Prime Infrastructure Deep Dive
Mark Basinski
Product Manager, Enterprise Infrastructure & Solutions
BRKNMS-2848
• Introduction
• Visualize Problems with Network Topology
• Prevent Problems with Configuration Baseline Compliance
• Summary / Q & A
Agenda
Introduction
Step 1: Download the Mobile App
Get all the information you need at
your fingertips!
Participate in session polling and Q&A
Step 2: Access the session
Log into the app using your Cisco
Live login & find your session
http://bit.ly/clus2015
Cisco Prime InfrastructureRealizing the Vision of One Management
Convergence Consolidation Cisco Advantage
Lifecycle
Converged
management with
integrated best practices
UCS Server
Assurance
Bridging Network and
Compute
Assurance
End-to-end application
experience and visibility
Network Topologyin
Prime Infrastructure
Visualize alarms in your network - solve problems faster
Focus on flexibility, scalability
• Easily define the maps you want to see
• View devices, links, locations
• Links automatically discovered (CDP)
• Add links, unmanaged devices manually
• Highest alarm state shown
• Scalable map hierarchy
• Drill down for details
Topology Map Controls • Group Selector
Locations
Custom / User-Defined
• Map Toolbar
Refresh, Pan, Select
Zoom
Layout
Expand & Collapse
Overview
Export & Print
Search
Filter
• “Show” - new in 3.0
Control alarm severity
Optionally omit links
Show / Hide labels
Aggregrated links
Create Links & Unmanaged Devices
• Add Unmanaged Devices or Networks
• Create Links
• Assign interfaces
Summary / Action Panel – Device / Group / Link
Summary Information
• Device/Group Name
• Device IP Address
• Device Type
• Alarm Summary
Actions
• Add to Group
• Launch Device 360
• Expand Group
• Drill Down Group
Add Topology Dashlet to Overview Dashboard
• Display any map in a dashlet
• Display multiple topology dashlets
• Pan & Zoom
• Layout tool
• Group drilldown
• Device 360 View
• Detach (PI 3.0)
View neigboring devices and links: N-Hop View
• Quick Visibility of neighbors
• 1, 2, or 3 hops (default=3)
Demo: Network Topology
Location Hierarchy46 Buildings
7 Sites:
• Site 1
• Site 2
• Site 3
• Site 4
• Site 5
• Site 5.1
• McCarthy Ranch
Configuration Baseline Compliance in
Prime Infrastructure
Prevent Problems with Configuration Baseline Compliance
• New in Prime Infrastructure 3.0
• Define configuration baseline policies
• Perform compliance audits
• View compliance audit violations
• Option to fix violations
• Support for IOS & NXOS devices
AireOS support planned for next release
Compliance Conceptual ModelThree Level Model: Modular Building Blocks Simplify Policy Creation
Policies
Define granular “per-feature” level compliance rules
Profiles
Aggregate multiple compliance policies into larger sets of policies
Used when performing compliance audits
Jobs
Maps a specific profile against a specific set of network devices
Perform compliance audits to detect compliance violations
Compliance Policies (Level One)Granular “Feature-level” Compliance Definition for Maximum Flexibility
Policy has 1 or more Rules
Each Rule has 4 parts
Rule Information – Name, Description, Impact, Suggested Fix
Platform Selection – IOS, IOS-XE, IOS-XR, NXOS
Rule Inputs (optional) – string, IP address, boolean, etc
Conditions and Actions – 1 or more (ordered list)
Compliance Policies – 2 Examples
Policy example 1:
“Device must have specific SNMP trap destination configured”
Policy example 2:
“All interfaces must have input access control, unless they are shutdown or not configured with an IP address”
Rule Condition Scope & Block OptionsScope controls what information is checked
Configuration
Command Outputs
Show commands, etc
Device Properties
Device Name, IP Address, OS Name, OS Version
Previously Matched Block
Block Options
Check inside config sub-mode blocks
Typical uses:
Interface
Router
Conditions and Actions
Condition operations
String compare (contains / does not contain)
Regular Expressions (match / doesn’t match)
Evaluate Expression
Execute Function
Actions
Continue – keep checking, go on to succeeding Condition
Does Not Raise a Violation – stop checking, all is good, no more checking needed
Raise a Violation – raise a violation and stop checking
Raise a Violation and Continue – raise a violation and keep checking, go on to succeeding Condition
Conditions: String and Expression MatchingString Compare
Checks that line contains string
Rule Inputs can be inserted
Single line regular expression
Parenthesis collect values
Angle brackets reference collected values <condition#.value#>
Option to test expression
Advanced Options control whether to generate multiple violations for a given condition
Regular Expression Support
Conditions: Evaluate Expression OperatorCompare values from previous expressions or Rule Input
Reference values extracted from Rule Inputs or previous expressions <condition#.value#>
Valid operators are
<, <=, >, >=, ==, != (for numerical comparison)
matches (for case-sensitive string comparson)
true :
Conditions: Execute Function OperatorLimited set of functions for very specific use cases
2 Functions currently available
checkTraffic(“Traffic”,”ACL”)
Checks to see whether an ACE string (“Traffic” string) is associated with a specific ACL (“ACL” string). Traffic can also reference information from a previous condition
stringBelongsToInput(“String”,”Input Name”)
True if given string is present in a multi-value Rule Input
Function execution returns true or false (match or no)
Rule Conditions - Examples
Sequence of 1 or more conditions evaluated in order
“Match” & “Does Not Match” Action specified for every Condition
Strings can reference Rule Input variables
Expressions can reference information collected in previous conditions
Actions: Violation HandlingYou specify what message and optional fix to generate
User definable Severity
Default or User Defined Message Type
User Defined Violation Message option enables 3 additional fields:
Message ID (optional)
Violation Message text
Fix CLI (optional)
Multiple CLI lines allowed!
Fix CLI can be invoked from Audit Job Result (to generate Fix Job)
Demo: Configuration Baseline Compliance Policies
Compliance Profiles (Level Two)Create set of policies to be used for performing compliance audits
Include multiple Policies
User defined or Pre-defined / Built-in
Specify Policy Rule Input values
Select or de-select individual Rules
Select a Profile to run audit
Uses Prime Infrastructure Job framework
Select devices / device groups
Select config source (archive or device)
Schedule as desired
Compliance Jobs (Level Three)View Compliance Audit Results and Correct Violations
Audit Jobs perform audit
Results show violations
Fix Jobs apply Fix CLI
Generated from Audit Job
Preview Fix CLI commands
Schedule Fix Job
Violation Summary
List of all violations
Audit Job ResultsView detailed results of Compliance Audit
Violation Summary
Overview of all violations in Job
Violations by Device
Per-device violation details
Fix Rule Inputs (optional)
Can be scoped to allow input either for Profile or Fix Job
Preview Fix Commands
Per device, per policy
Schedule
Standard job options
Export Job Results - HTML ExampleAudit & Fix Job Results, Violation Summary
Generate Fix Jobs
Select per-device violations
Preview Fix Commands
Per device, per Policy
Schedule Fix Job
Violation SummaryOne-stop-shop to see all violations over time
Violations listed per device
Clickable links back to Audit Job
Sortable, filterable
PDF, CSV Export
Demo: Configuration Baseline
Compliance Profiles & Jobs
Summary / Q & A
Call to Action
• Visit the World of Solutions for
• Cisco Campus: EN and ACI areas for Prime Infra and APIC-EM Demos
• Whisper Suites: Get in touch with your Cisco Account/Partner team to schedule 1-on-1 meetings with Product Teams at SDN and Network Transformation Whisper Suites
• Visit the NOC to see a live version of Prime Infrastructure managing the show network
• Prime Infrastructure/APIC-EM related labs and sessions• BRKNMS-2848 - Prime Infrastructure Deep Dive
• BRKNMS-2447 - How Cisco IT Uses Prime Infrastructure to Manage the Cisco Network
• BRKNMS-2701 - How I Learned To Stop Worrying And Love Prime Infrastructure
• BRKEWN-2011 - Managing an Enterprise WLAN with Cisco Prime Infrastructure
• BRKNMS-1040 - IWAN and AVC Management with Cisco Prime Infrastructure
• BRKNMS-2847 - Wireless Troubleshooting with Cisco Prime Infrastructure
• LTRNMS-2005 - Performance and Capacity Management via Cisco Prime
• BRKNMS-1036 – SDN Led IT Operations Management with APIC-EM and Prime Infrastructure
Participate in the “My Favorite Speaker” Contest
• Promote your favorite speaker through Twitter and you could win $200 of Cisco Press products (@CiscoPress)
• Send a tweet and include
• Your favorite speaker’s Twitter handle
• Two hashtags: #CLUS #MyFavoriteSpeaker
• You can submit an entry for more than one of your “favorite” speakers
• Don’t forget to follow @CiscoLive and @CiscoPress
• View the official rules at http://bit.ly/CLUSwin
Promote Your Favorite Speaker and You Could Be a Winner
Complete Your Online Session Evaluation
Don’t forget: Cisco Live sessions will be available for viewing on-demand after the event at CiscoLive.com/Online
• Give us your feedback to be entered into a Daily Survey Drawing. A daily winner will receive a $750 Amazon gift card.
• Complete your session surveys though the Cisco Live mobile app or your computer on Cisco Live Connect.
Continue Your Education
• Demos in the Cisco campus
• Walk-in Self-Paced Labs
• Table Topics
• Meet the Engineer 1:1 meetings
• Related sessions
Thank you
Internet of Things (IoT) Cisco Education OfferingsCourse Description Cisco Certification
NEW! CCNA Industrial An associate level instructor led training course designed to prepare you
for the CCNA Industrial certification
CCNA® Industrial
Managing Industrial Networks with
Cisco Networking Technologies (IMINS)
This curriculum addresses foundational skills needed to manage and
administer networked industrial control systems. It provides plant
administrators, control system engineers and traditional network engineers
with an understanding of the networking technologies needed in today's
connected plants and enterprises
Cisco Industrial
Networking Specialist
Control Systems Fundamentals
for Industrial Networking (ICINS)
For IT and Network Engineers, covers basic concepts in Industrial Control
systems including an introduction to automation industry verticals,
automation environment and an overview of industrial control networks
Networking Fundamentals
for Industrial Control Systems (INICS)
For Industrial Engineers and Control System Technicians, covers basic IP
and networking concepts, and introductory overview of Automation
industry Protocols.
For more details, please visit: http://learningnetwork.cisco.com
Questions? Visit the Learning@Cisco Booth or contact [email protected]
Business Transformation Cisco Education OfferingsCourse Description Cisco Certification
For IT and Network Professionals:
Building Business Specialist Skills • Builds non-technical skills key to ensure business impact and influence.
Topics include: business analysis, finance, technology adoption and
effective communications.
• Bridges IT and business impacts of mature and emerging solutions
including cloud plus Internet of Everything
Cisco Enterprise IT
Business Specialist
For Technology Sellers:
Applying Cisco Specialized Business Value
Analysis Skills
Builds skills to discover and address technology needs using a business-
focused, consultative sales approach
Cisco Business Value Specialist
Executing Advanced Cisco Business Value
Analysis and Design Techniques
Enables customer transformation through business architecture and
solution selling expertise
Cisco Certified Business
Value Practitioner
Performing Cisco Business-Focused
Transformative Architecture Engagements
Provides skills and an approach to build a strategic roadmap of IT
initiatives, aligned to business priorities
Cisco Transformative
Architecture Specialist
For more details, please visit: http://learningnetwork.cisco.com
Questions? Visit the Learning@Cisco Booth or contact [email protected]
Security Cisco Education OfferingsCourse Description Cisco Certification
Implementing Cisco IOS Network Security (IINS)
Implementing Cisco Edge Network Security Solutions
(SENSS)
Implementing Cisco Threat Control Solutions (SITCS)
Implementing Cisco Secure Access Solutions (SISAS)
Implementing Cisco Secure Mobility Solutions
(SIMOS)
Focuses on the design, implementation, and monitoring of a comprehensive
security policy, using Cisco IOS security features
Configure Cisco perimeter edge security solutions utilizing Cisco Switches, Cisco
Routers, and Cisco Adaptive Security Appliance (ASA) Firewalls
Deploy Cisco’s Next Generation Firewall (NGFW) as well as Web Security, Email
Security and Cloud Web Security
Deploy Cisco’s Identity Services Engine and 802.1X secure network access
Protect data traversing a public or shared infrastructure such as the Internet by
implementing and maintaining Cisco VPN solutions
CCNA® Security
Securing Cisco Networks with Threat Detection and
Analysis (SCYBER)
Designed for professional security analysts, the course covers essential areas of
competency including event monitoring, security event/alarm/traffic analysis, and
incident response
Cisco Cybersecurity Specialist
Network Security Product and Solutions Training For official product training on Cisco’s latest security products, including Adaptive
Security Appliances, NGIPS, Advanced Malware Protection, Identity Services
Engine, Email and Web Security Appliances see
www.cisco.com/go/securitytraining
For more details, please visit: http://learningnetwork.cisco.com
Questions? Visit the Learning@Cisco Booth or contact [email protected]
R&S Related Cisco Education OfferingsCourse Description Cisco Certification
CCIE R&S Advanced Workshops (CIERS-1 &
CIERS-2) plus
Self Assessments, Workbooks & Labs
Expert level trainings including: instructor led workshops, self
assessments, practice labs and CCIE Lab Builder to prepare candidates
for the CCIE R&S practical exam.
CCIE® Routing & Switching
• Implementing Cisco IP Routing v2.0
• Implementing Cisco IP Switched
Networks V2.0
• Troubleshooting and Maintaining
Cisco IP Networks v2.0
Professional level instructor led trainings to prepare candidates for the
CCNP R&S exams (ROUTE, SWITCH and TSHOOT). Also available in
self study eLearning formats with Cisco Learning Labs.
CCNP® Routing & Switching
Interconnecting Cisco Networking Devices:
Part 2 (or combined)
Configure, implement and troubleshoot local and wide-area IPv4 and IPv6
networks. Also available in self study eLearning format with Cisco Learning
Lab.
CCNA® Routing & Switching
Interconnecting Cisco Networking Devices:
Part 1
Installation, configuration, and basic support of a branch network. Also
available in self study eLearning format with Cisco Learning Lab.
CCENT® Routing & Switching
For more details, please visit: http://learningnetwork.cisco.com
Questions? Visit the Learning@Cisco Booth or contact [email protected]
Wireless Cisco Education OfferingsCourse Description Cisco Certification
• Conducting Cisco Unified Wireless Site Survey
• Implementing Cisco Unified Wireless Voice
Networks
• Implementing Cisco Unified Wireless Mobility
Services
• Implementing Cisco Unified Wireless Security
Services
Professional level instructor led trainings to prepare candidates to conduct
site surveys, implement, configure and support APs and controllers in
converged Enterprise networks. Focused on 802.11 and related
technologies to deploy voice networks, mobility services, and wireless
security.
CCNP® Wireless
Implementing Cisco Unified Wireless Network
Essential
Prepares candidates to design, install, configure, monitor and conduct
basic troubleshooting tasks of a Cisco WLAN in Enterprise installations.
CCNA® Wireless
For more details, please visit: http://learningnetwork.cisco.com
Questions? Visit the Learning@Cisco Booth or contact [email protected]
Design Cisco Education OfferingsCourse Description Cisco Certification
Designing Cisco Network Service Architectures
(ARCH)
Provides learner with the ability to perform conceptual, intermediate, and
detailed design of a network infrastructure that supports desired capacity,
performance, availability required for converged Enterprise network
services and applications.
CCDP® (Design Professional)
Designing for Cisco Internetwork Solutions
(DESGN)
Instructor led training focused on fundamental design methodologies used
to determine requirements for network performance, security, voice, and
wireless solutions. Prepares candidates for the CCDA certification exam.
CCDA® (Design Associate)
For more details, please visit: http://learningnetwork.cisco.com
Questions? Visit the Learning@Cisco Booth or contact [email protected]
Service Provider Cisco Education OfferingsCourse Description Cisco Certification
Deploying Cisco Service Provider Network Routing
(SPROUTE) & Advanced (SPADVROUTE)
Implementing Cisco Service Provider Next-Generation
Core Network Services (SPCORE)
Edge Network Services (SPEDGE)
SPROUTE covers the implementation of routing protocols (OSPF, IS-IS, BGP),
route manipulations, and HA routing features; SPADVROUTE covers advanced
routing topics in BGP, multicast services including PIM-SM, and IPv6;
SPCORE covers network services, including MPLS-LDP, MPLS traffic engineering,
QoS mechanisms, and transport technologies;
SPEDGE covers network services, including MPLS Layer 3 VPNs, Layer 2 VPNs,
and Carrier Ethernet services; all within SP IP NGN environments.
CCNP Service Provider®
Building Cisco Service Provider Next-Generation
Networks, Part 1&2 (SPNGN1), (SPNGN2)
The two courses introduce networking technologies and solutions, including OSI
and TCP/IP models, IPv4/v6, switching, routing, transport types, security, network
management, and Cisco OS (IOS and IOS XR).
CCNA Service Provider®
Implementing Cisco Service Provider Mobility UMTS
Networks (SPUMTS);
Implementing Cisco Service Provider Mobility CDMA
Networks (SPCDMA);
Implementing Cisco Service Provider Mobility LTE
Networks (SPLTE)
The three courses (SPUMTS, SPCDMA, SPLTE) cover knowledge and skills
required to understand products, technologies, and architectures that are found in
Universal Mobile Telecommunications Systems (UMTS) and Code Division Multiple
Access (CDMA) packet core networks, plus their migration to Long-Term Evolution
(LTE) Evolved Packet Systems (EPS), including Evolved Packet Core (EPC) and
Radio Access Networks (RANs).
Cisco Service Provider Mobility
CDMA to LTE Specialist;
Cisco Service Provider Mobility UMTS
to LTE Specialist
Implementing and Maintaining Cisco Technologies
Using IOS XR (IMTXR)
Service Provider/Enterprise engineers to implement, verification-test, and optimize
core/edge technologies in a Cisco IOS XR environment.
Cisco IOS XR Specialist
For more details, please visit: http://learningnetwork.cisco.com
Questions? Visit the Learning@Cisco Booth or contact [email protected]
Collaboration Cisco Education OfferingsCourse Description Cisco Certification
CCIE Collaboration Advanced Workshop (CIEC) Gain expert-level skills to integrate, configure, and troubleshoot complex
collaboration networks
CCIE® Collaboration
Implementing Cisco Collaboration Applications
(CAPPS)
Understand how to implement the full suite of Cisco collaboration
applications including Jabber, Cisco Unified IM and Presence, and Cisco
Unity Connection.
CCNP® Collaboration
Implementing Cisco IP Telephony and Video
Part 1 (CIPTV1)
Implementing Cisco IP Telephony and Video
Part 2 (CIPTV2)
Troubleshooting Cisco IP Telephony and Video
(CTCOLLAB)
Learn how to implement Cisco Unified Communications Manager, CUBE,
and audio and videoconferences in a single-site voice and video network.
Obtain the skills to implement Cisco Unified Communications Manager in a
modern, multisite collaboration environment.
Troubleshoot complex integrated voice and video infrastructures
CCNP® Collaboration
Implementing Cisco Collaboration Devices
(CICD)
Implementing Cisco Video Network Devices
(CIVND)
Acquire a basic understanding of collaboration technologies like Cisco Call
Manager and Cisco Unified Communications Manager.
Learn how to evaluate requirements for video deployments, and implement
Cisco Collaboration endpoints in converged Cisco infrastructures.
CCNA® Collaboration
For more details, please visit: http://learningnetwork.cisco.com
Questions? Visit the Learning@Cisco Booth or contact [email protected]
Data Center / Virtualization Cisco Education OfferingsCourse Description Cisco Certification
Cisco Data Center CCIE Unified Fabric
Workshop (DCXUF);
Cisco Data Center CCIE Unified Computing
Workshop (DCXUC)
Prepare for your CCIE Data Center practical exam with hands on lab
exercises running on a dedicated comprehensive topology
CCIE® Data Center
Implementing Cisco Data Center Unified Fabric
(DCUFI);
Implementing Cisco Data Center Unified
Computing (DCUCI)
Obtain the skills to deploy complex virtualized Data Center Fabric and
Computing environments with Nexus and Cisco UCS.
CCNP® Data Center
Introducing Cisco Data Center Networking
(DCICN); Introducing Cisco Data Center
Technologies (DCICT)
Learn basic data center technologies and how to build a data center
infrastructure.
CCNA® Data Center
Product Training Portfolio: DCAC9k, DCINX9k,
DCMDS, DCUCS, DCNX1K, DCNX5K, DCNX7K
Get a deep understanding of the Cisco data center product line including
the Cisco Nexus9K in ACI and NexusOS modes
For more details, please visit: http://learningnetwork.cisco.com
Questions? Visit the Learning@Cisco Booth or contact [email protected]
Network Programmability Cisco Education OfferingsCourse Description Cisco Certification
Integrating Business Applications with Network
Programmability (NIPBA);
Integrating Business Applications with Network
Programmability for Cisco ACI (NPIBAACI)
Learn networking concepts, and how to deploy and troubleshoot
programmable network architectures with these self-paced courses.
Cisco Business Application
Engineer Specialist Certification
Developing with Cisco Network Programmability
(NPDEV);
Developing with Cisco Network Programmability
for Cisco ACI (NPDEVACI)
Learn how to build applications for network environments and effectively
bridge the gap between IT professionals and software developers.
Cisco Network Programmability
Developer Specialist Certification
Designing with Cisco Network Programmability
(NPDES);
Designing with Cisco Network Programmability
for Cisco ACI (NPDESACI)
Learn how to expand your skill set from traditional IT infrastructure to
application integration through programmability.
Cisco Network Programmability
Design Specialist Certification
Implementing Cisco Network Programmability
(NPENG);
Implementing Cisco Network Programmability
for Cisco ACI (NPENGACI)
Learn how to implement and troubleshoot open IT infrastructure
technologies.
Cisco Network Programmability
Engineer Specialist Certification
For more details, please visit: http://learningnetwork.cisco.com
Questions? Visit the Learning@Cisco Booth or contact [email protected]
Cloud Cisco Education OfferingsCourse Description Cisco Certification
Designing the FlexPod Solution (FPDESIGN);
Implementing and Administering the FlexPod
Solution (FPIMPADM)
Learn how to design, implement and administer FlexPod solutions FlexPod Design Specialist;
FlexPod Implementation &
Administration Specialist
UCS Director (UCSDF) Learn how to manage physical and virtual infrastructure using
orchestration and automation functions of UCS Director.
Cisco Prime Service Catalog Learn how to deliver data center, workplace, and application services in an
on-demand, automated, and repeatable method.
Cisco Intercloud Fabric Learn how to implement end-to-end hybrid clouds with Intercloud Fabric
for Business and Intercloud Fabric for Providers.
Cisco Intelligent Automation for Cloud Learn how to implement and manage cloud deployments with Cisco
Intelligent Automation for Cloud
For more details, please visit: http://learningnetwork.cisco.com
Questions? Visit the Learning@Cisco Booth or contact [email protected]