Hope you did not miss our deep dive: Cisco APIC-EM: IT Speed and Simplicity Through Automation
Ronnie Ray walked through Cisco's purpose-built enterprise controller. Purpose build to help you move to software-defined networking (SDN) that works both on existing networks and on new infrastructure.
Watch and Listen to the workshop replay at cs.co/6017Bl8Kb
(check out the Digital Network Architecture episodes Part 1 and 2 at http://www.techwisetv.com)
You will learn how Cisco engineers created the world’s best network automation controller, which provides enterprise resiliency and scale, an open and extensible platform, and a full suite of policy-driven SDN applications.
You’ll learn about multiple time-saving apps that cover the complete network service lifecycle and drive policy enforcement consistently across the enterprise to make sure of zero-touch infrastructure deployment, quality of experience, and rapid troubleshooting.
Moving to software-driven networking is the future. Join us and find out how to start your journey today.
2. Ronnie Ray
Sr. Director, Product Management
ranray@cisco.com
Cisco APIC-EM Automation Platform
Driving IT Speed and Simplicity
Through DNA Automation
3. Network Requirements for the Digital Organization
Insights and
Experiences
Drive Business
Innovations
Security and
Compliance
Real-time and Dynamic
Threat Defense
Automation
and Assurance
Speed, Simplicity,
and Visibility
The Network Helps Enable Digital Business
4. Automation
Abstraction & Policy Control
from Core to Edge
Open & Programmable | Standards-Based
Open APIs | Developers Environment
Cloud Service Management
Policy | Orchestration
Virtualization
Physical & Virtual Infrastructure | App Hosting
Analytics
Network Data,
Contextual Insights
Network-enabled Applications
Cloud-enabled | Software-delivered
Cisco DNA Innovations
New!
Enterprise NFV
Branch Service Virtualization
Controlled Availability, May 2016
New!
New!
Available on DNA-Ready Infrastructure through Cisco ONE Software
APIC-EM Automation Platform
Completely New Platform
Available Now
Base Automation: Plug and Play, Path Trace
Available Now
Policy Services: IWAN App & Easy QoS
Available Now
CMX Cloud
Presence Analytics and Connect
Available Now
5. Automation Drives Operational Efficiency and Agility
Time IT spends on operations
CEOs are worried about IT strategy
not supporting business growth80% 57%
0
100%
CAPEX OPEX
33% 67%
0 10 100 1000
Computing Networking
Seconds
“…While other components of the IT infrastructure have become more programmable and allow for faster, automated provisioning,
installing network circuits is still a painstakingly manual process...”
—TechTarget/Network Evolution, April 2015
Network Expenses Deployment Speed
6. Transformative Change in How Networks are Built
Result: DIY IT Process Automation Will Make Way for SDN Applications
DIY ASSEMBLY AND INTEGRATION READY TO GO
Faster Time to Market and Lower OpEx
7. Applications
SDN Abstracts the Network for Policy Based Control
SecurityOrchestration Automation Collaboration
SOUTHBOUND ABSTRACTION LAYER
CATALYST NEXUS ASRISR WIRELESSASA
REST API
OTHER
SDN Ideal:
Controller as the
Application Platform
SDN
Controller as
the Application
Platform for
Policy
Automation
Virtualization
8. APIC-EM
• User and things centric policy abstraction
• Simplification of complex network configuration with
embedded Cisco best practices
• Supports existing and new devices
• Virtual (ISO) or appliance-based delivery
Ready-to-deploy applications:
IWAN
Plug and Play (PnP)
Path Trace
EasyQoS
ESA
Cisco DNA Automation Platform for WAN and Access Networks
BENEFITS:
Brownfield Support
Ready-to-use-Applications
Open Northbound API
9. Network
Specific Control
APIC EM Vision
Resolves Declarative Business Intent
Renders into Domain-Specific Language
Application/User/Business
Driven Policies
“Only corporate-owned
devices in Group:FinExec can
access quarterly results DB”
Dynamic segmentation
based on
user/time/location/device
10. Functional Roles of Cisco APIC-EM
Control
Path and priority optimization based
on network wide policy application
Programmability
Open REST API’s for powerful NB
policy programmability for app
development or integration
Abstraction
Complete abstraction of network wide devices
and technologies agnostic of SB protocols
Automation
Massive simplicity and ease of use through
from zero touch provisioning to day N
operations
11. Automation: Plug and Play
Lower
deployment
costs
79%
”
Plug and play means no more IT
engineers in the field – faster time to
market and dramatically lowered costs.
“
New!
Eliminates
Staging Truck Roll
Cloud-Based Plug and Play
Plug in and
Cloud Provision
Order Controller-Based
Management
Cisco ONE
Foundation
SWIIM
12. How it Works: Cisco PnP Application
Plug & Play
Enterprise-wide scale
Automated workflow
79% lower
deployment costs
Pre-provision1 Discovery2 Secure Deployment3
Discovery1 Un-claimed Devices2 Secure Deployment3
Network PnP app pre-provisioned
with device SR number
Configure device discovery
• DHCP Option-43 or DNS
• Installer powers on devices
• Devices download image and
configuration
• Installer powers on devices
• Devices securely connect
to APIC-EM server, waiting
to be ‘claimed’
• Network admin claims devices
based on device information
• Device downloads image
and configuration
Configure device discovery
• DHCP Option-43 or DNS
Network PnP app on APIC-EM
Admin
EM
DHCP
Server
DNS
Server
OR
PnP-Agent PnP-Agent
EM
Device Authentication
Download Image
and Configure
Installer
Network PnP app on APIC-EM
Admin
EM
DHCP
Server
DNS
Server
OR
PnP-Agent PnP-Agent
EM
Device Authentication
Download Image
and Configure
Installer
13. Policy Service: IWAN Automation
Optimal Branch Experience
Made Easy
Faster
deployments85%
IWAN automation eliminates tedious
configuration tasks for advanced networking
features. I can configure IWAN with just 10
GUI clicks.
“IWAN Momentum
Intelligent
Path Control
Highly Secure
Connectivity
Application
Optimization
Transport-
Independent
200+
deployments running up to
2500 sites
Zero-Touch
Rollout
Set Application
Policy
Gain Visibility
and Tune
Point and Click
Troubleshoot
Simple Workflows
IBM
”
15. Policy Service: EasyQoS
Implements QoS in 250 ms
Enhance
Collaboration
Experience
300% 50%
Reduction in
voice jitter
Video quality
improves
Improved
Application Experience
with No Operator Intervention
”
The EasyQoS App reduces deployment times
for network-wide QoS dramatically. We can
now respond to changing application needs via
policy-based automation within minutes or
even seconds.
“
New!
Select from
Predefined
Policies
Automated
Deployment
of QoS config
Optimized
for Any
Infrastructure
Cisco ONE
Foundation
Edeka
16. How it Works: Cisco EasyQoS Application
Client A calls client B1 2 3
Calls end1 2 3
Optimal
Experience
Dynamic QoS in
< 1s
Reduce voice jitter
by 300%
50% improvement for
video traffic
RESTAPIRESTAPI
Cisco® UCM calls APIC-EM
to set up policy
Cisco UCM calls APIC-EM
to set up policy
QoS policy enabled
on network device
QoS policy enabled
on network device
EM
EM
17. Software Control: Enterprise NFV
Cisco’s approach to network functions
virtualization (NFV) delivers the elasticity
to invoke innovative capabilities in an
optimal way – whenever, wherever, and
with whatever capacity they are required.
Deploy Validated
Designs in Minutes
“
”
New!
Full Software Stack to
Increase Branch Agility
Central Orchestration Management
SDN: APIC-EM with Enterprise Service Automation
Freedom of Choice
Hardware: Cisco UCS® E- and C-Series | COTS
Software Intelligence over Hardware
Virtualization Layer: NFV Infrastructure Software
Consistent, trusted network services
Virtual Network Functions (VNFs): Cisco® and
Third Party
Computacenter
19. How it Works: Cisco Enterprise NFV Automation
APIC-EM with
Enterprise
Service
Automation
vRouter
vFirewall
vWAN optimization
vWLAN controller
Cisco® ISR, UCS E-Series
Cisco UCS® C-Series
x86 server
Third-party services
Select your
network functions
1
Select your preferred
infrastructure
2 Orchestrate and
automate services
3
IT Agility
Run on any platform
Elastic service scale
Deploy in minutes
EM
21. DNA Enabler:
Cisco APIC-EM with
Plug and Play
Enterprise NFV
• 3-6 months
• Costly onsite visits
• 3-6 days
• No service calls
Cisco DNA Business Benefit:
Time to Market for a New Branch Rollout
22. DNA Enabler:
Cisco EasyQoS
Collaboration QoE
with Nectar
• Several months for
manual changes on QoS
• Varied user experience
• <1 sec for dynamic
network update
• 300% lower jitter
• 50% improved video
Cisco DNA Business Benefit:
Employee Productivity: Collaboration and Training
23. What Cisco DNAAutomation Delivers
Simplicity
Network-wide abstraction supporting both Greenfield and Brownfield
Cost Reduction
OPEX reduction through adoption of Cisco best practices
Speed of Business Outcomes
Dynamic network that adapts to business intent policy
Open Programmability
Open NB REST API’s with agnostic SB interfacing
This cover slide should be updated with current information and left on screen as people log in.
- Replace ‘Topic’, ‘Guest Speaker’ , ‘Date’
There are three major IT priorities for IT to lead digital transformation in their respective organizations
Faster Innovation – digital demands businesses to differentiate customer experience and re-define models quickly. Yet only 30% of digital projects will succeed [Cisco study]. This is partly because IT processes are slow and costly and new technologies are being developed faster than they can be adopted.
Reduce Cost and complexity – over time the network has grown complex and our customers are spending 2-3 times more on OpEx than CapEx which is unsustainable in a digital world where there growing numbers of devices, apps, users, threats and static IT budgets.
Lower Risk and Meet Compliance – mobility and cloud by definition increase the attack surface of business, there is no perimeter … and it take 80 days to detect threats and even longer to remediate while 60% of data is stolen in the first few hours. All this while strict new regulations like the European Data Protection and Affordable Care Acts are being introduced.
How does the network need to evolve to enable growing business needs?
As we said before, the network connects all things digital. But let’s discuss how it needs to evolve to address IT priorities for digital.
The network needs to enable faster innovation by delivering Deep Insights on users behaviors, application performance, and threats, so the business can take Immediate Action to optimize factors like employee productivity, customer experience, and daily processes -- all around BUSINESS innovations and new differentiating or disrupting models. For example, in order to Personalize Experiences it needs to deliver context relevant information like what users and devices are on the network and where. And this is possible when the network has visibility and can deliver the analytics, helping businesses make better decisions faster. The network can tell a bank a VIP client has entered a store or what promotions are driving store front conversion or how well expensive real-estate is being utilized (CMX and CMX Cloud, available now). Or the network can see no users are on premises, and lower energy usage of lighting, HVAC, etc. (Digital Ceiling, available Feb 2016). As IoT solutions becoming more pervasive, we’ll see the network share information with applications to drive decisions. Example, Schindler Elevators are running their IoT app over the network to capture analytics on service elevators so they can proactively determine when to send technicians on site. (Non-pubic use case). Today we collect data through devices using CMX, Prime, Lancope; by end of CY16, we will have a Network Data Platform based in the Cloud that will collect rich network data and provide in a structured database with open APIs that customers and partners can tap into for supporting business decisions.
To sustain the increasing devices, apps and services, while reducing cost and complexity the network needs to deliver automation and service assurance. This will allow IT to get a branch office running quickly, or roll out new services and applications faster with efficiency and optimal experience. The focus here is IT agility, providing capabilities that allow speed at the lower costs. Cisco provides deep visibility into users and applications, and with controller innovations, we are fully abstracting the network and providing simple workflows following Cisco best practices, so IT can focus on business intent, and allow the controller enforce the policies dynamically.
Security continues to be a top priority for business and IT leaders! We know 69 percent of customers are less likely to do business with a breached organization. Also, maintaining compliance is difficult to sustain and less than 1/3 of companies remain compliant more than a year [Verizon PCI Compliance; 2012], opening themselves up to fines and legal procedures. The network needs to contain risk through integrated security services that rapidly detect and mitigate threats. Here the network – touching all things digital – can provide Security Everywhere and Consistently Enforce Compliance so that it acts as both a sensor and enforcer all the way from the clients to the cloud.
We all can agree, all these network requirements are very critical to supporting a Digital Organizations, and are the objectives of the Digital Network Architecture, that moves the network beyond a platform of connectivity to a platform for insights, automation and security.
However, while business leaders fully acknowledge the importance of the network in enabling digital, less than 10% of enterprises implementing digital business have very clear integration between their network and digital business strategies. (Source: Gartner). Let’s discuss why this is the case. (go to evolution of networking software)
As I said, we announced DNA last week, and apic-em is a vital proof point. Apic-em is the automation engine for enterprise networks, and check out the new applications, we’re innovating at a jesse owens pace here, and yes I just saw the movie an liked it, track and field is my favorite sport. Sorry I deviate - If you saw the apic-em launch in late October, you will know we announced a couple of shrink-wrapped apps with apic-em, and coinciding with DNA, we have added a few more apic-em application to the portfolio – namely easy-qos as well as improvements to the iwan app and plug and play app. With DNA we have also announced the virtualization of several network functions and hence an orchestration function for those is needed, which we deliver with the new apic-em enterprise services automation app. We shall talk about all these a bit later.
DNA services are delivered through Cisco ONE Software model, that is consumed in a very flexible and easy way.
April 2015 Vol 6/ No. 3
“WAN 2.0: Say goodbye to network provisioning delays”
http://searchnetworking.techtarget.com/ezine/Network-Evolution/WAN-20-Say-goodbye-to-network-provisioning-delays
SWM, an EFT customer for PnP, spends around $100 per 2960C for installation via a partner – Low end Access
Rolls Royce Engines pays $6000 per access switch installation and deployment through their partner British Telecom – 3850 Access
Kaiser Permanente spends $$ > cost of switch for day0 installation & configuration - 3850 Access
Per customer conversations, access device installation cost varies, based on switch, router, AP, partner’s involvement, etc. Range is $200 - $2000
Plug & Play
Enterprise-wide Scale
Automated workflow with no pre-configuration required
79% Lower Deployment Costs
Enable Device with Zero Touch
Set Policy base on Business Intent
Point and Click to Troubleshoot
Get Visibility Into Your Network
Optimize Capacity
Protect Your Applications
Plug in UCB and Turn On
Enable Policy on Controller
Get Visibility on Your Network
Look at Performance of Application
Fine Tune Your Policy
Understand Apps in Your Network
Group Based on Business Intent (Critical)Set Right Policy (this link and this bandwidth)
Available February
Deployments:
Multi-link / 3G/4G (new Feb28)
Pilot deployment
* 2+ Datacenters
Troubleshooting
* Robustness
* Qos troubleshooting
Compliance
Key benefits:
No need to open a wide UDP port-range for marking ACLs (Avoid Abuse & Vulnerabilities)
No Need for DPI at the edge to accurately identify traffic type
Classification becomes application-aware and specific, yet lightweight
Support wireless & BYOD devices without client software upgrades
Supports brownfield deployment, no need to forklift existing HW
Simple and easy to deploy, operator just express business relevance for applications and controller does the rest under-the-hood
End-to-end QoS provisioning can be done in minutes (vs months) leveraging tried and tested Cisco Validated Designs
Cisco Advantage
Unlike competition, Cisco’s SDN QoS solution works with existing hardware and software
Can be delivered without any major surgery to the network
Device-level knowledge of QoS tools, capabilities etc is no longer required by Operator to deploy QoS end-to-end enterprise wide
Can implement dynamic QoS in a multi-tier campus (access, distribution, core) in as little as 250 ms
Can achieve toll-quality voice from BYOD devices by reducing voice jitter by up to 300%. Similarly video quality can be improved by over 50%
Reduces Deployment and Operational costs through automation
Standardization of the network design, making it easy to troubleshoot issues
Zero touch deployment of a branch in a box
ITIL process alignment enable network deployment to fit with IT operating model
End to end design and deployment of branch services
Easy to augment new services in a branch as the use cases for the branch changes
now let’s talk about the enterprise services automation application for apic em.
Enterprise Network function virtualization shall have its very own webinar. But think about it – now you can define how you consume functions such as an adaptive security firewall –also known as asa- or wan optimization was services, or a wireless lan controller, or a virtual router … and you’ll see more and more 3rd party virtual network functions come up, which could be orchestration agents or others. Anyhow, you have these functions you can invoke.
Clearly, you need an orchestration tool to invoke them. That is exactly what the enterprise services automation app does. You automate and standardize according to company and Cisco best practices. Through its GUI, ESA provides intuitive ways for designing services for bringing up branch networks .
Cisco Enterprise Service Automation aids with orchestration, automation of processes, and service chaining of virtual and physical branches. It reduces the time taken to provision multiple branches simultaneously from what usually takes months to just minutes. ESA workflows align with ITIL processes, providing ways for user-created network designs for initial service provisioning and service upgrades.
A key principle of the Cisco Digital Network Architecture is enabling IT to virtualize all network services and decouple software from hardware to provide IT freedom of choice to run any service on any platform.
Cisco Enterprise Network Functions Virtualization (Enterprise NFV) is a powerful solution to run network services on both physical and virtual devices, including the Infrastructure Software, Virtualized Network Functions and Orchestration.
Use case: Branch Agility/New Site Rollout
Many organizations have distributed operations – banks, retailers, professional services, hotel, etc. Before DNA, it could take 3-6 months to get a site up and running once a lease is signed. With DNA, we can dramatically reduce time to market and operational costs by avoiding expensive onsite visits and driving productivity.
Automation and Virtualization are key areas of innovation.
APIC EM with Plug and Play means IT can automate Day 0 operations. Equipment doesn’t need to be touched before it is sent to a branch site. When the un-configured device is plugged in on site, it automatically call back to APIC EM through DNS or DHCP, identifies itself through “Trustworthy Systems” capabilities that ensures no tapering of the device, and notifies IT remotely so IT can securely push across the credentials.
Also, some customer may be looking for great flexibility to run network services. Enterprise NFV allows them to deploy services on servers already in the branch to deliver capabilities like routing, firewall, wireless LAN controller, and WAN opt.
Employees depend on applications to get they work done, and today’s global organizations heavily rely on voice and video for collaboration and training. As more applications move to the cloud, maintaining visibility and control has been challenging, and the growth in application traffic has challenged IT to maintain the SLAs business require. Leveraging QoS in theory could help, but deploying it consistently across all segments of the network is tricky and requires months of manual and error prone changes – leaving employees with varied user experience that directly impact their productivity.
With DNA, we leverage APIC and the EasyQos App to dynamically update the network to ensure IT can deliver a differentiated app experience. And with our partnership with Nectar, APIC know if CUCM or MS Lync calls are occuring, and within 250 milliseconds – before you can get the receiver to your ear – has already update the QoS markings across the network, and later removes it after your call is complete. The result have been outstanding – providing toll quality voice with 300% lower jitter and 50% improved video performance.