1 2 Previous Next

Enterprise Networks

17 posts

As a long time networking veteran, I’ve watched our industry change and respond to a wide variety of disruptive changes. I remember PictureTel ISDN videoconferences on the IBM PC. Then came  IP video conferencing in the early ’90s.  Things picked up 1991, when Microsoft launched Windows Media Player 1.0.

Though Windows Media Player and Microsoft Multimedia Extensions arrived without much fanfare, they ushered in the ability to record and playback audio, and display high-performance graphics on the desktop PC — a feature, prior to that time, reserved for high-end graphics workstations such as the Commodore AMIGA.


But these capabilities were the foundation that led to video streaming in 1995. And, as we know, the future of the Internet, and the network, would never be the same.  (Obligatory Rick-roll omitted)

Today, I watch younger generations (such as my own children) take for granted the networks that are all around them. Social media as we know it was (and is) clearly fueled by our endless appetite to create and share content with the whole world.  Unlike the Internet of the 1990’s, today, you can do it all from the palm of your hand.

Somewhere behind the scenes, racks of network hardware and software algorithms crunch billions of  digital fragments of information every second.  As a long time networking geek, I can’t help but marvel at how far we’ve come – creating intelligent networks that move and process billions of bits every second.  Despite the torrent of traffic, the networks are robust enough to perfectly deliver an 8 kbps voice call half-way around the globe, even as it competes with the million minutes of video traversing the network each second (that’s where we’re headed – according to the Cisco Visual Networking Index).

And while all this Internet trivia is fun – the fact is, the same  delicate dance is happening right now on networks in your business, school, or office. Today’s modern networks are an amazing combination of high performance hardware and intricate software which intelligently differentiates between “nice to have” and “business critical”. That software enables business continuity, disaster recovery, fault tolerance, and 24×7 operations. New innovations in software are streamlining automation and enabling new business processes. We are connecting things never before connected – the internet of things – in almost every industry imaginable: manufacturing, public safety, education, health care, transportation, and more.   Many of those new IP-enabled networks have required software innovations to deliver capabilities similar to the proprietary networks the devices once communicated on.

At the heart of all these innovations is a new breed of network software, one which is modernizing our business.   In this month’s Software Magazine, Cisco Sr. Director Dan Lohmeyer looks at the modernization of network software, and how it will change the way organizations think about their network and the capabilities it can deliver. I invite you to read Dan’s article here – http://www.softwaremag.com/the-modernization-of-network-software/ and join the conversation with us.

We are excited to share that Cisco will be participating in Networking Field Day 10 this year. Cisco brings together independent thought leaders and our engineers to share information and opinions in a two-hour interactive discussion format. If you cannot attend NFD10 all presentations will be live streamed from the Tech Field Day website.


These are the topics Cisco is covering this year at #NFD10:

Intelligent WAN (IWAN) Architecture: We are busting the myth that IWAN is part of a marchitecture and explaining DMVPNv3, Pfrv3, and AVC. We will also be expanding on how the IWAN architecture improves scale and performance while delivering better business outcomes for customers. Learn more about Cisco Intelligent WAN.

Branch Security: We will be showing how our security solutions simplify WAN provisioning. We will also explain how Cisco protects and hardens the network from outside attacks and security vulnerabilities. Topics covered during this presentation are Crypto, Certification CC, FIPS, NSA Suite B, and Security Designs. Learn more about Cisco Security.

Software Defined WAN (SD-WAN): Our presenter will be demonstrating how our APIC-EM Controller with IWAN App provides centralized configuration and orchestration for the WAN while doing a live demo. Learn more about SD-WAN.

Subu Subramanian.jpg

Subu Subramanian


I speak with Cisco customers regularly. The topic of the Internet of Everything (IoE) comes up often.  Put simply, their concerns can be summed up in a single question: How can I prepare for the network of tomorrow when it’s difficult to keep pace with managing the fast-moving complexity of my network today?

IoT: So Many Vulnerabilities. So Little Time and Resources. So Much at Stake.

Research firm IDC predicts there will be over 28 billion connected devices installed by 2020, while fellow analyst Gartner forecasts that 4.9 billion connected things will be in use in 2015, up 30 percent from 2014, and will reach 25 billion by 2020.

An example of one industry that’s moving to meet this opportunity is retailing. Like me, I’m sure you’ve noticed the change in your shopping experience — whether it’s contextual matching of products to your personal profile or in-store product or pricing comparisons using your mobile device.

But moving into the revolutionary digital retail environment enabled by the Internet of Things doesn’t come without risk. New connectedness brings new security threats. For the typical network administrator a major security issue like the Heartbleed bug can quickly turn into a bad case of heartburn. What’s the nature of the vulnerability? What devices are impacted? How do I respond? When you combine these questions with the day to day demands of directly supporting end-users, answering technical questions, resolving network issues, writing scripts, creating reports, monitoring systems and managing version controls, it’s not surprising that a network operations team can be overwhelmed. And that’s before the growing connectivity fueled by the Internet of Things.

Quickly pinpointing security problems among thousands of connected network devices is hard. But finding relevant security alerts has traditionally been a time-consuming, manual process complicated by the fact that even when an alert is found, a network administrator then needs to find the specific, impacted devices on his company’s network to protect them against risk. Now, compound the problem with the onslaught of IoT devices.


  Read full blog here>>


Proving the Value of SD-WAN

Posted by annduong Jul 14, 2015

In a recent TechTarget survey, it was noted that despite the hypes about numerous benefits of SD-WAN – one of which is the ability to create a hybrid WAN environment (i.e. MPLS and Internet or LTE links), something Gartner claims will be “the new normal,” – only 10% of enterprises plan to deploy hybrid WAN in the next 12 months. The greatest concern for the slow uptake is whether Quality of Service (QoS) can be done over Internet connections. In addition to that, management complexity and security vulnerabilities by going to Direct Internet Access (DIA) are also top of mind. Of the 1,437 that were surveyed, 54% is still in the consideration stage about SD-WAN, and the number one considering factor is to reduce WAN costs. This is not a surprise, but a perplexing issue for CIO, CISO, and IT Admins especially when analysts, like Gartner, and respondents in an April 2015 ETAB Survey, are prescribing SD-WAN as the enterprise’s top IT priorities for the next 3-year.


We will examine the following in this post: a) the State of the WAN in 2015, b) what we hear from customers, and c) a successful, real world SD-WAN deployment.


2015 State of the WAN

Even after years of virtualization and consolidation, the WAN is a still a manual-laden process. It takes a village (design engineers, IT managers, network admins, etc.) to install, configure, manage and load any part of the network. This challenge exacerbates multifold in remote locations. As orchestration and automation happens in the data centers and the continuous drive for less costly CapEx and OpEx deployments, legacy WANs constrained by expensive private MPLS links with low feature sets and manual builds are inhibiting enterprises’ ability to innovate. In the 2015 edition of Webtorials’ State of the WAN report, among its findings are the following:

  1. The primary factors driving change in the WAN are support for real-time applications, increasing security, and improving applications performance.
  2. The primary drivers for increasing Internet service use are public cloud applications and service, plus the support for mobile users and video support. By contrast, the most significant driver to MPLS was for support of intra-enterprise applications including data applications plus voice and video.
  3. The use of Internet backhaul is becoming critically important and more effective support of Internet traffic is potentially a major advantage of using Software-Defined WAN (SD- WAN) services.
  4. There is significant interest in the use of SDN in the WAN, even though this is a relatively new concept.
  5. The general perception is that the major drivers for SD-WAN implementation are “soft” savings including increasing flexibility, simplifying operations, and deploying new functions more quickly. However, network organizations should also look at the potential “hard” savings of reducing OPEX.
  6. The major inhibitors to SD-WAN implementation are the state of maturity of current products and services and a perception of added complexity.
  7. Multi-pathing is a significant component of SD-WANs, and most organizations have already made a significant deployment or will increase of this function.
  8. The majority of organizations are exploring or planning to explore SD-WAN alternatives.

Access the complete report here: 2015 State of the WAN report.


What We Hear from Customers

Adoption of BYOD, IoT, cloud apps, voices and video is ever increasing and constantly demands more bandwidth and quality end user experience. In addition to the eight findings (listed above), customers also want a way to manage the network similar to how they manage applications. An approach that is proven, simplified and secured, not just for cost savings. Exhibit A below shows a consolidated view of what customers are asking.

Screen Shot 2015-07-10 at 2.10.35 PM.png



The Value of SD-WAN

SDN brings many promises and with ONUG leading the industry in establishing an acceptable standard, technology leader like Cisco and its partner, Glue Networks, have solidified their offerings by ensuring their solutions are verified against the Top 10 Business Requirements (to learn more, read: Cisco IWAN Delivers on SD-WAN Business Requirements). SD-WAN, a part of SDN for the WAN, and its overlay approach opens up a world of simplicity not just for on-premises implementation, but also for cloud deployments. Organizations will reap both soft benefits and hard savings when they leverage the right solutions. For example, cloud-based automation enabled by solution such as Gluware delivers the following soft benefits:

  • Speed: Eliminates the manual building of WANs;
  • Agility: Quick configuration updates and IOS upgrades to meet changing business needs; and
  • Dynamic: Compatible with SDN & Cisco onePK for application aware WANs.

When combined with an end-to-end solid platform (routing, applications visibility, WAN optimization, and integrated security), like Cisco Integrated Services Routers, hard savings can be achieved in the following areas:

  • OpEx reduction by achieving ¼ vs. 5-7 FTEs via automated roll-out;
  • Costs savings through the use of broadband and MPLS for centralized hybrid WAN management; and
  • Consolidating multi-vendors costs by not having different hardware and software support and management.

Proving the Value of SD-WAN

MWH Global is a multi-national engineering firm with 7,000 employees in 180 offices across 6 continents. Its goal is to accelerate rollout of mobile project offices in remote areas, often with unreliable or unavailable Internet connectivity. To accomplish that, MWH must overcome three hurdles: 1) provisioning project office routers quickly and easily, 2) cost effectively managing and modifying technical features and services and 3) providing reliable internet connectivity in a timely fashion at a reasonable cost. Using solutions from Glue Networks and Cisco, MWH Global achieved its goal and much more. Among the benefits are the following:

  • Management: Manual Builds to Automated Networks;
  • Configuration: Box Centric to Network Wide;
  • Speed/Agility: Weeks/Months Rollout to Minutes Deployment; and
  • Interoperability: Closed System to Open System.


For full details on this deployment, check out Nate Chessin's blog post: Glue Networks SD-WAN Deployed at MWH Global. For a quick glance at how one can provision the network using Gluware via an iPhone, check out the demo at Cisco Live Milan below.

About this video: Glue Networks CEO Jeff Gray shares a live demonstration of the Gluware intelligent orchestration engine delivering SDN for the WAN: network automation, QoS, PfR.


Learn more from MWH Global

On RegisterJuly 22, 2015, from 10-11 a.m. PST, Cisco will host a webinar with MWH Global in joint partnership with Glue Networks. Claire Rutkowski and Andy Kimura, executives at MWH Global; Jeff Gray, chief executive officer of Glue Networks; and Robby Boyd, host of our TechWiseTV are the speakers. An overview of the agenda and link to register for both the live as well as on-demand sessions are available here: SD-WAN, A Real World Success Story.


In addition to that, on August 5, 2015, from 10-11 a.m. PST, Andy Kimura from MWH Global, Nate Chessin from Glue Networks, and Cisco technical lead, Pedro Leonardo, will return to have a deeper dive via #CiscoChat on Twitter. The team will explore further insights to help organizations navigate hypes and benefits of SD-WAN. Regardless of which stage your organization is at with SD-WAN, we encourage you to listen in and discover lessons learned from MWH Global’s successes. I look forward to your attendance at both events.


An Unforgettable Experience

It’s 6 a.m. on a Saturday. Filled with excitement and anticipation, I watched as my hot air balloon, the last one in the bunch, inflated. Around me, one after another, balloons started to float effortlessly off the ground into the air. The Napa Valley’s sun glittered in the distant as my balloon finally took off. At 1,050 feet, some fogs rolled by, then I saw it: a shadow of my balloon in the fog encircled by a rainbow – see the picture above. I quickly pulled out my iPhone 6, snapped a panorama, and posted it on Facebook. It was the most mesmerizing experience ever, not just because of the experience itself, but also because I can share it with my families and friends via 4G LTE. However, 4G LTE isn’t just for smartphones.


Connecting the Unconnected

The world of things, a.k.a Internet of Things (#IoT), around us is connecting in ways beyond imagination. According to a November 2014 issue of the Harvard Business Review, “Smart, connected products are changing how value is created…(and) will affect the trajectory of the overall economy, giving rise to the next era of IT-driven productivity growth for companies, their customers, and the global economy.” For example, just-in-time inventory replenishment, powered by connected vending machines, enables one business to capitalize on OpEx savings and increase revenue per unit. Wireless monitoring allows an oil and gas company to quickly respond to pipeline issues in rugged, remote locations. Connected lightning empowers one smart city to reduce crime rate and improve its residents’ quality of life. Even one’s personal space, such as the home, is becoming more connected with the use of #WEMO products and smart devices integration (those coming to #CES, you must see the Connected Home demo). This Digital Transformation, powered by 4G LTE, brings about considerable improvements in the ways we work, live, and play.


Connecting that Last Mile

For IT, such IoT connects the previously unconnected, creating new opportunities to deliver speed, scale, and value for Line of Businesses. Usually that is the case in most environments, except when it comes to unwired locations, i.e. remote or nomadic locations, rugged terrains that lack a wired internet infrastructure. How do you connect the unwired? The answer is 4G LTE.


OpEx Savings

One of the main benefits of 4G LTE is OpEx savings. As an alternative link, in place of MPLS or wired internet line, the reduction in costs could be at least three fold. A few proven use cases such as connected ATM machines, POS, and kiosks, have successfully leveraged 4G LTE.


Backup WAN

Organizations that made the leap, as much as 50% used 4G LTE connection as the backup link. Some benefits of wireless connectivity are a) not prone to tampering and b) timely emergency connectivity during outages. In situation A, a wire line can be physically cut, when, in most locations, the primary and backup MPLS are co-located. As for situation B, natural disasters such as hurricane Sandy could take out a regional wired link for a period of time. In both situations, 4G LTE is an effective and true WAN backup. 


My Organization Doesn’t Need 4G LTE.

I would caution those that quickly come to such conclusion. There is value harnessed by 4G LTE beyond CapEx and OpEx savings. Enterprises that only assess the present are blind sighted by the possibility and innovation 4G LTE could bring to its top line or add to its competitive differentiation. Businesses across verticals are harnessing 4G LTE to ride the Digital Transformation – see Figure 1. (Here is a collection of case studies across verticals for your perusal.)


Figure 1: Market Verticals Addressed by 4G LTE


So, what drive organizations to adopt 4G LTE? Let’s examine the reasons Markets and Markets states in its 2014 research.

  • Expanding businesses need options to bring fixed, temporary, and mobile sites online fast.
  • Networking communications are shifting from wired to wireless links because of their deployment flexibility and affordable cost.
  • Machine-to-machine (M2M) apps proliferate as the Internet of Things (#IoT) explodes.
  • They often require links to unwired, hard-to-reach places.
  • In 2015, there will be twice as many devices as there are people.


Determining the need for 4G LTE

To conclude whether your organization has a need now or will have a need in the future for 4G LTE, ask your Line of Business the following questions:

  1. 1. Disaster Recovery – Will our organization ever have a need for end-to-end redundant connections and backup?
  2. 2. Early Deployments – Will our organization ever have a need for deployment in remote, temporary, rugged terrains, or in locations that are hard to reach?
  3. 3. Temporary/Nomadic Deployments – Will our organization ever have a need for short-term/nomadic deployments, such as trade shows, temporary market assessment, and nomadic businesses in uncertain economic conditions?

Almost 4 out of 5 businesses across verticals will answer ‘yes’ to at least one of three questions. Knowing the answer is half the battle. Being ready is an equally critical half. So, where should you begin?


Learn More on June 24

On June 24th, from 10 a.m. to 11 a.m., Pacific Time, Alex Sahu, Cisco Product Manager, will present a live WebEx webinar on “Is Your Organization Ready for 4G LTE?” Here’s the agenda at-a-glance.

  • Impacts of IoT/IoE
  • Unconventional WAN Challenges (in the Digital World)
  • 4G LTE Evolution and Its Capabilities
  • How 4G LTE Improve Branch Flexibility
  • How 4G LTE Works
  • IT and Business Use Cases
  • Cisco 4G LTE Solution
  • Summary and Key Takeaways
  • Live Q&A with 4G LTE Experts

Register now.  See you on June 24th!


Until then, check out a @TechwiseTV video by Robb Boyd as an at-a-glance (click on image to play).

Screen Shot 2015-06-16 at 3.31.22 PM.png

(Now, back to my hot air balloon adventure)


Share Your 4G LTE Stories

Until the day Google perfects Project Loon (#ProjectLoon), balloon-powered Internet in the stratosphere (also leveraging LTE), 4G LTE continues to power my work, my life, and my learning in the Earth’s troposphere. How have 4G LTE impacted your life? Share your stories with me on Twitter @annaduong using hashtag #4GLTE.  

mala anand.jpg


Blog written by: Mala Anand

After several days of attending Cisco Live, I’m excited about what I’ve seen and heard. Not just from my Cisco colleagues but from customers who are transforming their businesses by using their networks in new and previously unimaginable ways. Today’s business call to action, “Disrupt or be disrupted,” couldn’t be more true.

In my blog before Cisco Live, I described how we decided to combine our two most popular enterprise support services to create one powerful and flexible service. Converging SMARTnet with Smart Net Total Care under the name of Smart Net Total Care allows you to choose the basic network support capabilities traditionally found in SMARTnet, as well as reach higher to access the proactive smart service features of Smart Net Total Care. In doing so, you can optimize the full lifecycle of all your Cisco equipment. This consolidation creates more flexibility and more value for you when it comes to selecting a single solution that supports all your company’s Cisco network devices. Learn more here:

In my last blog, I also shared with you five of the most popular user applications of Smart Net Total Care based on customer feedback.  Now, I’m sharing the final five applications to complete the ten smart ways to keep your network up and running smoothly and reliably – and to protect it from unnecessary risk.  As a reminder, I’ve included the first five. Skip to number 6 if you’re already familiar with them.

1. Simplify Contract Management

Many customers use the contract management features of SNTC to simplify how they manage their Cisco service contracts. It provides a consolidated view of all the Cisco devices in the network and their support contracts.  This visibility can help dramatically reduce the number of contracts and result in less administrative overhead, faster renewals and timely product refresh. If you’re not familiar with how to take advantage of this functionality, take a few minutes to check out this video. It demonstrates how you can plan for service coverage renewal and save hours and even days managing your contracts in the future.

2. Save Installed Base Management Time

Time is your most valuable resource … yet you never have enough. Freeing up time from routine network maintenance tasks helps you focus on more strategic IT assignments. SNTC lets you eliminate steps – and accelerate others – in your IB management process. Learn how you can get more out of your day with time saving tips found in this video.

3. Mitigate Network Risk

As we see in professional sports play-off games, a defensive gap can easily put the game at risk and buy the losing team a ticket home. Protecting your network isn’t that different. Proactively identifying real and potential risks is essential for a good network defense. SNTC lets you get in front of problems before they occur. This video reveals how you can review service levels and assess gaps in coverage.

4. Resolve  Network Problems Quickly

With one consolidated information dashboard, the SNTC portal provides extensive visibility into devices in your network with all the information you need to automatically speed up your problem resolution process. This includes both basic and in-depth information to open a TAC case, such as configuration status, serial number, contract number, service level, and unresolved alerts. Convenient access to this and other information helps accelerate resolving problems. Find out how you can speed your incident management workflow in this handy reference guide.

5. Achieve Cost Savings

Numerous companies are realizing cost savings in equally numerous ways using Smart Net Total Care. Some savings come from reduced manpower commitments. Others come from incident avoidance. Still others come from better managing network risks. Every company is different but every company can identify new ways to cut costs using SNTC.

6. Make the Invisible Visible

When managing your network, the devil is in the details. With thousands of devices to manage, things can get pretty hot.   Cool down by using collector software from Cisco or a third-party to automatically gather device information ranging from serial numbers, configuration files, and hardware or software versions.  Then, use the SNTC portal to create customized reports to see the vital device details you care most about, like equipment’s end of life status or support contract coverage.

7. Have it Your Way: Choose Only the Smart Service Level that Meets Your Specific Requirements.

Every network is different. Every IT organization knows what’s best for managing its specific needs. Cisco gives you a choice with Smart Net Total Care. Apply as many or as few of Smart Net Total Care capabilities as you need. As your network grows, take advantage of more smart capabilities as SNTC scales to meet your requirements.

8. Self-Service.  Soft Service. Or Advanced Service. Cisco is Here to Assist.

Some IT organizations prefer a DIY approach when using Smart Net Total Care. Others want a small boost in understanding how to get started or hands-on help throughout the process. No matter, Cisco can provide just the option you need as part of its Smart Net Total Care package of add-on services to accelerate time to value.

9. Hidden Network Vulnerabilities? We Have You Covered.

Devices uncovered by a support contract can be a disaster waiting to happen. Protect yourself. Run an analysis of your installed base using Smart Net Total Care reporting. Determine your uncovered devices. Then, choose to add the most critical uncovered devices to your service contract.

10. Prepare Today – for Tomorrow.

Find out how your peers are taking advantage of Smart Net Total Care by reading their success stories here. Consider how it can help manage your installed base of Cisco network devices more efficiently with less cost and risk.

I began this post with the catchphrase “Disrupt or be disrupted.” Network change is the order of the day. But change without preparation can lead to unplanned consequences. How are you preparing your network to support changes to come? What do you see as the future requirements to support your network? Do you see automation playing a bigger role in handling routine management of your installed base? How do you define proactive support to avoid problems before they occur?  I would love to hear from you.

Please feel free to comment, share and connect with us on Facebook, LinkedIn, @CiscoEnterprise, and the Enterprise Networks Community.

day one cl.jpg

Can't be there in person, but want to participate?  Catch the keynote iTalks livestreamed here: Announcements & Events


Join the conversation: Join our live #CiscoChat events at Cisco Live!

Two weeks ago, a leading global medical device manufacturer came to Cisco for advice. In an effort to streamline IT operations and reduce operating costs, the customer had recently migrated from their internal Microsoft Exchange 2010 environment to Office365, Microsoft’s hosted online service.

The migration was initially done for the headquarter users and the feedback was more positive than they expected. However, when they migrated their branch and remote office users, the WAN bandwidth usage almost immediately spiked and user experience suffered as a result.

This customer is certainly not the only company looking to embrace Cloud applications for greater agility, reduced costs and complexity, and increased productivity. Or has had to deal with BYOD issues and the increasing impact of video has on their bandwidth. However, what our customer and those other companies have found is that the current method of backhauling the traffic to the data center is no longer a viable way to handle the increased consumption when faced with a flat or even a declining IT budget. Therefore, many of today’s distributed enterprises are looking to use direct Internet access pathways in an effort to improve the user experience while reducing IT costs.

However, enabling direct Internet access (DIA) at branch offices also forfeits the inherent threat protection that traffic routed through the data center provides. The enterprise-level risks that branch offices face with BYOD issues, compliance requirements, and advanced persistent threats require enterprise-level security. According to Gartner’s “Bring Branch Office Network Security Up to the Enterprise Standard”, “By 2016,30% of advanced targeted threats — up from less than 5% today — will specifically target branch offices as an entry point.”

Cisco FirePOWER Threat Defense for ISR addresses these issues by extending their industry-leading FirePOWER threat protection beyond its traditional network edge and data center deployments out to individual Cisco ISR routers. By embedding FirePOWER Threat Defense into ISR routers, Cisco delivers on its ‘Security Everywhere’ strategy, providing organizations the continuous visibility and control needed to defeat advanced threats across their extended network. It also enables organizations that want to take advantage of the cost savings and improved user experience that branch Direct Internet Access (DIA) provides to do so with confidence.

hai bo blog

The consolidated footprint of branch router and security technology also frees up valuable revenue generating square footage. And with the FireSIGHT Management Center, you get powerful centralized management over all of your FirePOWER Threat Defense for ISR instances while providing clear divide of roles and responsibilities at lower total cost of ownership.

To learn more about how Cisco FirePOWER Threat Defense for ISR can enable your organization to take advantage of the cost savings and improved user experience that Cisco Intelligent WAN (IWAN) branch Direct Internet Access (DIA) provides with confidence, please visit Cisco FirePOWER Threat Defense for ISR.

Please feel free to comment, share and connect with us on Facebook, LinkedIn, and  @CiscoEnterprise.

The Digital Economy and the Internet of Everything means everything is now connected. Digitization is fundamentally transforming how we conduct business. It creates new opportunities to develop services and engage with employees, partners, and customers. It’s important to understand that digitization is also an opportunity for the hacking community, presenting new services, information, data, devices, and network traffic as attack targets. To take full advantage of the digitization opportunity, security must be everywhere, embedded into and across the extended network – from the data center to the mobile endpoints and onto the factory floor.

Today, Cisco is announcing enhanced and embedded security solutions across the extended network and into the intelligent network infrastructure. These solutions extend security capabilities to more control points than ever before with Cisco FirePOWER, Cisco Cloud Web Security or Cisco Advanced Malware Protection. This is highlighted in Scott Harrell’s blog. We are also transforming the Cisco network into two roles: as a sensor and as an enforcer of security.

The role of the Network as a Sensor The network provides broad and deep visibility into network traffic flow patterns and rich threat intelligence information that allows more rapid identification of security threats. Cisco IOS NetFlow is at the heart of the network as a sensor, capturing comprehensive network flow data. You can think of NetFlow as analogous to the detail you get in your monthly cellular phone bill. It tells you who talked to whom, for every device and user, for how long, and what amount of data was transferred – it’s metadata for your network traffic.

Visibility to network traffic through NetFlow is critical for security, as it serves as a valuable tool to identify anomalous traffic on your network. Watching NetFlow, we gain an understanding of the baseline traffic on the network, and can alert on traffic that is out of the ordinary.  The network is generating NetFlow data from across the enterprise network all the way down to the virtual machines in the data center.  This gives us visibility across the entire network, from the furthest branch office down to the east-west traffic in the data center.

Cisco Identity Services Engine (ISE) provides rich context to these network flows, identifying the Who, What, Where, When and How behind network traffic. Integrating NetFlow and ISE takes us from IP address based knowledge to understanding the user and device network traffic, so that we now know who is generating suspicious activity against network resources and who is being targeted for attack. This integration allows network and security administrators to more rapidly respond to threats in the network.

Lancope’s StealthWatch® System leverages the network as a sensor to deliver context-aware threat alerts. Now Lancope is integrated with NetFlow and ISE to monitor the network and detect suspicious network activity generated by users and devices on the network.  Before the integration with ISE, Lancope alerts for malicious behavior included the IP addresses of the traffic, requiring the administrator to take the extra step to determine who or what was behind the activity. With ISE integration, administrators now also get context behind the IP address, including the user, device, and location.

The role of the Network as an Enforcer : Cisco uses the network to dynamically enforce security policy with software-defined segmentation designed to reduce the overall attack surface, contain attacks by preventing the lateral movement of threats across the network, and minimize the time needed to isolate threats when detected.

You can use Cisco TrustSec with Cisco ISE to divide the network into multiple logical segments.  Instead of complicated VLAN, access control lists (ACLs), and firewall-rule engineering and administration, TrustSec uses plain-language policies so that highly secure access is consistently maintained regardless of network topology or mobility of the user or device. Cisco TrustSec is a technology embedded in Cisco switches,routers, wireless LAN controllers, and security devices. TrustSec interprets the ISE policy, and classifies traffic flows based on identity information to enforce software-defined segmentation rules across the entire network. TrustSec grants the right levels of access to the right users and devices, while preventing the lateral movement of network threats.

We are also integrating TrustSec identity-based software-defined segmentation with Cisco ACI application-based network provisioning in the data center. Available in 2016, this integration will further enable consistent segmentation policy from the enterprise network to the data center. This provides secure segmentation, access policy enforcement, and threat containment for physical and virtual infrastructure from the edge of the enterprise network to the data center.

My Advice? Keep using threat centric security, firewalls and advanced malware protection. But also, turn on the network’s embedded capabilities for security:

  • Turn on NetFlow for visibility into the network flows on your network
  • Leverage ISE for additional context to these flows
  • Deploy Lancope’s StealthWatch to provide monitoring and alerting
  • Enable TrustSec to enforce role based security policy with the network

Leverage the network as a sensor to identify malicious traffic faster with more context. Leverage the network as an enforcer to enforce access policy and contain threats.

Please feel free to comment, share and connect with us on Facebook, LinkedIn, and @CiscoEnterprise.

We launched Cisco ONE Software to give our customers a more valuable and flexible way to purchase and consume Cisco infrastructure software.

Since the launch, more than 300 customers have switched to this more valuable and flexible model. If you’re not one of these customers – and you are still asking, “What is Cisco ONE Software?” or “What does it mean for me?” – don’t worry. On Tuesday, May 19 we’ll be holding a web event to get you up to speed. We’ll explain what Cisco ONE Software is and how you can use it to deploy solutions for the Local Access, WAN and Data Center domains.

You can register for the event here. Or, if you’d like to be entertained first, here’s a video you can watch – click on it to access the event registration page.

Be sure to also check out this informative white paper that has just been released by analyst firm IDC. We asked IDC to evaluate our overall software strategy, and Cisco ONE Software in particular.

Finally, for those heading to Cisco Live! San Diego in June we have two important sessions you won’t want to miss!

  • A solution session where you can hear, directly from customers, how Cisco ONE Software is helping them achieve their business objectives.
  • A deep-dive session designed exclusively to help our partners fully understand Cisco ONE Software.

Grow and Win Across the Customer Lifecycle with Cisco Software (SPFGEN-1000)
Exclusively for Partners
Date: Monday, June 8, 2015
Time: 9:00 AM – 11:30 AM PDT
Location: Omni Hotel, Fourth Floor, Ballroom A/B

A Deep Dive into the New Cisco ONE Software Strategy (PSOCRS-2007)
Open to Customers & Partners
Date: Thursday, June 11, 2015
Time: 8:30 AM – 9:30 AM PDT
Location: San Diego Convention Center, 23C Upper Level

We look forward to seeing you in sunny San Diego!  In the meantime, visit our web page at www.cisco.com/go/one to get the latest information on Cisco ONE Software. Leave a comment if you have any questions, want to learn more, or have feedback.

As Cisco’s products and services evolve to new models, we find ourselves coming in contact with our customer’s data more regularly. We approach this role as stewards of this data with our customers interest foremost in our mind. One area of widespread interest as it relates to this data is how we interact with Global Law Enforcement regarding this data.   To that end, today Cisco is launching its first global Transparency Report on Law Enforcement Requests for Customer Data. In this report, Cisco details our principles regarding how we will treat law enforcement requests for customer data if, and when we receive such requests. We also provide specifics regarding how many requests we have received from global law enforcement agencies for our customer’s data.


Cisco is committed to publishing data regarding requests or demands for customer data that we receive from law enforcement and national security agencies around the world. We will publish this data twice yearly (covering a reporting period of either January-June or July-December). Like other technology companies, we will publish this data six months after the end of a given reporting period in compliance with restrictions on the timing of such reports.  Please see Cisco’s principles for handling government requests for customer data as well as the reporting data in the Cisco Transparency Report.

south island school 2.jpg

South Island School in Hong Kong is made up of students from around the world, with 1,400 students from over 35 countries. One value that sets the school apart is its commitment to using technology in the classroom. For instance, every student has a laptop that they use to access e-books, watch educational videos, and complete homework assignments. Some exams are even taken digitally.

With wireless devices used daily by every student and faculty member, a stable network connection is almost as important as pencil and paper in classrooms. South Island School’s existing Cisco network had reached end of life, and the school needed to refresh the infrastructure with a network that could meet bandwidth needs for years to come.

“We looked at other vendors, but we were extremely impressed with how the existing Cisco equipment performed over the years,” says Victor Alamo, ICT manager at South Island Schools. “By upgrading to the latest Cisco access points and switches, we’d have an infrastructure that would keep up with our needs.”

We were looking for infrastructure that would last us a long time. By fitting Cisco’s access points with 802.11ac radio modules, we’re supporting the latest wireless standard for top performance.

If we need greater bandwidth in the future, Cisco’s modular Access Point design enables us to upgrade without investing in completely new access points.

Cisco Prime Infrastructure pulls together management of wired and wireless networks in a single, unified solution. This gives our ICT team greater control so we can adjust bandwidth as needed, such as assigning specific rooms higher priority during exams.

The visibility into the networks gives us more information than ever. We can identify classes that have greater bandwidth needs, monitor connections for hotspots, and even track down misplaced laptops.

Through services like FileWave and Casper, South Island School is using the increased bandwidth and stable connections to provide remote technical support.

“Better network performance means that we can expand our services to the school,” says Alamo.

Network products used in the network.


Routing and Switching

Network Management

"IoT, The Oppressed Project

We are now in the era of IoT “Internet of Things”. It’s a concept that not only has the potential to impact how we live but also how we work. And as things become more connected, people become more concerned about their security and privacy. I have gone through a lot of technical conversation about IoT and realized how paranoid people are about their connected devices and appliances.

Why paranoid?

The future Internet will be an IPv6 network interconnecting traditional computers and a large number of smart objects or networks such as Wireless Sensor Networks (WSNs). By 2020 there will be over 26 Billion connected devices and some estimate this number to be more than 100 Billion connected devices. This includes mobile phones, Smart TVs, washing machines, wearable devices, Microwave, Fridges, headphones, door locks, garage door openers, scales, home alarms, hubs for multiple devices, remote power outlets and almost anything else you can think of like your car and airplane jet engines.

Ways of securing the traditional Internet networks have been established and tested. The IoT is a hybrid network of the Internet and resource-constrained networks, and it is, therefore, reasonable to explore the options of using security mechanisms standardized for the Internet in the IoT.

What will we do about managing the usernames and passwords of every single connected device? What about our privacy? What if some hacker was able to control our video cameras? More and more questions are being asked and more security concerns are being escalated. Do we really have to be paranoid about IoT?"

Read More>>

Blog Written by:

Timothy Chou | February 17, 2015 at 9:10 am PST



While cloud computing is based on a number of technology innovations, I’m going to write for the non-technical person who I think needs to understand this major shift.  In the end, cloud computing will affect every business, every industry.  I’ll start this blog by sharing a story.

A few years ago, I was in a meeting with six CIOs of one of the largest healthcare providers. I asked each a question as they introduced themselves: “What are you working on?”

The first CIO, Bill, replied, “I’m working on a strategy to move to cloud.”

Next, I asked Mary, “What do you do?” Mary also said she was working on a strategy to move the cloud.

We got through every one of them and every one of them had the same answer.

I asked, “So what does that mean, working on a strategy to move to the cloud?”

They collectively said, “We’re really not sure, but we’re working on it.”

I wasn’t actually there to talk to them about cloud computing, but I said, “Give me 10 to 15 minutes to help you think about what it might mean to move to the cloud.”

I’d like to share an abbreviated view of this discussion in this blog, beginning with reviewing my cloud-computing framework.

Cloud Computing Framework

Cisco in the cloud

We’re all using consumer application cloud services, such as Twitter, Facebook, and eBay.  Nobody buys or uses consumer applications in any other way. What some of you don’t know is there are now many business application cloud services, including CRM, marketing, HR, financial and supply chain applications. All these applications use the original cloud – the network cloud.  Once upon a time corporations built their own networks. Nobody does that today. Everyone buys a network cloud service from any number of vendors.

The guys from the network business realized that since they put their switches and routers in cold rooms located in buildings that weren’t on fault lines and had big guard dogs out front, why not let people add compute and storage into these data centers by offering data center cloud services?

Then, several years ago, Amazon led the industry by providing compute and storage cloud services.  While it requires technology to implement, their innovation was an entirely new business model.  Finally, if you are going to build new applications you’d be wise to consider a new generation of software development cloud services.

And in the end, whether new cloud based business applications or existing ones, you’ll want to use operations management cloud services to manage the security, availability, performance and change of the applications to reduce cost and improve reliability.

7 Ways to Move to the Cloud

move to the cloud

Given this cloud computing framework, let me now describe seven ways a company can move to the cloud.

  • Move to a new network cloud service, which has lower cost and higher bandwidth.
  • Move to a new data center cloud service and move into a room that has colder air and bigger guard dogs.
  • Move your application to a new compute and storage cloud service and let someone else manage the security, availability, and performance of the compute and storage.
  • Move to a new software development cloud service and build the application you’re thinking of moving.  This might sound unreasonable but with new tools this is more possible than ever.
  • Use a new operations management cloud service to manage the existing applications, meaning to manage the security, performance, and availability of that application.
  • Have the vendor manage the application they sold you. In other words, the ISV that first sold you its on-premises application could now deliver that application as a service delivered and managed by the ISV.
  • Finally, replace that application with a new generation of what I’ll call a ‘born in the cloud’ application cloud service.

So for my six CIOs I recommended they take their entire portfolio of applications and decide which of the seven they would implement.  Merge the answers into one plan so you can move from a strategic intent to a tactical plan.

And For More Information

For more information, and many more examples of how businesses moved to the cloud, check out my book on Cloud Computing: Operation Efficiency, where Moving to the Cloud is discussed in more detail in a TED-sized chapter in this book.

The Enterprise Monthly Feature Preview is a monthly webinar hosted by the Enterprise Market Strategy Group.  This webinar series is limited to Cisco and Partner account teams.  Full details for this monthly event are below, including registration links and information on the February 6th, 2015 session:  Prime Infrastructure DataCenter.


The goal of the Enterprise Monthly Feature Preview is to have different SMEs (Subject Matter Experts) join us each month to provide a deep-dive into new features and technologies within the Enterprise Management space for Cisco and Partner account teams.


This monthly event will be presented over WebEx and include a slide presentation, as well as a live demo.  We host one session each month at 8am PST.  The session is recorded and posted online for access to those who are not able to attend live.  Our next Enterprise Monthly Feature Preview is on Friday, February 6, 2015 and will cover:


Prime Infrastructure DataCenter

In this session you will learn about the new Prime Infrastructure DataCenter. We will have Sowmya Sattanathan (Product Manager) presenting an overview and demo of the new DataCenter offering for Prime Infrastructure. We will be covering key features/differentiators and details which will enable you to share the same with your customers.


Presenter:         Sowmya Sattanathan – Prime Infrastructure Product Manager



Registration for the February 6th Enterprise Monthly Feature Preview is available online:


Date:    Friday, February 6, 2015

Time:    8am PST // 5pm CEST

Link:     https://cisco.webex.com/cisco/onstage/g.php?MTID=eb44205fc678f751dc00f5aeacb969fd3



Questions related to the Enterprise Monthly Feature Preview can be directed to prime-demo-series@cisco.com or Chris McGuyer.



Chris McGuyer

Business Development Manager

Enterprise Market Strategy Group


Filter Blog

By date:
By tag: