Søren Dulong Andreasen Technical Solution Architect CCIE#3252 [email protected] Cisco Denmark May 2016
Virtual Update 18/5-2016
Prime Infrastructure 3.1
2 © 2014 Cisco and/or its affiliates. All rights reserved.
Prime Infrastructure 3.1
AP Health Index
Wireless Switching Routing Platform
Network Health Dashboard
Geo Maps Views
IWAN 2.1 provisioning
*Configuration Compliance –
Wireless extension
Monitoring – BGP
Enhanced SWIM Workflows
Rogue Management –
Enhanced AutoSPT
Trustsec Assessment
AP PnP and Bulk Migration
Instant Access deployment Workflows
Router Health Index Switch Health Index
Client Troubleshooting –
Syslog Viewer
Simplified PnP Workflows
PfR Monitoring – Phase 2
3 © 2014 Cisco and/or its affiliates. All rights reserved.
Do I need APIC-EM, Prime, or Both for PnP?
PnP App
Use PnP App when: • Simple config / little change among devices • Have another a custom tool that generates configs (e.g. SPs) • Want to build an orchestration - APIC-EM will be integrated with other systems
PnP Service
Use Prime when: • There are multiple variables per device • Device will need to be managed for day2 • Need to have a variety of templates that create a standard way of deploying profiles • Want to deploy solution level: IWAN, TrustSec, Converged Access
Cisco Prime Infrastructure
APIs
4 © 2014 Cisco and/or its affiliates. All rights reserved.
PI 3.1 Simplifies Onboarding Devices using the New and Improved Plug-n-Play Workflow
4
ü Easy to understand Plug-n-Play lifecycle
ü Smoothly transition between various stages of the PnP lifecycle
ü Easy to find Profile statistics right on the dashboard
ü Quick Access to PnP Jobs from the dashboard
5 © 2014 Cisco and/or its affiliates. All rights reserved.
Deployment Status
5
Know the status of the device deployment
6 © 2014 Cisco and/or its affiliates. All rights reserved.
Reminder on network discovery
§ Discover Wired/Wireless/DC in a single scoop
§ Allows multiple protocols § Advance filtering capabilities § Multiple credential definitions § Preferred management IP choices
Ø sysName, Ø ReverseDNS Ø Loopback
§ Automatic post-discovery processing out-of-the-box.
§ Auto assignment to device/location groups based on rules
7 © 2014 Cisco and/or its affiliates. All rights reserved.
Enhanced Location Based Grouping
7
8 © 2014 Cisco and/or its affiliates. All rights reserved.
Supports for Maintenance States
8
9 © 2014 Cisco and/or its affiliates. All rights reserved.
PI 3.1 Simplifies Deploying Instant Access in Greenfield and/or Brownfield Environment Parent Switch Automation : o Single and Clustered* Chassis mode o Standalone to VSS Conversion o Layer 3 Modules to Fabric Mode o Integrated VSS best practices
FEX Switch Automation : o Complete FEX Plug-n-Play solution o Standalone and Stack* system mode o Auto conversion & Pre-Provisioning o EtherChannel, FEX ID, Fabric QoS
FEX Port Automation : o ZTD solution for 2000 FEX Ports o Policy based on Device classification & provisioning o Simplified FEX Port configuration o VLAN Mgmt, Interface Mgmt, AutoQoS
Standalone
VSS Parent
Convert Preset
HR Finance R&D
Endpoint WorkGroup
FEX
Prime Infrastructure
Platforms IOS Software CPI Software Catalyst 6500E and 6807-XL – Sup2T 15.2(1)SY PI 3.1 – Q1CY16 Catalyst 6880X and 6840 15.2(2)SY PI 3.1 – Q1CY16 Catalyst 3560CX-8-PD and 3560CX-12-PD 15.2.X PI 3.1 – Q1CY16 VSS Cluster (2 Chassis) Mode * 15.2(1)SY PI 3.1 + TP – Q3CY16 Catalyst 6800ia * 15.2(1)SY PI 3.1 + TP – Q3CY16
10 © 2014 Cisco and/or its affiliates. All rights reserved.
ü New and simplified User Interface ü 15+ new Converged Access feature support
ü Increased scalability
ü Smarter with several built-in error-detection
Converged Access Workflow 2.0 – New Features
Platforms Software Catalyst 3650 / 3860 / CT5760 3.6.0 Catalyst 4500E – Sup8E 3.7.0
Next Gen OS (16.x) is also being certified for
Small and Large Deployments.
11 © 2014 Cisco and/or its affiliates. All rights reserved.
Snort IPS A lightweight Threat Defense solution for the Branch
Help meet PCI compliance mandate at the Branch Office
Threat protection built into ISR 4000 branch routers
Complement ISR 4000 Integrated Security
Lightweight Threat Defense with low TCO and automated signature updates
Cisco ISR 4000
Snort IPS
Snort is an open source intrusion prevention system capable of real-time traffic analysis and packet logging
Prime
Infrastructure
Provisioning: - Ready to use templates Monitoring: - Via Syslog viewer
12 © 2014 Cisco and/or its affiliates. All rights reserved.
Out of the box templates for Snort/IPS
13 © 2014 Cisco and/or its affiliates. All rights reserved.
• Lowers long maintenance window periods, traditionally needed for global software upgrade on Cisco devices
• Distributed Architecture for enhanced scalability and speed § Dedicated External file server per site(s) to enhanced
performance § Support for secure protocols out of the box – SCP, SFTP
• Independent flows for Addition, Distribution, Activation, and Commit to meet operational needs for Cisco devices
• Works on all of the operating systems for Cisco devices (AireOS, IOS, IOS-XE, IOS-XR, NX-OS, StarOS)
PI 3.1 Simplifies and Optimizes Software Image Management for Cisco devices
14 © 2014 Cisco and/or its affiliates. All rights reserved.
PI 3.1 Introduces Easy to Use Workflow for Software Image Management
15 © 2014 Cisco and/or its affiliates. All rights reserved.
Network Health
16 © 2014 Cisco and/or its affiliates. All rights reserved.
Site Health View for Network devices
16
17 © 2014 Cisco and/or its affiliates. All rights reserved.
Network Health Index
17
18 © 2014 Cisco and/or its affiliates. All rights reserved.
AP Health Index Router/Switch Health Index
• Channel Utilization
• Noise
• Interference
• Interface Utilization
• Client Count
• Availability
• CPU
• Memory
• Temperature
• Interface Availability
• Interface Utilization
18
19 © 2014 Cisco and/or its affiliates. All rights reserved.
Site Health Monitoring – Router Health
20 © 2014 Cisco and/or its affiliates. All rights reserved.
Switch Health
21 © 2014 Cisco and/or its affiliates. All rights reserved.
Access Point Health
22 © 2014 Cisco and/or its affiliates. All rights reserved.
Service Health
Quickly Switch between
Applications
23 © 2014 Cisco and/or its affiliates. All rights reserved.
CONFIGURATION • Plug and Play and PKI Certificate automation via APIC-EM • Bulk (csv file) import for PnP • Workflow for IWAN Configuration for Hub/Spoke routers
• Green-field and brown field deployments • Customize IWAN technology enablement
• AVC Work Center • Network assessment • NBAR Protocol Pack Management • Multi-device AVC configuration • Create and Manage custom application
• QoS Management • Best practices based design • Create/Modify/Delete • NBAR and DSCP based configuration support
• BGP templates for the transport overlay • Multi-datacenter with transit MC • Support APIC-EM GA release
MONITORING / TROUBLESHOOTING • Network performance (CPU/Memory/Interface) • Network Application Health Dashboard • Application visibility – NBAR, ART, Perfmon • WAAS Performance Monitoring with NAM • QoS performance and trending • Perfmon based troubleshooting • PfRv3 monitoring • IWAN App auto onboard sites in prime after provisioning and starts monitoring • Greatly improved PfR monitoring with per link application visibility and SP stats • Routing monitoring for BGP/EIGRP • Revoke PKI Certificate button (makes call to APIC-EM PKI service) • APIC-EM IWAN App can display monitoring/troubleshooting for PfR, QoS, AVC from prime
IWAN Management Highlights new in PI 3.1 new in PI 3.0
24 © 2014 Cisco and/or its affiliates. All rights reserved.
CONFIGURATION • Plug and Play and PKI Certificate automation via APIC-EM • Bulk (csv file) import for PnP • Workflow for IWAN Configuration for Hub/Spoke routers
• Green-field and brown field deployments • Customize IWAN technology enablement
• AVC Work Center • Network assessment • NBAR Protocol Pack Management • Multi-device AVC configuration • Create and Manage custom application
• QoS Management • Best practices based design • Create/Modify/Delete • NBAR and DSCP based configuration support
• BGP templates for the transport overlay • Multi-datacenter with transit MC • Support APIC-EM GA release
MONITORING / TROUBLESHOOTING • Network performance (CPU/Memory/Interface) • Network Application Health Dashboard • Application visibility – NBAR, ART, Perfmon • WAAS Performance Monitoring with NAM • QoS performance and trending • Perfmon based troubleshooting • PfRv3 monitoring • IWAN App auto onboard sites in prime after provisioning and starts monitoring • Greatly improved PfR monitoring with per link application visibility and SP stats • Routing monitoring for BGP/EIGRP • Revoke PKI Certificate button (makes call to APIC-EM PKI service) • APIC-EM IWAN App can display monitoring/troubleshooting for PfR, QoS, AVC from prime
IWAN Management Highlights new in PI 3.1 new in PI 3.0
25 © 2014 Cisco and/or its affiliates. All rights reserved.
DataCenter Features
26 © 2014 Cisco and/or its affiliates. All rights reserved.
Datacenter Topology
26
27 © 2014 Cisco and/or its affiliates. All rights reserved.
VPC View
27
28 © 2014 Cisco and/or its affiliates. All rights reserved.
Troubleshoot vPC Inconsistency
28
29 © 2014 Cisco and/or its affiliates. All rights reserved.
Real-time Syslog Viewer
29
30 © 2014 Cisco and/or its affiliates. All rights reserved.
Reports are exported via CSV or PDF
31 © 2014 Cisco and/or its affiliates. All rights reserved.
• Flexibility to choose events to be alarmed • Allows filtering alarms on
• Device Groups / Location Groups • Port Groups
• Suppress alarms, out of the box, for Access Switch Ports
• Advance suppression for wireless alarms based on • Percentage down on Location Group / Floors
Simplify Alarm Noise Reduction
• Raise critical alarms that needs action
• Reduce time to clean up alarms
32 © 2014 Cisco and/or its affiliates. All rights reserved.
Device 360 – Updated Actionable Items
32
Routing Table at
your mouse clicks !
33 © 2014 Cisco and/or its affiliates. All rights reserved.
PI 3.1 Simplifies Search for Keywords within Configuration Archives and take action on them