GreenPages Solutions Architect, Kevin Dresser, recently attended Cisco Live 2017 in Las Vegas. Here are his hightlights and thoughts from the conference:
I arrived a day early to Cisco Live to attend a technical seminar on Cisco’s Application Centric Infrastructure (ACI) which is their software-defined-networking solution for the Nexus Data Center platform. ACI has been out for over two years, however, this year’s conference had a great deal of emphasis on the fundamentals of ACI and taking these beyond just the data center. The theme this year was “The Network. Intuitive.” and just a week prior to CiscoLive was a major announcement of intent-based networking solutions under the Cisco Digital Network Architecture (DNA) portfolio.
The graphic below shows the core ACI fundamentals that tie together the analysis services, the defining of network functions and the provisioning and configuration of devices.
The opening keynote highlighted three core challenges that Cisco's vision is now focused on: Scale, Complexity, and Security. Cisco CEO Chuck Robbins stated that "in 2020, as many as 1 million new connections will be added to the internet every hour". The reality of this type of continuous growth of connected devices is where reducing complexity becomes a necessity. And as that network footprint grows, so does the threat surface. The emphasis on security was paramount and needs to be built into everything. The messaging from Cisco around this new era of networking is that their intuitive network, “powered by intent and informed by context”, will provide a secure, intelligent and adaptable platform. At the core of this intuitive network is the vast amount of data points that are available from these network connected devices. Last year’s Tetration and AppDynamics acquisitions are now integrated into the network to bring analytics to the DNA portfolio and leverage the huge amounts of data points that are available from these network connected devices. One example of how this will work is “Encrypted Traffic Analytics” which will look at network traffic and perform packet analytics that can accurately detect threats in encrypted traffic with more than 99 percent accuracy. ETA will accomplish this by looking at packet meta data and flow dynamics without needing to decrypt the data which has always been a resource intensive bottleneck. Another major benefit of network data analytics is in the information learned about the network to help significantly reduce the time administrators spend on problem identification, troubleshooting, and resolution.
One last item to mention regarding the keynote was the announcement of the Cisco Security Connector for iOS. Apple CEO Tim Cook joined the stage with Chuck Robbins to discuss the Cisco/Apple partnership and how they are committed to enterprise network security. The Security Connector for iOS app will deliver visibility, control, and privacy to enterprise owned iOS devices and use existing solutions like Umbrella to prevent access to malicious sites whether on the corporate network, public wifi or cellular data connections.
Here’s a summary of some of the new products and solutions:
The DNA Center is a management dashboard and command center for all network functions. This is where Scale and Complexity are addressed by eliminating the need to configure individual devices through the traditional CLI. Auto provisioning and policy definitions are all centrally managed through the DNA Center.
The analytics and assurance platform continuously collects data from NetFlow, SNMP and Syslog sources to monitor device, user and application performance. The analytics and correlation of data help reduce troubleshooting time determining root cause and remediation of issues. Network traffic patterns and trends are also identified to help proactively plan changes before performance issues impact users.
The new Catalyst 9300, 9400 and 9500 switches come with custom built ASICs that are programmable, enabling software developers to leverage network resources to optimize their applications. The Catalyst 9000 is the ACI solution to the Enterprise as the Nexus 9000 is to the Data Center.
SD-Access will bring SDN to the Enterprise access layer. Segmentation policies for users, devices, and applications will provide greater security to the access network devices. Identity Services Engine will ensure user and device security policies are enforced as they move between wired and wireless connections. The DNA Center will provide auto-provisioning and management through the centralized UI and will tap into the network analytics platform for performance monitoring, management, and troubleshooting.
The following hardware platforms are supported for SD-Access:
Switches: Catalyst 9300, 9400, 9500, 3650, 3850, 4500E, 6500, 6800 and Nexus 7000
Routers: 4000 ISR and 1000 ASR
Wireless: 3800, 2800, 1850, 1830 and 1815 APs; 8540, 5520 and 3504 Controllers
Although not available until Fall 2017, Encrypted Traffic Analytics can accurately detect threats in encrypted traffic without needing to decrypt the data. The technology uses NetFlow and Stealthwatch to feed packet flow dynamics and meta data flow analysis to pick out threats with 99.9% accuracy.
The Threat Intelligence Director will be available on the FMC in Fall 2017 to enable 3rd party threat intelligence feeds beyond the current Talos services.
The Jasper service provides real-time control and visibility of IoT deployments using cellular data connections. New features include improved reporting, integration with other Cisco products such as Spark and Umbrella as well as an analytics package.
Kinetic is another IoT tool that compliments Jasper by working with wifi and wired endpoints and runs on the new Catalyst 9000 switches.
My takeaway from this year’s Cisco Live conference is that Cisco has really turned a corner on their movement towards providing software solutions for the network. Most significant is how they are integrating the analytics, automation and security solutions across many different network platforms. Changes are coming in the way we design, implement and support networks.
By Kevin Dresser, Solutions Architect