2015 - Page 57 of 217

September 24, 2015 Leave a Comment

Cisco ACI – A Hardened Secure Platform With Native, Built-in Security

This blog has been developed in association with Javed Asghar, Insieme Business Unit

The Cisco ACI Platform consists of the Cisco APIC controller and Nexus 9000 series switches connected in a spine/leaf topology in a CLOS architecture configuration. All management interfaces (REST API, web GUI and CLI) are authenticated in ACI using AAA services (LDAP, AD, RADIUS, TACACS+) and RBAC policies which maps users to roles and domain.
The ACI fabric is inherently secure because it uses a zero trust model and relies on many layers of security: Here are the highlights:

All devices attached to the ACI fabric use a HW-based secure keystore:
– All certificates are unique, digitally signed and encrypted at manufacturing time
– The Cisco APIC controllers use Trusted Platform Module (TPM) HW crypto modules
– The Cisco Nexus 9000 series switches use Trust Anchor Module (TAM) to store digitally signed certificates
During ACI fabric bring-up or while adding a new device to an existing ACI fabric, all devices are authenticated based on their digitally signed certificates and identity information.
Downloading and image bootup:
– All fabric switch images are digitally signed using RSA-2048 bit private keys
– When the image is loaded onto an ACI fabric device, the signed image must always be verified for its authenticity using hardware rooted Cisco Secure Boot
– Once the verification is complete “only then” the image can be loaded onto the device
The ACI fabric system architecture completely isolates management vlan, infrastructure vlan and all tenant data-plane traffic from each other. (The Cisco APIC communicates in the infrastructure VLAN (in-band))
The infrastructure VLAN traffic is fully isolated from all tenant (data-plane) traffic and management vlan traffic.
All messaging on infrastructure vlan used for bring-up, image management, configuration, monitoring and operation are encrypted using TLS 1.2.
After a device is fully authenticated, the network admin inspects and approves the device into the ACI fabric.

These are various layers of security built into ACI’s architecture to prevent rogue/tampered device access into the ACI fabric.

Please stay tuned for a blog posting by Praveen Jain (ACI Engineering VP) which will cover the APIC and Fabric security is more detail in coming weeks

Praveen Jain’s recent blogs:
New Innovations for L4-7 Network Services Integration with Cisco’s ACI Approach

Micro-segmentation: Enhancing Security and Operational Simplicity with Cisco ACI

Network Security Considerations

Additional Information:
The Cisco Application Policy Infrastructure Controller

Authors

Ravi Balakrishnan

Senior Product Marketing Manager

Datacenter Solutions

6 Comments

An Overview of Network Security Considerations for Cisco ACI Deployments

Praveen Jain

Security continues to be top of mind with our customers and frequently comes up with customers who are evaluating new architectures. I have been in the networking industry for over two decades involved in multi-billion dollar product lines like Catalyst 5K/6K, MDS-9000, Nexus-7K, UCS, and now with Application Centric Infrastructure (ACI). I don’t claim to be a security expert by any means, but have gained good insight into what’s important based on numerous conversations with customers over the years thereby allowing me to write about it with some degree of authority.

That said, security is a very broad topic and there are myriad products in the industry to deal with the various types of attacks that infrastructure and applications are exposed to today. For purposes of this blog, I will focus on the network security aspects and how they intersect with Cisco ACI.

Continue reading “An Overview of Network Security Considerations for Cisco ACI Deployments”

Authors

Praveen Jain

No Longer with Cisco

Join the SCTE IP Challenge – Perspective from Last Year’s Winner, Jamie Griffin

Jamie Griffin

The SCTE IP Challenge has become an event that I look forward to each year. I have participated for 2 years now and plan to return for a third at this year’s Cable-Tec Expo in New Orleans. It’s a great opportunity to test your own skills, meet industry colleagues, and enjoy some friendly competition.

The SCTE Expo itself is a great show and always leaves me with a feeling of renewed enthusiasm. The show floor is a great place to identify new equipment or technologies that could have a meaningful impact on your system. However, for me, the technical workshops are the most important events. In these sessions you get to hear real world experiences from technical leaders in the field, learn from successful and less-than-successful technology deployments, and get a great sense of where the industry as a whole is headed for the coming year.

The IP Challenge itself begins several months before the SCTE Expo with two rounds of online qualifiers. The questions in the qualifying rounds can be difficult and often require some research. However, the challenge isn’t necessarily clearing the board, the toughest part is catching all the bonuses and tokens. By the end of a full week you can develop a Pavlovian response to any change in the all-important bonus box.

Although the questions at the finals are Continue reading “Join the SCTE IP Challenge – Perspective from Last Year’s Winner, Jamie Griffin”

Authors

Jamie Griffin

Director of Technology

Cisco Partner: Full Channel, Inc.

Cisco cBR-8: Re-imagining CCAP with SDN

Greg Smith

Guest Blog by Igor Dayen, SP Product and Solutions Marketing

In an age of agile service creation with a virtualized IT infrastructure, the delivery of services by cable operators is undergoing a transformation. Two key technologies that are fueling this change are Software Defined Networking (SDN) and Network Function Virtualization (NFV). In this blog, we will examine how SDN is transforming service delivery for cable operators.

SDN offers much promise to cable operators. It changes how networks are designed, operationalized, and monetized, making them far more agile and responsive to customers. In traditional switch and router system architectures, the control plane is implemented in software running on a general-purpose CPU and the data plane is implemented with specialized hardware such as an ASIC. What SDN does is remove the Continue reading “Cisco cBR-8: Re-imagining CCAP with SDN”

Authors

Greg Smith

Sr. Manager, Marketing

Cisco Solutions Marketing

1 Comment

Going global with CMX Connect

Reddy Babu Adarapu

In the connected world we live in, constant access to communications with family, friends, and even work, have become imperative. It is no wonder that with such exigency to stay connected, the demand to provide this connectivity lies heavily on the venues in which we frequent. Restaurants, malls, hotels, grocery stores, sports stadium, and airports are a small sample of the many venues that often offer Wi-Fi access. CMX Connect is a guest portal solution which provides these venues with the opportunity to engage with users before Wi-Fi access is granted.

Continue reading “Going global with CMX Connect”

Authors

Reddy Babu Adarapu

Techinal Leader

4 Comments

The Internet of Food – Improving Lives

Nicola Villa

A sense of great pride came over me as I entered the Expo in Milan to attend the Cisco Internet of Food international press event. This event is where Cisco brings food and digital technologies together in a world of apps, services and technologies that are changing the way food is produced, distributed, consumed and depicted. My home town hosted this significant conference that focused on two of the most important factors that make our lives better: food and the Internet. What better place than Italy? This country is the world’s food voilà and has one of the highest number of mobile phones and Facebook users – to talk about building bridges between technology and food.

While there, I met with a group of international press and together with a few colleagues and industry luminaries, we discussed the Internet of Food, a natural offshoot of the Internet of Everything.

Cisco and THNK.ORG have been working for the last 12 months to reimagine how the Internet of Everything changes the way we grow, manufacture, distribute and consume our food. Continue reading “The Internet of Food – Improving Lives”

Authors

Nicola Villa

Managing Director, Global Analytics Practice

Cisco Consulting Services

1 Comment

Take Productivity to New Heights

Patty Yan

Getting Value from Improving Internal Communications

In my previous post, I considered how better access to information can save time, reach many more people, and create a happier, more engaged workforce. All these benefits flow from improving your organization’s internal communications.

In-person meetings are effective, but with today’s increasing reliance on mobility, remote workers, and distributed teams, it can be prohibitively costly to bring teams together. Not just from travel costs, but lost productivity too.

We need more effective ways to collaborate.

86% of employees and executives cite lack of collaboration or ineffective communication for workplace failures according to Clear Company HRM.
50% of business productivity is tied to effective collaboration, according to CEB.
Cisco generates $250 million (US) in travel savings per year using video

With globally dispersed teams, it’s not enough to rely on email and chats on video. Fast access to secure, collaborative video content across dispersed teams is paramount.

Video, audio, instant messaging, and clouds have come together to offer the right solution to enterprises. The ingredients for success are operational efficiency, employee effectiveness, and customer experiences. And all these need a focus on connecting people and technology.

You can realize substantial value if you do it right and eliminate the potential for miscommunication.

https://www.youtube.com/watch?v=h5s_mckHthw

But how do you do it? Continue reading “Take Productivity to New Heights”

Authors

Patty Yan

No Longer with Cisco

CMX 10.2 Analytics – The Correlation Widget

Daryl Coon

Written by Ian Mc Garry, CMX Software Engineer

The release of CMX 10.2 is coming soon and with introduces the improved Correlation Widget. Allowing you to view the relationship between areas, Correlation is a powerful tool. To help introduce you to the widget we’ve put together some simple but beneficial use cases outlining its utility and power.

Correlation Use Case – Identifying the Relationship Between Areas

Certain areas within a location, such as shops, should have a natural interaction or correlation with each other. This can be due to their related nature, ease of accessibility or even close proximity with one another. For example in a mall we may have a flower shop and a card shop. A strong correlation between these shops is expected due to the well-known fact that flowers and gift cards go hand-in-hand. Using the Correlation Widget we can quantify this relationship and prove or even disprove our theory.

We set up a simple correlation widget that looks at the data for shops last week. Setting our Card Shop as the focus allows us to then see the Correlation between it and the other shops in the building.

From this chart we can see Continue reading “CMX 10.2 Analytics – The Correlation Widget”

Authors

Daryl Coon

Cisco Customer Solutions Marketing

3 Comments

Team Donates Blood To Support Their Cisco Family

Carmen Shirkey Collins

Folks at Cisco don’t “hijack” blood donation trucks unless there’s a very good reason. If helping a colleague cope with the loss of her father and honoring his last wishes isn’t a good reason, then we don’t know what is.

One of the members of the Digital Strategy Enablement (DSE) team recently lost their father to leukemia. Instead of flowers at his service, her father asked that people donate blood to help others.

So the DSE team jumped into action, re-routing a Stanford Blood Center truck from another location and standing in line to donate at Building 8 on the San Jose, CA campus.

27 people attempted to donate (8 were denied due to recent travel, etc.)
22 units of blood were donated
3 people were able to give T5 double-red donations, which are extra special and earned them extra cookies and kudos

While enjoying a post-donation cookie, the DSE team spoke to another colleague from a different Cisco team whose wife also as cancer and is undergoing chemo treatment at Stanford. So the DSE team may be helping ANOTHER member of the Cisco family, as she may be a recipient of their donations, as well as other people in the community.

Giving back is so engrained in the culture at Cisco, that when employees volunteer or donate, Cisco will match their volunteer hours and donations to approved organizations. So in addition to the blood donations, the team was able to earn over $200 that will go to the Stanford Blood Center as well.

Thank you, DSE team, for proving once again that the idea of the “Cisco family” isn’t a marketing slogan, it’s just how we do things around here.

If you want to be a part of the Cisco family, you can view openings here.

Authors

Senior Product Marketing Manager

Datacenter Solutions

Authors

No Longer with Cisco

Authors

Director of Technology

Cisco Partner: Full Channel, Inc.

Authors

Sr. Manager, Marketing

Cisco Solutions Marketing

Authors

Techinal Leader

Authors

Managing Director, Global Analytics Practice

Cisco Consulting Services

Authors

No Longer with Cisco

Correlation Use Case – Identifying the Relationship Between Areas

Authors

Cisco Customer Solutions Marketing

Authors

Social Media Manager

Talent Brand and Enablement Team, HR