What is #DCloud and the new DCloud @Splunk Lab

I have not written much on the blog about DCloud, and I spend days and then not days on DCloud testing and learning.  It is currently one of my favorite tools from Cisco, and something that no other vendor in the industry is doing.   Cisco is spending a ton of dough on this, and for good reason.

What is DCloud?

What is the worst thing about your lab, assuming in this day in age you even have one?    Unless you are extremely vigilant, it is always broken.   Someone is in a rush, they do something in the lab which almost always involves changing something or breaking something and then when you need it, it’s broken.

The other problem is that your lab is really only setup one way.   Do you have 3 versions of UCCX?  How about 3 different management tools.    I am sure Justin Chin-You @jchinyou does over at Cisco, but for many of us it does not work that way.

What DCloud does is give you the ability to test, demonstrate and run 143 (as of this writing, they are constantly adding more) different labs, demos and sandboxes.   On everything from iWAN, ACI, Voice, Video, Routing, Switching, Management tools, SDN and many more.    Instantly.

Checkout this quick Youtube video from #DCloud Steve

They even have real hardware for some demos, and if you want you can connect real telephones to it — Wait.. how?   They have a slick VPN setup, with pre made configs that you can use to extend the lab right into your office.

It really is that good.    Labs turn up in moments,  everything is just setup and ready to go – and you can either follow their lab guides for demos or learning — or just login and mess around.   Don’t worry you cannot damage anything when you are done the lab resets automatically.   This is no simulator, this is the real deal and you are more than welcome to hack around and learn.   They even have traffic simulators so that when you do firewall and security labs, there is actual traffic in there.    You get full admin access – passwords for god access into everything.   Build your own demo or lab scripts based on their hardware setup if you want.   This is not just for demo.    Ever wanted to play with a new technology like iWAN or SDN and just do not know where to start?   They include a full PDF lab guide for you with step by step instructions if you want.

Here is a quick video posted by the #DCloud team showing one of my favorite labs

Hot off the E-Mail presses – #DCloud Rolls Splunk

One tool I just have not had enough time with – is Splunk.  Did you know Splunk made software – they make more than t-shirts.     Splunk does an amazing job of visualizing and analyzing security products in a consolidated way.    Now you can actually get your hands on it, in DCloud and try it your for yourself without the pressure of a timeline.

Here is the descriptor right from the DCloud site.

Splunk and Cisco have collaborated to deliver out-of-the-box visibility across Cisco-centric security environments using ASA/PIX/FWSM firewalls, Identity Services Engine (ISE), pxGrid, FirePOWER IDS, Advanced Malware Protection (AMP), Web Security Appliance (WSA) and Email Security Applicance (ESA). The scenarios in this solution illustrate how the Cisco Splunk Security Suite delivers unified visibility across Cisco devices to help:

  • Protect you before an attack happens
  • Enable you to respond quickly during an attack
  • Enable you to perform a rapid forensics investigation after an attack

Splunk Enterprise 6.2 with Cisco Security Suite v1 provides a consolidated view of your organizational posture across the entire Cisco security environment, with the ability to drill down into specific areas, including:

  • Email security using ESA.
  • Web security categorizes web traffic coming from the proxy using the WSA.
  • Network security presents data from Cisco ASA pix, Next Generation Firewall with FirePOWER IPS, and new detection data.
  • Identity services present user and device information from the ISE policy management platform.

Ranges of trigger alert thresholds can be set to queue events, leveraging data from multiple security routes and sources. Using this solution, it is possible to combine Cisco AMP data with device information from ISE in order to identify infected devices and classify events.


Scenario 1: Dashboard Overview

Scenario 2: Service Impact Analysis

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s