Year: 2017

September 27, 2017 Leave a Comment
Avatar

September 2017 Cisco IOS & IOS XE Software Bundled Publication

Today, we released the last Cisco IOS & IOS XE Software Security Advisory Bundled Publication of 2017. (As a reminder, Cisco discloses vulnerabilities in Cisco IOS and IOS XE Software on a predictable schedule—the fourth Wednesday of March and September in each calendar year).  Today’s edition of the Cisco IOS & IOS XE Software Security Advisory Bundled Publication includes 12 advisories that disclose vulnerabilities in the following technologies:

  • Cisco Plug and Play Application
  • Common Industrial Protocol (CIP)
  • Dynamic Host Configuration Protocol
    (DHCP)
  • Internet Key Exchange (IKE)
  • Line card console
  • Locator/ID Separation Protocol (LISP)
  • Network Address Translation (NAT)
  • Process Field Net (PROFINET) Discovery and Configuration Protocol
  • Router Blade Installation Packet (RBIP) Protocol
  • Virtual Private LAN Services (VPLS)
  • Web UI
  • Web UI REST API

Make sure you take a look at the Cisco Event Response—our go-to document that correlates the full array of Cisco Security resources for this bundle, including links to the advisories, CVSS scores, Security Impact Ratings, and OVAL definitions. And don’t forget about the Cisco IOS Software Checker, the quickest way to determine your exposure to vulnerabilities disclosed in this advisory bundle and to identify the earliest release (“First Fixed Release”) that corrects all the vulnerabilities described in a particular security advisory. Cisco updates the Software Checker data daily to include the most current information. And, as you may recall from last year, the Software Checker now supports queries for Cisco IOS XE Software releases. You asked for this functionality and we listened.

As the project manager who oversees the management and delivery of these bundled disclosures, I have unique insight into the level of effort and collaboration involved—a dedicated team of incident managers, a variety of partner organizations, special tooling, months of preparation, and thousands of communications. All of these come together to deliver a bundled disclosure on the fourth Wednesday of March and September in each calendar year.

Cisco PSIRT is committed to improving our disclosure processes to meet your needs. We hope the publication timeline, enhanced tooling, and additional “bundling” help your organization plan and ensure that resources are available to analyze, test, and remediate these vulnerabilities in your environments. Please let us know in the comments below. We take your feedback seriously!

The next Cisco IOS & IOS XE Software Security Advisory Bundled Publication is scheduled for March 28, 2018. Mark your calendars now. And don’t forget—for all things security, visit the Cisco Security portal, the primary outlet and home for Cisco security intelligence content.

Authors

Avatar

Erin Float

Project Manager

Security Research and Operations Group

3 Comments
Avatar

Simplifying Networks through Segment Routing

The networking industry is going through an incredibly dynamic time of change and opportunity. Global IP traffic will increase nearly threefold over the next five years and 127-fold from 2005 to 2021.  The number of devices connected to IP networks by 2021 will be three times higher than the global population. On top of that, the diversity of applications has never been greater, with each having its own set of requirements and hurdles.

This unprecedented growth requires Service Providers to transform their networks, and Segment Routing is becoming one of the keys to successfully paving the way to that transformation.

Segment Routing emerged back in 2013 when the first draft was posted under the leadership of our Cisco fellow, Clarence Filsfils. In less than four years, this technology has made major inroads into Service Providers, hyper-scale Web Providers and large Enterprises.

Why are customers adopting Segment Routing?

Many Service Providers are moving to Segment Routing because it allows the network to differentiate the way it delivers applications with unmatched simplicity and scalability.

Network Simplification

Segment Routing definitely contributes to network simplification as it removes protocols and makes network operations easier.

In this video, Walmart’s Global WAN Engineer Mark Pagan explains why simplification is a key driver in Walmart’s decision to roll out Segment Routing.

Bell Canada’s Technical Fellow Daniel Voyer, also advocates simplification:

“Segment Routing is fundamental for today’s reality which requires on-demand services as well as exponential bandwidth growth. Streamlining the IP protocols stack in order to provide a simplified service assurance support model for day-today is the key benefit.” You can listen to a recording of his presentation at MPLS+SDN+NFV 2017 for more insight.

Network Resiliency

Segment Routing inherently embeds mechanisms to make networks highly resilient – if a node or a link fails in the network, connectivity is restored in under 50 milliseconds!

In an earlier blog, I described how Vodafone Germany has been experiencing noteworthy improvements since they rolled out Segment Routing in their core network. They are now able to offer high-level SLAs while removing thousands of legacy protection tunnels.

Orange is the first Service Provider to endorse Segment Routing micro-loop avoidance. With this new capability, Orange solves a long-lasting issue that was a source of customer dissatisfaction. Stephane Litkowski, from Orange Group, commented:

“Micro-loops have always been a pain for networks by breaking fast-reroute or creating micro-congestions. Orange was interested in micro-loop prevention for many years but past solutions were only partial or too complex to be deployed in a live network. Now, thanks to the Segment Routing building blocks, we have the technology to easily build loop-free paths in the network in a simple way. We consider Segment Routing as an enabler to prevent micro-loops in IP/MPLS networks. We already evaluated Segment Routing micro-loop avoidance in our labs, showing impressive results: we will deploy it for sure!”

Bell Canada also acknowledges the greater resiliency that Segment Routing provides. Here is what Senior Network Architect-Operations Mitch Paglia said:

“We have evaluated Segment Routing with Topology Independent Loop-Free Alternate (SR TI-LFA) and proved that we can converge under 50 milliseconds for every node in the network without complex artifacts. Segment routing comes with capabilities that improves the 5×9 network reliability and flexibility that contribute to the overall customer experience.”

Higher Network Assets Utilization

Current networks are known to be about 50 percent over-engineered, and ever-changing traffic patterns are making the situation worse. Hyperscale Cloud Providers, who have been at the forefront of optimizing their network infrastructure, have learned that by dynamically rerouting traffic, they succeed in reaching an overall capacity utilization of 80 percent or more.

This is exactly what Microsoft is doing with its SD-WAN architecture (Software-Driven Wide Area Network). In his presentation  at MPLS+SDN+NFVVORLD,  Senior Software Engineer Paul Mattes clearly outlines the role Segment Routing plays in SD-WAN architecture and the benefits Microsoft is getting from it over legacy solutions, such as RSVP-TE.

We believe this type of architecture will move into the broader Service Provider community.

Innovative Network Services

Service Providers are continuously seeking to offer new and differentiated network services. Segment Routing powers two interesting network services: low-latency and disjointness. Low-latency network service ensures that time-sensitive applications are always directed over the optimal low-latency path, while disjointness network service ensures that applications can be directed over two paths,  independent of one another, to provide higher resiliency in case of network failure.

Softbank recently announced its adoption of Segment Routing to optimize network operations and to deliver new services to mobile home and enterprise markets.

Better End-User Experience

Offering best-in-class end-user experience is a top priority for Service Providers as customer churn remains a major concern. Many different elements can contribute to improving customer experience, but it starts with the network infrastructure.

Alibaba Group’s Chief Network Architect Dennis Cai explains at the Sigcomm 2017 conference how Segment Routing is helping them deliver a better end-user experience:

“Alibaba Group’s mission is to make it easy to do business anywhere. We put special focus on having network infrastructures capable of supporting this mission. In that respect, Segment Routing architecture brings us many benefits – first, it can be easily deployed in our existing network infrastructure; second, the ability to have fine-grain control over how the network transports applications while being stateless meets our elasticity requirements. It helps us to deliver a better end-user experience.”

Other customers have also publicly shared plans to implement Segment Routing, such as COLT and Telefonica as well as a US Tier 1 Service Provider, a major US Web Provider and a leading financial institution. Many others are currently testing Segment Routing in their labs, and I’m certain that this list will keep on growing over the coming months.

Segment Routing benefits and ease of implementation make it an essential building block of any network infrastructure transformation. There’s never been a better time to make network infrastructures SDN-ready with Segment Routing.  Cisco is your best innovation partner to help you do it!

If you want to learn more about Segment Routing, visit our website.

Authors

Avatar

Jonathan Davidson

No Longer at Cisco

Leave a Comment
Avatar

When it Comes to Network Security, Your Best Defense is Security Everywhere!

New troubling cyberattacks are in the news almost daily. No one is immune. Have you checked your credit score lately? I just finished freezing mine. A national credit bureau breach is the latest wide-ranging theft of data to hit the news.

You are probably wondering: “Is my network secure and what would happen if we were infiltrated?” When I heard news of WannaCry ransomware blanketing all forms of mainstream media on May 12th, heck, as a security professional, even I was worried about losing all of the financial and personal data stored on my home network. When hackers weaponized seemingly innocuous IP cameras with the Mirai botnet, we were all alerted to the growing number of seemingly safe devices ingenious cyber terrorists can exploit. And to top it all off, a new type of threat has emerged: destruction of service (DeOS) attacks. No longer are criminals just trying to extort Bitcoins, they are selling their services to literally ruin targeted systems, potentially for paid industrial espionage or to further political ideals. The Nyetya attack was a highly publicized example of DeOS. Utilizing unpatched Microsoft vulnerabilities, criminals infiltrated systems to render them unusable, with no intention of collecting ransom or restoring data.

Multilayered, Architectural Approach to Network Security

Trying to protect your network from all manner of creative malware is a never-ending battle. Each new attack finds new vulnerabilities or gullible web-surfers to exploit. Not only do you want to avoid paying a ransom, but you could potentially lose your entire business infrastructure. When you add the latest security miracle cure to your infrastructure only to compound management complexity without improving protection, it is time for a new approach. New attack vectors are constantly being innovated by those in the business of cybercrime. Patching together solutions is no longer enough. To stay ahead of the bad guys, you need a multilayered, architectural approach to security that will not only block known threats and malware from entering your network, but a comprehensive solution that quickly identifies and contains unknown threats that sneak in when unsuspecting employees click on a phishing email or attachment they shouldn’t have…

 

The Architectural Advantage in Action

 

The Cisco security architecture does just that. It integrates security across the network, endpoints, cloud/DNS and email for a more effective security posture that sees a threat once and protects against it everywhere. It uniquely starts with the Cisco’s Intuitive Network as its security foundation. To the Digital Network Architecture, we add best-in-class, independently-tested security components that know what bad stuff to block, and how to share critical security data among each element within the architecture to stop threats fast. Essential to staying on top of the up-to-the-minute global threat landscape is our Talos threat research organization. Talos collects, investigates, and disseminates the latest threat intelligence to each security component in your network so they can block and contain threats that evade front-line defenses before they can cause major damage. Our mean time to detection is just 3.5 hours compared with the industry average of 100 days!

The crucial first line of defense is protecting your internet edge with Firepower next-generation firewalls to “see everything” entering your network. Firepower NGFWs deliver complete visibility of users, devices, connections, applications, workloads and processes operating in your network. Next, we reduce the attack surface with “segmentation” to prevent attackers from moving laterally to sensitive areas in your network with application whitelisting and micro-segmentation. And most importantly, Cisco’s Firepower NGFWs provide industry-leading “threat protection” that is 99% effective at detecting and blocking known attacks including the most potent, ransomware-packing malware. For unknown attacks, our AMP anti-malware component quickly detects and responds to unexpected behavior before hackers can steal data or disrupt operations. With our architectural approach to network security and products designed to fit and work together, we stop more threats outright, lower costs with faster IT and security responses.

With Cisco’s multi-layered architectural approach to security, you can rest easy with the most effective defense: security everywhere across your entire IT infrastructure. Learn more about our security portfolio here: https://www.cisco.com/c/en/us/products/security/portfolio.html

Authors

Avatar

Susan Runowicz-Smith

Product Marketing Manager

Sourcefire Marketing

Leave a Comment
Avatar

Combating evolving threats with a global intelligence network

Hackers are always finding new ways to target service providers. But Cisco’s global intelligence network Talos can help protect them against the latest threats

In 2015, a group of hackers known as SSHPsychos were causing trouble. They were abusing service provider resources to try and guess people’s user names and passwords, in order to infect systems with malware that could launch distributed denial of service (DDoS) attacks.

And their methods were creating more traffic for secure shell (SSH) login attempts than the whole of the rest of the internet.

Talos, Cisco’s global threat intelligence network, had been monitoring the group’s actions for some time, and gained an understanding of their methods. We decided it was time to take action. So we worked with the US service provider Level 3  to remove some of the key network resources that SHHPsychos were using. That severely weakened the group, making the internet a safer place.

As the previous success of SSHPsychos shows, there are lots of risks to service providers out there. Hackers might try to disrupt your operations, like they did in the large-scale DDoS attack launched last year on the US company Dyn, which manages domain name services. The breach caused major disruptions to services for many large companies.

(If you’re interested in finding out more about the attack against Dyn, which used a botnet of just 100,000 IoT devices, and getting recommendations on how service providers can protect against this type of attack, Sam Rastogi’s blog is a great place to start.)

Hackers might also try and steal customer data, or use ransomware to shut down parts of your system until you pay up.

The methods hackers use change fast, and they are creative in finding new ways to attack. What’s more, the growth of the cloud and the number of connected devices is creating more potential ways to target networks. It’s hard for any one organisation to keep up.

A global intelligence network

That’s why Cisco security uses Talos . Our team of expert researchers monitors web requests, email traffic, and other data to gain an in-depth understanding of threats and their causes. Talos brings together expertise from a range of different sources including software development, malware research and intelligence analysis.

This means that we can create our security solutions using the latest intelligence, and update them as we learn more about how hackers are working.

So our customers can keep on top of global security threats as fast as they are developing.

Tackling threats by working together

Some of Talos’ best work comes through working in partnership with service providers. One of our biggest recent achievements was disrupting a group of hackers who were using the Angler exploit kit, which was linked to several high profile cyber attacks.

One hacker was using Angler to target up to 90,000 victims a day. And overall, the technology was thought to be generating $60m annually from ransomware infections alone.

Talos decided to carry out an in-depth analysis of the data it had on Angler , and found that a lot of its activity was related to one service provider, Limestone Networks. Talos then worked with Limestone to gather more information about how Angler worked. And the team deepened its knowledge through an ongoing collaboration with Level 3’s research team.

Once we understood how Angler worked, we updated our products so that our customers would not be affected by it. And we also added new rules to Snort, our open source threat detection and prevention software.

The best possible protection

By working in partnership with the service provider community, we can help protect their infrastructures from attack. But in today’s world, it would be naïve to assume that you can keep out all attackers, all of the time. Sooner or later, even the best defences will be breached.

Through the intelligence provided by Talos, Cisco can provide security solutions that combat threats before, during and after a cyber attack. In a dangerous world, it’s the best possible protection against the threats that service providers face.

Find out more about how Cisco Service Provider Security Solutions can help protect you against evolving global threats

 

Authors

Avatar

Yves Padrines

Vice President, EMEAR Sales

Global Service Provider

2 Comments
Avatar

Cisco Was There: A Culture Conversation After Hurricane Irma

Each blog post on Life at Cisco usually tells the story from one employee, but this is a story that needed two viewpoints, so it’s written as a conversation – similar to ones we have every day. 

Carmen: Every job requires that you wear a lot of hats. Usually, we put on our social media manager hats and amplify the great and powerful stories that employees share with us about what it’s like to work at Cisco.

Giving Back on Florida’s Gulf Coast in 2016.

Casie: Specifically, we put on our blog hats, our Instagram hats, our Facebook hats, our Snapchat hats, our LinkedIn hats, I know I’m missing some hats in there, somewhere. 😉 But these are the @WeAreCisco channels where you’ll find our team behind the scenes putting Cisco employees front and center.

Carmen: Sometimes, though, we forget that we’re employees, too.

Casie: We want to share all the great stories, that we put our own stories on the back burner.

Carmen: But not this time. This time, we put on our “We are also a Cisco employee” hat, because we had such a “moment that mattered” in our own lives, and we really wanted to share it.

Casie: Let’s start with the backstory. Fact 1) We both live in Florida (though two hours away from each other.) Fact 2) Hurricane Irma – the largest hurricane ever recorded in the Atlantic – was a Category 5 nightmare that haunted us for weeks. Would it come our way? Would it turn?

Carmen: Fact 3) It turned. At the worst possible spot in the worst possible way. This hurricane was so big that there wasn’t one place in the entire state that would be out of its path.

Casie: We won’t even talk about the stress that comes from watching the forecast, prepping your house, checking on friends and planning your strategy.

Carmen: Or the stress of empty gas stations (could I go anywhere if I wanted to?), empty shelves where bottled water should be, and how many cans of soup you could realistically expect to eat. (And why were the candy aisles still full? When I apocalypse, I need chocolate.)

Casie: Then you start thinking about what you’ll do about work. How will you get online with no power? The very real, and very scary possibility exists that you might not have a home to have a home office in.

Carmen evacuated Sarasota and went to Jacksonville with her cat, Zucca, and her husband.

Carmen: Cisco made that part easy. It was one less thing we had to worry about. Our manager (she’s the best ever) and Cisco’s HR team emailed us before the storm. The email said that they were there for us. If we needed time off – take it – it wouldn’t count against your regular vacation time, because what about living through the worst hurricane ever would constitute a relaxing day off?

Casie: They also gave us numbers to call. Call this person if you need temporary housing. Call this person if you just need to cry and shout and vent to someone about how scared you were for yourself, but also family and friends.

Carmen: And we got an email after the storm passed. (And text messages from each other and our manager making sure everyone was okay.) There were three options in the email to click. 1) I’m okay and all is good. 2) I’m okay, but I need help and 3) I’m not okay, and need help. I am sure if we’d clicked the third option Chuck Robbins would’ve swooped in on a helicopter (maybe not, but we know Cisco would’ve acted fast.) I’m so glad that we could both click the first option and report in that we were good.

Casie boarded up in Orlando to ride out the storm with her pup, Kimber, and fiancee.

Casie: Hurricanes are funny that way. A tornado can take out one side of the street and leave the other side perfectly fine. (This happened in my parents’ neighborhood just a few streets over.) We had minor annoying things (we even kept power, while most of the state was without it – for days) but compared to our Floridian neighbors in other cities, we came out better than expected.

Carmen: It wasn’t just Cisco corporate. I don’t think we had a meeting for the whole week after where someone wasn’t asking us how we were, what could they do to help, how were we feeling? Heck, we even had a colleague offer us her house if we needed somewhere to go! I’m sure we could’ve had a room in any Cisconian’s house that we could’ve driven to, if only we asked.

After the Storm, Rainbows over Orlando.

Casie: And when these people asked us how they could help, we told them. We don’t need the help. But there are lots of people that do. Cisco set up a way for employees to contribute specifically to Hurricane Irma relief for both Florida and the Caribbean (just as they did for Hurricane Harvey, the earthquake in Mexico and more critical situations around the world) and Cisco would DOUBLE the contributions made OVER AND ABOVE the existing match they make for our charitable contributions all year. So we told people to DONATE! YOU could donate.

Carmen: Someone on our team even drove from North Carolina to help out in Jacksonville. Another teammate was gathering supplies locally to help those that still needed it. We “joke” that we have hurricane PTSD, but it’s one of those times that make you grateful for what you DO have, and it still affects you for weeks after. We try to make light of the situation to help ourselves cope, but there was nothing funny about living through Irma. Ask the Florida Keys.

Casie: Or Naples, or Jacksonville, or St. Thomas, or Puerto Rico, or anyone that was/has been affected by something like this.

Carmen: I’ll never forget that Cisco was there. In a big way, but in a way that wasn’t “in your face.” I get emotional thinking about it.

Casie: It’s what #WeAreCisco is really all about. And we should know, because it’s our jobs to know.

 

Are you a Cisco employee wanting to help with Disaster Relief? You can donate here. If you’re not an employee (yet!) — you can still help! Give your time or donate to an organization you know that is helping!

Want to join a company that is there for their employees? We’re hiring!

Authors

Avatar

Carmen Shirkey Collins

Social Media Manager

Talent Brand and Enablement Team, HR

September 26, 2017 4 Comments
Avatar

#CiscoChat Podcast: Cisco Spark in Virtual Reality

Welcome to the latest episode of the #CiscoChat podcast. In this edition, you’ll get a peek into one of our most exciting, innovative experiments to date: Cisco Spark in virtual reality (VR).

Sure, you’ve heard about virtual reality, and probably associate it most with gaming and entertainment. But VR is still very much an emerging, rapidly advancing technology. And to the Cisco Emerge team, the possibilities are endless. That’s why we’re thinking big and breaking the boundaries between tech solutions by using VR simulations to enhance real-life collaboration in Cisco Spark.

Want to find out more? Tune in to our podcast! Download the episode on SoundCloud, or listen here now:

This podcast is an interview with led by Kim Austin, senior manager in collaboration marketing, and Andy Payne, senior director of the Cisco Emerge team. Kim and Andy discuss the origins of this project, what the teams have learned so far, and what it all means for you and your work. In the talk, they’ll answer questions like:

  • What is the goal of this virtual reality experiment?
  • Why is Cisco Spark a particularly good platform for this type of experience?
  • What insights have emerged in the testing so far?

For answers to these questions and more, get the full podcast above — and then contribute to the conversation yourself in the comments below, or by tweeting at @CiscoCollab or @ciscoemerge.

Want to learn more?
Catch a glimpse of Cisco Spark in VR in our recent video
Read our announcement blog post
Visit ciscospark.com/vr 

Authors

Avatar

Eric Chu

Leader

Global Communications

5 Comments
Avatar

Do You Know How Secure Your Software Vendors Are?

Third parties remain a critical source of security risk.  The recent discovery of malware embedded within the consumer application CCleaner, discovered by Cisco’s Talos cybersecurity research team, reminds us that cyber hygiene lies not just within ourselves.

Talos stated in its September 18th Update: “Supply chain attacks are a very effective way to distribute malicious software into target organizations. This is because with supply chain attacks, the attackers are relying on the trust relationship between a manufacturer or supplier and a customer. Therefore, as we leverage the capabilities of third party software, this trust relationship is then abused to attack organizations and individuals.”

Those who seek to gain access to information for control, economic gain or espionage are capitalizing on the benefit of attacking the ‘weakest link of the chain.’  The value chain, that third-party ecosystem to which each of us is intimately connected in a digital economy, must be part of your security hygiene.

How, then are end users, both consumers and enterprises alike, to protect themselves?
While deploying a lock on the front door to your systems via antivirus protection is a basic hygiene mandate, attacks can still succeed via your third-party providers—as illustrated by CCleaner.

Consider these essential third-party hygiene steps:

  1. Know who is supplying you with what
  2. Assess the assurance practices used by those third parties and how transparent they are about their security practices
  3. Seek public information on how those suppliers measure up against cybersecurity benchmarks.

Vigilance will not always succeed, but not turning a blind eye to exactly who you are letting “touch your stuff” and how they address security is now an imperative!  Cisco drives a comprehensive value chain security architecture across our ecosystem.  In collaboration with our third parties, we (i) reduce risk via protection techniques, (ii) monitor security practices and (iii) ensure swift sharing of by third parties of their security incidents in order to minimize impact and foster swifter mitigation collectively.

Authors

Avatar

Edna Conway

Chief Security Officer

Chief Security Officer, Global Value Chain

Leave a Comment
Avatar

Transforming Experiences: See You in October at 2017 SCTE-ISBE Cable-Tec Expo

Fall has arrived, which means the 2017 SCTE-ISBE Cable-Tec Expo in Denver, Colorado is just around the corner. This year’s program is packed full of some great learning opportunities and we are pleased to have so many Cisco folks involved this year – presenting, leading workshops and moderating panel discussions. Some high points in this year’s program include Cisco Fellow and Cable CTO John Chapman’s Remote PHY seminar, a Virtualization-Stacks and Schedulers workshop with Cisco Distinguished Engineer Alon Bernstein, and two in depth Full-Duplex DOCSIS workshops with Cisco’s own Dr. Hang Jin, Dr. Tong Liu, Sangeeta Ramakrishnan, and John Holobinko.

With four days of access to industry-leading knowledge sharing, the 2017 SCTE-ISBE Cable-Tec Expo is a must attend event!  If you haven’t already made plans, registration is still open. To find out more, visit the SCTE Cable-Tec Expo website.

See Cisco Technology and Solutions at Booth #987

At the 2017 SCTE-ISBE Cable-Tec Expo, we’re showcasing the latest Cisco technology and solutions through a series of demonstrations that encapsulate our long-term vision for the cable industry. Make sure you stop by and see us at booth #987, we think you’ll find a visit to see our step-by-step evolution path across infrastructure, virtualization, management and automation well worth your time.

For these technology areas we will show you how:

  • Next-generation converged cable access platforms (CCAP), DOCSIS 3.1, and Remote PHY can be used to deliver Gigabit service tiers and drive down operating costs
  • Virtualized, Cloud Native cable modem termination systems (CMTS) and other functions can enable you to elastically scale and reposition resources to meet changing demand
  • Management and automation tools can be used to monitor network health proactively and automate end-to-end provisioning
  • Revolutionary cable technologies of the future, including full duplex DOCSIS 3.1 and Mobile backhaul enablement and can be integrated into your business.

The theme for this year’s event is “Transforming Experiences,” and we’ll show you how Cisco’s leadership and vision in cable access technologies can help you to drive down network complexity and operating costs, unlock profitable growth by delivering a broader mix of services, and, bring innovative, differentiated new experiences to your customers faster.

Live Demonstrations

We have a great lineup of demos this year, be sure to stop by and see:

  • RPHY Node – See the new GS7000 RPHY Optical Node (iNode) Platform in action. Part of the Cisco Infinite Broadband solution, the iNode can help you to reduce TCO, as well as simplify operations and deployments.
  • OpenRPD – Using RPHY, we’ll show you our OpenRPD interoperability with multiple RPD vendors at the SCTE.
  • RPHY Compact Shelf – See how the industry’s first standards based RPHY Compact Shelf provides CCAP and DOCSIS 3.1 capabilities in small hubs enabling hub site consolidation and reducing TCO.
  • SP Automation – Using our recently launched Smart PHY Automation application, we’ll demonstrate the automated provisioning of an RPD and the cBR8. The Smart PHY Automation application allows you to significantly reduce the operational expenses and complexities of a RPHY deployment, including reducing technical field staff training to support RPHY and improving the time to service enablement for RPHY.
  • DOCSIS FDX – An industry first, we’ll have a live demonstration of Full Duplex DOCSIS 3.1 using RPHY. Using a working HFC network, we’ll demonstrate new capabilities that make FDX DOCSIS 3.1 function in a network with multiple cable modems, including demonstrating backwards compatibility with DOCSIS 3.0 cable modems.
  • Cloud CMTS – See the industry’s first demonstration of a Cloud Native CMTS. Merging the latest NFV developments with DOCSIS, we’ll show a virtualized DOCSIS control and data plane using RPHY to enable a scalable, elastic and distributed CMTS software architecture.
  • Video Aware Network – Learn how to build video capabilities into the network using programmable networking and network function virtualization to make the IP network more video aware and make video more network aware.
  • IVP & Analytics – See our Infinite Video Platform and Analytics demonstration and learn how Cisco can help you deliver a best in class video experience, while leveraging data and business insights to identify new opportunities.
  • Optical Solutions for MSO/Cable – We’ll show you how Cisco’s optical networking solutions can simplify operating and maintaining Cable/MSO networks. At the SCTE Cable-Tec Expo, we’ll demonstrate how to maximize existing DWDM systems with the Cisco NCS 2000; how to cost-effectively migrate aging TDM based platforms to IP based transport using High Density Circuit Emulation with the Cisco NCS 4200; and how transport networks can be automated and optimized using Cisco NCS 1000.
  • Transforming Cable to 5G – We’ll show you how you can transform your cable business to support 5G by using your existing DOCSIS Infrastructure to densify mobile access with small cells and Citizens Broadband Radio Service (CBRS).

Meet with Cisco Executives and Subject Matter Experts

The 2017 SCTE-ISBE Cable-Tec Expo is a great time to meet with Cisco executives and subject matter experts. Our team will be available to meet with you to discuss your current challenges and opportunities. To request a meeting, contact your Cisco account manager.

Cisco Speaking Sessions at the 2017 SCTE-ISBE Cable-Tec Expo

Visit the Cable-Tec Expo program page to find out more about the four-day in-depth learning opportunities and details on the different workshops and seminars featuring Cisco technology experts.

We look forward to seeing you the 2017 SCTE-ISBE Cable-Tec Expo in Denver, Colorado. Have questions and comments, Tweet us @CiscoSP360.

Authors

Avatar

Alison Izard

Marketing Manager

3 Comments
Avatar

Cisco Network Keeps Campus Connected

The need for a wireless network exists everywhere, even on a campus as old and picturesque as the Cranbrook Educational Community. The trick was making sure that state-of-the-art technology could seamlessly fit in with the aesthetics of one the country’s most beautiful educational campuses.

Built in the early part of last century, Cranbrook Educational Community is located in Bloomfield Hills, Michigan. The campus, with its stately brick buildings is comprised of a graduate Academy of Art, a contemporary Art Museum, House and Gardens, an Institute of Science and grades Pre-K through 12 independent college preparatory schools. Ranked number one in various fields, Cranbrook welcomes thousands of visitors and students to its campus each year. Designed by renowned architects, the Cranbrook campus was designated as a national historic landmark in 1989.

For all of its beauty and renown, the one thing that the campus didn’t have was a state-of-the-art wireless network.

To accommodate the many residents, faculty, staff and visitors a new network had to be deployed. For this job, the network had to cover the more than 40 core programmatic buildings on the 319-acre campus. Plus, they wanted to have ubiquitous 2.4 and 5 GHz wireless coverage. This coverage also had to extend into the dorm rooms where each user is allowed to register up to five devices.

There was one major wrinkle, the entire Cranbrook Campus is a National Historic Landmark. It was important to maintain architectural aesthetics during installation. The Cranbrook IT Team worked hard to follow the best practice wireless installation guidelines, while maintaining the historical aesthetics.

The Cranbrook Educational Community and Cisco devised a deployment plan that would make everyone happy.

Deployment Details:
• Access Points: 600 units of the award-winning Cisco Aironet 3800 Series Access Points with external antennas mounted on the walls with articulating dipoles. In areas, such as dorm rooms, stubby antennas were used to reduce overall footprint.

• Wireless Controllers: High Availability Pair of the 5520 Wireless Controllers that are currently running wireless software release 8.2.160.0.

• Access Switches: Catalyst 3850 series multi-gig capable switches. The whole campus is cabled with Cat 6A cabling, allowing the 3800s to leverage their full 5Gb bandwidth capability.

Cisco Prime Infrastructure: installed 3.1.5 update 2 with MSE 8.0.130.0 which is used to monitor and manage the switch and wireless infrastructure.

Cisco Identity Service Engine (ISE) version 2.1 is a key piece of the infrastructure, allowing Cranbrook IT and the numerous users to self-register their own wireless devices.

• Peak number of clients is 2,200. On-campus residents include approximately two hundred students, approximately one hundred residential faculty units and approximately eighty students in the Academy of Art dormitory.

• Core Infrastructure – Two Nexus 9372 switches with VPC utilizing dual 10Gb uplinks via single mode fiber, connect to 3850s at the distribution layer.

Cranbrook hosts 4 SSIDs:
1. Registration: SSID setup specifically to enable users to register their BYOD devices

2. Managed Asset Devices: School owned and centrally supported wireless laptops, wireless desktops, iPads, Microsoft Surfaces

3. BYOD: SSID where students, faculty and staff are redirected after they go through the device registration process to on-board a personal BYOD device

4. Guest: SSID with a simple acceptable use policy splash page for enabling connectivity to guest users that do not have Active Directory credentials

Cranbrook’s new wireless infrastructure supports the use of multiple wireless and cloud-based apps allowing for: dormitory management, digital signage and mobile device management. In high-density environments like gymnasiums or auditoriums, Cranbrook leverages the capabilities of the Cisco Aironet 3800s Access Points to support 200-300 users with only two or three access points.

Digital Smartboards utilize Wi-Fi, which enable teachers to stay connected as they move throughout the classroom. This eliminates the need to be tethered to the front of the room. The students are technology leaders and have won awards in the arena of robots. The IT team employs Prime Infrastructure to schedule turning off 2.4 GHz radios to avoid congestion with robotic controllers during competitions.

ISE is the main authentication and authorization point for all things wireless. Cranbrook uses ISE to allow users to self-register BYOD devices, redirect users to the appropriate VLAN, assign ACLs, and transparently pass RADIUS authentication to a Web content filter. Through the efforts of the Cranbrook IT team, the school was able to leverage the full channel width capabilities of the Aironet 3800s, while letting the controllers manage DBS and DFS via RRM.

In the end, the efforts of Cisco and Cranbrook paid off. Cranbrook got the state-of-the-art wireless network that it needed, all while keeping the old-school charm of its buildings intact.

Authors

Avatar

Jeevan Patil

Director, Product Management

Wireless Network