In late January I attended Cisco Live Europe in Barcelona, it certainly made a nice change going to a winter Cisco Live without having to bring several layers of clothing.
Like most people I’m generally too busy the rest of the year to make classroom lead training courses so Cisco live for me is a great opportunity to refresh my knowledge and skills, catch up with what’s new and learn first-hand from some of the best techies in the industry.
But just as importantly I get a chance to catch-up with my peers in other firms and chat about what they are up to, as a strong believer in communities, for the most part I don’t see “competitor’s” just “friends who happen to work for other companies”.
A wise man once said “A day without learning, is a day wasted”
So here’s what I got up to at Cisco Live!
Walk-In Self-Paced Labs
One of my favourite resources at Cisco Live is the Walk-In Self-Paced Labs (WISP Labs) these are guided labs many of which are not available on Ciscos dCloud. These maybe an introduction to a recent addition to the Cisco portfolio or a pre-designed scenario on a particular product or solution. As its name suggests you do not need to pre-book these just wander up and pick your lab. Another great aspect of the WISP labs is that the actual author of the lab is there to assist you and answer any questions.
One of the WISP labs I found really useful was on automating Cisco ACI with Python, now I’m no programmer so it was great to have a chance to do a guided lab on tools that are available to bring network programmability skills to the “traditional networker” Tools like the Cobra SDK which is a set of Python utilities for interfacing with the APIC. If you would like to have a play with automating Cisco ACI with tools like Python or Ansible then a great resource is the ACI Programmability lab on Cisco DEVNET Learning Labs.
Ciscos UCS based HyperFlex, received a welcome update to version 3.0 under the strap line: Any App, Any Cloud, Any Scale.
Notable updates being around scale, both upwards and downwards as HyperFlex now supports up to 64 nodes per cluster as well as allowing those clusters to be stretched between sites. But just as importantly for those smaller use cases such as remote office/branch office (ROBO), air gapped DMZs, plus anywhere that compute power needs to be closer to users, there is now an option with HyperFlex Edge of a 3 node cluster without the need for the fabric interconnects so a very cost effective solution. While all being centrally managed either on premises or via Cisco cloud offering Intersight.
Network Assurance Engine
Working a lot as I do with Cisco ACI I really liked the look of Cisco’s Network Assurance Engine (code name Candid). Now those of you who have worked with Cisco ACI will know that the alerting may not be as human friendly as it could be. Plus it is not always obvious that your Cisco ACI configuration meets both a best practice as well as your own corporate policies and constraints. Well the Network Assurance Engine does just that, by ensuring your Cisco ACI implementation is adhering to both your Security and Networking compliance.
You define your policies, intent and compliancy requirements in very user friendly rules, the Network Assurance Engine then evaluates your Cisco ACI configuration and identifies any policy violations or configuration issues and reports them back in very easily to interpret smart alerts. The smart alerts then hyperlink you to exactly the configuration or lack of that is violating your defined policy and recommends the remedial action.
Network Assurance Engine can also predict the impact of any changes significantly reducing risk of human error or induced network failures. Gone are the days of “I don’t think this will impact production services”
Cisco champions tour of the innovation lounge
This was certainly one of the highlights and a great benefit of the Cisco champions program, where the champions, after a briefing about, no cameras, or blogging on the details of what we may see or hear, were given access to the innovation lounge, an area where the actual Cisco engineers were demonstrating the products and concepts currently in development. Walking round I certainly felt like the children exploring Willy Wonkers chocolate room! with pure imagination and innovation at every turn.
For my part having a keen interest in crypto currencies it was great to see what Cisco was doing around blockchain technology. Like Clouds blockchains can be public, private or community. Anyone can create a blockchain, the open source software is freely available. The essence of a blockchain being that there are no servers only clients and that each have a full copy of the database (distributed ledger) and then by the use of cryptography maintain a consensus that the database has not been tampered with or fraudulently altered.
The demo that was being shown was the use of a distributed ledger (blockchain) for asset tracking, in this case 2 Cisco gbics which looked identical were scanned, one of which was immediately validated by a blockchain lookup but the other declared counterfeit. For the valid gbic every stage (transaction) in its life cycle could then be seen from manufacture to delivery and all stages between. Imagine being able to scan a joint of beef in your local supermarket with your mobile phone and see the complete history of that animal from its birth to putting on the shelf in front of you. Just one use for blockchain technology.
One things for sure blockchain brings a level of trust to digital business unheard of til now.
And as you can imagine in a topology where there are no servers and all traffic is peer to peer (east/west) with potentially millions of nodes, this will require a complete rethink on application management, control, orchestration and the need to push security and policy right to the edge of the network.
As a bit of a metal head I grew up listening to bands like Iron Maiden, Metalica and Pantera, so imagine my surprise to hear that the guest keymote speaker was due to be none other than Bruce Dickinson the lead singer with Iron Maiden! Now that was a keynote I was not going to miss. And another awesome benefit was that as a Cisco champion we all had prime reserved ringside seating.
While I had no expectation of what Bruce would be like as a speaker, he was far from the heavy metal stereotype many would expect. A very intelligent, funny and entertaining guy, with some great road stories. He explained that he had always wanted to tour Australia but the logistics of plane hires and getting all the band and kit to the other side of the world was always cost prohibitive. So he decided to train as a pilot, ended up working for commercial airlines for 10 years and then had the idea of renting a jumbo jet in the off season (many jumbos are parked up and stored in off peak seasons) so it was relatively cheap, bundled the whole band, kit and crew in it and flew it himself to Australia, and treated it as their own “flying carpet” The running theme of Bruce’s talk was innovation and entrepreneurialism, as he had developed several business out of renting these “stored aircrafts” he even has a company that manufactures edible drones, that can be flown in to deliver the first aid to a disaster zone even before human aid can get there, all in all a great speaker and I would thoroughly recommend him as a keynote speaker.
Hope to see you all back in Barcelona next year!
There is a saying that “The early bird catches the worm!” but I say “but it’s the 2nd mouse that gets the cheese!” In short apologies for the lateness of this post 🙂
This year was my first year as a VMware vExpert and through that program VMware kindly offered me a “blogger pass” to attend VMworld Barcelona.
Having a great interest in software defined networking in general and VMware NSX in particular I was keen to focus on what VMware are doing in this space along with their general Software-Defined Data Center (SDDC) strategy and offerings. So I have picked a couple of topics that were of particular interest to me.
VMware Cloud Foundation:
We are all familiar with vendors like VCE (now Dell EMC Converged Platforms) who create Vblocks, which are fully qualified Converged Infrastructures, where all components of the system, compute, storage, networking and virtualisation are vigorously tested and version controlled to ensure optimal compatibility and performance. Well VMware have created the VMware Cloud Foundation (VCF) which does the same thing for the whole SDDC whether deploying on a private, public or hybrid cloud.
VCF combines VMware vSphere (Compute), vSAN (Storage) and NSX (Networking and Security) into a tightly integrated stack with automation, upgrades and life cycle management via SDDC Manager.
The benefits and value of adopting a VCF solution include:
- Accelerated time to market resulting from the reduced design, testing and implementation times.
- Reduced maintenance and Opex from features like one click automated upgrades.
- Repeatable solution for multi-site deployments.
- Validated integration with public cloud providers, allowing mobility of workloads between private and public clouds.
You can either buy a fully pre-built SDDC with all the cloud foundation software pre-loaded, currently available on the Dell EMC VxRack platform or you can build your own as long as long as you adhere to the VMware Cloud Foundation compatibility guide. I’m sure you’ll all be glad to hear that Cisco UCS C240 is on there.
Just like a Vblock has it’s Release Certification Matrix (RCM) a VCF SDDC has its VCF matrix which details the hardware and software combinations that have been validated for that particular version. Valid upgrade paths to later versions are also detailed in the release notes of the particular VCF Version.
vRealize Network Insight:
One of the largest customer concerns when looking to migrate from a traditional “black list” network to a software defined “white list” model, is will my application still work in the new environment?
In the traditional black list model all communication is allowed by default unless specifically blocked by a firewall or access control list, whereas in a software defined “white list” model all traffic is denied by default unless specifically permitted. This means that all flows for all applications need to be known and understood, and those flows allowed in the new software defined environment.
There are of course lots of methods and discovery tools out there that assist with application discovery and dependency mapping, but they all differ greatly in usefulness, functionality and cost.
While at VMworld I have been looking into, and having a play with vRealize Network Insight (vRNI) which was a result of the Arkin acquisition June 2016.
Not part of the vRealize suite but rather an add-on service to VMware NSX and licenced according to the number of NSX CPU licences.
vRNI provides both a day 0 assessment in order to do a “underlay readiness and health check to be confident the underlay network is healthy, happy and NSX ready. vRNI can then be used to analyse and report on all the traffic within the network, automatically group workloads into security groups and then create the required NSX distributed firewall rules required between those security groups.
The security advantages of a zero trust/least privilege network are well understood and only allowing the flows you need on a network is certainly the way forward. I am in the process writing a full blog review of vRNI and as such will not elaborate further on it in this post.
It was also great to see VMware recognising and putting on an event for Cisco CCIEs. In a world of ever growing automation and GUI’s it is a common topic on whether you still need to understand all this “networking stuff” that goes on, often “under the covers” in many cases. As someone who has been involved in many software defined / overlay networking issues my answer to that, is absolutely! Having a good strong foundation of network knowledge and troubleshooting skills will only help you when designing and troubleshooting a network of any description.
While there were several great sessions and receptions, I guess the highlight of my VMworld was that a small group of “NSX VIPs” were given the opportunity of an open forum round table with VMware CEO Pat Gelsinger, where we could just ask any questions we liked. I was very impressed with Pats technical knowledge regarding many of the products in the VMware portfolio particularly NSX.
One of the topics of discussion was the evolution of NSX-T, (VMware’s NSX offering for multi-cloud, multi-hypervisor, and container environments) and it’s eventual replacement of NSX-V (The VMware only product)
While this transition will certainly be over some time, the majority of R&D and new features will be targeted at NSX-T.
All in all a great experience at VMworld Europe 2017!
A few times recently I have been asked how I went about expanding my skill set to include software defined networking solutions after being a “traditional networker” for the past 20 years. So here is my story so far.
Three years or so ago, having achieved my 2nd CCIE, I was looking for my next challenge, Software Defined Networking (SDN) was already gaining momentum and so I looked at what I could do in that space. I already had a fairly good handle on Cisco Application Centric Infrastructure (ACI) but at the time there were no certification tracks geared around Cisco ACI.
VMware NSX seemed the obvious choice, I was already familiar with the Nicira solution prior to the VMware acquisition, along with the fact that NSX being a Network Function Virtualisation (NFV) based solution, uses constructs that are very easy for “traditional networkers” to understand, i.e if you know what a physical router does and how to configure it, then it isn’t much of a departure to understand and configure a distributed logical router (dLR) in NSX, and the same thing goes for NSX logical switches and firewalls.
If you’re familiar with setting up emulators like GNS3 and Cisco VIRL then again you’re already adept at setting up virtual networks so the gap to understanding and configuring NSX really isn’t that much to bridge.
Like most people when trying to learn something new I started playing with NSX in a home lab environment, just a couple of low grade dual core servers with 64GB RAM in each was plenty to create a nested NSX environment, but I quickly found the VMware Hands on Labs (http://labs.hol.vmware.com/HOL/catalogs/catalog/681) were so available and functional that I pretty much just used them instead.
I Progressed to VCP-NV (VCP-Network Virtualisation) and then attended the “NSX Ninja” 2 week boot camp, on the back of which I took and passed (2nd time round) the VCIX-NV (Implementation Expert) an intense 3hr practical assessment on building and troubleshooting an NSX solution.
The NSX Ninja course was great! taught by Paul Mancuso @pmancuso and Chris McCain @hcmccain and gave a great insight into the process of submitting and defending a VCDX-NV (Design Expert) design. VCDX-NV being my main goal for this year which requires the submission of an NSX design and then you defend that design to a panel of experts. The NSX Ninja course was possibly one of the best courses I have ever attended, purely for the amount of interaction and constructive feedback.
Of course what also stood me in great stead was the invaluable experience I had picked up, having spent 3 years working with NSX day in and day out, and having now delivered 3 large production deployments in multi vCenter cross site topologies, as no matter how much training you do, nothing quite burns in that knowledge than working in the field delivering solutions meeting real customer’s business requirements.
As with most expert level certifications it is not reaching the destination that makes you an expert, it’s what you learn and the scars you pick up along the path.
This year I was very proud to be selected as a vExpert and am very much looking forward to participating in the program.
Good luck on your own journeys.
Today Cisco announced the Cisco UCS S Series line of storage servers.
Now the more eagle eyed among you may think that the new Cisco UCS S3260 Storage Server looks very much like the Cisco UCS C3260 Rack server (Colusa), well you wouldn’t be too far off, however the S3260 has been well and truly “Pimped” to address the changing needs of a modern storage solution, particularly an extremely cost effective building block in a Hybrid Cloud environment.
The C-3160/C-3260 was particularly suited to large cost effective cooler storage solutions, that is to say the retention of less / inactive data on a long-term or indefinite basis at low cost, use cases being, archive or video surveillance etc.. The fact is data is getting bigger and warmer all time time and it shows no signs of slowing down anytime soon. And even on these traditional colder storage solutions the requirement for real time analytics on this data is requiring an ever increasing amount of compute coupled with this storage.
So Cisco have created this next generation of Storage Server to meet these evolving needs.
If there is a single word to describe the new Cisco UCS S-Series it is “Flexibility” as it can be configured for:
Any Performance, Right sized to any workload
Any Capacity, Scale to Petabytes in minutes
Any Storage: Disk, SSD or NVMe
Any Connectivity. Unified I/O and Native Fiber Channel
- Fully UCS Manager Integrated
Since UCS Manager 3.1 (Grenada) all Cisco UCS products are supported under a single code release, including the S-Series storage servers (UCSM 3.1.2)
- Modular Components to allow independent scaling.
As we know different components generally have different development cycles, the S-Series storage servers are built with a modular architecture to allow components be upgraded independently, for example, as and when the 100Gbps I/O module is released it’s a simple I/O module replacement, similarly when the Intel Skylake Purley platform (E2600 v5) is available it’s just a server module upgrade.
- Up to 600TB in a 4U Chassis, then scales out beyond that in additional 4U Chassis
- 90TB SSD Flash
As can be seen below the Cisco UCS S3260 can house up to 2 x Dual Socket M3 or M4 Server nodes, but you also have options of using a single server node then adding either an additional Disk Expansion module , or an additional I/O Expansion module.
Server Node Options.
System I/O Controller
The 2 Fabric (SIOC) modules map to each of the server nodes, i.e Fabric Module 1 to Server Node 1 and Fabric Module 2 to Server Node 2. This provides up to a 160Gb of bandwidth to each 4U chassis.
Disk Expansion Module.
Adds up to another 40TB of storage capacity to reach 600TB Max, Support for 4TB, 6TB, 8TB, 10TB drives
I/O Expansion Module
In order to allow for the maximum amount of flexibility with regards to connectivity or acceleration Cisco have the option of an I/O expansion module to allow additional Ethernet or Fiber Channel (Target and Initiator) connectivity options.
Flash Memory from Fusion I/O or SanDisk are also supported.
I/O Expansion Module 3rd Party Options.
Cisco UCS S-Series Configuration Options.
The figure below shows the various configuration options depending on how you wish to optimize the server.
Where does Cisco UCS S-Series fit?
Cisco are positioning the S-Series as a pure infrastructure play, they are not bundling any Software Defined Storage (SDS) software on it, as that space if filled with the Cisco HyperFlex Solution, but perhaps the S-Series could be an option for a huge storage optimized HyperFlex node in the future.
That does not of course preclude you from running your own SDS software on the s3260, like VMware VSAN for example.
And for clients that want that off the shelf pre-engineered solution then solutions like vBlock/VxBlock or FlexPod are still there to fill that need.
One thing’s for sure still lots of innovation planned in this space, in the words of Captain Jean-Luc Picard ” Plenty of letters left in the alphabet”
For more information refer to the Cisco UCS S-Series Video Portal