Tag Archives: Cisco

Cisco security GM discusses plan for infosec domination

Cisco believes CISOs are overwhelmed by too many security products and vendors, and the company introduced a new platform, ominously code-named Thanos, to help enterprises.

But despite being named after the Marvel Comics megavillain, Cisco’s SecureX platform isn’t necessarily designed to wipe out half of all existing security products within enterprise environments. Instead, Cisco is taking a different approach by opening up the platform, which was unveiled last month, and integrating with third parties.

Gee Rittenhouse, senior vice president and general manager of Cisco’s Security Business Group (SBG), said the aim of SecureX is to tie not only Cisco products together, but other vendor offerings as well. “We’ve been working really hard on taking the security problem and reducing it to its simplest form,” he told SearchSecurity at RSA Conference 2020 last month.

That isn’t to say that all security products are effective; many “are supposed to have a bigger impact than they actually do,” Rittenhouse said. Nevertheless, the SBG strategy for SecureX is to establish partnerships with third parties and invite them to integrate with the platform, he said, rather than Cisco trying to be everything to everyone. In this interview, Rittenhouse discusses the evolution of SecureX, how Cisco’s security strategy has shifted over the last decade and the company’s plan to change the infosec industry.

Editor’s note: This interview was edited for clarity and length.

How did the idea for SecureX come about?

Gee Rittenhouse CiscoGee Rittenhouse

Gee Rittenhouse: We thought initially if we had a solution for every one of the major threats vectors — email, endpoint, firewalls, cloud, etc. — for one vendor, Cisco, then that would be enough. You buy Cisco networking and you buy Cisco security and that transactional model will simplify the industry. And we realized very quickly that didn’t do anything except put a name on a box. Then the second thing we thought was this: What happens if we take all these different things and integrate the back end together so that when I see a threat on email, I can block on my endpoint? We stitch all this together [via the SecureX framework] on behalf of the customer, and not only does the blocking happen automatically but you also get better protection and higher efficacy. We’d tell people we had an integrated architecture. And the customers would look at us and say ‘Really? I don’t feel that. You’ve got a portal over here, and a portal over there’ and so on. And we’d say, ‘Look, we’ve worked for three years integrating this together and we have the highest efficacy.’ And they’d say, ‘Well, everybody has their numbers …’

About a couple of years ago, we said we’ve simplified the buying model and simplified the back end. Let’s try to simplify the user experience. But you have to be very careful with that. The classic approach is to build a platform, and everyone jumps on the platform and if you only have Cisco stuff, life is great. But, of course, there are other platforms and other products. We wanted to be precise about how we do this, so we picked a particular use case around investigations. It’s an important use case. We built this very simple investigation tool [Cisco Threat Response] that you can think about as the Google search of security. Within five seconds, you can find out that you don’t have [a specific threat] in your environment, or yes, you do and here’s how to block it and respond. The tool had the fastest rate of adoption of any of our products in Cisco’s history. It’s massively successful. More than 8,000 customers use it every day as their investigation tool.

Were you expecting that kind of adoption for Cisco Threat Response?

Rittenhouse: No. We were not. There were two things we weren’t expecting. We weren’t expecting the response in terms in usage. We thought there’d be a few customers using it. The other thing that we didn’t expect was a whole use community came together to, for example, integrate vendor X into the tool and publish the connectors on GitHub. A whole user community has evolved around that platform and extended the capability of it. In both cases, we were quite surprised.

When we saw how that worked, saw the business model, and we understood how people consumed it, we attached it to everything and then said ‘Let’s take the next step’ with analytics and security postures. We asked what a day in the life for security professional was. They’re flooded with noise and threats and alerts. They have to be able to decipher all of that — can the platform do that automatically on their behalf? That’s what we’re doing with SecureX, and the feedback has been super positive

What kind of feedback did you get from customers prior to Cisco Threat Response and SecureX? Did they have an idea of what they wanted?

There is only a handful of true, successful platform businesses in the world; it’s very hard to attract that community and achieve that scale.
Gee RittenhouseSVP and GM, Cisco

Rittenhouse: There was a lot of feedback from customers who asked us to make the front end of our portfolio simpler. But what does that actually mean? It was very generic feedback. And in fact, we struggled with the ‘single pane of glass’ approach. What typically happens with that approach is you try to do everything through it, and all of the sudden that portal becomes the slowest part of the portfolio. This actually took a lot of time and a lot of conversations with customers on how they actually work. We engaged a lot of them with design thinking, and Cisco Threat Response was the first thing to come out of those discussions, and then SecureX.

And I want to make the distinction between a platform and a single pane of glass or a portal. And we very much think of SecureX as a platform. And when you think about a platform, it’s usually something that other people can build stuff on top of, so the value to the community is other people’s contributions to it, and you get a multiplier effect. There is only a handful of true, successful platform businesses in the world; it’s very hard to attract that community and achieve that scale.

Like other recent studies, Cisco’s [2020] CISO Benchmark Report showed that many CISOs feel they have too many security products and are actively trying to reduce the number of vendors they have. Other vendors have talked about this trend and are trying to capitalize on it by becoming a one-stop security shop and pushing out other products. But with SecureX, it sounds like you’re taking a different approach by welcoming third-party vendors to the platform and being more open.

Rittenhouse: We would encourage the industry as a whole to be more open. In fact, the industry is not very open at all. One of the benefits to being open is the ability to integrate. In today’s industry, for example, let’s say you’re a security vendor and your technology says a piece of malware is a threat level 5, and I say it’s a level 2. And you’re integrated into our platform, and you’re freaking out because it’s a level 5. I ask you, ‘Rob, why do you think this? What’s the context around this? Share more.’ And until you have that open interface and integration, I just sit there and say, ‘For some reason, this vendor over here claims it’s big, but we don’t see it'”

So yes, we’re open. And I would anticipate the user experience with Cisco security products integrated together will be very different than what you would get with third parties integrated until they start to share more. And this is one of the issues you see in the SIEM and SOAR markets; they become data repositories for investigations after you get attacked. What actually happened? Let’s go back into the records and figure it out. Because of the data fidelity and the real-time nature [of SecureX] this is something you interact with immediately. It can automatically trace threats and set up workflows and bring in other team members to collaborate because you have that integrated back end.

Cisco has said it’s the biggest security vendor in the world by revenue, but most businesses probably still associate the company with networking. Now that SecureX has been introduced, what’s the strategy moving forward?

Rittenhouse: We’ve spent a lot of time on the messaging. I think more and more people recognize we’re the biggest enterprise security company. In many ways, our mission is to democratize security like [Duo Security’s] Wendy Nather said, so we want to make it invisible. We don’t want to be sending the message that you have to get this other stuff to be secure. We want it to be built into everything we do.

There’s been a lot of mergers and acquisitions, especially by companies looking to increase their infosec presence. But Wendy talked during her keynote about simplifying security instead adding product upon product. But it doesn’t sound like you’re feeling the pressure to do that.

Rittenhouse: No. We are not a private equity firm. We buy things for a purpose. And when we buy something, we’ll be happy to tell you why.

Go to Original Article
Author:

Chang takes leave from Cisco collaboration unit amid reorganization

Amy Chang, a top Cisco executive who has led the company’s collaboration division for nearly two years, has taken a leave of absence for an unspecified period.

Chang’s time off comes amid a restructuring within Cisco. David Goeckeler, general manager of Cisco’s networking and security group, resigned to become CEO of Western Digital. The company took Goeckeler’s departure apparently as an opportunity to reorganize into five new product groups.

Under the reorganization, the head of Cisco’s collaboration business will no longer report to the CEO. Instead, that person will answer to the leader of the new security and applications group. Cisco said it planned to appoint an executive to oversee the new group in the future.

Sri Srinivasan, general manager of the Webex suite, will run the collaboration division until Chang returns, the company said in a statement. Srinivasan joined Cisco in early 2018 after spending more than 12 years at Microsoft.

“After an impressive 15 years of great achievements at an incredibly fast pace, Amy has decided to take a well-earned breath,” Cisco said. “She is going to recharge her batteries, while also prioritizing time with her 12-year-old son, and [CEO Chuck Robbins] and Cisco as a whole applaud her for this.”

The reorganization comes at a critical time for Cisco’s collaboration division, which generated something close to $5.8 billion in revenue last fiscal year. The vendor has an opportunity to capitalize on a surge in teleconferencing and remote work amid the coronavirus outbreak.

Chang’s leave of absence also follows a disappointing financial quarter for her unit — the first under her leadership. Revenue for the product category that includes collaboration was down 8% year over year in the three months ended Jan. 25.

Cisco is battling for enterprise customers with Microsoft, which has attracted more than 20 million daily active users to the Office 365 collaboration app Microsoft Teams. The vendor’s Webex business is also taking heat from video conferencing upstart Zoom.

Chang replaced Rowan Trollope as the leader of Cisco’s collaboration business in May 2018 after the vendor acquired her startup, Accompany. Chang previously held a seat on Cisco’s board of directors but resigned to become an employee.

Chang spearheaded significant changes to Cisco’s portfolio. She led an effort to align the features and interfaces of premise-based Jabber and cloud-based Webex Teams. Chang also sought to differentiate Cisco’s products based on a set of AI features marketed as “cognitive collaboration.”

“I am surprised by the changes,” said Dave Michels, principal analyst at TalkingPointz. “Cisco just hosted a highly successful and engaging analyst event last month. The Cisco collaboration leadership team seemed well-aligned, and Chang seemed enthused and engaged.”

Srinivasan is a good pick to lead the division in Chang’s absence, Michels said. Srinivasan spearheaded significant improvements to Webex during his tenure. He will now also oversee Cisco’s telephony and contact center businesses.

Srinivasan has been Chang’s “right-hand man,” said Irwin Lazar, analyst at Nemertes Research. His promotion suggests the company’s strategy will not change dramatically, at least for now.

“Should Amy not return, or be replaced by someone outside the organization, then I’d expect there to be change,” Lazar said.

Go to Original Article
Author:

A roundup of the Cisco certification changes in 2020

As network engineer skills become increasingly generalized, Cisco aims to match its certifications to the skills network engineers need in their daily lives.

Announced at Cisco Live 2019, the new Cisco certification changes rolled out on Feb. 24, 2020. Experts have touted the relevant material and the myriad topics Cisco’s certifications cover with these changes and potential benefits for network engineers. With more focus on automation and software skills and less on infrequently used coding languages, Cisco aims to spring its certification tracks forward into the new decade.

The Cisco Certified Network Associate (CCNA), Cisco Certified Network Professional (CCNP) and Cisco Certified Internetwork Expert (CCIE) certifications all expanded the breadth of topics covered, yet all shrunk in size. Cisco also introduced new DevNet certifications among the other Cisco certification changes.

How did existing Cisco certifications change?

Cisco’s standard certification tracks — CCNA, CCNP and CCIE — all added new material that aims to be more relevant to current job roles and help advance the careers of network engineers. In addition to new material, the certifications also include fewer track options than before.

Cisco Certified Network Associate. CCNA is an entry-level certification for network engineers early in their careers. Formerly, Cisco issued the Cisco Certified Entry Networking Technician (CCENT) certification, which was the step before CCNA. After CCENT, CCNA offered different certifications for various career tracks, including CCNA Routing and Switching and CCNA Collaboration.

Now, CCENT is gone, and the recent Cisco certification changes transformed the CCNA from 10 separate tracks into a single unified exam, apart from the CCNA CyberOps track. Cisco author Wendell Odom said most topics in the new CCNA exam come from the former CCNA Routing and Switching track, with about one-third of new material.

A CCNA certification isn’t a prerequisite for higher certifications, yet it provides fundamental networking skills that network engineers require for current job roles.

Cisco Certified Network Professional. CCNP is an intermediate-level certification and a step up from CCNA. Similar to the CCNA changes, Cisco consolidated the CCNP certification tracks, although less drastically than with CCNA. Cisco cut CCNP from eight to five tracks, which, like CCNA, reflect holistic industry changes to bring more relevant material to Cisco’s certifications.

According to Cisco, the new CCNP tracks — which are also the new CCIE tracks — are the following:

  1. Enterprise
  2. Security
  3. Service Provider
  4. Collaboration
  5. Data Center

While these are the five core exams a network engineer can take, they must also take a concentration exam within the core topic to attain a CCNP certification. If a person solely takes the core exam and passes, she receives a Cisco Certified Specialist certification in that topic area.

Network engineers can take several core or concentration exams and receive a Cisco Certified Specialist certification upon passing, which can prove to employers the engineer has those specific skills.

Authors Brad Edgeworth and Jason Gooley said these changes didn’t remove much material, but they added more width to the knowledge and skills network engineers should have in their careers.

Cisco Certified Internetwork Expert. CCIE is an expert-level certification and a step up from CCNP. The CCIE and CCNP tracks fall under the same umbrellas and shrunk to the aforementioned five tracks. To become CCIE-certified, network engineers must take and pass one core exam — Enterprise, Security, etc. — and that topic’s corresponding lab.

Formerly, CCIE exams focused more on highly advanced skills and less on critical knowledge in areas such as network design skills. After the Cisco certification changes, the CCIE exams now include more practical knowledge for advanced network engineers.

network engineer skills
The recent Cisco certification changes aim to sharpen relevant network engineer skills, including management and automation capabilities.

What are the new Cisco certifications?

In Cisco’s new DevNet track, the company added three certifications that reflect the certification pyramid for standard Cisco certifications. The DevNet certifications are the following:

  1. Cisco Certified DevNet Associate
  2. Cisco Certified DevNet Specialist
  3. Cisco Certified DevNet Professional

The DevNet tracks encompass network automation, software and programmability skills that Cisco certifications previously lacked and that the industry has deemed increasingly important.

While DevNet lacks a CCIE-equivalent track, the requirements for a DevNet certification reflect those of its equivalent in Cisco’s standard certifications. For example, a person must pass one core and one concentration exam to receive a Cisco Certified DevNet Professional certification.

The DevNet track’s goal is to give network engineers a certification path for skills the industry says they need and help them adapt to newer, advanced technologies — such as network automation — that employers increasingly seek out. And, as the industry continues to change, so will Cisco’s certifications.

Go to Original Article
Author:

Try 10 practice questions for the CCNP, CCIE ENCOR 350-401

In Cisco’s sweeping certification changes, the company eliminated prerequisite exams for the Cisco Certified Network Professional tracks, which means network engineers have a higher bar to meet when they take CCNP exams.

However, this higher bar doesn’t mean engineers must solely know advanced topics and technologies, such as software-defined WAN, automation and programmability — although those are on the exams. Instead, CCNP hopefuls on the Enterprise track — for ENCOR 350-401, in particular — should expect to know a solid amount of past CCNP material, such as IP routing essentials, in addition to new technologies. The same goes for Cisco Certified Internetwork Expert (CCIE) hopefuls, as well.

CCNP and CCIE hopefuls alike can explore old and new material in CCNP and CCIE ENCOR 350-401 Official Cert Guide, available now, by authors Ramiro Garza Rios, David Hucaby, Brad Edgeworth and Jason Gooley. This guidebook delves into topics that span from forwarding to wireless to software-defined networking best practices.

Below is the “Do I Know This Already?” quiz from Chapter 6, “IP Routing Essentials.” These 10 questions explore common routing protocols network engineers will likely recognize from their daily jobs and others that are also relevant to their positions. Edgeworth said the chapter covers fundamentals and helps readers understand how routers function and think.

The quiz offers readers a vendor-agnostic studying method, as routing protocols aren’t specific to Cisco or any other vendor. These universal fundamentals can help readers in their careers wherever they go and with whichever vendor products they may use.

These questions for the CCNP and CCIE ENCOR 350-401 help readers review enterprise networking essentials they need to know and test their expertise on key protocol differences and common routing concepts. The quiz covers a general overview of the protocols and dives deep into path selection, static routing, and virtual routing and forwarding.

Go to Original Article
Author:

How Cisco certification changes alter CCNP and CCIE tracks

For the Cisco Certified Network Professional and Cisco Certified Internetwork Expert — CCNP and CCIE, respectively — the Cisco certification changes mean less time flaunting advanced networking tricks and more time learning material relevant to the current job market.

Cisco announced these certification changes at Cisco Live 2019, where the significant cuts to the Cisco Certified Network Associate (CCNA) track garnered much attention. However, the Cisco certification changes also affected the CCNP and CCIE tracks, such as shrinking the former eight-track CCNP options to five tracks. Authors Brad Edgeworth and Jason Gooley said they believe these changes will greatly benefit CCNP and CCIE hopefuls, as the changes reflect shifts in the networking industry and network engineer job roles.

The effects of the Cisco certification changes are reflected in the new book from authors Ramiro Garza Rios, David Hucaby, Edgeworth and Gooley — CCNP and CCIE ENCOR 350-401 Official Cert Guide which is available now. The book explores the new CCNP and CCIE Enterprise tracks that include relevant information for enterprise network engineers.

Editor’s note: The following interview was edited for length and clarity.

How have the Cisco certification changes affected CCNP and CCIE? What remains the same?

Brad EdgeworthBrad Edgeworth

Brad Edgeworth: [Cisco] is adding more width to the knowledge required. It’s adding more programmability and automation, because that’s becoming more integrated into teams. Also, it’s trying to take advantage of more virtualized platforms.

Jason Gooley: The certifications are becoming more streamlined. They’re modular, so you can pick the technology core, then focus on a specialty and become certified in that direction. In addition, newer technologies such as software-defined access [SD-Access] or software-defined WAN [SD-WAN] are part of these exams.

Not a lot was removed. The level of knowledge you had to know before has grown, because we include what was there before and add a bunch of new technologies.

Edgeworth: Cisco is going back to what is relevant to jobs. Some technologies that are not as common, like frame relay, were removed. The core fundamentals of networking still reside within the certification exams, and Cisco built on top of them.

Jason GooleyJason Gooley

Gooley: You have to know what was asked [in the exams] before in addition to these new technologies. That fits with what customers see in work environments now. You’re certified in what you see in the industry versus an exam with some technology you might not use. It’s structured around current job roles.

When I took the CCNP, there were four exams. Now, you can take two — technology core and concentration — and become CCNP certified. The structure completely changed, which I think is for the better. As far as technology, things like SD-WAN, SD-Access and programmability become more robust because that’s what customers and the industry are leading to.

Edgeworth: The CCNP Routing and Switching exam before was great but never took wireless into account, which is what most enterprise customers use. Now, that’s integrated into it.

With CCIE, it used to be: What router ninja tricks can you do? CCIEs would maybe not have fundamentals for network design, so network design was integrated as a component of the CCIE practical exam. Design concepts have become a core specialization with CCNP, as well.

Where do you see Cisco certifications and the industry heading in the next 20 years?

Edgeworth: In the industry, there will be more automation and businesses becoming more digital. Another big thing is security. How do you integrate security throughout the service? The industry lagged with that. There’s going to be more automation and security integration for dotting i’s and crossing t’s to make sure data is correct and maintains its privacy.

Gooley: As job roles change and customers adopt different technologies, the certifications will follow. As the certifications evolve over time, they’ll follow what’s in the industry and what customers go through. That’s why we didn’t remove a lot from the certifications, because it’s still out there.

For Cisco to redo the entire certification program, as well as introduce a new line that focuses specifically on automation, software and programmability skills — that’s in response to the industry, and that’s critical. When you evolve your skill set and move toward newer technologies and automation, you still need to know how it works before you automate it. You can automate failure as fast as you automate success.

Edgeworth: You have to have fundamentals because of what you automate. Learn the trade, not tips of the trade, because tips of the trade come from learning the trade.

Going after a certification is nice. Obtaining the certification is nicer. But failure is part of the process. Learning on the journey is critical. I wouldn’t be where I am today if I hadn’t failed. [The first time] I tried for CCIE, I failed. But the knowledge I gained during the process allowed me to enter other opportunities to grow my career. While succeeding is nice, it’s about the knowledge you gain on the way.

Gooley: I went for the CCDE [Cisco Certified Design Expert] three times, and I still haven’t passed. You learn the technology and best practices in going for it. Even if you don’t pass, you’ve still enhanced your skill set, and it’s valuable. Everybody eventually has to get up and dust themselves off.

What’s nice about social media and the community is when you fail, you’re held accountable when you say it. Then other people come out of the woodwork saying you’re not alone. That helps everybody learn together. Embrace the journey. The journey is where you learn everything and have the fun.

Go to Original Article
Author:

Prepare for CCNP, CCIE ENCOR 350-401 with this guide preview

Although the Cisco Certified Network Professional track no longer has prerequisite exams, most CCNP exams still require an understanding of the networking topics found in the reworked Cisco Certified Network Associate, or CCNA, exam.

For the CCNP and Cisco Certified Internetwork Expert (CCIE) ENCOR 350-401 exam, a significant portion of the material includes information from the new CCNA exam. Authors Ramiro Garza Rios, David Hucaby, Brad Edgeworth and Jason Gooley cover both the old and new material in their guidebook CCNP and CCIE ENCOR 350-401 Official Cert Guide, which is available now.

The ENCOR 350-401 exam — which stands for Enterprise Core — particularly emphasizes Cisco’s move from uncommon, advanced capabilities to the networking requirements for current job roles.

Below is an excerpt from the guide: Chapter 6, “IP Routing Essentials.” This chapter covers fundamental routing protocols — many of which have remained from when the authors themselves began to study for Cisco certification exams.

When Edgeworth first studied for the Cisco certification exams, he said understanding how routers think and operate was the most challenging part. As an author, he has tried to write chapters in a way that provides in-depth perspective, yet also shows how technologies and protocols work within configurations. Edgeworth suggested CCNP and CCIE ENCOR 350-401 hopefuls participate in labs to put the concepts they learn from books into practice.

Gooley, on the other hand, found unstructured, solo studying the most challenging, saying he felt alone when he first started studying for his Cisco certifications. He suggested that hopefuls should lean on the community, whether that’s in person or through social media. People can hold each other accountable for studying and readers can reach out to the authors themselves if they have questions.

In addition to potentially challenging new topics in the CCNP and CCIE ENCOR 350-401 exam — such as programmability and software-defined WAN — Edgeworth and Gooley said they are pleased with how relevant the ENCOR 350-401 exam is to current job roles. CCNP and CCIE hopefuls can expect to learn and solidify skills they use daily at their jobs, including the IP routing fundamentals.

Edgeworth said this chapter covers many routing essentials, such as Open Shortest Path First (OSPF) and Border Gateway Protocol (BGP) — topics the new CCNA exam also includes. The chapter delves into fundamental knowledge network engineers need for jobs and explores routing essentials in a vendor-agnostic way, as OSPF is OSPF and BGP is BGP regardless of which vendor platform an engineer uses, according to Edgeworth.

Go to Original Article
Author:

Traditional, emerging topics unite in the new CCNA exam

While Cisco’s updated Cisco Certified Network Associate — or CCNA — certification track shrunk to a single path and single exam, CCNA hopefuls must know a broad range of both networking basics and emerging networking technologies in order to pass the exam.

Cisco announced sweeping changes to its certification tracks in June 2019, and the new CCNA exam derives from one of the largest changes in Cisco history, according to Cisco author Wendell Odom. Odom, author of every CCNA Official Cert Guide, wrote two new volumes of his guides for the CCNA 200-301 exam. The singular path of the new CCNA exam is smaller overall compared to past exam versions, yet the extensive amount of material — both old and new — necessitated two volumes.

Both Volumes 1 and 2 cover various traditional networking topics, such as virtual LANs (VLANs) and basic IP services, as well as newer networking technologies, such as network automation. Odom said the new CCNA exam includes a lot for engineers to learn but also contains relevant and useful material for the current job market.

Editor’s note: The following interview was edited for length and clarity.

Can you compare details of the former and the new CCNA exams?

Wendell OdomWendell Odom

Wendell Odom: If you took the old CCNA Routing and Switching exam blueprint, about half those topics are in the new CCNA exam. The literal words are there. It’s not just the same topic — it’s copied-and-pasted topics from the old to the new.

Then, the new exam has topics that weren’t in any of the old. It has a few you might say came from CCNA Collaboration or CCNA Data Center. For the most part, the new topics [show] the world is changing and IT changes quickly. These are new things Cisco finds important for routing and switching, like automation and cloud. Now, it introduces intent-based networking to CCNA for the first time.

If you view the old as 100 points in volume, the new is about 75% of that — 75 points. Fifty points are old exam topics that stuck around: VLANs, VLAN trunks, IPv4 and IPv6 routing, Layer 3 filters, sub-Layer 2 filtering with port security, security protocols, basic IP services, like SNMP [Simple Network Management Protocol] and NTP [Network Time Protocol].

CCNA Guide book coverClick to learn more about
this book.

Now, there’s more OSPF [Open Shortest Path First] — particularly, OSPF network types. On an Ethernet interface, you’ve got two or more routers that run OSPF connected to the same Ethernet. They elect a designated router, which causes OSPF to model the connected subnet differently. It changes OSPF operation on that LAN.

That’s typical on a LAN, but if you use Ethernet in WANs — particularly point-to-point WAN links — you don’t want LAN-like OSPF behavior electing a designated router. To change that, in Cisco routers, you change the OSPF network type to point-to-point instead of the default broadcast type, which is what causes it to act like a LAN.

The new Volume 1 has four chapters on wireless LANs. It’s basic: What’s an access point [AP]? What are the different wireless standards? How would you configure an AP to be a stand-alone AP? How would you do it with a wireless LAN controller? To a networker, it’s not very deep, but it’s your first step, and there’s a lot in CCNA that are first steps in learning technologies.

Now, there’s DHCP [Dynamic Host Configuration Protocol] snooping and dynamic ARP [Address Resolution Protocol] inspection. And the new CCNA exam mentions TFTP [Trivial File Transfer Protocol] and FTP specifically.

People will enjoy the topics they learn, both for learning and for how it matches real jobs today. Cisco did this particular exam right.
Wendell OdomAuthor

The old had basics of what I call ‘controller-based networking;’ there’s more now. It talks about underlays and overlays, which now gets you ready for software-defined access. The old and new CCNA exams have a lot about the old way to do LANs — how you build switch networks, Spanning Tree Protocol, etc.

Now, there’s REST, JSON [JavaScript Object Notation], specifically mentioned comparisons of Ansible, Puppet and Chef, as far as how they work under the covers. It doesn’t get into how to manipulate the tools, but more of which uses a push model, which uses a pull model, etc.

If you studied now for everything except newer technologies, which is 10% of the exam blueprint, it’d seem like traditional networking technology. Then, you get into newer, evolving technologies. Now, we’re pushing the baby birds out of the nest because … you’re going to get a lot of this in the CCNP Enterprise Core, etc. I’m glad some of it is in CCNA.

What questions have you gotten about the new CCNA exam?

Odom: Oddly enough, there’s not much worry about new topics. ‘Do I need to know Python?’ That’s probably most common because exam topics don’t mention Python. You think automation, and you think your first step is a programming language. You can actually learn everything in CCNA for automation without knowing Python.

People quickly zero in on technical questions: Layer 2, Layer 3 interactions. People get confused about encapsulation. OSPF concepts are more common — typically, LSAs [link-state advertisement], what those mean and whether that’s important. ‘Do I need to understand what a Type 1, Type 2 and Type 3 LSA is?’ I don’t know how important that is for the exam depending on the version. But if you’re going to use OSPF, you need to know what it is for real life.

I’m happy with how [the new CCNA exam] balances newer automation features and technologies — not overwhelming newbies with too much new and giving the foundation they need to get a real job. I think Cisco hit the right balance. People will enjoy the topics they learn, both for learning and for how it matches real jobs today. Cisco did this particular exam right.

Go to Original Article
Author:

Cisco Webex Edge for Devices links on-prem endpoints to cloud

Businesses using on-premises video gear from Cisco can now get access to cloud services, while keeping their video infrastructure in place.

A new service, called Cisco Webex Edge for Devices, lets businesses connect on-premises video devices to cloud services like Webex Control Hub and the Webex Assistant. Customers get access to some cloud features but continue to host video traffic on their networks.

Many businesses aren’t ready to move their communications to the cloud. Vendors have responded by developing ways to mix on-premises and cloud technologies. Cisco Webex Edge for Devices is the latest offering of that kind.

“It gives users that cloudlike experience without the businesses having to fully migrate everything to the cloud,” said Zeus Kerravala, principal analyst at ZK Research.

Cisco wants to get as many businesses as possible to go all-in on the cloud. Webex Edge for Devices, introduced this month, tees up customers to make that switch. Companies will have the option of migrating their media services to the cloud after connecting devices to the service.

Webex Edge for Devices is available for no additional charge to businesses with an enterprise-wide Collaboration Flex Plan, a monthly per-user subscription. Alternatively, companies can purchase cloud licenses for the devices they want to register with the service for roughly $30 per device, per month. The service won’t work with gear that’s so old Cisco no longer supports it.

Video hardware linked to the cloud through the service will show up in the Webex Control Hub, a console for managing cloud devices. For on-premises devices, the control hub will provide diagnostic reports, usage data, and insight into whether the systems are online or offline.

Many businesses are already using a mix of on-premises and cloud video endpoints. Webex Edge for Devices will let those customers manage those devices from a single console. In the future, Cisco plans to add support for on-premises phones.

Businesses will also be able to sync on-premises video devices with cloud-based calendars from Microsoft and Google. That configuration will let the devices display a one-click join button for meetings scheduled on those calendars.

Another cloud feature unlocked by Webex Edge for Devices is the Webex Assistant. The service is an AI voice system that lets users join meetings, place calls and query devices with their voice.

In the future, Cisco plans to bring more cloud features to on-premises devices. Future services include People Insights, a tool that provides background information on meeting participants with information gleaned from the public internet.

Cisco first released a suite of services branded as Webex Edge in September 2018. The suite included Webex Edge Audio, Webex Edge Connect and Webex Video Mesh. The applications provide ways to use on-premises and cloud technologies in combination to improve the quality of audio and video calls.

Cisco’s release of Webex Edge for Devices underscores its strategy of supporting on-premises customers without forcing them to the cloud, said Irwin Lazar, analyst at Nemertes Research.

Go to Original Article
Author:

Cisco 2020: Challenges, prospects shape the new year

Cisco finished 2019 with a blitz of announcements that recast the company’s service provider business. Instead of providing just integrated hardware and software, Cisco became a supplier of components for open gear.

Cisco enters the new decade with rearchitected silicon tailored for white box routers favored by cloud providers and other organizations with hyperscale data centers. To add punch to its new Silicon One chipset, Cisco plans to offer high-speed integrated optics from Acacia Communications. Cisco expects to complete its $2.6 billion acquisition of Acacia in 2020.

Cisco is aiming its silicon-optics combo at Broadcom. The chipmaker has been the only significant silicon supplier for white box routers and switches built on specifications from the Open Compute Project. The specialty hardware has become the standard within the mega-scale data centers of cloud providers like AWS, Google and Microsoft; and internet companies like Facebook.

I think the Silicon One announcement was a watershed moment.
Chris AntlitzPrincipal analyst, Technology Business Research Inc.

“I think the Silicon One announcement was a watershed moment,” said Chris Antlitz, principal analyst at Technology Business Research Inc. (TBR).

Cisco designed Silicon One so white box manufacturers could program the hardware platform for any router type. Gear makers like Accton Technology Corporation, Edgecore Networks and Foxconn Technology Group will be able to use the chip in core, aggregation and access routers. Eventually, they could also use it in switches.

Cisco 2020: Silicon One in the 5G market

Cisco is attacking the cloud provider market by addressing its hunger for higher bandwidth and lower latency. At the same time, the vendor will offer its new technology to communication service providers. Their desire for speed and higher performance will grow over the next couple of years as they rearchitect their data centers to deliver 5G wireless services to businesses.

For the 5G market, Cisco could combine Silicon One with low-latency network interface cards from Exablaze, which Cisco plans to acquire by the end of April 2020. The combination could produce exceptionally fast switches and routers to compete with other telco suppliers, including Ericsson, Juniper Networks, Nokia and Huawei. Startups are also targeting the market with innovative routing architectures.

“Such a move could give Cisco an edge,” said Tom Nolle, president of networking consultancy CIMI Corp., in a recent blog. “If you combine a low-latency network card with the low-latency Silicon One chip, you might have a whole new class of network device.”

Cisco 2020: Trouble with the enterprise

Cisco will launch its repositioned service provider business, while contending with the broader problem of declining revenues. Cisco could have difficulty reversing that trend, while also addressing customer unhappiness with the high price of its next-generation networking architecture for enterprise data centers. 

“I do think 2020 is likely to be an especially challenging year for Cisco,” said John Burke, an analyst at Nemertes Research. “The cost of getting new goodies is far too high.”

Burke said he had spoken to several people in the last few months who had dropped Cisco gear from their networks to avoid the expense. At the same time, companies have reported using open source network automation tools in place of Cisco software to lower costs.

Cisco software deemed especially expensive include its Application Centric Infrastructure (ACI) and DNA Center, Burke said. ACI and DNA Center are at the heart of Cisco’s modernized approach to the data center and campus network, respectively.

Both offer significant improvements over Cisco’s older network architectures. But they require businesses to purchase new Cisco hardware and retrain IT staff.

John Mulhall, an independent contractor with 20 years of networking experience, said any new generation of Cisco technology requires extra cost analyses to justify the price.

“As time goes on, a lot of IT shops are going to be a little bit reluctant to just go the standard Cisco route,” he said. “There’s too much competition out there.”

Cisco SD-WAN gets dinged

Besides getting criticized for high prices, Cisco also took a hit in 2019 for the checkered performance of its Viptela software-defined WAN, a centerpiece for connecting campus employees to SaaS and cloud-based applications. In November, Gartner reported that Viptela running on Cisco’s IOS-XE platform had “stability and scaling issues.”

Also, customers who had bought Cisco’s ISR routers during the last few years reported the hardware didn’t have enough throughput to support Viptela, Gartner said.

The problems convinced the analyst firm to drop Cisco from the “leaders” ranking of Gartner’s latest Magic Quadrant for WAN Edge Infrastructure.

Gartner and some industry analysts also knocked Cisco for selling two SD-WAN products — Viptela and Meraki — with separate sales teams and distinct management and hardware platforms.

The approach has made it difficult for customers and resellers to choose the product that best suits their needs, analysts said. Other vendors use a single SD-WAN to address all uses.

“Cisco’s SD-WAN is truly a mixed bag,” said Roy Chua, principal analyst at AvidThink. “In the end, the strategy will need to be clearer.”

Antlitz of TBR was more sanguine about Cisco’s SD-WAN prospects. “We see no reason to believe that Cisco will lose its status as a top-tier SD-WAN provider.”

Go to Original Article
Author:

Cisco cries foul over security flaw in Zoom Connector

Cisco slammed rival Zoom for a security lapse that left the management portals of many video devices exposed to the public internet. It’s an unusually public spat between two of the industry’s leading video conferencing providers.

The dispute revolves around Zoom Connector, a gateway that connects standards-based video devices to the Zoom cloud. In addition to providing a management portal for the hardware, the service makes it possible to join Zoom meetings with one click.

The Zoom Connector previously allowed anyone with the correct URL to access the admin portal for Cisco, Poly and Lifesize devices from the public internet without login credentials, according to Cisco. That would have let a hacker commandeer a company’s video systems, potentially allowing them to eavesdrop on conference rooms.

Zoom released a patch last week that password-protected access to the control hub via those URLs. But in a blog post this week, Cisco said the quick fix did not go far enough, alerting customers that Zoom’s connector service did not meet Cisco’s security standards.

To create the connector, Zoom built a link between the Zoom cloud and a Cisco web server running within a corporate network, said Sri Srinivasan, general manager of Cisco’s team collaboration group. The configuration provides a point of access to the endpoints that lies outside the network firewall. 

“You don’t want to have firewall settings open for a management interface of this sort, even [when] password-protected,” Srinivasan said.

Similarly, in a statement Tuesday, Lifesize said it considered Zoom Connector an unauthorized integration “built in an inherently insecure way.” However, the company concluded that the security flaw spotlighted by Cisco did not put customers in immediate risk.

In a statement Tuesday, Zoom said it considered the issue fully resolved. While insisting customers were safe, Zoom said it did advise companies to check device logs for unusual activity or unauthorized access.

Zoom added that it was not aware of any instances of hackers exploiting the vulnerability. The URLs necessary to access a device’s management portal are long and complicated, similar to a link to a Google Doc or an unlisted YouTube video. Most likely, a hacker would have needed to first gain access to an admin’s browser history to exploit the flaw.

Zoom has come under fire before for security shortfalls. Experts criticized the vendor in July for quietly installing a web server on Mac computers. The software left users vulnerable to being forcibly joined to a meeting with their video cameras turned on.

Cisco has raised issues with Zoom about the connector in the past, but only became aware of the URL vulnerability on Oct. 31, Srinivasan said. A customer who wished to remain anonymous reported the problem to Cisco and Zoom around the same time, he said. Zoom patched the issue on Nov. 19, one day after Cisco said it contacted the company about the problem. 

Adding fuel to the fire, Zoom has been using the Cisco logo on its connector’s admin portal. Cisco said this likely led customers to believe they were accessing a website supported by Cisco.

“This has been going on for a long, long time,” Srinivasan said. “Now, we know better to make sure we check everything Zoom does.”

But it seems unlikely Zoom will heed Cisco’s directive to obtain certification of the service. The vendor has a financial stake in the matter, as it charges customers $499 per year, per port for Zoom Connector.

Zoom has emerged in recent years as perhaps Cisco’s biggest competitor in the video conferencing market. Eric Yuan resigned as Cisco’s vice president of engineering to start Zoom in 2011. Yuan was one of the chief architects of the Webex video conferencing software that Cisco acquired in 2007.

In the coming months, Cisco is planning to release a SIP-based integration for Zoom and other leading video conferencing providers. The technology would let users join third-party meetings with one click from a Cisco device.

Cisco already supports SIP-based interoperability. But taking advantage of it requires businesses to build an integration themselves or pay for a third-party service. Srinivasan said the forthcoming SIP integration would eliminate the need for a service like Zoom Connector.

Go to Original Article
Author: