Recorded for Cisco Champions Radio at Cisco Live Europe 2019 Barcelona.
Recorded for Cisco Champions Radio at Cisco Live Europe 2019 Barcelona.
I’m sure by now you have heard of Cisco Intersight. Intersight is Cisco’s SaaS offering for monitoring and managing all your Cisco UCS and Hyperflex platforms from a single cloud based GUI. And the best part is the base licence and functionality is completely free!
This video walks you through the simple steps for setting up your Cisco Intersight account and registering your devices!
Let me know in the comments if you are using Cisco Intersight and how you are finding it. I for instance now have complete visibility of all our Cisco UCS and Hyperflex systems from my mobile phone and it doesn’t cost a penny!
Another great Cisco Live Europe this year, as usual as the week progresses the dummer I feel, as I see there is still so many topics I don’t know enough about. But as always I come away wiser and with a huge list of topics to research further, as well as ideas for labs to stand up and play with.
I will be delving deeper into some of the below topics in future posts, but in the meantime here’s a high level list of topics I found interesting.
The running theme of many of the tech sessions that I attended was Anywhere. The flexibility to run workloads or extend policy anywhere you need to regardless of whether that be within a data center, on the edge, across data centers out to a branch or into a public cloud or multiclouds while maintaining a consistent policy model. And managing it all from a unified UI that abstracts the different underlying technologies.
Cisco announced ACI Anywhere which essentially means being able to deploy or extend your policy and security requirements anywhere they are needed, whether on premises or in an public cloud (AWS or Azure). Most of the setup requirements for this are automated with the results being a central user interface Multisite Orchestrator (MSO) from which you can then create your policy and select the site or sites that you wish to deploy the policy to. All ACI to public cloud construct mappings are handled automatically with no knowledge of AWS or Azure required. I see this being of real interest to customers, and should accelerate the adoption of Cisco ACI. Cisco also have a “Cloud First” use case for ACI Anywhere, where there is no on premises location at all, just Cisco ACI deployed into the public cloud or clouds, normalising policy between them.
Additional enablers for ACI Anywhere are:
Remote Leaf: Allows extending the ACI fabric out to a remote location or Co-Lo without having to also deploy ACI Spines or APICs there. This being a physical pair of leaf switches bare-metal and virtual workloads are supported.
Virtual Pod: vPod is similar to remote leaf however it is a software only solution. vPod is made up of virtual spines (vSpines), virtual leafs (vLeafs) and ACI Virtual Edges (AVEs) that are deployed on a hyper-visor infrastructure, thus designed for a virtual environment.
When I first saw vPod I did wonder whether this could be the first step of being able to run Cisco ACI on non Cisco hardware. When I asked this question, the answer was “It’s theoretically possible”
Cisco also announced numerous new updates in the soon to be released 4.0 code for its UCS based hyper-converged offering, Cisco Hyperflex (Cisco HX). Hyperflex Anywhere gives the ability to deploy workloads on an HX cluster anywhere they are required whether that be in the DC or out at the edge. Many customers have the requirement of moving the data closer to the users, the fact is the data center is no longer the center for data! Hyperflex edge allows a 2 – 4 node cluster to be deployed, with no Fabric Interconnects required and the flexibility of 1 or 10Gbs connectivity. And I know what you are thinking, a 2 node cluster? how would consensus work there to prevent a split brain scenario, well Cisco have thought about that, and use a virtual cloud VM as part of Cisco Intersight to act as a cloud witness, …clever!
This setup would give customers a significant cost saving by minimising the equipment required at the edge or remote location while providing a consistent platform and centralised management.
The deployment of a Hyperflex edge cluster can also be automated from Cisco Intersight to allow for zero touch provisioning (ZTP) from the factory to these remote locations, including incorporating SD-WAN virtual appliances if required.
The other significant updates announced with Cisco HX 4.0 were performance related.
All NVMe Node:
Cisco have partnered closely with Intel to develop the HX220c M5 All NVMe node untilising Intel Optane caching and all NVMe capacity drives. As we know compared to SSDs, NVMe is crazy fast, which has the potential to move the age old choke point in any system from the drives to the I/O bus, requiring I/O evolution or DIMM form factors.
HyperFlex Acceleration Engine:
The HyperFlex Acceleration Engine is an optional PCIe I/O card which off loads the always on compression from the CPU, freeing up more of those valuable CPU cycles for workloads.
Intersight is Cisco’s SaaS management portal for UCS Servers and HX clusters. It automates monitoring, logging of TAC cases and collecting and uploading logs. There are 2 licence options available Basics and Essentials. Basics is free and gives you monitoring, automated call logging of all your UCS and HX servers. In addition Essentials gives the capability to KVM Servers, deploy and monitor the hypervisor OS and version check drivers against the vendors HCL. There is also an on prem Virtual Intersight appliance option for clients that for whatever reason cannot use the SaaS offering.
In many of the chats I had at Cisco Live it was repeatably mentioned that there is a huge amount of R&D going in to Intersight with much more functionality planned especially around orchestration and automation. So well worth setting your self up a free Intersight account and adding your Cisco UCS or Hyperflex Clusters to it. You could even add UCS Platform Emulator instances to it if you just want a play for now.
Over the last several years the role of the network engineer has been rapidly evolving, moving from CLI to API configuration methods, and focusing on network programmability and automation of repetitive or tedious tasks. Cisco are certainly enabling this evolution with the myriad of classroom sessions and labs available around automating and orchestrating the network and have a huge amount of free training offerings at DevNet developer.cisco.com
As in previous years Cisco again raised the bar with the quality of the DevNet sessions at Cisco live, and giving some great real world examples of where automation can make such a difference.
Automating the network does not change the what it changes the how, so you still need to understand networking, automation just gives you more tools to get the same job done, but in a smarter more efficient and deterministic way. It must be said, there is no single or magic recipe to automate the network, it requires consultation with the client, to determine their requirements, current skill set and tooling preferences.
Concepts that the Network Engineer would greatly benefit from include:
So that’s what I got up to last week, a great week in all, and Save the Date for Cisco Live Europe 2020, back in Barcelona. January 27-31! Hope to see you there!
Back in February of this year, when I read an article in The Register, announcing that Raghu Nambiar, the then chief technology officer for UCS servers had joined AMD. I didn’t think too much of it, but when I also saw that AMD were, for the first time (in my memory), exhibiting at Cisco Live, My right eyebrow rose in a particular “Roger Moore esque” manner, and I sensed something may well be afoot.
Some of you may well have noticed that even since 2009 there has always been an AMD CPU server qualification policy in Cisco UCS Manager , and several years ago I did bring this up with Cisco, as to why in an exclusively Intel based product would need such a policy, to which, if memory serves, the answer at the time was “never say never”
Well today that “prophecy” was fulfilled with the announcement of the Cisco UCS C4200 chassis which can house up to 4 x C125 M5 server nodes which are exclusively AMD EPYC based.
Now I know what you are all probably thinking, a modular UCS server? didn’t Cisco already try this with the M-Series which they decided end of life back 2016. But the answer is NO! the M-Series was a completely different beast, which was geared around host “dis-aggregation” with larger numbers of much smaller spec hosts built upon the lower spec Intel XEON E3 CPUs, with shared I/O and shared disks not to mention the M-Series was UCSM managed only.
In contrast the C4200/C125 M5 has the following specs.
C4200 2 Rack Units chassis contains up to 4 x C125 M5 Server nodes
24 drives per C4200, 6 dedicated to each node, 2 of those 6 can be NVMe
2 x AMD EPYC 7100 Series CPUs up to 32 Cores each
Up to 2TB RAM per node
Up to 46.8 TB HDU per node (6 x 7.8 TB SSD)
2 x 2400W PSUs
Optional 4th Gen VIC 10/25/40/50/100Gbps (to be released later this year.)
Plus the C125 can be managed by UCS Manager, UCS Central, from the Cloud with Cisco Intersight, Stand-a-lone CIMC, or 3rd Party tools.
If there are 3 words that describe why Cisco have chosen the AMD EPYC CPU along with the modular form factor, they would be Density, Density and Density as it is possible to pack a whopping 128 Cores per Unit of rack space. The graphic below compares density volumetrics against the UCS C220 rack mount server
But all these “speeds and feeds” stats are great, but what business requirements will these new servers address? and what particular workloads or industries will particularly benefit from them? Well as can be seen in the below graphic, Cisco are positioning the C125 for any compute intensive applications or where an exceptional amount of compute density is required, as well as Gaming/E-Gaming. And interestingly Cisco also list High Frequency Trading (HFT) and enterprise High Performance Compute (HPC) as a particular use case for the C125 markets that up until now Cisco had never actively targeted, Which would explain the addition of the Open Compute Project (OCP) 2.0 Mez slot supporting options such as InfiniBand for ultra low latency networking..
As ever with the Cisco UCS family it’s all about options and Flexability and while there are several “all rounder” options there are definitely sweet spots for certain UCS family members. Bill Shields of Cisco has produced a nice radar diagram below to guide you as to these sweet spots depending what use cases you are looking to address.
As you can see the C125 M5 wins out in the density areas, but if minimal cabling is a priority then Blades are a great option or the S3260 servers for maximum storage. The reality being that a combination of these servers may well be the best overall solution in many cases, hitting that optimised price point for each element of the solution.
Sharing that storage!
While Cisco have not announced any Software Defined Storage (SDS) option for the C125 I think it would also make a great Hyperconverged node and as Cisco already have HX Data Platform in the portfolio it would make great sense to combine the 2. So who knows we may see Cisco “HyperFlex Up” the C125 M5 in the future. But in the meantime there is always the option to run an SDS solution like StorMagic or VMware VSAN if that’s the way you want to go. But of course traditional NAS and SAN solutions are also very valid storage options.
For me the big differentiation of Cisco UCS has always been the management Eco system. It is a huge plus to be able to manage hundreds of servers as easy as one. And having that management platform available on premises or from the cloud and covering the whole UCS family regardless of whether they are blades, rack mounts, modular or Hyper-converged nodes is a huge Cisco USP.
Links for further reading
For more information and data sheets on the C4200 and C125 click here
Rather than me call out the different pros and cons of AMD vs Intel, prices per watt and Thermal Design Power (TDP) stats etc.. AnandTech do a great job of an independent “Apples with Apples” comparison of how the AMD EPYC CPU compares to the Intel Skylake CPU Here.
As always let me know your thoughts in the comments!
Link to Cisco HyperFlex worksheet used in the video
In late January I attended Cisco Live Europe in Barcelona, it certainly made a nice change going to a winter Cisco Live without having to bring several layers of clothing.
Like most people I’m generally too busy the rest of the year to make classroom lead training courses so Cisco live for me is a great opportunity to refresh my knowledge and skills, catch up with what’s new and learn first-hand from some of the best techies in the industry.
But just as importantly I get a chance to catch-up with my peers in other firms and chat about what they are up to, as a strong believer in communities, for the most part I don’t see “competitor’s” just “friends who happen to work for other companies”.
A wise man once said “A day without learning, is a day wasted”
So here’s what I got up to at Cisco Live!
One of my favourite resources at Cisco Live is the Walk-In Self-Paced Labs (WISP Labs) these are guided labs many of which are not available on Ciscos dCloud. These maybe an introduction to a recent addition to the Cisco portfolio or a pre-designed scenario on a particular product or solution. As its name suggests you do not need to pre-book these just wander up and pick your lab. Another great aspect of the WISP labs is that the actual author of the lab is there to assist you and answer any questions.
One of the WISP labs I found really useful was on automating Cisco ACI with Python, now I’m no programmer so it was great to have a chance to do a guided lab on tools that are available to bring network programmability skills to the “traditional networker” Tools like the Cobra SDK which is a set of Python utilities for interfacing with the APIC. If you would like to have a play with automating Cisco ACI with tools like Python or Ansible then a great resource is the ACI Programmability lab on Cisco DEVNET Learning Labs.
Ciscos UCS based HyperFlex, received a welcome update to version 3.0 under the strap line: Any App, Any Cloud, Any Scale.
Notable updates being around scale, both upwards and downwards as HyperFlex now supports up to 64 nodes per cluster as well as allowing those clusters to be stretched between sites. But just as importantly for those smaller use cases such as remote office/branch office (ROBO), air gapped DMZs, plus anywhere that compute power needs to be closer to users, there is now an option with HyperFlex Edge of a 3 node cluster without the need for the fabric interconnects so a very cost effective solution. While all being centrally managed either on premises or via Cisco cloud offering Intersight.
Working a lot as I do with Cisco ACI I really liked the look of Cisco’s Network Assurance Engine (code name Candid). Now those of you who have worked with Cisco ACI will know that the alerting may not be as human friendly as it could be. Plus it is not always obvious that your Cisco ACI configuration meets both a best practice as well as your own corporate policies and constraints. Well the Network Assurance Engine does just that, by ensuring your Cisco ACI implementation is adhering to both your Security and Networking compliance.
You define your policies, intent and compliancy requirements in very user friendly rules, the Network Assurance Engine then evaluates your Cisco ACI configuration and identifies any policy violations or configuration issues and reports them back in very easily to interpret smart alerts. The smart alerts then hyperlink you to exactly the configuration or lack of that is violating your defined policy and recommends the remedial action.
Network Assurance Engine can also predict the impact of any changes significantly reducing risk of human error or induced network failures. Gone are the days of “I don’t think this will impact production services”
This was certainly one of the highlights and a great benefit of the Cisco champions program, where the champions, after a briefing about, no cameras, or blogging on the details of what we may see or hear, were given access to the innovation lounge, an area where the actual Cisco engineers were demonstrating the products and concepts currently in development. Walking round I certainly felt like the children exploring Willy Wonkers chocolate room! with pure imagination and innovation at every turn.
For my part having a keen interest in crypto currencies it was great to see what Cisco was doing around blockchain technology. Like Clouds blockchains can be public, private or community. Anyone can create a blockchain, the open source software is freely available. The essence of a blockchain being that there are no servers only clients and that each have a full copy of the database (distributed ledger) and then by the use of cryptography maintain a consensus that the database has not been tampered with or fraudulently altered.
The demo that was being shown was the use of a distributed ledger (blockchain) for asset tracking, in this case 2 Cisco gbics which looked identical were scanned, one of which was immediately validated by a blockchain lookup but the other declared counterfeit. For the valid gbic every stage (transaction) in its life cycle could then be seen from manufacture to delivery and all stages between. Imagine being able to scan a joint of beef in your local supermarket with your mobile phone and see the complete history of that animal from its birth to putting on the shelf in front of you. Just one use for blockchain technology.
One things for sure blockchain brings a level of trust to digital business unheard of til now.
And as you can imagine in a topology where there are no servers and all traffic is peer to peer (east/west) with potentially millions of nodes, this will require a complete rethink on application management, control, orchestration and the need to push security and policy right to the edge of the network.
As a bit of a metal head I grew up listening to bands like Iron Maiden, Metalica and Pantera, so imagine my surprise to hear that the guest keymote speaker was due to be none other than Bruce Dickinson the lead singer with Iron Maiden! Now that was a keynote I was not going to miss. And another awesome benefit was that as a Cisco champion we all had prime reserved ringside seating.
While I had no expectation of what Bruce would be like as a speaker, he was far from the heavy metal stereotype many would expect. A very intelligent, funny and entertaining guy, with some great road stories. He explained that he had always wanted to tour Australia but the logistics of plane hires and getting all the band and kit to the other side of the world was always cost prohibitive. So he decided to train as a pilot, ended up working for commercial airlines for 10 years and then had the idea of renting a jumbo jet in the off season (many jumbos are parked up and stored in off peak seasons) so it was relatively cheap, bundled the whole band, kit and crew in it and flew it himself to Australia, and treated it as their own “flying carpet” The running theme of Bruce’s talk was innovation and entrepreneurialism, as he had developed several business out of renting these “stored aircrafts” he even has a company that manufactures edible drones, that can be flown in to deliver the first aid to a disaster zone even before human aid can get there, all in all a great speaker and I would thoroughly recommend him as a keynote speaker.
Hope to see you all back in Barcelona next year!
There is a saying that “The early bird catches the worm!” but I say “but it’s the 2nd mouse that gets the cheese!” In short apologies for the lateness of this post 🙂
This year was my first year as a VMware vExpert and through that program VMware kindly offered me a “blogger pass” to attend VMworld Barcelona.
Having a great interest in software defined networking in general and VMware NSX in particular I was keen to focus on what VMware are doing in this space along with their general Software-Defined Data Center (SDDC) strategy and offerings. So I have picked a couple of topics that were of particular interest to me.
VMware Cloud Foundation:
We are all familiar with vendors like VCE (now Dell EMC Converged Platforms) who create Vblocks, which are fully qualified Converged Infrastructures, where all components of the system, compute, storage, networking and virtualisation are vigorously tested and version controlled to ensure optimal compatibility and performance. Well VMware have created the VMware Cloud Foundation (VCF) which does the same thing for the whole SDDC whether deploying on a private, public or hybrid cloud.
VCF combines VMware vSphere (Compute), vSAN (Storage) and NSX (Networking and Security) into a tightly integrated stack with automation, upgrades and life cycle management via SDDC Manager.
The benefits and value of adopting a VCF solution include:
You can either buy a fully pre-built SDDC with all the cloud foundation software pre-loaded, currently available on the Dell EMC VxRack platform or you can build your own as long as long as you adhere to the VMware Cloud Foundation compatibility guide. I’m sure you’ll all be glad to hear that Cisco UCS C240 is on there.
Just like a Vblock has it’s Release Certification Matrix (RCM) a VCF SDDC has its VCF matrix which details the hardware and software combinations that have been validated for that particular version. Valid upgrade paths to later versions are also detailed in the release notes of the particular VCF Version.
vRealize Network Insight:
One of the largest customer concerns when looking to migrate from a traditional “black list” network to a software defined “white list” model, is will my application still work in the new environment?
In the traditional black list model all communication is allowed by default unless specifically blocked by a firewall or access control list, whereas in a software defined “white list” model all traffic is denied by default unless specifically permitted. This means that all flows for all applications need to be known and understood, and those flows allowed in the new software defined environment.
There are of course lots of methods and discovery tools out there that assist with application discovery and dependency mapping, but they all differ greatly in usefulness, functionality and cost.
While at VMworld I have been looking into, and having a play with vRealize Network Insight (vRNI) which was a result of the Arkin acquisition June 2016.
Not part of the vRealize suite but rather an add-on service to VMware NSX and licenced according to the number of NSX CPU licences.
vRNI provides both a day 0 assessment in order to do a “underlay readiness and health check to be confident the underlay network is healthy, happy and NSX ready. vRNI can then be used to analyse and report on all the traffic within the network, automatically group workloads into security groups and then create the required NSX distributed firewall rules required between those security groups.
The security advantages of a zero trust/least privilege network are well understood and only allowing the flows you need on a network is certainly the way forward. I am in the process writing a full blog review of vRNI and as such will not elaborate further on it in this post.
It was also great to see VMware recognising and putting on an event for Cisco CCIEs. In a world of ever growing automation and GUI’s it is a common topic on whether you still need to understand all this “networking stuff” that goes on, often “under the covers” in many cases. As someone who has been involved in many software defined / overlay networking issues my answer to that, is absolutely! Having a good strong foundation of network knowledge and troubleshooting skills will only help you when designing and troubleshooting a network of any description.
While there were several great sessions and receptions, I guess the highlight of my VMworld was that a small group of “NSX VIPs” were given the opportunity of an open forum round table with VMware CEO Pat Gelsinger, where we could just ask any questions we liked. I was very impressed with Pats technical knowledge regarding many of the products in the VMware portfolio particularly NSX.
One of the topics of discussion was the evolution of NSX-T, (VMware’s NSX offering for multi-cloud, multi-hypervisor, and container environments) and it’s eventual replacement of NSX-V (The VMware only product)
While this transition will certainly be over some time, the majority of R&D and new features will be targeted at NSX-T.
All in all a great experience at VMworld Europe 2017!