Yes, it’s official! Cisco successfully completed the ISO 27001 Certification across our entire services business worldwide. This important certification reinforces our commitment to protecting Cisco and our customers. With Cisco as a trusted partner, customers can be confident that every possible safeguard is in place to protect their data.
Every single one of us has been directly impacted or knows someone who has been the victim of data breaches that have become an unfortunate norm in headline news. For a business, that breach loses customer confidence and also costs a company money. The security of our customers’ data has never been a higher priority. ISO 27001 Certification means Cisco security policies and procedures have been independently verified, providing a systematic and proactive approach for effectively managing security risks to confidential customer information.
The ISO 27001 Certification is a global, industry-wide specification for an Information Security Management System (ISMS), which is a management framework through which an organization identifies, analyzes and addresses information security risks. To achieve this certification, Cisco underwent a comprehensive independent, third party audit of our security practices and methodologies by TÜV SÜD.
As the number one cybersecurity company, Cisco is dedicated to raising the bar for information security for customers. We invested the time and resources to achieve this certification to give our customers something invaluable: peace-of-mind.
So, thank you to our entire Cisco Services team for your time and efforts to make this happen. In case there was ever any doubt, we are all-in when it comes to protecting data!
Cisco’s services expertise spans the IT lifecycle – from advisory and manage through training and technical services – so you can easily move wherever business takes you. To learn more, visit us at: http://www.cisco.com/c/en/us/services/overview.html
Speech control of drones and robots is so popular these days that a simple Google search reveals about 14 million results on the topic. However, many of these projects are meant for hands-on technical people as opposed to business or operational folks interested mainly in outcomes. Wait no more. Cisco is already in the process of enabling speech-controlled drones and bots for secure enterprise requirements. It’s highly likely they’ll become an integral part of Cisco’s Autonomous Systems Application Platform (ASAP) in the future.
Bringing enterprise-grade security, reliability and scalability to speech- and gesture-controlled bots can unleash the real business value.
Cisco’s Karan Sheth collaborated with Built.io’s Nishant Patel and team to create a collection of enterprise-class, speech-controlled bots. As described in the diagram above, a user’s arbitrary speech or Spark commands were delivered to Cisco’s private cloud environment over Built.io’s cloud and secure enterprise gateway infrastructure. Once inside the secure infrastructure, even the smallest of hardware like Raspberry Pi could execute intended workflow commands without worrying about security or access control.
On the output side, once the results were ready to share, Built.io’s enterprise gateway and cloud engines were once again used to seamlessly deliver outcomes to intended recipients over a multitude of interfaces, including Spark rooms, Tropo text messages, emails, and more.
Riding on the success of this small initial experiment, the team embarked upon a generalized scenario testing as depicted below. Any set of sensors, drones, robots, business workflows, or scripts can be trigged using the same mechanism with result sharing happening in a dynamic, highly collaborative environment.
Check out a short video of a private-cloud drone flying via Google Home speech commands as well as Spark bot commands and posting the results back in the Spark room–all while seamlessly and securely transferring from Built.io’s and Spark’s public cloud to Cisco’s private cloud devices.
Cisco’s exciting co-innovation journey is creating big ideas—and big results. Join us as we continue making amazing things happen via drones and bots.
“You take the blue pill, the story ends. You wake up in your bed and believe whatever you want to believe. You take the red pill, you stay in Wonderland, and I show you how deep the rabbit hole goes.”
That was 1999 – a seminal scene in the sci-fi motion picture “The Matrix.” Morpheus reveals new insights to Neo; explaining that the red pill refers to a human who is aware of the true nature of the Matrix.
Fast forward nearly two decades to today and you don’t need the red pill anymore. We now have augmented reality (AR) and virtual reality (VR) technologies that will help you visualize immersive multimedia or computer-simulated environments and enable you and others interact within this Matrix-like realm in real-time. So, if you choose to, you can create and step in and out of virtual worlds that engage all of your senses.
The AR and VR revolution is primed to move beyond the nascent stage. Both VR and AR are poised to be among the biggest trends in mobile technology (featured prominently at this year’s Mobile World Congress event – learn more).
Recent technology innovations have helped us move from Hollywood visions to new levels of alternate or augmented reality. Advancements in mobile technology, edge computing and wireless networking, preliminary 5G networks, highly efficient mobile connectivity solutions, ease of access to smarter mobile and wearable devices, have all contributed to this rich environment for the growth of AR and VR.
While Virtual reality immerses users in a simulated environment, Augmented reality is an overlay of technology on the real world. Mixed Reality, a popular form of Augmented Reality, has a much higher degree of complexity and is much more realistic. It combines the use of several types of technologies including sensors, advanced optics etc bundled into a single device which provides the capability to overlay augmented holographic digital content into your real-time space, creating realistic scenarios. All are equally appealing and compelling and have their own set of specific applications and requirements.
The accelerated acquisition of smartphones, tablets and wearable devices is significantly contributing to the development of AR and VR markets. According to Cisco Mobile Visual Networking Index (VNI) globally, smartphones will be 53.1% of device connections by 2021 (a CAGR of 11 percent), and 85.8% of total traffic growing at a CAGR of 48 percent. VR headsets will grow from an installed base of 18 million in 2016 to nearly a 100 million by 2021, a growth of 40 percent CAGR. AR and VR market development is expected to follow a similar trend.
VR and AR ecosystems have just started developing with the proliferation of content creators to AR/VR platforms to software developers developing applications that leverage the AR/VR technology to enable compelling use cases across all verticals, specifically around, building, construction, real estate, health care, tourism and education.
As a part of our forecasting effort for Cisco Mobile Visual Networking Index 2016-2021 this was the first time that we analyzed and included a VR and AR mobile traffic forecast. When we began our analysis we wanted to see how a VR and AR experience could be included in our daily lives and found that it can be pretty much a seamless experience where the digital environment and applications seep into an analogue daily routine- for example checking email, cooking dinner, doing yoga etc. In fact, pretty much anytime during the day there could be a VR and AR component attached which was previously untouched so there are immense possibilities and opportunities for AR and VR out there.
And on the flip side, this could be a boon for enterprises as this digital world is incorporated into a consumer’s life. While entertainment and gaming are one of the key applications driving VR, and we are seeing strong growth there, AR is primarily being driven by industrial applications such as retail, medicine, education, tourism just to name a few.
From a Service Provider perspective, what this boils down to is that these innovations in AR and VR will place new demands on the network in terms of its quality and performance. Bandwidth and latency requirements will become increasingly important for a high quality VR and AR experience. The Cisco Mobile Visual Networking Index forecasts that globally, Virtual Reality traffic will grow 11 fold from 13.3 Petabytes per month in 2016, to 140 Petabytes per month in 2021. Though a small percentage (0.29%) of global mobile traffic but growth is higher than average total mobile data traffic. Globally, Augmented Reality traffic will increase 7-fold between 2016 and 2021, from 3 Petabytes per month in 2016 to 20 Petabytes per month on mobile by 2021. The same outlook holds here as well wherein it will be a small percentage of global mobile traffic with less than half a percent of global mobile data traffic, but the traffic characteristics are different and something that should be tracked.
AR and VR is a very interesting market space that shows considerable promise for consumers and business users. It indeed is a wonderland that is turning into a reality and we are watching to see how it is going to evolve. Stay tuned with us and we will keep you informed on how deep the rabbit hole goes. You won’t need the RED pill for a heightened sense of enlightenment, but a VR headset may be required.
Co-authored with Nicolas Breton, Product Manager Marketing, Cisco
In the era of Cloud-scale networking, network simplicity, agility and scale are essential. Service Providers are currently expanding their Data Center footprint to offer on-demand virtualized network services. This is what the industry refers to as Central Office transformation. Consequently, SP networks have been evolving towards network fabrics that connect small/medium-sized Data Centers to large ones but the complexity of delivering end-to-end services has never been so high. This is mainly due to the number of protocols serving different purposes that accumulated over the past 10 years or so.
It’s prime time for network simplification!
How can you make it simpler?
Instead of running multiple control planes, look for a unified one. But which protocol should you consider? EVPN is a control plane of choice in the Data Center, so expanding it across the network seems to make sense. EVPN provides scalability, optimal forwarding and avoids traffic floods. As such, EVPN can be used for all Data Center to Data Center, Data Center to WAN and any other connectivity to the Data Center. Having one single Control Plane extending from Data Center to Metro and WAN brings simplification to the networking stack.
What are EVPN benefits?
EVPN provides separation between the Data Plane and the Control Plane allowing for the use of different encapsulation mechanisms in the data plane while maintaining the same Control Plane. Cisco’s implementation of EVPN supports different flavors, including EVPN VXLAN, EVPN MPLS and PBB EVPN. It also supports MPLS Segment Routing transport, which is gaining strong traction with Service Providers & Enterprise customers.
How does it work?
EVPN uses Multi-Protocol Extensions to BGP (MP-BGP) to distribute Layer2 MAC or IP information. Therefore, EVPN can control Layer2 or Layer3 overlays and can be used to deliver Ethernet and IP VPN services removing some complexity at the control level.
Moreover, EVPN provides enhancements over existing technologies. First, it optimizes traffic load sharing with all active multi-homing, e.g. devices or servers can be dual homed with both paths actives and per flow load sharing. As the multi-homing all active capability is native to EVPN, no need for complex Multi Chassis LAGs (link aggregations) configurations.
EVPN limits flooding for unknown Unicast as it does not use flood and learn technology. The learning is all in the control plane allowing for more control and policy enforcement. EVPN is also performing ARP suppression, another optimization that reduces unnecessary traffic flooding in the network.
In the Data Center, EVPN enables optimal East-West and South-North traffic forwarding. It supports Integrating Routing and Bridging for inter subnet routing. It also supports MAC mobility, so VMs can be moved within or across Data Centers. As EVPN is multi-transport, it can run over VXLAN or Segment Routing and enables scalable services fabrics.
Cisco’s EVPN solution can be deployed in the Data Center, at the DC Interconnect as well as in Metro/Core networks. For brownfield deployments, Cisco’s EVPN solution comes with tools that provide seamless integration and interworking with existing technologies. EVPN is an industry standard as defined in IETF RFC’s which Cisco has been contributing to.
EVPN’s adoption is growing as Service Providers see the need and benefits of having a unifying overlay Control Plane.
If you’re attending MPLS World Congress in Paris next month, do come and listen to Patrice Brissette’s EVPN presentation on Thursday, 23rd at 2:20pm.
Dennis Perto is a Cisco Champion, an elite group of technical experts who are passionate about IT and enjoy sharing their knowledge, expertise, and thoughts across the social web and with Cisco. The program has been running for over four years and has earned two industry awards as an industry best practice. Learn more about the program at http://cs.co/ciscochampion.
==========================================
I am about to take you on a tour of the last few generations of Cisco firewall and their architecture to give insight in why the Firepower 2100 is not at all like the Firepower 4100 and not like a ASA5516-X either.
First, I would like to make a note of the lack of presenting the architecture of the ASA5505 and ASA5585-X even though they are still being used today. This is because they differ too much from the architectural evolution of Cisco firewalls and will not help with understanding why Cisco is choosing this specific path for the Firepower 2100 series.
I will start from the top down, with the best performing firewalls continuing to the least performing firewalls and why Cisco is replacing these.
High end architecture – Firepower 9300
A couple of years ago Cisco released a new architectural platform going away from the well-known ASA platform. We were first introduced to Firepower 9300 and subsequently to the Firepower 4100, primarily focused at data center deployments. These models are born with supervisors to make them modular, like several other high-end Cisco platforms. I hope that it will be possible to upgrade the supervisor to enable the use of two single-width 2x 100Gbit network modules (NM) in the 9300, or even to enable the use of future security modules requiring more than two 40Gbit links to the internal switch fabric. I am hoping for these theoretical wishes to come true.
Looking at the block diagram of the 9300 above you see that the supervisor has its own CPU and RAM for controlling the operating system (FX-OS), which is used to deploy Firepower Threat Defense or ASA software to a security module and manage the network interfaces.
Downscaling great architecture – Firepower 4100
Firepower 4100 came to be due to the exorbitant cost of the 9300 series. The one thing not supported on the 4100 platform is the 100Gbit interfaces. There are 8x 10Gbit interfaces soldered in the chassis and it is possible to buy additional 1, 10 or 40Gbit interfaces in a network module. Fail-to-wire network modules is also a possibility on this platform.
As seen on the image above, the 4100 series only have one security module compared to the possible three security modules in the 9300, but the architecture is the same as in its older brother.
Legacy firewalling – ASA5512-X to ASA5555-X
This ASA platform is probably the most used today. The reason for this is the performance and modularity. It does support three different IPS engines and the possibility to add more 1Gbit interfaces on the higher end devices.
This block diagram above depicts the architecture of the ASA5512-X through ASA5555-X. The ASA5512-X and ASA5515-X have already been replaced with the newer ASA5508-X and ASA5516-X platform, and now the Firepower 2100 is supposed to relieve the ASA5525-X, ASA5545-X and ASA5555-X platforms of their duties.
Legacy upgrades – ASA5508-X and ASA5516-X
The replacing of the ASA5512-X and ASA5515-X was long overdue, but Cisco hit a soft spot with the customers with the ASA5508-X and ASA5516-X. The price-performance ratio was great for small customers and branches with the option to install Firepower Threat Defense for increased security.
You should make a note of the placement of the NPU and compare it to the ASA5512-X to ASA5555-X platform. The NPU on this platform is doing most crypto tasks for IPSec and SSL VPN, just like the crypto engine used to do without the limitation of a system bus connecting the external NICs.
Finding the sweet spot – Firepower 2100
With Firepower 2100 being the youngest brother in the Firepower appliance series, Cisco took a step back towards the ASA X-series architecture. In this we have no supervisor in charge of the switching fabric or the networking interfaces. Everything is owned by the security module itself and this gives us an advantage in the direction of single box deployment management. On-box management is possible on the new Firepower 2100 series appliances but it is not possible on the 4100 nor the 9300 series. Under the hood of the operating system on the 2100 there is a small subset of the FXOS features needed to handle the interface configuration. The main difference (secret sauce) between the 5516-X architecture and the Firepower 2100 is that the NPU is not just used for crypto operations anymore. The new line also uses this NPU for layer 2 – 4 firewall operations and “fast path” traffic offloading. This is a great architectural step forward, but it is of course not as streamlined as the 4100 or 9300 series, where the Smart NIC is doing the traffic offloading and yet another NPU is handling the crypto operations. Personally, I like that every chip is made for specific problems, in opposite to one chip doing all kinds of tasks it was not optimized for.
As of Firepower Threat Defense 6.2 Active/Standby failover is possible on both the 2100, 4100 and 9300. Active/Active will be possible when the multi-context feature will be included in the FTD image. Clustering is unfortunately only supported on the 4100 and the 9300 appliances. Five 9300 chassis can be clustered with three security modules each, while sixteen 4100 appliances can be clustered.
The Firepower 2110 and 2120 appliances come with 12 x 1Gbit RJ-45 ports and 4 x 1Gbit SFP ports with no options to expand this. This is a great rip and replace option for the current owners of the ASA5525-X, ASA5545-X and ASA5555-X firewalls. If you need to upgrade the edge firewall to 10Gbit you will need to buy either the 2130 or 2140 appliances. The Firepower 2130 and 2140 also come with the same 12 x 1Gbit RJ-45 ports as the lower end Firepower 2100 models. Along with this there is 4 x 10Gbit SFP+ ports and the option to put a network module (NM) card to add an additional 8 x 10Gbit SFP+ ports. Fail-to-wire network modules will be available. I do not expect 40Gbit interfaces to be available for this platform.
The Firepower 2100 is a great next generation firewall. As I see it the popularity of this will depend on two things;
1. The price. If it is too expensive customers will find another firewall manufacturer and buy a cheaper model with the same specifications.
2. The feature set. If the features of the ASA software is not implemented in FTD in haste the customer is forced to keep buying ASA X series or, again, go to another manufacturer.
Learn more about the Firepower 2100 appliances at Cisco.com.
You are likely faced with unprecedented change in technology adoption, implementation of service and business go to market while trying to grow business and manage your bottom line. Customers want new services and application features delivered with agility;
quickly, painlessly, on demand and with seamless revision and feature enhancements. Did we mention, they want all of this with better predictability and at a lower cost? Cloud and virtualization technologies are changing quickly and helping to drive new business outcomes. They are most certainly helping you to drive new service offerings and customer consumption models (pay as you grow).
It’s business critical that you, as the service provider, have a clear view into the surrounding customer requirements (beyond your four walls), choose architectures and your technology partners with careful consideration and move quickly up the customer value stack to “survive” in the new cloud era. Sound familiar?
Your traditional enterprise customers are starting to explore new service options and new business use cases made possible through new innovative technologies. In addition, Cloud & IOT are changing the business landscape, we are now starting to see next generation services develop in specific industries (e.g. Machine-2-Machine, Smart Cars). We also see Security as the number one concern from CIO’s and IT leaders in 2017, as well as, the board room as they ultimately work to protect their brand. What can you do to help drive business outcomes and become the trusted advisor for your customers?
Think about the requirements and demands that Line of Business Managers are now placing on the Enterprise CIO… These demands likely impact network capacity (incl. bursting demand), service availability, intelligent data analytics (made available through digitization), mobility and the most critical aspects of enterprise security. You’ll need to fully understand the advent of disruptive technologies, the providers that deliver various solutions to your customer’s problems and how they are enabling new Cloud enabled services. Cloud services are accelerating at an amazing pace. For example, Cloud Data Center traffic will grow 26% CAGR from 2015-2020. Cisco GCI estimates that 600ZB of traffic will be generated by people, machines and things by 2020. Further, imagine, by 2020 92% of workloads will be in Cloud data centers. What does this mean for you? SP’s and their technology provider partners that can move up the customer value stack by delivering validated solutions and next gen cloud services (while solving for business outcomes) will undoubtedly become the next generation of leading service providers. Read the SP Cloud Survival Guide and take action now.
Everyone wants choice, and software customers are no exception. Software vendors have traditionally offered different versions of their applications, with labels like Deluxe or Premier, to distinguish what type of functionality is included.
Another area where vendors are increasingly providing customers with a new type of choice is where to deploy their software. Traditionally, customers deployed software within their premises or with a partner/outsourcer in a hosted model. However, as public cloud delivery models have moved mainstream, customers are increasing moving to SaaS deployment. According to Cisco Research, 56% of cloud workloads will be in public (vs. private) cloud data centers by 2019.
The challenge for many customers is that they have already made large investments in on-premises technology and want to continue leveraging these. New customers may not be ready for “cloud-only” deployment across their entire infrastructure. This has given rise to hybrid deployments, where customers consume some services via the cloud and others on-premise. In fact, Gartner predicts that by 2020, hybrid will be the most common cloud deployment choice.
Once again, customers want choice. This time in where to deploy their software – either on-premise or via the cloud. This results in a question for vendors: How can a single offer give customers the flexibility to deploy either way?
Companies have approached this different ways. Microsoft, for example, has had a large installed base of on-premise Exchange customers. While Office 365 includes Exchange in a SaaS model, most customers already had Exchange on-premise. To help facilitate the transition, Microsoft provided their Office 365 cloud-based users with rights similar to those offered through their on-premise Client Access Licenses, eliminating the customer’s need to pay for both. This helped fuel the growth of Office 365.
Just because the software can be deployed either on-premise or in the cloud, doesn’t mean that there is seamless interoperability between the two. While the customer has investment protection, migrating users likely requires a project, especially for complex environments.
Within Cisco, we’re providing customers with deployment flexibility, in software subscriptions that enable customers to deploy software on-premises, in the cloud, or across; and the freedom to move between deployment models as necessary. We’re rolling out this Flex Plan capability across the portfolio.
One example is Cisco Spark Flex Plan, where customers have the choice to deploy meeting capabilities either using cloud-based Spark Meetings or the on-premise Meeting Server. Similarly, customers can conduct phone calls using the cloud-based Spark Call or on-premise Unified Communications Manager.
Similarly, Cisco Hybrid Email Security, offers customers the option to run the on-premise Cisco Email Security Appliance or access that functionality via the Cisco Cloud Email Security service. Additionally, they can shift users across these two deployment models at any time.
Not only does this allow customers the flexibility to choose the deployment model that fits their business, it allows them control the pace of their journey to the cloud.
Going forward, we’ll be providing this Flex Plan model across more of our portfolio as we release new cloud-based software. We think it’s going to be a hit. Let us know if you think this approach hits the mark!
There has never been a more interesting time to be a Service Provider. Today, we are in the midst of a once in a generation transition in technology that we last saw with the birth of the internet. Today, the exponential growth in hyper-connectivity, the services that evolve upon it and the dawn of the Internet of Things demand a next generation of flexible and dynamic infrastructure. To power this new epoch in infrastructure, Service Providers are grappling with the promise and challenge of such technologies as virtualization and orchestration. Compounding this challenge is the need to maintain the security of this critical infrastructure and the confidentiality, integrity and availability of the information that resides upon it. Service Providers are well aware of this requirement and have traditionally built architectures that focused on enforcement of the security perimeter.
The challenge with architectures like this is that despite building ever taller walls and ever deeper moats the bad guys are continuing to evolve more sophisticated ways of bypassing the perimeter. Much like the Trojans of ancient times we see increasing techniques to not only bypass these walls but also to bypass perimeter inspection mechanisms. This pattern of behavior is not dissimilar to the evolution of most traditional security mechanisms for example the passport. Originally started as a document that stated a list of places, towns or cities where someone could visit it was rapidly determined that additional information, such as height, weight, eye and hair color was needed in order to prevent spoofing.
Later on, it was determined that even this additional information would not be sufficient to prevent a determined and motivated malicious actor from bypassing these checks and misusing the passport. What followed as a logical consequence of this was the birth of modern surveillance and intelligence services required to protect society in the state from these malicious users. These services were very much focused on the concept of visibility and understanding within the borders of the state that they are operating. In many ways, the problem of the Service Provider is very similar to that of the state and as a consequence we should look to learn from the past to develop solutions that may help.
This is why within Cisco’s Open Network Architecture (ONA) pervasive security is called out as being critical and in my next post I’ll describe what is meant by this pervasive security.
These words are the call to action for this year’s International Women’s Day (Wednesday, March 8). They call attention to women’s issues around the world – top of mind for so many of us. They also focus on our ability to address these issues and recreate the world according to a more inclusive and equitable vision.
I believe in bold change. Cisco believes in bold change. And I’m honored to head up Corporate Affairs and Corporate Social Responsibility, where we’ve made a commitment to positively impact one billion people by 2025. We’ve been bold – and we’re getting bolder. Expanding signature programs and piloting a great many new ones.
As part of this work, we support and invest in nonprofit organizations that promote social change around the world – small, large, established, and up and coming. Many of these global problem solvers have developed innovative solutions to empower women to lift themselves out of poverty and create their own opportunities.
Technology has consistently and increasingly proven a vital partner in these endeavors. At Cisco, we believe a strong digital foundation is key to accelerating innovation and problem-solving. Similar to any business customer we support, we help social change organizations around the world by donating Cisco technologies, contributing our expertise, and providing early stage seed funding.
We help them increase operational efficiencies and leverage technology to reach more people in need. Providing banking services, improving access to water, food, and shelter, developing job training programs, and much, much more.
Technology can help make your great ideas a reality, build programs that help a community of women, and sustainably scale them to impact millions. I’m honored we play a part.
On a day when we celebrate the unique role of women in our world, I take heart that the world’s never had the volume of tools for social change that we have today nor the technology to make them go further. So be bold and make whatever you can imagine possible.
To follow our journey as we strive to help 1 billion people worldwide through our CSR work, be sure to sign up for our email list.
