 5G cellular) and unlicensed nomadic networking (Wi-Fi 6, otherwise known as 802.11ax), will converge in two key areas: radio signal encoding, and scheduling.

Both new wireless systems use the same method to squeeze more users and data into the frequencies they use, so each base station or access point can talk to more devices simultaneously. Also, with Wi-Fi 6, local wireless networking gets more scheduled, deterministic use of spectrum. Unlike other versions of Wi-Fi, which use a randomized channel access mechanism, with Wi-Fi 6, a device can rely on being able to use the radio on a particular schedule (measured by the millisecond). Scheduled access enables lower latency and allows for greater density of devices. And it has a positive impact on power use and battery longevity. In this regard Wi-Fi is advancing alongside 3GPP cellular technologies (like 5G and LTE), which are also deterministic.

Despite their technological convergence, carrier-based (LTE/5G) and unlicensed (Wi-Fi) wireless systems are, and will remain, dramatically different in terms of cost, infrastructure layout, and the level of administrative control they provide to enterprise network operators. These factors will determine how enterprises plan to maintain and grow their wireless capabilities.

Wireless Inside the Campus and the Branch


Wi-Fi 6 provides improvements in speed and latency, and supports a higher density of connected devices. Combined with its reasonable cost to deploy and maintain, it will prove an ideal system for indoor wireless connectivity – especially in areas where access points will serve more users.

Users on Wi-Fi 6 devices will see improved individual experiences. People in crowded areas that have traditionally offered hit-or-miss performance (waiting rooms, student lecture halls, meeting spaces, and so on), will have better experiences. Some devices that previously would only be connected by wired Ethernet will be able to move to wireless. This will help drive innovation around high-bandwidth and latency-sensitive use cases that should really be untethered, like AR/VR, gaming, and video communications.

As the number of performance-sensitive wireless devices goes up, enterprises will need new network intelligence to assure the best levels of service. Specifically, Cisco believes that Wi-Fi 6 access points, and end devices themselves, must become sensors, collecting real-time performance and experience data that they stream to a new generation of analytic engines. This will allow for proactive and granular management of these increasingly complex environments.

While for some enterprise installations and indoor use cases it will make sense to extend 5G or LTE into the interior space with Distributed Antenna Systems (DAS), or with interior 5G access points (“microcells”), this remains an expensive proposition. LTE and 5G radio chipsets are dramatically more expensive than Wi-Fi, and we do not anticipate this changing.  Additionally, most enterprises have an exponentially increasing number of devices they need to keep online; paying a monthly fee for connectivity per device would be cost-prohibitive.

Wi-Fi networks also provide a rich vein of analytics information to the enterprise. Businesses can gather extremely rich data about their facilities by tracking how Wi-Fi devices move through them. This information is going to change how businesses optimize the use of their physical locations.

5G for Connecting Campus and Branch


5G will have a great impact on branches and campuses as a backhaul service.  Keeping an enterprise’s branch and campus locations all connected to each other and the Internet has traditionally fallen to wired technologies like T1/E1 and xDSL; today, 4G is often used to quickly bring up sites, or as a back-up link, but it’s seldom used as a primary link, due to bandwidth limitations and cost.

But 5G is much faster than 4G. It can be used to augment or, in some scenarios, replace a wired connection. And with contemporary SD-WAN tools, it’s simple to deploy 5G in parallel with other WAN services – even across thousands of sites.

Moreover, wireless links make sense for businesses that rely on having robust, always-on connectivity to their branch offices, and for businesses that rely on cloud services. That is to say: nearly all businesses. Wireless backhaul links can’t be cut, and wireless infrastructure is often the first communications service restored after a disaster like a major storm. Using 5G to augment existing WAN services allows sites to have maximum uptime for their cloud-based services, and, when it’s managed with SD-WAN and used alongside links that are bandwidth-constrained , it can enhance the overall application experience too.

For even more bandwidth, 5G has frequency extensions into high-frequency millimeter wave bands, which offer significantly higher throughput. These high-frequency bands do not easily reach indoor spaces, but carriers can quickly set up external, line-of-site antennas to provide dedicated, high-speed connectivity at competitive prices.

Wireless and IoT


Both Wi-Fi 6 and 5G offer exciting opportunities to connect more devices reliably via wireless.  They share scheduling technology that makes wireless more deterministic, which is important for mission-critical IoT assets being used in manufacturing automation, healthcare, energy, and many other industries. Wireless technologies enable new use cases, and businesses that lean heavily on wireless will find it easier to accelerate their digitization initiatives.

Wi-Fi 6 APs will also increasingly include additional radios, like Bluetooth and Zigbee, which will make them more capable IoT gateways — and useful wireless sensors. They’ll be to help track and manage IoT devices through their entire lifecycle.

A particularly interesting extension of LTE (and later, 5G), called CBRS (Citizens Broadband Radio Service), holds a lot of promise as a complimentary technology to Wi-Fi 6 for use inside  buildings.  CBRS relies on spectrum in the 3.5Ghz range that is not used by WiFi or existing LTE/5G services in the U.S., so it’s unlikely to be interfered with by general-access consumer devices. Some initial CBRS capabilities are rolling out in products shortly.  For devices, like robots, that need guaranteed connectivity as well as mobility, CBRS will be a great compliment to Wi-Fi 6. Most businesses using CBRS will use it together with Wi-Fi 6.

When we discuss mission-critical IoT programs, we also need to keep security top of mind. Many IoT devices are both highly critical to business, and highly vulnerable to attack. Fortunately, a modern network can help make an IoT-rich environment more secure in several ways. In particular, it can limit potential for malware to spread from device to device, by using software-defined segmentation to ensure that network traffic from a particular device cannot be sent where it’s not supposed to be. Segmentation policies can span wired and wireless networks, as well as ruggedized environments.

Tying Wireless Networks Together


5G and Wifi6 will eventually be deployed together in the enterprise. It will be an evolving challenge to manage these separate access technologies as integrated systems – with unified policy, security, and analytics. Users and devices will need to move between 5G and Wi-Fi 6 systems, and the smart IT leader will want the experience to be seamless and easy to manage at scale. Orchestrating the management systems of these separate networks is our next frontier. Watch out for more to come on this aspect.