Over the past 2 months or so, I’ve been blogging on Cisco Domain TenSM, Cisco Service’s framework to guide you on your path to data center and cloud transformation. We are just over half way through the discussion on Cisco Domain Ten, so I thought it worthwhile, especially for anyone reading about this concept for the first time, to write a quick refresher and summary of the articles I’ve written so far. So forgive the brevity and please do dive into the links/URLs for more information if indeed you missed these articles first time. And if you’ve read every article -- thanks!
In case you missed it, Network World’s Ellen Messmer published a rather surprising article on how Dell was going to “trump” Cisco in the information security market as a result of some recent acquisitions. Now certainly Dell is entitled to their beliefs. They’re in a difficult position right now, as Michael Dell and Silver Lake maneuver the company through a very complex set of buy-out related transactions. They need to give their customers assurance that they won’t be distracted through this process. And if you want to set a big impression with your customers, you might as well go after the market leader in security. Be it as it may, we can’t just sit back and let these blatant statements go unchecked. So, in the spirit of “fair and balanced” reporting, we thought we’d issue our own little fact check and let you conclude for yourself.
“Cisco is a great competitor but they don’t have our holistic view” – Acquiring assets and bundling them together doesn’t constitute a “holistic” approach. Those assets must be closely integrated, which is the approach Cisco is delivering with its next generation security architecture. This architecture will be built on top of a multi-function security platform with deep network integration. There are many proof points today that demonstrate we are delivering against this strategy and architecture. Today our customers are deploying Cloud Web Security with their Cisco ISR G2 and ASA Next Generation Firewall through connectors built from Cloud Web Security. In addition we’ve brought market leading application, visibility and control to ASA, embedded deep in the firewall. But it doesn’t stop here.
Now what about Dell’s comment that Cisco “doesn’t have an identity business“? Cisco’s Identity Services Engine provides the backbone of Cisco’s secure Unified Access solution. The real network security action is in delivering access privileges based on more than just user identity and group which is all Dell can do today with Quest. In the BYOD world customers also require action based on the type of device, posture of the device, and location. Cisco’s Identity Services Engine is the industry leading platform to deliver context based policy controls and then leveraging the network for distributed enforcement consistently across wired, wireless, and VPN access. This is a game-changer for the enterprise and our next generation end-to-end security architecture. Enterprises can now implement context-based policy from the access layer through the data center switching fabric without using brittle and costly network segmentation methods tied to VLANs and ACLs. This is real synergy, and it is delivering a holistic solution as opposed to a holistic press sound bite. But don’t just take our word for it; check out Gartner’s latest Magic Quadrant for NAC. Cisco’s ISE combines identity, device, and network with a market leading platform deployed in over 3000 customers.
Just weeks ago we announced another key milestone with the introduction of ISE 1.2. With this latest release we also became the first vendor in the industry to offer automated profiling feeds making us better and faster at identifying new devices and operating systems. We’ve increased the speed and scalability of ISE to address the increasing demands brought on by the “Internet of Everything”. And we’ve added a new set of partner APIs enabling integration into key MDM partners – SAP, AirWatch, Citrix, Mobile Iron and Good. This expands the reach of ISE and enables customers to drive common context and identity management from the network all the way to the end point. Dell talk’s about their direction to advance the “concept” of embedded security to virtually any type of device. We’re not just talking about it, we’re doing it. Read More »
Over the last six months, I’ve talked with numerous customers and partners. One thing is clear: People get it. Connecting employees, vendors, partners, and customers — so they can work together with no barriers — makes sense. It saves money and time, and builds relationships.
It seems like overnight we landed in a post-PC world — a place where working from anywhere, anytime is how it is every day. Two technology trends are driving this new work-style while embracing the existing IT landscape: cloud-based applications and smart mobile devices.
Cloud-based services are already familiar in the consumer world — with music, storage, and social media — and in the business world with customer relationship management (CRM) and other transactional applications. The software-as-a-service (SaaS) model offers well-known benefits to IT — such as rapid deployment, flexibility to meet changes in demand, and the ability to shift costs from capital to a predictable operating expenses — all while providing an “always on” service that is available anytime, anywhere.
I keep coming back to that: anytime, anywhere. It is the touchstone for this new work model. Smart mobile devices are the perfect complements to cloud-based services. We can have consistent access to information from different devices and locations throughout the working day. Check email, join a conference call, or participate in a video conference — all from your smartphone, notebook, tablet, or desktop. Whether you are on the road, in the office, or at home — place doesn’t matter. The Cisco WebEx cloud collaboration applications are hosted on the Cisco WebEx Cloud, a platform that supports nearly two billion Read More »
Service Financial Management is the focus of Domain 6 in Cisco Services‘ DomainTenSM Model for Data Center and Cloud Transformation. Closely related to the User Portal (Domain 4) and Service Catalog and Management (Domain 5), service financial management is one of those organizationally challenging topics for the data center management team -- although with the advent of cloud services, is becoming more widely appreciated and in many cases (e.g. a service provider offering cloud services to businesses, a public sector organization offering services to other regional public service organizations), a mandatory part of your offer. So let’s discuss this area and I’ll point you to a technical white paper from Cisco Services experts on this topic.
Cisco Domain Ten -- Domain 6 -- Service Financial Management
Cisco continues to roll out innovations that will enable the next generations of multi-cloud computing. I’m a product manager working on Cisco’s Cloud Management software, and we’re all about the high-level, self-service, automatic provisioning of services that the end-user cares about. The network just moves ones and zeros, and all protocols of interest (HTTP, SSH, RDP, SQL, etc.) work fine over TCP/IP. The hypervisor takes care of putting that pesky motherboard chipset and storage bus into a black box, right? The end-user doesn’t care about that stuff, or at least doesn’t want to have to care about it.
A common perspective, except among the engineers who manage the network, is that network infrastructure is a bunch of mysterious plumbing that “just works” and how it does what it does doesn’t matter. Indeed, many vendors in the “cloud” arena would like to perpetuate this perspective on the network. They would like you to believe a bunch of dumb pipes can carry traffic and that determination of the traffic (content, flow, etc.) is determined at higher levels in the stack.
In some cases, this is true, but operating this way doesn’t unlock anything new. The model they describe would be brilliant if all of your network requirements were defined in 1998. Few companies can afford to operate technology today like they did in 1998 and remain competitive.
Cisco is announcing a newNexus 1000V(N1KV), and this one changes the game.In brief, the Nexus 1000V is the foundation of the networking services that Cisco brings to virtual computing. The N1KV can be managed using the same NX-OS commands and practices used to manage the Nexus 5K and 7K switches, and extends network control down to the VM and virtual port into which a VM is “plugged in”, even across different vendors’ hypervisors.
The N1KV is also the platform for additional L2 and L3 network services such as those provided by the vASA Firewall, vNAM, and VSG. The new Nexus 1000V InterCloud extends this ability to cloud service providers, such as Amazon, but is “cross-provider” (in fact, it doesn’t even depend on the Cloud Service Provider). For me, in my role as a Cloud Product Manager, this is an important new addition to basic networking capabilities, and is exactly the kind of thing that Cisco can and should do in its role as “Networking Giant” to open up the promise of hybrid or multi-cloud.
I have a mental image of what this can do, and I tried to put this into images to the right. Animation would have been better, I just don’t have the Flash skills to put it together for a quick blog post. I envision a virtual machine as a ghostly “physical” server tower with network cables plugged into it. These network connections can come from end-users in a client-server model, or any of our web-and-mobile constructs. After all, we still are end-users connecting to machines. Of course, the “client” for a compute function could be another compute function, so there is a network cable coming from another nearby ghost server. These ghost servers can today float from blade to blade thanks to most mainstream virtual machine managers (VMM) and a virtual switch like the N1KV, and the cords stay connected throughout. With the new N1KV, that VM can float right out of that VMM and into another VMM (such as across VMware datacenters, or even from VMware to Hyper-V), or out to a public or hosted provider. The cord just magically uncoils to remain connected wherever that machine goes! I love magic.
The N1KV provides that cable that can float after its ethereal virtual machine. It also provides the platform to maintain monitoring by the vNAM, even as the machine moves. You simply can’t economically achieve this using basic dumb pipes. Add to this the new Virtual Network Management Console (VNMC) InterCloud management capabilities. In order for that cord to stay connected, there do have to be network switches or routers along the way that understand how to make that network cable follow the machine. VNMC InterCloud manages these devices, but adds another particularly important capability: actually moving the workload.
VNMC InterCloud adds the ability to discover virtual machines, and convert them to a cloud-provider’s instance format, move what could possibly be a fairly large set of files, and get that machine started back up in a far-away environment, with seamless network consistency. VNMC InterCloud is like a puff of wind that pushes the ghostly VM from my corporate VMWare-based cloud to float over to my hosted private cloud. Remember, ghosts can float through walls.
This is groundbreaking. Workload mobility is one of those hard-to-do core capabilities required for all of us to realize the promise of multi-cloud, and it requires a network that is both dynamic and very high performing. I’ve been looking forward to this from Cisco for some time now.