Friday, 31 May 2019

Data Evangelism: Oxymoron, Fluff, or Business Driver?

At first pass, data evangelism may sound more like an oxymoron than a corporate function. Most of us (and our dictionaries) associate evangelism with faith, while data & analytics is core to the scientific method. Evangelism is predominantly qualitative while data & analytics is the definition of quantitative.

In practice, data evangelism has become synonymous with spreading the good word of data.  Need to inspire your team to balance their gut-based approach to problem solving with data-driven insights? Call in a Data Evangelist.

However, if we delve beneath the surface, data + evangelism reveals a richer value proposition. Evangelism teaches us to practice what we preach. Lead by example. Be the change we want to see in the world. Data & analytics teaches us to measure what matters. Hypothesize, test, minimize our biases, refine, and always let our data be our guide.

-----------------------------------------------------------------------------------------------------------------------
If we marry the tenets of data + evangelism, the result is:  Practicing the data & analytical methods we preach. Leading others to leverage data as an asset via a data-driven approach. Challenge ourselves as data evangelists to be at the forefront of data-driven models and insights, especially in the most qualitative domains.
----------------------------------------------------------------------------------------------------------------------

Data Evangelism Needs a Model


In data science, once you understand the data and its significance to the business, the next step is to create, stress test and refine a model which presents a simplified version of the business problem or opportunity you’re seeking to address. This model is a first attempt to explain the workforce’s relationship to data and provide actionable insights into creating (or maintaining) a data-driven enterprise.

Cisco Certifications, Cisco Guides, Cisco Learning, Cisco Tutorials and Materials

The Axes:


◈ Data IQ — The level to which a person is capable of leveraging data & analytics relative on his or her role and goal. For example, a food coordinator who is data literate and comfortable using a simple forecasting model will have a high Data IQ. If, however, s/he wants to lead an engineering team responsible for a machine learning-based technology, a Master’s or PhD in AI will be the new standard for a high Data IQ.

◈ Data Enablement — The level to which a person is enabled (or unable) to leverage data & analytics relative to his or her role and goal. For example, a people manager in HR may be fully Data Enabled via: data literacy, foundational data science for leaders, a dashboard which provides him/her the relevant people analytics and insights about their team, access to data & analytical talent on a project-by-project basis, and a steady stream of curated content including training, best practice sharing, and success stories. However, someone managing a data science team would need all of that and much more, including tools and platforms which allow for reusable asset (i.e. models and code) sharing, to be Data Enabled.

The Quadrants:


◈ Enthusiasts — Low Data IQ; Data Enabled: Well connected to their data & analytics community, fluent in its success stories but unsure how to begin leveraging data. Example: A marketing new hire with a degree in literature who marvels at chatbots.

◈ Data Illiterate — Low Data IQ; Data Unable: Lack of understanding regarding the value of leveraging data & analytics as well as how to do so. Example: An experienced technical writer who leans into his/her qualitative strengths.

◈ Siloed High Performers — High Data IQ; Data Unable: Limited by their isolation. Typically start from scratch instead of having a library of assets at their fingertips and peers with whom to collaborate. Example: a data scientist working on a non-data science team without access to mentorship, peers, enterprise tools, platforms and data products/services.

◈ Data-Driven — High Data IQ; Data Enabled: Individuals have the platforms, infrastructure, tools, services, and knowledge to leverage data & analytics in their role. Connections into the larger community provide them with a constant stream of ideas, best practices, and opportunities to collaborate as well as share their work. This is the target state.

-----------------------------------------------------------------------------------------------------------------------
Data-driven workforces, whose employees have High Data IQs and are Data Enabled, power the most digitally disruptive companies in the world.

Should we start looking to data evangelism as a business driver?
-----------------------------------------------------------------------------------------------------------------------

Data-Driven by an Evangelism Engine


Cisco Certifications, Cisco Guides, Cisco Learning, Cisco Tutorials and Materials
How does this play out? Let’s say a Customer Success Executive leverages data that is 22% more accurate than previously possible to enable 96% adoption of the collaboration tools his/her customer purchased. The customer wins by realizing a high ROI; Because the customer wins, the Customer Success Executive wins. Evangelism’s “win” is in enabling the person or team behind the 22% increase in data accuracy and the Customer Success Executive to leverage said data to achieve (and know s/he achieved) 96% adoption.

Our Approach

Our efforts to influence Data IQs take the form of a multi-pronged (and evolving) strategy of recruiting, learning & development, and continuous education.

We approach Data Enablement more broadly. Success in this domain doesn’t just take a village, but rather the support of the entire Data & Analytics business unit in addition to strong cross-functional partnerships. Data Enablement encompasses building, buying, supporting and/or co-creating the data products and services needed to enable each role- as well as those products’ and services’ adoption.

While far from an exhaustive list, Data Enablement includes global virtual and live events, Kaggle-style data science competitions, collaboration platforms for technical and non-technical best (and worst) practice sharing, an enterprise data science platform with reusable asset libraries, and democratized trustworthy datasets… and as data & analytics (and data evangelism) matures, who knows?

Thursday, 30 May 2019

Cisco Demonstrates 20W+ Power Dissipation of QSFP-DD at OFC 2019

At OFC 2019 in San Diego, CA, Cisco demonstrated the thermal management capability of the QSFP-DD pluggable module form factor for 400G applications. The demonstration showed that QSFP-DD can dissipate the heat generated by a transceiver that draws more than 20 watts of power. This will be required for extended reach applications that use advanced optical modulation schemes such as coherent transmission. Host platforms with QSFP-DD ports can therefore support pluggable coherent modules needed for DCI (Data Center Interconnect) and WDM (Wavelength Division Multiplexed) networks.

This is a key point because data centers are often deployed in regions where they may be several tens of kilometers apart. To link them together, data center operators would typically use transponders, which connect to a switch or router and transport the data streams to another data center over relatively long distances with a coherent optical link. However, if coherent modules such as 400G-ZR and 400G-ZR+ modules could be plugged directly in to a switch or router, it would eliminate the need for the additional connection and space for a transponder.

With advances in optical integration and CMOS DSP technology, Cisco expects pluggable coherent modules that support the OIF 400G-ZR specification to begin entering the market in the next 12 to 18 months. These new transceivers may draw 15-20W. By demonstrating 20W capability, we show that Cisco 400G QSFP-DD based platforms will be coherent-ready when those modules are available.

Cisco Certifications, Cisco Guides, Cisco Learning, Cisco Tutorials and Materials
Figure 1: QSFP-DD >20W Demo at OFC 2019 with Nexus 3432D-S Ethernet Switch and Thermal Modules

The demo included the recently announced Cisco Nexus 3432D-S ethernet switch. This Nexus 3k switch is a 1RU fixed-port switch with 32 QSFP-DD ports providing data centers with industry-leading performance-per-watt power efficiency at low latency, offering leading analytics.

This switch provides an extreme case environment from a power dissipation perspective, which makes it ideal for demonstration purposes. It was loaded with 8 thermal modules dissipating a total of 174W clustered together in adjacent ports.

The thermal modules were provided by MultiLane and were specifically designed for this demo. These are not functional transceivers, but rather QSFP-DD mechanical housings with heat sources inside. Each module has a series of heaters distribute across its top and bottom, positioned to emulate the thermal profile of real modules with the temperature measurement point over the hot spot of the module, as typically specified.

Cisco Certifications, Cisco Guides, Cisco Learning, Cisco Tutorials and Materials
Figure 2: QSFP-DD Module with External Heatsink inserted in to Cage

To accommodate more than 20W, the modules were modified with an additional heatsink on the portion of the module that extends beyond the front panel. This additional material resides within the current envelope of the Type 2 MSA module dimensions of QSFP-DD (see Figure 2).

The chart below shows a plot of the eight modules in the demo and how the hottest module might be expected to perform over the operating temperature range of the Nexus 3432 switch. The demonstration showed that the 8 modules in adjacent ports were dissipating more than 21W each.

Cisco Certifications, Cisco Guides, Cisco Learning, Cisco Tutorials and Materials

At the show floor booth’s ambient temperature of 21C, the case temperatures of the modules ranged from 33C to 44C. This is shown by the colored dots at the 21C vertical axis, and corresponds to a rise in case temperature ranging from 12C to 23C  and averaging 18.6C. This means that if the switch were operating in its maximum operating temperature environment of 40C, the case temperature of the hottest module would rise to 63C (rightmost end of the green line). That provides plenty of margin for the typical commercial maximum case temperature of 70C.

In summary, this demonstration shows that the QSFP-DD form factor is easily capable of managing high power dissipation required for coherent transmission in platforms that will be shipping later this year. From copper to coherent, along with backward compatibility with prior generation of QSFP modules, QSFP-DD provides customers maximum flexibility to address the migration to the next step in networking.

Tuesday, 28 May 2019

Demystifying Artificial Intelligence’s Role in Contact Centers

AI is shaping the future of customer experiences and the contact center.

Artificial Intelligence, Cisco Study Materials, Cisco Guides, Cisco Learning, Cisco Certifications

Artificial Intelligence (AI) is creating a lot of excitement and there are good reasons for this. According to Forbes, 50% of IT professionals believe artificial intelligence and machine learning are playing a role in cloud computing adoption, growing to 67% by 2020. This week I will be speaking at UC Expo about the role that artificial intelligence is playing in advancing contact center productivity and efficiency, and in particular how this is benefiting the agent and customer experience.

With all the news around AI, it’s easy to get lost in the hype versus reality. I’d like to demystify some of this and share my view of the five most common myths I’m hearing about as I travel the world talking to colleagues, partners, and customers.

Five myths:

◈ AI is new
◈ AI = chatbots
◈ AI can replace all your people
◈ AI is all about automation
◈ AI will reduce call volume

1. AI is new


The concept of Artificial Intelligence (AI) has actually been around for a long time. In 1950, the English mathematician and computer scientist, Alan Turing documented his ideas for testing a thinking machine. Turing’s test theory suggested that if a machine was able to communicate in full conversation via a teleprinter without any detectable differences from a human, the machine could be deemed “thinking.”

Contact centers have been using AI in some form or another for decades. We just didn’t call it AI. Even with basic automatic call distribution (ACD) technology it was possible to filter and route calls to the right agent at the right time using an algorithm to determine the best agent. AI at its core is a series of fast predictions, and contact centers have been using predictive algorithms since the early 1990s. AI continues to show up in new places and make a major impact in revolutionizing contact centers and customer service.

2. AI = chat bots


Chat bots have become mainstream in contact centers and are just one of the ways in which AI is used to optimize agent workload and enhance customer self-service. Bots are being used for everything from qualifying customer requests, to booking hotels, and providing shopping assistance. Bots helps answer questions and direct your customers to the appropriate person with the best skills and experience. Our Customer Virtual Assistant provides a highly effective way of offloading simple, mundane, and repetitive requests from your agents, allowing them to spend higher quality time helping customers on more complex requests. This results in providing faster self-service to customers, while improving agent optimization, productivity and costs. While chat bots utilize AI, there are many other forms that AI takes in contact center operations beyond chat bots – including routing schemes, forecasting, deeply inspecting customer interactions – and more. Cisco’s Customer Journey Analyzer, for example is a cloud based solution that allows companies to gather data from multiple sources to draw correlations between operational and business data to improve customer experience.

3. AI can replace all your people


This is probably the most misunderstood belief about AI and one that grabs the attention of senior executives when they’re looking for ways to cut costs. AI promises benefits far beyond just cost savings, and has the potential to help and improve how your employees work, rather than replace them. AI will certainly change workloads, staffing and processes that may lead to reduced staffing, but a primary advantage is that it augments agents to make them more scalable and efficient. Take the example of a chat bot. When the bot detects that the interaction needs to be escalated to a human agent, it brings along with it the history of the conversation to enable a seamless transition from self-service chat to assisted chat. The agent can then very quickly and effortlessly take over the interaction with everything they need displayed right in front of them. In this regards, AI is an enabler for better live agent assistance, not a replacement of it.

4. AI is all about automation


Business process automation is a key benefit of AI in the contact center because it increases agent efficiencies and workflows, however it is better to think of it in terms of agent augmentation as much as automation. Many people still want to engage with a human, so as you take advantage of automation in your contact center, make sure your customers can still reach a person when one is needed. According to a study by PwC, only 3% of U.S. consumers want their experiences to be completely automated. In addition, automation of customer processes inevitably leads to exceptions that cannot be addressed by AI, and need human assistance. These exceptions are often make-or-break moments in a customer relationship.

The automated process should learn from the data that you have spread across a multitude of systems, and from human interactions so that those experiences are improved resulting in better service to your customers. Understanding and analyzing that data can tell you so much about how your customers are experiencing your brand, so that actions can be taken to make their journey better. A great example of this is our new Cisco Answers intelligent agent which is powered by Google Contact Center AI. Cisco Answers listens to customers conversations in real-time, and proactively presents intelligent suggestions, documents, and other key forms of enterprise knowledge to the agent desktop, while the agent is interacting with a customer. This empowers agents with the needed context and information they need to deliver faster, more personalized and proactive care.

5. AI will reduce call volume


This is another misconception – AI may reduce call volumes via automation – but it’s likely that the calls that do make it to live agent assistance (the exceptions) will be longer and more complex in nature. This could mean that the same amount of staff are handling less, but longer calls. AI enables more accurate decisions and routing so that many customer interactions can be handled without a human agent. It has the ability to classify information and make predictions faster and at higher volumes than humans can accomplish on their own. As an example, in an omni-channel contact center, customers can be routed much more quickly and efficiently to the right resource that can add the most value to the experience based on the channel (e.g. email, phone, chat) the customer is using. According to PwC, 46% of all consumers will abandon a brand if the employees are not knowledgeable. This will require contact centers to redefine how they do agent staffing and how they measure call volume and call success.

So where do we go from here?


While AI for contact centers isn’t necessarily “new”, advancements in algorithms and the ability to apply them in real-time to massive amounts of data being created from contact center operations is. This combination opens up exciting new possibilities for companies to break free of constraints to address issues that have been challenging contact centers for decades. These include contextual routing real-time work to agent attributes, more precisely forecasting agent schedules, and higher degrees of customer personalization. As more and more data accumulates, processor speeds increase unabated, and algorithms march forward, AI will have a larger and larger role in making contact centers more efficient and effective.

Sunday, 26 May 2019

Cybersecurity Roles and Responsibilities: Private Sector Perspective

I had the pleasure of briefing members of the U.S. Senate’s Homeland Security and Government Affairs Committee to provide Cisco’s perspective on the roles for the private sector and government in protecting the nation’s digital infrastructure. I focused my remarks on a much-publicized recent cybersecurity attack since it’s a great example of how the public and private sectors can and should work together.

Cybersecurity, Security, Cisco Study Materials, Cisco Learning, Cisco Tutorials and Materials

The important lessons we can draw from this recent attack are that:

1. Government and industry  both have distinct, but important, roles to play in preparing for and responding to cyber-attacks;

2. Effective communication between our roles is essential; and

3. We all need to maintain vigilance because the attackers never sleep and their sophistication is only limited by software and imagination.

Last month, Cisco’s Talos threat intelligence team made headlines globally publishing a report on a state-sponsored attack dubbed “Sea Turtle.” This attack, which was impossible to detect, enabled the theft of login credentials and other sensitive data. It was so successful, like many other attacks, because we continue to rely on passwords, which users frequently reuse.

The response to the Sea Turtle attack demonstrated the power of the public-private partnership so central to cybersecurity in our country. First, it was a positive development that the private sector was able to quickly detect both attacks and raise awareness. Second, the US government set a positive example by issuing a Binding Operational Directive to federal agencies, and providing concrete, usable advice to the general public about the importance of MFA.

Today, MFA can frustrate attempts by hackers to reuse stolen passwords. Longer term, we need to pivot away from a reliance on these passwords and build a more “zero trust” environment that will continuously authenticate users and devices. Fortunately, MFA is again part of this longer-term approach.

This attack and many others exploits trust in ways that we should all view as highly troubling, but can be prevented through wider use of technologies, such as multifactor authentication. I’m a student of history and I know how powerful the public/private partnerships can be to drive innovation. It’s how the Internet was created and it’s certainly how it can be protected. Effective communication between the private and public sector can also drive actionable information to the public in time for harms to be mitigated while we develop longer term solutions, together, to the problem of ongoing cyber threats.

Saturday, 25 May 2019

Five Game-Changers for Mid-Market Businesses That Boldly Move to Cloud Calling

ISG report claims that moving to cloud operations saves companies an average of 38%1

As a mid-market business leader, one of the most important decisions you make is your approach to digital transformation. A critical part of any digital transformation strategy is the use of cloud technology; particularly cloud communications and collaboration. New cloud delivery of advanced, cognitive collaboration technologies offers the freedom to provide a first-class service experience to customers anywhere on the planet, with rapid, low risk deployment, low up-front costs, and a tightly integrated cloud application workflow model. This can mean the difference between being the agent of change in your industry and watching the market pass you by.

The State of the Cloud Calling Market


Globally, the mid-market cloud PBX segment is just starting to pick up momentum, with analysts projecting a 24% global segment CAGR of 24% through 2022, to build on a low current market penetration level estimated at 12%. See Figure 1.

Figure 1 – Cloud Calling Market Penetration and Growth Rates by Segment

Cisco Study Materials, Cisco Certifications, Cisco Tutorials and Materials

New cloud options, like Cisco Webex Calling, are adding the scalability, reliability and security, along with a more sophisticated collaboration feature set that mid-market business requires. The cloud is better able to economically address the multi-site, contact center and mobile connectivity shortcomings of the on-premises options available to mid-market organizations. Equally important is the ability to support a cloud migration strategy that offers seamless operation throughout the time a business requires use of a mixed cloud/on-premises model. Because most mid-market businesses are not ready to go all-in on the cloud in one step, support for a common dial plan, administration and directory model through this transition period is an essential check point to starting a successful cloud migration.

The Performance Gap Between Leaders and Laggards


The urgency for business to take action now comes down to the performance gap between digital transformation leaders and laggards. Digital transformation can dramatically lower costs, enhance agility and enables mid-market organizations to implement technologies and tools that were once only available to large enterprises. Well executed, these strategies are game changers for the mid-market organization. A Harvard Business School study2 published by Professors Marco Iansiti and Karim Lakhani demonstrated the gap between the top 25% “Digital Leaders” and the bottom 25% “Digital Laggards.” Figure 2 shows a gross margin difference of 18% between the leaders and laggards, and concludes, “Digital Transformation has become the new normal.”

Figure 2 – The digital divide between digital leaders and laggards

Cisco Study Materials, Cisco Certifications, Cisco Tutorials and Materials

Five reasons to implement digital collaboration transformation strategies (Figure 3)


1. Gain large enterprise capabilities without the cost and complexity– Historically, mid-market organizations have been at a disadvantage to larger organizations, due to the high capital cost of implementing sophisticated, complex and expensive IT applications, technologies and infrastructures. Cloud calling, collaboration and contact centers change all these by making advanced tools affordable to the mid-market for the first time.

2. Enhance business agility and reduce operational cost and complexity– Cloud calling, and collaboration allows organizations to seamlessly scale users and sites up or down quickly and predictably, with one global solution that can be centrally managed. Precious capital investments are preserved for more strategic business initiatives while operating budgets become more transparent and predictable, without the headaches of managing surprise PBX upgrades and maintenance. And both management and workforce productivity are vastly improved through the use of always-current and accessible cloud collaboration services.

3. Increase workforce mobility, productivity and satisfaction – A key issue for today’s multi-site enterprise and mobile workforce is the complexity and expense in deploying, managing, keeping up-to-date and networking multiple on-premises systems that typically range from new to decades old. Millennial and Gen Z employees expect advanced collaboration tools in the workplace – the same tools that they use in their private lives – and these have a dramatic impact in both recruitment and retention. They expect a seamless, global and feature rich collaboration experience across any device, network or channel –calling, messaging, team collaboration, video, etc.

4. Strengthen customer journeys and relationships– Most mid-market enterprises must deliver an omni-channel – voice, chat, video, IVR, natural language, bot – customer support experience in their contact centers, inbound/outbound sales and service operations. For many businesses, these solutions are mission critical to their customer relationships and business success. Prior to the cloud, sophisticated contact center solutions that went beyond basic routing and reporting were very expensive and difficult to manage and keep current. The cloud makes the most advanced contact center technologies accessible for businesses of all sizes without the capital investment and operational complexity.

5. Improve business performance and competitiveness– As the Harvard Business School study demonstrates, organization’s financial performance and business outcomes are vastly improved through strategic digital transformation. Successful transformation projects focus on cost reductions, process improvements, adding organizational agility to respond rapidly to changing environments, and one-to-one, team and customer collaboration.

Up until now, the mid-market segment has been slower to implement cloud collaboration transformation strategies, due to the complexity of their transformation journeys and the lack of maturity in cloud solutions. That limit no longer exists. Webex Calling now allows mid-market customers to replace their PBXs and deploy cloud calling and collaboration with confidence, with a proven enterprise platform that is already serving 29 million business users worldwide. Are you ready to take the next step?

Talk to Cisco.

Figure 3 – Five reasons mid-market organizations must implement cognitive collaboration transformations

Cisco Study Materials, Cisco Certifications, Cisco Tutorials and Materials

Thursday, 23 May 2019

What Your Collaboration Strategy Is Missing

Cisco Certifications, Cisco Study Materials, Cisco Guides, Cisco Tutorials and Materials

Why your new collaboration technology isn’t catching on as you expected


When organizations want to update their collaboration technologies, IT departments spend weeks, sometimes months, focusing on the right products that will help their company meet their goals. They rigorously check requirements, ensure all the right specs are in place, and carefully configure the new technology before making it available to end users. Everything goes as planned. Yet three months in, management is wondering why no one is using the new technology. Sound familiar?

Most new collaboration investments fail to reach their full potential not because of the technology itself but rather because of how it’s introduced to its end users. People often don’t like change, even if it’s for their own benefit. So, when a new technology is introduced, people tend to stick with what they know and what they are comfortable with. They also might not want to learn new things and can be hard to convince. Or they might not feel compelled to use the new technology if they don’t see their colleagues using it as well.

All these reactions are normal. But the good news is, there are several things you can do to help your teams in the process:

◈ First, make sure to involve executives early in using the new technology. Set up some time with them to have them interact with the technology. And lastly, walk them through some best practices so they feel more comfortable using and promoting it.

◈ Second, focus on raising awareness throughout the organization via marketing and communication. Good ideas include:

     ◈ Posters in hallways (clearly visible to support organizational change)
     ◈ Internal forums to help answer questions
     ◈ How-to videos that help users get acquainted or that helps solve basic issues
     ◈ Quick reference guides and recorded trainings that help answer “What’s in it for me?
     ◈ Language specific material so people can learn best in their native language

◈ Finally, set up some hands-on training options before the rollout and some support desks afterwards to ensure users that they can have any questions they have answered.

Cisco Certifications, Cisco Study Materials, Cisco Guides, Cisco Tutorials and Materials
Infographics and engaging posters that match your company’s colors and brand guidelines, such as the images above, are two good ways raise awareness throughout your organization.

Learning to how facilitate a change management approach for your organization is no easy task. However, it is a crucial element to establishing buy-in and usage for your new collaboration technology. The question is, are you willing to champion these kinds of actions for your organization?

Help is here if you need it


If you’re unsure about committing yourself to the extra work, there are other ways you can ensure your organization adapts properly to a new technology change. Cisco offers many different options that could potentially aid you in finding the perfect fit – from basic insights to expert advice and assistance.

One of the most common, initial customer introductions is from Cisco’s Customer Success (CS) team. Here, Customer Success managers help guide you to understand your technology further, based on agreed upon capabilities, licenses, features, services, and bundles. They also help monitor your adoption progress and better measure the impact to your organization.

Another available option is Cisco’s User Solution Empowerment (USE) Adoption services. USE is another, yet less familiar, alternative that can help your employees adopt collaboration technologies with greater speed and effectiveness through a change management approach. With access to customized processes, materials, and techniques from Prosci Certified Change Management Professionals, you can directly influence and improve:

◈ User behavior
◈ Product and technology use
◈ Organizational adoption
◈ Business processes and workflows

Cisco Certifications, Cisco Study Materials, Cisco Guides, Cisco Tutorials and Materials
Simply introducing a collaboration technology to someone and getting their feedback on how you can help raise awareness is a great way to lower anxiety among those who are unsure about a new technology change.

One of the main differences between CS and USE is that CS is usually complimentary to new customers whereas USE is an add-on service that requires an additional investment. To help articulate the difference easier, let’s look at a quick example of a USE engagement.

A major retail banking customer was experiencing lower-than-expected usage in its Webex Meetings solution. Consequently, it invested in USE Adoption services to better train, educate, and encourage end users to collaborate easily through the technology.

The USE team ended up creating a global training strategy that included:

◈ A detailed marketing & communications plan to create awareness through: 
   
     ◈ Executive sponsorship and communication
     ◈ Digital signage on the company website
     ◈ Company-branded posters throughout hallways and elevators

◈ 25 instructor-led sessions tailored specifically at helping event managers, help desk trainers, and administrative professionals best use Webex Meetings

◈ Multiple training recordings for all users, so users can access learning material at any time

◈ Custom educational reference guides created in four languages (English, Portuguese, Spanish, and French), so users could maximize their learning by understanding best practices in their native language

Through this material, the company was able to reach thousands of employees over seven months. By providing the necessary resources to help them use the technology more, over 1800 users were trained during that span. Additionally, the company saw a 12-times increase in the number of registered Webex Meetings and active hosts conducting meetings.

What to do next?


As shown above, one of the most fundamental elements of successful adoption is a good change management approach. A proper one includes influential factors such as executive sponsorship, live training, user segmentation, and awareness throughout the organization. Each has its own specific purpose in influencing change, whether it be awareness, social proof, or even physical usage.

Cisco Certifications, Cisco Study Materials, Cisco Guides, Cisco Tutorials and Materials
Think of ways you can approach executives to get their buy-in. Coffee breaks, for instance, might be an effective method for those who are busy and constantly on-the-go.

If you’re considering improving your adoption rate on your own, consider how you can broaden your approach beyond simple recordings and PDFs. Who has access to influence upper management? Who’s a good teacher and can volunteer to lead hour-long classes? Who can start a forum on the topic to answer questions and spark conversations? Who’s good at marketing?  Think through creative ways you can get your teams involved because without them, users can feel “left on their own” and even frustrated with the new technology. Or they might not understand how important it is to use.

Wednesday, 22 May 2019

How to Get On the Road to Cloud Calling Success

A Road to Somewhere


Taking your business to a cloud calling model can sometimes feel like starting out on a long, cross-country drive without a map, nor a clear destination, nor timeline. There are so many options that make it hard to navigate. That’s why many businesses get lost along the way and lose heart.

Cisco Study Materials, Cisco Certifications, Cisco Guides, Cisco Learning

It doesn’t have to be that way. Getting your business to a bright cloud communications and collaboration future can be a much more predictable and enjoyable experience.

Elevation Gain


The move to the cloud is picking up pace. Market statistics show global annual growth rates in the 15-20% range, with even higher growth as you move into market segments above 100 users. Leading analysts are predicting as many as 90% of IT leaders will no longer buy new on-premises PBX or unified communications equipment beyond 2021.

The growth in cloud calling is happening for some very clear reasons. Technology innovation cycles are faster for cloud services, which can now deliver a richer feature set that’s more tightly integrated with other important cloud business services, like Office 365, G Suite, Salesforce, and others. Cloud can also offer distinct advantages in scalability, reliability and even security.

Roadblocks


So where’s the difficulty? Well, not all cloud services are alike. Most vendors offer only one pathway to the cloud. These vendors might provide multiple feature packages, but the cloud migration is an all, or nothing proposition, one size fits all. They aren’t really offering you a pathway that respects your business strategy and any current depreciable investments in licensing, phones and equipment you may have. This creates a major disconnect.

Course Correction


Because Cisco is the leader and pioneer in both on-premises PBX systems, as well as cloud PBX services, we can offer a much more practical, business-friendly transition to the cloud, at any pace that makes sense for your business.

With Cisco, your cloud journey starts with a Cisco partner taking the time to understand your strategy, locations, workforce, communication patterns, and infrastructure. This provides the background to work out a transition timeline and technology path that meets your business objectives and will serve your business well going forward.

Navigation Support


First, it’s important to understand where you want to end up. Will you be moving your entire business to the cloud, or are there certain sites, or functions that will continue to use on-premises systems for the foreseeable future. This early discussion of the end-game will help define which Cisco calling platforms will be the best fit for your business future.

Then together we plan your transition by identifying a set of logical phases for cloud adoption. It may be based on sites, regions, workgroups, or any combination thereof. We have found the best transition plan involves a three-step approach defined as cap, surround, migrate.

Cap is where you define the limit for any future spending for on-premises PBX systems. We identify this demarcation point during the pre-planning process.

Surround is where you begin, as soon as possible, to surround your people and processes with rich Webex collaboration capabilities, added to their calling, meetings and team interactions, all delivered from the cloud.

Migrate is where group-by-group, team-by-team, or site-by-site you begin to move your people away from on-premises systems to their new cloud service.

Vehicle Protection (or Predictable Cost)


Cisco Study Materials, Cisco Certifications, Cisco Guides, Cisco Learning
As you transition your business to the Cisco cloud, we protect your investment with Cisco in a number of ways. Most Cisco IP phones purchased to run on Cisco Unified Communications Manager (UCM) in the past few years become Cisco cloud ready with just a firmware change. Another area of savings is when you purchase your UCM licenses through the Cisco Collaboration Flex Plan, you pay for UC licenses either on a subscription model, or you will receive trade-in credits to apply when you choose to migrate those licenses to the Cisco cloud. Either way, you save money.

Cisco cloud calling platforms make it simple to transition to the cloud, by site or by user, while keeping everybody connected, with common dial plans and directories. Our unique portfolio enables us to deliver an exceptional collaboration experience, with calling, meetings, teams, contact center and devices all intelligently integrated for better performance.

Cisco Webex Calling is a great solution for mid-sized to large enterprises looking for a simple cloud transition. For businesses that require a more customized approach, Cisco Hosted Collaboration Solution (HCS) is an excellent option. And with Cisco you can choose to purchase from any of our qualified cloud channel partners, that include over 600 leading service provider and VAR channel partners around the world.

Safe Arrival


As you can see, Cisco has put in the work and planning that enables you to select a cloud PBX journey designed to serve your specific business needs, rather than try to force you into a one-size-fits-nobody arrangement. You have the freedom to choose your speed, select the technology course that’s right for your business, and the Cisco partner best suited to serve as navigator for your journey. We’ve even made sure you get the most out of your investment in your current calling vehicle (phones and licenses) along the way.

Tuesday, 21 May 2019

Announcing the Availability of the Dual-Rate 10/25G Long Reach Transceiver Module

We’re excited to release a new addition to our portfolio of dual-rate pluggable transceivers: The 10/25G LR (Long Reach) SFP28 transceiver module, also known as SFP-10/25G-LR-S. Here’s some info about the new product that you may be wondering about.

What is the SFP-10/25G-LR-S?


The SFP-10/25G-LR-S is a SFP (Small Form Factor), dual rate (10GE and 25GE), Long Reach (LR) transceiver for SMF (Single Mode Fiber) applications. The transceiver enables high speed connectivity between platforms that accept SFP28’s at distances of up to 10km (~6.2miles) with appropriate software support.

SP360: Service Provider, Cisco Certifications, Cisco Guides, Cisco Learning

SFP-10/25G-LR Applications


SFP-10/25G-LR transceivers are needed in an assortment of applications including Enterprise, Data Center and Service Provider networks where transmission of 25G (and 10G) ethernet is used over SMF.

For Enterprise applications the SFP-10/25G-LR is used in the Intra-Building Backbone to connect Wiring Closet switches to Distribution switches and in the Inter-Building Backbone to connect Distribution switches to enterprises core switches and routers.

SP360: Service Provider, Cisco Certifications, Cisco Guides, Cisco Learning

For Data Center applications the SFP-10/25G-LR is used to connect Top of Rack (ToR), Middle of Row (MoR) or End of Row (EoR) switches to Servers or to connector ToR, MoR and EoR switches to Leaf switches.

SP360: Service Provider, Cisco Certifications, Cisco Guides, Cisco Learning

For Service Provider applications the SFP-10/25G-LR is used to connect the Service Provider Edge Routers that are in their Central Offices to their customer’s routers or Node switch.

SP360: Service Provider, Cisco Certifications, Cisco Guides, Cisco Learning

Cisco platforms that support the SFP-10/25G-LR-S


The SFP-10/25G-LR-S is supported in wide variety of Cisco platforms including Catalyst switches, Nexus switches, NCS routers and USC platforms.

SP360: Service Provider, Cisco Certifications, Cisco Guides, Cisco Learning

Other 25G transceivers available from Cisco


Cisco has a complete family of 25G transceivers including SMF & MMF (Multi Mode Fiber) transceivers, DAC (Direct Attached Cables) and AOC (Active Optical Cables) for a multitude of applications.

SP360: Service Provider, Cisco Certifications, Cisco Guides, Cisco Learning

Monday, 20 May 2019

Cisco AMP for Endpoints excelling in AV Comparatives Business Main Test Series

AV-Comparatives have long been the benchmark of 3rdparty testing in the endpoint security space. This year, for the first time ever, AMP for Endpoints participated in AV-Comparatives malware testing. The Business Main Test Series was broken up into two main sections: the Malware Protection Test and Business Real-World Protection Test.

Cisco Study Materials, Cisco Certifications, Cisco Tutorials and Materials

While the full report will be released in July, AV-Comparatives released a short fact sheet today. Because the test is only partially completed, the results will continue to vary, but Cisco AMP for Endpoints expects to maintain consistently high scores.

Overview


First, let’s give the brief facts behind the Business Main Test Series:

◈ 19 products are participating
◈ All products tested on a Windows 10 RS5 64-bit
◈ All vendors were allowed to configure their products
◈ Cloud and PUA detection activated in all products

Given these parameters, the 19 products will participate in a fourth month test culminating in July. At this midpoint, however, the products have participated in the two aforementioned tests.

Malware Protection Test 


In this test, the products were tested with 1,311 different malware samples. Based on criteria defined by AV-Comparatives in their report, the products were given parameters to detect the malware samples.

So far, AMP for Endpoints is one of eight products to have a malware protection rate of 99.8% or higher. In addition to this extremely high detection rate, AMP for Endpoints registered 0 false alarms on common business software.

Cisco Study Materials, Cisco Certifications, Cisco Tutorials and Materials

AV-Comparatives also performed tests on non-business software. This will not affect the final “Approved Business Product” rating they deliver, but the results are notable as it helps to demonstrates how well a product can really delineate between good and bad. Cisco AMP for Endpoints was granted the highest rating of “very low “which denotes 0-5 false positives on non-business software.

Cisco AMP for Endpoints consistently pledges to deliver elite threat detection, investigation, and response. The 99.8% malware protection rate so far highlights Cisco AMP for Endpoint’s ability to deliver on that pledge. At the same time, the low number of false positives shows that Cisco AMP for Endpoints does not need to bog down IT professionals with useless alerts allowing them to focus on what’s really important.

Real-World Protection Test


Over the course of two months, the products encountered 389 test cases. Of the 389 test cases, Cisco AMP For Endpoints has blocked all but three while producing ZERO false alarms. Resulting in a 99.2% protection rate so far. Cisco AMP For Endpoints is only one of three products to have zero false alarms. Others have already flagged up to 18 false alarms.

Saturday, 18 May 2019

Artificial Intelligence Partner Opportunity

A short time ago I had the opportunity to participate in the AI Partner and Customer events that we had in our Innovation Centers in Paris, London and Berlin. The excitement and interest of both our customers and partners was palpable.

Artificial Intelligence, Cisco Study Materials, Cisco Guides, Cisco Learning

You might have seen some of the headlines in the news around Artificial Intelligence (AI) and Machine Learning (ML) and how in the US, the European Union and Asia many countries are increasing their public and private investment in this field. AI is present everywhere nowadays, from a simple semantic search on the internet to some of the latest self-driving vehicles already available in many places. It is expected that by the year 2022 worldwide spending in AI systems will reach 78 billion US dollars and that the spending in AI servers will grow from 5 billion to 18 billion US dollars. These figures alone represent a substantial opportunity for Cisco and for our Partners.

Another interesting learning from these events was that contrary to what most people might think, a larger percentage of Machine Learning deployments are deployed on-premise as opposed to on cloud. This poses an immediate opportunity for Cisco and our partners in terms of supporting our customers with their initial deployments in their own Data Centers. There are some intrinsic benefits for deploying ML on premise, among them we can list the data gravity integration and application performance, governance and TCO (Total Cost of Ownership), while on cloud deployments provide faster deployments and simplicity.

An AI/ML solution requires multidisciplinary skills and a deep collaboration between different stakeholders, including Data Scientists and Data Engineers, the CIO and the different business leaders as well as the IT team. Without all these different teams working together with a common and joint objective a successful deployment would be really difficult to realize.

The Cisco AI/ML offering focuses on Full Data Life Cycle, Simplicity, and Manageability and includes:

◈ A full portfolio for all AI/ML computing needs.
◈ Validated solutions with technology partners
◈ Natural extension of existing computing environment

The Cisco AI/ML Architecture includes UCS (Unified Computing Systems) Servers, Cisco Infrastructure Management and Cisco Networking Solutions that power a Virtualization Layer, a Converged Infrastructure for AI and Big Data Clusters which in turn sustain the AI/ML Software platforms which eventually provide the business outcomes that AI delivers. This Architecture helps to bridge the gap between IT and the Data Scientists.

There are some real use cases examples that were highlighted in these AI events which I found quite relevant and that our partners can leverage to initiate the discussion with their customers. Some of them include:

Banking

◈ Customer-Centric Marketing

◈ Product recommendation

◈ Experience personalization

◈ Attrition prediction

Operations

◈ Improve customer experience

◈ Predicting Failures

◈ Automatically Position Spares at Depots

◈ Optimizing Supply Chain and Customer Experience

Auto

◈ Autonomous Vehicle Simulations

◈ Complex simulation modelling

◈ Massive storage requirements

◈ High volume data inputs

AI/ML can also help resolve some of the Internet of Things new set of technical challenges such as:

◈ Harsh environments

◈ Hyper-scale

◈ Randomness and unpredictability

◈ Determinism

◈ Subject to (even subtle) attacks

We can also make use of AI/ML to predict performances of the IoT, detect subtle attacks, and make the network reactive at scale as well as for Cognitive and Predictive Analytics.

Friday, 17 May 2019

Practical Ways to Reduce Ransomware Impact: Actions You Can Take Today

During the past year, Cisco Security Incident Response Services has provided emergency incident response services for many customers dealing with incidents that sometimes become a ransomware event. In many cases, we were engaged by the company at the first sign of trouble and were able to help contain the initial incident and reduce the ability of the attacker to shift to a ransomware phase. In other incidents, we were asked to help long after the attackers were in the environment and the systems were already encrypted.

In this blog post, I will share some practical tips that our team use with our customers to help mitigate the risk of ransomware causing a significant business outage.

Cisco Study Materials, Cisco Guides, Cisco Learning, Cisco Tutorials and Materials

Figure 1: Phases of an attack.

If we follow the standard attack lifecycle (Figure 1), the first step that we need to consider is how we would address the initial attack vector. For this blog post, let us assume the initial access vector is email (which we have observed is often the case).

Initial Attack


The first thing to consider is intelligence-based email monitoring and filtering. An example of this would be the Cisco Email Security Appliance (ESA) product which integrates Cisco Talos threat intelligence into an active email inspection platform.

Cisco Study Materials, Cisco Guides, Cisco Learning, Cisco Tutorials and Materials

ESA should be deployed to examine email, both inbound and outbound, from the organization. This filtering should be tied to an intelligence feed that dynamically adds new known malicious domains, IP addresses, behavioral indicators, signatures, etc.

By itself, this will not fully protect an organization but without this, you expose your users and your environment to preventable email-based attacks. This control should create log events into the security monitoring system. These events should be reviewed regularly by a member of the monitoring team and if possible correlated with other events (involving the same time, internal hosts, external IP/Domain, and any malware detected). The capability of being able to also review email historically for suspicious attachments or previously unidentified malicious files is helpful for scoping and understanding the scale of the incident and can be used for hunting if the initial detection somehow fails.

User Actions


Subsequent to the initial malicious email entering an environment, the next obvious question is “did the user open it” or “did the user click the link”? To answer these questions, we require some specific log telemetry from within the environment.

Cisco Study Materials, Cisco Guides, Cisco Learning, Cisco Tutorials and Materials

DNS logs such as those available by using Cisco Umbrella, can be invaluable to identify if a user/IP address/device made a request that is related to a known suspicious domain or IP address. If there is an active incident, these logs should be examined for any requests associated with the incident. These DNS logs should be part of the overall logging environment and the events should also be used to block and track requests to known malicious domains. Again, this should be correlated into events of interest for the monitoring team to consider. This helps us understand if the domain was requested, but does not by itself indicate what the interaction was between the user and the destination.

To gather information on the interaction between the user and the destination, we require logs from a deployed web proxy system that captures the outbound web requests and the responses. Cisco Web Security Appliance (WSA) is an example of an active web proxy/filtering system, powered by Cisco Talos threat intelligence. These systems can often block or filter known malicious sites (based again on intelligence) and also retain the http transaction between the user’s web browser and the destination. This can help us to answer the question of what was done on the site, or what the site sent as a response.

To address the question of “did the user open the file” we recommend the implementation of the Windows SysInternals System Monitor (Sysmon) which can help to answer the question of user behavior and activity. Alternatively, many endpoint security tools may also be able to answer this question. Be sure to test your tools before an incident, so you know what normal activity looks like before you get into an incident and have to try to parse the alerts.

Account Compromise


Following the attack life-cycle, the next phase is account compromise:  did the user either provide their credentials (e.g., if they were prompted to enter their password to access what appeared to be a legitimate company web page) or did the malware gather local cached account data from the system? This is where we recommend multi-factor authentication (MFA) as the standard for all environments.

Cisco Study Materials, Cisco Guides, Cisco Learning, Cisco Tutorials and Materials

We frequently recommended multi-factor for “high risk” accounts, or for “all externally facing services”, but with the current attack patterns we recommend multi-factor for all Active Directory environments. There can be technical limitations on implementing MFA for some legacy systems, legacy access types, etc. Those exceptions should be identified and very closely monitored for unexpected activity, or isolated into separate Organizational Units or Groups. This may allow early detection of misuse and may limit the impact of these systems or credentials, should they become compromised.

Another key consideration is to monitor the system used to manage the multi-factor authentication. We have seen attackers attempt to bring these systems offline, to attempt to access these systems, or to successfully access these systems and either create one-time use passcodes or create a new account that was allowed to bypass the multi-factor requirement. These systems must be closely monitored for all access and modifications to the users, groups, or creation of one-time use codes.

Privilege Escalation


The next phase is privilege escalation.  In this phase, we recommend a multi-pronged approach as there are multiple risks to address. The first risk is if the environment has a shared local administrator password across multiple devices. This is still a very common practice in many environments due to a number of factors.

Cisco Study Materials, Cisco Guides, Cisco Learning, Cisco Tutorials and Materials

A solution that can assist with this is implementing the Microsoft Local Administrator Password Solution (LAPS). This provides a better method to manage local accounts. The second risk is an attacker compromising one of the privileged accounts in the environment. If multi-factor authentication is required on these accounts, this should be unlikely, but these accounts must still be monitored for mis-use. Additionally these privileged groups should be monitored for modification (adding/deleting or users, or change to the group roles). These are also events that should trigger alerts that are evaluated by the monitoring team.

Lateral Movement


Lateral movement occurs next. To detect and thwart this, we need to reduce the ability for a user account to move freely within the environment without being validated or having authorization.

Cisco Study Materials, Cisco Guides, Cisco Learning, Cisco Tutorials and Materials

This can be started by reducing the internal network access from the standard user segments and VPN devices. Network segmentation can be complex to implement across the entire environment, but it is often achievable to make some small restrictions using virtual LANs (VLANs) to reduce which networks can access critical segments. Privileged activity or Administrator activity should always originate from an approved “jump box” that is hardened and monitored, and has specific access restrictions for only users that require this access. Role-based access should also be enforced, not everyone should have access to production, not everyone should have access to the code base, or sensitive data. Access (successful and failed) should be logged and correlated. Reducing the number and type of ports and protocols within the environment may also help to reduce the spread of malware or lateral movement that is expecting specific capabilities, such as the Server Message Block (SMB) protocol, for example.

Encryption of Data


The ultimate risk of a ransomware attack is in the final phase. This is when the attacker is able to encrypt critical business systems or services, causing a business outage. The impact of this outage varies based on the function of your business, your tolerance (or your customers’ tolerance) for downtime, and many other factors.

Cisco Study Materials, Cisco Guides, Cisco Learning, Cisco Tutorials and Materials

For environments that have critical services that impact life and safety of people, we strongly recommend partnering with the disaster recovery and business continuity teams to test existing plans and update them accordingly with steps that cover full data center loss via ransomware. Other questions that should be considered: Are your backups offline and secure from the possible ransomware? Does your online backup system use the same credentials as your Active Directory environment? Has your organization practiced what a data restore would look like and how long it would take? Is the necessary hardware (or virtual space) available to be able to restore your environment? Is there an understanding of dependencies and other tactical considerations?

Take Action Today


These recommendations will help you improve your ability to detect attacks in the earlier (pre-ransomware) stages and will reduce the overall impact of a ransomware incident. You must take key preventative steps, while also readying your team to act when it strikes. If you feel you need hands-on, expert assistance, consider contacting our team – our incident responders can help you prepare your own team with proactive services and we can work alongside your team during active incidents.

Thursday, 16 May 2019

Ansible: Powered by Cisco DNA Center

We have all seen the segmentation of people and technologies into what we lovingly refer to as ‘silos.’ Initially, these silos were formed to group together teams with common skill sets, ownership, accountability, etc. The effect that we see from this division into functional groups typically manifests as some level of communication hindrance that limits full cooperation between the groups to obtain a higher level objective.

If you look at the technology industry, the same sort of logical grouping is prevalent. For example, we have technology silos like Campus Networking, Data Center Infrastructure, Security, and Storage.

Network Automation, Cisco DNA Center, Cisco Certifications, Cisco Learning, Cisco Study Materials

In these technology domains, we see managers, or controllers, that are responsible to provide that Software Defined Controller role and act as the provisioner for that area. Similar to the challenge faced with people in organizations, this division can be a hindrance when trying to automate across multiple functional areas.

Ansible for Higher Level Automation


What we need to help drive a cohesive strategy for management across each of these domains is a common interface to act as the glue between them. This “higher layer” can interface with each technology domain using whatever interface is exposed by the manager or by reaching the devices directly.

Ansible is a fantastic solution to act as this glue. There are over 2000 modules to provide that communication mechanism into each domain. The coverage is broad enough to span the entire gamete.

Network Automation, Cisco DNA Center, Cisco Certifications, Cisco Learning, Cisco Study Materials

Campus Networking


Cisco Campus networking has seen significant growth in maturity with the DNA Center solution. DNA Center provides GUI driven workflows that greatly simplify complex deployments allowing the technologist to focus on what they want the network to do rather than the specific configurations.

The Assurance engine is without a parallel in the industry. Assurance provides unprecedented visibility into the health of your networks, end users, and applications.

Cisco has released the concept of DNA Center as a Platform and provides access to the APIs that drive the DNA Center solution.

Ansible Modules for DNA Center


That brings us to the point of this write up…with Ansible acting as the glue between your various technical domains combined with your newly deployed Cisco DNA Center you will need some new modules to drive the configurations of DNA Center from Ansible.

World Wide Technology has developed several new Ansible modules for DNA Center. These initial modules provide the ability to deploy configuration of the design workflows including Site Hierarchy, Common settings (DHCP Server, DNS Server, Syslog, etc), IP Pools, Create Discoveries and more.

Network Automation, Cisco DNA Center, Cisco Certifications, Cisco Learning, Cisco Study Materials

These initial modules are just the start. We will continue to develop and refine with the help of the broader, open source community as additional features and APIs are exposed.

The figure below is a snippet of YAML from a sample playbook illustrating the configuration of the DNA Center settings and sites.

Network Automation, Cisco DNA Center, Cisco Certifications, Cisco Learning, Cisco Study Materials

Tuesday, 14 May 2019

Cisco Drives Intent-Based Networking Forward with Multi-Level Segmentation

Why network segmentation matters in the enterprise of today


Network Segmentation easily gets lost in a conversation as it is a heavily used term in the industry. Everyone claims to support it when in reality most vendors support the bare minimum to simply claim compliance in an RFP (Request for Proposal) or RFI (Request for Information).

Network segmentation is a critical requirement to address the growing scale, complexity and security demands of today’s campus and branch networks. That’s because segmentation allows customers to protect their data. Segmentation divides an infrastructure into individual components and builds connection points between the relevant components based on the understanding of applications, users, consumers, and devices

The days of managing secure networks with VLANs and ACLs are ways of the old. Customers require a campus infrastructure capable to support a software defined approach for network segmentation. Networks today need to be purpose built for commencing the journey of intent-based networking. Network segmentation is a key pillar supporting the foundation of Cisco’s powerful Software-Defined Access (SD-Access) architecture.

Raising the stakes with multi-level network segmentation


Traditionally, when a customer was required to isolate a given network, VLANS and ACLs (Access Control Lists) were configured to achieve network separation. A simple use case to enforce policies for users, devices, and things were challenging to implement and complex to manage as new users and devices were added to the network. Cisco has addressed these challenges and raised the stakes for network segmentation offering a new approach to multi-level segmentation for the enterprise campus.

So, what is multi-level segmentation? As it’s called, Multi-level segmentation provides two-levels of segmentation using layer 3 virtual networks (VNs) and scalable group tags (SGTs).

Cisco Study Materials, Cisco Guides, Cisco Learning, Cisco Certifications
Cisco Study Materials, Cisco Guides, Cisco Learning, Cisco Certifications

Comparing vendors


Comparing the segmentation capabilities of Cisco, Aruba and Huawei, several key takeaways can be learned from the independent Miercom report. In the Miercom comparison the bottom line is there is a clear benefit with the automated, single touch point approach of Cisco compared to the manual – multi-touch point approaches of HPE-Aruba and Huawei.

Cisco Study Materials, Cisco Guides, Cisco Learning, Cisco Certifications

Aruba

Aruba’s segmentation offering is highly dependent on its mobility controller. With only a small amount of traffic, Aruba’s Mobility controller was exposed as a choke point.

Regardless of how many access layer switches and network uplinks are added, the limitation is still present until an additional Aruba Mobility controller can be purchased and added to the network. The network administrator using the Aruba architecture will constantly need to monitor the load of the segmentation service. This is because the mobility controller responsible for wireless association/ termination will become unresponsive when the data plane performance is reached.

Aruba positions their Dynamic Segmentation for Unified Policy for wired and wireless. Aruba launched this back in 2014 and are still positioning this architecture as Next-Gen. The flaws then are still present now.

Is the Aruba solution line-rate? Can it be proved via independent test reports? Can they change policy between users, whatever their respective VLAN is?

Huawei

Huawei’s Free Mobility was basic segmentation at best. Several touchpoints and dashboards are required to get the basics to work.  It’s definitely not easy to use, and requires many repetitive steps to create groups and create policy.

Huawei presents its Free Mobility solution to its customers for segmentation using group-based policy. Free Mobility is an add-on to its policy server the Agile Controller 1.0. Huawei does not offer a simple way to offer policy-based automation.  In all cases Huawei requires multiple touch points and manual based configurations via CLI and countless clicks on their Agile Controller for policy.

The 3rd party test vendor configured Huawei’s Free Mobility solution to discover that it was not as easy as expected.

Multiple steps are required to create a security group – 12 to be exact. To create a single policy between a configured pair of security groups takes 16 steps.

The key takeaway was Huawei’s inability to provide an easy to use offering for multi-level segmentation.

At best, the segmentation was basic and the network administrator was left to log back into the additional devices to enable port isolation for east-west segmentation.

Cisco Study Materials, Cisco Guides, Cisco Learning, Cisco Certifications

As you can imagine traditionally there are many touch points when trying to configure various levels of segmentation.

Cisco


With Cisco Digital Network Architecture (DNA) Center, the creation of virtual networks and management of scalable groups is possible and can be done via a single unified dashboard. Cisco DNA Center and SD-Access outshines and outperforms the competition. Cisco SD-Access is built using a campus fabric with built-in mechanisms to support two levels of segmentation. Other network vendors can only offer segmentation based on simple network separation.

The Cisco Catalyst Family embeds VNs and SGTs in its hardware using the Cisco UADP (Unified Access Data Plane) ASIC. This facilitates building a robust foundation based on a powerful hardware that allows customers to enable a network segmentation service without a compromise on performance. Other network vendors use older architectures which are bottleneck designs with limited data plane performance of only 10Gbps.

Our 3rd party tests, compare and assess the network segmentation offerings of each networking vendor. It can be seen from the report, with the other vendors customers will continue down the path of configuring named VLANs and mapping out the size of the subnet per VLAN preparing for deployment. Customers using either vendor will be required to configure a VLAN for wired employees, a VLAN for wireless employees, a  VLAN for wired guests, a VLAN for wireless guests, etc.

As stated, those are ways of the past …however this is how the competition will design a campus network. They don’t offer a controller based network to provide automation and the ability to deliver true software defined networking.

Cisco SD-Access not only profiles users, devices, and things but also onboards clients to a fabric. It provides customers with capabilities to move devices in a virtual network (macro segmentation) and provide flexibility to support role-based groups (micro segmentation) and control communication based on network contracts.

With Cisco’s DNA Center, the policy application allows customers to create VNs and groups using the “drag and drop” method. Once configured, network connectivity and access were tested to verify segmentation.

Segmentation doesn’t stop in the campus


Cisco also supports the ability to keep the policy intact from the Campus User to the Data Center application with SGT to EPG (endpoint group) mapping. Cisco is the only vendor capable to offer Intent-Based Networking across the Campus and Data Center.