For more discussions and topics around Service Providers, please visit our SP Community: http://cisco.com/go/serviceprovidercommunity
Download the full PDF report here: https://communities.cisco.com/docs/DOC-37834
The Cisco IWAN Application simplifies WAN deployments by providing highly intuitive, policy-based automation. It enables you to realize the benefits of SD-WAN: lower costs, simplified IT, increased security, and optimized application performance.
View the Webcast: http://cs.co/9007BKlEc
GTRI and Cisco discuss how using the internet to run branch network traffic provides a better user experience and reduces costs. You’ll learn the basics of Software-Defined WAN (SD-WAN) and the benefits, including:
- Reduced costs
- Reliability and security
- Flexibility to choose service providers
- Optimized traffic flows
Presented by Mani Ganesan of Cisco and Michael Edwards of GTRI (http://www.gtri.com) in a webinar on August 10, 2016. Webinar recording at https://youtu.be/08_QpBT07pU.
SP Virtual Managed Services (VMS) for Intelligent WAN (IWAN)Cisco Canada
Many organizations anticipate significant growth in WAN bandwidth and Public Cloud usage. Leveraging the Internet to provide extra WAN bandwidth and to offload Public Cloud traffic is compelling, however network reliability, application performance and security are the primary roadblocks. Cisco IWAN transport solution is the most full featured architecture to support the Software Defined Wide Area Network (SD-WAN) requirements that are emerging in standards bodies like the Open Networking User Group (ONUG) to address these issues. Many enterprises are looking for the benefits these technologies deliver, but without the costs associated with owning and operating those technologies. Here is where VMS for IWAN meets market need. Cisco VMS is a full featured management platform for both virtual and physical devices. This session will cover a full description of the VMS platform and how it can be used to deliver exceptional customer experience when supporting a managed offering of IWAN. The roles of Customer and Resource Facing Services will be covered, along with integration between the IWAN service and SP operations. This session will also cover the topic of how Virtual Network Functions (VNFs) can be placed optimally in the network from the CPE to SP datacenter, along with a demo of the end user and operator experience.
For more discussions and topics around Service Providers, please visit our SP Community: http://cisco.com/go/serviceprovidercommunity
Download the full PDF report here: https://communities.cisco.com/docs/DOC-37834
The Cisco IWAN Application simplifies WAN deployments by providing highly intuitive, policy-based automation. It enables you to realize the benefits of SD-WAN: lower costs, simplified IT, increased security, and optimized application performance.
View the Webcast: http://cs.co/9007BKlEc
GTRI and Cisco discuss how using the internet to run branch network traffic provides a better user experience and reduces costs. You’ll learn the basics of Software-Defined WAN (SD-WAN) and the benefits, including:
- Reduced costs
- Reliability and security
- Flexibility to choose service providers
- Optimized traffic flows
Presented by Mani Ganesan of Cisco and Michael Edwards of GTRI (http://www.gtri.com) in a webinar on August 10, 2016. Webinar recording at https://youtu.be/08_QpBT07pU.
SP Virtual Managed Services (VMS) for Intelligent WAN (IWAN)Cisco Canada
Many organizations anticipate significant growth in WAN bandwidth and Public Cloud usage. Leveraging the Internet to provide extra WAN bandwidth and to offload Public Cloud traffic is compelling, however network reliability, application performance and security are the primary roadblocks. Cisco IWAN transport solution is the most full featured architecture to support the Software Defined Wide Area Network (SD-WAN) requirements that are emerging in standards bodies like the Open Networking User Group (ONUG) to address these issues. Many enterprises are looking for the benefits these technologies deliver, but without the costs associated with owning and operating those technologies. Here is where VMS for IWAN meets market need. Cisco VMS is a full featured management platform for both virtual and physical devices. This session will cover a full description of the VMS platform and how it can be used to deliver exceptional customer experience when supporting a managed offering of IWAN. The roles of Customer and Resource Facing Services will be covered, along with integration between the IWAN service and SP operations. This session will also cover the topic of how Virtual Network Functions (VNFs) can be placed optimally in the network from the CPE to SP datacenter, along with a demo of the end user and operator experience.
Deploying new WAN services can take a long time and require a significant up-front capital investment. The software-defined nature of SD-WAN enables service agility, rapid rollout, and instant-on WAN that the Service Provider can immediately benefit from. This accelerates the time to market and time to revenue.
Learn how you can use the CoSN SEND II Decision Tree for Education Technology to make sure that your K–12 technology initiatives create a more engaging learning experience that empowers students, teachers, and administrators alike.
View the Webcast: http://cs.co/9004B80G0
Learn how you can streamline your migration to Cisco Intelligent WAN (IWAN) with lab-tested deployment best practices from Verizon Managed Services. Profit from the real-world expertise and valuable insights of this leading WAN solutions provider.
Miss the webcast? Register to view replay here: http://cs.co/9008BPw6A
Tech Talk by Tim Van Herck: SDN & NFV for WANnvirters
Extending SDN & NFV to WAN
This session will walk through the evolution in branch networking and how SDN & NFV principles can be applied to the enterprise WAN to achieve increased reliability and flexibility. It will also cover how to lower the associated operational expense of running a classic enterprise WAN and what industry trends are pressuring changes on the design of such networks.When applying SDN & NFV principles to the WAN, there will be a natural reduction in complexity of managing services and guaranteeing uptime of network connectivity.
About Tim Van Herck
Tim is the Director of Technology and founding member at VeloCloud Networks.He is responsible for building out a global network of Points of Presence to deliver virtual last mile service to enterprise branches. Prior to joining VeloCloud, Tim was a founding member of Aryaka Networks, which offers WAN Optimization as a service. Tim has been passionately following the leading edge of network virtualization and security solutions for the past 15 years. He holds a master's degree in Industrial Engineering from the University of Antwerp, and is based in VeloCloud's headquarters in Los Altos, CA
More info @ http://meetup.com/openvswitch
Follow us on twitter @nvirters
Security continues to be top of mind as enterprises and service providers work to implement Software-Defined WAN (SD-WAN). Security is a critical requirement for enterprises as they rely more on the Internet for wide area networking, leverage the cloud for applications and services, and adopt new SD-WAN and NFV technologies for increased agility.
SD-WAN architectures are different and Cloud-Delivered SD-WAN offers a unique multi-pronged approach to accommodate the needs of all sizes of enterprises including the largest, as well as the service providers that serve them. Join this webinar to learn about new approaches with SD-WAN that both strengthen and simplify your security posture.
Modern business runs in the cloud, however traditional WAN routers weren't made for that. Silver Peak Unity EdgeConnect is primed for the cloud. In fact it is the industry leading SD-WAN solution that is freeing businesses from their dependency on routers
Build the SD-WAN business case for your whole company and identify the hidden benefits for everyone involved. Persona content and technical diagrams presented.
China Telecom Americas: SD-WAN OverviewVlad Sinayuk
China Telecom Americas has the only fully licensed SD-WAN service to connect between mainland China, North America, Europe, Asia Pacific, and elsewhere in the world.
Enterprises continue to implement or evaluate shifting services which were typically hosted in the branch into the cloud. The reasons include creating a leaner branch, taking advantage of increases in broadband Internet bandwidth and reduced complexity and cost.
This presentation takes a deep dive into the Cloud-Delivered SD-WAN architecture for service chaining. You’ll understanding the architectural differentiation and benefits of this approach and why it offers a superior model for delivering secure, reliable, and high performance service chaining.
FatPipe®, the inventor and multiple patents holder of software-defined wide area networking (SD-WAN), reliability, security, and WAN Optimization products, specializes in providing solutions that transcend Wide Area Network (WAN) failures to maintain business continuity for thousands of customers including numerous Fortune 1000 customers over the last 12 years, and has the largest installed base of customers in software-defined network WANs.
Speed Hybrid WAN Deployment with the New Cisco Intelligent WAN Design Guide -...Cisco Enterprise Networks
Presentation from the April 22, 2015 Webcast: Speed Hybrid WAN Deployment with the New Cisco Intelligent WAN Design Guide.
Register to View Webcast: http://cs.co/9004CRn0
Most enterprises deploy both private MPLS and public broadband Internet to some or all of their branch offices. The right SD-WAN solution will dramatically improve the utilization, performance and ease of management of the these hybrid deployments.
Review this presentation for a detailed understanding of the architectural details of Cloud-Delivered SD-WAN for hybrid WAN deployments. You’ll leave with a clear understanding of how hybrid deployments can be designed, implemented and maintained for a secure, optimal and high quality wide area network.
Silver Peak & Innovation Network Technologies (InNet)
Evolve IT: Why Performance Matters When Building Your New SD-WAN, Not all SD-WAN is Created Equal eBook
Cisco Intelligent Branch - Enabling the Next Generation BranchCisco Canada
This session introduces the Cisco Intelligent WAN (IWAN) solution for providing highly available Enterprise WAN connectivity using less expensive Internet circuits. As the volume of content and applications traveling across networks grows exponentially, organizations must optimize their WAN investments. Cisco Intelligent WAN (IWAN) helps you do just that. IT can use investments in Cisco ISR 4000 Series and ASR 1000 Series Routers to scale to the growing demands of branch-office users by providing an optimal experience over any connection at lower cost. And you can do this without compromising performance, reliability, or security.</p>
During this session, we will explain how IWAN, will allow customers to quickly roll out bandwidth-intensive applications, such as video, virtual desktop infrastructure (VDI), and guest Wi-Fi services. And it doesn’t matter which transport model you prefer, whether MPLS, the Internet, cellular, or a hybrid WAN access model. The savings from IWAN often pay for the branch infrastructure investments, and may also free up resources for new, innovative business services.
Deploying new WAN services can take a long time and require a significant up-front capital investment. The software-defined nature of SD-WAN enables service agility, rapid rollout, and instant-on WAN that the Service Provider can immediately benefit from. This accelerates the time to market and time to revenue.
Learn how you can use the CoSN SEND II Decision Tree for Education Technology to make sure that your K–12 technology initiatives create a more engaging learning experience that empowers students, teachers, and administrators alike.
View the Webcast: http://cs.co/9004B80G0
Learn how you can streamline your migration to Cisco Intelligent WAN (IWAN) with lab-tested deployment best practices from Verizon Managed Services. Profit from the real-world expertise and valuable insights of this leading WAN solutions provider.
Miss the webcast? Register to view replay here: http://cs.co/9008BPw6A
Tech Talk by Tim Van Herck: SDN & NFV for WANnvirters
Extending SDN & NFV to WAN
This session will walk through the evolution in branch networking and how SDN & NFV principles can be applied to the enterprise WAN to achieve increased reliability and flexibility. It will also cover how to lower the associated operational expense of running a classic enterprise WAN and what industry trends are pressuring changes on the design of such networks.When applying SDN & NFV principles to the WAN, there will be a natural reduction in complexity of managing services and guaranteeing uptime of network connectivity.
About Tim Van Herck
Tim is the Director of Technology and founding member at VeloCloud Networks.He is responsible for building out a global network of Points of Presence to deliver virtual last mile service to enterprise branches. Prior to joining VeloCloud, Tim was a founding member of Aryaka Networks, which offers WAN Optimization as a service. Tim has been passionately following the leading edge of network virtualization and security solutions for the past 15 years. He holds a master's degree in Industrial Engineering from the University of Antwerp, and is based in VeloCloud's headquarters in Los Altos, CA
More info @ http://meetup.com/openvswitch
Follow us on twitter @nvirters
Security continues to be top of mind as enterprises and service providers work to implement Software-Defined WAN (SD-WAN). Security is a critical requirement for enterprises as they rely more on the Internet for wide area networking, leverage the cloud for applications and services, and adopt new SD-WAN and NFV technologies for increased agility.
SD-WAN architectures are different and Cloud-Delivered SD-WAN offers a unique multi-pronged approach to accommodate the needs of all sizes of enterprises including the largest, as well as the service providers that serve them. Join this webinar to learn about new approaches with SD-WAN that both strengthen and simplify your security posture.
Modern business runs in the cloud, however traditional WAN routers weren't made for that. Silver Peak Unity EdgeConnect is primed for the cloud. In fact it is the industry leading SD-WAN solution that is freeing businesses from their dependency on routers
Build the SD-WAN business case for your whole company and identify the hidden benefits for everyone involved. Persona content and technical diagrams presented.
China Telecom Americas: SD-WAN OverviewVlad Sinayuk
China Telecom Americas has the only fully licensed SD-WAN service to connect between mainland China, North America, Europe, Asia Pacific, and elsewhere in the world.
Enterprises continue to implement or evaluate shifting services which were typically hosted in the branch into the cloud. The reasons include creating a leaner branch, taking advantage of increases in broadband Internet bandwidth and reduced complexity and cost.
This presentation takes a deep dive into the Cloud-Delivered SD-WAN architecture for service chaining. You’ll understanding the architectural differentiation and benefits of this approach and why it offers a superior model for delivering secure, reliable, and high performance service chaining.
FatPipe®, the inventor and multiple patents holder of software-defined wide area networking (SD-WAN), reliability, security, and WAN Optimization products, specializes in providing solutions that transcend Wide Area Network (WAN) failures to maintain business continuity for thousands of customers including numerous Fortune 1000 customers over the last 12 years, and has the largest installed base of customers in software-defined network WANs.
Speed Hybrid WAN Deployment with the New Cisco Intelligent WAN Design Guide -...Cisco Enterprise Networks
Presentation from the April 22, 2015 Webcast: Speed Hybrid WAN Deployment with the New Cisco Intelligent WAN Design Guide.
Register to View Webcast: http://cs.co/9004CRn0
Most enterprises deploy both private MPLS and public broadband Internet to some or all of their branch offices. The right SD-WAN solution will dramatically improve the utilization, performance and ease of management of the these hybrid deployments.
Review this presentation for a detailed understanding of the architectural details of Cloud-Delivered SD-WAN for hybrid WAN deployments. You’ll leave with a clear understanding of how hybrid deployments can be designed, implemented and maintained for a secure, optimal and high quality wide area network.
Silver Peak & Innovation Network Technologies (InNet)
Evolve IT: Why Performance Matters When Building Your New SD-WAN, Not all SD-WAN is Created Equal eBook
Cisco Intelligent Branch - Enabling the Next Generation BranchCisco Canada
This session introduces the Cisco Intelligent WAN (IWAN) solution for providing highly available Enterprise WAN connectivity using less expensive Internet circuits. As the volume of content and applications traveling across networks grows exponentially, organizations must optimize their WAN investments. Cisco Intelligent WAN (IWAN) helps you do just that. IT can use investments in Cisco ISR 4000 Series and ASR 1000 Series Routers to scale to the growing demands of branch-office users by providing an optimal experience over any connection at lower cost. And you can do this without compromising performance, reliability, or security.</p>
During this session, we will explain how IWAN, will allow customers to quickly roll out bandwidth-intensive applications, such as video, virtual desktop infrastructure (VDI), and guest Wi-Fi services. And it doesn’t matter which transport model you prefer, whether MPLS, the Internet, cellular, or a hybrid WAN access model. The savings from IWAN often pay for the branch infrastructure investments, and may also free up resources for new, innovative business services.
(ENT307) AWS Direct Connect Solutions and Network Automation | AWS re:Invent ...Amazon Web Services
As an AWS Direct Connect partner, Level 3 Communications delivers the ability to establish rapid, flexible and private connectivity from your on-premises environment to AWS for increased control and performance. This session covers enterprise use cases related to disaster recovery and migration from on-premises environments to the cloud. The session also addresses best practices and considerations for designing your architecture to include multiple virtual private clouds and global deployments with AWS Direct Connect. Sponsored by Level 3 Communications.
The right Wireless Architecture for youCisco Canada
The explosion of mobile devices driven by the BYOD phenomena is placing a renewed focus and premium on proper WLAN design and deployment. Cisco offers the most extensive and flexible no solutions set on the market, from Autonomous Access Points to Converged Access, including FlexConnect and Cloud based solutions.
Watch the replay: http://cs.co/9001DxsKP
Are you getting unrivaled simplicity, end-to-end visibility, hardware reliability, and consistent policies from your WAN? You can get all of these things when you combine SD-WAN software with Cisco IOS XE routing platforms.
Experts from Cisco’s enterprise routing team will be on hand to show you what intent-based networking and software-defined simplicity in the WAN can bring. Powerful new capabilities are possible with a simple software image change.
Resources:
Watch the related TechWiseTV episode: http://cs.co/9003DvZHt
TechWiseTV: http://cs.co/9009DzrjN
Visualizing Application & Delivery Flows to Make Data-Driven DecisionsCA Technologies
Even the most intelligent network needs management to visualize application traffic flows at the network level and know how well application service levels are being met. The CA Application Performance Management solution leverages key performance indicators from Cisco’s Intelligent WAN solutions, which add value to your network through application visibility and control, application acceleration (WAN optimization) and intelligent path selection. By enabling you to gain visibility into application performance from a network perspective, you can make proactive, data-driven decisions regarding network capacity, QoS policies, infrastructure investments and planned application rollouts.
For more information on DevOps solutions from CA Technologies, please visit: http://bit.ly/1wbjjqX
ICC's Access Control System is a unified wired/wireless system to allow SMB and small enterprise leverage software to control IP data networking centrally or distributed throughout their networks.
ICC's Access Control System is a unified wired/wireless system to allow SMB and small enterprise leverage software to control IP data networking centrally or distributed throughout their networks.
This is a brief overview of the Meru Networks wireless LAN solution. Please contact me if you would like more information or a personal presentation specific to your needs.
Windstream SD-WAN delivers cloud-ready, secure, dynamic and cost-effective networking
to branch offices and remote sites via software intelligence—irrespective of the underlying
connection type, access point or carrier.
UiPath Test Automation using UiPath Test Suite series, part 6DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 6. In this session, we will cover Test Automation with generative AI and Open AI.
UiPath Test Automation with generative AI and Open AI webinar offers an in-depth exploration of leveraging cutting-edge technologies for test automation within the UiPath platform. Attendees will delve into the integration of generative AI, a test automation solution, with Open AI advanced natural language processing capabilities.
Throughout the session, participants will discover how this synergy empowers testers to automate repetitive tasks, enhance testing accuracy, and expedite the software testing life cycle. Topics covered include the seamless integration process, practical use cases, and the benefits of harnessing AI-driven automation for UiPath testing initiatives. By attending this webinar, testers, and automation professionals can gain valuable insights into harnessing the power of AI to optimize their test automation workflows within the UiPath ecosystem, ultimately driving efficiency and quality in software development processes.
What will you get from this session?
1. Insights into integrating generative AI.
2. Understanding how this integration enhances test automation within the UiPath platform
3. Practical demonstrations
4. Exploration of real-world use cases illustrating the benefits of AI-driven test automation for UiPath
Topics covered:
What is generative AI
Test Automation with generative AI and Open AI.
UiPath integration with generative AI
Speaker:
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
UiPath Test Automation using UiPath Test Suite series, part 5DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 5. In this session, we will cover CI/CD with devops.
Topics covered:
CI/CD with in UiPath
End-to-end overview of CI/CD pipeline with Azure devops
Speaker:
Lyndsey Byblow, Test Suite Sales Engineer @ UiPath, Inc.
Building RAG with self-deployed Milvus vector database and Snowpark Container...Zilliz
This talk will give hands-on advice on building RAG applications with an open-source Milvus database deployed as a docker container. We will also introduce the integration of Milvus with Snowpark Container Services.
In his public lecture, Christian Timmerer provides insights into the fascinating history of video streaming, starting from its humble beginnings before YouTube to the groundbreaking technologies that now dominate platforms like Netflix and ORF ON. Timmerer also presents provocative contributions of his own that have significantly influenced the industry. He concludes by looking at future challenges and invites the audience to join in a discussion.
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...SOFTTECHHUB
The choice of an operating system plays a pivotal role in shaping our computing experience. For decades, Microsoft's Windows has dominated the market, offering a familiar and widely adopted platform for personal and professional use. However, as technological advancements continue to push the boundaries of innovation, alternative operating systems have emerged, challenging the status quo and offering users a fresh perspective on computing.
One such alternative that has garnered significant attention and acclaim is Nitrux Linux 3.5.0, a sleek, powerful, and user-friendly Linux distribution that promises to redefine the way we interact with our devices. With its focus on performance, security, and customization, Nitrux Linux presents a compelling case for those seeking to break free from the constraints of proprietary software and embrace the freedom and flexibility of open-source computing.
Removing Uninteresting Bytes in Software FuzzingAftab Hussain
Imagine a world where software fuzzing, the process of mutating bytes in test seeds to uncover hidden and erroneous program behaviors, becomes faster and more effective. A lot depends on the initial seeds, which can significantly dictate the trajectory of a fuzzing campaign, particularly in terms of how long it takes to uncover interesting behaviour in your code. We introduce DIAR, a technique designed to speedup fuzzing campaigns by pinpointing and eliminating those uninteresting bytes in the seeds. Picture this: instead of wasting valuable resources on meaningless mutations in large, bloated seeds, DIAR removes the unnecessary bytes, streamlining the entire process.
In this work, we equipped AFL, a popular fuzzer, with DIAR and examined two critical Linux libraries -- Libxml's xmllint, a tool for parsing xml documents, and Binutil's readelf, an essential debugging and security analysis command-line tool used to display detailed information about ELF (Executable and Linkable Format). Our preliminary results show that AFL+DIAR does not only discover new paths more quickly but also achieves higher coverage overall. This work thus showcases how starting with lean and optimized seeds can lead to faster, more comprehensive fuzzing campaigns -- and DIAR helps you find such seeds.
- These are slides of the talk given at IEEE International Conference on Software Testing Verification and Validation Workshop, ICSTW 2022.
Pushing the limits of ePRTC: 100ns holdover for 100 daysAdtran
At WSTS 2024, Alon Stern explored the topic of parametric holdover and explained how recent research findings can be implemented in real-world PNT networks to achieve 100 nanoseconds of accuracy for up to 100 days.
GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...Neo4j
Leonard Jayamohan, Partner & Generative AI Lead, Deloitte
This keynote will reveal how Deloitte leverages Neo4j’s graph power for groundbreaking digital twin solutions, achieving a staggering 100x performance boost. Discover the essential role knowledge graphs play in successful generative AI implementations. Plus, get an exclusive look at an innovative Neo4j + Generative AI solution Deloitte is developing in-house.
Threats to mobile devices are more prevalent and increasing in scope and complexity. Users of mobile devices desire to take full advantage of the features
available on those devices, but many of the features provide convenience and capability but sacrifice security. This best practices guide outlines steps the users can take to better protect personal devices and information.
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...DanBrown980551
Do you want to learn how to model and simulate an electrical network from scratch in under an hour?
Then welcome to this PowSyBl workshop, hosted by Rte, the French Transmission System Operator (TSO)!
During the webinar, you will discover the PowSyBl ecosystem as well as handle and study an electrical network through an interactive Python notebook.
PowSyBl is an open source project hosted by LF Energy, which offers a comprehensive set of features for electrical grid modelling and simulation. Among other advanced features, PowSyBl provides:
- A fully editable and extendable library for grid component modelling;
- Visualization tools to display your network;
- Grid simulation tools, such as power flows, security analyses (with or without remedial actions) and sensitivity analyses;
The framework is mostly written in Java, with a Python binding so that Python developers can access PowSyBl functionalities as well.
What you will learn during the webinar:
- For beginners: discover PowSyBl's functionalities through a quick general presentation and the notebook, without needing any expert coding skills;
- For advanced developers: master the skills to efficiently apply PowSyBl functionalities to your real-world scenarios.
DevOps and Testing slides at DASA ConnectKari Kakkonen
My and Rik Marselis slides at 30.5.2024 DASA Connect conference. We discuss about what is testing, then what is agile testing and finally what is Testing in DevOps. Finally we had lovely workshop with the participants trying to find out different ways to think about quality and testing in different parts of the DevOps infinity loop.
Essentials of Automations: The Art of Triggers and Actions in FMESafe Software
In this second installment of our Essentials of Automations webinar series, we’ll explore the landscape of triggers and actions, guiding you through the nuances of authoring and adapting workspaces for seamless automations. Gain an understanding of the full spectrum of triggers and actions available in FME, empowering you to enhance your workspaces for efficient automation.
We’ll kick things off by showcasing the most commonly used event-based triggers, introducing you to various automation workflows like manual triggers, schedules, directory watchers, and more. Plus, see how these elements play out in real scenarios.
Whether you’re tweaking your current setup or building from the ground up, this session will arm you with the tools and insights needed to transform your FME usage into a powerhouse of productivity. Join us to discover effective strategies that simplify complex processes, enhancing your productivity and transforming your data management practices with FME. Let’s turn complexity into clarity and make your workspaces work wonders!
Securing your Kubernetes cluster_ a step-by-step guide to success !KatiaHIMEUR1
Today, after several years of existence, an extremely active community and an ultra-dynamic ecosystem, Kubernetes has established itself as the de facto standard in container orchestration. Thanks to a wide range of managed services, it has never been so easy to set up a ready-to-use Kubernetes cluster.
However, this ease of use means that the subject of security in Kubernetes is often left for later, or even neglected. This exposes companies to significant risks.
In this talk, I'll show you step-by-step how to secure your Kubernetes cluster for greater peace of mind and reliability.
Communications Mining Series - Zero to Hero - Session 1DianaGray10
This session provides introduction to UiPath Communication Mining, importance and platform overview. You will acquire a good understand of the phases in Communication Mining as we go over the platform with you. Topics covered:
• Communication Mining Overview
• Why is it important?
• How can it help today’s business and the benefits
• Phases in Communication Mining
• Demo on Platform overview
• Q/A
zkStudyClub - Reef: Fast Succinct Non-Interactive Zero-Knowledge Regex ProofsAlex Pruden
This paper presents Reef, a system for generating publicly verifiable succinct non-interactive zero-knowledge proofs that a committed document matches or does not match a regular expression. We describe applications such as proving the strength of passwords, the provenance of email despite redactions, the validity of oblivious DNS queries, and the existence of mutations in DNA. Reef supports the Perl Compatible Regular Expression syntax, including wildcards, alternation, ranges, capture groups, Kleene star, negations, and lookarounds. Reef introduces a new type of automata, Skipping Alternating Finite Automata (SAFA), that skips irrelevant parts of a document when producing proofs without undermining soundness, and instantiates SAFA with a lookup argument. Our experimental evaluation confirms that Reef can generate proofs for documents with 32M characters; the proofs are small and cheap to verify (under a second).
Paper: https://eprint.iacr.org/2023/1886
3. Internet as an Extension of Enterprise WAN
Commodity Transports Viable Now
Dramatic Bandwidth, Price Performance Benefits
Higher Network Availability
Improved Performance Over Internet
3
4. Intelligent WAN: Leveraging the Internet
Secure WAN Transport and Internet Access
Optimized
Secure Transport
Branch
Direct Cloud
Access
Private
Cloud
Virtual
Private
Cloud
Public
Cloud
1. IWAN Secure transport for private
and virtual private cloud access
2. Leverage local Internet path for
public cloud and Internet access
Increase WAN transport capacity and
app performance cost effectively!
Improve application performance
(right flows to right places)
MPLS (IP-VPN)
Internet
5. Intelligent WAN (IWAN) Architecture
MPLS
Unified
Branch
3G/4G-LTE
Internet
Private
Cloud
Virtual
Private
Cloud
Public
Cloud
Application
Optimization
Enhanced Application
Visibility and Performance
Secure
Connectivity
Comprehensive
Threat Defense
Intelligent
Path Control
Application
Aware Routing
Transport
Independent
Simplified
Hybrid WAN
Management Automation
5
7. IWAN Transport Independence
Consistent deployment models simplify operations
Internet MPLS
Branch
DMVPN DMVPN
IWAN HYBRID
Data Center
ISR
ASR 1000 ASR 1000
ISP A SP B
4G/LTE
Branch
DMVPN
IWAN HYBRID/LTE
Data Center
ISP C SP B
ASR 1000
MPLS
Branch
MPLS
DMVPN
IWAN Dual MPLS
Data Center
ISR
ASR 1000 ASR 1000
SP A SP B
DMVPN
MPLS
DMVPN
ISR
ASR 1000
8. IWAN Transport Independent Design
with Dynamic Multipoint VPN (DMVPN)
• Proven IPsec VPN technology
• Widely deployed, Large scale
• Standards based IPsec and Routing
• Adv QOS: hierarchical, per tunnel and adaptive
• Flexible & Resilient
• Over any transport: MPLS, Carrier Ethernet, Internet, 3G/4G,..
• Hub-n-Spoke with Dynamic full mesh Topology
• Multiple encryption, key management, routing options
• Multiple redundancy options: platform, hub, transports
• Secure
• Industry Certified IPsec and Firewall
• NG Strong Encryption: AES-GCM-256 (Suite B)
• IKE Version 2
• IEEE 802.1AR Secure unique device identifier
• Simplified IWAN Deployments
• Prescriptive validated IWAN designs
• Automated provisioning – Prime, IWAN-App, Glue
Branch
Internet MPLS
DMVPN
Purple
DMVPN
Green
IWAN HYBRID
Data Center
ISP A SP B
10. Getting the Most Out of Your WAN Investment
Benefits of Intelligent Path Control
Data Center
Branch
ASR 1000
ASR 1000
ISR
MPLS
Internet
Enabling
Hybrid WANs
Efficient Distribution of
Traffic Based Upon Load
or Path Preference
Application Best Path
Based on Quality
Protection From
Carrier Black Holes
and Brownouts
Lower
WAN Costs
Full Utilization
of WAN Bandwidth
Improved
Application
Performance
Higher Application
Availability
11
11. Intelligent Path Control with PfR
Voice and Video Use-Case
Branch
MPLS
Internet
Virtual Private
Cloud
Private Cloud
• PfR monitors network performance and routes applications
based on policy
• PfR load balances traffic based upon link utilization levels
to efficiently utilize all available WAN bandwidth
Other traffic is load
balanced to maximize
bandwidth
Voice/Video will be
rerouted if the current path
degrades below policy
thresholds
Voice/Video take the
best delay, jitter,
and/or loss path
12
12. What is Performance Routing (PfR)?
MPLS Internet
Branch
BR BR
Data Center
MC
“Performance Routing (PfR) provides
additional intelligence to classic routing
to track and verify the quality of a path
over a Wide Area Networking (WAN) to
determine the best path for application
traffic....”
MC+BR
13
13. SP1 (MPLS) ISP (FTTH)
• Protect voice and
video quality
Latency < 150 ms
Jitter < 20 ms
• Protect Email applications
from WAN congestion
Loss < 5%
• Voice and video preferred
path SP1
• Email preferred path ISP
• Increase utilization
by load sharing
Multimedia and Critical Data Policy
Business App
Best-Effort Traffic
High Delay
Detected
SP1 (MPLS) ISP (DSL)
Voice and Video
High Jitter
Detected
Email
Best-Effort Traffic
Protecting Critical Applications While Increasing Bandwidth Utilization
• Protect transactional
business app from brownouts
delay < 250ms
• Preferred path SP1 (MPLS)
• Increase WAN bandwidth
efficiency by load-sharing
traffic over all WAN paths,
MPLS + Internet
Business App and Load-Balancing Policy
14
14. Load Balancing
Maximizing Link Utilization to Increase Available Bandwidth
• Traffic distributed across all paths to efficiently use all WAN bandwidth
• Load Balancing based upon link utilization levels
• External links can have different bandwidth capacities
MPLS = 1.5Mbps
Internet = 15Mbps
ISR
WAN
Internet
MPLS
ASR 1000
ASR 1000
Data Center
50% T1 = 750kbps
50% 15Mbps = 7.5Mbps
15
16. Branch
Proliferation
of Devices
Users/
Machines
Private
Cloud
Make Your IWAN Application Aware
Application Visibility and Control (AVC)
DC/Headquarters
Public
Cloud
Cisco AVC
Application Performance
Visibility
• Application inspection with
existing routers
• Rich data collection using
NetFlow v9/IPFIX
• Easy to integrate into many
reporting tools
Smart Capacity
Planning
• Better use of costly bandwidth
• Per-branch and per-application
level reporting
Business Objective
Enforcement
• Service Level monitoring per
application
• Better Analytics to adjust
network policies to maintain
compliance
17
AVC
17. Proliferation
of Devices
Users/
Machines
Private
Cloud
Application Performance Monitoring for IWAN
Track and Report Application Flows and Performance
WAN
NetFlow v9
Enterprise Edge
AVC
AVC
CSR
NetFlow/IPFIX Records
(Same provisioning, same format)
• Traffic statistics records
• Application Response Time records
• Media monitoring records
(Application, Jitter, Loss, etc)
Cisco Tools
Prime, APIC-EM
Partner Tools Ecosystem
LiveAction
Glue Networks
Plixer
Living Objects
CompuWare
CA Technologies
Collecting Collecting Collecting
Provisioning
Exporting
NetFlow v9 Export/IPFIX Export
Branch DC/Headquarters
AVC
AVC
18
18. Cisco WAAS
Enhancing User Experience and WAN Efficiency
Solution
• Reduce load
Data redundancy elimination
(DRE), compression, and
TCP optimization
• Application optimization
Fewer protocol messages
and metadata caching
Problem
• Application latency
• WAN bandwidth
inefficiencies
Application bandwidth with Cisco® WAAS
Application bandwidth natively
Application latency natively
Application latency with Cisco WAAS 0 0
1
2
3
4
40
80
120
160
Application
Bandwidth
Application
Latency
Bandwidth
(Mbps)
Latency
(Seconds)
Reduction in
bandwidth
Reduction
in latency
19
19. Data CenterBranch
Akamai
Intelligent
Platform
Optimal Experience Regardless of Device, Connectivity or Cloud
All HTTP Traffic in Private, Public, Akamai Cloud
Prepositioning | Dynamic HTTP Caching (YouTube) | Any Transport
ISR-AX
AKAMAI
Inside
AKAMAI
CACHE
WAN
IWAN – Application Optimization
with Akamai Connect
21. Intelligent WAN: Secure Connectivity
Securing the network and users
Secure WAN
Transport
Branch
MPLS (IP-VPN)
Internet
Secure
Internet
Access
Private
Cloud
Virtual
Private
Cloud
Public
Cloud
Two areas of concern
1. Protecting the network from outside threats with data privacy over provider networks
2. Protecting user access to Public Cloud and Internet services; malware, privacy, phishing,…
23
22. Securing the IWAN Transport
IPSec VPN and Access Control
• Step 1: Authenticate hardware and software
Trust Anchor Module verification
• Step 2: Secure Transport
Proven IPsec VPN overlay
Strong Cryptography: IKEv2 + AES-GCM 256
F-VRF to isolate provider networks
• Step 3: Access Control
IOS Zone-based Firewall or ACLs protection
Role based access to router w/ logging
Minimize exposure
Provider assigned addressing to hide routers
Don’t put tunnel addresses into DNS
MPLS Internet
Branch
ASR 1000 ASR 1000
ISP A ISP C
Data Center
24
23. Intelligent WAN—Direct Cloud Access
Branch
MPLS (IP-VPN)
Internet
Direct
Internet
Access
Private
Cloud
Virtual
Private
Cloud
Public
Cloud
• Leverage Local Internet path for Public Cloud and Internet access
• Improve application performance (right flows to right places)
Solutions
On Premise – Zone Based Firewall
Cloud Based – Cloud Web Security
CWS
ISR-AX
ZBFW
26
24. Secure Internet Access with Cisco
Cloud Web Security (CWS)
Secure Public
Cloud and Internet
Access
ISR Connector to
CWS Firewall towers
Web Filtering,
Access Policy,
Malware Detect
WAN1
(IP-VPN)
CWS
Private
Cloud
Public
Cloud
Branch
WAN2
(Internet)
IWAN IPsec VPN
for Private Cloud
TrafficIOS Firewall to
protect Internet
Edge
Internet
27
26. Cisco IWAN Management Portfolio
Covering a broad range of preferences and requirements
• Customer wants advanced
provisioning, life cycle
management, and
customized policies
• System-wide network
consistency assurance
• Lean IT OR IT Network team
Cisco
Prime
Infrastructure
• Customer needs
customizable IWAN with
end-to-end monitoring
• One Assurance across
Cisco portfolio from Branch
to Datacenter
• IT Network team
Enterprise Network
Mgmt and Monitoring
Ecosystem Partners
IWAN App
• Customer wants
considerable automation
and operational simplicity
• Requirements consistent
with prescriptive IWAN
Validated Design
• Lean IT organization
Prescriptive
Policy Automation
• Customer looking for
advanced monitoring and
visualization
• QoS/ PfR/ AVC configuration,
Real-time analytics and
network troubleshooting
• IT Network team
Application Aware
Performance Mgmt
Advanced
Orchestration
27. Provisioning & Life
Cycle Management
Visualization & Health
IWAN Management Solution Positioning
CustomizablePrescriptive
AdvancedFoundation
Prime
Prime
IWAN AppOn Prem
Cloud
Infrastructure ASR 1000
35. APIC-EM IWAN App
Define Application Policy
• Business Intent network admin informs the controller
what applications are relevant for the business
• The controller is going to perform background tasks
based on this business logic
36. APIC-EM IWAN App
Define Application Policy
• Define primary path for group of applications
• The controller will create a PfR policy based on
those paths.
42. Internet
Intelligent WAN Summary
Branch-1 Branch-513
DCI
WAN
Core
MC MC
20M Dn
2M Up
512M FD
BR BR
ATBT
MPLS
Island
ADSL
BR
ISR-AX
vWAAS
ISR-AX
vWAAS
1.5M FD
256M FD
CWS
BR
ASR-AX ASR-AX
WAAS WAAS
AV
C
AV
C
AV
C
ShowMe$$
DC-WestDC-East
Internet Internet
Transport Independent Design
• Highly available Hybrid WAN
Intelligent Path Control
• Performance Routing (PfR) to protect applications and
load balance traffic to maximize expensive WAN bandwidth
Application Optimization
• Application Visibility and Control (AVC) to monitor performance
• WAAS + Akamai to reduce bandwidth consumption while improving
application experience
Secure Connectivity
• Secure the network from outside threats
• Cloud Web Security (CWS) for improved Cloud performance while
freeing up WAN bandwidth, without compromising security
IWAN Management
• Cisco and Ecosystem Partner tools
APIC-EM IWAN-APP, Prime, LiveAction, GlueWare, and more
46. What Are the Big Trends in the Branch?
Clients engage with Digital
Signage 50% more than static
ads
-Intel field trials
Dynamic signs, driven by
RFID, increase sales by 34%
-Intel field trials
growing more than 10% Y:Y
through 2020
-Grandview Research
41% of K-12 students use
tablets for video learning
-Project Tomorrow
38% of Corporations are
investing to develop or replace
applications to be web based
in 2015
-Computer World
18% of companies use Mobile
Video Applications for Training
-eLearning Industry
Branch Guest WiFi causes
39% of customers to increases
the duration of their stay.
Offering guest WiFi increases
traffic for 56% of branch
locations
-IHL Group
“A week without guest WIFI
leaves customers grumpier
than a week without coffee”
-Huff Tech Research
Digital Signage Mobile Applications Guest WiFi
47. What Are the Big Cloud Trends?
20% of applications are the in cloud Growing 18% a year
AWS Reaches Over 1 Million Active
Customers
Applications that move between the
branch, the cloud, and the DC
20
08
20
09
20
10
20
11
20
12
20
13
20
14
0
40
80
120
160
200
2012 2013 2014 2015 2016 2017
InstalledWorkloads
inMillions
Cloud Data Center (30% CAGR)
Traditional Data Center (6% CAGR)
61%
39%
37%
63%
Source: Cisco Global Cloud Index (GCI)
Source: zdnet.com
40% of organizations will spend more on software as a
service and a mix of public, private, hybrid and
community clouds in 2015. Source: Computer World
48. Leveraging the Internet Pays Off Fast
1.5 Mbps
10 Mbps
$220
$140
$830
$260
$885
$274
$1,014
$303
EXAMPLE: San Francisco Single MPLS VPN vs. Dual Business Internet ($ per Month)
Dual Internet Links
Combined for Ent SLA
$665
Savings/Month x
12 Months X 1,000
Sites
= $8M Savings
per Year
-75%
iWANMPLS VPN
CoS3
MPLS VPN
CoS2
MPLS VPN
CoS1
Source: Telegeography MPLS VPN pricing for San Francisco as of March 2013; Comcast Web site; Verizon website
51
49. DUAL
ROUTERS,
DUAL PATHS
ISR
MPLS Internet
ISR ISR
Internet Internet
ISR
99.999% 99.999%
5 Minutes
ISR
MPLS MPLS
ISR
99.999%
ISR
MPLS MPLS Internet
ISR
MPLS
SINGLE
ROUTER,
DUAL PATHS Internet Internet
ISR
99.995% 99.995% 99.995%
26 Minutes
Building Highly Resilient WANs
Redundancy and Path Diversity Matter
ISR
MPLS
SINGLE
ROUTER,
SINGLE PATH
ISR
Internet
99.95%* 99.90%*
Downtime
per Year
4–9 Hours
Downtime
per Year
8 Hours
46 Minutes
IWAN Solution
* Typical MPLS and Business Grade Broadband Availability SLAs and Downtime per Year, calculated with Cisco AS DAAP tool.
52
50. IWAN Transport Best Practices
• Private peering with Internet providers
Use same Internet provider for hub and spoke sites
Avoids Internet Exchange bottlenecks between providers
Reduces round trip latency
• DMVPN Phase 3
Scalable dynamic site-to-site tunnels
Separate DMVPN per transport for path diversity
Per tunnel QOS
NG Encryption – IKEv2 + AES-GCM-256 encryption
• Transport settings
Use the same MTU size on all WAN paths
Bandwidth settings should match offered rate
• Routing Overlay
iBGP or EIGRP for high scale
Single routing process, simplified operations
Front-side VRF to isolate provider networks
Branch
Internet MPLS
DMVPN
Purple
DMVPN
Green
IWAN HYBRID
Data Center
ISP A SP B
53
52. Performance Routing—Components
The Decision Maker: Master Controller (MC)
• Discover BRs, collect statistics
• Apply policy, verification, reporting
• No packet forwarding/inspection required
The Forwarding Path: Border Router (BR)
• Does all packet forwarding
• Visibility in network performance
• Enforce MC’s decision (path enforcement)
The Policy Controller: Domain Controller (DC)
• Discover site peers, prefixes and connected networks
• Advertise policy and services
• One per domain, collocated with MC
MPLS Internet
BranchMC+BR
BR BR
DC/MC
55
53. PfR Domain Controller
Domain Controller (DC) Peering Framework
– Site MCs register to Domain
– Advertise to, or request services
– Simplifies deployment and configuration
– Provides topology auto-discovery
Single point of configuration across the domain
Used to distribute information to sites:
– Learned site-prefix
– Application/Traffic Policies
– Performance monitoring
– Traffic Class Database
WAN1 WAN2
Domain
Controller
Master
Controller
56
BR
BR BR
DC/MC
MC+BR MC+BRMC+BR
54. Define Traffic Classes
and service level
Policies based on
Applications or Transport
Classifiers
ISR
ASR1K
Border Routers learn
current traffic classes
going to the WAN based
on classifier definitions
Learning
Active TCs
BR BR
MC+BR MC+BR MC+BR MC+BR
Traffic
Classes
MC
Measure the traffic flow
and network performance
and report metrics to the
Master Controller
Performance
Measurements
BR BR
MC+BR MC+BR MC+BR MC+BR
MC
How PfR Works
Key Operations
Master Controller
commands path changes
based on traffic class
policy definitions
Best
Path
BR BR
MC+BR MC+BR BR MC+BR
MC
Path EnforcementMeasurementLearn the TrafficDefine Your Traffic Policy
57
55. Intelligent Path Control
Path of Last Resort – New
• Simplifies and speeds up failover routing
to a backup only path
• Granular failover per traffic class policy
• Extends path-preference to include a
last-resort path(s)
• Removes the need for the routing
protocol to initiate failover
• Good choice for cellular, satellite and
other backup only paths
Branch Site
MPLS INET MPLS INET
R14
DMVPN
MPLS
DMVPN
INET
DC1 DC2
LTE
MPLS2 INET2 MPLS2 INET2
DC/MC MC
DC/MC MC
MC/BR
ASA
LTE
DMVPN
LTE
BR
IWAN 2.1
Fall 15
57. Today’s Network is an IT Blind Spot
• Static port classification is no
longer enough
• More and more apps are opaque
• Increasing use of encryption
and obfuscation
• Application consists of multiple sessions
(video, voice, data)
• What if user experience is not meeting
business needs?
60
58. What applications, how much bandwidth, flow direction?
(NBAR2 and Flexible Netflow)
Basic Monitoring
Performance Collection & Exporting
Integrated performance monitoring and advanced metrics for different type of applications and use cases
HTTP HTTP
Voice and Video Performance
(Media Monitoring)
Unified
Monitoring
30% of traffic is
voice and video
Critical Applications Performance
(Application Response Time)
40% of traffic is
critical applications
61
59. Supports
Akamai Cloud | Single-sided Optimization | Secure Direct Cloud Access
Application Acceleration + Edge Caching
Enhancing User Experience while reducing WAN load
AKAMAI CACHING
Transparent HTTP
Caching
Dynamic URL OTT
HTTP Caching
Akamai
Connected Cache
Content
Pre-positioning
CISCO WAAS Optimization
LZ
Compression
TCP
Optimization
Data
De-duplication
Application Specific
Acceleration
60. Cisco WAAS & Akamai Deployment Models
Branch Office
WAAS
Service
Module/ UCSe
Branch Office
WAAS-XE
on ISR-4000
Branch Office
WAAS
Appliance
Regional Office
WAAS
Appliance
Data Center or
Private Cloud WAAS
Appliances
VPN
VMware ESXi
vWAAS
Appliances
Server VMs
AppNav +
WAAS
IWAN
vWAAS
WAE
Server
VMs
VMware ESXi Server
Nexus 1000v vPATH
UCS /x86 Server
FC SAN
Nexus 1000v VSM
Virtual Private Cloud
New
63
62. Trust Anchor Module (TAM)
“How do I Know the Hardware is Authentic?”
• Provides Immutable Identity
• Standard Identity- IEEE 802.1AR (SUDI-
X.509 cert)
• Secure Storage of Credentials
• Anti-Theft & Anti-Tamper Chip Design
• Certifiable Entropy for Random Number
Generation
Trust Anchor
Module
TAM
Features &
Services
Checks to Verify
as Cisco
Genuine
TAM/Secure Identity
Verification
• Immutable
Identity
• Secure
Storage (Keys
& Objects)
• Certifiable
Entropy
Source
• Secure Crypto
Assist
• Secure
Application
Certificates
• Authenticity
& License
Check
• Verify Secure
Identity
Product Security
• Provides trustworthy hardware offering immutable identity, secure storage,
random number generator, and encryption
• Available in the ISR-4000, newer Catalyst and other Cisco products
• Provides Immutable Identity
• Standard Identity- IEEE 802.1AR
(SUDI- X.509 cert)
• Secure Storage of Credentials
• Anti-Theft & Anti-Tamper Chip Design
• Certifiable Entropy for Random Number
Generation
65
63. Secure Boot
“How do I Know the Software is Authentic?”
Verifies the software has not been altered or tampered since it was signed
Power On
Hardware
Anchor
Secure
Microloader
Signed
Bootloader/
BIOS
Immutable
Anchor
ensuring
hardware
integrity
and key
authenticity
Integrity
Check
Image
Signing
Image
Signing
Image
Signing
Secure Boot Process
Launch
Operating
System
Signed
Operating
System
Power-Up
Microloader
verifies
Bootloader
and BIOS
A Signed
Bootloader/
BIOS
validates
Operating
System
• Ensures only authentic Cisco software boots up
on a Cisco Platform
• Anchored in hardware, as the image is created,
the signature is installed & signed with a secure
private key
• As the software boots, the system checks to
ensure the installed digital certificate is valid
• Subsequent hash checks provides continuous
monitoring with runtime integrity
64. MPLS Internet
Branch
ASR 1000 ASR 1000
ISP A ISP C
Data Center
Add Network Integrated Threat Defense
IOS Zone-Based Firewall
• Control the Perimeter:
• External and internal protection: internal network is no longer trusted
• Protocol anomaly detection and stateful inspection
• Communicate Securely:
• Call flow awareness (SIP, SCCP, H323)
• Prevent DoS attacks
• Flexible:
• Split Tunnel-Branch direct Internet access
• Internal FW— addresses regulatory compliances
• Integrated:
• No need for additional devices, expenses and power
• Works with other IWAN Services: CWS, WAAS, UCS-E,…
• Manageable:
• APIC-EM, Prime, CLI, SNMP, CCP, and CSM
67
65. Virtual Route Forwarding (VRFs) create
multiple logical routers on a single device
• Separate control/forwarding planes per VRF
• No connectivity between VRFs by default
• Provider side VRF (yellow) for external networks,
Global VRF (blue) for internal networks
Provider VRF minimizes threat exposure
• Default routing only in Provider VRF
• Provider assigned IP addressing hides internal
network
• Provider IP address used as IPSec tunnel source
• Only IPsec allowed between internal Global and
Provider Front Side VRFs
Securing IWAN Transports with Front-door VRF
Isolation of external networks
Global
F-VRF
Branch LAN
10.1.1.0/24
10.1.2.0/24
…
Front Side
“Provider Interface”
VRF
Provider Assigned
WAN IP Address
192.168.254.254
VRFs have
independent
routing and
forwarding
planes
IPSec Tunnel
Interface
Inside Network
VRF
IOS ZBFW or
ACL to permit
only authorized
traffic; i.e. IPsec
66. DSL Cable
Branch
ASR 1000 ASR 1000
ISP A ISP C
Data Center
Protecting Public facing IWAN Interfaces
• Use ACLs, ZBFW or ASA to block all traffic
except the DMVPN tunnel traffic to routers
• Zone Based Firewall (ZBFW) at the branch if there
are plans for Direct Cloud Access
• Typical ACL for protecting the Internet interface
interface GigabitEthernet0/0
bandwidth 10000
ip vrf forwarding INET-PUBLIC1
ip address dhcp
ip access-group ACL-INET-PUBLIC in
duplex auto
!
ip access-list extended ACL-INET-PUBLIC
permit udp any any eq non500-isakmp
permit udp any any eq isakmp
permit esp any any
permit udp any any eq bootpc
permit icmp any any echo
permit icmp any any echo-reply
permit icmp any any ttl-exceeded
permit icmp any any port-unreachable
permit udp any any gt 1023 ttl eq 1
!
69
74. LiveAction Software
• An Application-aware Network Performance Management
and QoS Control tool
• Fast, simple, cost effective way to monitor and control
application performance leveraging Cisco capabilities
LiveAction Components
Flow QoS Monitor QoS Configure RoutingLAN IP SLA
75. Business Relevance to End-Customers
Insightful Application Performance
and Troubleshooting
Faster QoS Monitoring and
Configuration
Visual WAN Bandwidth
Management
Higher Quality Voice and Video
Efficient WAN Performance
Baselining and Capacity Planning
Click -- Easily deploy, configure,
monitor, and analyze Cisco advanced
technologies
See -- End-to-end flow visualization
for a holistic view of the network
Fix -- Unique QoS graphical control to
troubleshoot and solve issues. Instant
validation of policy changes
Point -- Quick diagnosis of
performance issues through visual
displays
Higher Productivity Thru Faster and Reliable Applications
76. Glue Networks IWAN Orchestration
• Cloud-based SaaS subscription model
• Eliminates manual building of WANs
• Automated WAN orchestration and management
• Quick configuration updates and IOS upgrades
• Rapidly delivers nextgen and IWAN features
• Forward compatible with SDN and OnePK for app aware WANs
• Broadband and MPLS support for centralized hybrid WAN
management for IWAN
79
77. Introducing Gluware 2.0:
DevOps for Network Engineers
Transforms Enterprise Networks
• Network Engineer Centric vs. Programmer Centric
• Gluware Lab—Rapid Development Environment,
NDK, & FLOW (Flexible Language Object
Workstream)
• Gluware Control—Network-aware and
Customizable Life-Cycle Mgmt
• Integrated with leading architectures (IWAN)
• Rest API third party Monitoring, Visualization,
Controllers
78. LiveAction 4.3 and Performance Routing
• PfR path change visualization
• Alert and report on PfR Out of Policy events
• Reports on traffic class/application path changes
Out-Of-Policy
Threshold Crossing Alert
Before Brown-Out (Northern Path) After Brown-Out (Southern Path)
79. Alerts / performance
by Site
Alerts / performance
by Application Group
All Alerts
PfRv3 Dashboard
80. LiveAction Demonstration
• System topology and end-to-end flow
visualization
• Flow, PfR, and QoS
• PfR Failover Demo (12 min)
http://vimeo.com/108511944
• PfR Configuration (15 min)
https://vimeo.com/121177440
82. Intelligent SD-WAN Orchestration Platform Benefits
Optimize WAN Management with best-practices
architectures (IWAN) & centralized management
Zero Touch Deployment with consistency, error checking
& architecture awareness
WAN Orchestration with DevOps boosting agility and
customization with the Network Engineer in mind
Simplify Roll-Out of complex services through policy
centralization and assurance
Control Network Evolution with advanced feature
support and open, programmable interfaces
Transport Agnostic connectivity for hybrid WAN and
cost reduction
83. Device Layer
IWAN Glue Networks APIC-EM Evolution
Element Layer
CLI
TCL
SNMP
Control Layer
Orchestration &
Automation Layer
Phases
Gluware
Network
Operator
Level
CLI, API
TCL
SNMP
APIC-EM
Gluware
API
SNMP
APIC-EM
Gluware
TID
IPC
AO
SIC
TID
IPC
AO
SIC
TID
IPC
AO
SIC
Phase 1 Phase 2 Phase 3-5
Admin Admin Admin
Cisco Internal O
IWAN Pillars:
TID – Transport Independent
IPC – Intelligent Path Control
AO – Application Optimization
SIC – Secure Internet Access
86. IWAN Aggregation Border Routers
ASR1000 - IWAN AX Ready, High Performance Routers
INTEGRATED IWAN SERVICES
BUSINESS-CRITICAL RESILIENCY
COMPACT, POWERFUL ROUTER
IOS Firewall, VPN, IPSec, PfRV3,
NBAR2, AVC, AppNav, VRF, MPLS
Scalable on-chip service provisioning
Separate control and data planes
Hardware and software redundancy
In-service software upgrades
Line-rate performance 2.5G to 200G+
with services enabled
Crypto performance from 2G to 60G+
Flexible I/O: SPAs and Ethernet LCs
2.5G Upgradeable to 5G, 10G, 20G
Up to 8G Crypto Throughput
5G Upgradeable to 10G, 20G, 36G
Up to 4G Crypto Throughput
Modular, Redundant up to 200G
Up to 60G Crypto Throughput
ASR1001-X
ASR1002-X
Modular ASR1006
87. Cisco UCS-E Series
Extend Cloud Services into Branch Infrastructure
Support on ISR Series Routers
IOS, MGF Backplane Switch
UCS-E Blade
Hypervisor
CIMC
E
UCS-E Blade
Hypervisor
OS
App
OS
App
OS
App
OS
AppPlatform for WAN
Edge Applications
Microsoft Windows-Server
and Linux Certified
Server Virtualization
Cisco UCS Virtualization Powered by
VMware, Microsoft, Citrix
Dedicated Blade
Management
Cisco Integrated
Management Controller
Consistent management
for UCS family
Multipurpose x86 Blades
Cisco UCS
E Series modules
House up to four server
blades in an ISR
Single-Device
Network Integration
House all services in ISR chassis
Multigigabit fabric backplane switch
90
88. Cisco UCS E-Series Server
Hypervisor and OS Support
Hypervisors
• VMware vSphere Hypervisor™ 5.0, update 1, 5.1 and 5.5
• Hyper-V (Windows 2008 R2 and 2012, 2012 R2)
• Citrix XenServer 6.0
Microsoft Windows
• Windows Server 2008 R2 Standard 64-bit
• Windows Server 2008 R2 Enterprise 64-bit
• Windows Server 2012, 2012 R2
Linux
• Red Hat Enterprise Linux 6.2
• SUSE Linux Enterprise 11, service pack 2
• Oracle Enterprise Linux 6.0, update 2
91
90. Internet
Intelligent WAN Summary
Branch-1 Branch-513
DCI
WAN
Core
MC MC
20M Dn
2M Up
512M FD
BR BR
ATBT
MPLS
Island
ADSL
BR
ISR-AX
vWAAS
ISR-AX
vWAAS
1.5M FD
256M FD
CWS
BR
ASR-AX ASR-AX
WAAS WAAS
AV
C
AV
C
AV
C
ShowMe$$
DC-WestDC-East
Internet Internet
Transport Independent Design
• Highly available Hybrid WAN
Intelligent Path Control
• Performance Routing (PfR) to protect applications and
load balance traffic to maximize expensive WAN bandwidth
Application Optimization
• Application Visibility and Control (AVC) to monitor performance
• WAAS + Akamai to reduce bandwidth consumption while improving
application experience
Secure Connectivity
• Secure the network from outside threats
• Cloud Web Security (CWS) for improved Cloud performance while
freeing up WAN bandwidth, without compromising security
IWAN Management
• Cisco and Ecosystem Partner tools
APIC-EM IWAN-APP, Prime, LiveAction, GlueWare, and more
92. IWAN Vision and Strategy
Systems Development evolution of IWAN
INTELLIGENT
VIRTUALIZATION
AUTOMATION
CLOUD
INTEGRATION
SERVICE
VIRTUALIZATION
SELF
LEARNING
NETWORKS
Transport Independent Design
Intelligent Path Control
Application Optimization
Secure Connectivity
Management & Orchestration
IWANFramework
Incremental improvements while delivering new use-cases
95
94. • Community of IT business leaders who exchange ideas and best
practices for implementing Open Networking and Software-Defined
Networking (SDN) designs.
• One of the ONUG working groups is the SD-WAN Working Group
• The SD-WAN working group has determined a set of 10 business
requirements (based on user-developed use cases) that Enterprises
should consider when evaluating SD-WAN solutions.
Open Networking User Group
Source: http://blogs.cisco.com/enterprise/cisco-intelligent-wan-delivers-on-sd-wan-business-requirements
95. 1. Public and Private Active-Active: Ability for remote site/branch to leverage public and private
WANs in an active/active fashion for business applications.
2. Physical or Virtual CPE: Ability to deploy CPE in a physical or virtual form factor on commodity
hardware.
3. Security and Business policies: A secure hybrid WAN architecture that allows for dynamic traffic
engineering capability across private and public WAN paths as specified by application policy,
prevailing network WAN availability and/or degradation at transport or application layer
performance.
4. App and Performance Aware Dynamic Traffic Eng: Visibility, prioritization and steering of
business critical and real-time applications as per security and corporate governance and
compliance policies.
5. Highly Available & Resilient WAN: A highly available and resilient hybrid WAN environment for
optimal client and application experience.
Top 10 Requirements for SD-WAN
96. 6. L2 and L3 Interoperability: Layer 2 and 3 interoperability with directly connected switch and/or
router.
7. Dashboard Reporting: Site, Application and VPN performance level dashboard reporting.
8. Open API: Open north-bound API for controller access and management, ability to forward specific
log events to network event co-relation manager and/or Security Incident & Event Manager
(SIEM).
9. Zero Touch Deployment: Capability to effect zero touch deployment at branch site with minimal to
no configuration changes on directly connected infrastructure, ensuring agility in provisioning and
deployment.
10. FIPS-140-2: FIPS 140-2 validation certification for cryptography modules/encryption with
automated certificate life cycle management and reporting.
Top 10 Requirements for SD-WAN