Cisco Blogs


Cisco Blog > Data Center and Cloud

Pros and Cons: Do-It-Yourself Approaches to Monitoring Shadow IT & Cloud Services

Shadow IT is estimated to be 20-40 percent beyond the traditional IT budget. The ease by which organizations can purchase apps and services from cloud service providers (CSP) contributes significantly to this spending. This is an eye-catching number worthy of investigation—not only to identify and reduce costs, but to discover business risks. So, it is no surprise that CIOs and CFOs have started projects to identify and monitor unknown CSPs.

I often get questions from customers asking if it is possible for IT to monitor cloud service usage and discover shadow IT using existing technologies, and what the pros and cons would be.

The first CSP monitoring approach I am asked about is the use of secure web gateways. A gateway captures and categorizes incoming web traffic and blocks malicious malware. The benefit of this approach is that the gateways are typically already in place. However, there are several limitations in relying exclusively on this approach. Gateways cannot differentiate between a traditional website and a CSP which might be housing business data. They also have no way of discerning whether a given CSP poses a compliance or business risk. Most importantly, to use gateways to track CSPs, IT would need to create and maintain a database of thousands of CSPs, and create a risk profile for each CSP in order to truly understand the specific service being consumed.

The second approach I get asked about is whether organizations can use NetFlow traffic to monitor CSPs. Many customers feel that they can build scripts in a short amount of time to capture usage. Simply answered, yes this can be done. But organizations would face a similar challenge as if they were using web gateways. To capture CSP traffic using NetFlow, IT would need to develop scripts to capture every CSP (numbering in the tens of thousands). Then identify how each CSP is being used, the risk profile of the CSP to an organization, and how much the CSP costs to project overall spend. This is just the beginning. An IT department would then need to build reporting capabilities to access the information as well as continually maintain the database; and apply resources to this undertaking on a monthly basis to ensure the database was current.

The good news, Cisco has done this work for our customers! We have developed Cloud Consumption Services to help organizations identify and reduce shadow IT. Using collection tools in the network, we can discover what cloud services are being used by employees across an entire organization. Cloud Consumption includes a rich database of CSPs and can help customers identify the risk profile of each CSP being accessed, and identify an organization’s overall cloud spend.

Cisco has helped many IT organizations discover their shadow IT. For example, we worked with a large public sector customer in North America who was struggling to embrace the cloud, but were concerned about business risks. Employees were pushing for cloud services to improve productivity when 90% of Internet traffic was blocked by the organization’s policy. Despite these restrictions, 220 cloud providers were being used already and less than 1% were authorized by IT. Leveraging Cloud Consumption Services, the customer was not only able to manage risk, but also authorize future cloud services based on employee needs in a controlled manner.

It is a good practice for every IT organization to understand how employees are using cloud services and monitor usage on an on-going basis. I encourage our customers to determine which approach would work best for their organization; otherwise they may face unknown business risks and costs.

To learn more about avoiding the pitfalls of shadow IT and how you manage cloud services, please register to attend an upcoming webinar on Dec 11, 2014 at 9:00 a.m. PT.

 

Tags: , , , , , , , , ,

Part 2 – SDN Questions to Ask at the Gartner Data Center Conference

December 2, 2014 at 1:34 pm PST
The London Eye

The London Eye

As I mentioned in yesterday’s blog, last week I attended the Gartner Data Center Conference in London.   I came out of the conference with some questions I asked and some questions I wish I had asked! So if you are attending the Gartner Data Center Conference in Las Vegas, USA, this week, here are some suggested questions you can ask in the SDN-related seminars!  And if you are not at the conference, don’t worry -- feel free to ask these questions of your candidate SDN vendors (including Cisco!)

Today I’ll cover :

(4)    If OpenStack is part of your SDN/NFV solution, can you help us on OpenStack?

(5)    What is the best hardware server platform for NFV/virtualised workloads?

I’ll leave question (6) on SDN and management until tomorrow -- I feel a rant coming on and I’ll need more space :-)  Again, for questions (1) -- (3), please refer to my part 1 blog.

Read More »

Tags: , , , , ,

Take One small step with the ACI Simulator, Make a giant leap in ACI Fabric deployments

Cisco ACI is gaining momentum and mindshare in the industry as testified by the 160 plus licensees for the Application Policy Infrastructure Controller (APIC), and 900 plus customers for the Nexus 9k platform.  All of this in less than three months since going live in August 2014.  Riding on that wave of success, we are pleased to announce the Cisco ACI Simulator, a physical appliance that provides a simulated Cisco ACI environment. The appliance is a full-featured Cisco APIC controller software along with a simulated fabric infrastructure of leaf switches and spine switches in one physical server.

If you wondered how it is going to help you, think of it as a self-contained environment with Cisco APIC instances with real production software. You can use it to quickly understand ACI features, exercise APIs, and initiate integration with third-party orchestration systems and applications. The ACI simulator will also allow you to use the native command line CLI and GUI via APIs that are available for third-parties.  If you are a developer or Cisco partner, this is an ideal way to develop and test your solution.  If you are a customer, you can use this in your test lab to create profiles for your enterprise apps with your actual application delivery controllers and security devices.  This belongs in any well-architected DevOps environment.

Topology of the simulator

The Cisco ACI Simulator enables you to simulate the Cisco ACI fabric, including the Cisco Nexus 9000 Series Switches supported in a leaf-and-spine topology, to take full advantage of an automated, policy-based, systems management approach. Specifically, the ACI simulator environment comprises 2 ACI spines, 2 ACI leafs, and 3 APIC controllers.

acisimulator

The Cisco ACI Simulator includes simulated switches, so you cannot validate the data path. However, some of the simulated switch ports are mapped to the front-panel server ports which allows you to connect external management entities such as VMware ESX servers, VMware vCenter, VMware vShield, and bare-metal servers; Layer 4 through 7 services; authentication, authorization, and accounting (AAA) systems; and other physical and virtual service appliances. In addition, the Cisco ACI Simulator allows simulation of faults and alerts to facilitate testing and demonstrate features.

Benefits/features

The ACI simulator provides a variety of features and benefits, key ones summarized in the table below.

Fabric Management Topology view, Fabric discovery
Creation of network constructs Build a tenant,  private layer 3 network, bridged   domain
Specify Cisco ACI policy constructs Create Filters, Contracts
Application deployment create Application Network Profiles, End-point groups
Virtualization Integration VMware ESXi, vCenter, vshield
L4-L7 services integration Cisco ASA/ASAv, Citrix NetScaler and F5 BIG-IP
Monitoring and troubleshooting View faults, events, managed objects etc through GUI
Programmability with Northbound API clients Python, REST APIS with JSON & XML bindings,   PowerShell etc

 

Additionally,  please refer to the Cisco ACI compatibility matrix for a full list of supported capabilities and the Datasheet for detailed specifications. In closing, I want to bring to your attention to the general availability of APIC release 1.0(2i) and Cisco NX-OS release 11.0(2i) for Cisco Nexus 9000 Series ACI-Mode Switches. This release delivers new hardware and software capabilities that will further the customer momentum we are seeing with ACI.

For more information, visit

www.cisco.com/go/aci

ACI simulator

https://blogs.cisco.com/datacenter

Tags: , , , , ,

Check the Latest Cisco UCS Solutions– Visit the Cisco Data Center Booth at Gartner DC

Cisco is a Premier sponsor at the Gartner Data Center, Infrastructure & Operations Management Conference on December 2-5, 2014 at The Venetian Hotel in Las Vegas, NV. The show is designed for customers to evaluate vendors, have internal leadership meetings, and make architectural decisions. Our experts will demonstrate how Cisco Data Center Solutions based on a radically simplified, fabric-centric architecture packed with innovations can support a wide range of workloads and IT operating models and provide customers the foundation to succeed in the 21st century.

The best way to quickly learn about latest Cisco UCS innovations and solutions is by seeing them “LIVE IN ACTION”. Come to the Cisco Data Center boothto leverage the Cisco UCS demos, and related activities at Gartner DC

  • Learn more about Cisco UCS Solutions: Visit the Cisco Data Center booth to interact with peers, Cisco executives, and Cisco partners.
  • Ask Our Experts: Cisco UCS experts will be available to answer your questions and provide interactive live demonstrations of Cisco UCS solutions.

Contact your customers, and let them know to visit the Cisco booth to leverage the following activities:

Cisco Speaking Sessions:

  • How Hybrid Cloud is Redefining Business and IT Rahul Tripathi, Senior Director of Product Management and Marketing, Cisco Date: Tuesday, December 2, 2015, 3:15-4:00 p.m.
  • Driving Business Outcomes with Cisco Data Center Innovations Satinder Sethi, Vice President, Data Center Solutions Engineering & UCS Product Management, Cisco Thursday, December 4, 2014, 11:30 a.m.-12:00 p.m.
  • Policy-Based Automation with Cisco ACI, the Most Complete SDN Solution Available Jacob Jensen, Senior Director, Product Management, Cisco Thursday, December 4, 2014, 3:00 p.m.-3:30 p.m.
  • Todd Brannon, Director, UCS Product Management, will be hosting Cisco’s Vendor Roundtable focusing on The Role of Cloud and IT Service Brokering in the “World of Many Clouds on Wednesday, December 3, 2014, 11:15 a.m.-12:00 p.m.

Customer Engagement

  • Private meeting area for Customer 1:1 Meetings
  • An evening networking reception at our booth

Analyst and Investor Engagement

  • Analyst 1:1 meetings

Cisco Booth and Branding Visibility

  • Industry focused demos that will showcase Cisco UCS, ACI, Hybrid Clouds, and Data Center Orchestration with OpenStack

This is an amazing opportunity for your customers and partners to hear about the latest developments and to meet with Cisco experts.
I will be at the Cisco Data Center booth throughout Gartner DC event. Please stop by to ask questions, and to get a live Cisco UCS solution demonstration.

Enjoy the show!

Is IT Automation the Key to Operational Excellence? Industry Analysts Think So

Businesses move quickly until they have to cross rough roads paved with technical challenges. That’s because even though data centers are sophisticated, the components that support most businesses still include far too many 20th century manual processes, silo based resources and administrators pressured to keep up.

Although automation can speed up IT, and your business,  many companies are wrestling with it. Please watch this video from Cisco and Forrester to understand why organizations are struggling with automation – see if it sounds familiar (I bet it will).

After you watch it, if you want send me a brief email about your experience with these issues. Read More »

Tags: , , , , , , , ,