Cisco releases Spark and Jabber Interop

Good news the Cisco Spark and Cisco Jabber interoperability is up and running and working.   People using Jabber 11.9+ can now see and chat with people on Cisco Spark, but one to one only.   Soon spark spaces will also be supported.  There is some presence sharing between the platforms.

jabberplusspark

The Jabber Platform does not support access to Spark Spaces, ad-hoc group chats, the share of attachments or screen sharing across platforms at this time.  So 1 to 1 chat is all users get for now.   Details of new features in this link.

A few deployment requirements….

Jabber must be CLOUD DEPLOYED – so no on premise deployments are currently supported.  You will need to contact Cisco to get your system added to the Cisco Spark platform identity service.

This is a long time coming feature many clients have been asking for as customer embrace both platforms, however, most clients looking to migrate are probably using an on site implementation of Jabber today.  Hopefully, Cisco will support on premise migration strategies soon.

Advertisements

The FlightChops teams reaches 100K Subs!

So many of you know I am good friends with Steve Thorne from www.flightchops.com and also his amazing YouTube channel located HERE

I want to take this moment to congratulate Steve and his team for reaching 100K subs, as of this writing he is actually at 107K.   This has been an amazing story about someone who was passionate about a topic, took that online in their own way.   People attacked Steve alot in the beginning, and even now for posting mistakes, troubles and pitfalls of learning to fly but the truth is – that is what made his channel popular.

Sponsors have taken note, and big names too like Bose and ForeFlight have put some support behind Steve.  Even with the big name support he still receives a significant contribution from Patreon (including me) and he never forgets those who got him here, by running many contests for everything from Bose Aviation headsets to a San Juan Islands Adventure trip!

Content is king – bottom line – and Steve and his team of editors and videographers have amassed a ton of content and gone from twice monthly to sometimes 4 times per month publishing this amazing content.      Steve continues to do this his way, and sponsors do not impose on content.   His “day job” of video and media production has brought a significant professional flair and production quality to his episodes and that production quality has been steadily increasing.

Will this ever reach “Mainstream” television?  You mean YouTube isn’t mainstream?   I would appear to me that the likes of “Outdoor Network” are only interested in fake shows auctioning off storage units sadly.

So if you are a private pilot, or just an airplane nerd like me – go and check out his humble little channel and I promise you will learn something along the way, as Steve says “Keep your Flight Chops Sharp!”

Congrats again Steve on your channels success!

Cisco dCloud Team Releases SD-Access V2

The Cisco dCloud team has released SD-Access V2 lab which includes DNA Center.

Due to the dCloud environment being so popular you may need to wait until later this week to get your hand on it, but the good news is, it delivers.    Many have been asking about getting their hands on DNA Center.     This is a BETA – so following the lab guide is advisable or things may not work – keep in mind it isn’t actually programming real switches in the back end.

2017-07-11 15_20_06-4D_SD_Access_v2 (1).pdf

Well it is here, and you get to setup a new network, deploy SSID’s, and build policy.   Right now this is just a DNA Center demo walk through.   You will get the change to design, provision and build policy in the live demo.   DNA Assurance – NDP or Network Data Platform is not available at this time.

The team was quick to get this demo in our hands, so go out there and get your hands on DNA and see how intuitive you think it is.

 

 

Cisco Announces “The Network. Intuitive.”

With content courtesy of Cisco Systems

Last year I broke down the Cisco DNA – Digital Network Architecture in an article called “Beyond Marchitecture”, because quite frankly, it was a ton of marketing with little substance.

This year at Cisco Live! 2017, Cisco has done this the right way.   With a new campaign, backed by the technical prowess we expect from Cisco and launched with all the big names, and big programs we expect.  This was well thought out, and if this is what Chuck Robbins is going to bring to the table of Cisco Systems – there should be some big things ahead.

In a series of interviews with different business units, it was revealed that the “Handcuffs are off” and departments have been given the ability to innovate, collaborate and tear down the silos.  This new program demonstrates that.

The Network.  Intuitive.

2017-07-05 11_36_44-DNA for CL Vegas.pdf - Adobe Reader

First get past the grammar related issues of the new DNA Campaign, and realize that is it not “The Network Intuitive” it is “The Network. Intuitive.”  – punctuation matters here

The key to understanding “The Network.  Intuitive.” is in two powerful words.

Intent

As announced by Chuck Robbins in the Cisco Live keynote, they want you to power your network with business intent.   No more programming VLANs, or setting up routing, but truly going into a unified console and telling it what you want to do.

“A computer will do what you tell it to do, that may be totally different from what you had in mind” — Quote Unknown

The idea that “Machine A” can talk to “Server B” and “User Y” and talk to “System X” without worrying about the underlying infrastructure is where they are going.

This is a construct, not a product, but unlike DNA-2016, there is a strong technical basis for this idea.

Context

Intent does not do you any good, unless you have context in your network.   We need to understand, who is where, and understand what they are before we can set our intent against that object.

Chicken before the egg syndrome a little bit, how do we secure, route and prioritize our network, if we do not know what this traffic, who they are and what they are trying to do.  Today context generally comes from things like IP Addresses and subnets.    In DNA-2017, this context come from Cisco ISE.

The Network. Intuitive.  InfoGraphic.

2017-07-05 14_38_42-DNA for CL Vegas.pdf - Adobe Reader

The latest info-graphic from Cisco really does provide a good overview of this new architecture.

The underlying technology for this new intuitive network technology is SD-Access – Software-Defined Access.  This of “ACI – Application Centric Infrastructure” but now it is user centric – make our decisions and policies and apply them to users, and where they are is unimportant.

SD-Access Building Blocks

SDAccessInfoBlock

I want to help build the SD-Access story for you, so you can understand how this technology comes together.  Like like years DNA announcement, SD-Access is a reference architecture, but there are bespoke technologies around it.

Transport Layer – Network

At the very basic transport layer, SD-Access relies on a few switch options that are available today.      Supported on Catalyst 9K, 3650, 3850, 4500E, 6500/6800 and Nexus 7K.  Wireless options are 3800, 2800, 1560 and controllers 8540, 5520 and 3504.

The new one to this party is the Catalyst 9000, developed by the team at Cisco with the new DopplerD series CPU with tons of power and supporting ETA – Encrypted Traffic Analytics.    Please see my future blog post on the Catalyst 9000 series.

These devices do all the transport and implementation of policy in the background of SD-Access and move the bits around your network

cat9k

Understanding the Campus Fabric

The underlay network will transport your traffic from place to place, this is what makes up your campus fabric.   True virtual networking to the endpoints through encapsulation, not just through VLANs anymore.    The idea is we want to segregate the forwarding plane, from the services plane, why should our physical network dictate how traffic flows around our network, but how can we add capabilities without massive complexity.

2017-07-09 07_46_09-(48) TechWiseTV_ A Deeper Look at Software-Defined Access - YouTube

If you want me to sit here and admit that this is as easy as the old VLANs and IP addresses in your network – it simply is not.   However the security, control and simplicity once it is implemented is worth it.  The automation and contextual data you will receive.

The transport does not need to be complex, by using an overlay, we can deliver features through the overlay, and the underlay network, the hardware does not need to be complex.

LISP – Location Identity Separation Protocol – Layer 3

This bring together location and identity.    Think of the old way for a moment, we know switch port, and IP address or subnet, and we have a weak idea of the context of a user, who and where they are.  LISP takes the IP and Location and segregates them so that IP and Location are not tied anymore.

LISP is like DNS for packets,  when a switch needs to forward packets from place to place, LISP identifies to the network device locations and the routes required using a map server or resolver.   This could be an IOS device or a virtual machine somewhere.   LISP allows a device to live in any place on the network.  Getting in and out of the LISP environment is via a tunnel router or “XTR”.

This is what provides mobility of devices around your network, even if a user moves to another building or another floor, the IP address of that user does not change – they just move from place to place and the map system handles where that user is

VXLAN – Layer 2

Wait, why is VXLAN showing up in the access layer?   Well, LISP is really a layer 3 technology, it ensures that packets can route, but what if we have users across multiple layer 3 areas that need layer 2 connectivity?   What about multicast and broadcast traffic.

VXLAN provides the transport of our layer 2 traffic across our campus fabric.

Transporting Policy with Cisco TrustSEC

We can now add contextual information into the VXLAN headers through “SGT” or scale-able group tags.   We need to use TrustSEC so that we can apply policies against objects but not based on their IP, but their identity.     Instead of using the IP address, we use the SGT – tag to tell the rest of the network who owns this packet so we can make decisions based on security.  SGT is applied by ISE and then access lists and rules are applied against security groups, users are placed in those groups within ISE.

Identity Layer – Context

This is where the context comes in.   ISE – Identity Services Engine is used to create network identity for objects, users and systems.    I know what some of you are thinking “Oh no – ISE”.   Have you taken a look at ISE 2.1+ ?  They have vastly improved the experience.    There is no question that adding ISE will complicate your life, but it is the contextual engine that provides the data you need to secure your network.   There is no avoiding ISE anymore, you will need to have it in your life, and your network.

ISE

There are benefits here, once ISE is implemented, all of your network devices start to see things are user activity, firewalls show users names not systems, you can start deploying policy against groups of objects and network authentication becomes very easy.   Your wireless network becomes easier to manage from a security perspective.

Interface Layer – Intent

This is the real veggies.   DNA Centre is the new package for the APIC-EM platform.    This is Cisco’s single pane of glass attempt by Cisco so make a UI front end for your network, the intent is a single pane of glass for your ENTIRE network.

dnacentre

This is where your contextual groups from ISE like users and servers will meet up with the policy you want to create.   There is no denying the interface is a little “Meraki” like, clearly they borrowed some design concepts.    All of the complex components of SD-Access meet here in DNA Centre, and are then pushed out to the rest of your network.   The automation from DNA Centre will automate everything for you.  From dealing with ISE to programming those Catalyst switches.   This is the automation layer.  Set what intent you want, and automation will turn that into action down on your hardware layer. Worrying about all this VXLAN and LISP stuff?  No worries, DNA Centre will help you here.

2017-07-09 07_56_42-(48) Cisco SD-Access - Campus Fabric with DNA Center Automation & Assurance with

NDP – Network Data Platform

No shortage of data about our network, we have NetFlow and Syslog and any number of tools to deliver data.   In the coming months as we get a better look into the new Network Data Platform, we will learn how this will help correlate network data and provide analytics.   This is where the old “Proverbial lead into gold” promise is supposed to deliver.   For me this is a wait and see approach, right now there just isn’t enough data out there, for now that is all I have to say.  This is still very early.

 

More to come in future posts about Catalyst 9000 and DNA Centre, NDP and ETA.

 

 

With content courtesy of Cisco Systems

 

Denise “Fish” Fishburne Designing new security focused “Network Detective Series”

If you have read my blog, you know I am a huge fan of Denise “Fish” Fishburne’s sessions, not only because Fish is an amazing dynamic speaker but these are not your typical sessions.

The Network Detective Series has been well reviewed, both here on my blog, and on other blogs.  If you are new to networking, and even old to networking this series will make you a better troubleshooter. Check it out HERE.

Screen Shot 2017-06-29 at 8.35.20 AM.png

During the event it was well known that “The Network Detective” series was ending this year as Denise transitioned to a security focus. In a series of tweets during Cisco Live, Denise announced that “Techniques of a Network Detective” will continue next year.

 

Screen Shot 2017-06-29 at 8.50.52 AM

networkdetective-229x229

In an adhoc interview after the Cisco Live Customer Appreciation Event we learned that not only will Network Detective continue with fresh content for Cisco Live! in 2018, but after that the old content will hit the floor and a new Security Content / Focused version of “Network Detective” will launch for 2019.

You know I will be there, front row to hear all the new “Techniques of a Network Security Detective” and will report back here.

CiscoLive! Techtorials – Worth it? #CLUS 2017

Are Techtorial Sessions Worth It ?

In a word?   YES.

Now to explain why….

This year I flew out Saturday, and was here on Sunday, in order to attend a techtorial.     I chose Immersive Journey Into IPV6.  Yes, it’s true, I am not a superpower when it comes to IPV6, I know enough to do what I need, and what my clients need, but I am lacking.

Where am I lacking?  Think about IPV4, ARP, DHCP, DNS, all those protocols and how they talk to each other, how they work at the bit level.   I know that stuff pretty cold, but IPV6 the light bulb never went on, for me I just didn’t feel comfortable, I didn’t feel like I knew it cold.

Well, that changed today, after an entire day in the room with amazing speakers, Denise Fishburne, Scott Hogg, Ed Horley, Tim Martin and Jim Bailey.   Feel free to check out their credentials, but Scott literally wrote the book on IPV6 Security as one example.     Denise “Fish” Fishburne is without question the premiere troubleshooter (See my previous blogs).

Our session went down like this..

Screen Shot 2017-06-25 at 3.21.43 PM.png

This was a SERIOUS content download, we went into a ton of detail in each section.  Fish talked about how she learned IPV6 from the packet and backwards into the RFC,  Scott talked about IPV6 hacking and vulnerabilities and how to protect yourself from common attacks.   The design section went into IPv6 address design and even had a enterprise design practical example.  Ed went into AMAZING detail about host operating IPV6 support, what works, what doesn’t and tips for deployment.   This section I really appreciated, there are so many nuances.

Why is the money worth it?

Quite simple – bang for your buck.   Sure, one techtorial is about 30%  more on top of the cost of your entire full conference pass, but in previous years I noticed I was taking out so much time for World of Solutions, DevNET and other sessions, I couldn’t FOCUS on topics I wanted a deep dive on.   I also missed sessions I wanted.  With the Sunday session techtorial, I could get in the room, listen from multiple amazing speakers on a great topic and there is nothing else I am missing.  I could FOCUS.

The benefit of going all day on this topic is, each section threads into each section and you get continuity in learning.   Don’t forget, this is a Sunday, that means there is also less of a chance that your regular job duties will interrupt you.

If you want to get the most out of your CiscoLive! trip, you want to be able to see as much as possible. Focus on the Sunday on the topic you wanted that deep dive on, it allows you to learn better. This will free up time later in the event to hit the World of Solutions, try new things in DevNet, and hit up even more of the smaller sessions.

Keep in mind, you can pay for techtorial sessions with Cisco Learning Credits (CLC) so make sure when you purchase Cisco Hardware and Software to make sure your partner and Cisco rep are working to get you those CLC’s.

disclaimer:  I won this techtorial last year in a social media contest, and redeemed that free credit this year.  I did not pay out of pocket to attend this session.

Cisco Live! Returns to Hot Breakfast!

Last year I wrote this blog about the breakfast offerings at Cisco Live!, outlining the importance of a good breakfast on learning comprehension.   I made sure that this information received wide distribution, and many of you helped with your retweets to the team @CiscoLive, and as a result it did become something considered this year.

I have been advised by the Cisco Live team that hot breakfast sandwiches have been added to the menu for Monday through Thursday!    This is amazing news.    I have to thank in particular Kathleen Mudge @KathleenMudge  for helping spread the word at Cisco Live offices.

“Food is like a pharmaceutical compound that affects the brain,” – ULCA Professor of Neurosurgery and Physiological Science Fernando Gómez-Pinilla.

Short term memory and auditory attention are higher when a breakfast offered with protein as opposed to refined carbohydrates is offered, no more sugar crash, and power through your day.

For me personally, this is important, as I have recently embarked on a low-carb Ketogenic lifestyle.  More options give us better ability to learn and interact.

This is a great win for all delegates, and for the social media community as a whole.