Cisco IT integrates network management for improved operations, lower costs, and Internet of Everything readiness.
The Cisco® core network continues to grow, with more users, devices, applications, and services. In Cisco IT, we realized the previous network management systems, which managed the wired and wireless networks separately, would not be able to keep pace.
Additionally, those management systems were built from a combination of Cisco products, third-party products, and internally developed scripts that focused on specific network elements or management tasks. Many capabilities were not integrated, which often meant duplicate or overlapping management activities and other operational inefficiencies.
“We wanted an integrated management system for wired and wireless network elements to help deliver the new services model faster, reduce outages, and support a better network operations experience,” says Mohit Agrawal, senior architect, Cisco IT. “Also, as we prepare for the Internet of Everything [IoE], we need a management system that will scale to support very large numbers of wireless devices and offer capabilities for asset tracking and location services.”
Cisco IT wanted to use the new system for managing wireless devices initially, then transition over time from the traditional system for wired network management. We defined several requirements when looking for the new network management system.
● Integrated network management. A primary requirement was a single system and user interface to manage the inventory and configuration of all wired and wireless elements. Also important was the ability to integrate with other Cisco Prime™ management tools.
● Improved configuration management. We knew that a significant number of network outages are caused by configuration changes and with as many as 7500 configuration templates used by Cisco IT, these changes were very difficult to manage. We wanted improved tools for managing device configurations and changes as well as for distributing new software images. These tools would help to reduce problems when maintaining and upgrading network elements, especially in branch offices.
● Expand automated deployments beyond the user level. We wanted to extend zero-touch automation to more devices in a progression that would eventually cover all network levels, from the branch to the campus to the enterprise. In the future, Cisco IT wants to offer enterprise networking as a service (ENaaS) as a standard package that provides all equipment and connections a company site needs for network access.
● Better management of IP addresses. As more devices connect to the network, the challenges of managing the associated IP addresses also increase. We wanted tools that would automate Dynamic Host Configuration Protocol (DHCP) address management for the Cisco Virtual Office service as well as for users of our internal cloud, the Cisco IT Elastic Infrastructure Services (CITEIS). We also wanted to integrate tools such as the Cisco Prime Network Registrar with the management system.
Given the scope of these requirements, Cisco IT decided to adopt the Cisco Prime framework, with Cisco Prime Infrastructure as the new, single system for integrated network management.
We are deploying Cisco Prime Infrastructure as an incremental transition from the previous, separate network management systems with the initial focus on managing wireless devices. When this transition is complete, Cisco Prime Infrastructure and its “manager of managers” view will allow us to manage both wired and wireless devices from a “single pane of glass” view for device status and troubleshooting. We will also be able to tightly integrate other Cisco Prime tools so that the network operations teams can access them on a single management interface.
As of late 2014, Cisco IT uses Cisco Prime Infrastructure to manage, worldwide:
● 190,000+ wireless and wired network endpoints (user devices) for 120,000+ users
● 11,000 wireless access points and more than 600 wireless controllers
● 500+ company offices
● In addition, Cisco IT intends to manage its wired network as more features become available in Prime:
◦ 45,000 wired devices including routers, switches, gateways, and security elements
◦ 550,000 wired ports
◦ 4000+ network-based applications
We also use other Cisco Prime products for managing aspects of the IT infrastructure and services, as shown in Table 1. Individual user access to these Cisco Prime products is enforced by role-based features for access control.
Table 1. Cisco Prime Products Deployed by Cisco IT
Role in Cisco IT’s Network Management
Cisco Prime Infrastructure
Integrated system for end-to-end configuration and management of wired and wireless network elements and services. Includes the Cisco Plug and Play Services and the Cisco Mobility Services Engine (Cisco MSE) 3355.
Cisco Prime Network Analysis Module (NAM)
Provides consistent visibility and comprehensive performance analytics for physical, virtual, and cloud networks.
Cisco Prime Network Registrar for DHCP
Supports integrated, scalable management services for DHCP addresses.
Cisco Prime Service Catalog
Provides a self-service portal as well as catalog and lifecycle management software for IT services.
Cisco Prime Optical
Simplifies management of the converged IP and optical network with automated mechanisms for configuration, provisioning, and troubleshooting.
Cisco Process Orchestrator
Helps standardize, unify, and automate best practices for configuration and management processes in complex IT and network environments.
Cisco Prime Performance Manager
Provides granular visibility into network and service topologies along with related performance metrics.
Cisco Prime Collaboration
Supports proactive monitoring of collaboration and video endpoints, sessions, and ports.
Cisco Prime Infrastructure Deployment Design
When fully deployed, the Cisco Prime Infrastructure software will run on virtual machines (VMs) in a three-tier, distributed cluster of Cisco Unified Computing System (Cisco UCS®) blade servers, as shown in Figure 1:
● Tier 1: The “manager of managers” (MoM) layer, which provides the single user interface for wired and wireless network management. As of late 2014, the Cisco Prime Infrastructure software is deployed in redundant Cisco UCS servers in our data centers in Richardson and Allen, Texas. A future deployment in our Research Triangle Park, North Carolina data center will support disaster-recovery operation. In addition, three servers for the Cisco MSE 3355 and one server for Cisco Plug and Play Services are deployed in each location.
● Tier 2: The regional layer, where Cisco Prime Infrastructure engines are implemented as dual virtual machines on Cisco UCS servers in an active-passive design for high availability. This layer includes six global locations to host the Cisco Prime Infrastructure collector servers.
● Tier 3: The collectors layer, where Cisco Prime Network Event Collector software is installed on Cisco UCS servers to create central data pools of collected logs, traps, alerts, metadata, NetFlows, and Cisco MediaNet™ raw data for application access. This layer encompasses 10 Cisco locations worldwide and supports up to 80,000 flows per collector.
Additionally, managing the wireless network requires a total of 18 VMs, with three VMs at each regional layer site. These VMs host separate instances of the Cisco MSE 3355 for detecting rogue access points, managing Cisco CleanAir® access points, and providing a wireless intrusion prevention system (wIPS).
For automated deployment of user and branch-office devices, we are also using six VMs to run the Cisco Plug and Play Services.
Figure 1. Cisco Prime Infrastructure Deployment Design
When fully deployed, we expect this Cisco Prime Infrastructure design to meet our goals for a new network management system:
● Integrated network management. The single interface in Cisco Prime Infrastructure for managing diverse network devices simplifies management tasks for Cisco IT operations teams because engineers can log-in to one system and see the whole environment. Enhanced monitoring capabilities support proactive, real-time response as well as reactive monitoring and capacity planning. The IT operations teams now have detailed views into the health of wired and wireless network devices and services, including media-aware traffic reporting.
● Readiness for IoE. The wireless management capabilities in Cisco Prime Infrastructure have the scalability and features to support Cisco’s move to the IoE. For example, we have already implemented wireless asset tracking with RFID and location-based services for mobility.
● Improved configuration, image, and compliance management. With Cisco Prime Infrastructure, the network engineers have a single, end-to-end system for managing configuration templates and device inventory. Simple image upgrades can be initiated from Cisco Prime Infrastructure, in conjunction with Cisco Process Orchestrator; complex image upgrades are handled in conjunction with Cisco NCCM. Compliance capabilities in Cisco Prime Infrastructure support management of the network lifecycle, adherence to Payment Card Industry (PCI) standards, and security management by the Cisco Product Security Incident Response Team (Cisco PSIRT).
● More automated deployments. Cisco Prime Infrastructure allows us to introduce zero-touch, “plug-and-play” deployment for more network devices and services, especially at the branch-office level. Automation of more network management tasks and processes frees time for engineers to focus on strategic activities.
● Better management of IP addresses. Using Cisco Prime Network Registrar, we can automate DHCP address management for the Cisco Virtual Office service and CITEIS users.
We also expect the full Cisco Prime Infrastructure implementation will deliver the following results for Cisco IT:
● Lower total cost of ownership for the Cisco network through consistent networkwide visibility, lower overhead for network management tasks, and improved software image management
● Reduced costs and time savings for network service implementation by extending zero-touch deployment capabilities to branch offices and campus sites
● Faster mean time to recovery (MTTR) from network problems because of adaptive fault management and easier access to real-time and predictive network analytics
● Fewer overhead resources required for network administration and compliance with policies and regulations
In addition to the near-term operational improvements supported by Cisco Prime Infrastructure, Cisco IT also expects to gain long-term strategic benefits. “Cisco Prime Infrastructure gives us the ability to introduce a new model for automating IT services and to more easily support IoE functionality as it emerges in the future,” says Agrawal.
Cisco IT offers the following lessons for implementing Cisco Prime Infrastructure.
Plan for expanded wireless management. Leverage the power of the Cisco MSE 3355 for managing a bring your own device (BYOD) program and the growing number of wireless elements that will come with the Internet of Everything. In particular, focus on planning the placement of wireless access points for adequate coverage in all facilities.
Create more processes for automated deployment. Supporting zero-touch device deployment at the branch, campus, and enterprise-level requires careful planning and development of the automated processes.
Test the planned Cisco Prime Infrastructure implementation in a lab environment. Because a network management system has such a far-reaching and critical impact, it is important to verify your planned deployment in a lab environment before the Cisco Prime products are implemented in the production environment. Create a lab environment that mirrors the production environment as closely as possible in order to produce relevant tests.
Provide training for the culture shift in device management. Many network engineers are comfortable using the command-line interface (CLI) for interacting with a network device, and may be reluctant to switch to a web-based management tool. Offer training and change processes to gradually eliminate reliance on the CLI.
After completing the transition to Cisco Prime Infrastructure as the single network management system, we plan to enhance capabilities in the following areas:
● Configuration management. Support topology-based and lifecycle configuration management as well as controller-based configuration and image deployment using the Cisco Application Policy Infrastructure Controller (Cisco APIC) and Cisco APIC Enterprise Module.
● Extended zero-touch deployment capabilities. Enable enterprise networking as a service (ENaaS) for remote delivery of complete network sites, especially in branch offices. This capability will allow us to deploy network services without requiring travel by an engineer, automate quality assurance, and reduce the time required to equip and activate network connectivity for a site.
● Comprehensive service assurance capabilities. Deliver an end-to-end view of network service health, automate remediation of network faults, notify appropriate support and operations teams, isolate faults, reduce meantime to detection and recovery (MTTD and MTTR), and enable predictive monitoring.
For More Information
To learn more about all Cisco Prime products, visit: http://www.cisco.com/go/prime
To read blog posts about Cisco Prime Infrastructure, visit: http://blogs.cisco.com/tag/cisco-prime-infrustracture
For information on Cisco UCS servers, visit: http://www.cisco.com/go/ucs
To read additional Cisco IT case studies about a variety of business solutions, visit Cisco on Cisco: Inside Cisco IT.
To view Cisco IT webinars and events about related topics, visit Cisco on Cisco Webinars & Events.
This publication describes how Cisco has benefited from the deployment of its own products. Many factors may have contributed to the results and benefits described; Cisco does not guarantee comparable results elsewhere.
CISCO PROVIDES THIS PUBLICATION AS IS WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS OR IMPLIED, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
Some jurisdictions do not allow disclaimer of express or implied warranties, therefore this disclaimer may not apply to you.