Real-Time Data Warehouse with MemSQL on Cisco UCS

– May 31, 2017 – 0 Comments

We are at an inflection point where we are moving to a world where everything is connected to everything else. That’s what the Internet of Things (IoT) means. The IoT links objects to the internet creating the always-on economy by enabling data and insights never available before. By definition, the always-on economy requires real-time analytics. With analytics capabilities becoming the primary competitive differentiator, enterprises must now have the ability to analyze terabytes and petabytes of data, both in real-time as the data is being generated, and for business intelligence making use of past data. Increasingly, there is a need to join historical data with streaming data in real-time; something that has proven to be quite challenging as the size of the datasets have grown.

Analytics solutions have been a key part of our solution engineering portfolio from the very beginning when we introduced Cisco UCS back in 2009. This is true for both traditional relational-based systems, and emerging big data analytics (often described using the thee V’s: volume, variety and velocity; and sometimes with the three I’s as well: investments, innovations and improvization‎s).

Today I am happy to announce yet another addition to our growing portfolio of analytics solutions: Cisco UCS with MemSQL for real-time data warehousing applications.

MemSQL is a distributed, in-memory, relational database management system with full SQL compliance. It can ingest and transform millions of data events per day while simultaneously analyzing billions of rows of data using standard SQL as shown in the figure below.

Some of the key capabilities of MemSQL include:

  • Fast data ingestion: Collect data using common message brokers such as Apache Kafka while maintaining durable, consistent delivery with exactly-once semantics
  • Fast analytics: Query terabytes of data with advanced data compression using disk-optimized tables with high compression and vectorized queries for fast analytics
  • Real-time analytics: Use memory-optimized tables to analyze real-time events
  • Geospatial support: Store, query and index geographic data types, including polygons and points, to support area, distance and location analytics in real time
  • JSON optimized: Store and query JSON data as a column type to efficiently store and analyze multi-attribute objects
  • Fully distributed joins: Scale out fully distributed joins across any table and column for simple, efficient query access.

Cisco UCS Integrated Infrastructure for Big Data and Analytics is an ideal platform for MemSQL deployments – capable of processing high volumes of real-time or archived data, both structured and unstructured.

As shown in the figure below, our joint solution provides a scalable, real-time data warehouse platform for high-performance applications that require fast, accurate, secure and always available data, with linear scalability to millions of events per second while analyzing petabytes of data for insights.

The Cisco UCS Integrated Infrastructure for Big Data and Analytics with MemSQL provides a simplified, intelligent infrastructure and a real-time data warehouse with the scalability to meet growing business demands:

  • Combines innovations from Cisco UCS such as programmable infrastructure with real-time analytics capabilities of MemSQL
  • Designed and optimized for real-time analytics, internet of things, personalization and recommendations, risk management, monitoring and detection, and customer 360
  • Pre-tested, pre-validated and documented by Cisco and MemSQL engineers to ensure dependable deployments that can scale from small to very large as workload demands

The joint reference architecture is shown in the figure below. The architecture can scale as the workload demands, including expansion to thousands of servers through the use of Cisco Nexus 9000 Series switches.

For more information:

White Paper: Real-Time Data Warehouse with MemSQL on Cisco UCS

Cisco Big Data Portal 




Leave a comment

We’d love to hear from you! To earn points and badges for participating in the conversation, join Cisco Social Rewards. Your comment(s) will appear instantly on the live site. Spam, promotional and derogatory comments will be removed.

How to Secure Your Data Centre: The Importance of Whitelist Policies

– May 30, 2017 – 0 Comments

Growing up in Britain, a fair share of our history lessons covered the black death. It was a truly horrible plague that affected all without prejudice, ravaging the young and old throughout towns, cities, countries and the continent with seemingly no end.

Surprisingly, it’s hard to remember everything from that class (hey, it was quite a while ago!), but one thing that does stick is how simple the path was to eliminating the disease: practising simple hygiene. Hygiene doesn’t necessarily kill every single pathogen, but it dramatically reduces the attack surface.

Today, hygiene is something we take for granted. We expect people to take reasonable care of themselves, whether at home, in a fast food restaurant, or on a plane. Hygiene is a good thing.

The Recent Plague: WannaCry

Security researchers are clear: WannaCry was not a particularly smart or advanced threat; it simply took advantage of an incredibly widespread exploit. It thrived because of a complete lack of data centre hygiene, allowing it to spread widely. The Cisco Talos team wrote an excellent and widely shared blog on WannaCry.

So, what’s data centre hygiene, you ask?

Much like human hygiene, it relates to two easily understood practices to protect yourself and others:

Limit interaction with others to only what is necessary.

It’s a simple statement. And a simple idea. But it’s hard to do.

Whitelisting is the data centre version of ‘limiting interaction with others to only what is necessary.’

The Australian Signals Directorate (the counterpart to the USA’s NSA) posted a field notice in April 2012 specifically instructing government entities to begin moving towards whitelisting.

Implementing Application Whitelisting: ASD Australian Signals Directorate

In fact, they list it as their number one strategy for mitigating cyber threats – above patching machines. Yes, above. Let that sink in.

Taken from ASD “Strategies to Mitigate Cyber Security Incidents Notice

In technical terms, it means that all communication is blocked by default and you must specifically enable communication to only those who are deemed necessary.

It is the data centre equivalent to your mum’s advice of ‘don’t talk to strangers.’

For many years, unfortunately, this advice has gone unheeded; a dangerous majority of data centres simply do not whitelist traffic. Usually network segmentation consists of a few boundaries, heroically guarded by firewalls, checking all whom enter or exit, but once inside the trusted zones, lateral movement is not controlled, save the limited isolation that VLANs and subnets provide (hint: it’s not much).

Perimeter security is traditionally given the lion’s share of attention. It’s effective, and easier than whitelisting. But it doesn’t solve every problem, leaving the inner data centre open for attack.

Whitelisting doesn’t replace your VLANs, subnets, and firewalls. We found the Cisco NGFWs were particularly effective at blocking WannaCry traffic. Bolstering one line of defence must not come at the expense of lowering your guard on another.

But whitelisting is hard…

It’s no secret – whitelisting can (and often will) break production applications if not performed with thorough care and attention. It’s the same reason why, even though Microsoft released a patch for WannaCry an entire month prior (the day of which the Cisco Talos team released detection signatures), so many were left unprotected: organisational inertia.

When presented with the very real choice of breaking business critical applications at the cost of improving security, the decision is often taken to continue operating as is, with the hope that we won’t be targeted and it will all just simply blow over.

Conventional wisdom. But what happens when the attack is indiscriminate and you end up as collateral damage?

So, back to why is it hard? First, what’s not hard: implementing whitelisting. There are many solutions on the market that promise to implement your whitelist for you, sold under many guises, the most common term being “micro-segmentation”.

Most solutions will do what you are looking for, save one incredibly important and oft overlooked point: they won’t help you derive what your whitelist should look like – that’s the really hard part. Without that knowledge, you are doomed from the start when implementing whitelisting.

Even the most advanced organisations simply cannot manually manage the complicated, interwoven set of dependencies that any real-world data centre application is a part of. Without that knowledge, you risk implementing incomplete or incorrect whitelists, which has the net effect of breaking the applications you intend to protect.

Analytics are here to save the day

By consuming huge amounts of detailed network and application telemetry, analytical tools can help you build that whitelist policy you so desperately need.

But what if you had access to an analytics platform that not only could understand and recommend your whitelisting, but could actually implement the whitelisting? By applying micro-segmentation in both the network and on your workloads, the platform constantly watches your network and applications, alerting you to out of policy behaviour. And it keeps track of every single conversation across your data centre 24/7, 365 days a year, for those times when you must know exactly what happened in the past.

The Cisco Tetration Analytics Platform

Cisco Tetration Analytics was built by a team of engineers dedicated to improving the hygiene of our customers’ data centres. We understand the real-world pressures and difficulties you face, and strive to provide you the knowledge and tools to transform and secure your data centre.

We don’t claim to hold a panacea for every threat you may face, but we do provide you with a simple and clear execution path to an infrastructure-agnostic, behavioural analytics-driven whitelist data centre, with the intent to help you rest well at night.

Sound interesting? Read on to find out how we can help you run an analytics-driven, secure data centre.

Before the attack – discover, enforce, harden

Whitelisting is not a reactive tool. You must begin the whitelisting on a sunny day, in preparation for the rainy day.

Tetration uses a combination of software agents and/or hardware sensors embedded in Nexus switches.

The software agent, a small lightweight piece of code installed on your workloads (e.g. bare metal servers, virtual machines, EC2 instances), uses no more than 3% CPU to gather detailed information about every single network packet exchanged by that workload, alongside related application context and behaviour as seen through the operating system. This data is streamed to your Tetration cluster over an encrypted link.

The hardware sensor captures meta-data from every packet passing through your switches to provide additional points that gather even more rich data, all of which the Tetration cluster artfully deduplicates, processes, compresses, and stores for your later retrieval via sub-second queries.

Different agent types help us monitor any type of data centre, on premises or in the cloud.

The goal: to capture a detailed record of every conversation in your data centre. Tetration is pervasive and always on, which is critical to application mapping and forensic analysis, and includes both traffic in and out of the data centre, and traffic between internal workloads at multi-terabit scale.

Based on the detailed conversation records and application information that tracks processes, arguments, and users, Tetration utilises behaviour driven, machine learning algorithms that automatically create a map of the applications in your data centre, how they connect together, and who should be talking to whom – even inside an application tier. It is, in essence, your whitelist.

Conversation diagrams show which tiers are talking and how much.

Application views help you understand how tiers are connected and what policies have been discovered

You can read more about the Application Insight capabilities of Tetration in this whitepaper.

Cisco Tetration Behavior-Based Application Insight White Paper

Enforce across your data centre

After discovering your whitelist, the next step is to enforce it across your data centre. While the whitelist is exportable from Tetration in open formats, ready for use in Cisco ACI or other network devices, one of my favourite features is the ability to push the whitelist into the firewall of every workload in your environment, Linux or Windows, on premises or in the cloud using our agent.

This hardens your data centre to the point where only necessary interactions are carried out. Nothing more.

Click the green button.

After automatically analysing your applications, you can overlay extra security policies that capture your intent, automatically translating that into the necessary firewall rules on workloads. Simple expressions like DENY communication from “All Hosts” to “WannaCry C&C Servers” can be captured and enforced across the entire data centre.

Or, for example ensuring that SMBv1 ports are blocked to all hosts that are not specifically designated as file servers.

The Tetration platform can be easily taught new information about workloads, which in turn can be used to enhance whitelist policy, in the form of annotations for both internal and external entities via our Open API. External tools can be used to generate feeds streamed into Tetration as annotations, for example the Cisco Talos industry-respected security feed.

Annotations allow you to associate up to 32 custom key-value pairs to every workload.

During the attack – detect, block, defend

Well implemented whitelisting should help block the majority of incidents where malicious code spreads from machine to machine like wildfire, as the network traffic will simply not be allowed. If using Tetration enforcement, non-compliant traffic will be automatically blocked by the workload before it has the chance to touch the network.

Whitelisting is not the end-all for the gamut of attack types, and during an incident, it is vital to move swiftly with accurate information. Tetration monitors every single packet as it traverses your data centre network. If that packet is not in compliance with your whitelist, it is recorded, and alerts are generated alarming you to take action. Alerts can be streamed out to an Apache Kafka broker, allowing you to integrate Tetration with your SIEM, ticketing systems, or wider security toolset.

Tetration policy analysis can help you instantly track down who is generating non-compliant traffic, correlate it to your intent, and with a simple stroke of policy, compromised endpoints can be instantly isolated.

This conversation was marked as “escaped” because it was in direct violation of the client side policy

For more information on Tetration Policy Analysis please read this white paper

Cisco Tetration: Simulate, Test, and Verify Network Application Policy in Near Real Time White Paper

After the attack – scope, contain, remediate

Post-incident, Tetration can quickly help you determine how far and wide the attack reached through the detailed record of each and every conversation. This entirely eliminates the need for guessing; the data is there, processed and ready for your analysis. Because of the always-on nature of Tetration, there is no rush to scramble to deploy network TAPs or SPANs to capture traffic.

Complex queries that straddle both network and application attributes can be expressed and returned in sub-second time. For example, searching for SMBv1 traffic over the WannaCry period shows a significant spike in traffic volume.

Detailed analysis can be performed using Tetration Apps. A full featured Python and Scala environment accessed via Jupyter notebooks executed with access to the entire data lake, combined with the processing power of the Tetration cluster, allows for crawling through terabytes of data in minutes, and with forensic-grade resolution.

In short, no single solution on its own would detect and prevent WannaCry, but Tetration, along with other security products would dramatically reduce the risk by limiting the attack surface, as well as by dynamically updating the data centre security policies based on attributes and events.

If you would like to learn more about Tetration, please visit, read more white papers, or check out our videos on Youtube.


Leave a comment

We’d love to hear from you! To earn points and badges for participating in the conversation, join Cisco Social Rewards. Your comment(s) will appear instantly on the live site. Spam, promotional and derogatory comments will be removed.

Big Data Analytics Helps India Nonprofit Prevent Human Trafficking

– May 30, 2017 – 0 Comments

Contributors: Rex Backman

Human Trafficking is one of the largest problems the world faces today. But My Choices Foundation, a nonprofit organization based in India, is using big data analytics to help fight it. How are they doing it? With technology partners, effective education and outreach.

While many organizations work to rescue girls and prosecute the traffickers, Operation Red Alert, a program of My Choices Foundation, is a prevention program designed to help parents, teachers, village leaders and children to understand how the traffickers work so they can block their efforts. Poor village girls are typically targeted by traffickers with promises that the girls are being offered wonderful opportunities for an education, jobs or marriage. But with over 600,000 villages in India, Operation Red Alert needed help to determine which areas were most at risk to prioritize their education efforts.

Check out this video that explains how My Choices Foundation took Big Data and helped make an impact by saving lives.

My Choices Foundation works with Quantium, an Australian analytics company that develops ground-breaking analytical applications that give insights into consumer needs, behaviors, and media consumption by analyzing consumer transaction data. Quantium used Cisco UCS hardware and MapR software to build this robust platform.

Quantium brings together proprietary data, technology and innovative data scientists to enable the development of ground-breaking analytical applications, and develops insights into consumer needs, behaviors, and media consumption by analyzing consumer transaction data. Quantium upgraded its legacy server platform with Cisco® UCS to gain centralized management and the computing power needed to process complex algorithms in a dense, scalable form factor that also reduces power consumption. Cisco Nexus® 9000 switches provide a simplified network with the scalable bandwidth to meet their current and future requirements. The MapR Converged Data Platform enables organizations to create intelligent applications that fully integrate analytics with operational processes in real time. The MapR Platform provides the multi-tenancy, high-speed performance and scale needed to power the Operation Red Alert data platform.

Rigorous testing by Quantium demonstrated that the MapR-Cisco platform decreased query processing time by 92 percent, a performance increase of 12.5 times the legacy platform. With the Cisco-MapR solution, Quantium’s data scientists can design complex queries that run against multi-terabyte data sets and get more accurate results in just minutes rather than hours or days. In addition, the more powerful platform drives innovation because scientists can shorten development time by testing alternative scenarios quickly and accurately.

“UCS gives us the agility that’s key to supporting our iterative approach to analytics,” said Simon Reid, Group Executive for Technology at Quantium. “For example, with the analytics for Operation Red Alert we’re fine-tuning the algorithm, adding more hypothesis and more granular data to improve our predictive capabilities. MapR adds performance security and the ability to segregate multiple data sets from multiple data partners for Operation Red Alert.”

Human Trafficking Statistics


Follow @CiscoUCS to stay up to date on the latest ways that Cisco big data is making a difference.

For more information, check out Cisco’s Press Release, Quantium’s UCS case study, their Cisco UCS customer testimonial video, MapR’s blog post or the last Quantium blog post I wrote about them. And don’t forget to check out other Cisco customer stories.




Additional Resources

Learn more about: My Choices Foundation and Operation Red Alert

Read: Operation Red Alert Impact Report

View: Operation Red Alert videos

View video: The technology behind the scenes of Operation Red Alert and follow Cisco on Instagram to learn more

Read: Quantium case study

View: Cisco Quantium video

Learn more about: MapR

Learn more about: Cisco UCS

Learn more about: Cisco Data Center and Virtualization



Leave a comment

We’d love to hear from you! To earn points and badges for participating in the conversation, join Cisco Social Rewards. Your comment(s) will appear instantly on the live site. Spam, promotional and derogatory comments will be removed.

5 things you need to know about HyperFlex with CloudCenter

– May 30, 2017 – 0 Comments

I’ve been working on a new bundle of Cisco HyperFlex offered with Cisco CloudCenter. And I’m excited to share some details — because I’ve got that “Wow, this is a really great opportunity for Cisco customers” feeling, that I only sometimes get while working for a large tech vendor.

Together, these two powerful solutions help you take the next step with a hybrid IT strategy built on a HyperFlex infrastructure foundation. The HyperFlex with CloudCenter bundle is now offered at promotional price, with added incentives that fund implementation services for the offering. So now is a great time to take a look.

In this post, I’ll share 5 things you should know about this powerful combined solution.

1 – Cloud Experience Everywhere

Flexible and scalable infrastructure services are a key component of digital transformation and the foundation for Hybrid IT service delivery. But not if your infrastructure services are stuck behind a traditional help desk “ticket and wait” style service delivery front end, and a manual application deployment process back end.

HyperFlex with CloudCenter now delivers a cloud experience to users with a click button service – including deployment and management of VM or full application stack – without the cumbersome IT consumer experience of the past.  Users get a drop-down menu that lets them pick the workload and choose where to deploy. And a simple tag-based policy engine provides guardrails that guide automation and user decisions as they work across both HyperFlex and public cloud environments.

With CloudCenter added to HyperFlex, you can make your agile and flexible hyper converged infrastructure services easy to consume, and give users the cloud experience they expect both on premises and in public cloud.

2 – Hybrid Cloud Scale

HyperFlex is known for its “Scale out” architecture that makes it easy to add compute and storage nodes, and easy to add resources to workloads within a node. But that can be limited to on premises infrastructure, and isolated from a hybrid IT service delivery strategy.

CloudCenter turns HyperFlex into what I call a hybrid “Scale out, Scale out” architecture. You still get HyperFlex legendary ease of adding compute and storage resources to “Scale out” on premises.  But now it is also easy to “Scale out” by deploying workloads to the public cloud.  Since CloudCenter architecture abstracts the underlying nuances of both vSphere on HyperFlex as well as your choice of public cloud, users can simply choose where to deploy workloads. IT can set policies that taps public cloud capacity on demand, on schedule, or based on compliance or security rules. You can optimize a changing mix of infrastructure utilization and your cloud bill.

HyperFlex with CloudCenter means that hybrid cloud isn’t a thing you have to build. It delivers an application-centric automation layer that spans on and off-premises environments.

3 – Easy Hybrid IT Entry Point

Many IT organizations are moving past initial public cloud efforts. But, are facing a wide range of technically feasible choices as they expand their hybrid IT strategy. Choice is good. But having so many options can also bring complexity. Both technical complexity with a broad mix of application types and deployment environments. And, operational complexity with multiple cloud and datacenter specific tool stacks and silos of expertise.

This solution extends the simplicity offered by HyperFlex.

  • This bundle is easy to order – There are 4x unique product IDs that package up our most popular HyperFlex configurations. You can choose from HyperFlex HX220c and HX240c with all flash or hybrid storage options. Pick the number of nodes with a minimum of 3 and maximum of 8. Pick a pair of fabric interconnect. Pick power cable appropriate for your country. Add memory or vSphere Enterprise licenses as options. And select software subscription duration – 1, 3 or 5 year. That’s it.
  • This bundle is easy to get started – The bundle is offered with a promotion that pays certified Enterprise Cloud Suite partners who are ready to install CloudCenter, set up public cloud, model a couple of application profiles for deployment, and bring users up to speed. You get started fast.
  • This bundle is easy to use – Users get single portal to deploy and manage workloads, in HyperFlex and Cloud, so they don’t need to learn multiple environment specific tools, or develop deep cloud API expertise. Users can share standard services or build their own. IT can easily create tags and link to policies that guide who can do what, where, when and for how long.

HyperFlex with CloudCenter offers a low impact way to evolve your cloud strategy without turning your IT organization inside out. And while preserving investments in your infrastructure.

4 – Full featured

HyperFlex with CloudCenter includes all CloudCenter features. This is not a limited use version that is restricted to some sub-set of features. Or, limited to use just on premises.  HyperFlex with CloudCenter supports all CloudCenter use cases that help deliver business value on HyperFlex infrastructure investment.

HyperFlex with CloudCenter has everything you need now, and has governance, security, multi-tenancy, cost controls and reporting — and everything you will need as your hybrid cloud strategy evolves over time.

5 – Limited Time Promotion

This bundle is offered at special adjusted list price for both HyperFlex and CloudCenter components. Category and partner discounts apply from there.

  • For those looking to explore CloudCenter added to their HyperFlex environment, the bundle price for HyperFlex with 1 year CloudCenter subscription – is roughly same price as HyperFlex alone. This is a low risk “buy and try” opportunity.
  • For those who already see the value of CloudCenter, this is a great opportunity to get a 3 or 5 year subscription and additional VMs at a really great price.

The bundle is enhanced with partner services used to deploy CloudCenter and accelerate time to value. Certified ECS Integrator partners are funded by ECS adoption incentive for CloudCenter installation.

If you are looking for an easy hybrid IT entry point, or wanting a more agile consumption model for your hyperconverged infrastructure – right now is the best time to ask your Cisco or Partner sales contact about HyperFlex with CloudCenter.

Read this At a Glance for more information.


Leave a comment

We’d love to hear from you! To earn points and badges for participating in the conversation, join Cisco Social Rewards. Your comment(s) will appear instantly on the live site. Spam, promotional and derogatory comments will be removed.

Is Your Branch Digital Ready?

– May 26, 2017 – 0 Comments

Today CIOs are stuck in the midst of technology trends. On the one hand, CIOs are under pressure to grow the business by transforming their traditional branch to a digital-ready branch. On the other hand, network admins ask for continued investment in mainstream applications to streamline day-to-day operations.

The dilemma is that CIOs cannot forgo investment in mainstream applications because those applications are the foundation of branch IT. But, to win against competition, CIOs need the features of a digital-ready branch. This leads to an allocation challenge because IT budgets are limited. In essence, this is a

Chicken-and-Egg problem:   CIOs want a digital ready branch to enable growth, but growth is required in order to increase the IT budget and invest in a digital ready branch

This problem grows larger as businesses expand to global locations in search of growth and continue to invest in low quality products, which eventually need to be replaced. Before your business dies under its own weight or it is too late, CIOs need a solution.


Cisco has your back! We solved this problem by designing a solution that does not need huge investment to transform your branch into a digital ready branch. After listening to many customers, we took this engineering challenge and innovated extremely dense yet powerful computing platforms (UCS E-series M3) for modular ISRs (Integrated Service Routers). Together with ISRs and new UCS E-series M3, our partnership with leading vSAN providers (VMware and StorMagic) and a wide variety of modules offer an unparalleled hyper-converged solution for your branch. With the following benefits, it is undoubtedly the best solution:

  • Less Incremental Cost – Add a new blade to your existing Cisco ISRs to enable a digital ready branch
  • Ease of Management – a highly consolidated solution that allows you to run both mainstream and digital-ready applications in one box
  • Effortless Scalability – scale to 1000s of branch offices with a single centralized orchestration software
  • Highly Real Estate Efficient – no other product can host all apps and modules in as small a footprint
  • Hyper-converged Capability – our solution is offered at a fraction of the cost of other market solutions




3 Key Differentiators:

  1. Broad palette of modules for Voice, Switch, T1, DSL, 4G and more.
  2. High Availability offerings from our industry leading vSAN partners (VMware and Stormagic)
  3. We designed UCS E-series M3 blades keeping in mind the number of applications and performance required for a digital ready branch. These shock-proof, dust-proof ninjas offer great performance even in tough environments.


This UCS E-Series blade is a one-of-a-kind – powerful, real-estate efficient, modular – hyper-converged solution. Bring this beauty to your branch and say goodbye, not only to your IT problems, but also to your competition!

We will offer a special bundle price promotion to all folks visiting us at our launch during Cisco Live Vegas (25-29 June’17). Stop by Demo POD 3 in Enterprise Network and Mobility section to experience the solution first-hand.

Feel free to reach to me on linkedin or twitter for further questions.

Look out for my next blog on Virtualization solutions.


Leave a comment

We’d love to hear from you! To earn points and badges for participating in the conversation, join Cisco Social Rewards. Your comment(s) will appear instantly on the live site. Spam, promotional and derogatory comments will be removed.

Cisco ACI and Citrix NetScaler win Best of Citrix Synergy 2017 Award

– May 25, 2017 – 0 Comments

The Best of Citrix Synergy 2017 award was announced today at Citrix synergy, Orlando. Read awards related Blog here. Check winner’s slideshow here.

Winner: Storage, Networking and Infrastructure—Cisco Network Automation Solution with Cisco ACI and Citrix NetScaler from Cisco

I want to extend my congratulations to the entire team at Cisco Insieme Business Unit and recognize their hard work in developing this award winning product.

Cisco appreciates the recognition from the Best of Synergy judges and it’s a great complement to the recognition ACI is getting from its customers. There was a multi-fold spike in customer interest for ACI throughout the event after the awards news was announced.

Visit us at Cisco Live 2017, to learn more about the Cisco ACI and Citrix NetScaler joint solution.


Related Links


Leave a comment

We’d love to hear from you! To earn points and badges for participating in the conversation, join Cisco Social Rewards. Your comment(s) will appear instantly on the live site. Spam, promotional and derogatory comments will be removed.

Cisco ACI and Vnomic bring Agility and Simplicity to Centurylink’s Cloud Managed Services

– May 24, 2017 – 0 Comments

Centurylink is a Global technology company. Centurylink Global IT Services group delivers a broad range of technology-enabled consulting and implementation services, including cloud enablement, big data-as-a-service, advanced decision sciences, digital commerce, managed security application development, and disaster recovery services. Its consulting services combined with extensive expertise in hosting, managing and optimizing SAP applications across business functions and industries, helps customers maximize their SAP workloads and reduce their total cost of ownership.

In this blog, I want to present the deployment successes experienced by Centurylink running SAP HANA on a Flexpod infrastructure powered by Cisco UCS, Cisco ACI and Vnomic.

Centurylink Challenges: Enterprise customers are struggling with how to respond to increased demand for SAP applications. Their IT organizations must deploy services quickly, then rapidly add or remove resources from already-running applications to meet user demand.  In addition, while adhering to the security and governance requirements, they must meet time, costs and service level requirements.

Why Centurylink looked at Vnomic and Cisco ACI as a favorable candidate? Being able to deploy instances of SAP HANA in just an hour vs. several months is a big deal for any organization.  SAP BW on HANA deployments have all the attributes of complex, dynamic applications that can benefit from Cisco ACI and FlexPod.  These include highly variable performance and scale demands, distributed users, virtual and physical resource requirements, different storage types, and 24/7 global availability.  Configuring and deploying these landscapes can take months and involves manual layout of new infrastructure and connectivity.  These long lead times limit the agility customers have to respond to variable business needs.

Traditional infrastructure, even in managed private hosting environments, doesn’t provide the speed and agility that a cloud hosted solution provides. Plus, it’s very expensive to operate an SAP environment.

Deployment environment at Centurylink The ability to scale the infrastructure is only half the story.  Customers need the ability to spin up new SAP landscapes, clone their systems/apps, perform refreshes, and instantiate development environments identical to production.  A cloud hosted SAP HANA service offering enables Service providers to meet those demands.

The Flexpod based production environment brings flexibility, scale and simplicity of operations for Centurylink.  First, the Cisco validated designs reduces risk and ensures compliance and security. Flexpod’s UCS compute units enables seamless scaling of blade server capacity (B260 and B460 blades as needed). Vnomic further automates and simplifies migration across different OS versions of RHEL with its built-in mapping facility and one-click application deployment. Cisco ACI with its policy based network automation is a key enabler of Centurylink Customer demands of fast realization of workloads and Cisco ACI+Vnomic make an ideal pair to achieving this business objective.

Centurylink operates a true Multi-tenant production environment in which UCS-M and APIC are shared resources, while the compute blades themselves are dedicated on a per-customer basis. Customers run multiple (4 different flavors) RHEL OS versions and Vnomic makes the application deployment across these flavors simple with its mapping automation and single click deployment. APIC enables creation of policy based application network profiles, which brings agility to the provisioning and configuration of network infrastructure.

Benefits of Cisco ACI+Vnomic solution

Centurylink realized significant benefits with the ACI-Vnomic joint solution. Foremost one is time-to-value, which enabled a new Customer BW HANA instance to be spun up in the order of hours from historical experience of weeks and months. Errors encountered in manual operations and downtime often cost anywhere from 10k to 10 million dollars in a typical SAP HANA operations environment. FlexPod based automation eliminated manual operations and reduced OPEX significantly.

“By partnering up with Vnomic and Cisco, we are able to solve a real problem in the market when it comes to enterprise level SAP deployments.  With their revolutionary policy driven models, this enables CenturyLink to take the pain out of manual deployments in various areas of the stack, reduce or eliminate manual handoffs between departments, and have the peace of mind that our infrastructure, end-to-end, is fully within SAP best practices and can prove this with full auditability.  For each VM or bare metal server we deploy, and Vnomic leveraging their deep level understanding of Cisco ACI, we are able to achieve 100% certainty that each image is fully compliant to SAP best practices.  With the deep level expertise of CenturyLink, our wide network reach, not to mention the recent acquisition of SEAL consulting; we are uniquely enabled in the market to address any SAP customer needs at any level.  By leveraging the partnership of CenturyLink, Cisco, NetApp, SAP and Vnomic we can now provide faster realization of investment to our customers and provide a fully managed, secure and private cloud solutions for Enterprise customers.”  Craig Belics, Centurylink Sr. Lead Product Manager

Cisco FlexPod offers unprecedented VM density and bare-metal performance capabilities and enables both physical and virtual workloads to co-exist on same blade server. Moreover, FlexPod’s Pre-tested, pre-validated Cisco validated designs reduces risk, and ensures configurations are aligned with SAP best practices.

Governance and auditability from application to infrastructure is simplified with Vnomic’s ability to use declarative constraint based modeling to enforce the policies and keep track of all the changes for auditability requirements. Moreover, Vnomic shows application and infrastructure dependencies. ACI’s contracts, service graphs, and system log files complies with SOX and enables compliance reports and forensic analysis required of enterprise-grade cloud deployments.


Centurylink is delivering the next generation of SAP HANA landscapes solutions using FlexPod powered by Cisco ACI and Vnomic.

This innovative solution enables Centurylink to deliver complete SAP HANA system and landscape in hours rather than months, while meeting all of the SAP best practices as well as security, governance and compliance requirements, thanks to the innovative Vnomic declarative and constraint based modeling technologies  that automates the SAP landscape delivery, governance and auditability end to end.

Related Links

Centurylink press release

Solution Video Overview:


Leave a comment

We’d love to hear from you! To earn points and badges for participating in the conversation, join Cisco Social Rewards. Your comment(s) will appear instantly on the live site. Spam, promotional and derogatory comments will be removed.

Data Center High Availability Redefined

– May 23, 2017 – 0 Comments

The recent mega-outage in Amazon Web Services (AWS) knocked off a plethora of websites as well as various applications, security cameras, IoT gears etc. Cloud outages such as these have a huge impact on a global scale. With the rapid adoption of the cloud over the last few years, data centers are expected to be fully functional 24/7, 365 days a year with close to zero downtime.

To ensure minimal downtime, IT spends considerably on resilient network designs, and highly available maintenance technologies. Cisco has come a long way with evolution of software upgrade mechanisms with In Service Software Upgrade (ISSU) and the protocol extensions that facilitate ISSU for the Data Center Network Operating System (NX-OS). Some key features in this area include: separation of data plane and control plane, support for process restart-ability, ability to patch software, and support for non-stop forwarding.

ISSU is a comprehensive and transparent software upgrade capability. ISSU capability extends Cisco’s high availability innovations for minimizing planned downtime for data center networks. The ability to perform ISSU has always been admired and a prime customer ask since many years, so that they can update to newer software versions without having to take the network element offline. This significantly benefits the network administrators and operators with respect to serviceability and high availability of network resources.

Even though ISSU has significant advantages, achieving consistent and predictable behavior in a finite time requires sophisticated orchestration with high precision. The complexity is further amplified with the need to upgrade with zero packet loss in the data plane and minimal control plane downtime to mitigate any network wide disruption.

Cisco NX-OS has made tremendous strides over the years in providing the much needed ISSU support for data center network deployments.  The entire spectrum is covered, starting with various form factors of the modular chassis with dual supervisor cards, to Top of Rack (ToR) switches with single supervisor cards. In the past, with dual supervisor cards, both zero packet loss in data plane and minimal control plane downtime was available. However, ISSU for ToRs only provided zero packet loss in the data plane. Control plane downtime ranged in the order of 50-90 seconds.

Starting from the October 2016 release, NX-OS supports minimal control plane downtime, even on ToRs. This has been made possible by using NX-OS with Linux containers. Support for NXOS in containers and using that for ISSU on ToRs is a unique and innovative solution that solves a real customer problem.  Additional benefits of this container-based ISSU on NX-OS include:

  • The entire upgrade process is accomplished with a single command that is consistent across all NX-OS platforms.
  • Control plane downtime is bounded and independent of the configuration and scale.
  • No need to upgrade network elements in a different way depending on their role in the network.
  • Multiple nodes can be upgraded in parallel thereby providing considerable time savings in upgrading the entire network.

Container based ISSU has been shipping on the Nexus 9000 ToR platforms starting from the 7.0(3)I5(1) NX-OS release. The feedback for this feature has been overwhelmingly positive, especially from customers at the recent Customer Advisory Board and Cisco Live Berlin 2017 events. Among others, EBay and BMW have been actively engaged in this endeavour since its inception. See the following short video to get a brief overview of the container-based ISSU functionality on the Nexus 9000 ToR switches.


Leave a comment

We’d love to hear from you! To earn points and badges for participating in the conversation, join Cisco Social Rewards. Your comment(s) will appear instantly on the live site. Spam, promotional and derogatory comments will be removed.

Cisco HyperFlex Joins Citrix HCI Workspace Appliance Program

– May 23, 2017 – 0 Comments

Today during Citrix Synergy’s Technology keynote, Calvin Hsu – Citrix Vice President of Product Marketing – announced Cisco’s participation in the Citrix HCI Workspace Appliance program. The Citrix HCI Workspace Appliance initiative enables hyperconverged infrastructure appliances, such as Cisco HyperFlex, to connect to the Citrix cloud to automate the setup and maintenance of Citrix XenDesktop and XenApp deployments.

The Citrix Workspace Appliance program was launched a few months ago at Citrix Summit, and shortly thereafter the Cisco and Citrix teams started collaborating on a HyperFlex solution. As Christian Reilly, Citrix Vice President of Global Product and Technology Strategy, stated recently, Cisco and Citrix’s collaboration goes back a long time (in IT years) and is more than just a marketing relationship but is about the products and joint engineering work.


Cisco HyperFlex

With HyperFlex, Cisco has one of the most differentiated hyperconverged architectures (HCI) in the market with joint engineering of the UCS fabric-computing platform with a data platform built from scratch specifically for HCI with virtualization options. The approach, with deep hardware and software integration across compute, storage, and networking delivers industry-leading proven performance and predictability. The recently announced HyperFlex 2.5 release innovates in next gen stand-alone management via HyperFlex Connect, which paves the foundation to a non-vtax hypervisor strategy.

Cisco HyperFlex joins the Citrix HCI Workspace Appliance Program

Cisco HyperFlex does a great job at automating the setup and provisioning of the hyperconverged infrastructure and provides users with ready to use pools of resources for their workloads. What Citrix HCI Workspace Appliance provides is a hybrid cloud desktop solution on top of the HyperFlex infrastructure. This way you get all the benefits of having flexible on-prem hyperconverged infrastructure in your own data center managed by Citrix cloud. In other words you keep your workloads safely on-prem with your data, and the control plane in the cloud.

We are excited about joining the Citrix HCI Workspace Appliance program. This announcement is just the beginning and we are looking forward to continuing our joint engineering work with Citrix to deliver the components needed to bring this solution to fruition. So stay tuned and come by Cisco booth 202 at Synergy to talk to our technical team about what Cisco HyperFlex joining the Citrix HCI Workspace Appliance initiative means for your business.



Leave a comment

We’d love to hear from you! To earn points and badges for participating in the conversation, join Cisco Social Rewards. Your comment(s) will appear instantly on the live site. Spam, promotional and derogatory comments will be removed.

New Frontiers: Quality of Service Without the Pain

– May 23, 2017 – 0 Comments

Episode 1: Quality of Service Made Simple

Quality of Service (QoS) is a critical requirement to an optimal user experience on the network. Having the right priority across voice, video, and data traffic can be the difference between a good and great network. Yet ask any networking professional and they will tell you: QoS is tough. It is often expensive, difficult to deploy, and a pain to troubleshoot and update. It is a complex technology that is only becoming more complicated as additional devices and applications are added to the network.

QoS does not need to be this tough. It is at its best when the user doesn’t even notice it. It is one of the most important and pervasively deployed networking technologies because it can make a huge impact on both network performance and employee productivity. QoS may be complex, difficult and time consuming to manage, but it is something all network-reliant businesses need.

Cisco is fundamentally transforming the network through our Digital Network Architecture (you can read about it here). DNA is helping IT departments around the world focus on innovation and transformation, rather than on maintenance. It gives IT the agility it needs to keep up with the speed of change in today’s businesses.

The largest barrier to deploying effective QoS is not the infrastructure itself, but rather the operational complexity of management and configuration. DNA removes this complexity through Cisco EasyQoS. Instead of IT having to understand the inner workings of each networking device and how to prioritize individual applications, they just need to know what applications are important to their business. No more difficult configurations – it is now as simple as choosing which applications are business relevant and letting EasyQoS do the rest.

IT can be transformative given the time and the tools to do so. Cisco DNA and EasyQoS offer both.

Episode one of Cisco’s five-part innovation series, “New Frontiers: IT Innovations in 5 minutes,” will explore the benefits of transforming your network, starting with QoS. In this episode, you’ll meet Tim, who explains what EasyQoS is and how it makes network management simpler and easier, for a much better experience.


Leave a comment

We’d love to hear from you! To earn points and badges for participating in the conversation, join Cisco Social Rewards. Your comment(s) will appear instantly on the live site. Spam, promotional and derogatory comments will be removed.