Benefits of Cisco ACI (SDN) architecture

Cisco ACI, Cisco’s software-defined networking (SDN) architecture, enhances business agility, reduces TCO, automates IT tasks, and accelerates data center application deployments.

Why Today’s Solutions Are Insufficient:

Today’s solutions lack an application-centric approach. The use of virtual overlays on top of physical layers has increased complexity by adding policies, services, and devices.

Traditional SDN solutions are network centric and based on constructs that replicate networking functions that already exist.

ACI Key Benefits:

Centralized Policy-Defined Automation Management

  • Holistic application-based solution that delivers flexibility and automation for agile IT
  • Automatic fabric deployment and configuration with single point of management
  • Automation of repetitive tasks, reducing configuration errors

Real-Time Visibility and Application Health Score

  • Centralized real-time health monitoring of physical and virtual networks
  • Instant visibility into application performance combined with intelligent placement decisions
  • Faster troubleshooting for day-2 operation

Open and Comprehensive End-to-End Security

  • Open APIs, open standards, and open source elements that enable software flexibility for DevOps teams, and firewall and application delivery controller (ADC) ecosystem partner integration
  • Automatic capture of all configuration changes integrated with existing audit and compliance tracking solutions
  • Detailed role-based access control (RBAC) with fine-grained fabric segmentation

Application Agility

  •  Management of application lifecycle from development, to deployment, to decommissioning—in minutes
  • Automatic application deployment and faster provisioning based on predefined profiles
  • Continuous and rapid delivery of virtualized and distributed applications

ACI Technology Benefits

The main purpose of a datacenter fabric is to move traffic from physical and virtualized servers, bring it in the best possible way to its destination and while doing so apply meaningful services such as:

  • Traffic optimization that improves application performance
  • Telemetry services that go beyond classic port counters
  • Overall health monitoring for what constitutes an application
  • Applying security rules embedded with forwarding

The main benefits of using a Cisco ACI fabric are the following:

  •  Single point of provisioning either via GUI or via REST API
  • Connectivity for physical and virtual workloads with complete visibility on virtual machine traffic
  • Hypervisors compatibility and integration without the need to add software to the hypervisor
  • Ease (and speed) of deployment
  • Simplicity of automation
  • Multitenancy (network slicing)
  • Capability to create portable configuration templates
  • Hardware-based security
  • Elimination of flooding from the fabric
  • Ease of mapping application architectures into the networking configuration
  • Capability to insert and automate firewall, load balancers and other L4-7 services
  • Intuitive and easy configuration process

More information can be found at www.cisco.com/go/aci

Lewan Achieves Cisco Master Collaboration and Master Cloud & Managed Service Designations

In addition to successfully passing the requirements and audit to re-certify as a Cisco Gold Partner, Lewan Technology is honored to announce achievement of two Master Specializations: Collaboration and Cloud & Managed Services.

Channel_Gold_87px_72_RGBChannel_MstrSrvcProvider_87px_72_RGBMasterCollaboration_290-px_RGB

“These Master level certifications are the absolute highest achievement that a Cisco partner can attain in any technology area. There are only 43 partners in the United States that hold these two certifications,” explained Ray Dean, Lewan’s Director of Networking and Communications. “This honor recognizes the great engineering teams and processes we have in place, as well as our commitment to ongoing customer satisfaction and solution integration.”

Cisco Gold Partner Certification

Gold Certification offers the broadest range of expertise across high growth market opportunities known as architecture plays – Enterprise Networking, Security, Collaboration, Data Center Virtualization and SP Technology. Gold Certified Partners have also integrated the deepest level of Cisco Lifecycle Services expertise into their offerings and demonstrate a measurably high level of customer satisfaction.

Lewan has been a Cisco Gold Certified Partner since 2005.

Cisco Master Collaboration Specialization

The Master Collaboration Specialization demonstrates the highest level of expertise attainable with Cisco collaboration solutions.

Master Collaboration Specialized Partners represent an elite partner community that has met the most rigorous certification requirements and are therefore the best for complex deliveries. Lewan demonstrated the ability to design and deploy solutions that conform to Cisco validated designs. In addition, Lewan showed current examples of successful projects in which we integrated multiple solutions and technologies to support client needs. No other Cisco specialization or certification demands such extensive proof of the partner’s design and implementation capabilities.

Cisco Cloud & Managed Services Master Service Provider

The Cloud and Managed Services Program (CMSP) helps partners respond to their customers’ business needs with innovative and validated Cisco Powered services. The exclusive Master Cloud and Managed Services designation recognizes partners at the highest level of achievement, competency and capabilities.

Lewan is recognized as a partner uniquely positioned to offer best-in-class Cisco Powered services and Cloud Managed services which are validated to insure security, reliability, and performance.

Basic Network Virtualization Components Explained

I found this great article about different network virtualization industry concepts that are incorporated into networks today.  I thought I share this post from Henk Steneker that helps explain some of the virtualization technology.

What is virtualization?

With Virtualization a physical device or a pool of physical devices is divided into several virtual or logical devices.

What is a VLAN?

A Virtual Local Area Network (VLAN) occurs when a physical LAN is divided into several LANs.

 

 

The network diagram above shows two switches that are connected with a trunk. Both switches have an access port in VLAN 101 and VLAN 102. Ethernet frames of VLAN 101 that are transmitted to the other switch are provided with a VLAN 101 tag on the trunk connection. The receiving switch removes the tag and passes the frames on to the access port of VLAN 1.

What is Virtual Routing and Forwarding?

With Virtual Routing and Forwarding (VRF) a physical router is divided into several virtual routers.

 

The VRFs can be separated completely from each other and the same subnet can be used in several VRFs. VRF routers communicate with each other via an address family that works with a Route Distinguisher (RD) and an IP address.

What is Port Channel?

Port Channel (PC) is the combining of several physical links into one virtual link.

 

Another name for this is Ether Channel (EC) or Link Aggregation Group (LAG). If one of the connected links fail, the virtual link continuous to work. You can apply PC or LAG for ports on routers (Layer 3 PC) or switches (Layer 2 PC). Because the switch sees a PC as one virtual link, a broadcast storm cannot occur.

You can apply Port Channel for redundancy of for load balancing between physical links.

What is a Virtual Switching System?

With a Virtual Switching System (VSS), two physical switches (for example the primary and the secondary switch) are combined into one virtual switch.

 

 

The virtual switch has one management plane and one control plane. In the example above this is the case with the two distribution switches that are connected with a Virtual Switch Link (VSL). Both the access switches see one logical distribution switch. Because there is a Port Channel between the access switch and the distribution switch, the Spanning Tree Protocol is not needed. VSS can be used with the Cisco Switch series 4500 and 6500.

What is Multichassis Ether Channel?

The physical ports of an Ether Channel must be connected on one physical device or on one virtual device on every side.

But if two physical devices support Multichassis Ether Channel (MEC) it also is allowed. The other side of the Ether Channel then sees one virtual device. Another name for this is Virtual Port Channel (vPC) or Multichassis LAG.

vPC can be applied with Cisco switches of the series Nexus 5000 and 7000. Both the switches have their own management plane and control plane.

What is a Virtual Device Context?

With a Virtual Device Context (VDC) a physical switch can be divided into several switches. You can divide a primary Nexus switch into a primary Core VDC and primary Aggregation VDC.

What is a Virtual Storage Area Network?

A Virtual Storage Area Network (VSAN) occurs by combining several SANs from a pool SANs. On their term, these can be divided into several VSANs.

What is a Virtual Machine?

A Virtual Machine (VM) occurs by combining several physical servers into one Virtual Server. On their term the Virtual Server can be divided into several Virtual Machines (VM).

Original Post can be found here: http://ipmigrations.nl/index.php/en/en-designtools/en-09

Cisco Introduces New ASA 5506/5508 to replace ASA 5505 SMB Firewall

Cisco is introducing a new line of ASAs to replace the existing SMB ASA 5505 line of firewalls.  Since Cisco’s acquisition of SourceFire, Cisco has rapidly been integrating the technology into their Firewalls and in doing so has created the most advanced perimeter network appliance on the market.  The vast breath of technology that is now incorporated into a single ASA Firewall allows business to gain all of the next generation security appliances capabilities under a single platform in their network.  Up to now Cisco hasn’t brought this advanced security technology down to the 5505 ASAs until now.  With the introduction of the new ASA 5506 it brings new capabilities and allows companies to leverage the same capabilities across all of Cisco’s firewalls.  Below I have highlighted  some of the new features that the ASA 5506/5506W (wireless version) and the 5508 ASA firewalls include.

Key Enhancements Over ASA 5505:

  • NGFW(NextGen Firewall) – FirePOWER Services
    • threat-focused NGFW; provides ASA firewall functionality, advanced threat protection, and advanced breach detection and remediation combined in a single device
  • Application Visibility & Control
    • Identify applications and create rules based on applications and users.
  • AMP (Advanced Malware Protection)
    • Detection, blocking, tracking, analysis, and remediation to protect the enterprise against targeted and persistent malware attacks
  • NGIPS (Next-Gen IPS)
    • Superior threat prevention and mitigation for both known and unknown threats
  • URL Filtering Subscriptions.
    • Application-layer control (over applications, geolocations, users, websites) and ability to enforce usage and tailor detection policies based on custom applications and URLs
  • Simplified Purchase Experience: Unlimited User (node) support
  • VPN: Enhanced Mobility Support
  • Throughput: Over 2.5x stateful Performance
  • Intergraded Wireless Access Point
    • AP is similar to AP702i 2×2 MIMO
    • Autonomous and CAPWAP mode operation support
    • Separate Management for Wireless, HTTP to AP GUI
  • Ruggedized Option 

 

 

 

 

 

 

 

Lewan Named to 2015 Tech Elite 150 List

For the third year in a row, Lewan has been recognized for our exemplary approach to delivery of Managed IT Services and been awarded a spot on the 2015 MSP Elite 150 list, part of CRN’s Managed Service Provider 500 (MSP500) list. The Elite 150 group is recognized as large data center-focused solution providers with a strong mix of on-premise professional services as well as off-premise services.

From CRN:

This annual list distinguishes the top technology providers and consultants in North America whose leading approach to managed services enables their customers to improve operational efficiencies, elicit greater value from their IT investments, and successfully leverage technology to achieve greater competitive advantage.

In today’s world of outsourced IT, the expertise of MSPs has become increasingly important to organizations. The plethora of choices in terms of consumption and procurement of technology can become overwhelming. To help facilitate companies’ selection and adoption of managed services and providers, CRN, the leading media outlet for technology vendors and solution providers who serve end-user customers, has identified the top 500 MSPs.

“The allure of Everything-as-a-Service to organizations is largely rooted in the appeal of predictable operational expenses, cost-cutting, resource allocation and access to on-demand/pay-as-you-go technology. Therein lies a great need for the expertise of managed service providers,” said Robert Faletra, CEO, The Channel Company. “We congratulate the managed service providers who have engineered, or re-engineered, their businesses to deliver the services their customers rely on for future growth and ongoing success.”

Lewan Awarded for Customer Satisfaction Excellence from Cisco

Channel_Gold_360px_72_RGBLewan is honored to announce achievement of Cisco’s Customer Satisfaction Excellence award. Customer Satisfaction Excellence is the highest distinction a partner can achieve within the Cisco Channel Partner Program.

“Congratulations to the entire Lewan team on this recognition of your great work over the past year and continued delivery of a world class customer experience to our customers,” said Fred Cannataro, Lewan’s CEO and President.

And from Cisco, “Customer Satisfaction Excellence is a core value we both share and a key driver of our current and future success. Thank you for your commitment to the success of your customers.”

Lewan will be recognized for Customer Satisfaction Excellence in the Cisco Partner Locator (www.cisco.com/go/partnerlocator) with a special star indicator representing our achievement. Customers, Cisco personnel and partners will be able to identify you as having achieved outstanding customer satisfaction as part of Cisco’s worldwide assessment process.

Channel Customer Satisfaction Excellence assessment is based upon the customer satisfaction results captured in the Cisco Partner Access Online tool.

About our Partnership with Cisco

Lewan has been a Cisco Gold Certified Partner since 2005. Gold status is Cisco’s highest partner designation.

Our team of engineers holds 46 individual Cisco certifications including CCIE certifications in Routing & Switching, Voice and Security. The Cisco Certified Internetwork Expert (CCIE) certification is accepted worldwide as the most prestigious networking certification in the industry. Combined with our sister companies, we offer the breadth and expertise of over 132 individual Cisco certifications nationally.

Our Cisco Certified engineers are able to offer assessments, performance evaluations, design workshops, and full installation and training around each of the areas that we hold Cisco certifications. Lewan’s certified areas of expertise are unified communications and business video, traditional route & switch environments, wireless, data center (including servers, storage, & virtualization), security & mobile device management.

IWAN: ­ What can IWAN do for your Business?

Traditionally businesses take on huge investments in their WAN and at many times the cost of upgrading to keep up with the network demands or moving to a new provider is painful and typically becomes a long drown out project that ties up business time, money and resources.  This is where IWAN helps; this solution is transparent to the underlying network that is runs on.  Thus, making the corporate network an overlay to the underlying ISP’s network(s).  At the same time simplifying the overall WAN architecture and providing a flexible, consistent management domain that allows businesses to be provider agnostic and bring branch offices online in days rather than weeks.

Today private backbone networks in general are high-cost networks that get sold due to them providing a consistent end-to-end reliable network. They also fall short in many aspects that are critical to businesses. Businesses are almost always constrained with provider’s time and WAN provisioning, effectively making the business move slower. Now with improvements in the reliability, performance, and relative cost of Internet connections lead many organizations to leverage the Internet to address these challenges by connecting branches directly to the Internet, to supplement the WAN; and by using the Internet as the WAN. This is an example of how IWAN(Intelligent WAN) has great potential to solve many business issues and creating a more flexible architecture to meet business needs.

Cisco’s IWAN strategy is a new concept that many businesses are looking at to make the business more flexible and agile.  IWAN helps business improve efficiency in all aspects of the business.  From simplifying the network, streamline operations, deployment and management of their WAN while at the same time provide huge savings by right sizing the branch office WAN to provide intelligent active/active connectivity to the Internet and corporate network.  Today’s workforce and their associated applications depend more and more on the network with each application carrying key network metrics and thresholds that define the QoE (quality of experience) to users.   This is where the IWAN is able to dynamically steer applications across links when performance fallout out of threshold.  This is one of many key components that make up the IWAN strategy.  Below I outline some more benefits that encompass the overall IWAN strategy that business can leverage to overcome limitations in their current architecture.

Intelligent WAN Deployments: Balancing Cost with SLA

Cisco, iWAN, iWAN Deployment Models,

PfR, Intelligent Path Control with PfR

Here is a great article giving more information on how Cisco’s IWAN strategy could be your future WAN backbone.  http://www.provenmethod.com/iwan-cisco-betting-internet-will-future-wan-backbone/

Key Business Outcomes that IWAN can bring:

    • Transport Independent Design
      • Fast to deploy.  (Faster-to-Market) Provider agnostic providing a consistent operational model.
      • IWAN allows you to get up and running fast and still maintain a single management routing domain to simply design and operational support. This design supports multiple internet delivery options including 4G, satellite, etc. so that business operations can be brought up day 1.
      • Makes network more flexible, reliable and more effective in meeting the business needs.
    • Distributed Secure Internet Access
      • Local internet access without backhauling to corporate
      • Increased performance and productivity.
      • Branch workers using SaaS Apps and apps run slowly and users get frustrated because they share bandwidth with all traffic on the network and gets hair-pined through the DC to enforce security and compliance centrally.  With IWAN CWS (Cloud Web Services) can allow to enforce security and allowing Internet traffic go directly off at the Internet taking load off the internal WAN.  You are able to centralize policy and enforcement but in the cloud and now you have faster app performance witch allows for happier users and increase productivity.
    • Intelligent Path Control
      • Allowing the network to adapt to Applications performance needs bringing a reliable and consistent user experience.
      • IWAN PfR able to detect brown-outs (packet drops) Meeting normally interrupted and meeting rescheduled.  With IWAN it provides alternate paths dynamical to keep Video conference working and provide consistent Video experience.   Meeting is not canceled and due to intelligent WAN detecting poor quality and moves traffic to another link.  Increases productivity.
    • Optimizing Applications Performance
      • Application acceleration and bandwidth optimization to give users LAN like speeds.
      • (MediaNet) enabled  media-aware network so that the network can intelligently apply critical network services to provide a consistent media rich experience to the users.
        • Accelerating deployment of applications, minimizing complexity and ongoing operational costs, increasing visibility into the network, and helping to scale the infrastructure for the best quality of experience (QoE), by ensuring predictability, performance, quality, and security
        • Can detect and optimize different media and application types (telepresence, video surveillance, desktop collaboration, and streaming media) to deliver the best experience
        • Network-aware: Can detect and respond to changes in device, connection, and service availability
    • Simplify network approach and increase operational efficiencies.

Lewan Named to 2014 Tech Elite 250 List

Lewan has once again earned a prestigious spot on CRN’s 2014 list of Tech Elite 250 IT Solution Providers. This elite group of IT solution providers have invested in the training and education needed to earn the most advanced technical certifications from leading vendors.

Lewan Technology, CRN Tech Elite 250From CRN:

In compiling the list, CRN editors worked with The Channel Company’s research group to define the most customer-beneficial technical certifications in the IT channel. These technical certifications – from vendors including Cisco, Citrix, Dell, HP, NetApp, Microsoft, VMware, and Symantec – have enabled solution providers to deliver the most premium products, service and support to their North American customers.

“The solution providers highlighted on our annual Tech Elite 250 have demonstrated a commitment to excellence and gained industry credibility by investing in the IT certifications necessary to stay competitive and deliver the highest level of service to their customers,” said Robert Faletra, CEO, The Channel Company. “These featured solution providers have enhanced and strengthened their partnerships by earning some of the most difficult certifications from some of the biggest names in IT. We congratulate these organizations and look forward to their continued success.”

Thinking about a VDI initiative? Watch this.

Lewan Solutions Architect, Kenneth Fingerlos, wowed the crowd last month at the GPU Technology Conference (GTC) 2014 with his presentation on VDI, “Virtual is Better than Physical Delivering a Delightful User Experience from a Virtual Desktop“.

GTC is the world’s biggest and most important GPU developer conference. Taking place in Silicon Valley, GTC offers unmatched opportunities to learn how to harness the latest GPU technology, along with face-to-face interaction with industry luminaries and NVIDIA experts.

Leveraging his industry leading expertise, Kenneth “delivered in spades,” as described in a review of his presentation for The Register:

The VDI talk was the kind of GTC session I love. It’s where a real-world expert talks about how a difficult task is actually accomplished. Not the theory, not how it should work on paper, but what it takes to actually move a project from Point “A” to Point “We’re done with this”.
Ken Fingerlos from Lewan Technology delivered in spades with his “Virtual is Better than Physical: Delivering a Delightful User Experience from a Virtual Desktop” GTC14 session. Delightful? Hmm…In my past lives, I’ve had to use some virtual PCs and my experience ranged from “absolutely unusable” to “omg I hate this”.
It’s easy to see that Fingerlos has been around the block when it comes to VDI. He has all the right credentials, ranging from VMware to Citrix to Microsoft. But more importantly, he’s been there and done it.

Read the complete review from theregister.co.uk

Kenneth’s GTC Presenter’s Bio

View the complete session and slide deck:
Untitled-1

 

Cisco AnyConnect vs. Internet Connection Sharing in Windows 8

Having recently installed Windows 8 on my laptop to take advantage of the Client Hyper-V, I’m working through the kinks that come with a new OS on my daily driver. Hyper-V leverages the built-in Internet Connection Sharing (ICS) to provide NAT and DHCP for internet access for VM’s running on the hypervisor. This isn’t quite as intuitive as the network implementations in VMware Workstation or Oracle’s VirtualBox, but that’s a different discussion.

I recently had some trouble establishing the VPN connection, and set about re-installing Cisco AnyConnect as a result. During the install, a notification box popped up numerous times to warn me: “The VPN client agent was unable to create the interprocess communication depot.”

Cisco AnyConnect Install Error

The VPN client agent was unable to create the interprocess communication depot.

The install completed after clicking OK on the notifications, but would not establish a VPN connection, with a not so informative message “Unable to establish VPN”.  A bit of searching later, I found that AnyConnect is not compatible with Internet Connection Sharing, which Cisco states in the AnyConnect VPN Client FAQ.

The solution is to disable the ICS service before installing AnyConnect.  Subsequently, when trying to connect, I encountered connection failures:

AnyConnect Unable to Establish Connection

AnyConnect was not able to establish a connection to the specified secure gateway. Please try connecting again.

The solution is again to disable the ICS service, establish the AnyConnect VPN connection, and then enable ICS.  Oddly, it seems that after the first failed connection attempt followed by stop / connect / restart cycle of the ICS service, AnyConnect can be reconnected without any trouble.  Tedious, but it works.  Ping me back if you know a better way!