The power of mobility has transformed the IT landscape.
While mobility and other tech forces, such as cloud and big data, have enabled organizations to improve productivity and increase efficiency, the constant challenge of keeping data, assets and users secure continues to be a top concern for CIOs and CSOs.
And these concerns stretch across global borders. For example, Frost & Sullivan analysts predict a $1.1B investment towards IT security in Latin America by 2015.
Today, security is no longer an expense, but a necessity for moving forward. It’s an investment for the future longevity of any company. With this in mind, how can business and IT leaders keep their organizations safe in a mobile world? And what can we learn from the mobile security adoption we are seeing in Latin America?
Recently, I had a chance to participate in a new Future of Mobility podcast with Frost & Sullivan Research Analyst, Bruno Tasco, to discuss the answers to some of these questions and how organizational leaders can address security in a way to reap the benefits of true mobility. The podcast is available for download in Spanish and Portuguese and a summary in English can be found on iTunes.
Here are a couple of considerations for CIOs and CSOs as they evaluate their mobile security strategies and look to future-proof their business.
Prepare for Fast Changes
Talking about mobility or general mobility in our Latin America market is like talking about the past. According to the Cisco Visual Networking Index (VNI), Latin America is experiencing and will continue to see incredible mobile adoption. Read More »
Tags: Big Data, Cisco, cloud, convergence, Fast IT, future of mobility, Ghassan Dreibi, latin america, mobile, mobility, security
Superior Platforms, Scale, and Operational Simplicity
Data Center trends like Virtualization, Solid State Drives, DC consolidation and Data Explosion are putting a tremendous amount of strain on the infrastructure. These challenges need targeted and multifaceted approach. It has to be holistic solution to the problems rather than point products for each unique problem. Data Centers require improvements in performance, flexibility, scalability, and reliability and ease of management. To address that Cisco revamped the MDS product line, the journey we started last year when we introduced 9710 and 9250i.
9710 – Director Class Switch with 3x the performance of any director, 384 ports of line rate 16G FC, highest reliability and flexibility.
9250i – Services Appliance supporting 10G FCIP, 16G FC and 10G FCoE in addition to IO Acceleration, Data Mobility Migration in compact 2 RU form factor.
We had a great success with the product line with steepest ramp and amazing customer feedback. Building on the success we have added new members to the product family and extended the innovation to allow for simpler management and scalable deployments.
a) Three New Products
- MDS 9148S – Industries’ most versatile affordable 1RU switch with High-Performance, Easy of Deployment, Enterprise-class features
- MDS 9706 -- Unprecedented investment protection with high performance, reliability and multi-protocol flexibility
- High Density line rate 10G FCoE Card -- For customers to adopt high density FCoE in incremental non-disruptive fashion on the existing FC footprint without forklift upgrades.
b) New Scalable Deployment Options
- Much Higher Scalability for SAN Infrastructures.
- Dynamic FCoE over Fabric Path
- Data migration enhancements for speed, scale and resiliency
c) New Management Features
- Hardware based FC Congestion Detection and Recovery
- Integration with Industry leading Platforms
- End to End Visibility
- Switch Health Score
With the addition of new members Cisco not only has best of the breed products but also broadest product portfolio. This allows customers to design the SAN precisely to their needs from small departmental SANs to the largest enterprises, from traditional LAN, SAN networks to fully converged fabric and everything in between.
Attend the Webinar on August 12th 8:00 PST to learn more : Register Now
Lets look at the capabilities of each product in little more detail
Cisco MDS 9148S: High-Performance, Easy to Deploy, Enterprise-class Fabric Switch
Versatile: 9148S pay as you grow model allows customers to start from small base and grow . It allows customers to grow from 12 Ports to 24, 36 and finally 48 without any rip and replace. It allows customers to go from 2/4/8G to 16G FC speeds. It is not only the most affordable switch shipping today across all the possible configurations but with 2x the range of ports it allows unparalleled scalability for future growth.
Ease of use: Power On Auto provisioning which allows 9148 and 9148S to automate switch setup. From getting DHCP, to downloading and applying the software to the final configuration is done automatically. Quick configuration wizard allows the box to be configured in an easy way. It shares the same NxOS as rest of the MDS and Nexus products. Power on Auto Provisioning (POAP) is important for large scale data centers where 9148S will be used as Top of the Rack (ToR) switch and distributed throughout the data center. This saves customer to go from box to box with the serial cable and program them individually. It allows for rapid, error free and consistent provisioning.
Enterprise Class switch: It offers the rich Enterprise features like non-disruptive software upgrade,32 Virtual SANs (VSANs), Inter-VSAN Routing (IVR), QOS, PortChannels, N-Port ID Virtualization (NPIV), N-Port Virtualization (NPV), Comprehensive Security in addition to redundant power supplies and fans. Its first of the kind switch in the industry to allow hardware based slow drain detection and recovery. It has back to front airflow.
Customer Use Case: Customer will use the 9148S to design small SAN environments like departmental SANs. Larger Enterprises will use 9148S as ToR Switch for ease of cabling and ease of Management. In addition to that 9148S will be used for BC/DR or remote locations. Pay as you go model is very attractive to customers as it allows them to grow the port count from 12 to 48 without any price penalty as their network demands grow.
Cisco MDS 9706: Extending MDS 9710 Director Qualities to a Smaller Form Factor
It is the highest performance director in the industry. It provides 3X the bandwidth compared to any compact director in the industry. Not only it provide 192 ports line rate performance at 16G but it is designed to provide line rate performance at 32G FC and 40G FCoE when those line cards are introduced without the forklift upgrades using the same type of fabric cards. With 6 fabric cards it provides 1.5Tbps of bandwidth per slot.
In addition to that this is industries first class of directors to offer Redundancy on all critical components including fabric cards. Smaller failure domain, Forward error correction, multi-point CRC checks, predictable and consistent performance for both latency and throughput.
Small to medium enterprises will use 9706 as Middle of the row and end of row switch in addition line rate 16G performance allows it to be used for connectivity to targets in addition to host connectivity. It will be used for both edge core and edge-core-edge designs.
In addition to the pod like deployments where 9RU form factor and 192 ports of line rate at 16G is very attractive.
Some of the specs of the switch are enumerated below
- 1.5 Tbps per slot switching capability
192 ports of 16G FC line rate today with 100% head room to grow to 32G FC) without forklift upgrade
- Industries Highest Reliability
N+1 Fabric redundancy, smaller failure domains, Forward Error Correction, CRC error checks at multiple points, In service software upgrades, Crossbar design with central arbitration and Virtual Output Queuing ensure customers not only get highest availability but also predictable and consistent throughput independent of the traffic profile.
With ability to support both FC and FCoE line cards. With capability to support 2/4/8/10/16G FC and 10G FCoE today and performance to support 32G FC and 40G FCoE on the same footprint.
Industry’s Highest-Density FCoE Module on a FC Director
With 48 ports this has the highest port density and greatest flexibility in the industry. Without any restrictions Cisco customers can now orchestrate FC, FCoE and mixed solutions. FCoE line card afford customers ability to design FC solutions and incrementally deploy FCoE without forklift upgrades and meeting the same features, reliability and availability as afforded by FC.
In addition to hardware we added extensive capabilities to enable small size to cloud scale deployments.
To support large scale out and scale up deployment models we have increased the scalability limits for the SAN infrastructure. The industry leading scalability numbers allow Cisco customer’s unprecedented future proofing and scalability to Scale out or Scale-up. Finally the Data Mobility Migration has 2x the speed and 8x the scale and higher resiliency.
Simplifying SAN Management
In addition to enhanced capabilities in Cisco tools MDS family is integrated with industry standard tools to provide faster configurations like automated zoning. Some of the examples of the tools are UCS Director, EMC ViPR, Microsoft System Center VMM and IBM PpowerVC.
To address complexity in the data-centers Cisco is focused on SAN Management simplification. First and foremost that is top of mind for customers is slow drain. If there are slow draining devices in the network it chokes the entire fabric. These conditions are transient, extremely difficult to isolate, debug and fix. To detect and recover for these conditions Cisco introduced Slow Drain Detection and Recovery in software in previous generation of devices. Now with the new products we have provided the support for these devices to run the slow drain detection and recovery in the hardware rather than waiting for software to come around polling individual ports every 100 ms which is a life time in the data center. As the table below shows with hardware based slow drain the detection speed has increased 100 times and recovery is of the order of nano seconds rather than 100ms.
||Recovery Action Latency – Start and Stop
||MDS 9500MDS 9148
||MDS 9700, MDS 9250i, MDS 9148S
For more info read this whitepaper
In addition to that Data Center Network Manager (DCNM) provides end to end visibility from hosts (virtual or Physical) through switches (MDS or Nexus) into the storage arrays independent of the protocol. DCNM is single pane of glass visibility into the Data Center for both SAN and LAN.
Host Path Redundancy Analysis checks the network every 24 hours or customer designated interval if there is end to end dual paths from Host to the target. It checks against port down situations, VSAN mismatches, VSAN Segmentation, LUN mismatches as well as makes sure both the ports are not on the same line cards. Similar activity that used to take months is now completed on the fly every 24 hours reducing risk and time to repair. Further more administrators are not surprised by an outage as they have complete visibility for the dual paths. Furthermore having both the paths up allows to mitigate any silent failures as well as avoid outages if one of the SAN fails.
Switch health score is another unique capability of DCNM to track switch health over time. It allows customer to quickly determine level of risk, isolate and fix the alerts resulting in low health score and track the health of the SAN over time.
As I started the discussion today Data Centers need a holistic approach to solving the challenges of the data center. Customers not only need higher performance, investment protection, lower opex and capex, reliability but also ease of management and tightly integrated end to end solution. The solutions and capabilities I described allows us to solve the challenges faced by data centers not only today for the years to come. We introduced MDS products in 2002 and since then we have introduced industries first innovation, just few examples out of that are enumerated below. We will continue to innovate in this space for the next decade.
Sr. Product Manager, DCBU
“The best time to plant a tree was 20 years ago. The second best time is now”
Tags: 16 Gigabit, 16G FC, 16Gb, 16Gb Fibre Channel, 192 Port, 9148S, 9706, 9710, architecture, availability, best practices, Cisco, cloud, Cloud Computing, Consolidation, convergence, data center, Data Mobility Manager, DCNM, design, Director, dmm, FCIP, FCoE, Fibre Channel, Fibre Channel over Ethernet, IO accelerator, it-as-a-service, MDS, MDS design, nexus, NX-OS, reliability, SAN, Storage, storage area networks, switch, switching, Unified Data Center, Unified Fabric, virtualization
With networks getting faster and the whole world going mobile, the number of connections is growing at an unprecedented rate. By next year, the amount of mobile-connected devices will exceed the number of people on the planet, and by 2020, will reach 50 billion. And those devices are getting smarter all the time.
While there is no doubt that mobility, cloud and big data are each enabling business transformation, imagine what they could do collectively. That’s the power of convergence, and it’s revolutionizing the IT and business landscape.
This convergence brings together applications, systems and processes to help meet current needs while preparing for future innovation. It’s at the heart of the Internet of Everything (IoE) in connecting people, process, data and things in new and innovative ways. And mobility is a driving force fuelling this evolving landscape, breaking down barriers and enabling the birth of entirely new kinds of business and economic models.
Mobility: A Cornerstone in the Converging IT Landscape
Mobile devices are already a pervasive part of our lives. As mobility continues to evolve, these devices will be primarily how a network connects to the user, helping shape and customize the end-user experience to deliver more personalized services and real-time engagement.
Imagine you are an online shopper who doesn’t want to wait overnight for your shipment. You want your product now. From your mobile device, you will not only be able to price-match with other retailers and see if the product is available in a store near you (a current capability), but also connect with real-time data in the cloud over an agile network to see if there are checkout lines in the store, reserve a parking spot, and tell the customer service rep you are on your way.
Gartner predicts that, through this year, mobile apps will drive “the next evolution in user experience” by “leverage[ing] intent, inferred from emotion and actions, to motivate changes in end-user behavior.” This is already happening through smart devices and wearables, for example, as people (myself included) use health and fitness apps to help make better, healthier choices.
Read More »
Tags: Big Data, carlos dominguez, Cisco, cloud, convergence, Fast IT, future of mobility, mobility
This is the second of a four part series on the convergence of IT and OT (Operational Technologies) by Rick Geiger
Physical Security has evolved from serial communication to modern systems that are largely, if not completely, IP networked systems. The unique requirements of physical security have often lead to shadow IT departments within the physical security department with networks and servers procured and operated by the physical security department with little or no involvement from IT.
Intersections with IT and the corporate network began with the interconnection of physical security systems and the placement of physical security appliances on the corporate network to avoid the cost of wiring that would duplicate existing networks. At one time IT may have been persuaded that these “physical security appliances” didn’t need to be managed by IT. But that persuasion was shattered by malware infections that revealed far too many “physical security appliances” to be repackaged PCs with specialized interface cards.
IT departments scrambled to locate and remove these vulnerable devices and either outright banned them from the corporate network or insisted that they be managed by IT. A hard lesson was learned that just as the organization, including IT, required physical security, video surveillance and badge access control, the physical security department needed the cyber security expertise of IT to protect the communication and information integrity of networked physical security systems.
Convergence is sometimes regarded as the use of physical location as a criteria for network access. Restricting certain network access to a particular location and/or noting any discrepancies between the location source of a login attempt and the physical location reported by the badge access system. For example, the network won’t accept a login from Asia when that user badged into a building in Philadelphia.
The need and opportunity for Cyber and Physical security convergence is much broader than network access. Physical Security systems need Cyber Security protection just as Cyber Systems need Physical Security protection.
What are, at a very high level, the primary activities of Physical Security on a day to day basis?
- Protect the perimeter
- Detect breaches
- Situational awareness
- Standard operating procedures define for anticipated events
- Forensic to gather, preserve and analyze evidence & information
Physical security personnel often have a law enforcement or military background, and approach these activities from that point of view.
Over time, the technology of physical security has evolved from walls, guns and guards to sophisticated microprocessor based sensors, IP video cameras with analytics, and network storage of video & audio. Although there are many examples of close collaboration between IT and Physical Security, there may also be tension. Physical Security departments defend their turf from what they perceive as the encroachment of IT by claiming that they are fundamentally different.
A quick look at the Physical Security systems quickly reveals something that looks very familiar to IT. Networked devices, servers, identity management systems, etc. are all familiar to IT.
At a very high level, the primary activities of Cyber Security can be grouped into a set of activities that are very similar to Physical Security. The common process that both need to follow is a regular review of Risk Assessment:
- What are the possible threats
- What is the probability of occurrence of each threat
- What are the consequences of such occurrence
- What are cost effective mitigations — as well as mitigations required by compliance
The Risk Assessment process is an integral part of NERC-CIP V5, which requires a review at least every 15 months of “…cyber security policies that collectively address…” CIP-004 through CIP -011. Implementation is required to be done “..in a manner that identifies, assesses, and corrects deficiencies…”
Many of the activities Cyber and Physical Security overlap and need to align:
- The use of IT Technology in Physical Security systems
- Overlapping Identity Management
- Device Identity management
- Requirement for IT process maturity
- IT security required for Physical Security systems
- Physical Security required for IT Systems
- Consistent future strategy & direction
The bottom line is that the activities of Physical and Cyber security have many parallels with opportunities to learn from each other and collaborate in threat assessment and risk assessment strategies and coordinated implementation and operation. NERC-CIP V5 has mandatory requirements for both Physical and Cyber security. Modern security, both Physical and Cyber, need to move beyond reacting to events that have already occurred, to agility and anticipation.
What does this mean for Cisco?
Cisco has a portfolio of leading edge Cyber and Physical Security solutions. Cisco’s Advanced Services offerings help our customers develop and deploy a collaborative, unified approach to Physical and Cyber security. NERC-CIP V5 is a compelling event for the electric utility industry. The transition period is underway with completion required by April 2016. Are you up to date on Cisco’s solutions and capabilities? We are here to help!
Tags: convergence, cyber security, Energy, security, utilities
EMC World was wonderful. It was gratifying to meet industry professionals, listen in on great presentations and watch the demos for key business enabling technologies that Cisco, EMC and others have brought to fruition. Its fascinating to see the transition of DC from cost center to a strategic business driver . The same repeated all over again at Cisco Live. More than 25000 attendees, hundreds of demos and sessions. Lot of interesting customer meetings and MDS continues to resonate. We are excited about the MDS hardware that was on the display on show floor and interesting Multiprotocol demo and a lot of interesting SAN sessions.
Outside these we recently did a webinar on how Cisco MDS 9710 is enabling High Performance DC design with customer case studies. You can listen to that here.
So let’s continue our discussion. There is no doubt when it comes to High Performance SAN switches there is no comparable to Cisco MDS 9710. Another component that is paramount to a good data center design is high availability. Massive virtualization, DC consolidation and ability to deploy more and more applications on powerful multi core CPUs has increased the risk profile within DC. These DC trends requires renewed focus on availability. MDS 9710 is leading the innovation there again. Hardware design and architecture has to guarantee high availability. At the same time, it’s not just about hardware but it’s a holistic approach with hardware, software, management and right architecture. Let me give you some just few examples of the first three pillars for high reliability and availability.
MDS 9710 is the only director in the industry that provides Hardware Redundancy on all critical components of the switch, including fabric cards. Cisco Director Switches provide not only CRC checks but ability to drop corrupted frames. Without that ability network infrastructure exposes the end devices to the corrupted frames. Having ability to drop the CRC frames and quickly isolate the failing links outside as well as inside of the director provides Data Integrity and fault resiliency. VSAN allows fault isolation, Port Channel provides smaller failure domains, DCNM provides rich feature set for higher availability and redundancy. All of these are but a subset of examples which provides high resiliency and reliability.
We are proud of the 9500 family and strong foundation for reliability and availability that we stand on. We have taken that to a completely new level with 9710. For any design within Data center high availability has to go hand in hand with consistent performance. One without the other doesn’t make sense. Right design and architecture with DC as is important as components that power the connectivity. As an example Cisco recommend customers to distribute the ISL ports of an Port Channel across multiple line cards and multiple ASICs. This spreads the failure domain such that any ASIC or even line card failures will not impact the port channel connectivity between switches and no need to reinitiate all the hosts logins. You can see white paper on Next generation Cisco MDS here. At part of writing this white paper ESG tested the Fabric Card redundancy (Page 9) in addition to other features of the platform. Remember that a chain is only as strong as its weakest link.
The most important aspect for all of this is for customer is to be educated.
Ask the right questions. Have in depth discussions to achieve higher availability and consistent performance. Most importantly selecting the right equipment, right architecture and best practices means no surprises.
We will continue our discussion for the Flexibility aspect of MDS 9710.
-We are what we repeatedly do. Excellence, then, is not an act, but a habit (Aristotle)
Tags: 16 Gigabit, 16Gb, 16Gb Fibre Channel, 9710, architecture, availability, best practices, Cisco, cloud, Cloud Computing, Consolidation, convergence, data center, Data Mobility Manager, DCNM, design, Director, dmm, FCIP, FCoE, Fibre Channel, Fibre Channel over Ethernet, IO accelerator, it-as-a-service, MDS, MDS design, nexus, NX-OS, reliability, SAN, Storage, storage area networks, switch, switching, Unified Data Center, Unified Fabric, virtualization