Over the last couple of years, Data Centers have become a key focus on networking innovations, particularly around the broad area of Software Defined Networking (SDN). At Cisco, for nearly one year, we have been shipping our new way to build a Data Center with our Application Centric Infrastructure (ACI) solution. ACI relies on the vision of using a policy based methodology to enable network switches, services, and hypervisors to establish network connectivity among each other.
At the Open Networking User Group (ONUG), a survey reports that 3% of the networks run by ONUG members are built on open networking whereas 71% are not open at all. The assessment of any system being declared “open” is a subjective term. At Cisco we have built a foundational infrastructure in ACI, that relies on open protocols and programming constructs such as APIs, in order to provide a solution where the network becomes ‘invisible’ to the end user, and the network devices and services modules, such as firewalls, load balancers, physical and, virtual switches are automatically configured based on the end user intent. Read More »
Tags: ACI, NX-OS, ONUG, Open Networking, virtual network overlay
It’s undeniable that the biggest convergence happening in the access layer is Wired/Wireless. Today, we’re no longer forced to treat wired and wireless any differently when it comes to network visibility and management. However, the unification of Wired/Wireless doesn’t come without its own challenges and complexity.
As we’ve seen with the latest switching announcement at Interop 2015, there is a lot of noise in the marketplace and customers and partners increasingly need to cut through this to achieve their IT goals and meet today’s increasing demands on the network and the demands of tomorrow.
Earlier this week, HP made false claims about our Catalyst 4500E switch. To help you out, here is what you need to know about Cisco switching and, specifically, our Catalyst 4500E switch:
- As the world becomes increasingly more digital, there is an elevated need for a flexible and scalable network to address rapid shifts in technology use and its associated traffic. We’ve seen tremendous demand for our modular switches that supply the best flexibility for this change. In fact, Cisco has the industry’s most widely deployed modular access switches with a modular PoE port share that just reached an all time high of 81.5 percent.
- To tackle the biggest convergence in the access layer, Catalyst 4500E supports built-in wireless controller capabilities and delivers common intelligent services across wired and wireless for security and policy, application visibility and control, network resiliency, smart operations, and more.
- Cisco’s Catalyst Multigigabit (mGig) technology available across the access portfolio including the Catalyst 4500E can prepare customers’ access switches for the next wave in wireless, 802.11ac wave 2 by delivering speeds beyond 1 Gigabit on existing Category 5e cables. This technology also supports PoE, PoE+, and Cisco Universal PoE (UPOE) so you don’t need to install new electrical circuits to power your access points.
- Cisco’s modular access switch portfolio offers backward compatibility with up to three generation of line-cards providing unmatched investment protection – 2x in terms of number of years over other vendors.
- A key operational consideration for IT is to maximize uptime and provide seamless code upgrades. In Service software upgrades (ISSU) have been available on Cisco’s 4500E portfolio for almost a decade
- The Catalyst 4500E has unmatched scale to meet the needs of a customer’s network and future proof for an influx of new devices – 25X route entries, 16X multicast entries & 42X Security/QoS entries when compared to other vendors.
- As IoT trends upward, more “things” connect to the access network and it is key that the network is able to scale to meet these needs – Cisco offers 33 percent more scale in terms of POE+ ports and 50 percent more POE+ scale for redundant power deployments to connect more users, devices and things. Additionally, Cisco supports UPOE, which future-proofs our customers for upcoming applications requiring more than 30W/port.
- Security is a top of mind for our customers and Cisco offers a complete end-to-end solution with support for MacSec, Cisco TrustSec, Identity Services Engine and Flexible Netflow, providing the best in class network encryption, segmentation and networking sensing solutions.
- The Catalyst 4500E is designed for supporting rich media services with its superior multicast scale and design. Cisco Catalyst 4500 is designed to support hardware accelerated multicast with deep buffers. The Cisco Catalyst 4500E accommodates up to nine times larger data bursts, delivered to otherwise loaded output ports, without loss.
- Cisco Catalyst 4500E supports a multitude of capabilities that support IT simplicity and smart operations. Examples: Simplified provisioning with Plug and Play, Simplified configuration of switches & interfaces with AutoConfiguration and Interface templates and faster troubleshooting with embedded wireshark, a world-class protocol analyzer.
Read More »
Tags: ACI, APIC, Catalyst 4500E, mGig, multigigabit, PoE+, SDN, switching
Yesterday, I reported on Cisco’s new ACI security announcements and an overview of our secure data center strategy. Today, I wanted to share some interesting market insights that we pulled from a survey conducted by Enterprise Strategy Group (ESG) that Cisco commissioned, and that validates some key data center security trends and requirements that support our product strategy. Some of the key conclusions and data collected were shared in press coverage of the product announcement. The full survey results are here, and below are some summary graphics we prepared for our launch event.
Cisco commissioned the survey (conducted by ESG) to learn more about the challenges and issues IT professionals face when planning and implementing data center security.
- The survey sampled 154 IT security professionals in North America responsible for network security requirements and operations. All respondent organizations had to be using physical firewalls (or virtual firewalls) and access control lists (ACLs).
- Most respondents represented large midmarket organizations (defined as organizations with 500 to 999 employees) and enterprise organizations (organizations with 1,000 up to 10,000 employees). 71 percent operated from three up to 20 data centers worldwide.
- The study included broad representation from industry verticals: financial, manufacturing, health care, government, retail and business services.
- The survey was conducted in April 2015.
Top Survey Findings
The people problem: Implementing network security controls is tedious and time-consuming.
- 69 percent of organizations reported it takes from one man-hour up to four man-hours on average to convert a single new application network requirement into a network device or firewall configuration (before they even implement the new configuration, test it, etc.)
- 74 percent say that it takes days or weeks to implement security device updates from request all the way through to production implementation. (See InstaGraphic below)
Solution: Just like SDN revolutionized the data center by automating network configuration changes, ACI is accelerating security changes by automating device updates and configuring how security services are inserted into application networks, helping to ensure greater accuracy and allowing IT to keep up with business requirements.
Read More »
Tags: ACI, FirePOWER, security
Springtime is a heavy tech show season. This week in Las Vegas, we won Best of Interop in the SDN category with the APIC. Next week we are headed to Chicago to talk about the APIC and ACI at Microsoft’s largest and most comprehensive technology event, Microsoft Ignite. As data center customers look to Microsoft’s Cloud Platform with Windows Server 2012 with HyperV, System Center Virtual Machine Manager, and Windows Azure Pack; they will be modernizing their infrastructure, looking for scaled performance, fast deployment, efficient networking, and extended manageability. UCS and ACI deliver a powerful solution to achieve these objectives. To share our networking perspectives on this, Shashi Kiran and I will be there to deliver a new business and technical session entitled:
Microsoft Cloud Meets Cisco’s ACI on Tuesday May 5 from 1:30PM to 2:45PM in S105A, McCormick Place Convention Center, Chicago, IL
Technology must enable a new process model for speeding up workflows across siloed organizations within the IT function. This session will introduce Cisco’s Application Centric Infrastructure and its tight integration into Microsoft Azure clouds. We’ll show how you can deliver new tenant services while transforming your IT organization and workflows with a common policy model, centralized control, and simplified operational visibility across your data center. We’ll demonstrate how your applications, network and security teams can leverage a new operational model to generate compelling business outcomes for your enterprise.
This infographic provides a little preview on what we’ll share.
Read More »
Tags: #CiscoACI, ACI, Microsoft, Microsoft SCVMM, MSIgnite, Windows Azure Pack (WAP), WS2012R2
We’ve been talking for a while about Cisco ACI’s leadership in SDN security features (like here), and in the design of our fine-grained security policy enforcement between individual workloads, sometimes called microsegmentation. Today, here at Interop, Las Vegas, Cisco is reaffirming its thought leadership in data center security and SDN automation with a couple of announcements, including the integration of Cisco FirePOWER next generation intrusion prevention system (NGIPS) into the ACI security framework. In other news, another ACI ecosystem security partner was announced last week at the RSA Security Conference: Fortinet, who will be integrating their Fortigate firewall platform with ACI.
The Cisco ACI + FirePOWER solution enables real-time detection, mitigation and remediation for advanced security threats inside the data center by combining granular application visibility and control, threat detection, advanced malware protection (AMP) capabilities of FirePOWER NGIPS with ACI microsegmentation, advanced security service insertion, and L4-7 policy automation. To quickly summarize how this all comes together and a sample use case for ACI security, we created the following video:
Available in June, 2015, new ACI advanced security works to protect data centers before, during, and after attacks, dynamically detecting threats and automating incident responses. The Cisco FirePOWER family of security appliances consists of industry-leading NGFW, NGIPS appliances offering best-in-class threat effectiveness, superior visibility and global threat intelligence.
FirePOWER + ACI = Automated Security with Advanced Protection Across Attack Continuum for Physical and Virtual
Read More »
Tags: ACI, Advanced Malware Protection, FirePOWER, Fortinet, interop, pci, security