“Change” is a beautiful word. It’s so beautiful, in fact, it’s practically all some people in my line of business talk about. Technology is driving change into organizations at a pace no one thought possible just a few years ago. And if your business isn’t busy transforming itself, it may not be around for much longer. That’s no longer hyperbole, that’s just stone-cold fact.
But the minute somebody says it’s time for you to change, well, things change. You look in the mirror and say, “I’m perfectly fine. I don’t need to change. I’ve done all the changing I need to do. I’m good.”
I’m here to bring you some news, my friends. Just as businesses must adapt to the rapid pace of innovation, you need to embrace change on a professional level as well.
Everyone loves to talk about driving change, as long as it’s happening to someone else. You have to embrace it for yourself as well.
Technology is the catalyst of change
The fact is, your personal life has probably already changed quite dramatically thanks to technology. When’s the last time you hailed a cab, visited a video store, or used a pay phone? Do you remember bringing work home on a USB thumb drive or – and I’m really dating myself here — a 3.5-inch floppy? With the cloud, your data is never more than a few clicks away.
It wasn’t very long ago I was routinely flying tens of thousands of extra miles each year for business meetings because video conferencing technology was still too complicated and unreliable. Now everyone on the planet is reachable within minutes.
Multi-purpose software running on technology platforms has transformed how we live and work. And yes, tech can allow you to do your old job faster, cheaper, and more efficiently. But it also enables you to do things you’ve never done before – if you’re willing to think and do things differently.
(Do you know who needs to embrace change more than anyone? IT departments. Ironically, the people most responsible for implementing the tools that enable these incredible opportunities for innovation are also the most prone to keep doing things the same way they always have.)
How is Cisco adapting?
At Cisco, we understand the need for change better than almost any other enterprise. We’re a much different company than we were five years ago, and we’ll be even more different five years hence.
We’re in the process of transforming from a company that sells the world’s best networking hardware to a platform that enables digital business in a multi-cloud world. We’re moving from being a connectivity company to one that allows enterprises to automate workflows and unlock the power of data at scale. At today’s Cisco, everyone is our customer, and creating an exceptional user experience is our top priority.
That’s why we’ve created a new customer experience division headed by Maria Martinez, and have spent more than $6 billion acquiring companies to help us fulfill our new mission.
This means my sales organization is also adapting. We’re moving from selling massive numbers of shiny metal boxes under multi-million-dollar contracts to selling software and service subscriptions that cost a few hundred dollars each month. It’s a new set of challenges that require new types of skills, and we are actively encouraging our employees to get the training they need. But it’s ultimately up to them to take responsibility for moving forward in their careers.
This massive cultural shift will take years before it’s fully realized. And I guarantee you, the process won’t always be pretty. But we are moving forward and embracing the challenge with both arms.
I’m not leaving myself out of this discussion. Change is happening for me on a personal level as well.
Over my 22 years at Cisco I’ve learned to think quite differently about my job. I do a lot more listening and learning than I used to. I’ve learned the value of developing close relationships with the people who report to me, and how to maintain those relationships, even when changes in the businesses have led us to part ways.
And if you had asked me five years ago what I’d be doing today, becoming a blogger would not have been very high on the list. But this is something I feel incredibly passionate about, and this platform is one of the best ways to open the conversation to a wider audience.
Change is something you do, not something that happens to you. I’ll have a lot more to say on this topic in the future, and I hope you’ll join me in the discussion.
Do you have what you really need for Network Assurance? Today’s businesses require fast-paced, dynamic networks that can assure the user and application quality of experience, securely.
Today’s networks need Network Assurance
Network health is an important aspect of any network operation, and historically, network admins use network monitoring to keep a check on the overall health of the network. However, monitoring every part of the network often requires multiple tools which only provides a fragmented view into the network.
As the network scales and expands, the complexity in monitoring the events and data associated with a growing pool of users, things, applications and network devices rises exponentially. And replicating an issue as it occurs poses a considerable challenge. As a result, typically network admins spend more time collecting the data from different sources and tools than they do analyzing and troubleshooting the issues. Which impacts both IT and business productivity.
Network assurance and analytics solutions are designed to address these challenges by taking raw data from various sources and presenting it as actionable insights on a dashboard. So now, instead of scrambling through the data or trying to replicate the issue, a network admin knows the type of the problem, the severity of it, number of clients affected, and the location where the issue exists.
How does Cisco DNA Assurance Stack Up?
The Assurance and Analytics market is crowded with both established and emerging vendors that claim to offer full-service assurance solutions. Most vendors offer assurance capabilities in a silo: there is no holistic view of the network. Cisco DNA Assurance provides end-to-end, contextual network analytics and insights through real-time data and telemetry it collects network-wide. It also offers distinct capabilities under a single-pane-of-glass dashboard, such as Intelligent Capture, Sensor-driven Tests and Apple Wi-Fi Analytics.
And now we’ve recently added Cisco AI Network Analytics to the Cisco DNA Center arsenal, which brings the power of machine learning to better pinpoint problems and provide more accurate remediation guidance.
How do the others stack up to Cisco DNA Assurance?
Aruba Assurance has three separate wireless assurance solutions:
Aruba NetInsight, a cloud-based assurance platform
Aruba User Experience Insight (previously known as Cape Networks), a sensor-based assurance platform
Connectivity Health, a part of Aruba Airwave platform.
Huawei has two solutions:
CampusInsight, their network assurance platform
eSight, their network management system which offers monitoring and basic diagnostics
Miercom Puts Cisco DNA Assurance to the Test
Miercom, a 3rd party vendor, produced an independent report that compares the publicly available versions of Cisco DNA Center, Huawei eSight and Aruba Connectivity Health. Miercom tested four issues that are common in any network and gauged how each platform helps a network admin to troubleshoot and resolve them.
What was tested?
DHCP Problem: DHCP pool exhaustion, which can leave clients stranded without an IP address after they connect to an access point.
RF Issues: How the systems dealt with a wireless client that was forced to join a crowded 2.4GHz band as the client couldn’t properly connect to the weak signal of the 5GHz radio of the access point
Proactive Testing: The ability to proactively monitor the network via sensors and sensor-driven tests so that a potential issue or an anomaly can be detected and resolved before it turns into a major alert.
Troubleshooting: The diagnostic efficiency of the Assurance platform to isolate a device or interface where a problem exists by examining the network topology through tools such as path trace
What were the results of the tests?
Cisco DNA Assurance:
Miercom concluded that Cisco DNA Center performed the best of all the tested platforms. It excelled in each test case by offering a detailed root cause analysis and step by step remediations for each issue.
The Cisco active sensor supports more than twice the test cases than Aruba Connectivity Health Sensors. Only Cisco offers a view of the physical connection of the devices with health as well as a logical connection through path trace tool that gives a full view of the end-to-end connection of a client.
Aruba Connectivity Health partially satisfies some of the use cases, but it doesn’t go beyond basic pre-connection statistics and lacks in providing detailed analysis of a network problem. Huawei eSight attempts to display some RF related issues but, like any network monitoring tool, it forces a network admin to search for an issue rather than displaying it on the dashboard for faster analysis and resolution.
To learn more about how Cisco DNA Assurance is ahead of the field , download the full Miercom report.
And learn more about how you can base your complete intent-based network on the Cisco DNA architecture here.
This post is a part of a series on Cisco DNA Center.
How can I get full visibility into all IT assets that I own and use?
How can I control and centralize access to my IT assets and entitlements?
How do I manage my IT assets and associated entitlements in a cost-effective way?
I already have an ITAM solution to manage all my procured assets from multiple vendors, can I integrate with Cisco for the investments we have made with Cisco?
How do I automate license deployments and management from our environment with Cisco’s cloud-based licensing platform?
These are questions that I hear from IT managers and administrators every day. That’s why I am happy to tell you about our secure interoperable asset and entitlement management platform —My Cisco Entitlements (MCE). Based on the principle of transparency, standards and security, My Cisco Entitlements provides a convenient platform for customers and partners to manage all their post-sales Cisco IT assets and entitlements.
Smart Accounts – The Foundation of MCE
Smart Accounts and ISO Compliant Application Programming Interfaces (APIs) provides the foundation for MCE. Cisco Smart Accounts were initially created as a time-saving way for customers to organize, use, and manage their Smart Licenses and associated entitlements. MCE extends the concept of Smart Accounts to manage all of Cisco licenses, devices, services, and subscriptions. For Cisco, this is the first time we connect the services and licensing worlds. It brings together license deployment information such as serial numbers with service product identifiers.
Benefits of MCE—Full Visibility, Centralized User Access, and Actionable Insights
When MCE connects services and licensing together, it provides benefits such as full visibility to all assets and entitlements, centralized user access management, and simplified install base reconciliation. Smart Account admins can control access on who views and manages assets.
The MCE dashboard summarizes the health of your products and services. It identifies risk areas such as upcoming Contract Expiration and Last Date of Support (LDoS) dates. For a specific insight, you drill down and view details. Then you can export and act based on this information.
By providing multiple interconnected views, MCE simplifies install base discovery and reconciliation. The “Devices” view captures all of the service coverage and related telemetry data. In addition, users can view all of the licenses deployed on that device enabling them to initiate device-led operations such as license rehosts.
We’ve normalized a “License” feature-based view across classic, smart and cloud licenses. No matter how you purchased the license – individual or bundled in an Enterprise Agreement – you will see it in one inventory. You have the ability to see the service coverage or subscription, as well as all of the devices where that license has been deployed.
The “Service and Subscriptions” view captures all of your technical support contracts and software subscriptions in one inventory. You can also view links to the licenses or devices covered in any contract. Using various views and functionalities like global search, users can quickly search across device, licenses, services, and subscriptions to find all related data for their search term.
Automation and Scale with APIs
While we’ve built these experiences for online access, we recognize that automation of the tasks required to keep your records in sync with Cisco needs to scale. Customers and partners are increasingly adopting IT Asset Management Systems to automate tasks in maintaining compliance across vendors. These tools manage entitlements from Enterprise Agreements, purchases, and other records to automatically determine and optimize assets and entitlement positions against discovered hardware and software.
To execute these tasks in a cost-effective way, MCE will allow all operations available online to be executed with ISO standards-based APIs. Using the same secure Smart Account, customers and partners will be able to maintain their investments in multi-vendor IT Asset Management solutions without the redundant and manual operations to keep them in sync.
MCE allows integration of all online functionalities to be executed with ISO standards-based APIs. MCE also provides service automation platforms for license generation, consumption, and reporting. In the future, we will offer MACDs (Move Add Change Delete) for service SLA management. Integration for Partner Support Services (PSS) to route cases to partners will also be available.
IEC/ISO 19770 Compliant XML for software, hardware and agreements
Smart Account structure and user access management
Asset Management (MACDs)
Direct transaction processing such as Download SW, Case Open, License, SaaS Consumption Management
MCE delivers on our vision for secure, interoperable Asset and Entitlement Management with customers and partners. I look forward to sharing more in the future as we continue to evolve our capabilities. Stay tuned and be sure to check out www.cisco.com/go/mce to learn more.
Wireless networks have helped millions of employees connect to corporate networks and the Internet. But thinking about Wi-Fi as simply a tool to connect people to networks is incomplete. Instead of viewing wireless networks simply as a way to move data, we should really be thinking about Wi-Fi as a tool to drive business outcomes. For starters, we can use location awareness that the infrastructure provides about connected things and their users. Machine learning can aggregate millions of anonymized data points on wireless network usage, and create insights that can spur our digital transformation.
Don’t get me wrong. A wireless network is still great at powering the modern office. It allows employees to take their phones and laptops and log on without being tethered to a desk. It’s also a necessary amenity for visitors to your facilities. But if you configure your wireless network in the right way, there’s a vast amount of telemetry you can collect about not only user and device connectivity but also application performance. That data, in turn, can enable workplace digitization and personalization, in ways that go straight to your bottom line.
The Mobility Imperative
Today, for example, employees waste a lot of time when moving around a campus. A lot of the time they’re looking for available conference rooms, which seem to always be in short supply. Wouldn’t it be great if the wireless network could tell them which conference rooms were currently empty, as well as where the colleagues they were supposed to be meeting with are at that moment? How much time would that save your company every month? Digitizing physical spaces will allow employees to use their time more efficiently.
Even better: What if they didn’t have to suffer that endless commute to the office every morning? What if they could check into any office near their home, log into the corporate network, and have everything they need to get the job done, no matter where they are? How much happier and more productive would they be? Personalization will become increasingly important to employers, just as it is to consumer-facing industries such as retail, hospitality, and healthcare.
Much has been written about how IoT is changing the manufacturing process and supply chain, but it will also have profound impacts on the office. When you walk into that conference room and it recognizes you, sets the lighting exactly the way you like it, and fires up the devices you like to use, that’s a nice perk that makes work a little more pleasant. But when it automatically turns off the lights and HVAC when no one is the room and saves the company 10 percent on its electricity bills, that’s a change your CFO can get behind.
Value Beyond Connectivity
The wireless network is where Information Technology (IT) and Operational Technology (OT) meet, providing improved efficiency and performance. Today, IoT solutions are fragmented. Besides millions of unsophisticated devices, there are a variety of incompatible communications protocols, operating systems, and tagging systems. Eventually, we believe common standards will win out, and sensors will become plug and play.
Similarly, while many organizations have implemented these kinds of capabilities as pilot programs or in limited locations, they’ve been expensive and difficult to scale. However, this is starting to change, and it’s something we at Cisco are keenly interested in. We are helping customers in verticals like retail, hospitality and healthcare to build fully automated infrastructures that provides full network assurance while providing connectivity to the multitude of IoT devices. Cisco’s intent-based networking architecture enables segmented network access for IoT devices with policy-based automation and integration of the IoT and IT infrastructure.
While we’re doing this, we’re anonymizing private data like IP addresses, personal information, and so on. We will ensure data protection, privacy and security, and adhere to existing and emerging regulatory frameworks, such as GDPR.
The abilities to digitize and personalize the workplace are already enabled in Cisco’s DNA Spaces, built into every Cisco or Meraki access point. Cisco DNA Spaces is in part indoor GPS for devices, allowing administrators to locate every machine that’s logged onto the network, in every building on campus, down to the floor level. Cisco’s next-generation Access Points with built in Bluetooth Low Energy and Zigbee capabilities will be able to provide even better location analytics and services.
Because you must log in to the network to use DNA Spaces, the network knows who you are, which means it can start to personalize your digital workspace based on your habits and preferences. It’s the beginnings of Office as a Service, where employees are no longer dependent on a particular building and can work wherever they want.
Transformation happens when organizations take existing resources and find new use cases for them that drive productivity, increase revenue, lower expenses, or help launch new lines of business. Every business in every industry needs to discover the use cases and technologies that provide the best ROI for them. More importantly, establish security, and data protection programs where users can choose how they want to proactively drive the value exchange.
My advice: Don’t overlook your Wi-Fi network. It could be the secret weapon in your journey to digital transformation.
Organizations need to be agile, flexible, and visionary. Now with My Cisco Entitlements (MCE), you have a platform that can help you achieve this.
I am proud to share Cisco’s official introduction of My Cisco Entitlements (MCE) for our customers and partners. MCE is a comprehensive lifecycle management platform that is robust, unified, and secure. Based on Smart Accounts and ISO Compliant Application Programming Interfaces, MCE provides customers and partners the flexibility to self-manage all Cisco IT purchases. We anticipate that MCE will rapidly lead the way in how our customers and partners manage their post-sale Cisco IT assets and entitlements.
Helps Organizations Maximize their ROI and Minimize Risk
This innovative new platform empowers organizations to maximize their return on investment, reduce risk and protect investments. It provides real-time insights into all Cisco services, subscriptions, licenses, and devices throughout their lifecycle. With a comprehensive view, IT and network administrators have the visibility and control they need to make well-informed, cost-effective, and compliant decisions.
IT Teams Drive Improved Business Operations
By generating MCE’s dynamic analysis and reports, IT teams have access to valuable information to drive improved business operations. For example, the last day of support (LDoS), renewals, and subscriptions are effortlessly identified by using sort and filter features. As a result, cost is optimized and risk is reduced as they proactively plan usage and renewal of products and services.
Customers Manage Investments With Cisco More Effectively
Customers can also maximize the return on their investment by leveraging products and services usage insights. This customer-based platform simplifies how end customers manage their investments with Cisco effectively. In the future, Cisco partners can build and monetize asset and entitlement management practices for their customer base.
Taking Smart Accounts to the Next Level – One Unified Platform
As you may recall, Cisco introduced Smart Licensing and Smart Accounts to simplify and streamline software purchases, transfers, and activations for our customers. Built on the foundation of Smart Accounts, MCE takes this same concept to the next level with the integration and management of all licenses, devices, services, and subscriptions on one unified platform. MCE offers customers crucial insight into what they own and how to manage their assets even more effectively. Even better, it provides secure and consolidated user access.
The unified platform has been in pilot for the last five months, with more than 400 customers participating in beta testing. Since we began the pilot program in February, based on customers’ feedback, we’ve been able to uplevel MCE’s capabilities to better serve end users needs. Now, MCE is available to anyone who signs-up via this survey and has a Smart Account with Cisco.
Customer feedback from our pilot users has been incredibly positive. The most common feedback is that they love the one-view dashboard, sort, and filter features, and how key information, such as the last day of support and service coverage, is consolidated into one view. MCE simplifies the way information is managed.
We continue to integrate future release features and capabilities to enable our customers to be successful in an increasingly connected world – with security as a top priority. We can expect the increased use of telemetry in the coming year will provide proactive device health information and drive automation to workflows as needed to avoid delay and overhead.
My Cisco Entitlements connects your Smart Account, licensing, asset management, entitlement management and services to drive your digital business. As customers continue to find new ways to maximize ROI, reduce risk, and protect investments, MCE is poised to lead the way in the digital transformation era.
In the coming years, it’s imperative that every leader in every industry and organization is lock-step with the quickly shifting landscape of technologies to be competitive, increase revenue streams, and meet the needs of their customers. MCE is our solution to help meet these needs as technologies become even more and more complex. This solution offers our customers and partners a new way to protect their valued investments and minimize risk.
I look forward to sharing more about MCE as it evolves. Please visit the MCE cisco.com page to learn more. Sign up for MCE and get started today – it’s fast, easy, and free.
Thanks to intent-based networking (IBN), your IT team no longer needs to panic when it’s asked to support a new business initiative, acquiring a new team, or onboarding new applications. With IBN, IT teams can quickly set up the appropriate networking policies to support any new need, in any domain: campus, branch, WAN, data center, or hybrid clouds.
Today, Cisco is taking major steps to link the management of these domains together.
Each domain has its purpose
Why do we need these integrations? Why not just have the entire enterprise network run as a single fabric?
In the real world, each network domain serves a unique set of requirements. The campus network handles wired and wireless clients with high mobility demands and varying identity mechanisms. The WAN finds the most efficient route from user to application through the multiple connectivity options. The data center delivers high east-west bandwidth and control, integrating with virtual machine and container environments.
It’s not enough to have intent-based networking only within these silos.
Imagine a situation where your application service requirements, user experience needs, or segmentation policies are translated and applied to only one network domain – and not the others. What would that mean for your overall performance and security requirements? Your IT teams for each of the domains would need to share, translate, and implement policy in own environments. All manually. With the rapid pace of change, would that even be possible?
We need to stitch these fabrics together – automatically and seamlessly – to achieve the full business intent.
The automated integration of policy between domains is the best way to preserve domain uniqueness and still provide consistency and management. With policy integration, each domain, while functioning independently, can collaborate with others for the benefit of the entire network. You can define a policy once, apply it everywhere, and monitor it systematically to ensure it is realizing its business intent.
Towards an intent-based architecture
Cisco is taking steps to stitch the domains together. Not by making them identical and bringing them down to the lowest common denominator, but by having them share policy elements, so that they can cooperate with each other to fulfill the collective intent.
Our new policy integrations will provide complete end-to-end network segmentation, application experience, and security.
Segmentation policy integrations
Segmenting a network reduces congestion, improves security and compliance, and contains network problems. In the campus, Cisco’s SD-Access solution uses (and improves on) this technology to group users and devices within the segments it creates according to their access privileges. Similarly, Cisco ACI creates groups of similar applications in the data center.
When integrated, SD-Access and ACI exchange their groupings and provide each other an awareness into their access policies. With this knowledge, each of the domains can map user groups with applications, jointly enforce policies, and block unauthorized access to applications.
In another segmentation policy integration, Cisco SD-WAN connects with SD-Access and distributes user and device groups between an organization’s campus and branches, covering them all in a seamless access fabric. Access policies defined by SD-Access now apply consistently across all the organization’s sites.
Both these policy integrations together allow uniform access controls to be applied to users, devices, and applications regardless of where they connect to the network, or are hosted and how they move between sites, or between data center and cloud. The integrations help avoid the complex configurations and frequent changes that would be required to achieve the same objectives.
Take the example of an IoT installation. There may be thousands of IoT devices distributed throughout the enterprise, and applications in the data center they access. With segmentation policy integrations between SD-Access, SD-WAN, and ACI, the network can limit the access of these devices to just those applications, no matter where the devices and applications reside, and where they move.
Application experience policy integration
Ensuring that users have a good quality of experience when they run applications and access data in data centers and clouds is a high priority for IT. It’s always been hard to implement it end-to-end.
With policy integration between ACI and SD-WAN, application SLAs can be defined in the data center and propagated automatically to SD-WAN, which can then properly prioritize the traffic as it travels to users in campus and branches. The SLA propagation can save network operators from having to define these parameters manually in SD-WAN and update them every time the application or business needs change.
Going back to our IoT example, such an integration would ensure that any urgent action that needs to be communicated between a device and the controlling application is prioritized through the SD-WAN.
Security across domains
Security must be integrated into networks. It can’t just run at the perimeter. Integration between security and the network allows security applications and the network to work together to reduce time to prevent, detect, and mitigate threats.
Cisco’s security applications are pervasive and built-in into campus, branch, WAN, data center, co-location centers, and cloud. They protect users, no matter where they might be, as they access the internet or applications running in their data centers, hybrid clouds, or by a SaaS provider.
With these policy integrations, we are delivering on our commitment to help our customers manage and orchestrate enterprise-wide networks. As our customers transform their businesses, they can confidently depend on the network to support them in every step of their transformation journey.
Technology is leading a change in business landscape driving the need to go digital. Data plays a pivotal role in this digital transformation delivering outcomes that we could not comprehend a few years back. The deluge of data driven from end-points, applications and the network itself can be overwhelming unless there is an astute way to govern the data and gain insights.
Catalyst 9000 series of switches, Cisco’s flagship enterprise switching portfolio delivering Intent Based Networking (IBN) runs a modern, modular and model-driven operating system stack, Cisco IOS® XE. Powered by Intel x86 CPU, Catalyst 9000 series now supports secure Docker container based application hosting environment, starting with the Catalyst 9300 switches. Users now have the option to either build their own apps or host any off-the-shelf apps to enable network monitoring/troubleshooting, security or IoT related outcomes.
One of the key areas of focus while developing this capability was around security and performance implications that the hosted app would have on the mission critical infrastructure itself. Our implementation ensures that the Docker container is isolated from the host operating system which guarantees that any malware or vulnerabilities on the App itself will NOT compromise the system. Secondly the Docker container is allocated dedicated compute, memory, storage and network connectivity to ensure that apps running in the container do NOT compete with Cisco IOS® XE for hardware resources. Finally any app related data stored on non-volatile memory is secured using 256-bit encryption to prevent data compromise in the event attackers gets physical access to the switch.
Ability to orchestrate the hosted app across thousands of switches distributed across hundreds of physical locations is critical to meet the scale requirements of our large enterprise customers. Cisco DNA Center now supports the complete lifecycle management of hosted applications with few clicks of a button.
One of our key goals is to use the Catalyst 9000 series as an enabling platform and cater to the diverse set of our user-base that span across all verticals and geographies. DevNet Ecosystem Exchange is Cisco’s vehicle to nurture a rich ecosystem of apps for Catalyst 9000 series and provide users the ability to pick their choice apps. Partners and solution providers are now welcome to submit their solution through Ecosystem Exchange. We are also introducing Application Hosting sandbox on DevNet to support application developers.
“Application Hosting capabilities on Catalyst 9000 switching platform sets Cisco apart from their competition. No one else in the industry is allowing you this access. When you couple Catalyst 9300 with Application hosting and Cisco DNA Center, it gives you more power and capability than you ever had before.”
— Dave Benham, Mobility Practice Director, Presidio
”With the app hosting capability, we will now be able of installing probes across the entire network allowing us to generate real data traffic and detect any loss of performances. Moreover, the Dockeroriented solution allows us to leverage our current and future investments (on Catalyst 9300) without adding extra costs in physical probes. We also skip the painful management and configuration tasks of those probes through the very easy-to-use DNA Center interface.”
— Frank Weiler, Network and Telco manager, City of Luxembourg
“We (Conscia) are excited how easy it is to quickly put Dockerinstances in the network edge layer using the App Hosting on Catalyst 9000. App hosting opens up new possibilities for distributed architectures with automation and IoT with the help of local data processing in the edge.
— Stefan Ehrson, Senior Network Engineer, Conscia
Edge compute is now possible with Catalyst 9000 series switches. Application hosting on Cisco’s intent based networks allows network operators worldwide to harness the power of data and gather insights at a scale that was never possible before. Be a part of this exciting adventure!
Artificial intelligence is changing how we manage networks, and it’s a change we need. Because as we rely more every day on networks and networked applications to keep businesses agile, secure, and competitive, we also need more advanced tools to keep on top of the networks themselves. AI will us make network operations simpler, smarter, safer, and speedier. They help us manage our networks at machine speed.
In this and upcoming blog posts I’m going to discuss how AI technologies will apply to networking.
Before I do, please keep in mind that AI is a large and growing field, with several branches. In networking, there are three subfields of AI that are most relevant:
Natural language processing (NLP), which includes speech recognition and natural language understanding.
Machine learning (ML), in which we use data to learn patterns, so we can form inferences on new data for tasks like classification or prediction.
Machine reasoning (MR), which includes using domain-specific knowledge bases (facts, relationships, and rules) and manipulations of the knowledge to answer questions.
I’ll refer to “AI” if I mean multiple of the above or related techniques. I’ll refer to a single technique if I want to be more specific.
A Standard Scenario
To make our discussion more concrete, let’s examine a task many network managers have to handle, and explore how AI in an intent-based network (IBN) architecture can improve the experience — for both end users and IT staff. Here’s our scenario: We work at a company with an international footprint, and we need to set up a company-wide video all-hands meeting, for all our locations around the world. It’s important that everyone can view this call with high-quality, low-latency video, and that they can send high-quality video into the call too, when it’s time for the Q&A.
We will need to prepare the network and application services to make sure we meet our goal of giving everyone a high-quality experience, no matter where they are and no matter what happens to the networks inside or outside the company.
This would generally require a large amount of human-driven preparatory work. Often there are subtle problems that are difficult to detect or predict prior to the event, even in a testing scenario. During the event itself, if any issues arise, it will likely be impossible to identify and fix the problem in time. In fact, during an event it generally is not possible to know how the event is going for all users, without them submitting real-time feedback.
The Modern Solution
A modern, intent-based networking architecture gives us a fighting chance to overcome these challenges. With IBN, we express networking as four conceptual functions: Translation, Activation, Assurance, and Infrastructure. These functions take our Intent and turn it into reality.
In the diagram below, we see the physical and virtual infrastructure — wireless access points, switches, routers, compute, storage — at the bottom. To make the infrastructure do what we want, we use the Translation function near the top to convert the intent (what we are trying to accomplish) from a person or computer into the correct network and security policies. These policies then must be activated on the network. A deeper dive on IBN is given in this white paper I co-authored, Intent-Based Networking: Building the bridge between business and IT.
Of course, we not only want to activate the policies, but we also want to assure that the network is providing the service as intended. Assurance is powerful, and relatively new capability for networks.
Likewise, Activation may be familiar to those aware of software defined networking (SDN) architectures. But IBN improves on it with the Translation and Assurance functions, which form a valuable feedback loop. In addition, the IBN architecture provides the capability to gather telemetry from across the network. As we’ll discuss, the data-gathering is critical to feeding the various AI engines, thereby improving network performance, reliability, and security.
Conceptual view of Intent-Based Networking, illustrating the four key functional blocks and how AI powers the feedback loop.
The Role of AI in Intent-Based Networking
So how does AI help? It starts at the top, with codifying the core of IBN – the intent of the network operator. The Intent the operator expresses, in human language or through a more traditional interface, must be translated into network and security policies. This step can use natural-language processing (NLP), as well as forms of machine learning (ML) and machine reasoning (MR). It is often especially important to use machine reasoning, to leverage domain-specific knowledge about networking to determine how to realize the desired intent in the given network context.
Then the Activation step kicks in. It takes the network and security polices codified by the previous step, and couples them with a deep understanding of the network infrastructure that includes both real-time and historic data about its current behavior. It then activates or automates the policies across all of the network infrastructure elements, ideally optimizing for performance, reliability, and security.
In our example, it’s the Activation step that determines how to provision quality of service (QoS) at each infrastructure element across the global network to provide the desired high-quality video, while ensuring other important network tasks also operate as intended. Activation could also apply ML to predict where employees will be throughout the world at the time of the video call, so it can provision adequate bandwidth and processing based on their locations. Accurately identifying, ahead of time, which regions will have attendees in an office, and which will have more employees at home or on mobile devices, can significantly improve the user’s experience as well as cost-efficiency of the network itself.
In some cases, it may even be possible to predict that a user may not have sufficient bandwidth in their location. They could be notified in advance that if they want video they should go to their office, or else they will likely only receive audio.
But how good will the AI-driven Activation of our network equipment be? How will it adapt to real-time network changes? The Assurance component is what checks that the network is providing the service the intent calls for and the Activation step implements.
First, the Assurance step processes an immense amount of real-time data, using AI to surface only the factors that could apply to the issue at hand. For example, Assurance will watch the onboarding time (time to attach to a Wi-Fi access point) of all devices on the network. Assurance will tell us if onboarding times in a particular region are outside the bounds of normal fluctuation, possibly the result of a service issue, security incursion or other factor.
During our global, all-hands video meeting there is likely to be a massive spike in terms of people connecting at the start of the meeting. With ML in the Assurance system, we can determine when an unusual onboarding time is a problem, or just reflective of the global all-hands video meeting.
By using ML and MR, Assurance can also sift through the massive amount of data related to a global event to correctly identify if there are any problems arising. We can then get solutions to these issues – and even automatically apply solutions – more quickly and more reliably than before. For example, Assurance could identify that the WAN bandwidth to certain sites is increasing at a rate that will saturate the network paths, and it could proactively reroute some of the flows through alternative paths to prevent the problem from occurring. In prior systems, this problem would typically only be recognized after the bandwidth bottleneck occurred and users experienced a drop in call quality or even lost their connection to the meeting. It would be challenging or impossible to identify the issue in real time, much less to fix it before it distracted from the experience of the meeting. Accurate and fast identification through ML and MR coupled with intelligent automation through the feedback loop is key to successful outcome.
We are able to successfully perform Assurance for several reasons. First, we have very deep expertise in designing, running, and debugging networks. Second, we have designed our networking gear from the ASIC, OS, and software levels to gather key data, via our IBN architecture which provides unified data collection and performs algorithmic analysis across the entire network (wired, wireless, LAN, WAN, datacenter). Third, because we have been the #1 enterprise network vendor for the past 20+ years, we have a massive collection of network data, including a database of problems and associated root causes. And fourth, we have been investing for many years to create innovative network data analysis and ML, MR, and other AI techniques to identify and solve key problems.
This combination of capabilities enables us our products to quickly identify if a problem exists, its associated root cause, and to identify fixes to solve it. The network operator can accept the proposed fixes and then they are applied. The feedback loop continues and we gather more data to determine if the network is operating as intended. If not, we identify why and continue to improve the network.
Closing the Loop
AI amplifies the powerful capabilities of intent-based networking: It can accelerate the path from Intent into Translation and Activation, and then examine network and behavior data in the Assurance step to make sure everything is working correctly. Activation uses the insights to drive more intelligent actions for improved performance, reliability, and security, creating a virtuous cycle of network optimization. Prior architectures, such as SDN, only had the feedforward path of automation.
I also want to stress that the feedback the IT user gets from the IBN system with AI is not a flood of arcane telemetry data; instead it is valuable and actionable insights at scale, derived from the immense data and behavioral analytics using AI. The feedback loop illustrates how IBN and AI amplify each other in ways not possible before.
We envision many more exciting AI capabilities in IBN networks in the near future.
Co-authored by Siva Nittala, Switching Product Manager, Cisco
The lineup of Catalyst 9300 series switches includes two new additions which are built from the ground up for intent-based networking. The Catalyst 9300 1G fiber switches provide a seamless migration path from Catalyst 3850 Fiber with better price-to-value, avoiding cable upgrade expenses, for a reduction of total cost of ownership. These new models expand the Catalyst 9300 series to fiber to the desk and 1G fiber aggregation applications. Optimized for 1G wired access, the C9300L models are the fixed access replacement for the Catalyst 3650 series, with Fabric-in-a-Box capability that makes them ideal for business-critical branch deployments.
All these new switches offer the same benefits of higher availability, greater speed and capacity and more advanced security and programmability that are found in the rest of the Catalyst 9000 switch family.
Catalyst 9300 1G fiber: great for aggregation
By replacing your Catalyst 3850 switches with Catalyst 9300 1G fiber switches, you’ll gain many security benefits common to the rest of the Catalyst 9k family. This is important in a world where securing your network is ever more challenging because of increasing network complexity, increased scale of attacks, and greater sophistication of the methods used by attackers.
New security solutions you’ll be able to use include MACsec 256 link encryption and Encrypted Traffic Analytics (ETA). The Catalyst 9300 1G fiber switches also broaden the deployment of SD-Access. Now, Catalyst 9300 stacks can connect to extended nodes with the fiber interface.
Fiber to the Desktop is back with a bang
While running fiber to the desktop (FTTD) isn’t a common practice, given the traditionally high cost of installation for fiber cables, some network administrators find that it is the right solution for certain scenarios. These are situations in which high speed connectivity and greater throughput are demanded. In these cases, the Catalyst 9300 1G fiber 24- and 48-port switches are an excellent option to have at their disposal.
Here are some of the use cases for FTTD:
High bandwidth applications, like media and entertainment.
Extreme physical conditions, like manufacturing where operating temperatures and length of cable runs make copper less than ideal.
Low latency usage, such as financial trading desks
Security-sensitive installations, where FTTD can reduce risk of data leakage and disruption
Speaking of cost, it’s important to look at more than just the cost of copper cabling versus fiber optic cable. There’s also the wiring closet, with all of its requirements for conditioned uninterrupted power supplies, HVAC costs, data ground and just plain extra space. When setting up a completely new network, FTTD can actually be very competitive with copper because the higher bandwidth and longer cabling runs allow for more optimized layout of the network. The Catalyst 9300 1G fiber switches provide the lowest total cost of ownership of any solution currently in the market, since it is an integrated solution.
Catalyst 9300L for the business-critical branch
The other new addition to the Catalyst 9300 series is a full complement of fixed uplink models, designated as 9300L models. These are ideal for branch deployments that need business-critical level of security, reliability and automation. These switches provide a great balance of performance and cost, allowing stacking of up to 8 boxes and providing higher performance scale and more advanced features than were available on the Catalyst 3650 switches these are meant to refresh.
Software-Defined Access with a single box
With full SD-Access functionality, the Catalyst 9300L switches provide fabric-in-a-box capability letting you deploy a network fabric without need for a second box to act as controller. This gives you benefits such as simplified provisioning, seamless campus-wide roaming, and a consistent experience across wired and wireless domains.
New models, same advanced security and programmability
As more users bring more devices to connect to the network, and as more applications require more diverse access to the cloud, networks are becoming more complex to manage and keep secure. These are the challenges that we at Cisco are solving for with the features found on all the Catalyst 9000 family of switches.
The Catalyst 9300 1G fiber and Catalyst 9300L switches provide advanced functionality such as model-driven programmability, a guest shell for on-box Python scripting, and app hosting, expanding the tools you have for managing and monitoring your network. These switches also provide the ability to use the same advanced security features as the rest of the Catalyst 9300 series, such as MACsec 256 link encryption, Encrypted Traffic Analytics, Full flexible Netflow and Trustworthy Solutions.
25 more reasons to migrate from Catalyst 3k
Looking for more reasons to select the Catalyst 9300 switches instead of something from the Catalyst 3k line? From greater scale an performance, to more advanced security and higher levels of resiliency, here are 25 more reasons to choose Catalyst 9300.
Whether you are looking for a switch that can act as a layer2/layer3 switch, for either core enterprise or distribution, the Catalyst 9300 series has a lot to offer for campus access networks. Read more on Cisco.com/go/cat9300.
At Cisco, one of our guiding principles is simplicity and convenience for our customers and partners. We believe that seeking and ingraining feedback in the future design and roadmap is a key factor which enables us to continually improve our products and solutions to solve real customer issues. In that vein, we received important customer feedback in three critical areas. Here is what you told us:
You want to see all of your purchases in a single view. Without full visibility into what you own and what you are using, your organization could fall prey to significant legal, financial and operational issues. Legal issues like software compliance and audits. Financial issues such as over or under purchasing or ineffective contract negotiations. And operational issues such as poor utilization of hardware and entitlements or expired service and support contracts. It is difficult, if not impossible, to properly manage what you can’t see.
You need to be able to easily view and control who has access to service transactions and data. IT Administrators need to be able see and manage who has access to what, at any given time. Roles change, people move in and out of an organization, projects start and stop. Admins need instant access and control to generate or re-host licenses, manage user roles, and be able to quickly turn off access to critical network assets and entitlements when needed.
There are too many tools and processes, along with multiple, uncoordinated touch points. Network infrastructures are getting more and more complex every day. With more tools, more portals, more subscriptions, more services, you need a solution that will consolidate all of the touch points and connect the dots for you.
Your feedback drove a new solution
My Cisco Entitlements (MCE) is a new, secure, user-friendly solution to manage assets and entitlements including technical support, software upgrades and downloads – all in one place, on one platform. MCE provides complete end-to-end IT infrastructure transparency. Building on the power of Cisco Smart Accounts, it brings visibility and control together on one platform that provides access to all Cisco services, subscriptions, licenses, and devices throughout their lifecycle.
No more portal hopping
With MCE you can now view everything in one place, instead of many. Real-time insights provide a forward view into products and services along with activation and utilization metrics.
A streamlined dashboard provides a customized view based on pre-selected filter choices. You can instantly obtain status on your systems and equipment, location of components, asset warranty, expiration dates, and more.
The flexible MCE platform provides the ability to:
Filter, sort, export, tag and organize assets and entitlements
Assign assets to Smart Accounts/Virtual Accounts
Open a new support case
Request software version upgrades on the fly
Providing insight into critical IT questions
IT managers and network administrators are confronted daily with questions that directly impact their organization’s investments. Questions like:
Are we fully optimizing the utilization of our existing assets and entitlements?
Do we need additional or fewer services, subscriptions, licenses, or devices?
What is nearing expiration or approaching end of support?
MCE provides valuable and actionable insights and answers to these important questions. For instance, MCE can proactively identify what’s at risk and the changes required to optimize an organization’s investment to its maximum potential. Dashboards and filters show usage metrics as well as service and support contracts that are near expiration. Additionally, an organization’s investments are protected with secure and consolidated user access management using MCE.
We’re not done yet.
In the future, MCE will offer self-service MACD (Moves, Adds, Changes, and Deletes) on assets and entitlements. It will be the unified entry point to access all of your Cisco products and services entitlements such as rehosting licenses, requesting an RMA, and registering products and services. Features such as device management APIs, customizable and actionable notifications and alerts, and legacy licensing capabilities will all be standard.
While this is a giant leap in the right direction, we are not done yet. We will continually strive to build upon the platform and deliver more value, insights and capabilities for our users. We appreciate the partnership and the straight talk with our customers and partners, which has enabled us to bring together this unique platform.
MCE delivers on our simplicity and convenience for customers and partners ethos and I look forward to sharing more in the future.