Cisco SDWAN and Umbrella Integration

Cisco SDWAN offers full-stack security capabilities like IPS/IDS, a stateful firewall, AMP integration, and the ability to leverage the full capabilities of Cisco Umbrella. I can’t emphasize how easy it is to bring Umbrella Security to your Cisco SDWAN deployment. Check out my short video to see how to make it happen.

Cisco SDWAN + Umbrella

Update: 9/1/2020 – This procedure has changed with the release Cisco IOS XE SD-WAN Release 16.10.x and Cisco SD-WAN Release 18.4.x – Umbrella auto-registration

Source:
https://docs.umbrella.com/hardware-integrations/docs/sd-wan-dns-layer-security-configuration

Mike

The open and programmable engineer

We are building our networks and services at an unbelievable rate. Not only are we innovating faster, but we are also creating a precedence of an “always-on” world.

Many things are contributing to this: the cloud, cell phones, WiFi, to name a few. How are we, as engineers, expected to keep pace with the needs of businesses, consumers and an “always-on” world?

It starts with us embracing a new set of skills: programmatic skills, which in my opinion, will be a foundational skill moving forward for anyone in IT. Understanding python, data models, and data formats are skills that the next-gen engineer will be required to have. It will grant us the ability to maintain the status quo of “always-on.” As a by-product, it will bring predictability, assurance, and agility to how we operate our networks.

Unfortunately for myself, I am late to the table. I spent 14-months and a grueling study schedule to achieve my CCIE. During this time, I missed out on learning how to be programmatic, open, and agile in a programmable age.

But it isn’t too late.

The hardest part about adopting these new skills won’t be learning them but forgetting about our old habits. I’m not talking about forgetting how STP operates or how to manage routing protocols. I’m talking about not keeping a notepad of staged configurations or working from a command-line interface.

The most natural part will be our ability to solve issues just as well, if not better, and to solve them at scale. Join me on the journey to adopt the skill required to meet the demands of an “always-on” world.

Mike

Introduction to Kubernetes


Google started containers back in the early 2000s. They needed a system that would manage containerized workloads and would be capable of running production workloads at scale. They developed a system they called ‘Borges‘, which was replaced by a later system dubbed ‘Omega’. Google’s dedication to the development of containers resulted in Google releasing the Kubernetes project in 2014 to the open-source community.

Kubernetes is an open-source platform for managing containerized workloads and services. It automates deploying, running and scaling the operation of containers on physical or virtual machines.

What are containers?

Containers are the virtualization of operating-system-level resources. For example, take the files in /usr, /etc, /bin and marry that with the application files and you essentially have a container.

This is a bit different from the way we traditionally virtualize. Most of our virtualization is hardware centric.  

We take a piece of hardware then install a hypervisor and operating system. We install the application on that operating system and we call it a VM.

This traditional way comes with disadvantages. For one, VMs are heavy. VMs require a lot of resources; to move them around, to bring them back to life, and to create new ones. The application team and the development of their applications generally rely on the underlying infrastructure. So if the infrastructure wasn’t capable of supporting the application, it would result in delaying application updates.

VMs simply are not agile enough for todays application centric world.

Containers, however, support this agility. This application agility is often known as continuous integration and continuous development (CI/CD) workflow. Containers are light weight and independent of one another. Containers are easy to create and easy to destroy. Also, because they are independent of the underlying infrastructure and from the host filesystem, they are portable across clouds and OS distributions.

What does Kubernetes mean? K8s?
The name Kubernetes originates from Greek, meaning helmsman or pilot. K8s is an abbreviation derived by replacing the 8 letters “ubernete” with “8”.

What are some Kubernetes derivatives?

Mike


https://kubernetes.io/docs/concepts/overview/what-is-kubernetes/#what-s-next

https://kubernetes.io/blog/2015/04/borg-predecessor-to-kubernetes/

HyperFlex Edge


What is HyperFlex Edge? 

HyperFlex Edge is a 1U form factor of Cisco hyperconvered solution designed for the branch office. It offers all-flash storage and NVMe cache, support for containers on VMware and bare metal. HyperFlex Edge makes for an easy deployment of core services like DNS and DHCP at the branch or remote office.

Cisco HyperFlex HXAF-E-220M5SX Edge Node

What are some advantages of HyperFlex Edge? 

Simplicity of the HyperFlex solution cannot be overlooked. From rack to install of a 3-node cluster takes roughly two hours. 

The most interesting part of HyperFlex Edge is that the solution leverages your current branch infrastructure. It operates using existing top of rack switching at the branch office with single or dual uplink options.

Uplink options are currently 1GbE or 10GbE

Single Switch Configuration

Operation and Administration

HyperFlex Edge is deployed in a 2, 3, or 4-node cluster and configured with a replication factor of 2 (RF2). Simply put, a full node can fail and the cluster is still operational. It can scale up to 64 nodes in the current release.

Managing the infrastructure is done through Cisco Intersight where you can manage every HyperFlex cluster through one pane of glass. Intersight supports UCS blades and servers to allow for central management of your blade, server and hyperconverged infrastructure.

I hope that this has been helpful.

You can visit my previous post on Cisco HX to get an overview of Cisco’s HCI offering.

Mike

DUO MFA

The Challenge and the Solution

Modern enterprises demand agility. Mobile workforce and bring your own device (BYOD) trend has sparked a digital transformation. Organizations have to deal with a diverse set of users such as employees, contractors and partners who work from anywhere at anytime and on any device. The proliferation of user types, devices and access locations increases security risks for the organizations. 

It’s no longer safe to assume that users are who they say they are and their devices are secure. 

Duo’s focus is on securing access for any user connecting to any application from any device.  The new network perimeter is wherever an access decision happens. Duo protects this new perimeter by verifying user trust (confirming a user is who they say they are) using its best-in-class adaptive multi-factor authentication (MFA) solution.

As a result, Duo integrates with any application with ease, provides self-enrollment and an excellent end-user experience.

AnyConnect with DUO

Where’s the proof?
Options Technology
Facebook

WANT TO TRY IT?
Demo DUO

Need to know more? https://duo.com

Mike

Hyperconverged Infrastructure (HCI) | Cisco HX

IT is constantly being asked to deliver value on infrastructure, reduce operational cost, and meet application demand all with a constrained budget. Legacy infrastructure doesn’t keep pace with the agile operations of development teams or their applications. The threat of the infrastructure shifting to a pure Cloud model is on every CXO mind.

It’s time for a new infrastructure, one that doesn’t require a large upfront capital expense, avoids vendor lock-in and keeps pace with modern business. This is what Hyperconverged infrastructure solves.

So what is Hyperconverged infrastructure?

Hyperconverged infrastructure integrates storage, compute, storage networking and virtualization into one solution while providing a single point of management and the flexibility to scale on-demand. It aims to replace expensive legacy datacenter infrastructure.

screen shot 2019-01-12 at 11.40.56 am

Cisco HyperFlex Solution

Cisco HyperFlex is a complete HCI solution. HX leverages intelligent software to combine datacenter hardware using locally attached storage (SSDs or HDD). Each server also known as a node is powered by an Intel-x86 chip. The HX software runs on each node and “clusters” operating resources to enable a distributed architecture.

A small virtual machine known as the data platform controller sits and runs on every node in the cluster. The CDP is responsible for unifying the data plane and the management plane for the cluster. The CDP is key to the distributed architecture mentioned above.

Several HX hardware platforms are available for varying workloads.

You can get a list of them here HX-Series

Why do I care?

  1. Cost

The adoption of Cloud computing has accelerated innovation. The 3-5 year guess work and cost that goes into infrastructure sizing is no longer a thing. We simple innovate too fast. Reduce your upfront cost and guess work by investing in HX, replace legacy infrastructure and keep pace with innovation.

  1. Scalability

Avoid the fork-lift approach, adopt the lift-n-shift approach. Future planning with HX will allow you to transition to a hybrid-cloud infrastructure when the time is right. You will be thanking yourself later. This avoids the fork-lift approach associated with legacy infrastructure when you need to expand storage or replace it all together.

In summary, if you are not adopting a pure Cloud infrastructure you need to be adopting HCI to close the gap between traditional networks and the Cloud. As a biproduct, you will reduce cost, keep pace with innovation, and meet the demands of modern business.

Mike