Visitors to the Cisco booth at this year’s IBC will no doubt be curious to see our new Open UX Snowflake.
Snowflake, the Videoscape Unity flagship UI, is now offered on HTML5, powered with cloud technology. As a multi-award winning UI, Snowflake never fails to turn heads, which makes it the Formula One race car of UIs. The kind you want to brag to your friends about. No matter what device subscribers use, Snowflake provides an engaging and consistent way for them to find and view video content.
At first glance, one might think that not much has changed. But like a Formula One race car, Snowflake isn’t just about good looks. It’s also about what’s under the hood.
Snowflake has a new, powerful web-based engine that makes it simpler, faster, and richer.
So what enhancements will Open UX Snowflake bring for service providers and consequently subscribers? Read More »
Our first SecureDC twitter chat created some great industry dialog around security for Software Defined Networks (SDN) as well as using SDN to improve security. SDN is going through a similar hype cycle as seen with cloud and we feel that it’s important to focus more on education now and broader collaboration, so that users can benefit from the tremendous potential SDN holds.
More Education, Less Buzz
We kicked off our conversation by asking what are the most pressing issues around SDN were. @Joltsik, Principal analyst at Enterprise Strategy Group, felt that users are confused with so much buzz, yet there’s little in the way of education.
@Raj_Samani, Chief Innovation Office at the Cloud Security Alliance and CTO at McAfee, went one step further indicating that greater transparency is also needed. However, @Jgreene3rd, Technical Lead for Data Center Security Technologies at Intel, noted that the upside of buzz is that it drives greater demand for availability, which in turn fuels education.
SDN and Improving Security
@KenSBeck, Principal Engineer at the Cisco Security Technology Group Office of the CTO, led an interesting discussion on how APIs for programming the network at network speed will allow security intelligence to be much more dynamic and eventually part of the network itself. @shl_eax_1, Technical Lead Engineer at Cisco Security Technology Group Office of the CTO, further noted how global visibility of the network hastens the speed with which security issues get resolved.
@fsmontenegro elaborated on how SDN security can enable more intelligent, granular and efficient response, and that SDN improves security by adding policy exceptions at the network layer with redirect flow. @vernonxt, SVP for ICT Research at IDC, honed in on SDN enabling better policy management. @AndiMann, Vice President at CA Technologies, speculated with automation enabling embedded policy and preventing random changes, shouldn’t SDN be able to do the same.
SDN Impact on Regulatory Compliance
@alokmittal65, Chief of Staff for the Cisco Security Technology Group Office of the CTO, stressed the need for auditing, logging and monitoring of policy change events.
@Raj_Samani also noted that with greater proliferation of devices, the ability to achieve greater attestation on the endpoint becomes more challenging. @KenSBeck drew attention to leveraging network awareness of user, geo location, and device as contextual elements that can make attestations much more meaningful.
@KenSBeck, our host from the Office of the CTO at Cisco, closed with words of advice and a hint of what is in store.
Detours is a library offered by Microsoft Research for interception of functions on x86 and x64 platforms. It is sold for commercial use to various vendors that build products ranging from security to gaming applications.
Detours is often injected into most or all of the processes, either system-wide or in the context of the logged in user. The most common way this is done is through the AppInit_Dlls registry value. Because the injection is typically applied to a large number of processes running under various permissions, extra care must be taken to ensure the library and its usage are very carefully reviewed by engineers with a strong understanding of the implications of such wide hooking.
We have used this library in our own security products at Cisco (both CSA and AnyConnect) to provide certain security functions on the system. During one of our research projects earlier this year, we noticed a peculiar pattern on Windows systems where processes we were hooking had a change in the in-memory permissions, which marked the headers of the modules from the normal READ/EXECUTE to now include WRITE as well.
This was quite alarming to us, because a dll should not be writeable when loaded into memory. What was interesting, and led to clues of what might be the cause, was that it was only the dlls that had functions we were actively trying to hook. They were the common Win32 dlls that one would typically intercept methods for, such as Kernel32.dll.
It’s a beautiful thing when you can hijack four not-quite random people off the VMworld show floor and get them to tackle a discussion on desktop virtualization. And that’s exactly what we did a couple weeks back, when the opportunity presented itself. With Courtney Burry (VMware), Mike Brennan (Cisco), Dave Kinsman (WWT) and myself on hand, we did a sort of VDI blogger “round-up”. You should check out the video below, but a quick recap as follows:
Courtney discussed some of the latest improvements in Horizon View that improve desktop TCO by optimizing storage footprint through technologies like SE sparse (or Space Efficient Sparse) which provides the ability to reclaim blocks of storage that are unused or deleted by the guest file system.
I also shared some thoughts on our joint solution with VMware that’s expanding the number of use cases addressable by VDI, through our support of hardware-accelerated 3D Graphics with nVidia as part of our C-Series rack server solution, as well as the improving economics of 1:1 persistent desktop images using the latest generation of flash-based partner technologies we support through our VDI storage ecosystem.
Mike discussed how we’re offering a more consolidated management approach with VMware through things like integration within vCenter which includes a snap-in for UCS, allowing administrators to see our UCS infrastructure inside the vCenter web client as well as open API’s that introduce more opportunities for automation, which combined with combine with UCS Manager and our automation tools, can help our customers provision desktops from bare metal, much faster.
And to help round-out the round-up, we snagged Dave Kinsman from WWT, to give us his feedback on how he sees all of this coming together, both for channel partners like WWT, and they customers they serve.
Prediction – The #1 spot is well within our reach sooner than you may think.
As we grow our installed base with roughly 1,000 new customers every month, our conversations about the future of UCS have taken an interesting turn. Until now in what I’ll call the “UCS 1.0” phase, Cisco focused on virtualization and private cloud as the dominant use cases that were top-of-mind for industry CIOs and we struck a resonant chord based on our growth – just look at our numbers.
We were market makers with expanded-memory 2-socket Intel EX blades (remember the B230’s?), which were gobbled up like candy into large-scale VDI deployments much to the surprise of the industry. We also jump-started a very attractive RISC-to-x86 migration practice, including Cisco IT’s own production environment: a 40TB mission-critical database that ran on HP Superdomes – a “circle of life” moment for me since Superdome was my program from 1999-2003.
We’ll continue leading in customer value for our original design centers, but we are now focusing on market expansion with what we call “UCS 2.0”, expanding into data-intensive, mission critical, analytics and service provider cloud environments with an increased level of R&D funding and strong corporate support from our top executives.
Prediction – You’ll see us more focused on architectural solutions for key industry vertical markets with tuned solution environments that leverage Cisco’s wide portfolio and that of our partners.
One such act of support is the announcement today of our intent to acquire WHIPTAIL, a leading solid-state systems company that boasts the highest scalability in performance and capacity of any scale-out flash vendor on the market today. WHIPTAIL systems span from single-node entry products to 30-node behemoths that drive almost 400TB’s of flash, 40GB/sec of bandwidth and 4 million random R/W IOPS – for starters.
Prediction: Cisco will unseat Infiniband with low-latency Ethernet fabrics. Check out our USNIC technology for starters…
In our customer interactions it became very clear they view application acceleration using persistent solid-state memory as a use case that belongs in the server tier, not the storage tier.
In an application-centric world, we started thinking not about server vs. storage infrastructure, but how applications viewed data – hot “important right now” data, warm “may be of interest data” and cold “let’s keep it around for background mining or compliance” data.
We arrived at the conclusion that UCS needed to be best-in-class at accelerating hot data layers. Hot data is closest to applications and therefore has high affinity for the server tier. Hence WHIPTAIL.
Assertion: Flash is a “boundary technology” that can be viewed as part of the memory or storage hierarchy. With respect to storage it’s faster and more expensive per GB. With respect to DRAM memory it’s slower but cheaper per GB. It therefore allows cost/performance arbitrage for applications by applying an accelerated persistent data model that can save on DRAM and de-complicate underlying permanent backing stores.
WHIPTAIL is a great fit with the fabric computing UCS architecture and also complementary to our C-Series rack mount servers and our SingleConnect capability in our UCS Manager that allows mixed-density blade/rack deployments to be managed from a common pane of glass.
Our intent is to fully integrate UCS computing and WHIPTAIL solid-state technologies over a Nexus fabric to create scalable persistent memory systems. That’s our vision.
Why? Because customers will be able to do things they could not before. Such as loading vast amounts of data in seconds and minutes, not hours or days – or -- shrinking their performance footprint to a rack vs. 30 racks – or -- accelerating Hadoop on all solid-state infrastructure – or -- extending in-memory analytics to a scale previously not thought possible. That’s why.
As converged infrastructure advances as an ensemble computing architecture, boundary technologies like solid-state memory can be viewed as part of the memory or the storage hierarchy. Cisco’s point of view is to make it part of the memory hierarchy in the compute tier. That allows customers the best of both worlds – performance acceleration for applications while retaining their investment in permanent backing stores and simplifying their overall data center total cost of ownership (TCO).
To close on a Darwinian note, if UCS existed in the Cretaceous Period it would have been a Velociraptor (meaning ‘swift seizer’)– sleek, fast and ferocious – eating everything in its path. Velociraptors are believed to have hunted in packs, which is great considering the strong partner ecosystem that Cisco and UCS have built with industry leaders like EMC, NetApp and VCE as shining examples. We are committed to maintaining and expanding our hunting pack – more on that later!
if Cisco UCS existed in the Cretaceous Period it would have been a Velociraptor. Image credit: dark.pozadia.org