Smartphones regularly push out OS updates and we dutifully download and install them without a second thought. With most laptops, the process is automatic and happens while we are asleep. However, when it comes to enterprise-grade networking software, keeping routers, switches, wireless equipment, and other gear on the latest recommended software release is often uneven.
Among Cisco customers, this is slowly changing. Launched in April 2021, a software conformance initiative at Cisco is driving greater awareness of the benefits of software upgrades, providing tools to make it easier for customers to periodically upgrade to the latest Cisco-recommended networking software releases.
Why Regular Software Upgrades are Vital
Customers buying routers or switches typically deploy the software and then may not keep close track of the version running on the devices. Often, lagging upgrades are the result of network administrators trying to avoid downtime.
Cisco estimates that more than 80% of Cisco hardware in customer networks is running on older versions of software that leave networks less reliable, less secure, and less efficient. Those three categories of risk were the most cited reasons why enterprises are choosing to migrate, according to a recent McKinsey study on software conformance (Figure 1). Compared to the other reasons cited in the survey, the responses demonstrate that most companies upgrade more to avoid risk than to gain new features and capabilities.
Cisco advises that customers using enterprise products should run recommended software releases to get the maximum value from the steady stream of innovations being developed by Cisco engineers. Unpatched security bugs and loopholes in outdated software can open attack routes for hackers to take advantage of and it is one of the most overlooked vectors for cyber-attacks.
The Cisco Software Conformance Initiative
Whatever reasons companies use to justify networking software upgrades, Cisco is spearheading an internal effort to help customers recognize the need to upgrade and do it as quickly and painlessly as possible. The Software Conformance Initiative specifically targets customers using Cisco DNA Center, Cisco ISE, Cisco SD-WAN, and wireless products within enterprises.
For each of the Cisco Enterprise Networking products, we maintain and provide support for two recently recommended versions. Whenever a new recommended version becomes available, we encourage customers to upgrade. Cisco recommends that each customer’s network to be on either of the most recent two recommended releases, to maintain an elevated level of security, utilize features vital to performance and stability, and maintain compatibility with other vendor technologies in their infrastructure.
Falling behind in software versions, however, is common. To get companies caught up, the Software Conformance Initiative does three things:
- Spread awareness of new software features and benefits by making customers aware of key updates that relate to their use cases
- Apply rigorous criteria and improved validation to real-world environments before suggesting recommended versions
- Build upgrade tools and make them available to customers to make the process of upgrading and pre- and post-checks simpler
With Cisco software engineers delivering innovations and enhancements on a regular basis, the Software Conformance Initiative makes customers aware of the current releases and how their features relate to their planned and implemented use cases. For example, software release 188.8.131.52 for Cisco SD-WAN is recommended because it provides new features like zone-based firewalls, protection from log4j security vulnerabilities, and service insertion tracker support.
The communication about software upgrade opportunities happens through field notices, Systems Engineer Virtual Training (SEVT), defects notifications, Product Security Incident Response Team (PSIRT) advisories, partner events, and EOS and EOL announcements. In parallel, customers are notified if they are downloading any non-recommended versions through all channels, inside and outside of the products.
Rigor Behind Recommended Versions
As part of the effort to drive rapid adoption of new recommended software, in addition to a laser-sharp focus on improving quality@source, Cisco has invested heavily to bring changes in the way we qualify enterprise networking software. For example, we integrated comprehensive real-world customer scenarios in Cisco R&D labs, enhanced solution test coverage, and introduced key checkpoint to validate software in several customer production networks before making software publicly available. To make the recommended version solid, we have a closed-loop process to incorporate learnings from global deployments that are baked into the new recommended version.
In addition to making sweeping changes in the way we qualify new recommended versions, we improved the rigor and criteria before a software version is recommended on Cisco.com. The rigor and criteria of marking recommended versions ensure the recommended software meets the exacting standards of reliability in complex real-world deployments.
Tools Make Upgrading and Migrating Easier
The Software Conformance Initiative is providing workflows and tools for Cisco ISE, Cisco DNA Center, Cisco SD-WAN, and Cisco wireless and switching products. There are four diverse ways that Cisco is reaching out to our customer base: through Cisco direct sales, partner-driven customer engagements, high-touch support customers, and self-service customers. For each of these environments, Cisco engineers have developed tools to speed up and simplify software upgrade decisions and migrations, including:
- Value proposition
- Migration tool
- Automating pre- and post-upgrade checklists
- Software Upgrade playbook with step-by-step procedures, via Cisco Networking BOT (cnBot)
- Migration status dashboards (as shown in Figure 2)
Cisco enterprise networking customers interested in finding out more about software upgrades available for their products can also get information, workflows, and tools from the cnBot―check out my recent cnBot blog post―and support from Cisco TAC. Query the cnBot via Cisco WebEx Teams.
A year since its inception, is the Cisco Software Conformance Initiative working?
With hundreds of upgrades completed (e.g., 3,012 upgrades to Cisco DNA Center version 184.108.40.206 and 718 upgrades to Cisco ISE version 3.1, just last quarter) the answer is a resounding YES.
“What continuous learning does to mind; software upgrades do to devices.” — Cisco engineer