Microsoft’s Patch Tuesday has arrived. Today, Microsoft has released their monthly set of security bulletins designed to address security vulnerabilities within their products. This month’s release contains 12 bulletins addressing 53 vulnerabilities. Four bulletins are rated critical and address vulnerabilities in Edge, Internet Explorer, Windows Journal, and Windows. The remaining eight bulletins are rated important and address vulnerabilities in .NET, IPsec, Kerberos, Lync/Skype for Business, NDIS, Office, SChannel, and Winsock.
Bulletins Rated Critical
Microsoft bulletins MS15-112 through MS15-115 are rated as critical in this month’s release.
MS15-112 and MS15-113 are this month’s Internet Explorer and Edge security bulletin respectively. In total, 25 vulnerabilities are addressed with four of them specifically affecting both IE and Edge. The remaining 21 vulnerabilities only affect Internet Explorer. The majority of the vulnerabilities that are resolved in this month’s release are memory corruption defects. In addition, an ASLR bypass, an information disclosure vulnerability, and a couple of scripting engine flaws are also addressed.
Across the industry, it’s hard to find anyone who doesn’t see cloud services as a huge market opportunity. According to the Cisco Global Cloud Index, global cloud IP traffic will nearly quadruple over the next several years, accounting for more than three quarters of all data center traffic by 2018. But there’s been one major barrier to capitalizing on it: the complexity of cloud managed services.
Now, Cisco Cloud Architecture for Microsoft Cloud Platform is making things a lot easier. Combining Cisco’s world-class hardware with Microsoft’s enterprise-ready software, it helps cloud providers build comprehensive hybrid cloud solutions faster, with the flexibility and scalability they need to respond to real-world opportunities. Major cloud providers Continue reading “Quest Cuts through the Cloud Complexity to Deliver New Managed Services at Scale”
This summer’s announced development alliance between Apple and Cisco reminded me of a quote from Tim Cook, Apple CEO, that I once read, “Most business models have focused on self-interest instead of user experience.” Needless to say, Apple has built one of the most successful brands in history by focusing on consistently delivering an exceptional user experience, whether interacting with its product family or its various service offerings. Apple has raised the bar for what both consumers and business professionals have come to expect from technology.
In earlier blogs, I discussed the importance of connected processes and connected analytics in the transition toward companies becoming digital businesses. The final piece in digital transformation is connected experiences. Ultimately business outcomes from operational improvements are driven by new interactions and experiences. Both the process and analytics requirements need to be informed by the shoppers, service consumers, business professional, citizens and so on – all participants among who and what is being connected — and how they are connected. User requirements define how people can transparently access hyper-distributed centers of data, whether via smartphones, tablets, laptops, or specialized devices. But it is not just about simply having access to the data. Most importantly, it is about delivering timely insights so that users can make informed decisions. Put simply, it is about delivering personal and/or professionally relevant information that an individual needs, when and where they need it, and in the best way for them to understand or apply it.
Peter Sondergaard, Senior Vice-President and Global Head of Research at Gartner, summed it up this way at the firm’s recent ITxPO event, “In five years, 1 million new devices will come online every hour. These interconnections are creating billions of new relationships. These relationships are not driven solely by data, but algorithms. Data is inherently dumb. It doesn’t actually do anything unless you know how to use it, how to act with it.” I believe it is incumbent upon us to guide customers to discern the value of collected data, extract meaningful information from it, and analyze and use the data to offer new capabilities, richer interactions, and unprecedented opportunities for businesses, individuals, municipalities and more.
Building a successful recurring revenue business is a common challenge facing Cisco partners. From service contract renewals to upsell and cross-sell opportunities, we know that post-sales initiatives often take a back seat, causing you to miss out on valuable and repeatable revenue gains. Even worse, by not staying on top of your customers’ post-sales needs, you risk losing their trust and their business.
So how can you turn things around? The answer might surprise you. It isn’t a more experienced sales team, or even more feet on the street. In fact, we’ve found that the key to a successful recurring revenue business is data science – information and analytics that deliver clear insight into the post-sale opportunities that exist across your installed base.
Data science is already playing a role at Cisco in predicting how customers will behave and ultimately buy. As part of this effort, we are working to use data and analytics to help grow our partners’ post-sales businesses by driving consistent engagement throughout all phases of the customer lifecycle – from the moment a product or service is purchased, to the point when it is adopted or implemented, to the time the customer is ready to renew or refresh that purchase.
Data science can also serve as a powerful force in building customer success. And that’s why the Cisco Global Customer Success (GCS) organization was formed earlier this year. The GCS team is looking at new ways to put data to work to empower our partners to enable customers to realize the full value of their Cisco investments.
What’s in it for you?
The easiest way to describe what data science can do for Cisco partners is this: it gives you the information you need to sell smarter, more effectively, and more profitably at every stage in the customer journey. With data science behind you, you can reach out to the right customers, at the right time, and with the right offers to quickly close more sales.
How can you get started putting your data to work for your business? We’d like to help, and we’ve lined up a partner-focused webinar on this topic on Dec. 15. Registration is now available online, and you won’t want to miss it as you gear up for a fresh start in the new year.
Integrating Monasca and Ceilometer seemed like a very good idea from the start. It would integrate all the OpenStack resources notifications and metrics as well as provide a unified storage layer for Monitoring and Metering, simplifying deployment at scale as well as opening the door for new solutions that weren’t possible before.
So the team set out to make it real. The implementation was carried on a three months period and all the code, unit tests and load simulator are open-source and available in the official OpenStack repo at: https://github.com/openstack/monasca-ceilometer
There are at least two aspects that made this “marriage” titillating:
Ceilometer substantially collects metrics for all the OpenStack resources that Monasca does not currently collect today.
Ceilometer biggest issue is scalability and performance and that is where Monasca excels.
So, we embarked in this experiment and found a neat way to integrate the two services. The first part was the ingestion. Ceilometer has two main types of agents:
Notification, a.k.a. Push model agent
Central/Compute, a.k.a. Pull model agent.
Our integration with Monasca was trying to address all the cases and support both the Push and Pull model. The Compute Agent is probably the part where there is the most overlap with the Monasca Agent that is capable of polling from libvirt or other virtualization layers. We decided to extend the Publisher code in Ceilometer to integrate with Monasca client and send the “measurements” to the Monasca API.
Current Ceilometer architecture:
This brought two distinct advantages to the solution: the first is that we can integrate with any of the Ceilometer agents out of the box, so we can integrate data from all the data sources that Ceilometer supports now and in the future; the second is that we remove the RabbitMQ re-publishing of Samples.
This latter aspect is particularly problematic in large deployments. RabbitMQ clustering has some limitations around the 20M-mark load; this can slow down the queue performance and impact other services relying on the queue. In the Ceilosca case the samples are sent as “measurements” directly to the Monasca API, which stores them into Kafka. This allows for a different publishing rate from the storage rate increasing performance and optimization at the distinct layers.
Ceilosca Architecture:
The Monasca Publisher in the Ceilometer agent also leverages another important aspect in publishing to Monasca, batching. The Monasca Publisher for Ceilometer has three parameters that can be set to control the batching behavior and performance:
Batch count. This allows specifying how many messages are buffered and sent at in one http request to the Monasca. The Monasca API accepts “measurements” from different “metrics” without having to aggregate them and this is a huge performance boost.
Batch timeout. This specifies the max time to wait before committing to the batch. Usually this is helpful in the case your message bus is only handling events and not polling, which means it is rare to get a huge amount in a short window of time.
Batch checking interval. This dictates the frequency when the publisher is checking on the batch size and timeout to understand when is time to make the API POST request. Clearly this has to be carefully set to avoid repeated useless checks but cannot be too large to excessively delay the “measurements” publishing.
In several of our tests we found out the batch of 1000 messages and a timeout of 15s with a polling interval of 5s is a good compromise for a mix of Central Agent loads and OpenStack Notifications.
Deployment
We all know that deploying and running OpenStack services is not the easiest thing on Earth. For this reason we wanted to move away from sophisticated deployments and make sure the deployment was well understood and one command deployment. We wanted that everybody was able to get Ceilosca to run either on a single VM (or box), so we thought to leverage DevStack…. We know, DevStack is for development and not for scale and performance testing, but guess what; if it scales in DevStack it will scale everywhere else. Hmm, not sure you should keep this statement.
What we needed next was a deployment script; a single unified script to install everything and have it running. Fortunately, both Monasca and DevStack had already deployment scripts that we could run and leverage, the only difference? Monasca uses Ansible and DevStack uses bash … so; we created a new bash script that installs devstack and then runs ansible to deploy Monasca on top of Devstack and that did the trick. Once you download the repo just go and execute:
/deployer/ceilosca.sh
and (depending on your env) after some time you will get a full DevStack with Ceilosca in it and you are: Ready to GO!
The Devstack+Ceilosca+Monasca is the environment where we run all the tests and we had it running both on virtual machines and baremetals.
Note, we now have a complete DevStack plugin for Monasca.
Tests
As we mentioned before the tests were running on DevStack. This is to make sure that the tests are repeatable from anyone that is interested in running them. Clearly DevStack brought some restrictions that we had to deal with it. Moreover, some of us decided to run these tests in OpenStack VM and that made it even more challenging … (hey, we may even try stuff on containers later on, maybe using Kolla…). I will post the results of the these tests in 2 separate blogs relating to Private and Public Cloud.
Conclusions
Ceilosca turned out to be a significant improvement over Ceilometer both during data ingestion as well as querying. The performance gain is quite staggering going from 2x to 4x in ingestion speed and throughput as well as 11x to 18x in querying. These are the main takeaways from the extensive testing we performed:
Ceilometer has an exponential performance degradation that is directly proportional to the number of tenants and resources.
Ceilometer has open-ended queries that do not force the requestor to have a query params like tenant_id and time interval. This has been mitigated with the introduction of limits at the Liberty release but still the API could be significantly improved for performance.
Ceilosca has very efficient batching capabilities across the entire workflow and it is configurable based on cloud deployment specific needs. Ceilosca also can select the metadata to be preserved and the one to be discarded. This is a high value feature.
Monasca API are nearly twice as fast than Ceilosca implementing Ceilometer V2 API. For users that do not need backward compatibility we recommend to consume the data directly from Monasca.
Team
Cisco: Fabio Giannetti, Ken Owens, Srinivas Sakhamuri, Pauline Yeung, Steven Irvin
HP: Roland Hockmuth, Dan Dyer, Atul Aggarway, Jenny Wei, Putta Challa, Rohit Jaisway
Interviews are tricky because they can range from amazing experiences to downright horror stories. They make most people (even the interviewer) a little nervous, but they are one of the best ways to determine if you are a good fit for the team. This is also the best time to find out if the team is a good fit for you.
Wouldn’t it be great if you could have an awesome experience every time? If the interview could be efficient, transparent, and organized? If there was great communication from start to finish?
These are exactly the qualities that people who have interviewed at Cisco use to describe their experience. 84% of candidates had either positive or neutral things to say about their interviews. That’s how we earned a spot on Glassdoor’s Top 10 Tech Companies for Interview Experience.
So what to people say on Glassdoor?
1) Cisco Interviews are thorough
“Interview panel was thorough and had great conversations on-site and via WebEx conferences. Could not be happier with the experience and ultimately chose Cisco!” – Human Resources Senior Manager
2) Cisco Interviewers are quality people
“Everyone in the hiring process was very professional, and I was very impressed with the quality of individuals at Cisco.” -Account Manager
3) Team fit is important
“Overall, it was a good experience and helped me understand the company better as a whole and what it would be like to work there.” –Global Marketing and Corporate Communications Analyst
4) Interviews are casual
“Interviews with managers were very causal, just having an every-day conversation. 2 team members had more team related and situational questions and also personality questions but were fairly easy as well.” -Intern
There are thousands of other comments on Glassdoor that you can check out. If you work for Cisco, you could even leave a review about your experience to help others!
Connecting more things in more places creates new security challenges. Please join us on November 17, 2015 at 8:00AM (PST) for the IoT System Security webinar and learn how to secure and control IoT with the Cisco IoT System Security.
In this webinar you will hear how the IoT System Security product portfolio delivers secure connectivity, visibility, and control to assure that IoT initiatives deliver a competitive advantage for our customers. And you will learn about the new ruggedized Cisco ISA 3000 and how it provides application visibility, policy enforcement, and threat defense.
Back in September 2014 Cisco acquired private OpenStack cloud service company Metacloud (http://newsroom.cisco.com/press-release-content?articleId=1489587). Initially known as Cisco OpenStack Private Cloud (COPC) and now known as Cisco Metapod®. Cisco Metapod represents one of most robust and scalable OpenStack-as-a-Service or On-Premise Public Cloud Experience offering in the market. With the agility and vision of a startup, the stability and expertise of Cisco, this is a solution and a service that helps businesses with the adoption of the agile/mode 2 or cloud native applications. Continue reading “Interacting with Metapod from the OpenStack CLI (or Building your OpenStack CLI VM)”
Traditionally, incumbent companies have relied on three main competitive advantages to maintain their leadership positions over newcomers: 1) large customer bases, 2) strong brand equity, and 3) access to large amounts of inexpensive capital.
Today, however, these attributes no longer provide the protective mote needed to fend off today’s agile, innovative, and risk-taking competition. Cisco’s recent Digital Vortex research determined four out of 10 incumbents will be displaced in just the next five years.
