How Cisco IT uses Prime Infrastructure

to Manage the Cisco Network

BRKNMS-2447
Mohit Agrawal, Sr. Architect Cisco IT Network Management
Mark Basinski, Product Manager Enterprise Infrastructure & Solutions

Agenda
Cisco IT Network Management Overview
1.

Network Management Introduction

2.

Prime Infrastructure Deployment in IT

3.

Network Management Case Studies

4.

Wireless Management

Zero-Touch Deployment of New Devices

Configuration Management

Network Assurance & Event Correlation

IT & Prime Infrastructure Looking Ahead

1. Network Management
Introduction

Cisco IT Network Network Segment & Scale

Remote Access & CVO

Internet Edge

30,000 CVO Routers

24 Remote Access Routers
50+ VPN Gateway ASA's

15 Internet PoPs
30 ISP Gateway Routers
72 Web Security Appls

Extranet
24 Extranet Hubs
200+ Extranet Partner Sites
530 Extranet Gateways

DMZ
15 DMZ Env
28 Corp Firewalls
80 DMZ Lab Routers
200+ DMZ Routers

WAN Aggregation
50 WAN Aggregation
60 Regional Backbones
75 Global Backbones

Core/Distribution
1500+ Core Switches

Remote Office
375+ FSO Locations
850+ FSO Routers

Data Center

Data Center
30 DC Locations
200+ DC Gateway Routers

Internal Labs

Campus WIFI

520+ Lab Routers

670 Controllers
11k Aps
560k+ wired ports
Campus

Top 5 Network Infrastructure Challenges

Configuration
and Policy
Implementation
(Speed)

Operational
Excellence

Application
Visibility &
Migration

End-User
Experience

Security

Network Management in IT
Our Vision: One intelligent network, One management, One policy
Cisco Network
Network Devices: 40,000+
Applications: 4000+
End Points: 300,000+
Wireless Clients: 120,000+

Vision: Key Take Aways

Situation:

Network
Management
Capabilities
Multiple systems
and
scripts to deliver
point features.
Management
Many capabilities
not
integrated
and therefore cause
Network config & change
Endare
User
Experience
(IPSLA)
Capacity Management
WAN Traffic Analysis (Netflow,
NBAR)

Unified
Access
Wired
and
Wireless

Network Security Management

operational challenges

Network Performance Mgmt (AVC, PFR)

Software Image Management
Compliance Management

Proposal:

Event Correlation & Runbook Automation

Device Lifecycle Mgmt
Configuration Optimization

Access Control Management

Zero Touch deployment
IP Address Management

Integrated Architecture to manage wired and wireless network.

Cisco IT
Transition to
Cisco Prime

One integrated architecture to manage wired and wireless devices

Value:

Increase
speed
toother
delivery,
outages
and
better
Built-in Integration
with
productsreduce
(NAMs, MSEs,
APIC-EM,
APICs,
UCSM, vCenter, ISE,
Prime Collab) experience
operational
Distributed Systems Architecture with Central Ops Experience

2. Prime Infrastructure Deployment in

Cisco IT

Cisco IT Deployment
Prime Infrastructure 2.2

Wireless Management (All production, 11k

APs, 670 WLC)

PI & PnP 2.2 across globe (6 sites)

Research Triangle Park

San Jose
Richardson
Almere (EMEA)
Bangalore
Singapore

Assurance (AP, WLC, MSE, WiFi Coverage)

Config & Image Management (WLC)
Security Compliance Mgmt (AP)
Inventory Management
Group Management (AP & WLC)
Location/Map Service (AP)
Usage Analysis & Notification (AP)

Zero Touch Deployment (ZTD)

Cisco 45xx
Cisco 3750/3850
ASR1K/Cat65K
Cisco 44xx

3 MSEs per site

Context Aware Service

Location Analytics Service
Wireless Intrusion Protection (wIPS)

Wired Management (Align w/ ZTD)

Config Lifecycle Management

Device Inventory
Image Management

IT Network Management Prime Portfolio Usage Map

IoE Location
Service

Wireless
Management

Configuration
Management

Network
Topology, Config
Discovery

Prime Infra + MSE

Prime Infra + MSE

Prime Infra

Prime Infra + APIC-EM

Network
Assurance

Zero Touch
Provisioning &
Deployment

Runbook
Automation

Application
Visibility

Prime Infra

Prime Infra + PnP

Process Orchestrator

DC Assurance

Branch Office
Automation

IP Address
Management

WAN Capacity
Management

Prime Infra, vCenter, UCSM

Prime Infra

Prime Network Registrar

Prime Infra + Prime Insight

In Use

Prime Infra, Collab & NAM

In Planning

3. Network Management Case Studies

Wireless Network Management: Case Study

Wireless Ops Management & IoE Implementation

Global Wireless Management (11K APs, 670 Controllers)

Assurance (AP, Controller, Mobility Services Engine, WIFI Coverage)

Configuration & Image Management (Controller)
Switch Port Tracing
Inventory Management
Group Management (AP & Controller)
Location / Map Service (AP)
Usage Analysis & Notification (AP)

IoE Use Case

Asset Tracking (Active RFID)

Cisco Prime: Wireless Quality Monitoring

Third Party
Location Applications

SOAP/XML

Wireless Technology
Powers IoE Implementation
WLAN
Location
Appliance

Client Browser

HTTPS

Cisco Prime
Infrastructure

Notifications for Telemetry,

Location, Battery level ..

SNMP Trap

EMAIL
SYSLOG
SOAP/XML
SNMP TRAP

SOAP/XML

SNMP
NMSP
On-demand location tracking
of asset tags

Wireless LAN Controllers

CAPWAP

Access Point

Active RFID Tag

802.11 Compatible RFID Tags

on End points

CAPWAP

CAPWAP

Access Point

Laptop

Access Point

Smart
Phone

Wireless Network Management

Top 5 Business Values
1.

Better QoS with clean air.

2.

Rogue AP detection with wIPS

3.

Troubleshooting clients connection

4.

AP planning with location service

5.

Asset tracking with context aware service

What is Zero Touch Deployment - Case Study

Capability to securely automate the following activities associated with a device:

Provisioning
Deployment
Upgrades

Rack, Stack, Cable

Provision

Deploy

Upgrade

Operate

Reasons to pursue ZTD

Save money !!!

Cut incident rates due to inconsistent configurations

Reduce skills level necessary to deploy production network devices

Shorten time to deploy

How It Works
1

2
3G/4G

ISE
USB
Console
cable
Onsite Local Operator
(PnP App)

Prime
PnP Gateway Infrastructure

Remote
ISR

Internal
network

Network Engineer
(Prime Infrastructure)

Two step deployment model for Routers & Switches using PI based ZTD
1. Implementation engineer (at Central site) publishes the design based
configuration (Golden Config)
2. PnP App operator (at local site) deploys day 0 config to initiate full config
deployment.

Where we are going

Zero Touch
Deployment

Reduces the need to travel to site

Other than Rack/Stack/Cabling, all

will be done remotely.

All devices at a site are automated

Engineers duration at site will be

shortened

Not all devices at site are automated

Engineers at site same duration to

support non-automated devices

Configuration Management: Case Study

Configuration & Compliance Management: (Current Situation)

Total Configuration Templates: 1,500 to 7,500

(6-7 Places in Network) * (5-7 topologies per PIN) * (5-10 cut-sheets per topology) * (10-15 templates per cut-sheet)

Configurations are managed in cookbooks (word docs) and cutsheets (excel)

Significant # of network related outages are caused by config changes

Image Management: (Current Situation)

Simple Image Upgrade: Automated (<30 mins per device)
Complex Image Upgrade: Manual (>3 hours per device)

Image Upgrade FY13/14

12000
10000

9649

8000
6000

4135

4000
2000
0
Simple

Complex

Device Count

Opportunity to simplify What?

Centralized & certified golden configuration repository

Eliminate cutsheets from cookbook

Track config changes (who, what & when) for better accountability & accuracy

Reduce error (unify configurations and solve fat finger problem)

Optimize configuration creation

Reusable blocks of sub-configurations (templates)

Object-oriented configuration structure (recursive composite templates)

Automate configuration hand-off process

RBAC & Approval process among design, implementation, field-deployment & ops engineers.

How It Works
*Design/Impl

New Device

Development
Config

New Service
Configuration
Update

Prime
Infrastructure
APIs

*Design/Impl/Ops

Cisco Process
Orchestrator
Approval System

Subversion
Version Control

Production
Golden Config

Future Transition
Top 3 transition areas
1.

User Experience: Services based network automation experience

2.

Ops Excellence & Security: Policies based configuration enforcement

3.

Speed to Deliver: Network Intelligence based configuration adjustments

Network Assurance & Event Correlation: Case Study

50%+ of Critical to Medium incidents are reported by end users

28% of business impacting incidents are recurring

100%

IT Recurring Incidents

90%

50%

80%

45%

User
Reported

70%
60%

System
Reported

50%
40%

40%
35%
30%
25%
20%

30%

15%

20%

10%

10%

5%

0%

0%

All

Infra Only

Q3/14
Q4-FY13

By inference:
Fault and availability monitoring is not enough to report all issues.
Correlation Engine critical to reduce MTTR for recurring issues.

Q4/14
Q1-FY14

Q1/15
Q2-FY14

Q2/15
Q3-FY14

Cisco Enterprise Landscape

Network Assurance is key to troubleshoot enterprise landscape
User & Application traffic monitoring over Network

Data Center

Public Cloud

Collab Experience

(IaaS, PaaS, SaaS)

(UC/V)

Private Cloud

Global network

(IaaS, PaaS, SaaS)

(private, public)

Global
Presence

Corporate Office

Global Infra
Services

Corporate Border

Office
Users

Mobile
User

Home Office

Partners

Customers

Coffee
Shop

Borderless
End Zones

Branch Office

What is really in your network?

Operational Goals to Achieve How?

Basics:
1.

Wireless device and quality assurance Prime Infra

2.

Application visibility & network traffic troubleshooting - NAMs

3.

Wired device assurance metrics collection Prime Infra

Transition in Network Assurance

Top 5 patterns
1.

Application Centric Network Assurance

2.

Big data driven Network Visibility

3.

Config Compliance/Network Policies is Assurance

4.

Controllers will drive self-healing model

5.

Quality-of-Service will become de-facto of Network SLA Assurance

4. IT & Prime Infrastructure

Looking Ahead

Prime Infrastructure Operations Center

Centralized Visualization of Multiple PI Instances
Distributed
Supports up to 10 Prime Infrastructure instances
Addresses geographic distribution, scalability, resiliency and
visibility
Single pane of glass monitoring with click-through
management
Centralized
Central view of assets, alarms and clients
Single sign-on
Dashlets aggregated from PI instances

Scalable
Consolidated view of network health
Consolidated view of health of each PI instance
Reports scheduling from one interface

Assurance
Application Experience and End User Experience
End-to-end visibility for service-aware networking by
applications, services, and end users
Out-of-the-box support for Cisco advanced technologies,
including AVC 2.0, NetFlow, Flexible NetFlow, NBAR2,
Performance Agent, Medianet, and more
Service health dashboard allows quick health check on your
business-critical applications
Simplified troubleshooting of applications and
client access issues
Multi-NAM management
Traffic analysis
Application response time metrics
Packet capture and decode

Network Topology
Initial use case: Visualization of Faults
o

Network Topology Page

Topology Dashlets

Device 360 N-Hop contextual topology view

Planned use cases

o

Data Center Topology

Geographical Maps

Link Utilization & Traffic Visualization

Wireless / Mobility Service View

Additional Logical / Service Views

Integration Into Provisioning Workflows

UCS Server Management

Bridging Network and Compute
Extends One Management Visibility of infrastructure
and assurance from Branches all the way through
campus and data center
Cisco UCS B and C series Discovery, inventory of
compute infrastructure and mapping that back to the
network elements of the data center
Fault and Root cause analysis Identify and isolate the source of
the problem. Help pin point the issues to the right network or
compute elements. Understand the impact of network problems onto
the compute infrastructure. Remediate the issues at its source

Availability and Performance Monitor the availability status

of the UCS physical servers. Provides visibility to the UCS
ports health status and performance
Server 360 Degree view Concise and easy to
consume server details accessible from any where
in the product. Allows for quick troubleshooting

What is Branch Service Automation?

Branch Service Automation is a Cisco management capability to design,
catalog, deploy and automatically manage different branch types, including
IWAN, Access and WLAN architectures leveraging SDN controller driven ACI
policy automation and application level SLA enforcement

The Value of Branch Service Automation is to dramatically reduce TCO of largescale Branch roll out through automation and to ensure continuous
operational consistency, security and compliance to policy across 000s of
sites

Branch Service Automation Process Architecture

Role

Process

Service
Design

Service
Catalog

Drag and drop

design of branch
infrastructure, PINs
and associated
services

Branch designs (e.g.

Small, Medium,
Large) committed to
Service Catalog as a
service offering

Definition of
application policies
for QoE (end user
SLAs), Security and
Access

Setting up of
business entities
and groups for
which services can
be ordered

Network Admin

Network Admin

High Cost, Skilled Resource, One Time

Service
Request
Ordering of Branch
type when new
site(s) or new
services are needed
Orchestration of
device and network
as a service
enablement for the
Branch using ZTD

Network Operations

Service
Management

Service
Operations
Automated
monitoring,
correlation and
troubleshooting of
Branch services and
infrastructure

Business and
application level
dashboarding and
reporting for SLAs,
Security and
Network Changes

APIC-EM Controller
led changes to
enforce policy
compliance

Tie-in of branch
service impact due
to application
delivery in DC /
Cloud

Network Operations

Network Operations

Automated (Low TCO), Low Skill, Continuous

Enterprise Stack North Star

Design, Catalog, Orchestrate

and Manage Lifecycle of endto-end Services (physical and
virtual)

Drive Business Outcomes

through Management

Enterprise Network

Data Center

Control Points

Prime Service Automation - PSA (New)

Physical

DC, WAN & Branch NfV

Physical

Policy Driven Automation

PSA+UCSD+APIC

Policy Driven Automation

PSA + UCSD+ ESC/ OSP

Policy Driven Automation

PSA + APIC-EM

Prime Enterprise (Prime Infra+ APIC-EM Apps + DCNM + vNAM + Insight)

Service /
Management

Fault/ Events
Correlation

Performance
Management

Capacity /
Analytics

Change /
Compliance

APIC

Simplify/ Automate network

with Controllers and ACI
Network

Compute

Reporting /
Visualization

Multi-tenant
/ Op Center

APIC-EM
Storage

WAN

Access

WLAN

Q&A

Complete Your Online Session Evaluation

Give us your feedback to be

entered into a Daily Survey
Drawing. A daily winner
will receive a $750 Amazon
gift card.

Complete your session surveys

though the Cisco Live mobile
app or your computer on
Cisco Live Connect.
Dont forget: Cisco Live sessions will be available
for viewing on-demand after the event at
CiscoLive.com/Online

Continue Your Education

Demos in the Cisco Campus

Walk-in Self-Paced Labs

Table Topics

Meet the Engineer 1:1 meetings

Thank you