It’s challenging to know all the native cloud solutions available to use, it’s even more challenging to know which Cisco solutions are available for use with AWS.
You will find that there are solutions that repeat or even overlap portions of the AWS Migration stages. For example, in the Discovery stage of cloud migration, the tool you’d likely use for Application Discovery / Infrastructure Discovery is Application Dynamics (AppD).
It’s important to know that this is not an extensive list, nor should this be used in a silo; rather these are the most relevant products for a migration.
Below is a reference to the relevant Cisco solutions associated with the AWS Cloud Migration journey. Business outcomes will evolve as a customer matures in the cloud and so will the solutions to meet those outcomes.
Below is the prep work for migrating from ISE2.4 to ISE3.1+ for AWS, and the migration steps are here, but I have summarize them below.
Cisco ISE is available as an infrastructure-as-code solution leveraging AWS CloudFormation making the deployment of ISE a very light lift. I’ll be walking you through how to deploy ISE on AWS in a later post.
Step 1 – Base, Plus, Apex, and Device Admin licenses need to be migrated to Smart Licenses Step 2 – VM licenses need to be converted Step 3 – Migration can occur. Once licenses are prepped and converted, you go to the AWS Marketplace ISE BYOL listing and choose your deployment size.
If upgrading to 3.1 from an existing 2.X release, it is required that a customer migrate their existing licenses to the new licenses and then upgrade to the 3.0 release. I.e. These are the Base, Plus, and Apex license that need to be upgraded. Device Admin licenses are grandfathered and need to be upgraded to a Smart License as well.
ISE VM – You need to register the VM Common license for ISE 3.1 and later.
Customers need to migrate their ISE License to the new “Common License.”
To migrate the legacy VM license to the VM Common license, customers need to obtain the $0 upgrade Product ID (PID), “L-ISE-VMC-UPG=, from Cisco. This is the same PID regardless of what current size of VM license you have today.
2. To obtain a VM Common License for a net new deployment you’ll need the new VM PID, “R-ISE-VMC-K9=” Refer to the table below for a 1:1 mapping.
These VM licenses are valid in Cisco ISE 3.0 and earlier releases. Again, when you upgrade your Cisco ISE to Release 3.1, you will need to have VM Common license.
How to migrate license
To migrate the legacy VM license to the VM Common license, customers need to obtain the $0 upgrade PID, “L-ISE-VMC-UPG=,” in CCW. See ISE Licensing Migration Guide for the detailed process.
Support for VM and License
Q. What support do customers receive with the new ISE licenses?
A. The same as with current subscription licenses. With the new ISE software licenses, customers receive embedded SWSS—which covers 24x7x365 Cisco Technical Assistance Center (TAC) support and software updates. However, now Essentials will also have this support.
When customers upgrade the version of their legacy VM to VM Common license, they can continue to receive support based on the support contract purchased on legacy VM license PID. They can renew the support until the legacy VM license PID is EOL and reaches the last service renewal date per the EOL bulletin. There is no support for migration. For seamless support, the customer should request the legacy VM PID to be replaced with the desired VM PID in order to renew and receive support.
IT operations have one fundamental goal, to deliver performant applications at the lowest possible cost while maintaining compliance.
Because of this, organizations turn to cloud providers to achieve a lower variable cost compared to an on-premises data center, which is generally finite in scale and fixed in cost.
Cloud providers such as AWS can achieve higher economies of scale, which translates into lower pay-as-you-go prices and effectively infinite infrastructure.
Having a handle on which application requires which underlying resources, license constraints, and placement rules are beyond the scale of humans.
As a result, determining the placement of workloads minimizing cost while assuring workload performance becomes a guessing game.
Cost Optimization Pillar
According to AWS, a cost-optimized workload fully utilizes all resources, achieves an outcome at the lowest possible price point, and meets your functional requirements(AWS, n.d.).
Put another way, the Desired State is to assure workload performance and minimize spend in the public cloud (Intersight Handbook, 2021).
AWS provides a vast array of instance sizes to achieve optimized workloads and various ways to consume instances in an on-demand or via Reservice Instances (RI) which are heavily discounted for a specific term, generally one year or three years. Think of RIs as a billing discount applied to running On-Demand Instances. RIs are appropriate for consistent and predictable workloads.
The challenge with consuming RIs is that the public cloud consumers will pay for the RI whether they use them or not. RIs become more like “the sunk cost of a physical server on-premises than to the ongoing cost of an on-demand cloud instance (Intersight Handbook, 2021).” This consumption model can create behaviors that lend to horseshoeing application into an undersized instance or neglect to resize an instance when a workload outgrows its current resource needs.
“There are hundreds of different instance options in AWS and Azure, with new options and pricing emerging almost daily (Intersight Handbook, 2021).”
Automation to optimize costs
The lack of expertise and security is more critical at the beginning stages of cloud than managing cloud spending. However, as organizations mature their cloud practice, managing cloud spending becomes the number one issue, and they struggle to forecast cloud costs accurately.
An average of 24 percent of the organization reported that their cloud spend was over budget and expected to increase by 39 percent in the next twelve months (Flexera, 2021).
This issue is further compounded when you include more than one cloud provider and requires automation to decide on price and performance vs. price for performance.
Assuring applications performance while optimizing cost is precisely what Cisco’s Interisght Workload Optimizer SaaS will do. (Workload Optimizer is a separately licensed feature set within the Intersight platform)
Workload Optimizer is constantly receiving real-time data on consumption, pricing, and instance options from the cloud providers and combining such data with the knowledge of applicable customer-specific pricing and enterprise agreements to determine the best actions available at any given point in time.
It does this through direct API target integrations with the cloud provider in real-time to add value far beyond any cloud-specific or hypervisor-specific, point-in-time tools that may be available. Besides being multi-vendor, multi-cloud, and real-time by design, Workload Optimizer does not force administrators to choose between performance assurance and cost/resource optimization.
The underlying resources, license constraints, and placement rules of running workloads in the public cloud are beyond what most organizations can handle. While the organization’s capability to use the cloud continues to grow, so does its need to forecast and manage cloud spending. The solution requires automation, real-time information, and optimization to make informed decisions. Cisco Workload Optimizer has the ability to do just that and a whole lot more. If you’re interested in understanding Intersight and the components that make up the hybrid-cloud tool, you can find the documentation here.
Baker, M., Beck, B., Chosnek, D., McGee, J., McKeown, S., TerEick, B., & Vaswani, M. (2021). Cisco Intersight: A Handbook for Intelligent Cloud Operations. https://www.booksprints.net.
Snort 3 Anywhere is a containerized form factor of the well-known, industry defacto standard standard IPS engine. With this latest offering now available in AWS Marketplace you can easily deploy Snort 3 in your EKS or on-premises container environment. Learn more in Cisco’s blog.
Cisco Intersight Workload Optimizer is a real-time decision engine that drives continuous health of applications across on-premises and public cloud environments to analyze workload consumption, costs, and policy constraints across the full stack. Learn more via the new listing in AWS Marketplace and Cisco’s blog.
NEW AWS QUICK START >> Featuring Cisco Meraki Virtual MX
Customers can secure SD-WAN traffic between branch offices to resources on AWS with this new AWS Quick Start. Click to view and deploy.
Now a cliche but once a reality, it turns out that the canaries, like other birds, are much more sensitive to poisonous gases than humans. The birds were brought down into the coal mine and acted as an indicator and early warning of possible danger to the British miners.
An electronic detection system later replaced the birds, but these birds served an essential role for decades.
The public cloud has changed the way organizations deliver, respond, and represent their customers, and organizations are building an early warning systems approach to their cloud. The teams and systems that make up this strategy are Cloud Center of Excellent (CoE), which provides centralized controls, tools, and best practices.
The purpose of these teams is to accelerate cloud adoption by centralizing expertise while reducing costs and risk (Flexera, 2021).
Unlike the canaries that provide chaotic monitoring of harmful gasses, enterprises have tools that offer next-level proactive and predictive monitoring. These systems allow organizations to understand the complexity of their cloud and oversee across multiple business units and functional areas.
Well, it’s not a cute bird, but it does overcome the spiraling complexity of cloud, hybrid cloud, and traditional IT. AppDynamics, ThousandEyes, and Intersight Workload Optimizer make up Cisco’s Full-Stack Observability platform. Connecting the dots up and down the “stack”-from the customer or employee-facing application, all the way down to the lowest level infrastructure (compute, storage, networking, and public internet).
When we consider the technical environment we live in, we recognize the need to monitor the entire IT estate. Like the canaries in the coal mine, the answer is to predict and identify an issue before it adversely affects customers and businesses.