In the application economy, it is all about time to application delivery and focus on optimizing the entire application lifecycle. With the sustained “cloudification” of IT, supporting multiple applications while reducing cost and complexity in a multi-cloud environment becomes very critical. Most companies suffer from application sprawl with scripting, complex workflows and a cumbersome ticket-based approach defining the application rollout. It is therefore no surprise that many companies hit the “pause” button especially when they are not in a position devise a clear strategy to automate and manage applications in a multi-cloud environment. Unfortunately, this puts them in a holding pattern and at a competitive disadvantage vs. others that are willing to take a more proactive role to transforming the application lifecycle.
The good news is several innovative solutions today are cropping up to address this problem. For its part as a leading infrastructure vendor Cisco is making it really easy to program and automate infrastructure, as well as focus on solutions that build private clouds or establish a mature hybrid cloud presence. Cisco’s UCS portfolio, open NX-OS capability across the Nexus family of switches, SDN controller-based solutions like the Virtual Topology System (VTS) as well as industry-leading innovations like Application Centric Infrastructure (ACI) are all making rapid strides in this direction.
https://www.youtube.com/watch?v=ygpy4QGvO3Y
The Cisco ACI approach has been focused on making networks (and other network infrastructure components) more application centric for traditional data center as well as cloud-based deployments embracing a mix of Cisco innovations, open source, open APIs as well as a very robust open ecosystem. Several established players as well as innovative startups have seen value in coming on board this ecosystem and delivering joint solutions to customers. One such exciting startup is CliQr, located in Santa Clara – the heart of the Silicon Valley.
Keeping citizens, communities, and countries safer
Around the world, countries are under increasing pressure to better serve their citizens, protect critical resources, and ensure safe communities and nations. In response to these pressing challenges, governments are seeking innovative solutions to address these challenges. In the era of digital disruption, communities and countries are looking to digital solutions and intelligent connections with the Internet of Everything (IoE).
Next week I travel to London to support the newly launched Cisco and Intel Communications Zone at DSEI. Together with our partners, we will showcase and demonstrate innovative ways to deliver mission-critical, secure communications and digitally-enabled capabilities with the Internet of Everything.
Demonstrations will include:
Cisco Mission Fabric Communications
Digital Defense Capabilities for Smart+Connected Base
A letter from private sector businesses and organizations to the Federal Communications Commission, and Departments of Transportation and Commerce, agreeing on a single set of principles to examine use of the 5.9 GHz band by unlicensed devices, arrives like the fall weather – crisp, clear and a relief from the heat and humidity of summer. This letter lays out a clear path forward for determining whether sharing in the 5.9 GHz band can take place without causing harmful interference.
And even more noteworthy, members of the Senate Commerce Committee had a strong hand in moving the parties into agreement – demonstrating once again that a bit of well-executed oversight can have a tremendously positive impact on issue resolution.
For a while now, we’ve been reading cringe-worthy news reports about different segments of the industry supporting violently different views of what the 5.9 GHz band should become. Because the 75 MHz of radio spectrum (5850-5925 MHz) sits adjacent to a large swath existing unlicensed spectrum, the notion is that in some way, it may be possible for unlicensed technologies (such as Wi-Fi) to utilize bits of the 5.9 GHz radio spectrum that incumbents (such as intelligent transportation systems) are not using.
But that simple idea has itself generated controversy – exactly how would that happen? And who decides? Based on what? After all, the incumbent ITS uses are “safety of life” uses – designed by the Department of Transportation and auto industry to enable unimpaired drivers to avoid dangerous and even deadly accidents and road conditions.
Full disclosure: Cisco has been working on technology that would allow Wi-Fi to share the 5850-5895 MHz portion of the band while ensuring current and planned ITS uses could use the band undisturbed by radio interference. Cisco believes that we can listen, detect, and avoid ITS uses of the band, and that the benefits of using this spectrum – away from active roadways where ITS use would be prevalent – are huge. Cisco also offers solutions to the transportation sector that include ITS radios. As a result, Cisco is strongly interested in a “win-win” for the two radio communities of interest.
What’s to admire about this letter?
For starters, it embraces the view that regulators ought to consider having different systems share the same radio spectrum – provided that that there is an objective fact-based case to demonstrate that the systems with superior rights are protected from interference.
That’s good for consumers, because:
(1) it ensures driving will be safer ;
(2) it ensures we’re using radio spectrum resources as intensively as possible; and (3) if we can make Wi-Fi share effectively, that means more Wi-Fi channels will be available for broadband connectivity.
We also agree – the FCC, in close coordination with the DoT and other federal agencies – should take the lead to ensure that testing and modeling support a future decision to open the band for shared use. The FCC has the appropriate skills and expertise to understand how to evaluate the complexities of advanced radio sharing, while the DoT understands best what the ITS radios must be able to achieve from a performance standpoint when installed in cars and on roadways.
We also agree that the parties and agencies should utilize the FCC’s docketed proceeding to ensure relevant data and testing are available on the public record for any interested party to access. This is the best mechanism to ensure all sides are heard.
And we strongly agree that the process of evaluating new technologies for sharing should not be held to a simplistic deadline, after which the examination is abandoned in favor of some other approach.
When Wi-Fi embarked on an effort in 2002 to open up other sections of the 5 GHz band to unlicensed use, it took nearly four years before the FCC adopted final rules that permitted Wi-Fi to share the band with governmental radars. The process of opening new spectrum to sharing is complex and contains unexpected twists and turns that cannot be anticipated.
Congratulations to the Senate Commerce Committee for aligning the parties around a path forward, and to the private party signatories for thinking through what they could agree on, instead of continuing to disagree.
You know the differences between 802.11ac and 802.11n. You can explain how to install a wireless network until the digital cows come home. You even know the technical term for “the fear of phones”! How about taking all that knowledge and using it for something fun?
Cisco is proud to present Mobility Motor Mania, an interactive video game focused on the things that you know best: wireless networks, mobility and security best practices.
New CEO Chuck Robbins says it’s because Cisco Rocks (and it does!)
Recently, the Life at Cisco Instagram account (follow us!) asked employees to submit photos via Instagram (and a few other methods) to show us why they chose Cisco. (See the original blog post here.) Turns out, all employees needed was a white-board, a dry-erase pen, and a chance, and they were more than excited to tell us why “#IChoseCisco.”
There were originally supposed to be two winners – one decided by the Instagram community (by which photo got the most likes) and one decided by Cisco’s HR leadership. The thing is, we got so many great entries, that the HR leadership couldn’t pick just one! So we divided the entries into categories, and picked a winner from each! Each one will be notified via their method of entry and receive a $50 gift card.
The winner for the most Instagram likes (194!) is Eric Castro, IT Engineer for Cisco in San Jose, CA.
And the winners in each category are . . . . (envelope please.)
#IChoseCisco because . . . Cisco Cares About It’s Employees
Winner: Amy Cable, Careers Services Manager at Cisco in Austin, TX
#IChoseCisco because . . . Cisco Gives Back
Winner: Lohith M – Software Engineer at Cisco in Bangalore
#IChoseCisco because . . . Cisco Is Fun
Winner: Harshwardhan Rawoot, IT Engineer for Cisco in Bangalore
#IChoseCisco because . . . Cisco Encourages Individuality
Winner: Jyoti Sarin, IT Manager for Cisco in San Jose
#IChoseCisco because . . . Cisco Inspires Innovation
Winner: Irina Kirnos, Business Systems Analyst for Cisco in San Jose, CA
#IChoseCisco because . . . I Was Inspired by Others
Winners: Joanne Lim, Client Services Manager for Cisco; Jennifer Leow, Executive Assistant for Cisco; Geraldine Teo, Sales Business Development Manager for Cisco – all in Singapore
#IChoseCisco because . . . of Cisco’s People
Winner: Lim Hwa Choo, HR Manager for Cisco in Singapore
#IChoseCisco because . . . Cisco Fuels Adventure/Creativity
There was a TIE!
Winner 1: Jeremy Young, Network Engineer for Cisco in Raleigh, NC
Winner 2: Alexandra Visser, Business Operations Manager for Cisco in Amsterdam.
The Internet of Things World Forum (IoTWF), Dubai is just three months away! In its third year, the IoT World Forum is continuing some of our hallmark programs while introducing new activities.
As in previous years, the industry’s leaders in public sector, private business and education will gather again to collaborate, network, partner, and build the IoT ecosystem together. The IoTWF is the one place where the entire IoT community can share the latest developments and emerging applications, all of which will be on display onsite.
Back this year are amazing keynote speakers, targeted business breakout sessions, our expanded research symposium, an exciting tour to highlight local IoT deployments, our IoT Hack-a-thon, and Innovation and Security Grand Challenges. New this year are technical breakout sessions, proven customer stories to highlight lessons learnt, IoT talks, an interoperable demo, the service provider angle on IoT, and increased time for networking. With registrations recently opened, I wanted to highlight some of my favorite aspects to this year’s World Forum.
Digital disruption. IDC says that 40% of market share leaders in their respective industries (our customers!) will be out of business in 10 years, because they will miss their transformation to Digital. What they need? Fast IT. Cisco experienced (both first hand and with our customers) that Fast IT is the key capability that enterprises need to build to successfully transition to a digital model. Over the last 8 years, Cisco has built a truly unique approach to Fast IT, grounded on our own internal IT transformation, which led (among others) to the Cisco eStore. We learnt that adopting a Fast IT model is less about technology and more about progressive cultural and process changes. The transition requires pervasive shifts in the way IT is organised; how services are defined, delivered, consumed, and financed; and how IT measures success, evaluates costs, and assigns roles and responsibilities.
This week, at the Partner Technical Advisory Board (PTAB), we have the pleasure of hosting around 40 Cisco Partner CTOs for three days in beautiful Marbella, Spain. The objective is to hear and gather their views and advice on the vision, strategy and deployment to market of Cisco technologies, products, architectures, services, and solutions. We are having a fruitful open exchange, ultimately helping us meet our mutual growth and profitability goals as we together deliver business outcomes to our customers.
On the agenda of the day 3: Cisco’s approach to Fast IT Business Transformation, and more specifically what is the opportunity for Cisco partners. To understand Cisco’s core message for Fast IT, you can watch the following short video.
A few years ago sandboxing technology really came of age in the security industry. The ability to emulate an environment, detonate a file without risk of infection, and analyze its behavior became quite a handy research tool. Since then, sandboxes have become relatively popular (not nearly on the same scale as anti-virus or firewalls) and can be found in larger organizations. You may even have purchased a sandbox a few years ago, but it’s likely that your malware analysis needs have gone beyond the traditional sandboxing technologies that simply extract suspicious samples, analyze in a local virtual machine, and quarantine.
It’s time to go beyond using sandboxing as a standalone capability in order to get the most out of it. You need a more robust malware analysis tool that fits seamlessly into your infrastructure and can continuously detect even the most advanced threats that are environmentally aware and can evade detection.
There are three typical ways that organizations purchase and deploy sandbox technology.
A stand-alone solution designed to feed itself samples for analysis without dependency on other security products. This has the most flexibility in deployment but adds significant hardware costs and complexity to management and analysis, especially for distributed enterprises.
A distributed feeding sensor approach, such as firewalls, IPS, or UTMs with built-in sandboxing capabilities. These solutions are usually cost effective and easy to deploy but are less effective in detecting a broad range of suspicious files including web files. They can also introduce bandwidth limitations that can hamper network performance and privacy concerns when a cloud-based solution is the only option.
Built into secure content gateways, such as web or email gateways. This approach is also cost effective but focuses on web and email channels only and also introduces performance limitations and privacy concerns.
But there’s a fourth way that actually takes the best of what these approaches offer and raises the bar to help you fight well-funded attackers that get better at what they do every day: Cisco AMP Threat Grid. Through AMP Threat Grid, Cisco offers advanced malware analysis and intelligence that delivers a better ROI, better integration, and more visibility into what is happening in your environment. Don’t take my word for it, though. The Center for Internet Security recently described how they are using it to analyze malware samples from more than 19,000 state, local, tribal, and territorial governments.
AMP Threat Grid is available as an on-premises standalone malware analysis solution and as a cloud-based SaaS solution that provides a REST API to automate sample submissions from a wide range of technologies you have already invested in, including:
Firewalls and Unified Threat Management (UTM) devices from the most popular vendors, including, of course, Cisco ASA
Gateways for both Email and Web traffic
Proxy Servers
Security Information and Event Management (SIEM) systems
Governance, Risk, and Compliance (GRC) tools
And numerous others
Cisco has already integrated AMP Threat Grid’s malware analysis capabilities into AMP for Endpoints. This provides advanced malware analysis as part of AMP’s powerful continuous analysis and retrospective security capabilities. AMP Threat Grid is also integrated into Cisco Email and Web security solutions, providing more eyes in more places. Watch this video to hear how ADP have integrated AMP Threat Grid into their business to become an intelligence-led security organization
Each of these solutions eliminates cost and complexity while offering the ability to analyze a broad range of suspicious objects automatically, including executables, libraries (DLLs), Java, PDF, MS Office documents, XML, Flash, and URLs. Most submissions are analyzed in an average of 7.5 minutes. Not only does AMP Threat Grid analyze a broad range of objects, but it also provides deep analytics capabilities wrapped with robust context. With over 450 behavioral indicators and a malware knowledge base sourced from around the globe, AMP Threat Grid provides more accurate, context rich analytics into malware than ever before.
All samples are given a threat score based on severity and confidence that provides a quick and easy way for junior security analysts to prioritize actions and make better decisions. The threat score is on a 0-100 range, with 100 being known malware and the rest ranging from suspicious to benign because malware is not a yes or no answer.
Perhaps even most importantly, AMP Threat Grid knows its audience; it has no instrumentation within the virtual environment ensuring that even the most sophisticated environment-aware malware is caught. It’s an essential way to rise to the challenge of advanced attackers.
To hear more about how your organization to move beyond the sandbox, watch this webinar featuring experts from Forrester Research, ADP, and Cisco.
Cisco has a broad spectrum of customers across a wide range of markets and geographies. These customers have a diverse set of requirements, operational models and use cases, meaning that a one size fits all SDN strategy does not fit all our customers. As a result, we made a series of announcements earlier this summer (at Cisco Live San Diego) that continued to showcase how our SDN strategy provides customers with a high degree of choice and flexibility. This blog will review key elements of the strategy, as well as provide a bit of background and context around them.
Cisco’s SDN strategy for the Data Center is built on 3 key pillars:
Application Centric Infrastructure (ACI)
Programmable Fabric
Programmable Network
This approach enables our customers to choose the implementation option that best meets their IT and business goals by extending the benefits of programmability and automation across the entire Nexus switching portfolio. Let’s consider each of these pillars.
ACI
A lot has been said and written about ACI already, so I’ll keep this section on ACI brief. ACI is Cisco’s flagship SDN offering. It offers the most comprehensive SDN solution in the industry. Based on an application centric policy model, ACI provides automated, integrated provisioning of both underlay and overlay networks, L4-7 services provisioning across a broad set of ecosystem partners, and extensive telemetry for application level health monitoring. These comprehensive capabilities deliver a solution that is agile, open, and secure, offering customers benefits no other SDN solution can.
I know the paragraph above was a bit of a mouthful. For a quick snapshot of what that all translates to in terms of actually helping a customer, check out this report from IDC. If you want to learn more about ACI, go here.
Programmable Fabric
This pillar is all about providing scale and simplicity to VXLAN Overlays. Beyond that, it provides a clear path forward for the overall Nexus portfolio to participate in and derive the benefits of SDN.
VXLAN has gained huge momentum across the industry for a wide variety of reasons that, in many cases, involve improvements over traditional technologies such as VLANs and Spanning Tree. These involve attributes such as more efficient bandwidth use via Equal Cost Multi Pathing (ECMP), higher theoretical scalability with 16 million segments, and more flexibility through use of an overlay model upon which multi tenant cloud networks can be built. As momentum for VXLAN networks grows, so does the demand for 2 key things:
A standards based approach to scale out VXLANs, and
Simplified provisioning and management of them.
Regarding a standards based approach to scale out VXLANs, Cisco is now supporting “Multipoint BGP EVPN Control Plane” on Nexus switches. Why does this matter? Well, the original VXLAN spec (RFC 7348) relied on a multicast based flood-and-learn mechanism without a control plane for certain key functions (e.g. VTEP peer discovery and remote end host reachability). This is a suboptimal approach. To overcome the limitations inherent with this approach, the IETF developed MP BGP EVPN Control Plane as a standards-based control plane for VXLAN overlays. This reduces traffic flooding on the overlay network, yielding a more efficient and more scalable approach.
As far as the second item, simplified provisioning and management, Cisco announced an overlay management and provisioning system. This new solution, called Virtual Topology System (VTS), automates provisioning of the overlay network, so as to enhance the deployment of cloud based services. Through an automated overlay provisioning model and tight integration with 3rd party orchestration tools such as OpenStack and VMWare VCenter, VTS simplifies overlay provisioning and management for both physical and virtual workloads by eliminating manually intensive network configuration tasks. These whiteboard sessions provide an overview and also a bit more technical detail, if you’re interested.
Programmable Network
Infrastructure programmability is a big deal because it drives automation, which drives speed, which is an obvious prerequisite for the success of just about any business dealing with digital disruption. As programmability evolves, Cisco continues to roll out more and more capabilities across the Nexus portfolio. We have a broad range of features in this space including things such as Programmable Open APIs, integration with 3rd party DevOps and Automation tools, Custom App Development, and Bash shell commands. This set of capabilities within NX-OS facilitates the concept of the Programmable Network pillar. Let’s consider how this may be useful for you.
A while ago, a small number of customers with very large networks started shifting the way they operated. Their networks were growing very large because (not too surprisingly) the number of users, thus servers, was growing very large. As the number of servers grew larger and faster, they realized they had a choice:
Hire a zillion new sys admins, or
Brutally overwork their existing sys admins, or
Deploy and manage servers in new and different ways.
The last option won out (in many cases, anyhow), and the revelation was automation. That is, tools that automated server deployment and management helped these sys admins and their employer’s scale the business. In the process, they paid close attention to metrics like the number of servers a given admin was managing. These “device to admin” ratios went up a lot…like in some cases orders of magnitude. With automation tools and other changes (to culture, process, etc.), some companies saw admins managing not 10’s or 100’s of servers, but 1000’s of servers. They also started experimenting with and employing DevOps – a term that at this point has a multitude of meanings, but is defined here in simple English.
As these elements have converged, people across different silos have started to collaborate a bit more, and as a result, tips, tricks and tools have started to spill across the silos. So, for example, as sys admins saw efficiency gains from using tools like Puppet and Chef to automate tasks on their servers, there was a desire to use the same tools on networks. In other cases, someone who was comfortable with Linux and wanted to work from a Bash shell wanted to use those commands for configuration and troubleshooting on the network as well as servers. Others wanted APIs that would allow extraction of all sorts of arcane box info to be massaged and acted upon by scripts and other tools.
Essentially, there was a need for more elements of the box to be more accessible and programmable in a wide variety of ways. It’s worth noting that although these trends started with a small subset of customers, many of the elements are working their way out to a much broader, more diverse cross section of customers. As this evolution has occurred, Cisco has been adding more programmability to the Nexus switches. This paper provides a more detailed view of various use cases and the functionality Nexus provides.
In summary, these 3 pillars of ACI, Programmable Fabric and Programmable Network provide a wide range of capabilities to help our customers across the broad spectrum of challenges they have. In the coming weeks and months, we’ll provide more information – here, as well as other venues – to help you better understand the strategy and its components. If this blog was too geeky and you’re looking for upleveled info, we’ll have that. If this was too fluffy, and you want more technical depth, we’ll have that as well. To punctuate this point, I’ll be hosting a webinar on September 15 that will cover the above in more detail. You can register here.
