Cloudy with a chance of SDNd2zmdbbm9feqrf.cloudfront.net/2016/usa/pdf/BRKCRT-2603.pdf · Cloudy...

Cloudy with a chance of SDN

Casimer DeCusatis, Ph.D., Assistant Professor, Marist College

@Dr_Casimer [email protected]

BRKCRT-2603

• Introduction to the New York State Cloud Computing & Analytics Center

• SDN for Cloud Exchanges

• Network Security with SDN

• Energy Savings and Automation

• Open Standards and the Internet of Everything

• Conclusions

Agenda

• Introduction to the New York State Cloud Computing & Analytics Center

• SDN for Cloud Exchanges

• Network Security with SDN

• Energy Savings and Automation

• Open Standards and the Internet of Everything

• Conclusions

Agenda

• Cloud, SDN, & You

• Use Case Examples& Cloud Lab Results

• Reality vs Hype

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public

The New York State Cloud Computing & Analytics Center at Marist College, Poughkeepsie, NY

5BRKCRT-2603

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public 6BRKCRT-2603

ADVA FSP 3000

Site A

Site C Site BStorageStorage

IBM V7000 Storage

dual 10G

dual 10G dual 10G

ADVA OF Agent (VM)

IBM, NEC, Plexxi Switch

Cisco Routers

OpenDayLight ControllerFloodlight Controller

ADVA FSP 3000

ADVA FSP 3000

Ciena vWAN, Brocade/Vyatta vSwitch

IBM Controller

dual 10G

PureSystem PureSystem

Power blade

125 km


What is a Cloud?


I see a pony! I see 50% lower operating expense !

8BRKCRT-2603

What is a Cloud?


The IT Industry is at an Inflection Point

VM

O

S

VM

O

S

VM

O

SHypervisor

Applications & Devices are independent Step-by-step, Manual Configuration Static Workloads, Inefficient, Add-ons

Traditional Environment

2000 2014 2024

IT R

esp

on

siv

ene

ss

Software Defined Cloud

VM

O

S

VM

O

S

VM

O

S

VMO

SVMO

SVMO

S

Hypervisor – Workload Aware

Apps Control Infrastructurethru Software Patterns

Centralized, Programmable APIsAutomated Configuration

Dynamic, Workload AwareVirtual Appliances

Efficient, Integrated Security& Analytics

Service Chains & Software Patterns

Drivers

New Workloads (Mobile, Social, Big Data)

Need for Agility & Rapid App Deployment

Cost Effective Scaling & Automation

Traditional environments no longer support emerging business needs


What is the ISSIP ?

• Founded Jul 2012 – “to promote innovation in the global service economy”

• Individual Members: > 600

• Institutional members representing:

• Universities: 150+

• Companies 100+

• Countries: 40+

• 5 Special Interest groups(including SDN)

• Ambassadors to over 30 professional associations


Cisco white paper, “Simplify and Automate for Enhanced Service Agility”11BRKCRT-2603

What is the primary client driver for cloud services ?


•

12BRKCRT-2603

Use network virtualization

?Use storage virtualization

93%

Percent of servers virtualized

60+%

Why are networks still over-provisioned?

Source: 2012 IBM Data Center Study: http://www.ibm.com/data-center/study** J. Manville, “The power of a programmable cloud”, OFC 2012 annual meeting, Anaheim, CA, paper

OM2D.2 (March 18-22, 2013)

But… today:

multi-tier virtual-system connectivity is

measured in days.

John Manville, Cisco IT; The Power of a

Programmable Cloud, OFC 2013

(OM2D.2): “It takes about 5 days from an

end-end point of view to provision

something like that (a multi-tier system).”

Goal is to “get at least to sub-one day.”

Networks are: Statically provisioned, under utilized, & energy inefficient

IntrusionPrevention

Firewall

Web Servers

Application Server

FirewallLoad

Balancer

DatabaseCluster

Today: VM on-boarding is measured in minutes

http://www.ibm.com/data-center/study


Controller

Data Plane

Applications

Vendor-

specific APIs

OpenFlow,

PCEP,

I2RS

Traditional SDN

Vendor

Specific

Controller

Data Plane

Applications

Vendor-

specific APIs

OpenFlow,

PCEP,

I2RS

Control Plane

Hybrid SDN

Applications

Virtual Switch

Overlays

Overlay

Protocols

(e.g. VXLAN)

Vendor-

specific APIs

Overlays Networks

Control Plane

Data Plane

Overlays

Vendor-

specific APIs

Applications

Programmable APIs

Control Plane

Data Plane

Vendor

SpecificVendor

Specific

13BRKCRT-2603

More “Complete” View of SDN


Cisco Open SDN Controller


Potential Benefits of SDN

Uniform management visibilityMultiple administrative domains, multiple technologies, multiple implementations per technology

Flow optimizationAt Hyperscale

Elasticity & Service AgilityChanging, unpredictable demands created by new ways of consuming(cloud)

Under-utilization

Impacts entire service lifecycle

Tenant 1 cloud

Network Hypervisor

Tenant 2 cloud

Site A

Site B

Storage

Firewall

Web Serve

r

Database

Application

Server

IntrusionPrevention

Hoursto Days

Minutes

De-couple virtual & physical network

Program & Automate multi-tier patterns(avoids human error)

Provide global network visibility with “real-time” control (Lower CapEx)

Current networks are: Statically provisioned, under utilized, & manual intensive

Brownfield & Greenfield deployments

SDN and Cloud Exchanges


Cisco white paper, “Simplify and Automate for Enhanced Service Agility”17BRKCRT-2603

An Unsustainable Operations Model


Carrier & Cloud Exchange Use Cases with SDN


Virtual

Tape/Disk/Server

Cloud

Customer 1

Remote Desktop

Customer #2

Customer #3

19BRKCRT-2603

An Early Cloud Exchange

The High Cost of Overprovisioning

During the storage or virtual machine migration at the beginning of a cloudburst into the provider cloud, bandwidth of 1 to 10 gigabits per second will generally be required. However, for the remainder of that IaaS instance life-cycle, much lower bandwidth, rarely exceeding 200 megabits per second, is required.

FSP 3000


Cloud Storage Use Case: Never Enough Static Bandwidth

From Internet2 Global Community Showcase 2015 Data used with permission from IBM


WDM Node A

WDM Node CWDM Node B

Switch

1GbE

SDN Controller and Network

Hypervisor

With cloud orchestrator API

Switch

Switch


• Details of the migration methods

used in some commercial

products are not readily

available

• Typical values:

– Minimum 1028 MB per VM

– 4 KB per memory page

– Sustainable 1 Gbps

• Migration algorithms can be

highly nonlinear; application

awareness is key

22BRKCRT-2603

Predictive Analytics Driving SDN

Page Dirty Rate (pages/second)

VM

mig

ration

tim

e (

secon

ds)


Service Provider Business Transformation

AutomatedManagementOrchestrationPolicy

Applications

Physical & Virtual Infrastructure

Evolved Services Platform (ESP)

Service Broker

Catalog of Physical& Virtual Functions

ServiceProfiles

Evolved Programmable Network (EPN)

VNFs with network compute, storage

Orchestration Engine

Mobility Enterprise Consumer Video


Service Provider Business Transformation

AutomatedManagementOrchestrationPolicy

Applications

Physical & Virtual Infrastructure

Evolved Services Platform (ESP)

Service Broker

Catalog of Physical& Virtual Functions

ServiceProfiles

Evolved Programmable Network (EPN)

VNFs with network compute, storage

Orchestration Engine

Mobility Enterprise Consumer Video

APIC, VTSAPIC-EM ML-SDN, WAE,EPNM

Network Service Orchestrator





Telefonica – A Multi-Layer, Multi-Domain SDN Network Control Architecture

Optimization Visibility

Multi-Layer App Platform (MAP)

Orchestrator

ML Controller ControllerController

HuaweiCienaInfineraCisco

Spain

What-If analysis

USAChina

Multi-layer, multi-domain SDN with TelefonicaJuan Pedro Fernandez-Palacios, OFC 2015

SDN and OpenStack Congress


What is Congress ?

OpenStack “Policy as a Service”

Integrates data frommultiple sources within the data center

Organizes data into tables& makes REST APIs available


Traditional Approach

33BRKCRT-2603

Evolving How We Interact With Network Devices

CLI

AAA

SNMP

HTML

XML

Syslog

Span

Netflow

CDP

Routing Protocols

Monitoring

Routing

QoS

Discovery

Security

Interfaces

Control

New Paradigm

App

C

Java

Python

Anyth

ing y

ou c

an thin

k o

f

Rich Actions, Rich Events,

Rich Environment

SDN and Cyber-Security


Security Skills are in High Demand

“Federal agencies to hire more

cyber defenders in 2014”

“"Security is the only area of certified IT

skills that has never had a negative

quarter throughout this recession"

Banks want to get into the cloud!

IT costs as % of revenue (7.3%)

are about twice the average

across other industries (3.7%).


Trusted Intranet

Online

Banking

Application

Employee

Application

DMZ Untrusted Internet

36BRKCRT-2603

Traditional perimeter-based security control…


Online

Banking

Application

Investment

API Services

Employee

Application

Build and Deliver Apps, Services (PaaS)

Consume Apps and Services (SaaS)

Leverage Public Clouds (IaaS)

Trusted Intranet DMZ Untrusted Internet

Apps, APIs

Services

37BRKCRT-2603

… are changing to security centered around applications and data


A Challenge: Efficient Firewall Structure

• OS or HW to hypervisor

• Very resource efficient

• VMs are not protected

Source: X.J. He, et al.; Improving cloud network security using the Tree-Rule firewall; Future Generation Computer Systems Vol. 30, pp. 116 (2014).

Today’s reality:

Move to VMs

Resource wasting

Hard to configure

Merge firewall with virtual

switch

Leverages resource and

configuration requirements

Given a virtual switch integrated in the hypervisor, where to place the firewall(s)?


Comparing Virtual and Physical Firewalls

ASA – Cisco; CP – Check Point; FG – FortiGate Source: Miercom Lab Testing Summary Report SR120514 (2012)

UDP IMIX default profile

traffic contribution

4-Point IMIX profile traffic

contribution


Security Intelligence

Real-time Processing

• Real-time data correlation

• Anomaly detection

• Event and flow normalization

• Security context & enrichment

• Distributed architecture

Security Operations

• Pre-defined rules and reports

• Offense scoring & prioritization

• Activity and event graphing

• Compliance reporting

• Workflow management

Big Data Warehouse

• Long-term, multi storage

• Unstructured and structured

• Distributed infrastructure

• Preservation of raw data

• Hadoop-based backend

Big Data

Analytics and Forensics

• Advanced visuals and interaction

• Predictive & decision modeling

• Ad hoc queries

• Spreadsheet UI for analysts

• Collaborative sharing tools

• Pluggable UI

Security

Intelligence

with

Big Data

Creative,

exploratory,

intuitive

Structured,

analytical,

repeatable

41BRKCRT-2603

Security Intelligence and Big Data


Cisco Science DMZ Architecture

Secure Science DMZ using event-driven SDN, Tae Hwang, Technical Solutions Architect, Cisco


NSF “SecureCloud” Project

• Campus Cyberinfrastructure Data Networking Integration (2 years, $690 K)

• Casimer DeCusatis (PI), 4 students, other faculty/CIO co-PI

• Industry partners including IBM, Brocade, Ciena, BlackRidge, Cisco

• Autonomic security for cloud computing environments

• Develop & deploy novel end-to-end security policy for each application

• Dynamically monitor the network both within and between data centers (up to 100 km) and change security configuration in response to attacks

• Develop & test new code, eventually deploy into production at Marist

• Goals

• Sense & response for denial of service attacks, IP spoofing, botnets, and malware

• Segregate traffic based on properties for improved visibility & quarantine threats

• Security analytics on big data sets collected from honeypots & cloaking key infrastructure

43BRKCRT-2603


Extending Identity-Based Security to Cloud Environments

• Networks do not allow for user or device identity to be determined before establishing network connections

• BlackRidge Transport Access Control (TAC) authenticates identity and enforces security policy on the first packet, before a network session is established

Before caller-ID, you

needed to answer to

determine identity.

Caller-ID for the Internet

After caller-ID, you only

answer authenticated and

authorized callers.

First Packet

Authentication™

First Packet

Authentication stops

unauthorized access at

the earliest possible

time.

Current security

products start after

network sessions are

established.

time

Data

Packet Flows

Session

Setup


Syslog for Real-time Alert and/or Audit

Trail

45BRKCRT-2603

Insider and 3rd Party Protection with Attribution

• Control insider and third party vendor access to servers and networks • Leverage your SIEM to produce real-time Alerts with user identity attribution for

both authorized and unauthorized actions • Example configuration and workflow:

• Protected resources are Accounting (192.168.7.75) and HR (192.168.7.76• Authorized user “Johnson” on 192.168.7.10 only has access to Accounting

Corporate

Network 3rd Party Authorized

Accounting (192.168.7.75)

3rd Party Unauthorized

HR (192.168.7.76)

1) Insert Identity 2) Apply Policy

3rd Party User

192.168.7.10

SIEM / Analytics

System4) Generate Alert!

3) Send syslogs


Cloaked and Protected:You Can’t Attack What You Can’t See

Without BlackRidgeServers Being Scanned

BlackRidge Enforce ModeServers Not Found

Cloaked,

Protected

, and

Isolated!

12 Open

Ports

Found

No Open

Ports

Found


WDM Node A

WDM Node CWDM Node B

SDN Controller and

Network Hypervisor


Brocade/Vyatta

5600

V-Router/Firewall

Ciena Metro

Ethernet

Ciena

Blue Planet

Marist API code

Marist LongTail &

Honeypot (SSH, SDN)

SDN Controller and Network

Hypervisor


ICO with Application

Security Policy

Brocade/Vyatta

5600

V-Router/Firewall

Marist Remote

Management App

NetConf

Local Probes Remote Probes

47BRKCRT-2603

NSF SecureCloud


LongTail Security Analytics & Honeypots• http://longtail.it.marist.edu/honey/

• IEEE TryCybSi Project, LongTail Honeypot http://try.cybersecurity.ieee.org/trycybsi/explore/honeypot

● We have deployed 21

SSH honeypots across the

Hudson Valley

● Collected and analyzed

over 41 million data points

over a 12 month period,

and identified over 100

unique attack patterns

http://longtail.it.marist.edu/honey/

http://try.cybersecurity.ieee.org/trycybsi/explore/honeypot

SDN for Energy Saving


Can SDN Really Save Energy ?

• Data centers account for an estimated 1.2% of total electricity consumption in the United States; Internet transmission/switching adds an additional 0.4% *

• Cloud Computing offers potential energy savings for compute and storage

• CSP can employ more modern, energy efficient servers and storage

• Lower energy consumption in heating/cooling may be achieved through economics of scale for warehouse-scale cloud data centers

• Technologies such as virtualization and sleep scheduling in cloud data centers can further improve energy efficiency

• Offsetting this, cloud computing increases network traffic, number of switches/routers, and overall network energy consumption; static over-provisioning wastes energy

50BRKCRT-2603

*J. Baliga, R. Ayre, K. Hinton, & R. Tucker, “Green cloud computing: balancing energy in processing, storage, and transport”, Proc. IEEE vol 99 no 1 p. 149-167 Jan 2011


Ways to improve energy savings in the network

• Virtual Slicing

• Share CSP network among multiple tenants for better utilization• Avoid over-provisioning without sacrificing performance and throughput

Demonstrate re-provisioning in minutes vs days or weeks

• Use fewer resources to accomplish the same tasks

• Enable each tenant to optimize their own slice of the network• Further reduce over-provisioning on a per-tenant basis

• Long term, enable cloud exchanges with associated cost reductions in energy and carbon footprint

• Automated dynamic re-provisioning eliminates the need for dispatching service trucks on 100 km scale networks (reduces greenhouse gas generation and carbon footprint while saving energy)

51BRKCRT-2603


Cloud Bursting Model

• Energy required to transport one bit from data center to user *Ec = 5 x 1.5 x 2 x { (number TORs)(PTOR/CTOR) + (number of WDM nodes)(PWDM/CWDM) }

Redundancy (factor of 2))

Cooling/overheads (factor 1.5)

Network operating at 20 % utilization while consuming almost 100% of maximum power

• PTOR/CTOR = Power consumed by TOR switches / capacity of TOR (bits/second)

• PWDM/CWDM = Power consumed by WDM / Capacity of WDM (bits/second)

Power consumed by WDM = Power chassis/management cards + (number of client cards x power client card)+ (number of wavelength cards x power wavelength card)

* methodology after J. Baliga, R. Ayre, K. Hinton, and R. Tucker, “Green cloud computing: balancing energy in processing, storage, and transport”, Proc. IEEE vol 99 no 1 p. 149-167 (January 2011)


0

2

4

6

8

10

12

14

16

0.01 0.02 0.04 0.06 0.08 0.1

Power Consumption vs Downloads/File/Hour

Series1 Series2Downloads per file per hour

Po

we

r C

on

su

mptio

n (

Wa

tts)

53BRKCRT-2603

Assuming 10 GB file, storage device specifications per the following reference:

J. Baliga, R. Ayre, K. Hinton, and R. Tucker, “Green cloud computing: balancing

energy in processing, storage, and transport”, Proc. IEEE vol 99 no 1 p. 149-167 (January 2011)

Conservatively, Up to 25%PowerSavings

SDN for IoT



HiPerCube – Cisco UCS High Performance Cloud

• Large memory footprints & I/O Read/WriteMassive batch workloads, long runtimes, bare metal performance on a non-hypervisor based virtualized cloud architecture

• 40 Gbps SDN integrated (Nexus 9396PX, 6332UP); project isolated VX-LANs & VNICs

• Scales to 25,000 VMs (project owned computational objects); Docker Linux containers or KVM

• Secure, auditable INTER-organization IP sharing

• Smart Virtual Client (Chromium appliance) with 2 factor authentication, encrypted web services


2003 2007 2010 2013 2015 2020

500M

Connected Devices

10B

25B

50Billion$20 Trillion Market

550K1M

1.5M

2M

Certifications

5B

~5M

~10M

57BRKCRT-2603

SDN/IoT Challenge: The Growing Services Gap

Automation

Innovation

Education

A. Corno, “Evolution of the network engineer job role”, Proc. SDN Workshop, 2014 Annual Meeting of the

Association of Technology Management and Applied Engineering (ATMAE), St. Louis, MO (November 20-

22, 2014) https://atmae.site-ym.com/?page=AnnualConference

https://atmae.site-ym.com/?page=AnnualConference


Networking will be the cost limiting factor in IoT

• Consider several IoT applications:

• Energy Utility Companies Process: 1.1 BILLION Data Points (0.5 TB) per Day

• A Large Offshore Field Produces: 0.75 TB of Data Weekly

• An Airplane: 10 TB of Data for Every 30 Minutes of Flight

• The deluge of data & need for distributed processing stress capacity & drive requirements for a 3 tier network architecture with SDN

• including edge computing and Cisco Data in Motion for data manageable at scale.

• https://developer.cisco.com/site/data-in-motion/discover/overview/

https://developer.cisco.com/site/data-in-motion/discover/overview/


IoT Inverts Existing Traffic Trends

• Possible benefits:

• VPN Exhaustion• Fleets of machine-to-machine devices

using SIM cards for voice communication on a mobile network. Without SIMs, the size of the device fleet is limited by the number of VPNs a given switch can support. SDN flow control avoids this & potentially means you don’t need to buy more switches

• Telecom networks connect IoT devices to the cloud. • Traditional views of carrier-grade

infrastructure are under pressure.

• Replace single, monolithic service delivery elements with SDN & NFV, maintain SLAs

Number of devices

Tra

ffic

vo

lum

e

conventional

IoT

What happens to securitywhen everything’s connected?


IoT security when everything’s connected


Segmentation and Security

Desired View of Network Resources Actual View of Network Resources


Where is IoT Headed?

• Much more than thermostats, refrigeratorsand light switches…

• A world of disposable endpoints

• Very inexpensive

• Will not run Windows Mobile, iOS, or Android

• Most data we create now isn’t being used (network ACKs, Siri voice clips, …)

• Imagine tens of billions short-lived network endpoints – all look the same (HTTP:80/HTTP:443)

http://searchsdn.techtarget.com/opinion/Dark-alleys-ahead-when-SDN-automation-meets-Internet-of-Things (Patrick Hubbard)

62BRKCRT-2603

http://searchsdn.techtarget.com/opinion/Dark-alleys-ahead-when-SDN-automation-meets-Internet-of-Things

Conclusions sdn.marist.edu


Key Takeaways for SDN and Cloud

• Cloud Exchanges – Cisco ESP/EPN

• Agility and time to value are the main reasons client are using SDN with Cloud

• Network is a high percentage of total cost, SDN benefits cloud burst workloads

• Energy Efficiency

• SDN reduces overprovisioning, eliminates truck rolls

• Can save up to 25% off total energy costs

• Security

• Cloud is the new network perimeter; SDN, NFV enable Cisco firewalls

• Disposable network endpoints are a major security risk, maybe SDN can help

• Internet of Everything

• Drives 3 tier networks, flips traffic profiles opposite of conventional networks

• Significant shortages in security & network admins with SDN skills

64BRKCRT-2603



Author’s opinion…your mileage may vary…

Congress

• C. DeCusatis, R. Cannistra, B. Carle, M. Johnson, J. Kapadia, Z. Meath, M. Miller, D. Young, T. Bundy , G. Zussman, K. Bergman, A. Carranza, C. Sher-DeCusatis, A. Pletch, R. Ransom, “Dynamic orchestration test bed for SDN and NFV at the New York State Center for Cloud Computing & Analytics”, OFC 2014 annual meeting, San Francisco, CA (accepted & to be published, March 2014)

• C. DeCusatis et.al., “Developing a software defined networking curriculum through industry partnership”, Proc. ASEE Annual Meeting, Hartford, CT (April 3-5, 2014) ** named among top 10 conference papers ** http://asee-ne.org/proceedings/2014/index.htm

• Internet2 Global Summit, April 6-10, 2014, Denver, Colorado http://meetings.internet2.edu/2014-global-summit/detail/10003109/

• C. DeCusatis, “SDN, NFV, and the cloud disruption: the next generation open data center interoperable network (ODIN)”, BrightTalk webinar, April 17, 2014 https://www.brighttalk.com/search?q=DeCusatis

• C. DeCusatis and L. Miano, “Cloud computing and software defined environments”, Pace University college of computer science and engineering seminar series, April 30, 2014

• C. DeCusatis and R. Cannistra, “Dynamic management and provisioning of software defined cloud data centers”, Proc. NSF Enterprise Computing Conference (ECC), paper SC3101, June 8-10, Marist College, Poughkeepsie, NY (2014)

• C. DeCusatis and A. Carranza, “Hybrid implementation of the flipped classroom approach to cybersecurity education”, National Cybersecurity Institute Journal vol 2 no 3 pp. 45-55 (January 2016)

• C. DeCusatis, Aparicio Carranza, Alassane Ngaide, Sundas Zafar, and Nestor Landaez, “An open digital forensics model based on CAINE”, Proc. 15th IEEE International Conference on computer and information technology (CIT 2015), October 26-28, Liverpool, U.K.

• C. DeCusatis and I Papapanagiotou, “Service Industry Applications of Software Defined Radio Access Networks”, Proc. 15 th International conference on algorithms and architectures for parallel Processing (ICA3PP), Zhangjiajie, China, November 18-20, 2015

• C. DeCusatis, “Reference Architecture for Multi-Layer Software Defined Optical Data Center Networks” Electronics 2015, (special issue on SDN) 4(3), 633-650 (September 2015)

• C. DeCusatis, “Value and cost of multi-layer SDN”, Proc. OFC Service Provider Summit, Los Angeles, CA (March 22-26, 2015)

• R. Cannistra, C. DeCusatis, “ NFV Integration and Orchestration for Resource Automation within Hybrid Cloud Environments”, Proc. NFV World Congress, San Francisco, CA (May 2015)

Recent Research Publications

http://asee-ne.org/proceedings/2014/index.htm

http://meetings.internet2.edu/2014-global-summit/detail/10003109/

https://www.brighttalk.com/search?q=DeCusatis


Complete Your Online Session Evaluation

Don’t forget: Cisco Live sessions will be available for viewing on-demand after the event at CiscoLive.com/Online

• Give us your feedback to be entered into a Daily Survey Drawing. A daily winner will receive a $750 Amazon gift card.

• Complete your session surveys through the Cisco Live mobile app or from the Session Catalog on CiscoLive.com/us.

68BRKCRT-2603

CiscoLive.com/Online

http://ciscolive.com/Online

http://ciscolive.com/Online

http://ciscolive.com/us

http://ciscolive.com/us


Continue Your Education

• Demos in the Cisco campus

• Walk-in Self-Paced Labs

• Lunch & Learn

• Meet the Engineer 1:1 meetings

• Related sessions

69BRKCRT-2603

Follow @Dr_Casimer or http://www.ofcconference.org/en-us/home/about/ofc-blog/

Thank You !


Security Cisco Education OfferingsCourse Description Cisco Certification

CCIE Security Expert Level certification in Security, for comprehensive understanding of security

architectures, technologies, controls, systems, and risks.

CCIE® Security

Implementing Cisco Edge Network Security Solutions

(SENSS)

Implementing Cisco Threat Control Solutions (SITCS)

Implementing Cisco Secure Access Solutions (SISAS)

Implementing Cisco Secure Mobility Solutions

(SIMOS)

Configure Cisco perimeter edge security solutions utilizing Cisco Switches, Cisco

Routers, and Cisco Adaptive Security Appliance (ASA) Firewalls

Deploy Cisco’s Next Generation Firewall (NGFW) as well as Web Security, Email

Security and Cloud Web Security

Deploy Cisco’s Identity Services Engine and 802.1X secure network access

Protect data traversing a public or shared infrastructure such as the Internet by

implementing and maintaining Cisco VPN solutions

CCNP® Security

Implementing Cisco Network Security (IINS 3.0) Focuses on the design, implementation, and monitoring of a comprehensive

security policy, using Cisco IOS security features

CCNA® Security

Securing Cisco Networks with Threat Detection and

Analysis (SCYBER)

Designed for security analysts who work in a Security Operations Center, the

course covers essential areas of security operations competency, including event

monitoring, security event/alarm/traffic analysis (detection), and incident response

Cisco Cybersecurity Specialist

Network Security Product Training For official product training on Cisco’s latest security products, including Adaptive

Security Appliances, NGIPS, Advanced Malware Protection, Identity Services

Engine, Email and Web Security Appliances.

For more details, please visit: www.cisco.com/go/securitytraining or http://learningnetwork.cisco.com

Questions? Visit the Learning@Cisco Booth or contact [email protected]

BRKCRT-2603 72

http://www.cisco.com/go/securitytraining

http://learningnetwork.cisco.com/

mailto:[email protected]


Data Center / Virtualization Cisco Education OfferingsCourse Description Cisco Certification

Introducing Cisco Data Center Networking (DCICN);

Introducing Cisco Data Center Technologies (DCICT)

Learn basic data center technologies and skills to build a

data center infrastructure.

CCNA® Data Center

Implementing Cisco Data Center Unified Fabric (DCUFI);

Implementing Cisco Data Center Unified Computing (DCUCI)

Designing Cisco Data Center Unified Computing (DCUDC)

Designing Cisco Data Center Unified Fabric (DCUFD)

Troubleshooting Cisco Data Center Unified Computing

(DCUCT)

Troubleshooting Cisco Data Center Unified Fabric (DCUFT)

Obtain professional level skills to design, configure,

implement, troubleshoot data center network infrastructure.

CCNP® Data Center

Product Training Portfolio: DCNMM, DCAC9K, DCINX9K,

DCMDS, DCUCS, DCNX1K, DCNX5K, DCNX7K

Gain hands-on skills using Cisco solutions to configure,

deploy, manage and troubleshoot unified computing, policy-

driven and virtualized data center network infrastructure.

Designing the FlexPod® Solution (FPDESIGN);

Implementing and Administering the FlexPod® Solution

(FPIMPADM)

Learn how to design, implement and administer FlexPod

solutions

Cisco and NetApp Certified

FlexPod® Specialist

For more details, please visit: http://learningnetwork.cisco.com


BRKCRT-2603 73




Network Programmability Cisco Education OfferingsCourse Description Cisco Certification

Integrating Business Applications with Network

Programmability (NIPBA);

Integrating Business Applications with Network

Programmability for Cisco ACI (NPIBAACI)

Learn networking concepts, and how to deploy and troubleshoot

programmable network architectures with these self-paced courses.

Cisco Business Application

Engineer Specialist Certification

Developing with Cisco Network Programmability

(NPDEV);

Developing with Cisco Network Programmability

for Cisco ACI (NPDEVACI)

Learn how to build applications for network environments and effectively

bridge the gap between IT professionals and software developers.

Cisco Network Programmability

Developer Specialist Certification

Designing with Cisco Network Programmability

(NPDES);

Designing with Cisco Network Programmability

for Cisco ACI (NPDESACI)

Learn how to expand your skill set from traditional IT infrastructure to

application integration through programmability.


Design Specialist Certification

Implementing Cisco Network Programmability

(NPENG);

Implementing Cisco Network Programmability

for Cisco ACI (NPENGACI)

Learn how to implement and troubleshoot open IT infrastructure

technologies.


Engineer Specialist Certification



BRKCRT-2603 74




Cloud Cisco Education OfferingsCourse Description Cisco Certification

Understanding Cloud Fundamentals

(CLDFND)

Learn how to perform foundational tasks related to Cloud computing, and the essentials

of Cloud infrastructureCCNA Cloud

Introducing Cloud Administration

(CLDADM)

Learn the essentials of Cloud administration and operations, including how to provision,

manage, monitor, report and remediate.

Implementing and Troubleshooting the

Cisco Cloud Infrastructure (CLDINF)

Learn how to implement and troubleshoot Cisco Cloud infrastructure: compute,

network, storage.

CCNP Cloud

Designing the Cisco Cloud (CLDDES)*Learn how to design private and hybrid Clouds including infrastructure, automation,

security and virtual network services

Automating the Cisco Enterprise Cloud

(CLDAUT)*

Learn how to automate Cloud deployments – provisioning IaaS (private, private with

network automation and hybrid) and applications, life cycle management

Building the Cisco Cloud with Application

Centric Infrastructure (CLDACI)*

Learn how to build Cloud infrastructures based on Cisco Application Centric

Infrastructure, including design, implementation and automation

UCS Director Foundation (UCSDF)Learn how to manage physical and virtual infrastructure using orchestration and

automation functions of UCS Director.

* Available Q2CY2016



BRKCRT-2603 75



Date post:	16-May-2018
Category:	Documents
Upload:	dinhthu
View:	224 times
Download:	3 times

Cloudy with a chance of SDNd2zmdbbm9feqrf.cloudfront.net/2016/usa/pdf/BRKCRT-2603.pdf · Cloudy...

Documents