Cisco Blogs

Cisco Blog > Inside Cisco IT

How We Migrate Hundreds of Applications to the New ACI Platform

I am in the trenches of our migration to an Application Centric Infrastructure (ACI) platform, helping my team transition hundreds of applications. Cisco IT has broken down the migration process into nine steps: Read More »

Tags: , , , , , ,

Criteria for SDN/NFV Vendor Selection – Heads Up on Cisco Live

Cisco Live US 2015 is just around the corner, and will start in San Diego on June 7th, running through Thursday 11th June.  I’m surprised and honoured to be one of the folks wearing a “Cisco Live Speaker” shirt, and I’m looking forward to sharing some of what I’ve been working on over the past year or two.

I’ll be basing a lot of my presentation off of as yet unpublished, independent market research, into the challenges of SDN and NFV adoption, some of which are illustrated in the diagram below.  The final copy of this brand new market research report landed on my desk just last weekend – May 23rd 2015.  Hot off the press, it was funded by Cisco but conducted completely independently by a leading market research company.  The intent of this report is to guide our SDN and NFV professional services strategy. Some of the insights, however, are too useful not to share with you!  Covering a global audience, with separate questionnaires for service provider and enterprise businesses, we had set out to increase our understanding of the latest challenges of adoption of SDN and NFV as appopriate in (enterprise) businesses, including public sector, and service provider markets.

Some of the Topics in my Cisco Live Presentation

Questions I Will Discuss In My Cisco Live Presentation


Read More »

Tags: , , , , , , , ,

Open Networking with Cisco ACI and Open NX-OS

Over the last couple of years, Data Centers have become a key focus on networking innovations, particularly around the broad area of Software Defined Networking (SDN).  At Cisco, for nearly one year, we have been shipping our new way to build a Data Center with our Application Centric Infrastructure (ACI) solution. ACI relies on the vision of using a policy based methodology to enable network switches, services, and hypervisors to establish network connectivity among each other.

At the Open Networking User Group (ONUG), a survey reports that 3% of the networks run by ONUG members are built on open networking whereas 71% are not open at all.  The assessment of any system being declared “open” is a subjective term.  At Cisco we have built a foundational infrastructure in ACI, that relies on open protocols and programming constructs such as APIs, in order to provide a solution where the network becomes ‘invisible’ to the end user, and the network devices and services modules, such as firewalls, load balancers, physical and, virtual switches are automatically configured based on the end user intent. Read More »

Tags: , , , ,

Don’t be Bewitched by the Switch – What You Need to Know when You Evaluate Solutions

It’s undeniable that the biggest convergence happening in the access layer is Wired/Wireless. Today, we’re no longer forced to treat wired and wireless any differently when it comes to network visibility and management. However, the unification of Wired/Wireless doesn’t come without its own challenges and complexity.

As we’ve seen with the latest switching announcement at Interop 2015, there is a lot of noise in the marketplace and customers and partners increasingly need to cut through this to achieve their IT goals and meet today’s increasing demands on the network and the demands of tomorrow.

Earlier this week, HP made false claims about our Catalyst 4500E switch. To help you out, here is what you need to know about Cisco switching and, specifically, our Catalyst 4500E switch:

  • As the world becomes increasingly more digital, there is an elevated need for a flexible and scalable network to address rapid shifts in technology use and its associated traffic. We’ve seen tremendous demand for our modular switches that supply the best flexibility for this change. In fact, Cisco has the industry’s most widely deployed modular access switches with a modular PoE port share that just reached an all time high of 81.5 percent.
  • To tackle the biggest convergence in the access layer, Catalyst 4500E supports built-in wireless controller capabilities and delivers common intelligent services across wired and wireless for security and policy, application visibility and control, network resiliency, smart operations, and more.
  • Cisco’s Catalyst Multigigabit (mGig) technology available across the access portfolio including the Catalyst 4500E can prepare customers’ access switches for the next wave in wireless, 802.11ac wave 2 by delivering speeds beyond 1 Gigabit on existing Category 5e cables. This technology also supports PoE, PoE+, and Cisco Universal PoE (UPOE) so you don’t need to install new electrical circuits to power your access points.
  • Cisco’s modular access switch portfolio offers backward compatibility with up to three generation of line-cards providing unmatched investment protection – 2x in terms of number of years over other vendors.
  • A key operational consideration for IT is to maximize uptime and provide seamless code upgrades. In Service software upgrades (ISSU) have been available on Cisco’s 4500E portfolio for almost a decade
  • The Catalyst 4500E has unmatched scale to meet the needs of a customer’s network and future proof for an influx of new devices – 25X route entries, 16X multicast entries & 42X Security/QoS entries when compared to other vendors.
  • As IoT trends upward, more “things” connect to the access network and it is key that the network is able to scale to meet these needs – Cisco offers 33 percent more scale in terms of POE+ ports and 50 percent more POE+ scale for redundant power deployments to connect more users, devices and things. Additionally, Cisco supports UPOE, which future-proofs our customers for upcoming applications requiring more than 30W/port.
  • Security is a top of mind for our customers and Cisco offers a complete end-to-end solution with support for MacSec, Cisco TrustSec, Identity Services Engine and Flexible Netflow, providing the best in class network encryption, segmentation and networking sensing solutions.
  • The Catalyst 4500E is designed for supporting rich media services with its superior multicast scale and design. Cisco Catalyst 4500 is designed to support hardware accelerated multicast with deep buffers. The Cisco Catalyst 4500E accommodates up to nine times larger data bursts, delivered to otherwise loaded output ports, without loss.
  • Cisco Catalyst 4500E supports a multitude of capabilities that support IT simplicity and smart operations. Examples: Simplified provisioning with Plug and Play, Simplified configuration of switches & interfaces with AutoConfiguration and Interface templates and faster troubleshooting with embedded wireshark, a world-class protocol analyzer.

Read More »

Tags: , , , , , , ,

ESG Survey of IT Security Professionals Provides Insight to Data Center Security Issues

Yesterday, I reported on Cisco’s new ACI security announcements and an overview of our secure data center strategy. Today, I wanted to share some interesting market insights that we pulled from a survey conducted by Enterprise Strategy Group (ESG) that Cisco commissioned, and that validates some key data center security trends and requirements that support our product strategy. Some of the key conclusions and data collected were shared in press coverage of the product announcement. The full survey results are here, and below are some summary graphics we prepared for our launch event.

Project Overview

Cisco commissioned the survey (conducted by ESG) to learn more about the challenges and issues IT professionals face when planning and implementing data center security.


  • The survey sampled 154 IT security professionals in North America responsible for network security requirements and operations. All respondent organizations had to be using physical firewalls (or virtual firewalls) and access control lists (ACLs).
  • Most respondents represented large midmarket organizations (defined as organizations with 500 to 999 employees) and enterprise organizations (organizations with 1,000 up to 10,000 employees). 71 percent operated from three up to 20 data centers worldwide.
  • The study included broad representation from industry verticals: financial, manufacturing, health care, government, retail and business services.
  • The survey was conducted in April 2015.

Top Survey Findings

The people problem:  Implementing network security controls is tedious and time-consuming.

  • 69 percent of organizations reported it takes from one man-hour up to four man-hours on average to convert a single new application network requirement into a network device or firewall configuration (before they even implement the new configuration, test it, etc.)
  • 74 percent say that it takes days or weeks to implement security device updates from request all the way through to production implementation. (See InstaGraphic below)

Solution: Just like SDN revolutionized the data center by automating network configuration changes, ACI is accelerating security changes by automating device updates and configuring how security services are inserted into application networks, helping to ensure greater accuracy and allowing IT to keep up with business requirements.

ACL changes days or weeks

Read More »

Tags: , ,