Category Archives: Network Infrastructure

Cisco Live 2015 Recap: IoT, Digital Age, Wireless Updates & More!

The GreenPages/LogicsOne Team landed at Cisco Live last week and spent the days soaking up new tech, new trends, and developing a sense of where the market is headed with everything Cisco.

Digital Age Keynote

John Chambers gave an incredible keynote (and also took a picture with my colleague Nick Phelps! See below). He’s a very commanding speaker with a great vision. He highlighted that 90% of companies believe that they should become digital and that only 7% have a plan in their head on how to do so. That is our market in a bottle. In 10 years, it’s estimated that 40% of enterprise companies won’t exist anymore. In 1950 the average company had a run time of 45 years. In 2010 it was only 10 years. The reason? People feel that they need to keep doing what they have been doing, for doing’s sake. It’s time to step up and make change, disrupt, or run the risk of being disrupted.

 

cisco live

 

 

 

 

 

 

IoE/IoT

The Internet of Everything and Internet of Things was once again a big hit overall with people at Cisco Live. They estimate that of the 7 billion people on earth, 4 billion have cell phones, 3.5 billion have toothbrushes. That’s how badly people want apps, app based lifestyles, and apps with sensors. And, on average, there are 50,000 new apps launching every week. The Internet of Things emphasized the different ways to apply the concept of everyone being connected to spark a generation of ideas and how to solve modern problems. Everything from providing a demo, to configuring a train to detect and change a signal to prevent a hypothetical crash, to a walking stick recently developed to enable the blind to see and feel their surroundings by detecting an announced crosswalk, traffic light status, and the number of stairs ahead to the user.

Meraki

Meraki is getting some serious development and is growing like crazy! They are continuing to provide the 2 week and up to 6 week Proof of Concept demo, risk and cost free for any size deal, from a single access point to an entire site design of 50 devices including Aps, switches, and firewalls. Of these Try and Buy situations, 75% of customers keep and possibly buy more gear.

  • The MX/Firewall appliance has had limitations with VPN support in the past, but has been updated to support 3rd party VPN connections, a visual dashboard with VPN traffic usage visibility, and a topology mode. GreenPages can enable the customer to manage and rapidly deploy this multisite VPN firewall solution out to hundreds of locations.
  • Cisco is applying its iWAN portfolio to the Meraki MX Firewalls! Cisco Intelligent WAN (iWAN) is a collection of Cisco technologies that provide redundancy similar to an MPLS network without much of the cost. Meraki will soon be supporting dual-active path support for VPN, and with PfR (Performance Based Routing) and PbR (Policy Based Routing) a customer with 2 circuits can utilize VPN over both circuits at once without a load balancer, while allowing for intelligent link selection based on things like policy, latency, or loss.
  • SourceFire’s AMP is coming to the MX firewall as well! This incredible anti malware protection centralized at the network firewall gives great visibility into what files, both malicious and non-malicious, are passing through.
  • Cisco ISE (Integrated Services Engine) is now compatible with all Meraki devices in addition to the traditional Cisco product line like switches, routers, access points. ISE allows a customer to centrally apply a profile-detecting policy that rivals Microsoft Radius for port level wired, wireless, and VPN security access. Hundreds to thousands of access points, site core switches, and remote site firewalls in an enterprise environment can be updated from a single dashboard for agility and dynamic security.

 

Wireless

  • Cisco is soon introducing full Wave 2 AC Wireless. The upcoming 1902i and 2902i access points introduce a max speed of 2.3Gbps, and more incredibly, the introduction of MU-MIMO wireless technology.
  • 2.3Gbps is a big deal. Think about it, 90% of customer client machines connect using existing 1Gb cabling, or the latest wireless of 1.3Gb. This new wireless is twice as fast, it can make more sense to go wireless instead of cabling for clients at all.
  • MU-MIMO means Multiple User wireless. Wireless clients currently have to “share the air”, transmitting one at a time across channels. This can lead to bottlenecks, complex configurations, and having to choose between coverage or capacity. MU-MIMO allows multiple wireless clients to communicate over wireless channels at once, allowing the entire wireless spectrum to be consumed constantly, leading to much more highway for all those packets. Combine that with increased wireless transmission speed, and I feel confident saying that wireless could possibly disrupt physical cabling and introduce a wave of the “All Wireless Office”.

cisco live

 

 

 

 

 

 

 

 

 

 

Nbase T

  • With wireless AP’s capable of up to 2.3Gbps comes the need for faster cabling, but no one is going to want to spend the time or money recabling. Let’s face it; ethernet is the last cabling we’re going to pull. Introducing Nbase-T, 2 additional speeds of ethernet that run on the existing copper ethernet cabling customers have now and can perform 2.5Gbps or 5Gbps speeds. This has the potential to be huge to allow high density wireless with very limited cabling, complementing the new wireless AP’s high density capabilities.
  • Also, think big picture here. Think how the market is going to respond to this. Manufacturers are going to want to build network cards for client workstations capable of using the same ethernet cabling at 2.5x or 5x the speed. We could see a huge shift to the end of a static 1Gbps wired speed to the client, with a move to an auto-detecting 100Mb to 10Gb spectrum. (.1Gbps) – 1Gbps – 2.5Gbps – 5Gbps – 10Gbs infrastructure all over existing cabling! This will let us keep up with the high bandwidth demands of our applications both internal and external. There are some cabling distance limitations, a chart showing that info is below.

 cisco live

 

 

 

 

 

 

 

 

 

 

 

 

Overall, it was a great event. If you’d like to talk in more detail about news that came out of the event or how you can take advantage of any of them in your environment, reach out!

 

By Dan Allen, Architect

 

Real World Example: Deploying VMware NSX in the Financial Sector

I recently finished up a project implementing VMware’s NSX and wanted to take a minute to recap my experience. The client I worked with provides call center services in the financial sector. They have to be able to securely access systems that have the ability to see credit card information along with other personal, sensitive information.

VMware NSXThe customer is building out new facilities to host their primary, PCI-related, applications.  In this environment, they have to be able to provide the highest levels of security, while providing high performing networking services. To achieve the necessary requirements, they have had to purchase new infrastructure: blade center systems, networking infrastructure (Nexus 5672s, Nexus 6000s, Nexus 7710s, Juniper SRXs, F5 load balancers, etc.), Software licensing, among other things.

They came across the need to purchase additional pairs of F5 load balancers but were up against their budget. When this happened, the Director / VP in charge of the project evaluated VMware’s NSX technology. After some initial discussions, he realized that NSX could not only provide the type of security the environment needed to drive higher efficiencies but could also provide some of the general networking services he was looking for.

Previous network designs included the need for complete isolation of some workloads and, to achieve this, the design called for trusted traffic to traverse a separate pair of distribution/access layer switches to reach external networks. This design also made it necessary to acquire separate F5 load balancers, as specific traffic was not allowed to comingle on the same physical infrastructure due to the way the security team wanted to steer trusted and untrusted traffic. This meant that the team was required to purchase twice the hardware; separate Nexus 6000s and separate F5 load balancers.

Because of the NSX Distributed Firewall capabilities, security teams have the ability to place required rules and policies closer to applications than has previously been achievable. Because of this, networking designs changed, and allowed for infrastructure requirements previously deemed necessary to be alleviated. The ability to stop untrusted traffic before it ever reaches a logical or physical wire gave the team the opportunity to converge more of their networking equipment; eliminating the need to utilize separate Nexus 6000s. In addition, with the NSX Edge Services Gateway having the ability to provide network load-balancing, they were no longer required to purchase additional physical equipment to provide this service. With the budget they put towards NSX licensing, they were able to get the all the security and load balancing services they were looking for and also put money back into their budget.

The Engagement:

Over the span of approximately one month, the security team, networking team, server / virtualization team, and an auditing team worked together in designing what the NSX solution needed to achieve and how it would be implemented. I believe this to be an important aspect of NSX projects because of the misconception that the server / virtualization teams are trying to take over everything. Without each team, this project would have been a disaster.

As requirements were put forth, we built out NSX in building blocks. First, we identified that we would utilize VXLAN as a means to achieve desired efficiencies: eliminating VLAN sprawl, segregating trusted traffic in the logical, software layer, and allowing Disaster Recovery designs to become easier when using the same IP address space. Once networks and routing were implemented, we were able to test connectivity from various sites, while achieving all requirements by the security team. The next item was implementing NSX security. This item required new ways of thinking for most teams. With VMware NSX, customers have the ability to manage security based on vCenter objects, which provides more flexibility. We had to walk through what the contents of each application were, what types of communications were necessary, what types of policies were required, and, in identifying these items, we were able to build dynamic and static Security Groups. We then built Security Policies (some basic that could apply to a majority of similar applications, some application specific) and were able to re-use these policies against various Security Groups, speeding the deployment of application security. We applied weights to these policies to ensure application specific policies took precedence over the generic. In addition to Netflow, we applied “Flow Monitoring” as a means for the networking and security teams to monitor traffic patterns within the NSX environment.

All in all, this was a very successful project. Our client can now better secure their internal applications as well as better secure sensitive customer data.

Remember, NSX can be mislabeled as a server team product, however, the network team and security team need to know how it works and need to be able to implement it.

Are you interested in learning more about how GreenPages can help with similar projects? Email us at socialmedia@greenpages.com

 

By Drew Kimmelman, Consultant

Reader Question: NSX Riding on Physical Infrastructure?

There’s been a lot of traction and interest around software defined networking lately. I posted a video blog last week comparing features and functionality of VMware NSX vs. Cisco ACI. A reader left a comment on the post with a really interesting question. Since I have heard similar questions lately, I figured it would be worth addressing it in it’s own post.

The question was:

“Great discussion – one area that needs more exploration is when NSX is riding on top of any physical infrastructure – how is the utilization and capacity of the physical network made known to NSX so that it can make intelligent decisions about routing to avoid congestion?”

Here was my response:

“You bring up an interesting point that I hear come up quite a bit lately. I say interesting because it seems like everyone has a different answer to this challenge and a couple of the major players in this space seem to think they have the only RIGHT answer.

If you talk to the NSX team at VMware, they would argue that since the hypervisor is the closest thing to your applications, you’d be better off determining network flow requirements there and dictating the behavior of that traffic over the network as opposed to reactive adjustments for what could be micro-burst type traffic that could lead to a lot of reaction and not much impact.

If you were to pose the same challenge to the ACI team at Cisco, they would argue that without intimate visibility, control and automated provisioning of active network traffic AND resources, you can’t make intelligent decisions about behavior of application flows, regardless of how close you are to the applications themselves.

I think the short answer, in my mind anyway, to the challenge you outline lies within the SDN/API integration side of the NSX controller. I always need to remind myself that NSX is a mix of SDN and SDN driven Network Virtualization (NV) and Network Function Virtualization (NFV). That being the case, the behavior of the NSX NV components can be influenced by more than just the NSX controller. Through mechanisms native to the network like Netflow, NBAR2, IPFIX, etc. we can get extremely granular application visibility and control throughout the network itself and, by combining that with API NSX integration, we can evolve the NSX solution to include intelligence from the physical network thereby enabling it to make decisions based on that information.”

Like I said, an interesting question. There’s a lot to talk about here and everyone (myself included) has a lot to learn. If you have any more questions around software defined networking, leave a comment or reach out to us at socialmedia@greenpages.com and I’ll get back to you.

 

 

By Nick Phelps, Principal Architect

VMware NSX vs. Cisco ACI: Which SDN solution is right for me?

In a video I did recently, I discussed steps organizations need to take to prepare their environments to be able to adopt software defined technologies when the time comes. In this video, I talk about VMware NSX and Cisco ACI.

VMware NSX and Cisco ACI are both really hot technologies that are generating a lot of conversation. Both are API driven SDN solutions. NSX and ACI are really good in their unique areas and each come at it from a unique perspective. While they are both very different solutions, they do have overlapping functionality.

//www.youtube.com/watch?v=xtdfHGnCovA

 

Are you interested in talking with Nick about VMware NSX or Cisco ACI? Let’s set up some time!

 

By Nick Phelps, Principal Architect

How to Prepare Your Environment for the Software Defined Networking Era

Whether it’s VMware NSX or Cisco ACI, to adopt any software defined networking solution there is a lot of backend work that needs to be done. Before you get into the weeds around specific products, take a step back. To be successful, you’re going to need to have a level of understanding about your applications you’ve never needed before. The key is to take the proper steps now to make sure you can adopt software defined networking technologies when the time comes.

 

Preparing Your Environment for the Software Defined Networking Era

 

//www.youtube.com/watch?v=Y6pVmNrOnCA

 

 

If you’re interested in speaking to Nick in more detail about software defined technology, reach out!

 

 

By Nick Phelps, Principal Architect

SDN Technologies: No Need to Pick the Winner, Just Get in the Game

With SDN, there are a lot of complementary technologies. Will the future be Change or Die? Or will it be Adopt & Co-mingle? In this short two minute video, GreenPages Solutions Architect Dan Allen discusses software define networking. You can hear more from Dan in this video blog about Cisco ASA updates and this video blog discussing wireless strategy.

 

SDN Technologies

http://www.youtube.com/watch?v=p6qgBY10SyY

 

Would you like to speak with Dan about SDN strategy or implementation? Email us at socialmedia@greenpages.com!

 

Network Virtualization: A Key Enabler of the SDDC

In this video, Steve Mullaney, VMware’s SVP of Networking and Security Business Unit, discusses network virtualization. Network virtualization is a key enabler to delivering a software defined data center. According to Steve, from a customer perspective there really ends up being two use cases. The first is an agility use case to increase speed to innovation. In the past, organizations have had to separate infrastructures for development and dev and production. Network virtualization is allowing people to have one common computing infrastructure that they can logically isolate and create separate networks. This easily allows them to move from production to dev to test.

The second use case is security. Network virtualization allows organizations to provide additional security mechanisms within their data centers by using microsegmentation. If a company were to do this with physical firewalls and exiting technology, it would be extremely expensive and close to impossible operationally to implement. Network virtualization makes this a possibility.

You can hear more from Steve on Twitter. Follow @smullaney

 

Network Virtualization and the Software Defined Data Center

 

http://www.youtube.com/watch?v=CfiYqF9EU10

 

 

 

GreenPages is one of VMware’s top partners in the country and last year won its Global Virtualization of Business Critical Applications Award. Email us at socialmedia@greenpages.com to see how GreenPages can help with your VMware initiatives.

 

 

Cisco ASA Line Updates: What You Need to Know

As many of you know, Cisco acquired Sourcefire last year. Now that the acquisition has been completed, there are updates to the Cisco ASA Line you need to know about. In this video, Solutions Architect Dan Allen provides a detailed run-down of important product changes and updates.

 

Cisco ASA Line Updates

http://www.youtube.com/watch?v=RF134pqIQGQ

 

 

Would you like to speak with Dan to get more information? Email us at socialmedia@greenpages.com

 

 

 

 

 

What’s Your Wireless Strategy?

Video with Dan Allen, Solutions Architect

 

There are many different factors that go into wireless deployments. Before you start you need a well thought out wireless strategy. For example, IT departments need to look into whether they have specific power restrictions. Will it be cheaper to run new cabling? Do you have the right switching infrastructure to support your initiative? Is it PoE or UPoE? How will you address security concerns?

 

What’s Your Wireless Strategy?

 

http://www.youtube.com/watch?v=JvVpot9_1kE

 

 

Are you interested in speaking more about your wireless strategy? Email us at socialmedia@greenpages.com

 

 

 

 

 

How Software Defined Networking is Enabling the Hybrid Cloud

By Nick Phelps, Practice Manager, Network & Security

 

Networking expert Nick Phelps discusses how software defined networking is enabling the hybrid cloud & creating the networks of tomorrow.

 

http://www.youtube.com/watch?v=VMIBY1wnUzU

 

 

Interested in learning more about software defined networking? Email us at socialmedia@greenpages.com to set up a conversation with Nick!