Cisco Prime Network Analysis Module (NAM) has been integrated with Nexus 7k/7700 Series using Cisco® Remote Integrated Services Engine (RISE) technology providing a powerful story for data center integration. RISE with Prime NAM provides high performance monitoring and packet analysis on multiple virtual device contexts along with switch interface statistics for all modules.
Cisco RISE is being used by a large number of customers to tightly integrate the Cisco Nexus series switches with the Cisco Prime NAM to provide VDC awareness and SPAN traffic across multiple VDCs without burning slots on the switch. RISE overcomes the limitation of applying SPAN configuration only in the VDC to which the management cable is attached by intelligently managing the movement of NAM data ports and SPAN configuration to other VDCs as needed. The integration includes the following main features:
- NAM appliance acts as a module on Nexus switches
- One NAM appliance can receive traffic from multiple Nexus VDCs without re-cabling
- One NAM appliance can collect interface statistics for multiple VDCs
- Dynamic vdc-aware SPAN configuration on Nexus switches using NAM GUI
- Up to 4 NAM ports can be automatically assigned to Nexus VDCs using NAM GUI
- Graph of per-interface ingress and egress statistics for multiple VDCs
- Auto-discovery and bootstrap of NAM appliance from Nexus switch
- Health monitoring of NAM appliance
- Visibility to multiple VDCs from one NAM appliance with ongoing VDC configuration updates
- Configurable timer intervals and VDC list for interface statistics collection
- User-friendly error handling for SPAN creation/deletion/modification
- Order of magnitude OPEX and CAPEX savings: reduction in configuration, simplified provisioning and data-path optimization
Figure 1. RISE Physical and logical topology
Cisco RISE supports attachment to the NAM appliance in the following modes:
Direct Attach mode with single NAM: The appliance has a management link that is directly attached to the Nexus switch. Up to 4 data links on the NAM can be attached to one or more VDCs on the Nexus switch to send SPAN traffic (Figure 2).
Figure 2. Direct Attach Mode with single NAM
Direct Attach modes with multiple NAMs: The appliance has a management link that is directly attached to the Nexus switch. Up to 4 data links on each NAM can be attached to one or more VDCs on the Nexus switch to send SPAN traffic (Figure 3).
Figure 3: Direct Attach mode with multiple NAMs
Indirect Attach modes with multiple NAMs: The appliance has a management link that is attached via an L2 network to the Nexus switch. Up to 4 data links on each NAM can be attached to one or more VDCs on the Nexus switch to send SPAN traffic (Figure 4).
Cisco RISE with NAM provides the following key features that allow the solution to provide traffic and performance analysis across all the VDCs on the Nexus switch without changing the wiring connections.
Dynamic VDC-aware SPAN Configuration
- Configure SPAN sessions for up to 4 NAM dataports from NAM GUI.
- Create, edit, delete SPAN sessions, select destination ports and source ports for the SPAN sessions.
- SPAN sessions can be configured in other VDCs by selecting VDC and data ports from NAM GUI. Dataport will be automatically moved to required VDC.
- The options of SPAN configuration available to N7K CLI users are available via NAM GUI using RISE.
- Provides visibility to all VDCs from one NAM.
Multi-VDC Interface Statistics
- Retrieve interface statistics of all VDCs on N7K via RISE
- Set short term and long term polling intervals for getting interface statistics
- Set the interested list of VDCs from which statistics needs to be retrieved
- Statistics can be viewed on per interface basis as a graph or data points
- Enhanced application availability via simplified provisioning and efficient manageability.
- Data path optimization: ADC off-load, low latency policy engine.
- Dynamic VDC-aware SPAN configuration: Create SPAN sessions on any VDC
- Multi-VDC awareness: Deliver traffic and performance reports in multiple VDCs
- Cisco RISE provides significant savings in capital expenditures (CapEx) and operating expenses (OpEx) through simplified provisioning and data-plane optimizations
- Dramatic OpEx savings: Reduction in configuration time and ease of deployment
- Dramatic CapEx savings: Reduced wiring, power, and rack-space needs
- The solution provides enhanced business resiliency and stickiness to Cisco products.
Cisco RISE is supported in Cisco NX-OS Software Release 7.x and requires the Enhanced Layer 2 Package license. Please contact email@example.com if you have any questions.
In December 2014, we announced VersaStack, an integrated infrastructure reference solution for enterprise applications that combines technologies from Cisco and IBM. Further extending this partnership, today we are announcing support for IBM BigInsights for Apache Hadoop on our Cisco UCS Integrated infrastructure for Big Data – an industry-leading platform widely adapted for enterprise big data application deployments. The joint solution encompasses disruptive innovations in Cisco UCS and the robust and industry-compatible Apache Hadoop distribution from IBM. This solution can be installed as a standalone Hadoop cluster with powerful analytical tools or can be integrated into existing VersaStack deployments that will benefit from a common fabric and unified management capabilities to deliver the deepest possible insight into your data to help you gain a sustainable competitive advantage.
We are also announcing the availability of Cisco Validated Design (CVD) that provides step by step design guidelines comprehensively tested and documented to help ensure faster, more reliable and predictable deployments at lower total cost of ownership.
- Combines innovations from Cisco UCS such as programable infrastructure with best of open source software with enterprise-grade capabilities in IBM BigInsights for Apache Hadoop
- Designed and optimized for common use cases, pre-tested, pre-validated and fully documented by Cisco and IBM engineers to ensure dependable deployments that can scale from small to very large as workload demands
- Provides enterprises with extensive platform management and data visualization capabilities and integration of big data with other information solutions to help enhance data manipulation and management tasks
- Brings the power of SQL to Hadoop at the performance and scale ever than before accelerating data science and analytics leveraging SQL – arguably the most beautiful programming language – and integration with business applications to access data stored in HDFS and HBase with JDBC and ODBC
- Deep technical expertise, global resources, and world-class support and services from Cisco, IBM and partners
This solution is built on Cisco UCS infrastructure using Cisco UCS 6200 Series Fabric Interconnects and Cisco UCS C-Series Rack Servers optimized for IBM BigInsights for Apache Hadoop with scalability to thousands of nodes with Cisco Nexus 9000 Series Switches:
For more information, please visit:
Follow me on Twitter: https://twitter.com/raghu_nambiar for real time updates.
Tags: Apache Hadoop, Big Data, Cisco UCS, data center, IBM, IBM BigInsights, versastack
This blog has been developed in association with Javed Asghar, Insieme Business Unit
The Cisco ACI Platform consists of the Cisco APIC controller and Nexus 9000 series switches connected in a spine/leaf topology in a CLOS architecture configuration. All management interfaces (REST API, web GUI and CLI) are authenticated in ACI using AAA services (LDAP, AD, RADIUS, TACACS+) and RBAC policies which maps users to roles and domain.
The ACI fabric is inherently secure because it uses a zero trust model and relies on many layers of security: Here are the highlights:
- All devices attached to the ACI fabric use a HW-based secure keystore:
– All certificates are unique, digitally signed and encrypted at manufacturing time
– The Cisco APIC controllers use Trusted Platform Module (TPM) HW crypto modules
– The Cisco Nexus 9000 series switches use Trust Anchor Module (TAM) to store digitally signed certificates
- During ACI fabric bring-up or while adding a new device to an existing ACI fabric, all devices are authenticated based on their digitally signed certificates and identity information.
- Downloading and image bootup:
– All fabric switch images are digitally signed using RSA-2048 bit private keys
– When the image is loaded onto an ACI fabric device, the signed image must always be verified for its authenticity using hardware rooted Cisco Secure Boot
– Once the verification is complete “only then” the image can be loaded onto the device
- The ACI fabric system architecture completely isolates management vlan, infrastructure vlan and all tenant data-plane traffic from each other. (The Cisco APIC communicates in the infrastructure VLAN (in-band))
- The infrastructure VLAN traffic is fully isolated from all tenant (data-plane) traffic and management vlan traffic.
- All messaging on infrastructure vlan used for bring-up, image management, configuration, monitoring and operation are encrypted using TLS 1.2.
- After a device is fully authenticated, the network admin inspects and approves the device into the ACI fabric.
These are various layers of security built into ACI’s architecture to prevent rogue/tampered device access into the ACI fabric.
Please stay tuned for a blog posting by Praveen Jain (ACI Engineering VP) which will cover the APIC and Fabric security is more detail in coming weeks
Praveen Jain’s recent blogs:
New Innovations for L4-7 Network Services Integration with Cisco’s ACI Approach
Micro-segmentation: Enhancing Security and Operational Simplicity with Cisco ACI
Network Security Considerations
The Cisco Application Policy Infrastructure Controller
Tags: ACI Fabric, ACI Security, ACT2, APIC, Nexus 9000, RSA-2048 encryption
Security continues to be top of mind with our customers and frequently comes up with customers who are evaluating new architectures. I have been in the networking industry for over two decades involved in multi-billion dollar product lines like Catalyst 5K/6K, MDS-9000, Nexus-7K, UCS, and now with Application Centric Infrastructure (ACI). I don’t claim to be a security expert by any means, but have gained good insight into what’s important based on numerous conversations with customers over the years thereby allowing me to write about it with some degree of authority.
That said, security is a very broad topic and there are myriad products in the industry to deal with the various types of attacks that infrastructure and applications are exposed to today. For purposes of this blog, I will focus on the network security aspects and how they intersect with Cisco ACI.
Read More »
Tags: #CiscoACI, @CiscoSecurity
Two weeks ago, in my previous blog, I invited you to consider ways in which you could initiate a “Save to Invest” program for your data center. That is, how can you save money from your current data center spend, in order to re-invest it into currently un- or -under-funded areas of your data center. Thanks to those of you reading who made some comments on Part 1 – good points were raised!
Last time, I discussed my first 3 tips, as follows:
(1) Identify, Turn Off and Remove Idle Servers
(2) Identify Un-used Enterprise Software Applications: Reduce Your Software Costs
(3) Get Rid of Dead Weight – Execute a Server Refresh
Save Some Money for Your Data Center!
Let’s now discuss two additional savings, which in fact can in many cases result in even larger financial savings:
(4) Optimize your Software Licensing, and
(5) Avoid un-budgeted spend – Critical if you have an Unlimited License Agreement (ULA)
Read More »
Tags: application, application portfolio, application rationalization, architecture, asset utilization, Cisco UCS, cost saving, data center, data center modernization, data_center, license management, refresh, simplification, software asset management