Prime Infrastructure Deep Dive

Mark Basinski

Product Manager, Enterprise Infrastructure & Solutions

BRKNMS-2848

• Introduction

• Visualize Problems with Network Topology

• Prevent Problems with Configuration Baseline Compliance

• Summary / Q & A

Agenda

Introduction

Step 1: Download the Mobile App

Get all the information you need at

your fingertips!

Participate in session polling and Q&A

Step 2: Access the session

Log into the app using your Cisco

Live login & find your session

http://bit.ly/clus2015

Cisco Prime InfrastructureRealizing the Vision of One Management

Convergence Consolidation Cisco Advantage

Lifecycle

Converged

management with

integrated best practices

UCS Server

Assurance

Bridging Network and

Compute

Assurance

End-to-end application

experience and visibility

Network Topologyin

Prime Infrastructure

Visualize alarms in your network - solve problems faster

Focus on flexibility, scalability

• Easily define the maps you want to see

• View devices, links, locations

• Links automatically discovered (CDP)

• Add links, unmanaged devices manually

• Highest alarm state shown

• Scalable map hierarchy

• Drill down for details

Topology Map Controls • Group Selector

Locations

Custom / User-Defined

• Map Toolbar

Refresh, Pan, Select

Zoom

Layout

Expand & Collapse

Overview

Export & Print

Search

Filter

• “Show” - new in 3.0

Control alarm severity

Optionally omit links

Show / Hide labels

Aggregrated links

Create Links & Unmanaged Devices

• Add Unmanaged Devices or Networks

• Create Links

• Assign interfaces

Summary / Action Panel – Device / Group / Link

Summary Information

• Device/Group Name

• Device IP Address

• Device Type

• Alarm Summary

Actions

• Add to Group

• Launch Device 360

• Expand Group

• Drill Down Group

Add Topology Dashlet to Overview Dashboard

• Display any map in a dashlet

• Display multiple topology dashlets

• Pan & Zoom

• Layout tool

• Group drilldown

• Device 360 View

• Detach (PI 3.0)

View neigboring devices and links: N-Hop View

• Quick Visibility of neighbors

• 1, 2, or 3 hops (default=3)

Demo: Network Topology

Location Hierarchy46 Buildings

7 Sites:

• Site 1

• Site 2

• Site 3

• Site 4

• Site 5

• Site 5.1

• McCarthy Ranch

Configuration Baseline Compliance in

Prime Infrastructure

Prevent Problems with Configuration Baseline Compliance

• New in Prime Infrastructure 3.0

• Define configuration baseline policies

• Perform compliance audits

• View compliance audit violations

• Option to fix violations

• Support for IOS & NXOS devices

AireOS support planned for next release

Compliance Conceptual ModelThree Level Model: Modular Building Blocks Simplify Policy Creation

Policies

Define granular “per-feature” level compliance rules

Profiles

Aggregate multiple compliance policies into larger sets of policies

Used when performing compliance audits

Jobs

Maps a specific profile against a specific set of network devices

Perform compliance audits to detect compliance violations

Compliance Policies (Level One)Granular “Feature-level” Compliance Definition for Maximum Flexibility

Policy has 1 or more Rules

Each Rule has 4 parts

Rule Information – Name, Description, Impact, Suggested Fix

Platform Selection – IOS, IOS-XE, IOS-XR, NXOS

Rule Inputs (optional) – string, IP address, boolean, etc

Conditions and Actions – 1 or more (ordered list)

Compliance Policies – 2 Examples

Policy example 1:

“Device must have specific SNMP trap destination configured”

Policy example 2:

“All interfaces must have input access control, unless they are shutdown or not configured with an IP address”

Rule Condition Scope & Block OptionsScope controls what information is checked

Configuration

Command Outputs

Show commands, etc

Device Properties

Device Name, IP Address, OS Name, OS Version

Previously Matched Block

Block Options

Check inside config sub-mode blocks

Typical uses:

Interface

Router

Conditions and Actions

Condition operations

String compare (contains / does not contain)

Regular Expressions (match / doesn’t match)

Evaluate Expression

Execute Function

Actions

Continue – keep checking, go on to succeeding Condition

Does Not Raise a Violation – stop checking, all is good, no more checking needed

Raise a Violation – raise a violation and stop checking

Raise a Violation and Continue – raise a violation and keep checking, go on to succeeding Condition

Conditions: String and Expression MatchingString Compare

Checks that line contains string

Rule Inputs can be inserted

Single line regular expression

Parenthesis collect values

Angle brackets reference collected values <condition#.value#>

Option to test expression

Advanced Options control whether to generate multiple violations for a given condition

Regular Expression Support

Conditions: Evaluate Expression OperatorCompare values from previous expressions or Rule Input

Reference values extracted from Rule Inputs or previous expressions <condition#.value#>

Valid operators are

<, <=, >, >=, ==, != (for numerical comparison)

matches (for case-sensitive string comparson)

true :

Conditions: Execute Function OperatorLimited set of functions for very specific use cases

2 Functions currently available

checkTraffic(“Traffic”,”ACL”)

Checks to see whether an ACE string (“Traffic” string) is associated with a specific ACL (“ACL” string). Traffic can also reference information from a previous condition

stringBelongsToInput(“String”,”Input Name”)

True if given string is present in a multi-value Rule Input

Function execution returns true or false (match or no)

Rule Conditions - Examples

Sequence of 1 or more conditions evaluated in order

“Match” & “Does Not Match” Action specified for every Condition

Strings can reference Rule Input variables

Expressions can reference information collected in previous conditions

Actions: Violation HandlingYou specify what message and optional fix to generate

User definable Severity

Default or User Defined Message Type

User Defined Violation Message option enables 3 additional fields:

Message ID (optional)

Violation Message text

Fix CLI (optional)

Multiple CLI lines allowed!

Fix CLI can be invoked from Audit Job Result (to generate Fix Job)

Demo: Configuration Baseline Compliance Policies

Compliance Profiles (Level Two)Create set of policies to be used for performing compliance audits

Include multiple Policies

User defined or Pre-defined / Built-in

Specify Policy Rule Input values

Select or de-select individual Rules

Select a Profile to run audit

Uses Prime Infrastructure Job framework

Select devices / device groups

Select config source (archive or device)

Schedule as desired

Compliance Jobs (Level Three)View Compliance Audit Results and Correct Violations

Audit Jobs perform audit

Results show violations

Fix Jobs apply Fix CLI

Generated from Audit Job

Preview Fix CLI commands

Schedule Fix Job

Violation Summary

List of all violations

Audit Job ResultsView detailed results of Compliance Audit

Violation Summary

Overview of all violations in Job

Violations by Device

Per-device violation details

Fix Rule Inputs (optional)

Can be scoped to allow input either for Profile or Fix Job

Preview Fix Commands

Per device, per policy

Schedule

Standard job options

Export Job Results - HTML ExampleAudit & Fix Job Results, Violation Summary

Generate Fix Jobs

Select per-device violations

Preview Fix Commands

Per device, per Policy

Schedule Fix Job

Violation SummaryOne-stop-shop to see all violations over time

Violations listed per device

Clickable links back to Audit Job

Sortable, filterable

PDF, CSV Export

Demo: Configuration Baseline

Compliance Profiles & Jobs

Summary / Q & A

Call to Action

• Visit the World of Solutions for

• Cisco Campus: EN and ACI areas for Prime Infra and APIC-EM Demos

• Whisper Suites: Get in touch with your Cisco Account/Partner team to schedule 1-on-1 meetings with Product Teams at SDN and Network Transformation Whisper Suites

• Visit the NOC to see a live version of Prime Infrastructure managing the show network

• Prime Infrastructure/APIC-EM related labs and sessions• BRKNMS-2848 - Prime Infrastructure Deep Dive

• BRKNMS-2447 - How Cisco IT Uses Prime Infrastructure to Manage the Cisco Network

• BRKNMS-2701 - How I Learned To Stop Worrying And Love Prime Infrastructure

• BRKEWN-2011 - Managing an Enterprise WLAN with Cisco Prime Infrastructure

• BRKNMS-1040 - IWAN and AVC Management with Cisco Prime Infrastructure

• BRKNMS-2847 - Wireless Troubleshooting with Cisco Prime Infrastructure

• LTRNMS-2005 - Performance and Capacity Management via Cisco Prime

• BRKNMS-1036 – SDN Led IT Operations Management with APIC-EM and Prime Infrastructure

Participate in the “My Favorite Speaker” Contest

• Promote your favorite speaker through Twitter and you could win $200 of Cisco Press products (@CiscoPress)

• Send a tweet and include

• Your favorite speaker’s Twitter handle

• Two hashtags: #CLUS #MyFavoriteSpeaker

• You can submit an entry for more than one of your “favorite” speakers

• Don’t forget to follow @CiscoLive and @CiscoPress

• View the official rules at http://bit.ly/CLUSwin

Promote Your Favorite Speaker and You Could Be a Winner

Complete Your Online Session Evaluation

Don’t forget: Cisco Live sessions will be available for viewing on-demand after the event at CiscoLive.com/Online

• Give us your feedback to be entered into a Daily Survey Drawing. A daily winner will receive a $750 Amazon gift card.

• Complete your session surveys though the Cisco Live mobile app or your computer on Cisco Live Connect.

Continue Your Education

• Demos in the Cisco campus

• Walk-in Self-Paced Labs

• Table Topics

• Meet the Engineer 1:1 meetings

• Related sessions

Thank you

Internet of Things (IoT) Cisco Education OfferingsCourse Description Cisco Certification

NEW! CCNA Industrial An associate level instructor led training course designed to prepare you

for the CCNA Industrial certification

CCNA® Industrial

Managing Industrial Networks with

Cisco Networking Technologies (IMINS)

This curriculum addresses foundational skills needed to manage and

administer networked industrial control systems. It provides plant

administrators, control system engineers and traditional network engineers

with an understanding of the networking technologies needed in today's

connected plants and enterprises

Cisco Industrial

Networking Specialist

Control Systems Fundamentals

for Industrial Networking (ICINS)

For IT and Network Engineers, covers basic concepts in Industrial Control

systems including an introduction to automation industry verticals,

automation environment and an overview of industrial control networks

Networking Fundamentals

for Industrial Control Systems (INICS)

For Industrial Engineers and Control System Technicians, covers basic IP

and networking concepts, and introductory overview of Automation

industry Protocols.

For more details, please visit: http://learningnetwork.cisco.com

Questions? Visit the Learning@Cisco Booth or contact ask-edu-pm-dcv@cisco.com

Business Transformation Cisco Education OfferingsCourse Description Cisco Certification

For IT and Network Professionals:

Building Business Specialist Skills • Builds non-technical skills key to ensure business impact and influence.

Topics include: business analysis, finance, technology adoption and

effective communications.

• Bridges IT and business impacts of mature and emerging solutions

including cloud plus Internet of Everything

Cisco Enterprise IT

Business Specialist

For Technology Sellers:

Applying Cisco Specialized Business Value

Analysis Skills

Builds skills to discover and address technology needs using a business-

focused, consultative sales approach

Cisco Business Value Specialist

Executing Advanced Cisco Business Value

Analysis and Design Techniques

Enables customer transformation through business architecture and

solution selling expertise

Cisco Certified Business

Value Practitioner

Performing Cisco Business-Focused

Transformative Architecture Engagements

Provides skills and an approach to build a strategic roadmap of IT

initiatives, aligned to business priorities

Cisco Transformative

Architecture Specialist

For more details, please visit: http://learningnetwork.cisco.com

Questions? Visit the Learning@Cisco Booth or contact ask-edu-pm-dcv@cisco.com

Security Cisco Education OfferingsCourse Description Cisco Certification

Implementing Cisco IOS Network Security (IINS)

Implementing Cisco Edge Network Security Solutions

(SENSS)

Implementing Cisco Threat Control Solutions (SITCS)

Implementing Cisco Secure Access Solutions (SISAS)

Implementing Cisco Secure Mobility Solutions

(SIMOS)

Focuses on the design, implementation, and monitoring of a comprehensive

security policy, using Cisco IOS security features

Configure Cisco perimeter edge security solutions utilizing Cisco Switches, Cisco

Routers, and Cisco Adaptive Security Appliance (ASA) Firewalls

Deploy Cisco’s Next Generation Firewall (NGFW) as well as Web Security, Email

Security and Cloud Web Security

Deploy Cisco’s Identity Services Engine and 802.1X secure network access

Protect data traversing a public or shared infrastructure such as the Internet by

implementing and maintaining Cisco VPN solutions

CCNA® Security

Securing Cisco Networks with Threat Detection and

Analysis (SCYBER)

Designed for professional security analysts, the course covers essential areas of

competency including event monitoring, security event/alarm/traffic analysis, and

incident response

Cisco Cybersecurity Specialist

Network Security Product and Solutions Training For official product training on Cisco’s latest security products, including Adaptive

Security Appliances, NGIPS, Advanced Malware Protection, Identity Services

Engine, Email and Web Security Appliances see

www.cisco.com/go/securitytraining

For more details, please visit: http://learningnetwork.cisco.com

Questions? Visit the Learning@Cisco Booth or contact ask-edu-pm-dcv@cisco.com

R&S Related Cisco Education OfferingsCourse Description Cisco Certification

CCIE R&S Advanced Workshops (CIERS-1 &

CIERS-2) plus

Self Assessments, Workbooks & Labs

Expert level trainings including: instructor led workshops, self

assessments, practice labs and CCIE Lab Builder to prepare candidates

for the CCIE R&S practical exam.

CCIE® Routing & Switching

• Implementing Cisco IP Routing v2.0

• Implementing Cisco IP Switched

Networks V2.0

• Troubleshooting and Maintaining

Cisco IP Networks v2.0

Professional level instructor led trainings to prepare candidates for the

CCNP R&S exams (ROUTE, SWITCH and TSHOOT). Also available in

self study eLearning formats with Cisco Learning Labs.

CCNP® Routing & Switching

Interconnecting Cisco Networking Devices:

Part 2 (or combined)

Configure, implement and troubleshoot local and wide-area IPv4 and IPv6

networks. Also available in self study eLearning format with Cisco Learning

Lab.

CCNA® Routing & Switching

Interconnecting Cisco Networking Devices:

Part 1

Installation, configuration, and basic support of a branch network. Also

available in self study eLearning format with Cisco Learning Lab.

CCENT® Routing & Switching

For more details, please visit: http://learningnetwork.cisco.com

Questions? Visit the Learning@Cisco Booth or contact ask-edu-pm-dcv@cisco.com

Wireless Cisco Education OfferingsCourse Description Cisco Certification

• Conducting Cisco Unified Wireless Site Survey

• Implementing Cisco Unified Wireless Voice

Networks

• Implementing Cisco Unified Wireless Mobility

Services

• Implementing Cisco Unified Wireless Security

Services

Professional level instructor led trainings to prepare candidates to conduct

site surveys, implement, configure and support APs and controllers in

converged Enterprise networks. Focused on 802.11 and related

technologies to deploy voice networks, mobility services, and wireless

security.

CCNP® Wireless

Implementing Cisco Unified Wireless Network

Essential

Prepares candidates to design, install, configure, monitor and conduct

basic troubleshooting tasks of a Cisco WLAN in Enterprise installations.

CCNA® Wireless

For more details, please visit: http://learningnetwork.cisco.com

Questions? Visit the Learning@Cisco Booth or contact ask-edu-pm-dcv@cisco.com

Design Cisco Education OfferingsCourse Description Cisco Certification

Designing Cisco Network Service Architectures

(ARCH)

Provides learner with the ability to perform conceptual, intermediate, and

detailed design of a network infrastructure that supports desired capacity,

performance, availability required for converged Enterprise network

services and applications.

CCDP® (Design Professional)

Designing for Cisco Internetwork Solutions

(DESGN)

Instructor led training focused on fundamental design methodologies used

to determine requirements for network performance, security, voice, and

wireless solutions. Prepares candidates for the CCDA certification exam.

CCDA® (Design Associate)

For more details, please visit: http://learningnetwork.cisco.com

Questions? Visit the Learning@Cisco Booth or contact ask-edu-pm-dcv@cisco.com

Service Provider Cisco Education OfferingsCourse Description Cisco Certification

Deploying Cisco Service Provider Network Routing

(SPROUTE) & Advanced (SPADVROUTE)

Implementing Cisco Service Provider Next-Generation

Core Network Services (SPCORE)

Edge Network Services (SPEDGE)

SPROUTE covers the implementation of routing protocols (OSPF, IS-IS, BGP),

route manipulations, and HA routing features; SPADVROUTE covers advanced

routing topics in BGP, multicast services including PIM-SM, and IPv6;

SPCORE covers network services, including MPLS-LDP, MPLS traffic engineering,

QoS mechanisms, and transport technologies;

SPEDGE covers network services, including MPLS Layer 3 VPNs, Layer 2 VPNs,

and Carrier Ethernet services; all within SP IP NGN environments.

CCNP Service Provider®

Building Cisco Service Provider Next-Generation

Networks, Part 1&2 (SPNGN1), (SPNGN2)

The two courses introduce networking technologies and solutions, including OSI

and TCP/IP models, IPv4/v6, switching, routing, transport types, security, network

management, and Cisco OS (IOS and IOS XR).

CCNA Service Provider®

Implementing Cisco Service Provider Mobility UMTS

Networks (SPUMTS);

Implementing Cisco Service Provider Mobility CDMA

Networks (SPCDMA);

Implementing Cisco Service Provider Mobility LTE

Networks (SPLTE)

The three courses (SPUMTS, SPCDMA, SPLTE) cover knowledge and skills

required to understand products, technologies, and architectures that are found in

Universal Mobile Telecommunications Systems (UMTS) and Code Division Multiple

Access (CDMA) packet core networks, plus their migration to Long-Term Evolution

(LTE) Evolved Packet Systems (EPS), including Evolved Packet Core (EPC) and

Radio Access Networks (RANs).

Cisco Service Provider Mobility

CDMA to LTE Specialist;

Cisco Service Provider Mobility UMTS

to LTE Specialist

Implementing and Maintaining Cisco Technologies

Using IOS XR (IMTXR)

Service Provider/Enterprise engineers to implement, verification-test, and optimize

core/edge technologies in a Cisco IOS XR environment.

Cisco IOS XR Specialist

For more details, please visit: http://learningnetwork.cisco.com

Questions? Visit the Learning@Cisco Booth or contact ask-edu-pm-dcv@cisco.com

Collaboration Cisco Education OfferingsCourse Description Cisco Certification

CCIE Collaboration Advanced Workshop (CIEC) Gain expert-level skills to integrate, configure, and troubleshoot complex

collaboration networks

CCIE® Collaboration

Implementing Cisco Collaboration Applications

(CAPPS)

Understand how to implement the full suite of Cisco collaboration

applications including Jabber, Cisco Unified IM and Presence, and Cisco

Unity Connection.

CCNP® Collaboration

Implementing Cisco IP Telephony and Video

Part 1 (CIPTV1)

Implementing Cisco IP Telephony and Video

Part 2 (CIPTV2)

Troubleshooting Cisco IP Telephony and Video

(CTCOLLAB)

Learn how to implement Cisco Unified Communications Manager, CUBE,

and audio and videoconferences in a single-site voice and video network.

Obtain the skills to implement Cisco Unified Communications Manager in a

modern, multisite collaboration environment.

Troubleshoot complex integrated voice and video infrastructures

CCNP® Collaboration

Implementing Cisco Collaboration Devices

(CICD)

Implementing Cisco Video Network Devices

(CIVND)

Acquire a basic understanding of collaboration technologies like Cisco Call

Manager and Cisco Unified Communications Manager.

Learn how to evaluate requirements for video deployments, and implement

Cisco Collaboration endpoints in converged Cisco infrastructures.

CCNA® Collaboration

For more details, please visit: http://learningnetwork.cisco.com

Questions? Visit the Learning@Cisco Booth or contact ask-edu-pm-dcv@cisco.com

Data Center / Virtualization Cisco Education OfferingsCourse Description Cisco Certification

Cisco Data Center CCIE Unified Fabric

Workshop (DCXUF);

Cisco Data Center CCIE Unified Computing

Workshop (DCXUC)

Prepare for your CCIE Data Center practical exam with hands on lab

exercises running on a dedicated comprehensive topology

CCIE® Data Center

Implementing Cisco Data Center Unified Fabric

(DCUFI);

Implementing Cisco Data Center Unified

Computing (DCUCI)

Obtain the skills to deploy complex virtualized Data Center Fabric and

Computing environments with Nexus and Cisco UCS.

CCNP® Data Center

Introducing Cisco Data Center Networking

(DCICN); Introducing Cisco Data Center

Technologies (DCICT)

Learn basic data center technologies and how to build a data center

infrastructure.

CCNA® Data Center

Product Training Portfolio: DCAC9k, DCINX9k,

DCMDS, DCUCS, DCNX1K, DCNX5K, DCNX7K

Get a deep understanding of the Cisco data center product line including

the Cisco Nexus9K in ACI and NexusOS modes

For more details, please visit: http://learningnetwork.cisco.com

Questions? Visit the Learning@Cisco Booth or contact ask-edu-pm-dcv@cisco.com

Network Programmability Cisco Education OfferingsCourse Description Cisco Certification

Integrating Business Applications with Network

Programmability (NIPBA);

Integrating Business Applications with Network

Programmability for Cisco ACI (NPIBAACI)

Learn networking concepts, and how to deploy and troubleshoot

programmable network architectures with these self-paced courses.

Cisco Business Application

Engineer Specialist Certification

Developing with Cisco Network Programmability

(NPDEV);

Developing with Cisco Network Programmability

for Cisco ACI (NPDEVACI)

Learn how to build applications for network environments and effectively

bridge the gap between IT professionals and software developers.

Cisco Network Programmability

Developer Specialist Certification

Designing with Cisco Network Programmability

(NPDES);

Designing with Cisco Network Programmability

for Cisco ACI (NPDESACI)

Learn how to expand your skill set from traditional IT infrastructure to

application integration through programmability.

Cisco Network Programmability

Design Specialist Certification

Implementing Cisco Network Programmability

(NPENG);

Implementing Cisco Network Programmability

for Cisco ACI (NPENGACI)

Learn how to implement and troubleshoot open IT infrastructure

technologies.

Cisco Network Programmability

Engineer Specialist Certification

For more details, please visit: http://learningnetwork.cisco.com

Questions? Visit the Learning@Cisco Booth or contact ask-edu-pm-dcv@cisco.com

Cloud Cisco Education OfferingsCourse Description Cisco Certification

Designing the FlexPod Solution (FPDESIGN);

Implementing and Administering the FlexPod

Solution (FPIMPADM)

Learn how to design, implement and administer FlexPod solutions FlexPod Design Specialist;

FlexPod Implementation &

Administration Specialist

UCS Director (UCSDF) Learn how to manage physical and virtual infrastructure using

orchestration and automation functions of UCS Director.

Cisco Prime Service Catalog Learn how to deliver data center, workplace, and application services in an

on-demand, automated, and repeatable method.

Cisco Intercloud Fabric Learn how to implement end-to-end hybrid clouds with Intercloud Fabric

for Business and Intercloud Fabric for Providers.

Cisco Intelligent Automation for Cloud Learn how to implement and manage cloud deployments with Cisco

Intelligent Automation for Cloud

For more details, please visit: http://learningnetwork.cisco.com

Questions? Visit the Learning@Cisco Booth or contact ask-edu-pm-dcv@cisco.com