For over 12 years there have been two ways of getting electricity to devices on your network: From an electrical outlet or from an Ethernet jack using Power over Ethernet.
With the release last year by Cisco Systems Inc. of what it calls Universal PoE, a proprietary version which delivers 60 Watts of power per port over an Ethernet line, the company believes it has opened new opportunities for manufacturers of almost everything that runs of electricity to plug in via Category 5 cable.
On Tuesday, Samsung Electronics showed confidence in the technology by announcing an UPoE version of its desktop monitor for virtual desktops, the 22-inch NC220P.
It is expected to hit the market at the end of May, with a projected street price of US$774.
When it was introduced -- by Cisco -- in 2000, Power over Ethernet offered a mere 7 Watts of power. Common PoE devices are desktop IP phones and wireless access points. Over the years PoE has reached the ability to deliver 30 Watts over Ethernet.
By doubling that UPoE offers more possibilities. However, it is available only by plugging a module into a Cisco Catalyst 4500E switch, which then connects to approved devices.
In a conference call with reporters, Joe Angelo, a Samsung business development manager said the NC220P integrates a thin client into the monitor, taking its power and data over one Ethernet cable.
It has four USB ports, a DVI-out port for a second display and headphone and microphone connections.
Angelo said target markets include governments, hospitals and schools.
Pradeep Parmar, a senior Cisco marketing manager, said the announcement is more evidence of the acceptance of large organizations of UPoE and how widely it can be used.
For example, he said, UPoE could power telepresence systems or high power surveillance cameras.
Parmar also brought onto the conference call an official from a Japanese company, which is using UPoE for LED office lighting instead of fluorescent lights. Connected to Cisco's Energywise power monitoring software, the solution can make dramatic savings in electricity.
Also on the call was Dwight Holmberg, a regional manager with FieldServer Technologies of Milpitas , Calif., who said the company's gateway for connecting building automation systems can leverage UPoE.
According to Zeus Kerravala, principal analyst at ZK Research, UPoE is another example of how Cisco tailors a technology to keep ahead of competitors. No other network equipment maker has adopted UPoE or its approach, he said.
"For Cisco, it's important with so much talk out there about the wired network being dead because of all the wireless end points," Kerravala added. "If they can find a whole group of other devices that can connect to the network that aren't traditional PCs, that opens the door for them to open the overall market for wired switches."
---Cisco News quoted from pcworld.com
More PoE info & Cisco News:
Cisco, the major networking, makes a line of wireless routers that come under the Linksys name. Linksys wireless devices and those made under the Cisco name are set up in the same manner. It is always best to look at the instructions that came with your router if you have them for specifics when it comes to setting up security passwords and using the advanced user options, but standard configuration is quite simple
What you need preparing: Internet service, Ethernet cable, Computer
Instructions to Configure Cisco Wireless
1. Connect your Internet service line from your Internet source to the port marked Ethernet on the back of your Cisco router. Check the LED on the front of the device to see if the router reads the cable.
2. Look for the IP address that is printed on the back label of your router, or in the instruction booklet.
3. Type the IP address into an Internet browser (Firefox, Safari, Internet Explorer) and press the return key. A setup page for your router will appear.
4. Go to the "Setup" tab and select the general setup page. Find the local IP address section and insert the IP address 22.214.171.124. Press the "Renew IP address" button to save.
5. Type 126.96.36.199 into your browser and press return. The setup will again appear.
6. Press the "Status" tab and check the IP address value. Click "DHCP release," then click "DHCP renew" if the IP address is a series of zeroes.
7. Click the "Wireless" section and go to the security setup. Type in an appropriate user name and password for yourself and save the changes. You will now be able to access your router wirelessly.
Cisco Wireless News:
The company also plans to release its Jabber product for the iPad and an upgrade of Jabber for Windows desktops and laptops
Cisco announced improvements to its Jabber IM, presence and video-conferencing product, as well as to its room-size "immersive" telepresence systems, as the networking giant continues to push its way into the workplace collaboration market.
Cisco plans to release at some point in the second quarter its first version of Jabber for the iPad and an upgrade of Jabber for Windows desktop and laptop PCs, as well as a new top-of-the-line telepresence system called TX9000, designed to improve upon existing Cisco products of this sort.
Jabber for iPad will let users communicate using voice, video, IM, presence and conferencing, using standards like H264, XMPP and SIP for interoperability with other systems.
Jabber for Windows features high-definition video, voice, presence, IM, desktop sharing and Web conferencing, as well as integration with Microsoft Office, and also uses standards like H264, XMPP and SIP.
Meanwhile, the TX9000 is designed to take Cisco's large telepresence systems from an immersive experience to one that also allows for what the company calls "high-intensity collaboration" for scenarios like sophisticated planning sessions, brainstorming, "war rooms," critical problem resolution and engineering design.
Among the new features introduced in the TX9000 is the ability to share content on the main telepresence screens, as opposed to only on the smaller one below them, along with "point and highlight" capabilities, white boarding and calling up data from multiple content sources, according to the company.
Also new is a simplified way to integrate WebEx online meetings with TX9000 sessions, and a simpler way to launch and manage TX9000 meetings using a touch-based user interface.
The TX9000 also features a new placement for its cameras, designed to enhance eye contact among participants while making the cameras less conspicuous. It doesn't require additional special lighting nor audio.
The TX9000 can provide video quality as high as 1080p at 60 frames per second, while requiring 20 percent less bandwidth than existing Cisco telepresence systems. The TX9000 can be used by six people, while the TX9200 model adds a second table for up to 18 participants.
Cisco also claims that system setup has been simplified, so that installation partners can complete a job in as little as two days. List price in the U.S. starts at $299,000.
Industry analyst Maribel Lopez from Lopez Research said Cisco now has a good portfolio of video communications across its products, which is important because video will continue to increase its importance in workplace communications and collaboration.
"Video will change over time. Most people think of it as face-to-face. While this is interesting, it doesn't take into account that video will be next-generation content. Today content means documents like PowerPoint and Word files. Tomorrow more content will be video. So video is more than just my tiny face looking at another tiny face on a screen while we share a PowerPoint," she said via email.
Collaboration traditionally has, and continues to be, strongly associated with email and document management, which has made this market a challenge for Cisco, but it could ride video to a leadership position, she said.
"The goal for Cisco is to change what collaboration means. For example, no vendor is the established choice for doing secure cross-company collaboration with video and document sharing and repositories," she said.
Many applications can use a built-in collaboration and communications component and no vendor owns this space, she said.
"Communications will have voice, video and attachments associated with it. It will be portable across devices. It will have knowledge of what you have access to and if that varies by what device you are using or where you are located. It will also have knowledge of whether you are communicating internally or across groups. This is contextual communications and this is the future," she said.
Industry analyst Zeus Kerravala from ZK Research said that the TX9000 is noteworthy because it's the biggest upgrade in that product line since its inception.
"Cisco has created the ability to freely move content and video sessions between the screens, shifting this market from being TelePresence to TeleCollaboration. Now the user has greater control over what content is displayed in what screen versus the system deciding," he said via email.
Kerravala sees the Jabber enhancements as geared at enabling greater unified communications functionality across a wide range of mobile devices, to let companies move into the "post PC" era.
"Bring your own device has become a top initiative for CIOs and the Jabber enhancements can enable communications consistency across the devices," he said.
As Cisco pursues the collaboration market, it needs to direct its pitch at line of business managers, as opposed to IT officials in charge of desktops and email communications, who think first about traditional collaboration vendors like Microsoft and IBM, he said.
Line of business managers will be more receptive and better able to assess the considerable breadth of Cisco's collaboration portfolio, Kerravala said.
More Related Cisco News and info:
Supervisor 2T engine for the Catalyst 6500E chassis. The Sup2T is a boost to keep the 6500′s legs running a little longer. I think of the 2T as a product enabling customers with a large 6500 investment to put off the inevitable migration to the Nexus platform. The 2T, by all accounts, is the end of the development roadmap for the 6500. My understanding is that the 2T takes the 6500 chassis as far as it can scale in terms of packet forwarding performance.
With the advent of the Nexus 7009, I doubt we’ll see yet another replacement 6500 chassis model (like we saw the “E” some years back). The Nexus uptake has been reasonably good for most Cisco shops, and the Nexus 7009 form factor takes away the physical space challenges faced by those previously considering the 7010 as a forklift upgrade for the widely deployed Cisco 6509. In my mind, it makes sense for Cisco to focus their Catalyst development efforts on the 4500 line for access and campus deployments, with Nexus products running NX-OS for core routing services and data center fabric. Could I be wrong? Sure. If Cisco announced a new 6500E “plus” chassis that can scale higher, than that would reflect a customer demand for the product that I personally don’t see happening. Most of the network engineering community is warming up to the Nexus gear and NX-OS.
That baseline established, Cisco is selling the Sup2T today. What does it bring to the table? Note that anything in italics is lifted directly from the Cisco architecture document referenced below in the “Links” section.
- Two Terabit (2080 Gbps) crossbar switch fabric. That’s where the “2T” comes from. These sups are allowing for forwarding performance up to 2 Tbps. Of course, as with previous supervisor engines, the aggregate throughput of the chassis depends on what line cards you deploy in the chassis. That old WS-X6148A you bought several years ago isn’t imbued with magical forwarding powers just because you pop a 2T into the chassis.
- The Supervisor 2T is designed to operate in any E-Series 6500 chassis. The Supervisor 2T will not be supported in any of the earlier non E-Series chassis. You know that non-E 6500 chassis running Sup720s you love so much? Gotta go if you want to upgrade to a 2T (to which I ask the question if you’re considering this…why not Nexus 7009 instead?)
- As far as power requirements, note the following:
- The Cisco 6503-E requires a 1400 W power supply and the 6504-E requires a 2700 W power supply, when a Supervisor 2T is used in each chassis.
- While the 2500 W power supply is the minimum-sized power supply that must be used for a 6, 9, and 13-slot chassis supporting Supervisor 2T, the current supported minimum shipping power supply is 3000 W.
- Line cards are going to bite you; backwards compatibility is not what it once was. There’s a lot of requirements here, so take note.
- The Supervisor 2T provides backward compatibility with the existing WS-X6700 Series Linecards, as well as select WS-X6100 Series Linecards only.
- All WS-X67xx Linecards equipped with the Central Forwarding Card (CFC) are supported in a Supervisor 2T system, and will function in centralized CEF720 mode.
- Any existing WS-X67xx Linecards can be upgraded by removing their existing CFC or DFC3x and replacing it with a new DFC4 or DFC4XL. They will then be operationally equivalent to the WS-X68xx linecards but will maintain their WS-X67xx identification.
- There is no support for the WS-X62xx, WS-X63xx, WS-X64xx, or WS-X65xx Linecards.
- Due to compatibility issues, the WS-X6708-10GE-3C/3CXL cannot be inserted in a Supervisor 2T system, and must be upgraded to the new WS-X6908-10GE-2T/2TXL.
- The Supervisor 2T Linecard support also introduces the new WS-X6900 Series Linecards. These support dual 40 Gbps fabric channel connections, and operate in distributed dCEF2T mode.
To summarize thus far, a legacy 6500 chassis will need to be upgraded to a 6500E. Many older series line cards are not supported at all, or will require a DFC upgrade. Power supplies are a consideration, although the base requirements are not egregious. Therefore, moving to a 2T will require a good bit of technical and budgetary planning to get into a Sup2T. I suspect that for the majority of customers, this will not be a simple supervisor engine swap.
This diagram from Cisco shows the hardware layout of the Sup2T, focusing on all the major junction points a packet or frame could crossed through depending on ingress point, required processing, and egress point.
There are two main connectors here to what Cisco identifies as two distinct backplanes: the fabric connector, and the shared bus connector. The fabric connector provides the high-speed connectors for the newer line cards, such as the new 6900 series with the dual 40Gbps connections mentioned above. The shared bus connector supports legacy cards (sometimes referred to as “classic” cards), that is linecards with no fabric connection, but rather connections to a bus shared with similarly capable cards.
The crossbar switch fabric is where the throughput scaling comes from. Notice that Cisco states there are “26 x 40″ fabric channels in the diagram. That equates to the 2080Gbps Cisco’s talking about. The crossbar switch fabric on the Supervisor 2T provides 2080 Gbps of switching capacity. This capacity is based on the use of 26 fabric channels that are used to provision data paths to each slot in the chassis. Each fabric channel can operate at either 40 Gbps or 20 Gbps, depending on the inserted linecard. The capacity of the switch fabric is calculated as follows: 26 x 40 Gbps = 1040 Gbps; 1040 Gbps x 2 (full duplex) = 2080 Gbps.
“Full-duplex” means that what we’re really getting is 1Tbps in one direction, and 1Tbps in the other direction. The marketing folks are using weasel words to say that the Sup2T is providing a 2 terabit fabric. This marketing technique is neither new nor uncommon in the industry when describing speeds and feeds, but it is something to keep in mind in whiteboard sessions, especially if you’re planning a large deployment with specific data rate forwarding requirements.
Now here’s a strange bit. While the crossbar fabric throughput is described in the context of full-duplex, the 80Gbps per-slot is not. The 80 Gbps per slot nomenclature represents 2 x 40 Gbps fabric channels that are assigned to each slot providing for 80 Gbps per slot in total. If marketing math were used for this per slot capacity, one could argue that the E-Series chassis provides 160 Gbps per slot.
Moving onto the control-plane functions of the Sup2T, we run into the new MSFC5. The MSFC5 CPU handles Layer 2 and Layer 3 control plane processes, such as the routing protocols, management protocols like SNMP and SYSLOG, and Layer 2 protocols (such as Spanning Tree, Cisco Discovery Protocol, and others), the switch console, and more. The MSFC5 is not compatible with any other supervisor. The architecture is different from previous MSFC’s, in that while previous MSFC’s sported a route processor and a switch processor, the MSFC5 combines these functions into a single CPU.
The diagram also show a “CMP”, which is a feature enhancement of merit. The CMP is the “Connectivity Management Processor,” and seems to function like an iLO port. Even if the route processor is down on the Sup2T, you can still access the system remotely via the CMP. The CMP is a stand-alone CPU that the administrator can use to perform a variety of remote management services. Examples of how the CMP can be used include: system recovery of the control plane; system resets and reboots; and the copying of IOS image files should the primary IOS image be corrupted or deleted. Implicitly, you will have deployed an out-of-band network or other remote management solution to be able to access the CMP, but the CMP enhances our ability to recover a borked 6500 from far away.
The PFC4/DFC4 comprise the next major component of the Sup2T. The PFC4 rides as a daughter card on the supervisor, and is the hardware slingshot that forwards data through the switch. The DFC4 performs the same functions only it rides on a linecard, keeping forwarding functions local to the linecard, as opposed to passing it through the fabric up to the PFC4.
The majority of packets and frames transiting the switch are going to be handled by the PFC, including IPv4 unicast/multicast, IPv6 unicast/multicast, Multi-Protocol Label Switching (MPLS), and Layer 2 packets. The PFC4 also performs in hardware a number of other functions that could impact how a packet is fowarded. This includes, but is not limited to, the processing of security Access Control Lists (ACLs), applying rate limiting policies, quality of service classification and marking, NetFlow flow collection and flow statistics creation, EtherChannel load balancing, packet rewrite lookup, and packet rewrite statistics collection.
The PFC performs a large array of functions in hardware, including the following list I’m lifting from Cisco’s architecture whitepaper.
- Layer 2 functions:
- Increased MAC Address Support – a 128 K MAC address table is standard.
- A bridge domain is a new concept that has been introduced with PFC4. A bridge domain is used to help scale traditional VLANs, as well as to scale internal Layer 2 forwarding within the switch.
- The PFC4 introduces the concept of a Logical Interface (LIF), which is a hardware-independent interface (or port) reference index associated with all frames entering the forwarding engine.
- Improved EtherChannel Hash – etherchannel groups with odd numbers of members will see a better distribution across links.
- VSS support – it appears you can build a virtual switching system right out of the box with the Sup2T. There does not seem to be a unique “VSS model” like in the Sup720 family.
- Per Port-Per-VLAN – this feature is designed for Metro Ethernet deployments where policies based on both per-port and per- VLAN need to be deployed.
- Layer 3 functions. There’s a lot here, and rather than try to describe them all, I’m just going to hit the feature names here, grouped by category. You can read in more detail in the architecture document I link to below.
- Performance: Increased Layer 3 Forwarding Performance
- IPv6: uRPF for IPv6, Tunnel Source Address Sharing, IPv6 Tunnelling
- MPLS/WAN: VPLS, MPLS over GRE, MPLS Tunnel Modes, Increased Support for Ethernet over MPLS Tunnels, MPLS Aggregate Label Support, Layer 2 Over GRE
- Multicast: PIM Register Encapsulation/De-Encapsulation for IPv4 and IPv6, IGMPv3/MLDv2 Snooping
- Netflow: Increased Support for NetFlow Entries, Improved NetFlow Hash, Egress NetFlow, Sampled NetFlow, MPLS NetFlow, Layer 2 Netflow, Flexible NetFlow
- QoS: Distributed Policing, DSCP Mutation, Aggregate Policers, Microflow Policers
- Security: Cisco TrustSec (CTS), Role-Based ACL, Layer 2 ACL, ACL Dry Run, ACL Hitless Commit, Layer 2 + Layer 3 + Layer 4 ACL, Classification Enhancements, Per Protocol Drop (IPv4, IPv6, MPLS), Increase in ACL Label Support, Increase in ACL TCAM Capacity, Source MAC + IP Binding, Drop on Source MAC Miss, RPF Check Interfaces, RPF Checks for IP Multicast Packets
So, do you upgrade to a Sup2T? It depends. The question comes down to what you need more: speed or features. The Sup2T is extending the life of the 6500E chassis with speed and a boatload of features. That said, you can’t scale the 6500 to the sort of 10Gbps port density you can a Nexus. Besides, most of the features found on a 6500 aren’t going to be used by most customers. If your 6500 is positioned as a core switch, then what you really need is the core functionality of L2 and L3 forwarding to be performed as quickly as possible with minimal downtime. To me, the place to go next is the Nexus line if that description of “core” is your greatest need.
If instead you need a super-rich feature set, then the question is harder to answer. The Nexus has a ways to go before offering all of the features the Catalyst does. That’s not to say that all a Nexus offers is throughput. True, NX-OS lacks the maturity of IOS, but it offers stability better than IOS-SX and features that most customers need.
In some ways, I’m making an unfair comparison. Nexus7K and Cat6500 have different purposes, and solve different problems. But for most customers, I think either platform could meet the needs. So if you’re looking for a chassis you can leave in the rack for a very long time, it’s time to look seriously at Nexus, rejecting it only if there’s some specific function it lacks that you require. If the Nexus platform can’t solve all of your problems, then you probably have requirements that are different from merely “going faster”. The 6500/Sup2T may make sense for you.
---Original reading from packetpushers.net
The Supervisor 2T provides 2-terabit system performance for 80Gbps switching capacity per slot on all Catalyst 6500 E-Series Chassis. As a result, you can:
- Maintain investment protection through backward compatibility
- Deliver scalability and performance improvements such as distributed forwarding (dCEF) 720Mpps with the fourth-generation Policy Feature Card (PFC4)
- Support future 40Gbps interface and nonblocking 10Gbps modules
- Enable new applications and services with hardware accelerated VPLS, Layer 2 over mGRE for Network Virtualization
- Take advantage of integrated Connectivity Management Processor (CMP) for improved out-of-band management.
Cisco next month will release router software designed to improve cloud computing connectivity for branch offices.
Cisco will unveil Cloud Connect on May 22, said CTO Padmasree Warrior during her keynote address here this week at the Cisco Partner Summit. Cloud Connect will run on Cisco's ISR G2 and ASR 1000 routers, and provide visibility, security, availability and performance optimization for cloud connectivity, she says.
The software is designed to improve the user experience with cloud and simplify operations, Warrior says. Cisco will demonstrate the software at the Cisco Live conference in June as well, she says.
Cloud Connect will include software modules called Cloud Connectors. Cloud Connectors will include Cisco applications such as Hosted Collaboration Services and ScanSafe, a SaaS-based Web security service. Cloud Connector software will also allow software developers to write applications to Cloud Connect to expand its capabilities, Warrior says.
Cisco will also soon unveil a product for connecting private enterprise clouds to the public cloud to create hybrid implementations, Warrior says.
The product is designed to maintain the identity, security and policies of workloads as they move form a private cloud into the public cloud.
"Maintaining the consistent policy framework that surrounds that, that's essentially what this product will do," Warrior says.
Warrior did not disclose an announcement date for this product but she indicated it may be ready for Cisco Live in June as well. Together, Cloud Connect and the private/public cloud policy maintainer sound like the Integrated Enterprise WAN Solution discussed early this year by Praveen Akkiraju, senior vice president and general manager of Cisco's Network Services Technology Group.
---Original reading pcadvisor.co.uk
More Cisco News:
If you had to pick 10 technology-related trends that will impact your enterprise infrastructure in the coming year, Gartner says you'd do well to start with virtualization and move to other issues such as social media influence, energy issues and flat networks to name a few.
At the Gartner Symposium IT/Expo, David Cappuccio, managing vice president and chief of research for the Infrastructure teams with Gartner, said the Top 10 Trends show how IT is changing in that many of them in the past been outside the traditional purview of IT, but they will all affect how IT does its job in the future.
The Top 10 Trends and their impact, briefly include:
1 The evolution of virtualization: Cappuccio says virtualization will ultimately drive more companies to treat IT like a business. The danger during the next few years will be in following a specific vendor's vision, though it is unlikely that any one vendor's vision will prevail. Users should have their own visions of architecture control, and build toward it with a constantly updated strategic plan.
2. Big data, patterns and analytics: Unstructured data will grow some 80% over the course of the next five years, creating a huge IT challenge. Technologies such as in-line deduplication, automated tiering of data to get the most efficient usage patterns per kilowatt, and flash or solid-state drives for higher-end performance optimization, will increase in importance over the next few years, Cappuccio said. Analytics and other systems to monitor for recurring data patterns that could develop into money making applications will also be important.
3. Energy efficiency and monitoring: The power issue has moved up the food corporate food chain, Cappuccio said. Nascent tools are beginning to roll out that can use analytic tools to watch power usage on a variety of levels. With the increased attention given to power consumption, it has become apparent that many systems are highly underutilized. At low utilization levels, they use a high percentage of their total energy draw. An average x86 server that is turned on, but idle, will draw upward of 65% of its nameplate wattage, for example. IT organizations need a clear inventory of what compute resources are doing and what workloads there is the potential for significant waste of energy.
4. Context aware apps: The big question here how to do something smart to take advantage of smartphones. Gartner has in the past said context-based computing will go beyond the business intelligence applications and truly make a unified communications environment possible by bringing together data culled from social networks and mobile-devices.
5. Staff retention and retraining: Here the idea is developing a plan to get people excited about their jobs enough to stay. And we'll need is as starting in 2011 an average of 10,000 baby boomers will be eligible to retire every day for the next 19 years, Cappuccio said. Loyalty to one company is not a quality found in new workers.
6. Social networks: Affordable and accessible technology has let individuals and communities come together in a new way - with a collective voice - to make statements about our organizations, the products/services we deliver and how we deliver them, Cappuccio said. The collective is made up of individuals, groups, communities, mobs, markets and firms that shape the direction of society and business. The collective is not new, but technology has made it more powerful -and enabled change to happen more rapidly Cappuccio said. The collective is just beginning to have an impact on business operations and strategies but most organizations do not have a plan for enabling or embracing it. Ignoring social networking is not an option, Cappuccio said.
7. Consumerization: The key trend here is the fact that new application types will be developed to address mobile users but they won't be desktop replacement applications. Still, a secure, well-defined strategy needs to be put into place to take advantage of this development, Cappuccio said.
8. Compute per square foot: Virtualization is one of the most critical components being used to increase densities and vertically scale data centers. If used wisely, average server performance can move from today's paltry 7% to 12% average to 40% to 50%, yielding huge benefits in floor space and energy savings. Two issues that need to be considered going forward are the number of cores per server -- four- and eight-core systems are becoming common, and 16 cores will be common within two years -- and overall data center energy trends. IT will also have to address things like performance/licensing, Cappuccio said
9. Cloud computing While cost is a potential benefit for small companies, the biggest benefits of cloud computing are built-in elasticity and scalability. As certain IT functions industrialize and become less customized, such as email, there are more possibilities for larger organizations to benefit from cloud computing, according to Cappuccio.
10. Fabrics: Gartner defines this infrastructure convergence as: The vertical integration of server, storage, and network systems and components with element-level management software that lays the foundation to optimize shared data center resources efficiently and dynamically. Systems put forth so far by Cisco and HP will unify network control but are not there yet.
More Related IT News: Awesome, What Happened to Networking in 2011?
IBM's new PureSystems integrated data center offering is drawing comparisons to Cisco's UCS and other convergence platforms from leading IT vendors.
But is it possible to do an apples-to-apples comparison among them? Even though all offerings from all vendors seek to essentially accomplish the same things -- integrate server, storage and networking, with management and automation - they come from different foundations.
All are attacking the data center convergence opportunity from their respective positions of strength.
"The technical nuances are all different but it is a platform that integrates a few of the distinct silos," says Jed Scarabella of IDC, on the converged IT data center platform market in general. "HP and IBM have something that integrates servers, networking and storage; Cisco doesn't own storage so it is partnering with EMC and NetApp for VCE and FlexPod; and Oracle is...really more of an application platform.
"They're trying to break down these silos because some of their customers are sort of at their wit's end: budgets are flat, and they keep being asked to do more," Scaramella says. "They've got to find a way to rein in their infrastructure."
Scaramella says there are two flavors of the converged data center infrastructure: the virtual platform that's more of an infrastructure offering - like IBM's PureSystem, HP's Converged Cloud, Dell's Virtual Integrated System and Cisco UCS; and the application play, like the Oracle Cloud Computing approach, in which the customer is looking at the application first and the hardware optimized to run that application comes along with it.
Each vendor is building the offering to their expertise, he says.
"IBM's expertise is integration," Scaramella says. "They did come in with a full-fledged, full thought out product."
IBM has broad hypervisor and operating system support, and they worked with a lot of independent software vendors (ISV) for the PureApplication component of PureSystem.
"That's the part the other guys may not have yet," Scaramella says. "That's something where Cisco knows they have to do a lot more with actual ISVs in getting the applications ready. That's where you'll see more announcements from Cisco over the next few years."
Or do they? Some analysts think Cisco deliberately stopped short of piling everything onto UCS.
"I don't think that these are even remotely competitive," says Joel Snyder, senior partner at Opus One. "The UCS approach has nothing to do with the software layered on top of it. It's a way to get servers provisioned fast, and it works well.
"What IBM seems to be doing is building on top of that a variety of pre-provisioned platforms that include more than just computes, but also storage. So there are some parallels, but Cisco is very careful to stop at the limit of what they can do, and they do not reach any further into things like storage."
IBM's PureFlex component of PureSystem seems to be a prebuilt chassis/storage combination intended to run PureApplication software packages, Snyder says. UCS might be more aligned with what IBM's doing with PureFlex but without the optimized application ecosystem of PureApplication.
"While you might be able to do some compare/contrast between Cisco UCS and PureFlex Systems, the PureApplication system is more like VMware and the VM Appliance marketplace they have tried to build," Snyder says. "So, yeah, I'm not seeing apples-to-apples here."
More Cisco News: “Where we buy is where we grow”—Cisco CEO
Chambers says Huawei is a tough competitor, but doesn’t always "play by the rules," drawing a sharp retort from the Chinese telecommunications vendor.
Cisco Systems over the past couple of years has seen the competition in the networking space grow rapidly, from the likes of Hewlett-Packard and Juniper Networks to Avaya and Arista Networks.
But the competitor that apparently is most on the mind of CEO John Chambers is Huawei Technologies.
In an interview with The Wall Street Journal, Chambers said that the giant Chinese telecommunications company, which last year made a strong push into the U.S. market, with hopes of grabbing some of Cisco’s leading market share, was a formidable competitor, and one that doesn’t “always play by the rules.”
Chambers’ comments came April 6 during a Journal-sponsored event in California, and in response to questions from reporters. He didn’t elaborate on what rules Huawei had broken. Chambers suggested the issues were around intellectual property.
"When you look at companies, one of the things you don't want to do—lack of transparency—you don't want to have people doubting, will you copy their intellectual property,” he said. “You don't want to have them doubting about is there security issues, etc."
He clarified that he was talking about Huawei in particular, not China itself.
“I would not interpret Huawei as China,” Chambers told The Journal. China will protect intellectual property when doing so is in the country’s “best interest. … And that day is coming.”
Chambers’ comments drew a sharp rebuke from Huawei. William Plummer, vice president of external affairs for the company, called the statements “unfortunate,” and said his company has “great respect for Cisco, and, like Cisco, Huawei has earned trust and respect in the over 140 markets in which we do business.”
According to The Journal, Plummer also noted that Huawei has 500 customers who are telecom operators as well as 50,000 patents of its own. "Huawei has a strong history of respect for the intellectual property rights of others, and the protection of our own," he said.
Cisco and Huawei have a history of tough competition, with Cisco reportedly suing Huawei for patent infringement, a case that was settled a year later.
The Chinese company’s networking business made a strong push into the North American market last year, hoping to grab some market share from Cisco and other vendors. It was the latest challenge to an enterprise networking space that has for years been dominated by Cisco. However, over the past couple of years, vendors like HP and Juniper have positioned themselves as lower-cost alternatives to Cisco, and have succeeded in stealing away some share in the switch and router markets, according to analysts. Cisco executives have hit back, saying their rivals only offer “good enough” networking solutions.
Chambers has been quick to point to Huawei as the rival he is most wary of. At the company’s Analyst Day in September 2011, Chambers brushed aside HP, Juniper and Avaya as threats. He had more cautious words for Huawei.
"Huawei—it's going to be a tough one," Chambers said. "Those first three [Juniper, HP and Avaya], I think we have a good chance of completely distancing them and leaving them behind, and I measure our success on whether we do that or not. Huawei is going to be a very tough long-term competitor.”
He suggested at the time that Cisco take the offensive in the competition with Huawei and make a strong push into the Chinese market.
However, Huawei in recent weeks has seen its share of struggles, due in large part of the perception that the company has a tight relationship with the Chinese government and military, a claim the company denies.
Huawei officials in March learned that the Australian government had banned the company from bidding on a $38 billion fiber-optic network in that country. Australian government officials did not say why they placed the ban on Huawei, though reports indicated that the country’s intelligence officers were concerned about recent hacking attacks that allegedly were tied to China.
In addition, Symantec executives last year decided to end a four-year alliance with Huawei, and last month completed the $530 million sale of its 49 percent stake in Huawei Symantec Technologies. The joint company develops network security solutions. Symantec officials last year said it was time for the joint venture to have a single owner. However, reports from The New York Times and others indicated that Symantec officials worried that Huawei’s close ties with the Chinese government would make it impossible for Symantec to receive classified information from the U.S. government regarding cyber-security threats.
---Original reading from eWeek.com
More Related Cisco News: “Where we buy is where we grow”—Cisco CEO
Cisco Catalyst switches equipped with the Enhanced Multilayer Image (EMI) can work as Layer 3 devices with full routing capabilities. Example switch models that support layer 3 routing are the 3550, 3750, 3560 etc.
On a Layer3-capable switch, the port interfaces work as Layer 2 access ports by default, but you can also configure them as “Routed Ports” which act as normal router interfaces. That is, you can assign an IP address directly on the routed port. Moreover, you can configure also a Switch Vlan Interface (SVI) with the “interface vlan” command which acts as a virtual layer 3 interface on the Layer3 switch.
On this post I will describe a scenario with a Layer3 switch acting as “Inter Vlan Routing” device together with two Layer2 switches acting as closet access switches. See the diagram below:
Interface Fa0/48 of the Layer3 switch is configured as a Routed Port with IP address 10.0.0.1. Two Vlans are configured on the L3 switch, Vlan10 and Vlan20. For Vlan10 we will create an SVI with IP address 10.10.10.10 and for Vlan20 an SVI with IP address 10.20.20.20. These two IP addresses will be the default gateway addresses for hosts belonging to Vlan10 and Vlan20 on the Layer2 switches respectively. That is, hosts connected on Vlan10 on the closet L2 switches will have as default gateway the IP address 10.10.10.10. Similarly, hosts connected on Vlan20 on the closet switches will have address 10.20.20.20 as their default gateway. Traffic between Vlan10 and Vlan20 will be routed by the L3 Switch (InterVlan Routing). Also, all interfaces connecting the three switches must be configured as Trunk Ports in order to allow Vlan10 and Vlan20 tagged frames to pass between switches. Let’s see a configuration snapshot for all switches below:
Cisco L2 Switch (same configuration for both switches)
! Create VLANs 10 and 20 in the switch database
Layer2-Switch# configure terminal
Layer2-Switch(config)# vlan 10
Layer2-Switch(config)# vlan 20
! Assign Port Fe0/1 in VLAN 10
Layer2-Switch(config)# interface fastethernet0/1
Layer2-Switch(config-if)# switchport mode access
Layer2-Switch(config-if)# switchport access vlan 10
! Assign Port Fe0/2 in VLAN 20
Layer2-Switch(config)# interface fastethernet0/2
Layer2-Switch(config-if)# switchport mode access
Layer2-Switch(config-if)# switchport access vlan 20
! Create Trunk Port Fe0/24
Layer2-Switch(config)# interface fastethernet0/24
Layer2-Switch(config-if)# switchport mode trunk
Layer2-Switch(config-if)# switchport trunk encapsulation dot1q
Cisco Layer 3 Switch
! Enable Layer 3 routing
Layer3-Switch(config) # ip routing
! Create VLANs 10 and 20 in the switch database
Layer3-Switch# configure terminal
Layer3-Switch(config)# vlan 10
Layer3-Switch(config)# vlan 20
! Configure a Routed Port for connecting to the ASA firewall
Layer3-Switch(config)# interface FastEthernet0/48
Layer3-Switch(config-if)# description To Internet Firewall
Layer3-Switch(config-if)# no switchport
Layer3-Switch(config-if)# ip address 10.0.0.1 255.255.255.252
! Create Trunk Ports Fe0/47 Fe0/46
Layer3-Switch(config)# interface fastethernet0/47
Layer3-Switch(config-if)# switchport mode trunk
Layer3-Switch(config-if)# switchport trunk encapsulation dot1q
Layer3-Switch(config)# interface fastethernet0/46
Layer3-Switch(config-if)# switchport mode trunk
Layer3-Switch(config-if)# switchport trunk encapsulation dot1q
! Configure Switch Vlan Interfaces (SVI)
Layer3-Switch(config)# interface vlan10
Layer3-Switch(config-if)# ip address 10.10.10.10 255.255.255.0
Layer3-Switch(config-if)# no shut
Layer3-Switch(config)# interface vlan20
Layer3-Switch(config-if)# ip address 10.20.20.20 255.255.255.0
Layer3-Switch(config-if)# no shut
! Configure default route towards ASA firewall
Layer3-Switch(config)# ip route 0.0.0.0 0.0.0.0 10.0.0.2
NOTE: More discussion of Cisco Layer 3 switch-InterVLAN Routing Configuration from Cisco users you can visit: networkstraining.com
Discussion: Router vs. Layer 3 Switches
Cisco ASA firewall licensing used to be pretty simple, but as features were rolled out as licenses, the scheme became quite complex. The matters are further complicated since different appliances and versions change the rules. This document will help you make sense of ASA licensing, but is not intended to be used as a design guide. Make sure you work with your reseller if you are looking to deploy these features.
Security Plus licensing exists only on 5505 and 5510. On the 5505 it has the following effects:
- Upgrades the maximum VPN sessions from 10 to 25.
- Upgrades the maximum connections from 10,000 to 25,000.
- Increases the number of VLANs from 3 to 20 and enables trunking.
- Enables optional stateless active/standby failover.
On the 5510 it has slightly different set of features it enables:
- Upgrades the maximum connections from 50,000 to 130,000.
- Moves 2 of the 5 FastEthernet ports to 10/100/1000.
- Increases the number of VLANs from 50 to 100.
- Enables security contexts and allows for 2. Up to 5 can be supported on the 5510.
- Enables optional active/active and active/standby failover.
- Enables VPN clustering and load balancing.
The CISCO 5520 and up do not have Security Plus licensing. They come with the Base license and need nothing more to get the most performance out of the unit. Update: As Stojan pointed out in the comments, the 5585X series does have Security Plus licenses which enables the 10GB SFP+ slots.
Cisco ASA 5505 User Licenses
The 5505 is the only ASA which has a restriction on the number of “users” behind a firewall. A user is considered an internal device which communicates with the external VLAN. By default the 5505 ships with a 10 user license but can be upgraded to 50 or unlimited users.
SSL VPN Licenses
SSL VPN debuted on the ASA when it was first released but has evolved more than any other licensed based feature on the ASA.
SSL licenses break into two general types: Essentials and Premium. Essentials provides AnyConnect client based connections from personal computers including Windows and Mac systems. Installing an Essentials license allows for up to the maximum number of VPN sessions on the platform to be concurrently used for SSL. For example, a 5510 would immediately allow for up to 250 SSL VPN connections from the AnyConnect client. These licenses are relatively inexpensive, currently priced around a hundred dollars with the price varying per platform. These are platform specific SKUs so make sure the one you’re buying matches the device it is going on. For example, on the 5510 make sure the license is L-ASA-AC-E-5510=. AnyConnect Essentials licenses debuted with ASA release v8.2.
Premium licenses are more complicated than Essentials. Premium licenses allow for both AnyConnect client based and clientless SSL VPN. Clientless VPN is established through a web browser. While it is typically less functional than AnyConnect client based VPN, it is adequate access for many users. Additionally, Cisco Secure Desktop (Host Scan and Vault functionality) is included. Premium licenses do not max out the unit they’re on of SSL VPN sessions as does the Essentials license. Instead, this is a per seat license that can be purchased in bulk quantities. These quantities are 10, 25, 50, 100, 250, 500, 750, 1000, 2500, 5000, 10000 with each platform being able to support only the maximum number of licenses which it supports total VPN connections (ex. 5510 supports up to 250). These tiers must be observed when adding additional licensing. For example, if an administrator needed 35 concurrent clientless connections a 50 connection pack would need to be purchased. The 10 and 25 cannot be stacked. Cisco does offer upgrade licenses to upgrade tiers. Premium licenses are significantly more expensive than Essentials. Contact your reseller for pricing on Premium licenses.
If a VPN license is activated on an ASA, it will overwrite any existing VPN license. Be careful!
HA Pair License Dynamics
Prior to ASA software v8.3, licenses had to be identical on a HA pair. A 5510 with SSL VPN enabled wouldn’t pair with a 5510 lacking SSL VPN. As of v8.3, most licenses are replicated on a HA pair. On a 5505 or 5510 both ASAs require Security Plus licenses since Security Plus enables the HA functionality. SSL Essentials and Premium are replicated between licenses.
In an active/active pair, license quantities (when applicable) are merged. For example, two 5510s are in an active/active pair with 100 SSL Premium seats each. The licenses will merge to have a total of 200 SSL VPNs allowed in the pair. The combined number must be below the platform limitation. If the count exceeds the platform limit (ex. 250 SSL VPN connections on a 5510) the platform limit will be used on each.
ASA Flex licenses are temporary SSL VPN licenses for emergencies or situations where there is a temporary peak in SSL VPN connections. Each license is valid for 60 days. Perhaps these are best explained as a scenario.
XYZ Corp. had some flooding in their corporate office which houses 600 employees. They own an ASA 5520 with 50 SSL Premium licenses. Cisco’s Flex licenses will allow them to temporarily ‘burst’ the number of licenses their 5520 is enabled for. The key for 750 users is added to the 5520, starting the 60 day timer. The 5520 is now licensed to support up to 750 SSL VPN users on client based or clientless VPN. After 60 days the key will expire.
If XYZ Corp. has their building up and running again earlier than 60 days, the administrator can disable the temporary license by reactivating the permanent license they were previously using. This will pause the timer on the Flex licenses, allowing them to use the remainder of the time in the future.
Cisco’s Flex license documentation is pretty good and explains some of the gotchas around the licenses. Be sure to read it before purchasing and using the license.
AnyConnect Premium Shared Licenses
Large deployments of SSL VPN may require multiple ASAs positioned in multiple geographic areas. Shared licenses allow a single purchase of SSL VPN licenses to be used on multiple ASAs, possibly over large physical areas. Starting with software v8.2, Cisco allows the shared license to ease this situation. Shared licenses are broken into two types: main and participant. The main license starts at 500 SSL Premium sessions and scales to 100,000 sessions. The main license acts as a license pool which participants pull from in 50 session increments. A secondary ASA can act as a backup in case the primary fails. There is no specific backup license, as the ASA only requires a participant license. If there is no secondary ASA, the participant ASAs may not be able to reach the main ASA in the event of a connectivity problem. The participant ASA is able to use the sessions that were last borrowed from the main for 24 hours. Beyond 24 hours, the sessions are released. Currently connected clients are not disconnected but new connections are not allowed.
In Active/Standby mode, the server ASA is actually the ASA pair. The backup ASA would be the backup pair. The standby server in a pair wouldn’t be the shared license backup. The manual explains this concept pretty well:
“For example, you have a network with 2 failover pairs. Pair #1 includes the main licensing server. Pair #2 includes the backup server. When the primary unit from Pair #1 goes down, the standby unit immediately becomes the new main licensing server. The backup server from Pair #2 never gets used. Only if both units in Pair #1 go down does the backup server in Pair #2 come into use as the shared licensing server. If Pair #1 remains down, and the primary unit in Pair #2 goes down, then the standby unit in Pair #2 comes into use as the shared licensing server.” –http://www.cisco.com/en/US/docs/security/asa/asa84/license/license_management/license.html#wp1487930
Advanced Endpoint Assessment
Advanced Endpoint Assessment will scan a SSL VPN client using Cisco Secure Desktop for security policy compliance and attempt to remediate if the system is out of compliance. This is similar but a little less feature-rich than NAC. Licenses are simple for Advanced Endpoint Assessment. One license per ASA is required in addition to SSL Premium. If the ASA is in a HA pair, one license per pair is required if using ASA software v. 8.3(1) or later.
Security Contexts are virtual firewalls. Each context allows for its own set of rules and default policies. Security Contexts are sold in quantities of 5, 10, 20, 50, 100 and cannot be stacked. Cisco sells incremental licensing to move between tiers. Note that two security contexts are used when in a HA pair.
Unified Communications Proxy Licenses
Cisco UC Proxy allows for Cisco IP phones to create a TLS tunnel between a remote phone and the ASA located at a corporate office. Typically if a secure connection between a phone and office were required, a firewall would have to sit at the user’s location. In many cases this would be a 800 series router. This deployment architecture doesn’t scale well due to management costs and cost of routers with their corresponding SMARTnet. UC Proxy bypasses the router and uses the IP phone as the VPN endpoint.
UC Proxy licenses are sold in numerous tiers ranging from 24 to 10,000 concurrent connections. The licenses cannot be stacked, but incremental licenses can be purchased.
AnyConnect Mobile Licenses
Out of the box, ASAs do not accept connections from mobile devices such as iOS or Android systems. The AnyConnect Mobile client must be installed on the client’s device. In addition to the client, the ASA must have AnyConnect Essentials or Premium enabled and a Mobile license used in conjunction. Only one Mobile license is required per ASA. The Mobile license inherits the number of SSL users allowed by Essentials or Premium.
Intercompany Media Engine
IME is a UC feature which allows for interoperability between organizations using Communications Manager. Licensing is simple, as a single IME license is required on the ASA.