Companies live in an environment today in which the “time to value” is diminishing constantly. In order to attain continuous profitability, IT managers and their staffs must focus on strategic value added projects rather than dissipate their time with routine maintenance of the existing infrastructure. Multiple studies point out that routine maintenance is currently consuming as much as . Simply put, IT Managers must find a new paradigm that can deliver their organization to the promised land.

Enter: Software Defined Networking

Software defined networking (SDN) is a buzzword today the same as virtualization was a decade ago. SDN is about virtualizing hardware and centralizing control of it as software at the application layer. SDN is about simplifying the network infrastructure of the enterprise by centralizing the control of all of its many devices such as switches and routers, into the software layer, making it application centric rather than hardware centric. Its goal is to deliver self-service network configurations, allowing applications to dynamically route network traffic, reconfigure, and even create additional network resources based on user initiated demand.

SDN sets out to make the switch and router infrastructure as agile and as flexible as the virtual server and its corresponding data are today within modern-day network data centers. Switches and routers can be provisioned and then decommissioned as easily as virtualized servers and workstations. This packaging of device virtualization and network infrastructure allows users to implement a complete network experience.

But SDN is much more than just automated deployment of end-to-end network computing environments. It’s also about delivering packets across the network more efficiently and effectively. In today’s legacy based network, the firmware of the switch or network device determines how frames and packets are forwarded and ultimately delivered to their destinations. Various types of traffic can be prioritized according to QoS rules, but identical traffic destined for the redundant endpoints are treated identically. removes the responsibility of managing network traffic from the device itself and puts it in the hand of a centralized controller that can make forwarding decisions based on network variances and conditions. With SDN, the total network can work in total synchronization with user and application demand.

Time is money for Enterprise Applications

The term “application” can be misleading as we often think of a single application that resides on our personal device. Enterprise applications are usually far more complicated. A web application for instance is many times composed of three tiers:

1. Web tier (where the users connect to a web server)
2. Application tier (which may reside on the web server or another server)
3. Backend tier (which usually hosts some type of database in which the application integrates)

Each of these web component devices will need IP addresses, DNS records and possible NAT assignments. On top of this, the application traffic may require a separate VLAN throughout the switch network along with QoS assignments. Routers may have to have access control lists and routing tables may be modified as well. Traditionally, this type of undertaking within a large enterprise could consume weeks if not months and in today’s global hyper competitive economy, time is money.

It’s not just the dynamic implementation of new applications that needs to be automated, but the decommissioning of applications as well. Application specific VLANs and routing entries need to be erased from the devices they were robotically created on in the first place, minimizing the footprint of these devices in order to maximize both security and performance. To sum it up, enterprise infrastructures must become application aware and more agile to support dynamic application instantiation and removal.

Imagine the following scenario for the implementation of a highly complex enterprise application such as an ERP system. Relying on your IT staff to configure the network for such a mammoth software implementation would be highly time consuming and hiring an outside consulting team would be expensive. But what if the application vendor provided you with an SDN ready configuration that could simply be pushed out onto all of your data plane devices? Imagine how much time and money that would save. Believe it or not, this scenario is completely plausible with SDN solutions that are readily available today such as Cisco ACI.

Overview of Cisco Application Centric Infrastructure

Cisco ACI stands for Automation is built from the ground up with Cisco ACI. Their design efforts were directed under a mandate of simplicity and as a result, Cisco developed a fresh approach to networking that completely streamlines the application deployment process.

At the core of ACI is the Application Policy Infrastructure Controller or APIC. The APIC is a centralized clustered controller that provides the programmability and centralized management that in term governs the network fabric in order to provide an optimized ecosystem for desired applications. Underneath the APIC lies a simple two tiered switch architecture rather than the traditional three-layer system embraced by traditional networks. Though well suited for the traditional client-server traffic of yesteryear, the traditional 3-layer switch design is poorly suited for the east-west traffic flow patterns that are typical of today’s data center. Cisco’s two layered approach, referred to as a leaf-and-spine architecture, creates a redundant and highlight efficient mesh fabric that allows for nearly unlimited scalability. Spine switches are the core devices, but instead of being a large, chassis-based switching platforms (as is characteristic of traditional core switches), the spine is composed of many high-throughput Layer 3 switches with high port density. Leaf switches make up the access layer; providing network connection points for servers, as well as uplink to the spine switches.

The real genius of ACI lies in what Cisco refers to as the Network Application Profiles which they describe as an automated deployed Cisco validation design. The NAP contains all of the configuration information required by the app for the supporting network devices such as VLAN, ACL and firewall settings. Essentially the application network profile is the end to end connectivity and policy requirements for an application. Once created, the NAP can be deployed within minutes. What’s more, complicated application vendors can simply supply you a preconfigured NAP as part of your application package. Implementation can be completed the day of purchase.

What is Group-Based Policy?

Cisco describes it as:

“(GBP) is an API framework for OpenStack that offers an intent-driven model intended to describe application requirements in a way that is independent of the underlying infrastructure. Rather than offering network-centric constructs, such as Layer 2 domains, GBP introduces a generic “Group” primitive along with a policy model to describe connectivity, security, and network services between groups. While GBP has focused on the networking domain, it can be a generic framework that extends beyond networking.”

describes group-based policy as “an application-centric policy model” that separates information about application connectivity requirements from information about the underlying details of the network infrastructure.”

This approach offers a number of advantages, including:

• Improved automation: Grouping constructs allow higher-level automation tools to easily manipulate groups of network endpoints simultaneously.
• Easier, application-focused way of expressing policy: By creating policies that mirror application semantics, this framework provides a simpler, self-documenting mechanism for capturing policy requirements without requiring detailed knowledge of networking.

• Consistency: By grouping endpoints and applying policy to groups, the framework offers a consistent and concise way to handle policy changes.

• Extensible policy model: Because the policy model is abstract and not tied to specific network implementations, it can easily capture connectivity, security, Layer 4 through 7, QoS, etc.

Cisco ACI makes extensive use of group-based policy in its application-centric policy model, in which connectivity is defined by consolidating endpoints (physical or virtual) into endpoint groups (EPGs). Connectivity is defined when the end user specifies a contractual relationship between one EPG and another. The end user does not need to understand the protocols or features that are employed to create this connectivity. Figure 1 provides an overview of this model.

Differences between traditional and Application centric infrastructure (ACI)

1. Automation: ACI allows to automate configuration through a servers network.
2. Time: In traditional structures, an IT admin would need weeks to deploy a new app, while in ACI structures it’s faster because the IT admin works at the application level.
3. Efficiency: Without ACI there is no shared architectural model, causing many problems when implementing the app. With ACI there is a shared model for policy automation that enables less people do more.
4. Security: managing only one policy for many servers decreases the probability of error, thus granting a higher level of security.
5. Scale: amplifying the scope of your network is easier, being able to implement new hardware in less time.
6. Openness: With this structure, centralizing all the access to data helps to deliver more connectivity.

Cisco ACI is a Game Changer for the Digital Business

The IT industry is going through a significant transformation, with BYOD, big data, cloud computing, Software Defined Data Center, IT as service, and security now prominent concerns. At the same time, companies increasingly want to reduce overall IT spending and provide much-improved levels of service to business units by increasing overall IT agility. Many in the networking industry have cited SDN as the model to move the industry forward. Cisco ACI is a catalyst to help promote the adoption of SDN throughout the IT industry: in essence, as an enabler of the SDN vision.

DID YOU KNOW?
WEI is Cisco ACI certified and is one of the very few IT solutions providers worldwide with experience implementing Cisco ACI in production environments. Want to learn more about our experience with Cisco ACI? Contact us today to start a discussion.

The post Cisco ACI: An SDN Solution for Digital Transformation appeared first on IT Solutions Provider - IT Consulting - Technology Solutions.

Data center architectures have continually evolved to meet the needs of mobile, social, big data, and cloud applications–and enterprise security solutions have evolved as well to support the new security needs of these applications in

Attacks on data centers are increasing, and physical security appliances aren’t sufficient to stop them. Independent research shows that successful attacks are occurring with growing regularity, and at increasing costs to enterprises. Seventy-five percent of all attacks begin stealing data in a matter of minutes, and may not be detected for quite a while. Additionally, after an attack has been discovered, full containment and repair can take weeks. There is no question that a new model for data center security is needed before these attacks become unstoppable.

Micro-Segmentation adds additional security

Micro-segmentation is a method of creating secure zones in data centers and cloud deployments that allows companies to isolate workloads from one another and secure them individually. It’s aimed at making network security more granular.

While traditional firewalls, intrusion prevention systems, and other security systems are designed to inspect and secure traffic coming into a data center from outside, micro-segmentation gives enterprises greater control over the growing amount of lateral communication that occurs between servers. This communication bypasses perimeter-focused security tools and has traditionally been vulnerable to attack.

Cisco lists the following goals for micro-segmentation:

1. Programmatically define segments on an increasingly specific basis, achieving greater flexibility (for example, limit the lateral movement of a threat or quarantine a compromised endpoint within a broader system)
2. Automatically program segments and policy management across the entire application lifecycle (from deployment to decommissioning)
3. Enhance security and scalability by enabling a zero-trust approach for heterogeneous workloads.

3 Security Solutions for micro-segmentation

Here are three networking security solutions enterprises should consider.

Cisco ACI

uses a new application-aware construct called an endpoint group that allows application designers to define the endpoints that belong to the EPG regardless of their IP addresses or the subnets to which they belong. The endpoint can be a physical server, virtual machine, Linux container, or even traditional mainframe computers.

With Cisco ACI’s highly specific endpoint security enforcement, customers can dynamically enforce forwarding and security policies, quarantine compromised or rogue endpoints based on virtual machine and network attributes, and restore cleaned endpoints to the original EPG.

Additionally, while data center micro-segmentation can provide enhanced security for lateral traffic within the data center, its true value lies in its integration with application design and holistic network policy, and it must interoperate transparently with a wide variety of hypervisors, bare-metal servers, L4-L7 devices, and orchestration platforms.

VMware NSX

micro-segmentation meets security recommendations made by the National Institute of Standards and Technology (NIST) in providing the ability to utilize network virtualization-based overlays for isolation, and distributed kernel-based firewalling for segmentation through ubiquitous centrally managed policy control. It also uses higher-level components or abstractions in addition to the basic 5-tuple for firewalling.

, NSX based micro-segmentation goes beyond NIST recommendations and enables the ability for fine-grained application of service insertion where they are most effective: as close to the application as possible in a distributed manner while residing in separate trust zones outside the application’s attack surface.

Finally, for physical to physical communication, NSX can tie automated security of physical workloads into micro-segmentation through centralized policy control of those physical workloads through the NSX Edge Service Gateway or integration with physical firewall appliances. This allows centralized policy management of your static physical environment in addition to your micro-segmented virtualized environment.

Illumio 

The Illumio Adaptive Security Platform (ASP) makes the invisible visible by mapping out connections between workloads in a single application, as well as connections between the applications themselves. This may reveal connections between systems that you weren’t aware of before and helps identify risks that weren’t immediately obvious.

Illumio uses this map of network traffic to automatically generate micro-segmentation policies for every workload and application running anywhere, on any computer platform, and analyze them in seconds – saving security teams critical time, reducing the risk of human error and improving policy consistency across the network.

The Takeaway

Micro-segmentation offers significantly more visibility and policy granularity than network or application segmentation, including the ability to fully visualize the environment and define security policies with process-level precision. This added granularity is increasingly important as growing use of cloud services renders traditional network-based security boundaries ineffective and elevates the urgency of detecting and stopping lateral movement

Are you looking for additional information on how to up your security game to meet the needs of your organization? Contact the network security experts at WEI for an unbiased perspective to solving your enterprise’s security challenges. 

NEXT STEPS
Software defined networking represents an unparalleled innovation for IT network professionals managing enterprise networks. It’s flexible, smart, and highly automated. If you’d like to learn more about SDN, why you need it and the promises it delivers to a modern enterprise, we invite you read our white paper, “Software Defined Networking – The Next IT Paradigm of Promise.”

The post Defend Your Enterprise Network with Micro-Segmentation appeared first on IT Solutions Provider - IT Consulting - Technology Solutions.

architecture for modern data centers revolve around building a strong perimeter defense to prevent any threats from penetrating the data center. This approach doesn’t take into account the threats that do manage to get through the perimeter; once a threat breaks through, it then has unrestricted access to the entire network. Now more than ever companies need full visibility into their network and need to control traffic as it flows within the data center.

So what’s the solution? VMware NSX, a solution, can leverage Fortinet , for better protection and automation of server-to-server traffic inside the data center. Keep reading to discover how Fortinet and VMware work together to help you build an impenetrable, best-in-class data center.

Protecting the Data Center with Automated Provisioning

FortiGate deployments are fully automated, which means they are able to handle an elastic workload, and constantly change and resize ESXi clusters. In a constantly changing virtualized environment, FortiGate and VMWare work together to support the rebalancing of workloads depending on the current needs of your enterprise.

The VMware NSX enables policies to be applied at the virtual layer to intercept traffic at the hypervisor level, which means that all workloads are inspected. The NSX firewall is able to steer traffic selectively to FortiGate-VMX based on policy for advanced traffic inspection.

Adding Persistent Security to the Data Center

Micro-segmentation is easier than ever before with VMware NSX’s ability to provide network isolation and a “honeycomb” of trust zones. With this ability to micro-segment with VMware and FortiGate, IT can set boundaries for service functions and workload characteristics by designating proper security policies for app, web or data through asking questions like:

• What will this workload be used for?
• Who can access the workload?
• What is the data sensitivity zoning for each workload?

Micro-segmentation joins the characteristics and defines the inherited policy attributes as they are added to the security cluster. There is no longer a need to configure rules for the firewalls and create complex access control policies. This approach allows administrators to break up a single policy into sub-policies, and create a network segment to apply security rules. It also provides inter-VM traffic visibility in the SDDC.

Advanced Data Center Protection Across Tiers

VMware utilizes a logical routing function to create a single router instance across distributed switches to enable communication between web, app, and data tiers. In the NSX enabled security cluster, the distributed firewall module redirects traffic to a FortiGate-VMX firewall for threat inspection. Based on the workload segments, FortiGate-VMX Service Manager is able to enforce the security policies defined by IT, protecting your enterprise across the tiers.

Multi-Tenancy and Tenant Function Segmentation with Virtual Domains

FortiGate-Service Manager supports the use of multiple (VDOMs) for effective segmentation between tenants while each one is still able to complete administrative autonomy over their specific segment. Using VDOMs, enterprises are able to apply stronger and more effective security policies through segmenting across different departments and application types. Your IT administrators can outline specific policies for each domain, which will also improve the overall performance of the system.

When used together, Fortinet FortiGate and VMware NSX are able provide an adaptable and secure that meets the needs of your enterprise. As a leading partner for both Fortinet and VMware, contact the network security experts at WEI for an unbiased perspective to solving your enterprise security challenges.

NEXT STEPS: Looking for additional insight on how to “up your security game” to meet the needs of your organization’s digital transformation initiatives? We invite you to check out the Fortinet Solution Guide, Read it today!

The post How Do VMware NSX and Fortinet FortiGate Work Together? appeared first on IT Solutions Provider - IT Consulting - Technology Solutions.

The traditional IT datacenter offered conventional predictive performance in a conventional predictable world. Unfortunately, in the dynamic disruptive world that we live in, conventional and predictable are diminishing concepts in the same way that we are witnessing the desertion of the traditional hardware centric datacenter. In a dynamic world, an idea can go viral in a matter of days bringing forth unbridled opportunity, while a malware attack can bring down resources in a matter of minutes. A dynamic world calls for dynamic reactionary networks built around agility and driven by automation and intelligence. There is no time for timely migrations, upgrades, testing, and labor-intensive tasks. Today’s enterprise demands a new type of architecture. HPE and Arista are meeting the challenge in a collective effort.

The Benefit of Converged Architecture

Arista is known for its highly efficient and top-performing high bandwidth, low latency 10/40/100 GB Ethernet switches that are fully programmable and offer native support for virtual environments. HPE brings its highly popular and heralded blade servers along with 3Par storage solutions that serve as the underlying infrastructure for today’s virtualized datacenters. Call it “cloud in a box” or “cloud in a rack.” Whatever you call it, this that can help customers implement networks designed to meet the needs of a dynamic world.

Imagine a compute, network, and storage components providing world-leading performance and functionality. All this while enabling you to keep the component brand standards you have chosen all along. Converged architectures are about obtaining pre-tested architectures that are fully validated and certified. This helps instill predictability within your datacenter. It also allows you to preconfigure systems configured around your specific workload demands. Because demands change, a converged architecture allows simplified scalable expansions that do not require forklift migrations.

Now combine all of this with the extensive system monitoring abilities made possible with HP OneView, a converged solution that differentiates itself from all others on the market. The result is a converged solution that is flexible, scalable, tested and easily managed. All of this equates to a lower cost of ownership and an increased ROI. It is also highly secure, with the ability to inspect all east-west traffic for profiled attack patterns with redirect analysis and deploy firewall security rules for all at-risk traffic at any scale.

Environment Solution Packages

The culmination of HPE and Arista technologies creates a powerful combination that is designed to address today’s cloud first network. Supporting cloud technologies means supporting data center virtualization environments. HPE and Arista offer a portfolio of solutions that incorporate HPE ProLiant ML/DL300, DL500 servers, Apollo 2000 servers, and VMware vSphere, plus Arista 7050X and 7250QX 10/40GbE wire speed switches that are purpose built to address the growth of web, cloud, and dense virtualized multi-tenancy environments. In addition, these platforms support VMware, Microsoft, and OpenStack environments.

Virtual storage environments depend upon IP storage. The growing complexity of deploying and maintaining traditional storage networks that can accommodate ever-increasing volumes of unstructured data is challenging at best. That is the reason why software defined storage architecture is so critical. To meet these challenges, HPE and Arista collaborative solutions include HPE StoreVirtual and HPE 3PAR StoreServ flash storage offerings, as well as HPE ProLiant, Blade, and Apollo servers, with Arista 7280E 100GbE deep-buffer switches optimized for spline/leaf storage networks.

The need to analyze and quantify qualitative data for big data environments requires high performance computing (HPC). As companies rely more and more on these systems, the utilization of compute and network resources becomes critical. The HPE HPC product portfolio for these high performance environments includes Apollo servers and SGI HPC systems, along with Arista 7500E in the core and 7150 and 7050X Series switches at the edge to support 10/40/100GbE networks.

Summary

HPE and Arista converged solutions bring consistency, flexibility, and less complexity to the next-generation cloud first networks. Through the joint development between HPE and Arista, companies can now leverage validated reference architectures that can service volatile dynamic workloads in predictable like fashion. It is not just converged architecture. It is a best-of-breed architecture.

Next Steps: We live in a world today where everything computes and everything is connected. Learn the best ways to leverage these opportunities by reading the tech brief,

The post The HPE and Arista Converged Architecture portfolio – Why They are Better Together appeared first on IT Solutions Provider - IT Consulting - Technology Solutions.

Writer’s note: Every Thursday in November and December, this blog will highlight the SDN solution, Cisco ACI. As market acceptance and adoption increases for SDN, IT professionals can count on WEI to fairly evaluate the market leading SDN solutions available today.

Several analysts have predicted a rise in the adoption of SDN and software-defined technologies in the years ahead. We stand by the prediction as our networking solution engineers often get asked about our experience implementing the market leading available today. Read through this example of how WEI assisted its customer with a data center relocation and consolidation project that was enhanced by the implementation of Cisco ACI — which presents a new networking model that leverages policy-based networking.

Challenge

A Fortune 100 Communications company was faced with a data center relocation initiative as their building lease was about to expire. The company saw this relocation as an opportunity to consolidate their existing data center and build a new state-of-the-art data center with infrastructure built for today, and for the future.

The customer was faced with the following challenges:

• The building lease expiration posed a tight deadline, especially for relocating a data center of this size
• This data center housed the customer’s VDI environment, Telecom equipment and Business Applications, making it critical to minimize downtime and impact to employees
• could not be compromised

Given WEI’s vast experience managing data center relocations coupled with experience implementing software defined networking solutions, the customer brought in WEI to manage the data center consolidation, relocation, and integration of net new infrastructure, as well as the implementation of the

Solution

As a supplier of the customer’s data center components (servers, storage, and networking), WEI already understood the existing IT environment and was able to get started quickly. WEI’s project management team brought together the three stakeholder groups, the Data Center Infrastructure Manager, and the Server and Networking teams, to understand business goals and requirements. The Data Center Infrastructure Manager required the new data center to run on DC power. Since WEI is the only in the region with DC power options available, WEI staged all the equipment in our Data Center Demo Lab over an 8-week period replicating the customer’s environment with servers, storage, and software defined networking with Cisco ACI.

The hardware and software configuration was done collaboratively among WEI, Cisco and the customer’s networking team during a week-long testing and training session in WEI’s Knowledge Transfer Center. This was a huge time-saver for the customer because they did not have to wait for the new data center install to be complete in order to start testing Cisco ACI in their updated environment.

WEI also led the data center build and played a major role in the physical install with the Rack and Stack of 70 cabinets by WEI integration and engineering teams.

Outcome

The decision to implement Cisco ACI was a key factor in the success of the consolidation and relocation because its backbone infrastructure allowed the data center to be set up quickly. ACI features automatic fabric deployment and configuration with single point of management by the . Only one rack had to be configured and then the APIC pushed the configuration to the 70 racks in the new data center, which saved a significant amount of time.

Cisco ACI allows for:

• More portability for applications across different data centers
• Automation of IT tasks, such as switch configuration and deployment
• Policy-based networking with no limitations on the number of VLANS
• More secure network with built-in microsegmentation
• Accelerated data center application deployment

Cisco ACI and the engineers from WEI transformed the customer’s traditional data center networking model to one that is policy-based. As new applications are developed or added, the customer has the infrastructure in place to allow for security and connectivity to be built around the application, rather than the network.

“WEI is Cisco ACI certified and is one of the very few IT solutions providers worldwide with experience implementing Cisco ACI in production environments.”

– Greg LaBrie, WEI Director of Technology Solutions and Services

This project was the largest Cisco ACI implementation in a production environment in the United States. The goal of this data center relocation was to build an efficient, secure data center that can scale, and it gave the customer a new greenfield production environment. The success of this implementation will be mirrored and rolled out in the customer’s data centers across the country.

Next Steps

Ask us about and how it fits into your roadmap of IT priorities and projects.

The post Cisco ACI Case Study: Data Center Relocation and Innovation appeared first on IT Solutions Provider - IT Consulting - Technology Solutions.

Writer’s note: Every Thursday in November and December, this blog will highlight the SDN solution, Cisco ACI. As market acceptance and adoption increases for SDN, IT professionals can count on WEI to fairly evaluate the market leading SDN solutions available today.

Networks are continuously undergoing some level of transformation and conversion to new technologies and bandwidth capabilities. It is the nature of the beast and one that data center managers are all too familiar with. However, IT leaders are facing increasing levels of required network alterations and conversions today due to several emerging trends:

• Continued virtualization of server resources resulting in 10 GB server connectivity requirements
• Network traffic congestion that now warrants continuous 10 GB infrastructure
• Highly virtualized computer environments that demand continuous network availability
• Birth of that allow for automated provisioning and policy enforcement
• A shift to network architectures that can simplify operations and accommodate efficient and fluid programmable infrastructure for DevOps
• The shifting direction of data center traffic from a traditional north-south stream to the east-west current that is typical of multi-tiered web application environments

Achieving these objectives will require a new type of underlying network infrastructure consisting of devices that are designed for these demands, as well as a more efficient type of network topology to organize them.

The majority of are built around a three-layer hierarchical design which has served us well up to now. This design consists of an access layer, aggregation layer and core. This topology was designed around the traditional client-server traffic patterns we have grown accustomed to. A typical device that has served as the work horse of this design is the Cisco Catalyst 6500. Although it can be found within all three layers, it is more commonly utilized in the access layer where it can accommodate servers with 1 GB connections.

Traditional devices such as the Cisco Catalyst 6500 were originally designed to make forwarding decisions in the supervisor engine. Although this was well suited for the traffic levels of yesteryear, the 10 GB traffic of today requires that forwarding decisions be distributed to the line cards to increase performance and to reduce the amount of traffic required to flow through the supervisor engine.

A New Networking Model

In order to meet the new challenges of today, data centers must transition to a new switch topology called the Leaf-Spine. The leaf-spine is a two-layer network topology composed of leaf switches and spine switches. Servers and storage connect to leaf switches which in turn connect to high port capacity spine switches. Think of leaf switches as the access layer and spine switches as the core. One of the key concepts of the is the fact that a server has to cross the same number of devices every time it connects to another server which ensures greater efficiency and is ideally suited for today’s east-west traffic flows.

A new topology requires a new type of switch and the Cisco Nexus 9000 series is specifically designed to take the data center to the next level in both . The 9000 comes in both modular and fixed configuration and can serve in both traditional and leaf spine architectures. It is ideally suited for virtualized and non-virtualized server environments and can provide the underlying network structure for virtualized, bare-metal and cloud computing environments.

The support two modes of operation: NX-OS standalone mode and Cisco Application Centric Infrastructure (Cisco ACI) fabric mode. In standalone mode, the switch performs as a traditional switch but with greater port density, reduced latency and 40 GB connectivity. It can accommodate an astounding 1,024 10 GB connections. In ACI fabric mode it supports the new SDS paradigm which combines hardware forwarding, software and automation into a single package by separating the controller from the data plane.

Innovation is at the very core of the 9000 series which is designed to achieve greater power and cooling efficiencies. The Cisco Nexus 9000 Series power supplies are more than 90 percent efficient at 20, 50, and 100 percent of load (platinum rated), providing industry’s lowest watts per port. As power and cooling expenditures are very real costs for any data center, cost savings are incurred regardless of the ecosystem that the 9000 supports.

In summary, the Cisco Nexus 9000 switch series provides the innovation, bandwidth and feature capabilities to hasten the transition of your data center to meet the challenges of today.

and how this SDN solution can help accelerate your organization’s digital transformation.

The post Cisco ACI Takes your Data Center to the Next Level with Nexus 9000 Switches appeared first on IT Solutions Provider - IT Consulting - Technology Solutions.

There’s a lot of talk about SDN solutions today such as Cisco’s Application Centric Infrastructure. In fact, Cisco ACI is the industry’s most comprehensive software defined networking (SDN) architecture to date. By integrating ACI into , IT now has the ability to align IT services with business objectives and policy requirements.Achieving this organizational transformation can be a game changer for most any organization, allowing them to streamline their services at large and gain greater efficiencies and profit margins. Instead of serving its traditional role as a cost bucket, IT can become a leader, introducing and initiating value added projects that recognizably add to the profitability and success of the business.

All of that is wonderful, that is as long as IT is taking care of the most important facet of all – keeping the network secure. Having the agility and responsiveness to allow users to easily access the analytical information they need or to provision desired resources in a matter of minutes is all well and good, but if the integrity of those resources are compromised then it all doesn’t really matter. Having an infrastructure that provides an elastic fertile ecosystem for application developers is great, but if that innovation is accessed in an unauthorized manner, then all of those benefits are instantly nullified.

To put it simply, security is job #1! That’s why provides embedded security and policy-based automation to ensure that your provisioned resources are secured through an evolutionary process called microsegmentation. The idea of segmenting the network is nothing new. Your firewall segments areas of your network such as LAN, DMZ, Internet, etc. Think of Ransomware and how it seeks out connected drives. Some new strains of it can even seek out a company’s backups if they exist on the same segment as the infected device.

How exactly does microsegmentation with Cisco ACI work?

is about separating segments from the broadcast domain by creating policy definitions. It uses a new application-aware construct called the endpoint group, or EPG, that allows application designers to define the endpoints that belong to the EPG regardless of their IP addresses or the subnets to which they belong. An endpoint can be a physical server, a virtual machine, a Linux container or a mainframe computer. ACI provides microsegmentation support for VMware vSphere Distributed Switch, Microsoft Hyper-V virtual switch, and bare-metal endpoints, the type of endpoint is irrelevant. You just need all of them secured regardless of IP address, MAC address, endpoint type or network location.

This idea of microsegmentation is then compounded with the core principle of conducting a zero-trust approach to each and every device. ؛£½اض±²¥ can be provisioned on a grand scale and in quick fashion, but they aren’t trusted upon boot up. A device is inaccessible until it has been issued a preconfigured policy which then, and only then, allows it the ability to communicate with other devices in the network. IT personnel can quarantine compromised or rogue endpoints or limit the lateral movement of a threat quickly and easily. With ACI, there is no window of vulnerability during the provisioning process.

Policy-based automation is the embedded security that is at the very core of . An EPG by definition is a microsegment, and its security enforcement policy is defined by a contract that consists of a built-in stateless whitelist firewall and Layer 4 through Layer 7 (L4- L7) service insertion policy that supports a robust ecosystem of L4-L7 partners for next-generation firewall (NGFW) and next-generation intrusion prevention system (NG-IPS). You can make your policies as granular as necessary, creating a unique policy model for within one policy model for networks, servers, storage and services.

By instilling this protected means of microsegmentation, complimented by automated granular policies, Cisco ACI helps lower TCO of your infrastructure investments, on top of all of the other means through which it reduces costs and adds value as well. Cisco ACI is the complete package, which is why it is the premier SDN solution in the market today. Interested in learning more? Check out our white paper titled

The post Cisco ACI Secures Your Enterprise through Microsegmentation appeared first on IT Solutions Provider - IT Consulting - Technology Solutions.

Software Defined Systems Benefits, The 5 A’s

1. Accuracy – In transitioning to a software driven enterprise, the network framework will become programmable and automated, thus eliminating human (or even machine) error. Think about the implications of this: no longer will the traffic traversing your network be dependent upon the hardware you are running. Rather, the traffic will be routed intelligently, via software that is smarter than a switch or router. The application, once the gravy on top of the meal, now becomes the entire meal itself. It knows what it needs to do, and it takes the most efficient path to get there, allowing for intelligent accuracy that reduces the need for constant babysitting of your network by IT staff, as well as cuts your costs and improves your operating efficiency.

2. Adaptability – No more reliance on hardware vendors who have you locked in, with big capital expenditures for upgrades that you cannot afford. Your network or data storage will now be software-enabled or virtualized so that you can easily switch from environment to environment without the hassle of a “rip and replace” initiative or hiring extra staff to manage an environment change. This allows your company to scale on a very low margin, saving you time and money (and of course, headaches.)

3. Agility – Agility is the ease in which your organization’s data computation can navigate complex environments quickly, and according to your enterprise’s specific needs. According to an article on Infoworld.com, “Business agility is the new currency for valuing technology in the enterprise and increased agility is what virtualization delivered and compute clouds promise.”

With software defined systems, you can move between one system and another, switching environments whenever you choose. You can set up your applications instantly over a software defined system, and you can take them down instantly as well. This agile environment optimizes the user experience while greatly reducing costs.

4. Alignment – All of your resources within your infrastructure will be completely aligned, rather than disparate hardware and software that requires intensive (and costly) IT maintenance. In fact, the alignment benefit from software defined technology will be a driving factor in IT innovation.

Rather than incurring a huge expense for IT staff dedicated to support a mismatch of vendors, equipment, and software, IT will be looked upon to innovate, driving profitability with a more strategic approach. The role of IT will be elevated to oversee infrastructure that is driven by business policies and priorities, rather than being consumed with fixing problems and putting out fires. Software defined systems enable IT to be proactive, rather than reactive.

5. Assurance – Every organization has policy and compliance requirements that must be in place and monitored. With software defined systems in place, your organization will have a much higher degree of confidence that your entire infrastructure is compliant with the standards and regulations that your organization must adhere to.

As you can see, software defined systems provide benefits to your enterprise that are crucial in the very fabric of your business. These 5 A’s guide you toward a congruent, optimally working infrastructure that promises to propel your organization into the next generation of software defined technology with ease.

Learn more about the benefits and how they can impact your business processes in a positive way by downloading our whitepaper, .

The post Software Defined Systems: 5 Major Benefits to the Enterprise appeared first on IT Solutions Provider - IT Consulting - Technology Solutions.

Software defined networking (SDN) has emerged as a versatile, budget-friendly and dynamic architecture that allows IT managers to respond quickly to business demands and manage cloud networks in a central environment. It’s a new revolution in IT that can help propel your business ahead of the competition and deliver an impactful change. Surely you’ve seen that SDN can provide , but like any new IT project, you should make sure you are well-versed in the approach before deploying a new strategy.

What is Software Defined Networking?

Software defined networking, or SDN, is an architecture based around three layers. At the center of it is the control plane, the main layer whose purpose is to manage the interactions between the application layer and the network infrastructure below, or data plane. Traditionally, the control plane and data plane physically resided on the same level, while SDN distinctly separates the two.

The control plane is meant to quickly respond to changing business needs and serves as the intelligence center for the network. This is the heart of and it is becoming an architecture of choice in the IT environment. For more information about SDN take a minute or two to watch the video below.

How SDN Can Benefit Your Organization

The IT department can use SDN to overcome network usage bottlenecks and control the network as varying needs fluctuate among users in the business. This approach can help your organization save on costs and avoid the need to purchase new infrastructure as company demands shift and evolve. Being able to adapt and overcome challenges as they arise is a big benefit companies deploying SDN are currently seeing.

Another benefit of software defined networking is the . Unplanned instances occur and it may not be possible to plan for every scenario that may arise. SDN’s adaptability and flexibility can help increase uptime and keep your company running smoothly.

SDN Next Steps

If you are you interested in leveraging the power of SDN at your organization and want to learn how to get started, . If you would like to learn more about SDN, read our latest white paper, . This paper goes in depth by discussing SDN use cases and the technical theory behind it, and explores how the market drivers of today are demanding software defined networking in order to innovate and compete.

The post Software Defined Networking Explained appeared first on IT Solutions Provider - IT Consulting - Technology Solutions.