Are you looking for a reasonably priced, yet powerful, flexible SAN solution?
Cisco MDS 9148S Multilayer Fabric Switch, a new 16G Fibre Channel SAN solution for small to medium businesses. This switch is powerful and flexible, with up to 48 autosensing line-rate 16G Fibre Channel ports and comprehensive enterprise-class features in a compact one–rack unit form factor. Plus, with an affordable price, the Cisco MDS 9148S brings the power of 16G Fibre Channel to a new level of value.
Join our next webcast(8-Oct-2014 08:00 AM PST) and learn more about the technical capabilities, design considerations, and best practices of implementing small SANs. You will also learn how to grow your SAN transparently. See use cases, including designing small fabric, core-edge design, and migrating from 8G to 16G.
Watch this video as our experts demonstrate plug-and-play features and simple setup of MDS Fabric Switches with Device Manager
That is the approximate number of cloud services that Ken Hankoff, Manager of Cisco IT Risk Management’s Cloud and Application Service Provider Remediation (CASPR) Program believes Cisco’s 70,000 employees use. For the last 14 years, this program has assessed and remediated risks associated with using a cloud-hosted service.
An assessment process for new cloud services is a vital step toward reducing the risk of using externally hosted services. Many customers I speak with struggle to rapidly assess cloud services and integrate them into their IT organization. As part of my blog series on governing cloud service adoption, I asked Ken to share some of his ‘lessons learned’ in assessing the risks of cloud services and bringing them into Cisco IT’s fold.
How do you ensure that teams wanting to use new cloud services work with your team?
Our team is not in the business of sourcing cloud vendors. That responsibility lies with the individual business units and their architecture teams who are seeking to use the service, often in partnership with IT. Once a vendor is selected, there are two primary ways in which my team gets engaged. First, through the Global Contracts team as they have made Cloud Service Provider assessment a part of the contracting process, and second when a new service is being integrated within IT.
How do you evaluate whether a new cloud service is risky to the business?
We look at seven risk factors to create a formula for risk—business criticality, financial viability, security, resiliency, architectural alignment, regulatory compliance, and assessment status.
We establish the business criticality of the service to determine how Cisco would be impacted or disrupted in the event the capability provided by the vendor would go away, and whether we could react or compensate.
We then look at the financial viability of the vendor to give us comfort that they will remain in business. To evaluate vendors we leverage Dunn & Bradstreet’s Predictive Scores & Ratings. We rely heavily on Cisco’s Information Security (InfoSec) organization to provide us with a Security Composite Risk score. Depending on the parameters of the cloud provider engagement, InfoSec will look at the vendor’s application development process, infrastructure, data handling security, system-to-system interoperability, and other areas. For resiliency we focus on how they meet our standards around business continuity and disaster recovery to ensure that our business data will be there when needed, regardless of what happens.
We also need to ensure that we stay compliant with regulations. A vendor that has to comply with HIPAA, SOX, or other regulatory/privacy requirements poses a higher risk than one that doesn’t. For this reason, we look into whether regulatory compliance is a factor, and if so, that it is addressed appropriately.
Finally, we also assess if the vendor aligns to the broader architecture that Cisco IT is investing in to support the business. Vendors are deemed higher investment risk if they do not align to the business and operational roadmap that Cisco is pursuing.
We re-asses vendors on a periodic basis according to their overall risk score. If a service is overdue for a reassessment, that in itself increases the risk of doing business with the provider, so we factor it in.
In your opinion, what are the three most important things to manage the business risks of cloud services?
First, I would suggest establishing ownership and governance of cloud services via a centralized PMO at enterprise level, not just within IT. This ownership needs to go beyond just assessing vendors for security risk, and focus on establishing company-wide policies for overseeing cloud services at the enterprise level.
Second, provide visibility into existing services and how they are being used. This helps enable a catalog of assessed and approved vendors for people to access. If you can have fewer vendors being used, you can reduce your risk.
Third, continually monitor services across the board to know what risks we might be facing, and ensure that the service providers are meeting their SLAs. Additionally, this helps to ensure that investments aren’t being wasted. There is a natural CSP application lifecycle – selection, implementation, adoption, and eventually that service usage might decline and you may end up supporting something that has very few users if you don’t have a lifecycle approach to phasing out services.
What is your biggest lesson learned in assessing new cloud services?
I wish the program had collected more metrics earlier. What we are finding is that there are a significant number of services being contracted all over the company. By collecting really good metrics we might have been more effective in showing executives what services are being used, who is using them, and how. We are making good progress on this now, but I wish we started earlier.
How are you monitoring cloud services and gathering this intelligence?
Our professional service team has helped us a great deal. With the Cisco Cloud Consumption Services, we have begun to capture an enterprise view of what cloud services are being used, by whom and have a great dashboard of metrics we can now use to inform Cisco executives. I never imagined before we were using the software that we had nearly 2,000 cloud services in use, but with Cisco Cloud Consumption we now know and can monitor activity.
In our previous big data blogs, a number of my Cisco associates have talked about the right infrastructure, the right sizing, the right integrated infrastructure management and the right provisioning and orchestration for your clusters. But, to gain the benefits of pervasive use of big data, you’ll need to accelerate your big data deployments and make a seamless pivot of your “back of the data center” science experiment into the standard data center operational processes to speed delivery of the value of these new analytics workloads.
If you are using a “free” (hint: nothing’s free), or open source workload scheduler, or even a solution that can manage day-to-day batch jobs, you may run into problems right off the bat. Limitations may come in the form of dependency management, calendaring, error recovery, role-based access control and SLA management.
And really, this is just the start of your needs for full-scale, enterprise-grade workload automation for Big Data environments! As the number of your mission-critical big data workloads increases, predictable execution and performance will become essential.
Lucky for you Cisco has exactly what you need! Read More »
Today’s blog post is by a guest author, Adel du Toit, who is currently spearheading the effort by Cisco’s internal IT organization to deliver IT-as-a-Service internally, dubbed the Cisco IT “eStore.” Recently, the eStore team took home multiple awards, you can read more about that here. (If you’re not familiar with the eStore, be sure to check out my other blog posts regarding the eStore here and here.)
Over the last few months I had to take a few steps back and admire the passion and dedication of the team as our Vision is starting to become a reality. For those less familiar with the Cisco IT eStore, have a look at the latest customer case study here. You can also check out the demo video below:
In the last few months the eStore team has delivered IT services, to any device, simply, while achieving broad adoption while showcasing Cisco as the #1 IT Company thanks to Cisco Prime Service Catalog, which is the underlying foundation for our end-user storefront interface.
Delivered IT services:
We have 2 ways of delivering IT services and apps. In estore.cisco.com employees can find the IT services that one needs to order from a desktop or laptop computer. As for mobile devices, employees can go to eStore for Mobile to install the apps he or she needs to stay productive whilst on the go.
Today we have nearly 290 IT services and mobile apps that our users can choose from:
To Any Device:
It is important to embrace BYOD and at Cisco we live this every day. It was important that the store we created could be used by any device.
Below is a breakdown of the device types that have accessed both eStore over the last 6 months.
User experience is important to us and we wanted to make sure that the store provides a similar experience to what you would expect when shopping at Amazon or eBay, for example.
In both our mobile and web interface we have the ability to surface the apps and services most needed by our end users:
The Cisco IT eStore (Desktop Version)
The Cisco IT eStore (on iOS mobile)
Adding spotlight content and recommendations is important to help with findability and user experience. This was made possible by the latest release of Cisco Prime Service Catalog, which introduced a next-generation user interface and powers the storefront that the eStore is built on. Be sure to check out Phillipe’s post on the latest release here.
Achieving broad adoption…
One of the most recently added features in the internal Cisco IT eStore has been the addition of desktop software for employees to download. Going forward, we expect to see around 20k unique visitors a month ordering Desktop Software from eStore. For the first time we will have a single, unified platform for both Mac and Windows users to install their software from.
In addition, during our Global Sales Conference (GSX) in Las Vegas in late August we had the requirements to support 18,000 Sales users downloading the recommended mobile apps during the event. We had to be ready to surface the apps, but also support 18k users downloading the event app in a 15 minute period!
Lots of long hours and planning later, we made sure that all of this happened seamlessly, here are a few statistics from the event:
- 89% of the GSX attendees installed eStore for Mobile
- During the event we had 5.4k average visits a day
- 81% of the attendees installed the GSX event app from the store
- 49% of the attendees also installed other apps in addition to downloading the event app
- Very few support issues (less than 40 total!)
- Our max CPU stayed below 12%
- With an average load response time of 1.7 secs
If we take a step back and also look at our overall adoption for Q4, FY14 the numbers look very healthy. Nearly 50k requisitions in the 3 months period from May to July 2014.
…While showcasing Cisco as the #1 IT Company
The Cisco eStore team is no stranger to awards, and we continue to add our trophy cabinet with our latest award, the Gold Stevie Winner for Information Technology Team of the Year. For more information on the latest awards, be sure to check out this blog post detailing all of the awards we won this year at the International Business Awards.
Want to learn more? We have a webinar coming up on October 8th at 8 am PDT where we will discuss best practices for delivering Enterprise IT-as-a-Service, and delve deeper into the latest developments in both the Cisco IT eStore and Cisco Prime Service Catalog. You can register here.
Thanks for reading. For more info be sure to follow us on Twitter @CiscoIT to learn more about the Cisco IT eStore, and follow @CiscoUM for the latest info on Prime Service Catalog.
The next stable OpenStack release codenamed “Juno” is slated to be released October 16, 2014. From improving live upgrades in Nova to enabling easier migration from Nova Network to Neutron, the OpenStack Juno release will address operational challenges in addition to providing many new features and enhancements across all projects.
As indicated in the latest Stackalytics contributor statistics, Cisco has contributed to seven different OpenStack projects including Neutron, Cinder, Nova, Horizon and Ceilometer as part of the Juno development cycle. This is up from five projects in the Icehouse release. Cisco also ranks first in the number of completed blueprints in Neutron as well.
In this blog post, I’ll focus on Neutron contributions, which are the major share of contributions in Juno from Cisco.
Cisco OpenStack team lead Neutron Community Contributions
An important blueprint that Cisco collaborated on and implemented with the community was to develop the Router Advertisement Daemon (radvd) for IPv6. With this support, multiple IPv6 configuration modes including SLAAC and DHCPv6 (both Stateful and Stateless modes) are now possible in Neutron. The implementation provides for running a radvd process in the router namespace for handling IPv6 auto address configuration.
To support the distributed routing model introduced by Distributed Virtual Router (DVR), this Firewall as a Service (FWaaS) blueprint implementation handles firewalling North–South traffic with DVR. The fix ensures that firewall rules are installed in the appropriate namespaces across the Network and Compute nodes to support perimeter firewall (North-South). However, firewalling East-West traffic with DVR will be handled in the next development cycle as a Distributed Firewall use case.
Additional capabilities in the ML2 and services framework were contributed for enabling better plugin and vendor driver integration. This included the following blueprint implementations -
Vendor validation for service drivers improvements to proactively detect validation failure prior to persistence of service resources and provide a clear indication of failure to the user.
Idempotent database migration between Neutron deployments enabling upgrades/downgrades incase of different core and service plugins configuration.
Cisco device specific contributions in Neutron
Cisco added Application Policy Infrastructure Controller (APIC) ML2 MD and Layer 3 Service Plugin in the Juno development cycle. The ML2 APIC MD translates Neutron API calls into APIC data model specific requests and achieves tenant Layer 2 isolation through End-Point-Groups (EPG).
The APIC MD supports dynamic topology discovery using LLDP, reducing the configuration burden in Neutron for APIC MD and also ensures data is in-sync between Neutron and APIC. Additionally, the Layer 3 APIC service plugin enables configuration of internal and external subnet gateways on routers using Contracts to enable communication between EPGs as well as provide external connectivity. The APIC ML2 MD and Service Plugin have also been made available with OpenStack IceHouse release. Installation and Operation Guide for the driver and plugin is available here.
Enterprise-class virtual networking solution using Cisco Nexus1000v is enabled in OpenStack with its own core plugin. In addition to providing host based overlays using VxLAN (in both unicast and multi-cast mode), it provides Network and Policy Profile extensions for virtual machine policy provisioning.
The Nexus 1000v plugin added support for accepting REST API responses in JSON format from Virtual Supervisor Module (VSM) as well as control for enabling Policy Profile visibility across tenants. More information on features and how it integrates with OpenStack is provided here.
As an alternative to the default Layer 3 service implementations in Neutron, a Cisco router service plugin is now available that delivers Layer 3 services using the Cisco Cloud Services Router(CSR) 1000v.
The Cisco Router Service Plugin introduces a notion of “hosting device” to bind a Neutron router to a device that implements the router configuration. This allows the flexibility to add virtual as well as physical devices seamlessly into the framework for configuring services. Additionally, a Layer 3+ “configuration agent” is available upstream as well that interacts with the service plugin and is responsible for configuring the device for routing and advanced services. The configuration agent is multi-service capable, supports configuration of hardware or software based L3 service devices via device drivers and also provides device health monitoring statistics.
The VPN as a Service (VPNaaS) driver using the CSR1000v has been available since the Icehouse release, as a proof-of-concept implementation. The Juno release enhances the CSR1000v VPN driver such that it can be used in a more dynamic, semi-automated manner to establish IPSec site-to-site connections, and paves the way for a fully integrated and dynamic implementation with the Layer 3 router plugin planned for the Kilo development cycle.
The OpenStack team at Cisco has led, implemented and successfully merged upstream numerous blueprints for the Neutron Juno release. Clearly, some have been critical for the community and others enable customers to better integrate Cisco networking solutions with OpenStack Networking.
Stay tuned for more information on other project contributions in Juno and on Cisco lead sessions at the Kilo Summit in Paris !