Tag Archives: Cisco

Critical Cisco vulnerabilities patched in Policy Suite

Cisco disclosed and patched a handful of critical and high-severity vulnerabilities in its products this week.

The company fixed four critical vulnerabilities in its Policy Suite: Two are flaws that enabled remote unauthenticated access to the Policy Builder interface; one flaw is in the Open Systems Gateway initiative (OSGi) interface; and the last is in the Cluster Manager.

A successful exploit of one of the critical Cisco vulnerabilities in Policy Builder — tracked as CVE-2018-0374 — gave attackers access to the database and the ability to change any data in that database. The other vulnerability in the Policy Builder interface — tracked as CVE-2018-0376 — could have enabled an attacker to change existing repositories and create new repositories through the interface.

The third critical vulnerability could have enabled an attacker to directly connect to the OSGi interface remotely and without authentication. Once exploited, an attacker could have accessed or changed any files accessible by the OSGi process.

The last of the critical Cisco vulnerabilities — CVE-2018-0375 — was in the Cluster Manager of Cisco Policy Suite. With this flaw, an attacker could have logged in to remotely use the root account, which has static default credentials, and execute arbitrary commands.

The Cisco Policy Suite manages policies and subscriber data for service providers by connecting to network routers and packet data gateways.

The Cisco vulnerabilities affected Policy Suite releases prior to 18.2.0. The Cisco Product Security Incident Response team has already patched the vulnerabilities and has not seen any exploits in the wild.

Cisco also disclosed and patched seven high-severity flaws in its software-defined WAN (SD-WAN) products, though only one of them can be exploited remotely and without authentication — unlike the four critical vulnerabilities. One vulnerability requires authentication and local access to successfully exploit, but the others only needed authentication to be successfully exploited.

The SD-WAN vulnerabilities gave attackers the ability to overwrite arbitrary files on the operating system and execute arbitrary commands. One was a zero-touch denial-of-service vulnerability, and there were four command injection vulnerabilities.

The company also patched a high-severity denial-of-service vulnerability in the Cisco Nexus 9000 Series Fabric Switches, as well as 16 other medium-severity issues in a variety of its other products.

In other news:

  • Venmo, the mobile payment app owned by PayPal, has its API set to public by default and is exposing user data. According to researcher Hang Do Thi Duc, if a Venmo user accepts the default settings on their account, their transaction details are publicly accessible through the API. “It’s incredibly easy to see what people are buying, who they’re sending money to, and why,” Do Thi Duc said in a blog post. She noted that she was able to gather data on cannabis retailers, lovers’ quarrels and the unhealthy eating habits of users — along with their identifying information. Do Thi Duc was able to gather all of this and more by perusing the public Venmo API and looking specifically at the 207,984,218 transactions left accessible to the public in 2017. “I think it’s problematic that there is a public feed which includes real names, their profile links (to access past transactions), possibly their Facebook IDs and essentially their network of friends they spend time with,” she wrote. “And all of this is so easy to access! I believe this could be designed better.”
  • Multinational telecommunications company Telefonica suffered a data breach that exposed the data of millions of customers. Spanish users of Telefonica’s Movistar telecommunication services may have had their personal and financial information exposed because of the breach, including phone numbers, full names, national ID numbers, addresses, banking information, and call and data records. The breach was discovered after a Movistar user reported it to FACUA, a Spanish consumer rights nonprofit. Because of a design flaw in the Movistar online portal, anyone with a Movistar account could access other users’ data. FACUA notified Telefonica of the breach, and the company responded the next day, at which point FACUA made a public disclosure.
  • Oracle’s July Critical Patch Update (CPU) patched 334 security vulnerabilities, including 61 critical flaws, across many of its products. The most vulnerable affected product is the Oracle Financial Services application, which has 56 vulnerabilities — 21 of which can be exploited over the network without authentication. The vulnerabilities with the highest severity ratings — with a CVSS score of 9.8 — are in Oracle’s Financial Services, Fusion Middleware, PeopleSoft, E-Business Suite, retail applications and others. Over 200 vulnerabilities noted in the Oracle CPU affected business-critical applications. This month’s CPU has the highest number of patches at 334; the runner-up was 308 patches in July 2017.

Cisco, Samsung finish 5G trial for home, IoT applications

Cisco, Orange and Samsung have completed a successful trial of 5G-delivered home entertainment and smart city applications in Romania.

The three companies said this week they had been testing their fifth-generation (5G) fixed wireless system in Floresti, which is located in the Cluj district of Romania, for about six weeks. The 5G trial involved delivering high-speed broadband to homes and gathering data from sensors and cameras installed on streetlamps.

In the home-service trial, the three vendors delivered enough bandwidth for ultrahigh-definition video and virtual reality gaming. In the smart city 5G trial, the partners used 5G wireless technology to collect temperature and humidity data from sensors and to gather footage from cameras. A Samsung connectivity node established the 5G wireless connection necessary to transmit data from the streetlamp-mounted devices to the core network.

The companies used advanced 5G-enabled antenna technologies — including massive multiple input, multiple output and beamforming — to transmit data at a wireless speed of 1 Gbps at a distance over six-tenths of a mile.

“Thanks to this first successful test of 5G fixed wireless access in the 26 GHz band, Orange has been able to verify several use cases enabled by this technology,” Arnaud Vamparys, senior vice president of microwaves and radio networks at Paris-based Orange, said in a statement.

The technology used in the trial included Samsung’s 5G routers and radio access network, which provides wireless connectivity between a device and the core network. Also used in the test were Cisco gateways and Meraki Z3 Wi-Fi and MV21 cameras.

telecom market

Cisco-Ericsson partnership

Cisco’s work with Samsung is occurring as its 5G partnership with Ericsson has stalled due to financial troubles that have forced Ericsson to restructure its business. Ericsson said last year the companies would not meet the financial goals set when the partnership started in 2015. 

Verizon is another carrier testing the viability of a fixed wireless 5G network. The U.S. carrier is running 5G trials of its system in 11 major metropolitan areas. AT&T, on the other hand, is testing the delivery of mobile 5G over the millimeter wave (mmWave) band in four U.S. cities

MmWave allows for data rates up to 10 Gbps, which comfortably accommodates carriers’ plans for cellular 5G. But before service providers can use the technology, they have to surmount its limitations in signal distance and in traveling through obstacles, like buildings.

AT&T, Orange, Verizon and other carriers are spending billions of dollars to develop 5G wireless networks for business, consumer and internet-of-things applications. Analysts expect service providers to start rolling out commercial 5G networks at the end of this year or in 2019.

Ex-Cisco exec Rowan Trollope promises to be different CEO at Five9

Rowan Trollope’s departure from Cisco in May took many in the industry by surprise. In his five years as a top executive, Trollope was widely credited with reinvigorating Cisco’s collaboration portfolio. At the end of his tenure, he made the bold move of merging Cisco’s core meeting software, Webex and Spark.

Trollope is now the CEO of cloud contact center vendor Five9, a startup in San Ramon, Calif., with revenue one-twenty-fifth the size of the collaboration division at Cisco. Trollope described his new company as smaller than his old one, but also nimbler.

In an interview this week, Trollope spoke about why he left Cisco and the use cases of the contact center AI he’s likely to bring to Five9.

Editor’s note: The following was edited for style, clarity and brevity.

How will your leadership change Five9?

Rowan Trollope, CEO, Five9Rowan Trollope

Rowan Trollope: I wasn’t hired because the company needed a new strategy. The way the search happened was ultimately because the former CEO, unfortunately, had a health issue and couldn’t continue. So, it’s kind of a different CEO transition in that sense; it’s not like the company needed a transformation or a new direction.

I am a different CEO, I think, than the former CEO just in terms of my background. I’m a much more product-focused executive, whereas Mike [Burkland] was more focused on sales and go-to-market. And so, you know, my focus will probably be more on product. I think the innovation side of this story that’s unfolding needs a lot of attention.

Cisco is also a big contact center vendor. Why didn’t you want to stay there?

Trollope: Timing in business is so important. And the time for a cloud contact center is now. And, you know, I had been at Cisco for five years, very successful with transforming the portfolio and having a good run. But this was an opportunity to join a very special company, a much smaller company, more nimble, and something that I just, personally, was very interested in.

It’s not anything negative about Cisco. I enjoyed working there, I learned a lot, it’s a great company, and I think their collaboration business has great prospects. But I couldn’t say no to this opportunity.

What applications of contact center AI do you think will have the biggest impact on the industry?

Trollope: One, data analytics. All the voice traffic coming through your contact center today is only used for the purposes of quality-assurance checks and compliance. So, the first real big opportunity is to unlock the value of that data.

Speech-to-text, and then natural language understanding to provide analytics on top of that data, can really [help a company] understand at the business level what’s going on with my customers [and] what are they asking about. If you look at how call centers work today, at the very end of the call, they will enter a reason code, like install problem or password reset. And that’s just so limiting, and the industry has struggled to make sense of this data. That’s why I call it ‘dark data.’

Two, virtual agents. The technology has just gotten to the point where it could be feasible that when you call into your typical call center, instead of getting, ‘Welcome to ABC company. Push one for sales; push two for product,’ that you will be greeted by, ‘Hi, ABC company, can I help you?’ And you say, ‘Yeah, I’ve been having a problem with your product. I’m wondering if I can speak to Joe in support.’ ‘Oh, sure, yeah, let me get Joe on the line.’

That’s not a human; that conversation was with a robot. That’s feasible now. It wasn’t feasible a year ago. And it will become more and more feasible. So, the death of the IVR [interactive voice response] couldn’t come soon enough for most. If you’re a consumer, that’s like the worst experience ever, right?

Three, agent guidance. If the computer can listen to all of the context of the conversation in real time and present me with advanced search results from my knowledge bases and my company information and my workflows, I become a smarter agent.

Today, the agents will be listening to your call. And they will be sitting with a whole bunch of windows open, and they will be Googling for this, or searching their internal knowledge base for that, or typing a text message to a peer to say, ‘Do you know what this problem could be?’ And all that can be made much easier through AI. So, that’s about assisting agents to get better answers faster.

Cisco hyper-converged HyperFlex adds NVMe-enabled model

Cisco is bumping up the performance of its HyperFlex hyper-converged infrastructure platform with nonvolatile memory express flash storage.

The networking specialist in July plans to broaden its hyper-converged infrastructure (HCI) options with Cisco HyperFlex All NVMe. The new Cisco hyper-converged system is an NVMe-enabled 1U HX220c M5 Unified Computing System (UCS) server that’s integrated with dual Intel Xeon Skylake processors, Nvidia GPUs and Intel Optane DC SSDs.

The HX C220 uses Intel Optane drives on the front end for caching. Four Intel 3D NAND NVMe SSDs of 8 TB each provide 32 TB of raw storage capacity per node. Optane SSDs are designed on Intel 3D XPoint memory technology.

HyperFlex 3.5 software extends Cisco Intersight compute and network analytics to storage. Version 3.5 supports virtual desktop infrastructure with Citrix Cloud services and hyper-convergence for SAP database applications.

“This is clearly a performance play for Cisco, with the addition of NVMe and support for Nvidia GPUs,” said Eric Slack, a senior analyst at Evaluator Group, a storage and IT research firm in Boulder, Colo. “They’re talking about SAP modernization. Cisco is going to try and sell hyper-converged to a lot of folks, but initially the targeting will be their UCS customer base. And that makes sense.”

Cisco: Hyper-converged use cases are expanding        

More than 2,600 customers have installed HyperFlex, many of whom already are Cisco hyper-converged UCS users, said Eugene Kim, a Cisco HyperFlex product marketing manager. He said customers are “pushing the limits” of HyperFlex for production storage.

“The all-flash HyperFlex we introduced [in 2017] comprises about 60% of our HCI sales. We see a lot of customers running mission-critical applications, and some customers are running 100% on HyperFlex,” Kim said.

Hyper-convergence relies on software-defined storage to eliminate the need for dedicated storage. An HCI system packages all the necessary computing resources — CPUs, networking, storage and virtualization tools — as a single integrated appliance. That’s different from converged infrastructure, in which customers can buy different components by the rack and bundle them together with a software stack.

We see a lot of customers running mission-critical applications, and some customers are running 100% on HyperFlex.
Eugene KimHyperFlex product marketing manager, Cisco

Cisco hyper-converged products were late to market compared with other HCI vendors. Cisco introduced HyperFlex in 2016 in partnership with Springpath, bundling the startup’s log-structured distributed file system with integrated Cisco networking. Cisco was an early investor in Springpath and eventually acquired it in 2017.

Cisco’s HCI market share jumped from 2.5% in the fourth quarter of 2016 to 4.5% in the fourth quarter of 2017, according to IDC. HyperFlex sales generated more than $56 million — a 200% increase year over year. Still, Cisco was in fourth place behind Dell, Nutanix and Hewlett Packard Enterprise in HCI hardware share, according to IDC.

As part of its partnership with Intel, Cisco added Intel Volume Management Device to HyperFlex 3.5. Intel VMD allows NVMe devices to be swapped out of the PCIe bus, avoiding a system shutdown.

Much of the heavy lifting for Cisco hyper-converged infrastructure was handled with the HyperFlex 3.0 release in January. It added Microsoft Hyper-V to support in addition to existing support for VMware hypervisors and the Cisco Container volume driver to launch persistent storage containers with Kubernetes.

Owning the compute, network and storage software gives Cisco hyper-converged systems an advantage over traditional hardware-software HCI bundles, said Vikas Ratna, a product manager at Cisco.

“We believe being able to optimize the stack up and down provides the best on-ramp for customers [to adopt HCI]. We don’t have to overengineer, as we would if we just owned the software layer,” Ratna said.

Customers can scale Cisco HyperFlex to 64 nodes per cluster. Ratna said Cisco plans to release a 2U HyperFlex that scales to 64 TB of raw storage per node when larger NVMe SSDs are generally available.

Cisco acquires July Systems for its location, analytics services

Cisco announced this week the acquisition of a company that provides cloud-based location services through retailers’ Wi-Fi networks, while Extreme Networks and Ruckus Networks launched improvements to their wired and wireless LANs.

Cisco plans to use July Systems technology to improve its enterprise Wi-Fi platform for indoor location services. July, a privately held company headquartered in Burlingame, Calif., sells its product by subscription.

July Systems’ platform integrates with a company’s customer management system to identify people walking into a retail store or mall. The July software can then interact with the people through text messages, email or push notifications.

The system also continuously maps the physical location of retail customers and uses the information to calculate their behavior patterns. July Systems software can also send collected data to business intelligence applications for further analysis.

Before the acquisition, July Systems was a Cisco partner. The company made its location services and analytics available through the Cisco Connected Mobile Experiences. CMX is a set of location-based products that use Cisco’s wireless infrastructure.

Cisco plans to complete the acquisition by the end of October. The company did not release financial details.

Extreme, Ruckus releases

Extreme Networks has introduced wired and wireless LAN infrastructure called Smart OmniEdge that incorporates technology Extreme acquired when it bought Avaya’s enterprise networking business last year.

The latest release includes an on-premises version of Extreme’s cloud-based management application, called ExtremeCloud. Both versions provide a single console for overseeing the vendor’s wired and wireless infrastructure, including access points and edge switches. They are also engineered for zero-touch provisioning, enabling customers to configure and activate devices without manual intervention.

Other infrastructure additions include hosted software for radio frequency management on the wireless network, which in today’s workplace has to serve a variety of devices, including PCs, mobile phones, printers and projectors. Automated features in the technology include access point tuning and optimization, load balancing and troubleshooting.

Smart OmniEdge utilizes Avaya’s software-defined networking product for simpler provisioning, management and troubleshooting of switches and access points. Extreme has also added APIs to integrate third-party network products and hardware adapters that companies can plug into medical devices to download and enforce policies.

Extreme has designed Smart OmniEdge for networking a campus, hotel, healthcare facility and large entertainment venue. The company’s wired and wireless networking portfolio incorporates technology from acquisitions over several years, including wireless LAN vendor Zebra Technologies, Avaya’s software-based networking technology and Brocade’s data center network products.

Extreme’s acquisition strategy helped boost sales in its latest quarter ended in May by 76% to $262 million. However, results for the quarter, coupled with modest guidance for the current quarter, disappointed analysts, driving its stock down by 19.5%, according to the financial site Motley Fool.

Meanwhile, Ruckus Networks, an Arris company, released a new version of the operating system for its SmartZone controllers for the wired and wireless LAN. SmartZoneOS 5 provides a central console for controlling, managing and securing Ruckus access points and switches.

SmartZoneOS customers can build a single network control cluster to serve up to 450,000 clients. The controller also contains RESTful APIs, so managed service providers can invoke SmartZoneOS features and configurations.

In February, Ruckus launched SmartZoneOS software that provides essential management and security features for IoT devices. The software works in conjunction with a Ruckus IoT module plugged into the USB port on each of the company’s access points.

Cisco Live 2018: Vendor opens management console to partners

At Cisco Live 2018, the networking vendor continued its emphasis on software, opening Cisco DNA Center to developers and talking up opportunities for channel partners in building solutions on its intent-based networking platform. The Cisco conference was held this week in Orlando.

Cisco said it is releasing developer tools and open APIs into Cisco DNA Center, the control console for the vendor’s intent-based networks. Cisco launched its intent-based networking initiative a year ago, shaking up its network design approach and underscoring its push toward network programmability. In opening DNA Center, Cisco encourages its partners to create applications that take advantage of data collected via Cisco DNA Center.

World Wide Technology Inc. (WWT), a technology solutions provider and Cisco Gold partner based in St. Louis, created a Mobile Ops Center to demonstrate the potential to build upon Cisco’s control center.

“We have only scratched the surface of what is possible with the extensive API set Cisco has built into DNA Center,” said Neil Anderson, practice manager of mobility and access at WWT.

Anderson said WWT plans to use the API capabilities to deliver IT automation on top of Cisco DNA Center and “speed the delivery of our deployments for customers.” In addition, he cited the possibility of integrating across multiple platforms: integrating Cisco DNA with security and IT service ticketing help desk platforms, as well as linking policy in the network with policy in the data center.

Chart showing how industry trends have influenced Cisco's strategy
Cisco’s move to make DNA Center an open platform is the latest move in the vendor’s ongoing software transformation.

Cisco Live 2018: Developer base grows

The networking vendor used the occasion of Cisco Live 2018 to point to its growing developer base. Susie Wee, vice president and CTO of DevNet innovations at Cisco, said the company’s DevNet developer program has reached the 500,000 registered members mark. “It means we’ve hit critical mass with a developer community who can program the network,” Wee wrote in a Cisco blog post.

We have only scratched the surface of what is possible with the extensive API set Cisco has built into DNA Center.
Neil Andersonpractice manager of mobility and access, WWT

According to Cisco, its developer allies include infrastructure developers, cloud developers, independent software vendors (ISVs), systems integrators and network automation consultants. Cisco’s traditional partners — networking resellers — have been retooling in response to Cisco putting software in the lead.

Jason Parry, vice president of client solutions at Force 3, an infrastructure and security solutions provider based in Crofton, Md., said network engineering is becoming more of a development and network programming endeavor. Force 3 is a Cisco Gold partner.

“I think the trend or the move towards software continues to be very evident,” Parry said.

Cisco DNA Center opens opportunities

Parry said Cisco DNA Center will likely follow the path to greater openness that Cisco technologies such as Application Centric Infrastructure have taken.

“We will see them continue to open that up as they have other platforms,” he noted.

The ability to access analytics and telemetry through the Cisco DNA Center APIs will let developers “leverage the network … access layer in ways they really haven’t before,” Parry said. That ability will enable use cases around security, he added.

Fifteen partners have already created solutions on Cisco DNA Center and have demonstrated them at Cisco Live 2018, according to the company. Several of those partners come from the IT services space, including Accenture, Dimension Data, HCL, Logicalis, Presidio, Wipro and WWT.

Cisco said Accenture is creating services around software-image updates, while Presidio focuses on power management and HCL concentrates on third-party device provisioning.

WWT’s Mobile Ops Center, meanwhile, aims to help IT engineers keep tabs on intent-based networks when they are away from the Cisco DNA Center management console.

“Today, DNA Center is a console-based experience — the IT engineer needs to be present at the DNA Center console at his desk to proactively manage and operate the network,” Anderson explained.

He said WWT Asynchrony Labs created a mobile app, using the Cisco DNA Center platform APIs, that lets engineers “take the DNA Center with them wherever they go.”

Dell reverses storage slide

On the heels of its first-quarter earnings report, Dell Technologies highlighted how channel partners are contributing to the company’s growth.

Dell reported $21.4 billion revenue for the first quarter with sales increases in its core technologies. Storage generated $4.1 billion in revenue, which represented a turnaround from a fourth-quarter slump.

“For the first time really since we brought [Dell and EMC] together … we saw phenomenal share gains” in storage, said Cheryl Cook, senior vice president of global channel marketing, at Dell EMC. “It is our first quarter of turning that business back to growth, which has certainly been a focus area for us.”

Among Dell EMC’s recent efforts to boost storage sales were a number of channel incentives and expanded resources such as sales performance incentive funds and the addition of storage sales specialists.

According to Cook, highlights of Dell EMC partners’ first-quarter performance included:

  • Fourteen percent revenue growth in Dell EMC’s distribution business. Distributors continue “to be one of our fastest growth areas of partner types,” she said.
  • Channel partners brought in about 14,800 new or reactivated customers.
  • Dell EMC approved about 120,800 deal registrations.
  • Partners earned more than 5,500 credentials.

Going forward, Cook said that Dell Technologies is looking to create a more integrated framework for partners for doing business across its strategically aligned businesses. That was a key theme discussed at the vendor’s Global Partner Summit in May.

She said Dell Technologies plans to maintain separate partner programs — for example, the VMware and Dell EMC Partner Programs — but will focus on developing ways to recognize partners’ training investments and benefits across programs.

“At some stage, we may drive … ‘loosely coupled alignment’ across the programs rather than [the programs] all living inside one hard program. But we’re very much focused on bringing the value proposition, the benefits and such that we can align our incentive structures similarly [and] recognizing training and credits in each of the programs so that it’s not redundant or repetitive,” she said.

Other news

  • Continuum, a managed service provider (MSP) technology platform provider, has acquired CARVIR to expand its cybersecurity offering. CARVIR provides monitored and managed security to MSPs targeting small and medium-sized businesses (SMBs).
  • Rackspaceunveiled Rackspace Colocation, a service that lets customers deploy their own hardware in Rackspace data centers. The offering provides an average of eight carriers per colocation data center, the company said.
  • A whitepaper from AMI-Partners notes managed services providers (MSPs) are partnering with ISVs, such as BitTitan, Microsoft and SkyKick, to help migrate SMBs to cloud-based email and productivity offerings. “By using a suitable tool, MSPs reported being able to save an average of 18 hours on a typical SMB migration project,” AMI-Partners stated.
  • The vast majority of companies lack complete commitment to the DevOps process, according to a survey undertaken by 2nd Watch, a cloud consulting firm based in Seattle. The survey of more than 1,000 IT managers and directors found 78% of the respondents said separate teams still manage infrastructure/operations and application development. About 30% of the respondents said they use a manual process for deployment, while 70% use some form of an automated pipeline.
  • Tufin, a provider of network security policy orchestration technology, rolled out a program to support partners deploying, configuring and customizing its orchestration suite. The Service Delivery Partner Program has structured the program with two tiers — Service Delivery and Service Delivery Plus — and offers certification, professional services business referral opportunities, and access to best practices and tools among other benefits, Tufin said.
  • Data management vendor DefendX Software is targeting partners such as cloud and managed services providers with a new channel program. The DefendX True Partner Program provides deal protection, lead sharing and new customer incentives.
  • Chicago-based Telecom Brokerage Inc. (TBI) inked a distribution deal with Canadian communications provider Shaw Communications. Under the agreement, TBI’s agent and value-added reseller partners can offer Shaw’s data solutions in Canada.
  • Accenture has agreed to acquire DesignAffairs, a strategic design consultancy in Germany. The deal aims to bolster Accenture’s smart products and services initiative, Accenture Industry X.0.
  • Agosto Inc., a cloud services and development company in Minneapolis, said it has named Rick Erickson chief cloud strategist. Erickson, Agosto’s co-founder, focuses on the Google Cloud Platform in particular.
  • Atera, an IT automation platform vendor that targets MSPs, launched a chat feature that the company said service providers can use as a self-service tool for their customers.
  • Aparavi, a SaaS-based active archive startup, rolled out a program for service providers. Aparavi Advantage offers marketing support, training and sales assistance.
  • Telehouse America, a data center and managed IT services company, has expanded its alliance with Atlantic Metro into areas including SD-WAN and object storage.

Market Share is a news roundup published every Friday.

Cisco to merge Viptela, DNA Center for campus networking

ORLANDO, Fla. — Cisco plans to merge its Viptela SD-WAN management software into DNA Center over the next 18 months, providing customers with a single view of their LAN, WAN and campus networks.

During interviews this week at the Cisco Live conference, company executives said the integration would take place after Cisco builds a cloud-based version of DNA Center for campus networking. Companies would then have the option of accessing DNA Center as a service from Cisco or a managed service provider. DNA Center is a centralized software console for managing campus networks built on top of Cisco’s Catalyst 9000 switches.

“At that point, it may make logical sense to bring the two solutions together,” said Scott Harrell, general manager of Cisco’s enterprise networking business.

Waiting for a cloud-based version of DNA Center makes sense, because Viptela’s management application, vManage, is an online service. In a separate interview, Kiran Ghodgaonkar, senior marketing manager for Cisco’s enterprise products, said integrating vManage into DNA Center would occur over the next 12 to 18 months.

Merging the two products will tie the Viptela SD-WAN into other technologies wrapped into DNA Center, such as SD-Access, which lets engineers set access policies that follow employees wherever and however they want to enter the corporate network, Ghodgaonkar said. The SD-Access integration is essential, because Viptela routes traffic to and from business applications running on SaaS and IaaS platforms.

One view of LAN, WAN and campus networking

Overall, merging Viptela technology into DNA Center would simplify network management by treating the LAN, WAN and campus networking as a “single entity,” Ghodgaonkar said. Cisco wants to make SD-WAN management part of a single workflow within DNA Center.

Until then, development of Viptela’s SD-WAN and vManage products would continue “full-bore,” Harrell said. Slowing down the current pace of upgrades would risk falling behind rivals adding security, analytics, load balancing and other features to their software.

“Right now, we want to be able to iterate and make innovations as fast as possible,” Harrell said.

Enhancements planned for Viptela include making the 4000 Series Integrated Services Routers for the branch manageable through vManage, Harrell said. “That’ll be this summer.”

To make that happen, Viptela would run as a software image on ISR, Ghodgaonkar said. Cisco plans to release the image as a software upgrade for the router starting in July.

Cisco customers currently use ISR to run its legacy SD-WAN product, Intelligent WAN. IWAN’s complexity prevented it from becoming a successful product, so many analysts have predicted Cisco would slowly migrate customers to Viptela.

Since acquiring Viptela a year ago, Cisco has increased sales of the company’s SD-WAN product to more than 800 customers globally, according to Ghodgaonkar. He declined to say how many customers Viptela had when Cisco bought the company.

The global market for SD-WAN, which includes revenue from vendors and managed service providers, will grow by nearly 70% annually through 2021, when it could reach $8 billion, according to IDC.

Kubernetes hybrid cloud emerges from Google-Cisco partnership

A forthcoming Kubernetes hybrid cloud option that joins products from Cisco and Google promises smoother portability and security, but at this point its distinguishing features remain theoretical.

Cisco plans to release the Cisco Container Platform (CCP) in the first quarter of 2018, with support for Kubernetes container orchestration on its HyperFlex hyper-converged infrastructure product. Sometime later this year, a second version of the container platform will link up with Google Kubernetes Engine to deliver a Kubernetes hybrid cloud offering based on the Cisco-Google partnership made public in October 2017.

“Cisco can bring a consistent hybrid cloud experience to our customers,” said Thomas Scherer, chief architect at Telindus Telecom, an IT service provider in Belgium and longtime Cisco partner that plans to offer hosted container services based on CCP. Many enterprises already use Cisco’s products, which should boost CCP’s appeal, he said.

CCP 2.0 will extend the Cisco Application Centric Infrastructure software-defined network fabric into Google’s public cloud, and enable stretched Kubernetes clusters between on-premises data centers and public clouds, Cisco executives said. Stretched clusters would enable smooth container portability between multiple infrastructures, one of the most attractive promises of Kubernetes hybrid clouds for enterprise IT shops reluctant to move everything to the cloud. CCP also will support Microsoft Azure and Amazon Web Services public clouds, and eventually CCP will incorporate DevOps monitoring tools from AppDynamics, another Cisco property.

“Today, if I have a customer that is using containers, I put them on a dedicated hosting infrastructure, because I don’t have enough confidence that I can maintain customer segregation [in a container environment],” Scherer said. “I hope that Cisco will deliver in that domain.”

He also expects that the companies’ strengths in enterprise data center and public cloud infrastructure components will give the Kubernetes hybrid cloud a unified multi-cloud dashboard with container management.

“Is it going to be easy? No, and the components included in the product may change,” he said. “But my expectation is that it will happen.”

Google public cloud servers in Georgia
Version 2 of the Cisco Container Platform will connect enterprise data centers with Google’s public cloud infrastructure shown here.

Kubernetes hybrid cloud decisions require IT unity

Cisco customers have plenty of other Kubernetes hybrid cloud choices to consider, some of which are already available. Red Hat and AWS joined forces last year to integrate Red Hat’s Kubernetes-based OpenShift Container Platform with AWS services. Microsoft has its Azure public cloud and Azure Stack for on-premises environments, and late last year added Azure Container Service Engine to Azure Stack with support for Kubernetes container management templates.

What Cisco is trying to do, along with other firms, is to expand its appeal to infrastructure and operations teams with monitoring, security and analytics features not included in Kubernetes.
Stephen Elliotanalyst, IDC

However, many enterprises continue to kick the tires on container orchestration software and most do not run containers in production, which means the Cisco-Google partnership has a window to establish itself.

“Kubernetes support is table stakes at this point,” said Stephen Elliot, analyst at IDC. “Part of what Cisco is trying to do, along with other firms, is to expand its appeal to infrastructure and operations teams with monitoring, security and analytics features not included in Kubernetes.”

As Kubernetes hybrid cloud options proliferate, enterprise IT organizations must unite traditionally separate buyers in security, application development, IT management and IT operations to evaluate and select a product. Otherwise, each constituency will be swayed by its established vendor’s product and chaos could ensue, Elliot said.

“There are a lot of moving parts, and organizations are grappling with whom in their organization to turn to for leadership,” he said. “Different buyers can’t make decisions in a vacuum anymore, and there are a lot of politics involved.”

Beth Pariseau is senior news writer for TechTarget’s Cloud and DevOps Media Group. Write to her at bpariseau@techtarget.com or follow @PariseauTT on Twitter.

Cisco Assurance services verify intent-based networking

Cisco has introduced a policy-centric layer of network analytics for the data center, campus and the wireless LAN, providing customers with additional intelligence to pinpoint problems and fix them. The latest technology represents a significant advancement in Cisco’s march toward intent-based networking.

Cisco’s Assurance analytics, launched on Tuesday, focuses on the nonpacket data the company’s Tetration network monitoring and troubleshooting software doesn’t cover. Unlike Tetration, Assurance keeps tabs on policies created in Cisco software to control the network’s infrastructure, such as switches, firewalls and load balancers.

Cisco Assurance is the latest step in the company’s intent-based networking (IBN) initiative, which is centered around creating policies that tell software what an operator wants the network to do. The application then makes the infrastructure changes.

The engine behind Cisco Assurance services

Cisco’s latest layer of analytics for the data center is called the Network Assurance Engine, which Cisco has tied to its software-defined networking (SDN) architecture, called Application Centric Infrastructure (ACI). The new technology is virtualized software that network operators deploy on any server.

Once installed, the software logs into the ACI controller, called the Application Policy Infrastructure Controller (APIC), which shares network policies, switch configurations and the data-plane state with the Assurance Engine.

At that point, the software creates a map of the entire ACI fabric and then builds a mathematical model that spans underlays, overlays and virtualization layers. The model establishes the network state, which Assurance compares to what operators want the network to do based on policies they’ve created.

“If a network engineer used flawed logic in expressing intent, the Assurance Engine would find that flaw when the intent is translated to network state,” said Shamus McGillicuddy, an analyst for Enterprise Management Associates, based in Boulder, Colo.

Other vendors, such as Forward Networks and Veriflow, also build models of network state and then perform analytics to spot discrepancies with a network operator’s intent. Cisco’s differentiator is the integration with its APIC policy controller, which creates a closed-loop system for ensuring operator intent matches network state, McGillicuddy said.

Knowing where an engineer’s policies have “gone off the rails” is a big help in keeping networks running smoothly, said Andrew Froehlich, the president of consulting firm West Gate Networks, based in Loveland, Colo. “For network administrators, this is a huge win, because it will help them to pinpoint where problems are occurring when people start shouting the network is slow.”

Cisco has tied the analytics engine to a troubleshooting library of what the company has identified as the most common network failure scenarios. As a result, when an engineer makes a change to the network, the Assurance Engine can determine, based on its knowledge base, where the modification could create a problem.

Initially, the Assurance Engine will cover only the Nexus 9000 switches required for an ACI fabric. Later in the quarter, Cisco plans to extend the software’s capabilities to firewalls, load balancers and other network services from Cisco or partners.

Cisco Assurance services for the campus

For the campus, Cisco has added its new analytics engine to version 1.1 of the Digital Network Architecture (DNA) Center — Cisco’s software console for distributing policy-based configurations across wired and wireless campus networks. DNA Center, which costs $77,000, requires the use of Cisco Catalyst switches and Aironet access points. Companies using DNA Center have to buy a subscription license for each network device attached to the software.

The Assurance analytics in the latest release of DNA Center draws network telemetry data from the APIC-EM controller, the campus network version of the ACI controller used in the data center. The model created from the data lets operators monitor applications, switches, routers, access points and end-user devices manufactured by Cisco partners, such as Apple.

As the data center software, the Cisco Assurance services for the campus are focused on troubleshooting and remediation. Later in the quarter, Cisco will add similar features to the cloud-based management console of the Meraki wireless LAN. Problems the Meraki analytics will help solve will include dropped traffic, latency and access-point congestion.

Today, most operators manage networks by programming switches and scores of other devices manually, usually via a command-line interface. Proponents of IBN claim the new paradigm is more flexible and agile in accommodating the needs of modern business applications. In the future, Cisco, Juniper Networks and others want to use machine learning and artificial intelligence to have networks fix common problems without operator involvement.

Despite progress vendors have made in developing IBN systems, enterprises are just beginning to roll out the methodology in their operations. Gartner predicted the number of commercial deployments will be in the hundreds through mid-2018, increasing to more than 1,000 by the end of next year.

Cisco HyperFlex system upgrade targets hybrid cloud

Cisco has added to its hyper-converged infrastructure platform tools for running and managing hybrid applications split between public and private clouds. The latest technology in the Cisco HyperFlex system makes it a stronger competitor in the market, analysts said.

Cisco introduced this week the 3.0 software release for HyperFlex. The announcement came a day after Cisco said it would acquire Skyport Systems Inc., a maker of highly secure, cloud-managed, hyper-converged systems.

In general, HyperFlex combines software-defined storage and data services software with Cisco Unified Computing System. UCS integrates computing, networking and storage resources to provide efficiency and centralized management.

The latest release packs a lot more Cisco software into HyperFlex, which should improve interoperability and simplify support, said Dan Conde, an analyst at Enterprise Strategy Group Inc., based in Milford, Mass. “Cisco has taken many of the assets that used to be separate in their stable and made it available under a single [HyperFlex] umbrella.”

The new features should also make HyperFlex more competitive and useful as a hybrid cloud platform, analysts said. In the hyper-converged infrastructure (HCI) market, Cisco has lagged behind rivals Dell, Hewlett Packard Enterprise and Nutanix.

Software added to the Cisco HyperFlex system

HyperFlex customers now have the option of Cisco AppDynamics integration for monitoring performance of applications running on HyperFlex and across clouds. Other cloud-related management software available for the HCI system include Cisco Workload Optimization Manager (CWOM) and CloudCenter.

CWOM helps IT staff determine the resource needs of workloads. CloudCenter provides application-centric orchestration.

Other new features include support for Microsoft’s Hyper-V virtual machine (VM). HyperFlex supports the more popular VMware ESXi, but Hyper-V is often used to run Microsoft applications.

Release 3 of the Cisco HyperFlex system also contains support for Kubernetes-managed containers, making HyperFlex friendlier to developers building cloud-native applications.

Along with cloud apps, companies can run more enterprise applications on HyperFlex. Cisco released validated designs and guides for running Oracle, SAP, Microsoft and Splunk software.

The most prominent use case for HCI systems is running business applications on a general computing platform, according to Nemertes Research, based in Mokena, Ill. Roughly 30% of enterprises use HCI for general computing, followed by private cloud at 19%.

Increased scalability in the Cisco HyperFlex system

Cisco has increased the scalability of HyperFlex. Customers can raise VM density by joining HyperFlex systems into clusters, which can now contain up to 64 nodes. The previous maximum was eight.

Cisco has also added support for stretched clusters, which makes it possible to have nodes span multiple geographical locations.

Overall, analysts expect the new features to help Cisco add to the more than 2,500 companies using HyperFlex today.

“This announcement, combined with the market still being ripe for adoption, is a great combo going forward,” said Mike Leone, an analyst at Enterprise Strategy Group. “It will be interesting to see how the customer base grows now that they’re on a more level playing field with the competition.”

Plans for Skyport acquisition

The Skyport acquisition brings a tightly knit hardware and software product to Cisco’s portfolio. The system is primarily used to run business-critical data center applications.

“I think Cisco’s goal is to get the automated, security-wrapped provisioning software [in Skyport] and just fold it into their cloud and infrastructure management tools broadly,” said Nemertes analyst John Burke.

That may be so, but for now, Cisco has provided no details, saying in a statement it plans to use Skyport’s “intellectual property, seasoned software and network expertise to accelerate priority areas across multiple Cisco portfolios.”

The Skyport team will join Cisco’s networking group, led by general manager Jonathan Davidson, and the data center and computing systems product group, headed by general manager Liz Centoni. Cisco did not disclose financial terms.