Bringing Up a New Branch Site the Easy Way with Prime Infrastructure – Part 1

If you have a need to set up networking for a new satellite clinic, a bank branch, a retail store or any other branch site, you probably have a lot of pressure to do it fast. After all, branches are where business actions take place. Did you know that branch locations and users consume 70% ~ 90% of a typical company’s business resources? Anything you can do to speed up the deployment and to reduce resource consumption is a big plus for your company’s topline growth and bottom line savings. In this 5-part blog series, I will share with you how to do so easily with Cisco Prime Infrastructure. We’ll use weekly blogs to accomplish it, and here’s the plan.

WAN deployment – blog 1 (This blog)
Converged wired and wireless deployment – blog 2
Application performance – blog 3
Troubleshooting – blog 4
Network health – blog 5
 Steve Song Blog pic 1


Let’s get started right away. The first thing for any remote site networking is WAN connectivity. That’s our focus of this blog. Cisco Intelligent WAN (IWAN) solution is an ideal way to go that provides transport flexibility and intelligent path control, plus support for high performance applications and security. But first thing first. We need to think about how to bring a new branch router into production.

Whether you completely configure your new branch router before shipping it to the new location, or you partially stage it followed by on-site completion, it takes a lot of manual configuration and testing work. Instead, you can use Prime Infrastructure to greatly simplify this process. Prime supports Cisco plug-n-play technology, which means automated deployment with zero-touch. With plug-n-play and Prime, you only need a technician on site to mount the new device and to connect the power and network cables. That is all it takes to start. Prime automatically discovers the new device and downloads the correct IOS image and base configuration to the new router. You have a fast and easy start.

With your new branch router up and running, you have connected the lifeline to the branch site. Next, you can use Prime to deploy IWAN, including:

– PfR
– QoS and AVC

To do that, you simply go to Prime Infrastructure to launch an IWAN workflow.

Steve Song blog pic 2

Dynamic Multipoint VPN (DMVPN) is the building block for IWAN and it provides a transport-independent design. It allows scalable, automatic and site-to-site IPsec VPNs for branch office networks. It is a great technology, but a number of steps are needed to complete its entire configuration when you do it manually. If you have some hands-on experience with DMVPN or even a simple IPsec VPN connection, you’ll appreciate what Prime can do to automate DMVPN configurations. We’ll get to how Prime deploys it in just a moment.

Another important IWAN component is Cisco Performance Routing (PfR). It helps to ensure application performance by choosing the best traffic path for the most important business applications. Other useful technologies include QoS and Cisco Application and Visibility Control (AVC). Prime can help enhance application performance by dramatically simplifying these provisioning processes, and by providing further analysis capabilities that we’ll discuss later in this blog series.

So, how do we use Prime Infrastructure to deploy DMVPN, PfR, QoS and AVC? As you can see in the screenshot below, it is as simple as choosing the right templates as the next step.

Steve Song blog pic 3

If you are familiar with Cisco Validated Designs (CVDs), you’ll be delighted to know that these IWAN workflow templates are all based on Cisco CVDs.

After choosing the right configuration template, your next step is to select your new branch router. Recall that you already have it in Prime’s inventory with plug-n-play.

Steve Song blog pic 4

Before you push the config live, you have an opportunity to make your edits and save is as your own template in case you have more branches to deploy.

Steve Song blog pic 5

All set to go? Now pull the trigger and push the config to your new branch router. Are you ready for the good news? Your new branch site IWAN configuration is now complete!

Ease of use with speedy deployments and application performance enabled by IWAN. This is what you can get from Prime Infrastructure. Prime makes IWAN deployments an easy task.

I’ll talk to you next week about how Prime helps with LAN and wireless deployments for your new branch site.

Tags: , , , , , ,

Gartner Recognizes Cisco WAAS as a Leader in the Magic Quadrant for WAN Optimization

I’m very excited and proud to announce that Gartner has placed Cisco into the Leaders position in the Magic Quadrant for WAN Optimization. This accomplishment reflects the substantial progress Cisco has made in developing and executing on its vision for the Cisco Intelligent WAN (IWAN) with Cisco Wide Area Application Services (WAAS) over the past three years – a record that clearly demonstrates Cisco’s ability to compete in this space.

Magic Quadrant for WAN Optimization

gartner blog pic

Source: Gartner (March 2015)

The timing couldn’t be better

The analyst research and press coverage tells us loud and clear that the WAN is hotter than ever, and for good reason: mobility, cloud and the digitization of the enterprise are changing how we consume and deliver applications. Even the applications themselves are changing, as we’ve seen with the rise of a whole new class of bandwidth-intensive and latency-sensitive mobile apps and video.

New trends have changed the game for the WAN

At one time, we in the WAN arena focused strictly on how to get packets across a static pipe, quickly and efficiently. Now, that ‘pipe’ is becoming a highly dynamic WAN fabric composed of multiple links. Users and applications are everywhere.  By 2018, Gartner predicts SaaS will become the dominant model for consuming application functionality for approximately 80% of all organizations.[1] And to compound the challenge, the Internet of Things (IoT) is coming to join the party – we estimate up to 50 billion connected things by 2020. Trying to handle these challenges with traditional techniques, tools, and processes just won’t cut it.

The next generation of the WAN will need to support a dynamic network, one that shifts from a focus on getting the most out of a single network pipe to one that manages application flows across a sophisticated multi-link WAN fabric to accommodate different applications with different needs accessed on an ever-growing number of mobile devices and connected things.

It’s Not Always About Speed

One analogy I like to use as motivation for an Intelligent WAN is a shipping department. Some packages are urgent and need next day air. Other packages are less urgent, or would cost too much to ship by air, go by ground. In today’s world with all the shipping options that exist, no one would imagine running a shipping department that only had next day air, and yet, that is how most companies have been running their WAN.

In reality, it’s even worse.  In addition to every package being next day air, they all get sent back to headquarters before going on to their actual destination, even if it’s just across town from the shipper. Extending this a bit further, you can imagine a service whereby someone is able to get more stuff into the same size shipment (i.e., WAN optimization). Useful and valuable for sure, but what is clearly apparent is that the bigger opportunity lies in moving to a multi-modal transport model, and the same is true for the WAN – a reality echoed in recent guidance from Gartner, who states hybrid will be the new normal for Next Generation Enterprise WANs.

What does a dynamic hybrid WAN do?

A dynamic hybrid WAN can continuously monitor the various links between sites and use knowledge of the applications – along with defined user policy – to direct application flows over the link best suited for that traffic. It ensures optimal usage of the bandwidth available across multiple links (including MPLS, DSL, 3G/4G/LTE, and more), ensures application experience for mission critical tasks, and provides resiliency in case of failure in any part of the network including the Service Provider.

Cisco has made several advancements over the last year to help customers enable a dynamic hybrid WAN.

  • Performance Routing (PfR) V3 complements all the application acceleration and WAN offload of Cisco WAAS by then selecting the best path based on metrics that very few vendors can provide (jitter, latency, packet loss), and easily scales across 2000 sites with pre-defined templates for application best practices.
  • Cisco WAAS with Akamai offers new levels of Web and mobile acceleration unlike any other vendor in the industry. We have taken Akamai’s platform that has solved the physical problem of degradation of application performance caused by distance between the user and applications, and have extended their intelligent caching to the branch office where most business face severe bandwidth constraints.
  • Cisco ISR 4000 includes an award-winning architecture designed from the ground up to deliver on the intelligent WAN vision, including running the full-suite of Cisco WAAS services natively on the platform with dedicated resources. This dramatically simplifies deployment and reduces branch operational complexity.

I plan to follow up this blog with a deeper dive into Cisco’s application optimization strategy. But if you’d like to get a preview, check out our white paper: “Cisco IWAN Application Optimization.

It’s been a journey to navigate changes in the enterprise, and the Cisco team is appreciative of the partnership we have had with customers to evolve Cisco WAAS into the world-class solution it is today. The recognition from the industry, most recently from Gartner, makes it even more exciting for those of us who cover the WAN space.

[1] Gartner Report: Forecast Overview: Public Cloud Services, Worldwide, 2014 Update, Ed Anderson, September 2014 (G00261926)

Tags: , , , , , , , , ,

Federated ACI Fabrics for Dual Data Center Deployments – A Disaster Recovery ACI use-case

Wins, Accomplishments, Fast Action, welcome to the world of Cisco ACI. In this blog, I want to take you closer to the core of ACI excitement. Cisco Insieme Business Unit and Cisco’s premier Partner, World Wide Technology Inc (WWT) have come together in developing an ACI based Business Continuity/Disaster Recovery (BC/DR) solution for the next generation Data Centers. This blog specifically addresses the Disaster Recovery ACI use case implemented in WWT’s Advanced Technology Center (ATC). I will present highlights of how ACI has been implemented at ATC as two fabrics, across two Data Centers with federated controllers implementing an autonomous infrastructure and with replicated tenant configurations that will provide for disaster recovery.

This BC/DR use case couples the storage replication solution by Zert0 on NetApp storage and with a completely integrated and consistent ACI network solution on the primary and secondary sites to enable rapid application bring up on the remote site.  Network and security policies are replicated, compute resources are virtualized and synchronized, and storage is continuously replicated.  This integrated architectural approach addresses one of the major challenges enterprise customers have in deploying BC/DR solutions – aligning the configuration and deployment of network infrastructure in a simple process with the storage and application teams to achieve the Recover Point and Recover Time Objectives.

Network architecture: The ACI based network architecture is comprised of two independent fabrics with L3 connectivity between them. Each data center has a unique IP addressing namespace scheme and connects to the WAN. In the operational model per diagram-1, the “East” Data Center is termed primary and the “West” Data Center termed the backup (disaster recovery). Each Application Policy Infrastructure Controller (Cisco APIC) controller cluster is identified as the primary or secondary instance, and changes, additions or deletions to the application tenants, are replicated from the primary to the backup controller. Application tenant configurations are managed through a special Python module developed by WWT that programmatically synchronizes the two fabrics.


External WAN connectivity for each Data Center is provided through the common tenant in respective ACI fabrics. By using the common tenant for external connectivity, the network and security administrator can assign the appropriate network configuration policy, security contracts and as well as firewall and load balancing services for the fabrics in each data center. The application (DevOps) teams will reference the common configuration and configure application connectivity for intra- and inter-tanant communications through the Application Network profile (ANP). F5 Gobal Traffic Manager (GTM) allows holistic management of multi-data center application delivery via intelligent DNS.


This ACI based Disaster recovery solution has several other facets like storage replication, orchestration software (developed in-house by WWT) among other solution components. Please watch the YouTube Video for a demo illustration and the whitepaper for design details.

In closing, some key takeaways. Cisco ACI’s innovative architecture enables enterprise apps to treat the Data center as a dynamic, shared resource pool. This pool of resources is managed through a central controller (Cisco APIC) exposing all configuration and management components through a northbound REST API.  WWT exploits this programmatic interface of ACI to develop business continuity/disaster recovery solutions for customers.

Related Links

Tags: , , , , ,

Announcing the new Data Center and Cloud Community!

It’s been a long time coming but it’s finally here- the new Data Center and Cloud framework has launched! For this launch we created new content space for Compute and Storage, Software Defined Networks, Data Center and Networking, and OpenStack and OpenSource Software.


Cisco Data Center and Cloud Community Infrastructure

Why Community? Top Three Reasons

Just in case you didn’t know why you should be a part of the community, here are three reasons why you should sign up today…

sharingiscaring1) You will be with a group of like-minded people with similar goals.

The Cisco Data Center & Cloud Community is designed for IT professionals using or considering Cisco data center and cloud technologies.  Everyone joining the Cisco Data Center and Cloud community has realized that there is strength in numbers.  Whether you are kicking the tires or are deep in the weeds with deployment- you are among peers in community.

2) You have access to Cisco product management team and experts.

In the Data Center and Cloud community you have a unique environment to engage with the product management and engineering team who can give your insight into the nuts and bolts of Cisco products and answer those tough questions.

3) You have access a huge number of resources. community111

Believe it or not, you are a resource, yes YOU! Not only are you a resource but everyone in the community is a resource. The great thing about the community is that you can see if someone has already tried it and if it has worked. Ask questions and get answers on the technical topics you’re struggling with. Help others who are not further down in their project as you are and see the love come back to you in kind. Community is a place for you to share your gifts and talents in and set yourself apart not only as a leader but as a trusted advisor.

If you are already a part of community, let me know in the comments section how community has been a help to you!

To get started in the Cisco Data Center and Cloud community go here.

Tags: , , , , , , , , , , , ,

Deliver Services at Internet Speed

How quickly can your organization stand-up a new application or deploy new services?  Most customers tell me, “not fast enough!”   I am clearly hearing from them that the new standard expectation across the organization is to receive precise data center resources in “internet time,” easily and definitely on-demand.

But customers are not the only ones affected by these new expectation standards.  Application developers also expect to receive the resources they need to support their efforts within one hour — without a lot of process meetings and repetitive, slow paperwork.  They want what they want, when they need it, which is always now!  Can’t get it now?  Out comes the credit card and they go on a shopping spree to outside resources.

Developers don’t worry about security, governance or quality of service.  If you are in operations, or you’re a C-level executive, you care.  You need to meet compliance guidelines.  So how can you get everyone on the same team, working together so the organization can succeed, the old “win-win-win?”

At CiscoLive Milan in January, we introduced the Cisco ONE Enterprise Cloud Suite. Watch this replay of our live broadcast.


It is different from other hybrid-ready private cloud solutions because Enterprise Cloud Suite doesn’t deliver a bunch of tools or disparate modules that you have to puzzle together to align with your environment.  And that’s even before you can create the service content needed for private cloud–and content is king in cloud.  Enterprise Cloud Suite comes with out-of-box tools such as templates that deliver application stacks for a number of today’s existing enterprise applications.  Need to create a custom stack?  The out-of-box stack designer lets you create these custom stack configurations.

With Enterprise Cloud Suite when you need a database to talk with your new chat application simply order one from the self-service portal and get one delivered within minutes.  Need a virtual machine deployed in the public cloud?  Just order it from the catalog.

Yes, I can hear you asking “so where is the win-win-win?”   With Enterprise Cloud Suite, governance and compliance is embedded into each service item eliminating red tape with IT.  Operations and senior executives get the compliance they need. Developers get what they want — when they want it.

Want to learn more?   Watch the replay of our recent webcast with Forrester.

How quickly can your organization stand-up new applications or services?  If you are using the Enterprise Cloud Suite, you can smile and say “in internet time.”

Tags: , , , , , , , , ,

Converged Access Improves Wireless Performance at South Island School, Hong Kong

South Island School in Hong Kong is made up south island school 2of students from around the world, with 1,400 students from over 35 countries. One value that sets the school apart is its commitment to using technology in the classroom. For instance, every student has a laptop that they use to access e-books, watch educational videos, and complete homework assignments. Some exams are even taken digitally.

With wireless devices used daily by every student and faculty member, a stable network connection is almost as important as pencil and paper in classrooms. South Island School’s existing Cisco network had reached end of life, and the school needed to refresh the infrastructure with a network that could meet bandwidth needs for years to come.

“We looked at other vendors, but we were extremely impressed with how the existing Cisco equipment performed over the years,” says Victor Alamo, ICT manager at South Island Schools. “By upgrading to the latest Cisco access points and switches, we’d have an infrastructure that would keep up with our needs.”

We were looking for infrastructure that would last us a long time. By fitting Cisco’s access points with 802.11ac radio modules, we’re supporting the latest wireless standard for top performance.

If we need greater bandwidth in the future, Cisco’s modular Access Point design enables us to upgrade without investing in completely new access points.

Cisco Prime Infrastructure pulls together management of wired and wireless networks in a single, unified solution. This gives our ICT team greater control so we can adjust bandwidth as needed, such as assigning specific rooms higher priority during exams.

The visibility into the networks gives us more information than ever. We can identify classes that have greater bandwidth needs, monitor connections for hotspots, and even track down misplaced laptops.

Through services like FileWave and Casper, South Island School is using the increased bandwidth and stable connections to provide remote technical support.

“Better network performance means that we can expand our services to the school,” says Alamo.

Network products used in the network.


Routing and Switching

Network Management

Tags: , , , , , ,

HANA4IoT Unplugged Event-April 9th in SAP Coil in Palo Alto

HANA4IoT UnPLUGGED Event – April 9th, 2015 Palo Alto/San Jose

Venue: SAP Building 1, COIL, 3410 Hill View Ave, Palo Alto, CA. USA
Event Starts: 1PM
Event Ends: 5PM
Happy Hour: 5-6 PM

On Nov 11th, 2014 an extremely successful SAP HANA Group event at SAP Palo Alto called ‘HANA4IoT’ with over 230 attendees globally occurred.

This event is all about HANA Demo’s and more HANA Demo’s along with how to build your IoT roadmap – the flesh and blood of the new disruptive technology. Read what Michael E. Porter published in HBR about the disruptive power of IoE in ‘How Smart Connected Products are Transforming Competition’.

Our sponsor once again is Cisco – the global leader in IoT communication and network devices. Cisco connects the unconnected with open standard, integrated architecture from the cloud to end devices – with exceptional reliability and security. In 2014 Gartner reported Cisco in the #1 Leaders Quadrant for Blade Server Sales. Cisco is a SAP certified HANA Hardware partner and a global leader in TDI HANA platforms. Cisco is also a SAP HANA customer; they use SAP HANA to get dynamic insights for their sales executives from non-SAP Source systems.

You need to do three things immediately!

FIRST: If you have an IoT, or IoE, solution that you can present in the event then contact the event organizer for a chance to be shortlisted to present at the event. We want to give our members a first chance to share their success stories and business benefits with the group. Contact Hari or Scott.

SECOND: You need to be a member in the SAP HANA Group for this event. This is SAP’s official SAP HANA Social Networking group. If you are not a member, please register: URL:

THIRD: REGISTER early for two reasons. Firstly, COIL has been remodeled and thus there is limited seating. Confirmation for Physical attendance will be sent prior to the event. Secondly, the Webex link will only be sent to “Registered” attendees. So whether you are attending physically or participating remotely, you can only attend by registering.

URL for event registration:

KEEP TUNED FOR MORE DEVELOPMENTS and plan to attend live at the event or remotely from wherever you are. Details will be communicated only to registered attendees with company emails for the event confirmations and attendee updates.

Here is our AGENDA:

Start End Topic Who
12:30PM 1:00PM Arrive/ registration/Coffee
1:00PM 1:15PM Welcome
1:15 1:45 Keynote
1:45 2:15 Building the IoT Business Case
2:15 2:45 IoT Oil & Gas Demo 1
2:45 3:00 Break
3:00 3:30 IoT Retail Demo 2 TBD
3:30 4:00 IoT Demo 3 TBD
4:00 4:30 IoT Demo 4 TBD
4:30 5:00 IoT Demo 5 TBD
5:00 5:15 Wrap Up – Floor Drawings and prizes (Must be present to win)
5:15 6:00 HAPPY HOUR for Networking with wine, beer and bites

Any questions, contact: or

Tags: , , , , ,

Now is the Time to Migrate from RISC/UNIX to Cisco UCS

Why is now the time to migrated from your proprietary RISC/UNIX platform to Cisco UCS with Red Hat Enterprise Linux. There are several reasons: Technology transitions are driving new demands on data center and IT infrastructure. These new applications and computing models have standardized on x86 architecture while aging RISC/UNIX infrastructure doesn’t provide the performance or the flexibility required to support the needs of the business. IT departments may also be experiencing the pain of RISC/UNIX maintenance and software licensing costs while their budgets are flat or shrinking. At the same time, overarching uncertainty about RISC/UNIX futures foreshadowed by rapidly declining market share combined with dropped hardware and software support. According to the most recent IDC Q42014 server tracker, RISC revenue has dropped 40% from 2012 to 2014 while Cisco UCS revenue has increased 80%. UCS migration

Cisco and Red Hat are industry leaders with vast mission-critical application experience. We understand the scalability, security, availability, and reliability requirements of mission-critical applications in the data center. I urge you to watch this new webcast as we reveal the reasons behind why making the migration from RISC/UNIX to Red Hat Enterprise Linux on Cisco UCS is essential for those wanting to improve the effectiveness, functionality, and efficiency of their data centers.

Active SLAs – New Approach for Multi-sourcing Governance

Last month, I attended the International Association of Outsourcing Professionals (IAOP) Outourcing World Summit in Phoenix, Arizona. I had the chance to glean fresh insights from industry-leading practitioners and get a global view from sourcing executives.

Though there has been an evolution in the outsourcing industry, one thing has not changed: outsourcing is a winning strategy. In the recent study from IAOP & Information Services Group (ISG) Annual State of the Industry 1 presented at the event, it stated that Multi-sourcing as an outsourcing approach increased by 75% from last year’s percentage”. The predictions for 2015 also show continued growth: “51 percent of respondents in the survey said they expect to pursue more outsourcing opportunities during the year”.2

Multi-sourcing – where a customer uses several service providers to provide a single scope of outsourced services, is now the new norm in outsourcing. In today’s organizations, outsourcing is increasing and each additional outsourcing agreement makes it more difficult to holistically manage IT service & support.

A new way of thinking about SLA’s is required to make multi-sourcing effective

Service-level agreement (SLA) management is the process of negotiating, defining and managing the levels of IT service. SLA management is a key challenge that organizations face as part of outsourcing and it is becoming increasingly difficult with multi-sourcing.

Most organizations invest heavily to define SLAs. If you talk to the service tower owners themselves, fewer than half have know what SLA’s are actually in the contract. They also cannot recall all of the specific details that the increasing numbers of the agreements contain. So, there is a lot of work that goes into developing these structures but there is no framework established on how to govern them in an automated way.

As a result, most SLA management is reactive. Periodic reviews between buyer and vendors are based on summary performance data from the prior period. Data from vendors is typically inconsistent and inaccurate. I was speaking with a sourcing executive at a large financial services company a couple of months ago, and she reported that half of the meeting time spent with vendors on performance was used just to agree on what an accurate view of the data was. This hardly aligns to the dynamic nature of business today.

New Paradigm on Thinking about SLA’s

Imagine the ability to manage SLA’s with each of your providers in real-time with one service integration framework. In a workshop we held in New York with a number of large buyers and providers late last year, they highlighted that this would not only move the service management model from reactive to proactive, but would also enable a more collaborative working model – moving away from the “us vs. them” paradigm. In one multi-sourced organization we’ve implemented this model in, it has completely eliminated after-hours escalation calls and dramatically reduced resolution times. With an active SLA capability you can manage all of the multi-sourcing relationships from one “pane of glass” and get accurate service information in real-time, such as:

  • Overview of all your open cases per provider
  • Cases trending towards SLA violation that you can proactively take action on
  • Actual violations that require immediate attention

To be effective, this solution would need to be very easy to consume, showing only what really matters up front. Front-line managers don’t have time to browse hundreds of tickets when only looking for one affecting the SLA. This all sound promising but is it possible to achieve?

Transforming multi-sourcing with active SLA’s

We are pleased to announce the availability of Active SLA Management in the 7.0 release of Cisco ServiceGrid. With a highly innovative user experiences via a centralized dashboard and reporting capability for the connected multi-sourced ecosystem, you will gain real-time visibility & drill-down functionality for events trending toward or violating SLAs to enable a more proactive, end-to-end vendor management capability.

If you would like to know more, feel free to browse:


Join the Conversation:



  1. Annual State of the Industry Jagdish R. Dalal, IAOP
  2. Outsourcing 2015: Changing in a Good Way – Contributor: ISG Research, February 2015


Tags: , , , , , ,

The New and Improved Data Center Blog!

We are excited to announce the creation of the Cloud blog as a new destination!

Starting today, you can visit the new Cisco Cloud blog and follow the conversation focusing on:

  • Cloud as a Service
  • Open source in the cloud
  • Intercloud

 There is more to come so please subscribe to the RSS feed to keep up with the latest from the Cloud blog.

 The Data Center blog has grown and evolved over the years and we will now be centered around (but not limited to) the following top level conversations:

  • Data Center: Compute, Storage, and Networking
  • Software Defined Networking
  • Building private clouds
  • Open source software in the data center

We look forward to being able to bring you more focused content. Thank you for all your support and interest and please let us know what topics you would like to see.