Cisco Blogs


Cisco Blog > Perspectives

Is Your Network Cloud Ready?

Is your network cloud ready? We at NetCraftsmen, a Cisco Gold Partner, are hearing this question more often. Let’s discuss how to tell if your network is cloud ready, and how to get there if you’re not. Even if your organization already has a public cloud presence, I hope you’ll find some ideas in the following material.

Is Your Network Cloud Ready

Why Cloud?

Good question! Some businesses view public cloud services as a hassle or security issue waiting to happen. Still, there are a number of good business reasons for using the cloud:

  • Get top tier datacenter facilities, security, and practices faster and cheaper than doing it in-house
  • Owning and operating a datacenter is not a core skill for your company
  • Inexpensive and rapid software / service development environment
  • Develop cloud-based highly scalable applications
  • Rapid deployment of additional servers or platforms
  • Rapid scaling up of compute or storage capacity to handle massive amounts of data or customer interactions
  • Enable competing in the Internet of Things / Internet of Everything
  • Have a Disaster Recovery site or “availability zones” without setting up a second datacenter, or by cloning cloud resources

It’s also true that there are legitimate concerns about public cloud.

Yes, a transition to public cloud requires some new skills, some network re-design, and some new legal and security considerations. Why not start mastering the skills and reducing the barriers now?

Infrastructure

What do you need to do to your current infrastructure to be ready to implement a cloud solution?

One big design factor is WAN transport. Many organizations use MPLS, perhaps dual-provider MPLS or MPLS with DMVPN backup, as their WAN connection between sites. Data and servers are mostly now located in a few datacenters, although organizations like banks with many sites using slow WAN links due to cost may still leave directory, print, and file services in branches. And there are other exceptions.

That works fine with private datacenters and private cloud.

With public cloud, the WAN transport may change. If you love MPLS, you may be able to find an MPLS provider who can connect directly to the cloud provider. That would, for a fee, provide private access to your cloud server instances. The common alternative is to instead use the Internet or IPsec VPN for access.

This relates to how your users currently access the Internet. If your users use the MPLS WAN to reach a designated datacenter, then pass through a robust security edge to the Internet, you are doing centralized Internet. That is efficient in terms of edge security controls and devices to acquire and manage. It is inefficient in that you are backhauling remote site traffic to the main site, meaning you require a bigger WAN pipe and a bigger Internet pipe. For public cloud, that extra hop adds latency.

Decentralized Internet is where each remote site has local Internet access. With decentralized Internet, your users either use distributed security / anti-malware devices, or cloud-based anti-malware (DLP, web site control, etc.) services.

There’s more than one right answer here. Having local Internet is becoming increasingly popular. Cisco has recognized this with the whole IWAN set of features. See also:

Local Internet can be leveraged for DMVPN as backup to an MPLS WAN. And with the Cisco CSR virtual router, you can put one or more virtual ASR1K (CSR) routers into the cloud to act as DMVPN hubs. Amazon even makes that easy for you to try: Amazon CSR (Nearly) Free Trial.

Using the CSR in the cloud also keeps WAN access to the public cloud under your control, rather than requiring change request interaction with the cloud provider. Cisco IWAN also can be an enabler for using dual ISPs at all remote sites above a certain size.

Another thing you can do for your infrastructure is to create documented standard site designs (e.g. small, medium, large, datacenter). That will cut your support costs, reduce the mean time to repair when something goes awry, prepare you for automation (that’s my excuse to mention SDN here), and simplify pilot trials and planning to use the cloud. One-off per-site customized designs are out; standardized re-usable designs are in.

While you’re at it, consider following Cisco Validated Designs (CVDs), and other identified Best Practices, always a good idea. That way, you’re more likely to align with new designs as technology evolves.

A final consideration is to not only have solid virtualization in place, with matching staff skills, but to work with technologies that facilitate moving Virtual Machines between data centers. Data Center Interconnect can play a role in this. Cisco InterCloud might also be of interest.

A Word about Private Cloud

Private cloud can be a start on public cloud, without the same level of security concerns – a good first step.

Consider, however, that if all you are doing is standing up some racks of servers, network, and storage, you really are not going very far down the cloud path. Public cloud providers operate with a web front end for ordering and deploying services. Automated management and other services to keep things running and highly available, and years of learning curve have resulted in established and documented process and procedures to minimize downtime. Do you want to re-invent that, or would it be better to leverage all that external expertise for your business? If you do want to automate your private cloud, you might take a look at Cisco Intelligent Automation for Cloud.

Cloud providers with huge datacenters have huge economies of scale as well: power, cooling, purchases, staff headcount per server, R&D resulting in automation, etc. They can and must shave pennies of cost per server to stay competitive. Most corporations and governmental entities cannot do that in-house. For some, private cloud will have to be the destination. To leverage the cloud provider cost structures, hybrid and public cloud needs to be the destination.

What Goes Into the Cloud?

There are at least two big things to think about as to what to put into the cloud:

  • Latency
  • Security

Latency needs to be considered. If you are used to operating with users near the datacenter, then depending on where your cloud provider’s instantiation of your servers actually is, you might end up with considerably more latency.

For example, if your company operates around Washington, D.C., with datacenter in Reston, suddenly shifting your datacenter or key apps to Texas or California is not a no-brainer. Such a move could result in an application becoming slow or unusable. That is because higher latency reveals sloppy coding, application constraints, file system issues, and in general application heavy ping-pong network behaviors.

Preparing for this might involve testing applications using a latency and error injecting tool in the development lab, or testing with Virtual Machine instances running components of the application in a remote cloud location.

A related approach is to “put the pod into the cloud.” By that, I mean that delivering an application or service these days generally requires a bunch of cooperating servers. If you put some but not all of them into the cloud (think “far away”), ugly things may come out of the woodwork. Separating apps from their database front end is generally going to lead to S.L.O.W. (Serious Latency, Outcome = Waiting). Some application architectural thinking is required there: what services need to be replicated in the cloud? Or will the application need re-architecting?

If you’re doing data replication, particularly synchronous replication, or vMotion, you also need to be aware of latency. For example, someone recently suggested a design with Layer 2 Datacenter Interconnect between North America and England for long distance vMotion. With vSphere 6, that might now work (150 msec max end-end round-trip latency). Before that was announced, it would not work.

Security is also a consideration, obviously. That’s the next section.

Security

My favorite scary cloud story is the one where a hacker gained full admin privileges (perhaps by social engineering) and then deleted a virtual company’s server instances and backups from Amazon. Gone in a flash, out of business, game over!

My conclusion: Yes, you have to think about what you’re doing. You’ll need to have properly secured privileged credentials, to raise the bar by using certificates for authentication, etc. Cloud server instances and data stores are comparable to corporate servers exposed to the Internet. Except that the cloud admins may have access and other privileges.

One added factor is that the administrative accounts for cloud servers, storage, and backup ought to be different, with carefully guarded credentials, perhaps involving different personnel. (Think disgruntled ex-employee who is about to become a felon: how much could that one person damage?)

I’m not about to attempt to tell you how to do cloud security in 300 words or less. Obviously it’s something you need to research and think carefully about. Google “cloud security book” to get started. Meanwhile, here are some security considerations for a public cloud transition:

  • How do you protect your cloud vendor admin accounts? Who can create/delete stuff?
  • How do you protect your server instances?
  • How do you protect your data in transit, or at rest?
  • Do you trust and/or verify vendor-based storage encryption?
  • Have you checked security ratings or other indicators of strong cloud vendor process and other security controls and segmentation?
  • Does the cloud provider meet audit and compliance standards that your business requires?

I should say “FedRAMP” here. FedRAMP is a standardized federal security assessment process. Even if you’re not a U.S. government shop, that level of certification might be re-assuring. As far as liability, only your legal staff knows for sure.

Backup

Lesson learned from the above scary story: separate your backup from your server instances and active data stores. Don’t have a single point of hardware, provider, admin access, or other failure.

Having said that, be aware that the “Hotel California” effect may apply: it can be costly exporting your data from the cloud. So you need to think about that.

Cloud Readiness Steps and Skills

Getting started means thinking about design issues and building cloud skills. Some common steps:

  • Build a private cloud
  • Consider shifting email to Google or Microsoft, or shifting desktop software hassles to Office365 or Google Apps, and support mobile users better at the same time!
  • Leverage other cloud-based services, e.g. com, Lands End Business Outfitters for company store logo clothing, etc.
  • If your firm is large, explore automated service provisioning, taking major cloud providers as examples of what can be done.
  • Put the private cloud in colocation space instead of your main datacenter
  • Pilot decentralized Internet and cloud-based user security services. Cisco, for example, has Cisco Cloud Web Security (formerly ScanSafe). Other vendors also have a growing presence in this product space.
  • Start doing some work in the cloud (dev or low risk)
  • Hire cloud savvy developers
  • Learn the traffic patterns of your apps (yes, developers can think about networking and latency, or hire consultants who can do that). Look for low-hanging fruit (apps that are Cloud Ready)
  • Reconsider your WAN, start working with IWAN, DMVPN, etc.
  • Standardize sites
  • Align your network with CVDs and Best Practices.

Consider your organizational structure. It helps if developers, server admins, network staff, security staff, and storage staff are all communicating. Some now favor the DevOps approach. Some practitioners of agile and DevOps reshuffle staff so that teams consist of people with cross-training. In such a team, someone might be the most network savvy person on the team, another strong at the hypervisor side of things, etc. Doing that may reduce specialized expertise but may lead to a better team effort. Think basketball team with one star versus a team with very good but no stand-out player. (Maryland women’s basketball team, Final Four 2015.)

Tags: , , , , , ,

#CiscoChat Recap: Why the World Needs More Girls in Tech

The number of women in the ICT workforce is unfortunately very low – hovering around 30 percent. But if the insightful feedback, eye-opening observations and encouraging outlooks expressed by our #CiscoChat participants is any indication, the future for women in both ICT and STEM is on track to be exceptionally bright.

From the value women bring to ICT, to best practices for encouraging girls to explore careers in these fields, “Why the World Needs More Girls in Tech” #CiscoChat participants were not shy in speaking on this subject. If you missed the conversation, led by our own Monique Morrow, CTO Evangelist-New Frontiers Development and Engineering at Cisco, take a look at some of the highlights and share your thoughts below.

1. What can attract girls to pursue a degree in ICT?

Without a realistic expectation that they can succeed in ICT, it’s inevitable that young women may not actively pursue ICT or STEM-related degrees. Thankfully, participants had amazing ideas on how to positively push young girls toward higher-education opportunities in ICT and STEM.

chat1 chat2

2. What skills do you think women bring to the technology table? Read More »

Tags: , , , ,

3,000 Minds to Inspire

This story was originally posted on Cisco Employee Connection, Cisco’s internal employee news site.

We are about to show more than 3,000 girls and young women around the world that they can be the next generation of scientists, mathematicians, engineers and technologists—the dreamers and doers who will invent the future.

In April and May, in more than 80 Cisco offices in more than 50 countries, female students from local schools, Cisco Networking Academy classes, and non-profit organizations will spend a day with us, learning about technology.

It’s all part of this year’s Girls Power Tech event, when we open our doors to girls ages 13 to 18 for a day of site tours, presentations and mentoring. The girls will learn about the Internet of Everything and talk with us about careers in technology. They will imagine themselves in technical jobs—and experience the kind of technology they can help invent.

The activities are in celebration of International Girls in ICT Day, held on April 23. We are a top corporate supporter of this global effort to empower and encourage girls and young women to pursue careers in information and communications (ICT) technology.

Read More »

Tags: , , , ,

Cisco Employee Changes Lives Through Technology Donations

In 2013, Roland Holloway learned he was cancer-free. For 9 years, Roland, a Cisco employee, had battled neck cancer, but a surprising recovery inspired him to give back to his community. With the help of Cisco’s Employee Purchase Donation Program (EPDP), Roland is empowering a local nonprofit with new technologies and helping others in need.

Roland, who will celebrate his 20th anniversary at Cisco later this year, is taking advantage of his newfound health to create change in his own neighborhood. “I’ve had a lot of good fortune come my way,” he said. “I enjoy giving back; I can’t change world politics, but I can definitely help my local community.”

After recovering from neck cancer, Roland enjoys spending time with his family and grandchildren

After recovering from neck cancer, Roland enjoys spending time with his family and grandchildren

He started by visiting his childhood friend, Johnny Taylor, who founded a veterans’ outreach nonprofit called Promised Land Foundation. Doctors diagnosed Taylor with polio as a child, forcing him to use an electric scooter for transportation and making his goal of serving other veterans difficult. Roland saw his friend struggling, and helped Taylor purchase a wheelchair-accessible van in 2013. “I wanted to help him fulfill his aspirations to help veterans,” Roland said. “I saw him struggling to get around, and he’s using the van to make veterans’ lives easier.”

However, Roland didn’t stop giving back. In 2014, he learned about Cisco’s EPDP through a colleague who had used the program to donate equipment to his daughter’s school. Roland realized that as a Cisco employee, he could purchase equipment at a 75% discount for donation to qualified nonprofits and schools in the United States.

Read More »

Tags: , , , , ,

Technology Training Helps a University Reduce Poverty and Increase Opportunity in Nigeria

renaldo_rheederThis blog was guest written by Renaldo Rheeder, director of professional and vocational development at the American University of Nigeria

Nigeria has the highest number of children out of school, according to A World at School. Of the 57 million youngsters worldwide who are not receiving a formal education, more than 10 million live in Nigeria. The majority of non-attendees are girls, mainly in the majority-Muslim north. Of those fortunate enough to enroll, less than two-thirds complete primary school and even fewer girls finish secondary school.

Despite these challenges, approximately 150 girls have successfully completed Cisco Networking Academy courses at the American University of Nigeria (AUN). According to their instructors, the girls’ performance in the courses was on par with the male students – ample proof supporting our already firm belief that networking is not a gender-specific field.

AUN was established in 2004 with the mission of becoming Africa’s premier development university. In teaching, research, and community service, AUN addresses our community and region’s most pressing challenges: poverty, economic barriers to growth, lack of education, gender discrimination, lack of opportunities for disabled youth, environmental degradation, violence, and problematic governance. We are an agent of peace and development through myriad programs.

Students in the Cisco CCNA Routing &  Switching course work in  the practical lab at American University of Nigeria.

Students in the Cisco CCNA Routing & Switching course work in the practical lab at American University of Nigeria (AUN). Photo courtesy AUN.

Read More »

Tags: , , , , , ,