What does this mean?  In Cisco’s view of the world this means supporting the transport of Fibre Channel, Fibre Channel over Ethernet, iSCSI, NFS and CIFS in a scalable and dependable fashion.

What is the Nexus 4000?

The Nexus 4000 is the 5th release of the Nexus line of switches (counting the UCS 6100 as a release).  This switch fits in the blade center form factor. It is intended to be used in the place of the Catalyst 3000 and 3100 series blade switches. It is a full featured Nexus switch, very similar to it’s big brother the Nexus 5000.

What protocols will it support?

In keeping with Cisco’s vision of a Unified IO platform in the data center the Nexus 4000 will support Converged Enhanced Ethernet (CEE) (yes, they finally caved on the naming) as well as providing the same reliable transport of iSCSI, NFS, and CIFS that you get with the Nexus 5000.

What blade centers will it work with?

Cisco is playing close to the chest announcing what blade server vendors will support this product.

My initial gut reaction was that HP would not be supporting this product, however I just saw that HP is OEM’ing the Nexus 5020. It would make sense that they would support the Nexus 4000 in their C Class blade centers, though only time will tell.

IBM however has been very supportive of integrating Cisco technology, as well as OEM’ing the Nexus 5000 switch in their portfolio. I fully expect the Nexus 4000 to be supported in the IBM BladeCenter platform, though again I cannot confirm.

Dell also has resold Cisco blade switches, and although they do not OEM the nexus 5000 they have been large proponents of the Nexus solution and unification of IO workloads throughout their platforms.

Is it the same as a Fabric Extender?

The Nexus 4000 is not a Fabric Extender. What is the difference? A Fabric Extender is a really efficient multiplexer. While using a Fabric Extender the main goal is vast simplification. What you end up with is a dumbed down remote line card that provides simple, fast services to your access layer. This is great for most uses, however there are instances where you need to provide richer services. A full function switch like the Nexus 4000 is appropriate in this case.

What does it run?

The Nexus 4000 runs NX-OS, Cisco’s data center switching operating system. This is the fourth release of what was previously named SAN-OS which ran on Cisco’s MDS line of SAN switches. This operating system is shared between the Nexus 7000, 5000, 4000, 1000v,UCS Fabric Interconnect and MDS line of SAN switches. Now you can have a consistent operating system platform from your data center core, all the way down through your blade switches and into your virtualization layer.

When will it be available?

Just like when the 3000 and 3100 series blade switches got announced, we are going to have to wait on the individual server manufactures to announce support at their own pace. My gut feel says we will be waiting a couple months for units to get out, and for the vendor certification process to complete. Though with business picking back up, this product may get out sooner.Similar Posts:

• Simplifying your Data Center with Cisco’s Nexus 2000 Fabric Extender (FEX)
• Cisco Nexus 7000 DataCenter switch released – Welcome to DataCenter 3.0
• Nexus 5020 – Consolidated 10 Gig Ethernet and 4 Gig Fibre Channel
• Cisco NX-OS 4.0 | Next Generation Internet Operating System
• Cisco introduces the C-Series Rack Servers
• Cisco’s Unified Computing System – It’s not just a blade center

--Colin McNamara

Cisco Nexus 4000 Blade Switch

“it looks like one of the key features not on the list of components for the California boxes is going to be a red discount pen”

Timothy references sources who have obtained a price list and shared it with “El Reg” . I wish Timothy would have contacted an actual Cisco Unified Computing System Advanced Technology Partner, because any partner that is involved in the launch could have explained to him the concepts of List price (List), Manufacturers Suggested Retail Price (MSRP), and Purchase or Buy price.

In this article I want to dispel the myths of server and network manufacturer pricing, demonstrate the true cost of building a data center with blade systems, and at the end provide a cost comparison between legacy server vendors options and Cisco’s Unified Compute System.

First, lets go over some the basic concepts of vendor pricing. At the end of this you should understand the difference between list price, manufacturers suggested retail price, and purchase price.

List Price

List price is a high level number that Cisco publishes weekly in its global price list. The purpose of this list price is to provide a uniform price list across all product sets that Cisco offers. The most important thing about list price is NOBODY EVER PAYS LIST PRICE. Let me repeat that again NOBODY EVER PAYS LIST PRICE. Are we clear? This is similar to list price on a car on the car lot. All list price provides is a starting point where a Cisco partner and a customer can negotiate a common discount and end up with something close to (generally at or below depending on technology type and yearly spend) MSRP.

Manufacturers Suggested Retail Price (MSRP)

This concept is something that anyone who has purchased a car before is familiar with. The number that is on the window of the car when you look on the lot is list price. The first number the dealer brings up lower then sticker is MSRP. Depending on the popular of the product, the competition in that particular space, and the negotiating power of the customer you will either pay that price, or some percentage below. For example if you are buying one new car you may have the negotiating power to get the price to drop 5% off of list. If you are buying 200 new cars (say a fleet) you have significantly higher negotiating power, and you may be able to drop the price by 15% of of list price.

In Networking Sales MSRP is significantly less then list price. A good exercise to see what this number is, is to find a device, say a WS-C3560E-12SD-E (3560 with 12 Gig SFP ports and 2 10 Gig ports) in the Global Price List. You have access to this at any partner level at www.cisco.com/dprg . (my point here is that this is no big secret). As of Friday June 12 2009 the LIST price for this product is $19,995.

Now take that same part number - WS-C3560E-12SD-E and pop it into your google search window. Within the top four links I found this product for $12,434.15 . This price is for  pure fulfillment, with no value added consulting or design work from you local Cisco partner.

If you do the quick math, this price difference is equal to 38% off of list price. Come to your own conclusions, but it would be safe to say that this could be considered MSRP for Cisco products.

Purchase / Buy Price

Buy price is just that, the price at which the customer purchases (buys) the product. This is can be at MSRP, or if the customer is buying significant amounts of hardware at a time, or if there is a “special” (programs and incentives) going on the number could be slightly lower then MSRP.

Percent off of list differences between legacy server vendors and networking vendors

This is where the biggest confusion is coming from. Legacy server manufacturers  have set their list prices much closer to MSRP then networking vendors (remember, MSRP is the price where most customers purchase at).

Why is this? In the networking space, vendors have historically created their own processors, ASICS and boards. This means that the sales discussions are feature to feature. It also meant that you had to have a conversation with the networking vendor or networking partner to properly size your network devices and get a quote – which is around MSRP, not List price.

In the legacy server space, especially the majority of the x86 server space, the market has been essentially commoditized. E.G. – You can buy an intel based server with X amount of memory and hard drives that will perform roughly equally from any of the main manufacturers. That made it much easier for a sever admin to just pull a price off of the web and compare. So what the server vendors ended up doing is setting their list price  only slightly above MSRP.

What this translates to is the list price, between legacy compute vendors and Cisco will be drastically unequal. What is equal is MSRP, or the generally accepted purchase price by common customers.

Why did Cisco set the list price of UCS higher then the legacy server manufacturers?

For the vast majority of its sales, Cisco relies on what is called the channel model. This means that Cisco partners with local Value Added Resellers (VAR’s) who sell Cisco’s products and then provide consultative services to design and implement them in customer networks. Most customers who purchase any regular amount of Cisco product either have a general expectation that they will buy Cisco product at a certain percentage discount off of list and sometimes the partner and customer have entered into purchasing contracts which require that all Cisco product is provided at a specific discount off of list price.

If Cisco decided to set the List price at a small percentage lift over MSRP, this would cause a problem for the entire channel. This would be especially hard for any customer who had a contract to buy product at a specific discount. What would happen is contracts would have to be renegotiated, which generally takes months and is about as fun as pulling teeth.

The second reason for setting list price the for compute the same as list for network is quoting. Right now, if you buy hundreds of different Cisco devices through a reseller it is very likely that the discount is going to be the same across all products. This makes the mechanics of sales much simpler, because you don’t have a lot of math in the quote (this can cause errors). On the customer side, having one set discount makes it much easier to compare quotes and to ensure that they are getting the best deal possible. In short, sticking with Cisco’s current list pricing structure benefits both the customer and the partner.

Now that we have set the record straight on list price, MSRP, and Buy price, lets take a deeper dive into what components make up a blade system powered data center. And then we will compare the price structures of both.

Components of all Blade Systems

Blade Server – The compute blade where commodity silicon elements such as the CPU and RAM are housed. As of writing this article, the latest high performance blades from all major server manufactures support two xeon 5500 processors (Nehalem) and DDR3 memory.

Mezzanine cards – These cards take the place of PCI-e cards in a rack form factor server. In a blade system these provide data network and storage network connectivity. They attach to the blade itself via proprietary connectors that implement either PCI-e 8 or 16 lane connectivity at the time of writing. In some cases other functions such as IO accelerators can also be attached in the mezzanine card form factor.

Blade Enclosure – This is functionally a tin can where eight to sixteen blades are placed. It also is used to provide a centralized power distribution fabric, as wells as slots for interconnections of data and storage network devices.

Data Network Modules – These are effectively ethernet switches that have been miniaturized to fit into the tight confines of a blade enclosure. Classically they have provided 1 gig connectivity to the servers, and 10 gig to the distribution layer, however with Nehalem processors and VMware there is a move towards presenting 10 gig connections to the server, and multiple 10 Gig connections into the distribution layer.

Storage Network Modules – The local disk in a blade server is classically anemic. To provide higher IOPS (input outputs per second) to disk, Fibre Channel connectivity is extended by taking SAN fabric switches and miniaturizing them to fit into the blade enclosure.

Data Network Distribution – If you have multiple blade enclosures there is a need to connect them together at a reasonably high bandwidth. To serve that need a variety of 10 Gig distribution switches are provided from all server manufactures at varying cost and performance levels.

Storage Network Distribution – Along the same lines of the data network distribution, SAN fabric switches have to aggregate up to a SAN distribution layer, or if the installation is reasonably large a “director” class SAN switch. This allows all the blade enclosures to see the same storage network, as well as providing for deterministic storage network performance as you scale out.

Management Infrastructure – All manufactures have a need to manage and monitor all of the devices that comprise their blade system. Many manufactures have multiple management modules per blade enclosure.

Comparison of Costs – Cisco vs Legacy Server Manufacturers

The funny thing, is that many people have assumed that Cisco’s Unified Computing System will be priced higher then legacy server manufactures products. In my mind this is because they associate higher quality with higher price (basically the Mercedes vs Kia discussion). Here is something that will shock you - it costs less to buy an entire blade system through Cisco then to buy from the legacy server manufacturers.

When people hear this, they are puzzled. How can two server manufacturers, who buy their CPU’s from the same company (Intel) and their memory from the same fabs end up with different prices? The answer is elegance in engineering. Lets go through each of the elements of a blade system infrastructure and find out where the costs are. More importantly lets look at where Cisco has innovated to provide higher performance at a lower cost.

Dollars and Cents – How much is the cost difference

I worked up two quotes recently. These quotes included all elements required to build an end to end blade system using both legacy server manufactures devices, and using Cisco’s Unified Computing System. I have broken out two scenarios.

8 blade servers - Cisco wins with a savings of 11%

In this scenario the cost of servers and enclosures were fairly equal. The cost savings started racking up as storage and data networking devices were included, as well as base management software was taken into consideration.

320 blade servers - Cisco wins with a savings of 31%

With 32o blade servers the same cost savings seen in the 8 server scenario were amplified. Economies of scale translated into significantly less devices being required to support the individual compute blades. This resulted in 31% savings compared to the legacy server manufacturers.

Summing it up

Cisco has entered into a highly competitive server market by taking an elegant approach to its blade systems. This approach lowers the purchase price of the UCS through reducing the amount of components compared to legacy server manufacturers. I know that there is a lot of misinformation flying around, and I hope this helps to set the record straight on the pricing of Cisco’s Unified Computing System.Similar Posts:

• Cisco Nexus 4000 Blade Switch
• Simplifying your Data Center with Cisco’s Nexus 2000 Fabric Extender (FEX)
• Cisco introduces the C-Series Rack Servers
• Nexus 5020 – Consolidated 10 Gig Ethernet and 4 Gig Fibre Channel
• Cisco’s Unified Computing System – It’s not just a blade center
• Is your network ready for Cloud Computing with Virtual Infrastructure 4?

--Colin McNamara

Confusion about Cisco UCS pricing – Setting the Record Straight

Why do I say that? It is simple, every server that moves from a corporate data center into a cloud provider is a switchport and fibre channel port (and now server) that is not purchased from Cisco. More so, each system that is moved into the cloud hurts secondary sales of security and content switching products.

The promise of enterprise cloud computing

The ability to dynamically scale enterprise compute workloads while only running a “right sized” private infrastructure is top of every CIO’s mind. This is the promise of cloud computing in the enterprise space. However, right now most cloud offerings are too new, and lack the critical integrations with VMware or XenSource (the two most common enterprise virtualization platforms) to make a serious dent in Cisco’s revenue stream. But fast forward 12 to 16 months and the kinks will be worked out. Projects that would previously have required new capital infrastructure will be restructured to use cloud providers as an operational expense. This will present a real threat to Cisco’s revenue moving forward.

John Chambers and his team of technologist are not new to this game, this is not the first threat to Cisco’s sales model. And I am sure that it won’t be the last. So if I was in their shoes, what would I do? (and more specifically, what do I think they are doing)

Create a compute platform that can power the cloud at a much lower cost that my competitors

Cisco publicly announced their computing offering, the Unified Computing System in March of this year. The promise of the UCS is to minimize power, cooling, capital costs and management overhead of data center compute. Looking at this new product line from an enterprise sales perspective it makes sence. For Cisco to continue with their growth plans they had to choose to enter the Compute or Storage markets, with the compute (server) market being the logical step.

While the Unified Computing System is well placed as an enterprise computing platform, I think there is a larger goal in mind. The large goal is to make a platform that can be shared by Cisco’s largest enterprise clients in their emerging private clouds, as well as by Cisco itself for it’s own cloud offering. By producing their own servers, with technology that Cisco alone has access too (memory expansion / hypervisor bypass) Cisco sets themselves up to have both lower hardware costs in their own cloud, as well as lower operational costs (power/cooling). This will provide Cisco with higher margin at the same price point as their competitors.

Distribute application aware network devices at customer locations

Cisco already has a significant edge over any competitive cloud offering. A vast majority of enterprise customers already run Cisco routers, switches and firewalls. If Cisco decided to say, port the TCP optimization code from their WAN acceleration platform into IOS, and configure it to work with their own cloud offerings this would give them an immediate leg up on the competition. Combine this with the existing WAAS auto discovery and Cisco could conceivably automatically integrate a cloud based caching offering with a customer’s onsite devices.

Create an application centric cloud security model that can be integrated with virtualization platforms

Last year Cisco announced a new approach to security called Cisco TrustSec. This technology includes a change from layer 4 based acl’s to an application focused role based implementation. This is applicable in the cloud environment because it provides a standard integration for controlling the access to and mobility of applications as they travel between public and private clouds.

An interesting side bar, is the fact that when integrating public and private clouds, there will always be applications that you want to keep on your internal cloud. The easiest way to do this is to put some sort of meta information on the virtual server containing a flag that this server should only run on the private cloud. With VMware there are fields that are used for DRS that can house just such data. I would not be surprised that with all the work that Cisco and VMware have been doing together if this was not implemented with vSphere (Virtual Infrastructure 4).

Learn as an organization how to profit from a SaaS model

I think this last piece of the puzzle has been overlooked by many people. Cisco already has in house experience dealing with a massive Software as a Service (SaaS) offering – Cisco WebEx. In acquiring WebEx Cisco also acquired the talent and technology behind the worlds largest collaboration platform. Cisco should be able to take the lessons learned from running and improving this platform, and apply them to their upcoming cloud offering.

Summary

Cisco has to go to market with a Cloud offering to maintain long term viability as a company. When they do they will have the benefit of lower cost of building and operating the grids that their cloud offering will run on. They will be able to leverage millions of Cisco network devices in their current install base as well as provide application centric security integrated with these same devices. And most importantly they will be able to use the lessons learned from running WebEx to ensure flawless delivery of an upcoming cloud computing offering.Similar Posts:

• Cisco EMC and VMware partneship VCE VBlocks Acadia and the Partner Ecosystem
• VMworld 2009 Schedule
• Is your network ready for Cloud Computing with Virtual Infrastructure 4?
• Where is Colin ? Passing the VCP exam (VMware Certified Professional)
• Unified Computing Podcast with Cisco Interactive Network
• Cisco releases Nexus 1000V virtual switch for VMware

--Colin McNamara

Cisco’s Cloud Computing Offering

The boundary between server team and network team responsibilities has become “fuzzy”

Cisco address’s this issue by putting a switch that can be managed via the same methods common to other network devices inside the ESX cluster. This switch runs the same code that has become standard on Cisco’s Nexus series of Data Center switches – NX-OS.

Prior to adoption of virtualization, when there was a connectivity problem with a host it was quite common for the network team to verify functionality down to the switch port. The server team would do the same. This allowed for each team to focus on areas that met their core competancy. Once we moved from a real switch port, to a dumb bridge inside ESX, lots of finger pointing resulted.

Now, with a Nexus 1000V sitting virtually inside the ESX clusters, the boundary between network and systems teams has been re-estabilished. Now when there is a problem with a host inside an ESX cluster, the network team can use the same day to day troubleshooting tools available to them in other portions of the network to resolve issues faster, and with less finger pointing.

Security controls have been moved further away from the hosts then we would like

A best practice for applying security policy is to apply controls as close to the source as possible. Think of this analogy – Your kids are blasting Radio Disney from their computer. Which of the following do you do?

A. Turn down the speakers at the source

B. Distribute earplugs to all members or the household

Of course, the obvious action is to go to the source, and apply a control (turn down the volume, and tell the kids to clean their rooms). The same principle is valid on the networking side. The best practice is to apply security policies such as VLAN ACL’s and TrustSec policies directly to the switchports that host your switches. Before the Nexus 1000V this was impossible to do in ESX, and forced many environments to move security controls further up into the distribution layer. The side effect of this was that now the security stance from host to host inside ESX clusters was diminished.

The Nexus 1000V brings something called port policies to the table to address this. What these are is pre-configured application security descriptions that are available to you systems administrators to apply in a point and click fashion. Once these policies are applied to the virtualized host, they follow the host where ever it is moved in your virtual cluster.

Provisioning and integrating the networks of VMware ESX clusters with classic networks for most is challenging at best

I wrote an article in march about this specific issue in my post – Challenges integrating VMware into Cisco networks . The core of this issue is that in general that the network integration portions of VMware ESX clusters is not really designed to address server teams , or network teams. In fact, you need to be pretty savy with both portions to successfully integrate VMware clusters into your network. In the real world, you generally find people that are good at one or the other, not both.

By putting a Nexus 1000V in your VMware clusters, you know give the networking teams something they can understand without having to learn Linux, and how it handles bridges (key to understanding ESX networking). With a Cisco switch running virtually inside your clusters, network teams can follow standard core / distribution / access models with the access layer now residing inside the ESX clusters. The network teams can also leverage their existing LAN switching skills for integrating the virtual switches in the clusters with the existing Data Center switching fabrics.

With these roadblocks addressed, Cisco is moving to further the DC 3.0 vision

To realize the DC 3.0 vision, the network inside of VMware clusters had to be under control, and follow the same architectural guidelines that the rest of our network is subject to. With the Nexus 1000V this is now a reality. The next steps withing the DC 3.0 vision to are to extend virtualization and mobility throughout our storage fabrics, and to continue to extend virtualization to the network as a whole, as well as focusing on application virtualization and acceleration to truly realize the vision of cloud computing in the data center.

On the storage virtualization side, Cisco will be using a technology called FlexAttach to enable virtual and physical hosts to change locations in the datacenter without storage team intervention (more on this in a near future post). And on the application virtulization and acceleration side, expect Cisco to continue to enhance it’s existing Application Control Engine (ACE) and Wide Area Application Services (WAAS), and further integrate these into their virtualization offerings.

Want to learn more ?

Introduction to VN-Link network services – Cisco.com

Nexus 1000V overview – Cisco.com

VMware distributed vNetwork switch demo – VMware.com

Challenges integrating VMware into Cisco networks – colinmcnamara.com

Douglas Gourley speaking about how Cisco and VMware will drive Cloud Computing in the Data CenterSimilar Posts:

• Altor Virtual Network Security Analyzer (VNSA) integrated with Cisco’s Nexus 1000v for VMware
• Cisco Nexus 4000 Blade Switch
• Nexus 5020 – Consolidated 10 Gig Ethernet and 4 Gig Fibre Channel
• Where is Colin ? Passing the VCP exam (VMware Certified Professional)
• Simplifying your Data Center with Cisco’s Nexus 2000 Fabric Extender (FEX)
• Is your network ready for Cloud Computing with Virtual Infrastructure 4?

--Colin McNamara

Cisco releases Nexus 1000V virtual switch for VMware

He writes about “the VLAN leaking myth” and how it encourages clients to utilize physically separate network infrastructure in the DMZ’s. Now first things first, I wouldn’t call VLAN leaking a myth. At one time it was a very real and serious vulnerability that was exploited by overflowing the capacity of the switch you were attacking, and causing it to “downgrade” from switch to a hub. Once this happened you now had access to previously protected devices, as well as having the ability to sniff data as it passed through the shared hub backplane.

As he mentions though, this is 8 years ago. Most switches have evolved to the point where backplanes far exceed the traffic that could ever be injected into their switchports. Even beyond backplane enhancements there are many ways to further firm up your security stance – Virtual Device Contexts, not using Layer 3 SVI’s on a DMZ VLAN, utilizing PVLANs, using port security, virtual routing instances, and many more. Of course, there are still many other attack vectors that still remain, but can be mitigated by utilizing features built into the majority of enterprise switches available today.

I think the real question is not “are VLANs safe in a DMZ”. The important question is have you mitigated the probability of compromise (the actual threat) to levels that are acceptable to your business. This question remains whether you have a standalone switch or not. So many times we hear about risk risk and more risk. But risk alone is meaningless in a business context. What is important is combining risk with likelihood. For that I like to use a simple table to come up with the true threat.

For example, as I drive to Fry’s there is the risk of me dying due to a car crash. The impact of me dying is very high (risk) however the likelihood of an accident is low, and furthermore I reduce (mitigate) the latent risk (threat) by wearing my seat belt. So all in all the threat of me dying on my way to Fry’s is pretty darn low.

In a business context this may be that I have public facing web servers and network devices in my DMZ. The impact of them being compromised is that my public image may be tarnished for a short time, and my end users may lose productivity if they are not able to VPN into work, or access the Internet while on premise. I mitigate this risk by using firewalls and both host and network based Intrusion Prevention Systems as well as implementing best security practices on my network and systems devices. The latent risk (threat) remaining is at a level that is acceptable to the business leaders, so the system is allowed.

One question that I have seen coming up more often as we move towards fully virtualized data centers is centered around commingling of virtual infrastructure. There are some hard questions which challenge some practices that we have held true over the years.

• Should you allow sharing of physical memory on a host virtual machine between an internal and DMZ server?
• Should you allow virtual infrastructure from multiple security zones to share a storage array or cluster of arrays?
• Should you allow multiple virtual switches in different security zones commingling on the same ESX or Hyper-V cluster?
• Should you allow virtual firewall and load balancing instances protecting internal and external zones to reside on the same hardware?
• Should you allow virtual routing instances from multiple zones to share a physical infrastructure?

In the past world of standalone systems, the additional cost of providing a wholly separate infrastructure for DMZ environments was relatively low. Each system generally had internal disk, or at most direct attached storage. Network devices themselves were scaled down to support one chassis one function. This fit quite neatly into the Enterprise Composite Network model that was quite common from 1999-2003.

Now, many data centers have moved to the Service Oriented Network Architecture (SONA). In this model the cost of a virtualized data center is primarily focused on foundation elements such as the virtual storage and virtual fabrics, virtualized network, and virtual systems elements. The cost of providing additional virtualized services off these elements is low, however the cost of duplicating the physical infrastructure is quite high on both the capital and operational levels. This is forcing the technical and executive leadership at many companies to take a long hard look at the true threats they are facing in previously physically separate security zones such as DMZ’s, Financial and other secure zones. In the end, they are having to decide whether the threat remaining after their security controls is worth duplicating hundreds of thousands of dollars worth of infrastructure or not.

These are hard questions, with really no single good answer. My gut feel is that over the next few years we will continue the move towards the fully virtualized data center where components such as memory, PCI-X buses, storage and network devices are even further decentralized. This will make the cost of duplicating the infrastructure more and more significant, causing consolidated data center (or compute) fabrics to be the norm. At this point the discussion will move away from securing zones by creating separate infrastructure, to providing end to end security, starting integrated application level security, maybe with TrustSec or a dirivative, all the way down to securing the data at rest on disk. For the time being however, the best we can do is sit down and do an honest appraisel of our security stances, mitigate what we can, and do our best to design data center architectures that provide the flexibility of implementing whatever choice the technical and business leaders agree on.Similar Posts:

• Moving towards a Green Data Center – Truth behind the hype
• Cisco’s Cloud Computing Offering
• About Colin McNamara
• Simplifying remote site security with Cisco’s new video surveillance modules on the ISR
• Interesting TechWise TV episode on virtualization
• Cisco releases Nexus 1000V virtual switch for VMware

--Colin McNamara

Measuring and mitigating risk involved with sharing virtual infrastructure between DMZ and Internal environments

In that spirit, my schedule is listed below. If you are in the area, it would be great if you would stop by and say hello.
“6/23/08″ “11:00 AM”"Certification Exam  –  Certification Exam”
“6/23/08″ “1:30 PM”"BRKCCT-1001  –  Contact Center Welcome Session: Focusing on the Experience”
“6/23/08″ “5:00 PM”"WoS Reception 1  –  Welcome Reception in World of Solutions”
“6/24/08″ “8:00 AM”"certification focus group  –  certification focus group”
“6/24/08″ “9:00 AM”"BRKITI-1031  –  Cisco Data Center 3.0 Strategy and Business Impact”
“6/24/08″ “10:00 AM”"GENKEY-1001  –  Keynote and Welcome Address with John Chambers”
“6/24/08″ “12:00 PM”"ITIPCS-1015  –  NetQoS: Getting the Most from Cisco WAN / Application Acceleration Technologies”
“6/24/08″ “1:00 PM”"BRKDEV-1221  –  Applying Cisco’s Nexus Operating System (NX-OS) and DCNM APIs to Emerging Data Center Infrastructure”
“6/24/08″ “2:00 PM”"BRKDEV-1001  –  Cisco Application eXtension Platform”
“6/24/08″ “3:00 PM”"GENSSN-1001  –  Super Session: The Power of Collaboration Panel”
“6/24/08″ “4:00 PM”"BRKSEC-3007  –  Solving Security Challenges with Embedded Event Manager”
“6/24/08″ “7:00 PM”"BRKAGG-2001  –  Multiservice Edge Architectures and Solutions for Service Providers”
“6/25/08″ “6:00 PM”"CCIE Appriciation  –  CCIE Appreciation part – Nascar Grill”
“6/25/08″ “9:00 AM”"BRKDEV-1111  –  Location Based Services using Cisco Location API”
“6/25/08″ “10:00 AM”"GENKEY-1002  –  Cisco Technology Keynote with Padmasree Warrior”
“6/25/08″ “12:00 PM”"ITIPCS-1019  –  Fluke Networks: General Parts Uses Embedded IOS Technologies to Successfully Manage Inventory at Retail Locations:
“6/25/08″ “1:00 PM”"BRKDEV-1051  –  ANA Technical Session and Demo”
“6/25/08″ “3:00 PM”"GENSSN-1002  –  Super Session: The Data Center–Evolution and Transformation:”
“6/25/08″ “4:00 PM”"BRKDEV-1131  –  Customer Voice Portal Application Development”
“6/25/08″ “8:00 PM”"Customer Event  –  Customer Appreciation Event”
“6/26/08″ “9:00 AM”"BRKITI-1034  –  Realize Business Goals through Network Architecture Solutions”
“6/26/08″ “10:00 AM”"GENKEY-1003  –  Closing Keynote Address and Guest Speaker, Ben Stein, Actor/Writer/Columnist”
“6/26/08″ “1:00 PM”"BRKCCIE-3003  –  CCDE: The Cisco Certified Design Expert”
“6/26/08″ “3:00 PM”"BRKDEV-1171  –  Managing  Network Performance using the New IOS Data Collection Services”
“6/26/08″ “4:00 PM”"BRKDEV-1181  –  Configuration and Provisioning using IOS  XML API”Similar Posts:

• Cisco Live 2009 – Networkers class schedule
• Cisco Live 2010 Schedule
• Cisco Certified Architect – Board examination above the CCIE and CCDE
• It’s on like Donkey Kong – CCDE practical registration is open
• Where is Colin ? Passing the VCP exam (VMware Certified Professional)
• About Colin McNamara

--Colin McNamara

I’ll be at Cisco Live 2008 (networkers) in Orlando all week

When I work with data center infrastructure I expect the following – clean, remotely manageable, secure devices that runs on the same power and similar cabling, and everything can have a 24×7x4 support contract for hardware replacement. For the most part, you get this when dealing with Cisco, HP, Sun and similar manufacturers.

More often then not (with a few very cool exceptions), when I run into video surveillance infrastructure the video management infrastructure runs on some random third tier manufactured server. It never fails that the video management software is on Windows (normally XP or win2k). I have even seen some systems where the vendor requires you to have a session open to run the software.

And then when you get to the encoders themselves, it never fails. You have two choices.

1. The Uber package that can run a Casino, Identify and track dust mites , and if you point it at space, determine if there is life on mars.
2. Individual dinky encoders that run one or two camera’s each. They have limited encoding choices, limited camera control, no remote management, and normally run on 110 volt system that require different power distribution then the 220 that is common in systems today.

Cisco’s answer to this mess

Cisco has released both a video management solution, as well as a video encoding solution in a network module form factor for the Integrated Services Router (ISR).

The first part of this system, the Video Management and Storage System (VMSS) module fills the following roles -

• Management of multiple video streams from one interface, including IP cameras, 3rd party encoders, and streams from Cisco’s video encoding module
• Streaming of live and archived footage through a web browser interface
• This one is pretty cool – The module can mount external storage via iSCSI. So, in addition to its 160 gig internal drive, you can mount a filer and utilize external storage to scale the system.
• “fast forward” to events, as well as notify security and other personnel through SMS and email

The second part of the system (the module on the left in the picture above) is the Analog Video Gateway Network Module (EV-IPVS-16A). It has a couple functions -

• It can take up to 16 analogue video inputs and encode them with MJPEG or MPEG4 codecs
• You can use the first two ports to output video to a external monitors
• If you are using MPEG4, it can be used as a motion detector (handy for fast forwarding to important events, or triggering alerts)
• It can control pan and tilt cameras. This is good for pointing the camera at the janitor unplugging your servers each night to vacuum
• You can configure analogue contacts as an alarm. This can be bound to a door switch, or even temperature and water level monitors in a remote data center. This one will be very handy.

The third part of this solution is Cisco’s Video Surveillance Operations Manager. It manages, archives, displays and distributes the content that was created and collected on the two previous modules. You would use this if you had many branches to aggregate, or needed to staff a video wall (e.g. casino gaming commission operations). Now, you can run each of these components individually. Buy run together as a whole, Cisco has an enterprise class security solution.

Want to learn more ?

Branch office security page on cisco.com http://www.cisco.com/en/US/products/ps9671/prod_module_series_home.html

Cisco’s product page for the Video Managment Module – http://www.cisco.com/en/US/prod/collateral/modules/ps9671/data_sheet_c78_462225.htmlSimilar Posts:

• Interesting TechWise TV episode on virtualization
• Measuring and mitigating risk involved with sharing virtual infrastructure between DMZ and Internal environments
• Cisco NX-OS 4.0 | Next Generation Internet Operating System
• Nexus 5020 – Consolidated 10 Gig Ethernet and 4 Gig Fibre Channel
• Cisco Nexus 5020 and 5010 FCOE video ordering guide
• About Colin McNamara

--Colin McNamara

Simplifying remote site security with Cisco’s new video surveillance modules on the ISR

Please join me in welcoming John McCool to his new position as the leader of (in my opinion) Cisco’s most strategic business units. Similar Posts:

• Thanks and farewell to Jayshree Ullal
• Jayshree Ullal takes the helm of Arista Networks
• Cisco Nexus 4000 Blade Switch
• Certguard, Ethan Banks, Network World and Common Sense
• How to succede in 2007 – By Tim O’Reilly
• Link Round Up – L2TPv3 FCOE Trill Wounded Warriors

--Colin McNamara

John McCool chosen as Jayshree Ullal’s replacement to lead Cisco’s Data Center Switching and Services Group (DSSG)

Please join me in thanking Jayshree for all the positive contributions she has given to Cisco and the industry, and wishing her the best in her future endeavors.

Similar Posts:

• John McCool chosen as Jayshree Ullal’s replacement to lead Cisco’s Data Center Switching and Services Group (DSSG)
• Jayshree Ullal takes the helm of Arista Networks
• CCIE Party 2008 Recap – Cisco Live Networkers 2008
• Cisco Nexus 4000 Blade Switch
• Cisco releases Nexus 1000V virtual switch for VMware
• BIG Cisco – VMware announcement – 1:30 Pacific time

--Colin McNamara

Thanks and farewell to Jayshree Ullal

This switch answers a fundamental problem that has been presented by blade centers and VMware. The problem is increasing density of 10 Gig Ethernet, as well as the creation of SAN islands to provide storage access to VMware ESX clusters.  The nexus 5020 provides a solution that address both of these challenges, as well as supporting Fibre Channel Over Ethernet (FCOE) for the eventual move to a consolidated data center fabric in the years to come.

Want to learn more ?

Mastering VMware Infrastructure

Nexus 5020 Video Data Sheet

Unified Data Center Fabric whitepaperSimilar Posts:

• Cisco Nexus 7000 DataCenter switch released – Welcome to DataCenter 3.0
• Cisco Nexus 4000 Blade Switch
• Simplifying your Data Center with Cisco’s Nexus 2000 Fabric Extender (FEX)
• Fibre Channel over Ethernet is taking off
• Is your network ready for Cloud Computing with Virtual Infrastructure 4?
• Cisco releases Nexus 1000V virtual switch for VMware

--Colin McNamara

Nexus 5020 – Consolidated 10 Gig Ethernet and 4 Gig Fibre Channel

In the past couple years, VMware has changed from a product hidden in development and testing environments to a full fledged enterprise computing platform. It brings many benefits to the companies that implement it, however with those benefits come changes to the access layer of your data center. Your access layer is no longer a top of rack Cisco switch, or end of row aggregation chassis. It is now a virtual bridge that exists logically within your VMware ESX server.

This causes an interesting question to come up in many customers – Who is responsible for the configuration and maintenance of this Vswitch? At first glance most groups reference the port on the last Cisco switch as the division of responsibility between network operations and systems operations. This has worked well in the past for a three main reasons.

First, it divided responsibilities based on technical skillset. For example a network engineer understands spanning tree, trunking, routing protocols, firewalling. While a systems engineer understands file systems, databases and Linux and Windows operating systems.

Second, it provided for a interconnection point where standardized configurations could be applied by an operational group, versus complicated configurations that could impact overall network designs and require an architectural board review.

Third it provided for a clean hand off for troubleshooting. Both network and systems operations could agree on layer 2-4 functionality in an area that provided for detailed debugging on both sides.

Lack of a defined access layer

VMware ESX throws a wrench in this model. We no longer have this well defined edge at the access layer. The access layer now exists virtually inside a server. More specifically, it is a logical devices running in a Linux server. This presents a challenge because it requires cross over knowledge. Whoever is responsible for this integration has to be fluent in Linux systems administration , and also fluent in network design and operations. Frankly this is a rare skill set to come across, as it requires and engineer who has attained high proficiency in both systems and network engineering.

I see this fuzzy line of demarcation often as a failing point for many VMware integrations. Many times I see network operations teams not involved in ESX cluster design because its a “server” , and systems operations teams generally don’t have the networking skills necessary to design and implement an fully functional system.. The solution to this problem is education and collaboration.

The need for collaborative design sessions

The single most powerful element in a successful VMware integration is the creation of strong design documents. These are created by holding planning sessions where both your systems and networking leads hash out a strong design that takes both short and long term virtualization and network goals into account. Also, many times when people hear the word design, they think it is a high level Visio and a bill of materials. That is a just a fraction of the effort required. A proper design should cover everything from a 10,000 foot overview Visio down to protocol flow diagrams and configuration examples. By created a detailed design like this it is likely to bring up common issues such as 10 gig aggregation, trunking, VMotion security, layer two adjacency and layer 7 network service delivery on a white board instead of a production environment.

To create this detailed design, both your Network and Systems leads have to understand this product. VMware recognizes this is critical to successful implementation (and to further sales of their product) an offers the VMware Certified Professional certification. If you have the resources, I would recommend sending both your network and systems leads to this training at the same time. Having them attend training together allows them to leverage each others strengths and bring up questions specific to their network and their goals.

A real world example of this is the company I work for, Eplus. Last April forty of us, all senior engineers attended VMware Certified Professional training at the same time. The class was mixed up so there was an even distribution of CCIE’s, Systems Experts, and Storage Experts. Needless to say this presented our instructors with some extremely challenging questions, but more importantly it set the stage and created a venue for collaboration between these different practices within our own company.

Real world benefits

A great example of this model’s success this occurred last month. Rick and I were sitting in the engineering side of our Sunnyvale office, catching up on email after giving presentations at Cisco that morning and afternoon. In the bullpen behind us, one of the Microsoft architects was engrossed in a troubleshooting call with a large customer on the other line. It turns out a large systems vendor (who shall remain nameless) had been trying for a week to integrate the first ESX cluster into this network and just could not get the networking portion to work correctly. Our account manager received the call from a the customer, and asked the technical teams to step in to see if we could help out in any way.

The systems engineers were able to isolate the problem down to the network interconnections, but needed to bring in networking resources to resolve the problem. Rick and I were waved over and were given an overview of the problem and introduced us to the customer the far side of the call. We asked a few questions about the physical and logical architecture of their network and created a diagram of their network on the whiteboard. With this we were able to ask them to execute commands continuously isolating the problem domain until we found and resolved the issue.

Seven minutes had passed from the point Rick and I were waved over to the point the customer had a working installation. This allowed the customer to focus on moving their business forward instead of fixing a failed implementation. Three of us on the call had attended VMware Certified Professional training together. We had spent at a minimum 50 hours each creating a baseline of understanding in class, as well as many discussions in engineering meetings. The solution came in seven minutes not because of any one teams individual strengths, but because of collaboration. The systems engineers were able to isolate the problem domain very specifically. And as network engineers trained on VMware were able to quickly understand and digest the issues, and tie it together with our larger understanding of networks as a whole. Only at that point, when the team was able to leverage each others strengths were we able to address the problem so quickly.

There will come a point in the next few years where this fuzzy boundary between the “network” and the “server” is established again. My call is that this will coincide with Cisco finishing development of their Vswitch that will reside inside the ESX server. This switch will require both Cisco and VMware improve their design and integration guides for ESX which are both frankly lacking substance. Until those detailed architecture, integration and troubleshooting guides exist the key to successful ESX cluster implementation will be a strong cross trained systems and network teams that are collaborating on the next level of virtual network design in your enterprise.

Want to learn more?

Cisco – Integrating Virtual Machines Into Cisco Data Center Architecture

This is Cisco’s main design guide regarding the integration of virtual machines. You can use it as a decent high level overview if you are a network engineer who is curious how VMware ESX, or Xen servers for that matter will fit into your network.

VMware – Virtual networking Concepts

This VMware document goes between high level overviews and detailed descriptions. It is a decent resource for a network engineer, and provides an overview of ESX network features, however it misses the target for providing configuration examples.

Blog of Scott Lowe – Technical Lead for Virtualization at Eplus Technology

Scott is an engineer that works with me at Eplus Technology. He is based out of the east coast and covers servers, storage and virtualization. His blog is chock full of good of information. A recent post of interest was how to enable Cisco Discovery Protocol (CDP) on VMware ESX server network interface cards.Similar Posts:

• Cisco releases Nexus 1000V virtual switch for VMware
• Cisco Certified Design Expert – CCDE – officially released by Cisco
• Arista Networks – Their approach to cloud networking
• Resume – Colin McNamara, CCIE #18233
• Cisco NX-OS 4.0 | Next Generation Internet Operating System
• Cisco EMC and VMware partneship VCE VBlocks Acadia and the Partner Ecosystem

--Colin McNamara

Challenges integrating VMware into Cisco networks

Mike Writes -

“Hi Colin,
I’m an avid reader of your blog and had a question that I figured you could answer. I don’t have CCIE knowledge like I’m sure a lot of your readers do. I have worked for the same company for 6 years and during that time had been promoted into the Network Group where I was sent through class and earned my CCNA. The company I worked for decided to relocate across the country and so I have been looking for a new job. Finding a new job doesn’t seem to be that big of a deal but I noticed a lot of job descriptions are asking for BGP experience. We didn’t use BGP at my last job and I thought BGP is used primarily by ISPs for routing between Autonomous systems? If that is the case why do so many non-ISP companys list BGP experience in Networking job descriptions? What are they doing with it? Shouldn’t the ISP be doing the BGP routing for them?
Thanks!
-Mike”

Well Mike there are 3 primary reasons why a company would require (or want) BGP knowledge from its candidates.

Scenario 1. The company has an redundant Internet edge.

In this case lets call our company sample_company. Sample_company has its website hosted in a publicly facing DMZ and wants to make sure that its web servers are available in the case of an ISP failure. Normally in this case the company would request and Autonomous Systems Number (ASN) from ARIN and would get assigned a block of publicly routeable IP address’s (normally /24) that they can advertise. Sample_company would then peer with multiple ISP’s for example one connection to AT&T and the other to Sprint. Sample_company would advertise their ASN through both these ISP’s, and in the case of a failure of one of their ISP’s, the rest of the Internet would be able to calculate a path to sample_company’s web servers via the backup ISP.

Scenario 2. The company is utilizing MPLS for its WAN connectivity.

From a customer perspective MPLS is a private BGP based WAN where all edge devices connected to the MPLS provider utilize BGP to inject and learn routes. One note, some providers do support advertisement of routes via OSPF and even EIGRP now, but the most common scenario is to use BGP as your internal WAN protocol while running MPLS. One trend I am starting to notice, is that since companies are already using BGP on the MPLS WAN, they have started utilizing BGP as their primary routing protocol for their sites to avoid running multiple routing protocols and having to redistribute into BGP to cross the WAN.

Scenario 3. The company is using MPLS inside their data centers for segregation of business units.

In essence they are using the same tools and technologies that MPLS service providers are, however applying it inside of their data center and campus networks. In this case, BGP is the routing protocol necessary to carry the routes between the seperate MPLS VPN’s that are running inside the corporate data center. While this sounds pretty complicated, it actually simplifies many of the designs that you would normally implement to attain the same goals.

Learn more about BGP - Of course, there are many other reasons why you may see BGP on a job listing, but I think the previous covers the most common. If you are curious, and want to learn more about BGP I recommend buying Routing TCP/IP volume 2 by Jeff Doyle. This covers many great scenarios and configuration examples in EGP protocols. It is also written in plain English which can be a challenge with many technical books.

Learn more about MPLS in the enterprise - If you are feeling like learning about how you can implement MPLS inside of your own enterprise network then I would recommend buying Network Virtualization by Kumar Reddy and Victor Moreno. I was lucky enough to have Rick Davis translate the whole idea of utilizing MPLS in a campus environment into plain English for me a couple years back. From that point I was able to really expand my knowledge base and start asking the right questions from a firm foundational understanding of the technology. Kumar and Victors book took my understanding to the next level, showing how to incorporate many very cool features to make a MPLS network stand on its head if you want to. I can say (and actually have said to Kumar Reddy) that this book redefined my data center designs for large corporate and enterprise customers. I really recommend that you add this to your collection.Similar Posts:

• Simplifying your Data Center with Cisco’s Nexus 2000 Fabric Extender (FEX)
• Identity aware networking using Cisco TrustSec
• Challenges integrating VMware into Cisco networks
• Where is Colin ? Passing the VCP exam (VMware Certified Professional)
• Jayshree Ullal takes the helm of Arista Networks
• Arista Networks – Their approach to cloud networking

--Colin McNamara

Reader question – Why are corporations looking for BGP experience?

Cisco TrustSec starts at the edge by negotiating a secure link if both hosts support it (802.1ae). This is similar to wireless encryption schemes, where a secure handshake is established and the L2 path become impervious to sniffing. This is user configurable, and to my knowledge the asics available to support line rate encryption are currently only on the Nexus 7000 blades.

The next step is to start 802.1x negotiations. For the people not familiar with 802.1x, it is a way of passing username / password information from your computer up into the network infrastructure. Once this is completed, the switch can not only utilise tools like NAC to place you into the appropriate quarantine, or access vlans, but it also know knows your identity.

Now the “network” is aware of your identity, a new level of granular security control can be deployed across your infrastructure. These security policies can map into “user x can connect to webserver y” instead of being restricted by ip and port. This allows you to utilize true roles based administration similar to what you use in your Windows and Unix file systems, but now you can do this across the network.

How is this done ? I like to think of this as a mix between dscp and mpls tags. Which in a nutshell means that when traffic enters the network it is tagged with a small amount of additional “identity: information which is retained as it traverses the network. This information can be used to augment or completely replace your current ACL based security controls in a way that enables you to more effectively comply with complex regulatory environments such as PCI, SOX, GLBA and HPPA.

Over the past few years we have learned how to leverage intelligence in the the network by utilizing tools like QOS, MPLS VPN’s, and many others. Expect to add Cisco TrustSec to your quiver of tricks to address the ever growing compliance needs faced by today’s network designers.

Learn more about Cisco TrustSecSimilar Posts:

• Encrypting your backup tapes with Cisco Storage Media Encryption (SME)
• Cisco Nexus 7000 DataCenter switch released – Welcome to DataCenter 3.0
• Altor Virtual Network Security Analyzer (VNSA) integrated with Cisco’s Nexus 1000v for VMware
• Cisco releases Nexus 1000V virtual switch for VMware
• Zone based IOS firewalls
• Cisco Nexus 4000 Blade Switch

--Colin McNamara

Identity aware networking using Cisco TrustSec

I was wrong, the Green Data Center is not about saving baby seals, it is about saving cold hard cash. Saving the world is just a nice side benefit.

That being said, saving cold hard cash is a very important discussion item in any IT Operations group as they are normally seen as a cost center. For them, a penny saved is literally a penny earned. Not only can you save money by not paying for power, but PG&E will actually has a budget to pay you NOT to use their power. Most people here this and get a puzzled look on their face. “why would the power company, who makes money on power, not want me to buy it from them?” The answer is that Californians use more power then PG&E can produce at peak times. When they have to buy it from another state it can cost them 10 times or more then they charge us. This is the reason why PG&E will pay you to use less. Each penny they give to the consumer for saving a watt, saves them 4 pennies (80% return on investment).

Great, PG&E saves money by giving it to me. How do I get this cash? Well there are a couple ways to get this.

1. Incentives for new buying new energy efficient servers
2. Rebates for moving to virtualized servers
3. Rebates and incentives for moving to thin client desktop systems
4. Audit teams for cooling and power if your Data Center is 10,000 square feet or more
5. Incentives for airflow control systems
6. Incentives for high efficiency UPS and power distribution systems
7. Technical services for cooling system evaluation (PG&E funded)

That is a pretty comprehensive list of how to get money from the power company, but you can save even more money buy not using the power in the first place. Not unsurprisingly this starts with the server.

First thing you can do, is virtualize, virtualize, and virtualize some more. For most people this means VMware. For others this may mean Xen, or Microsofts virtualization product. Whatever flavor you chose, the key message is to consolidate from many servers to few. A server sitting “idle” still pulls 50% of its max current. Now, howe many servers do you have that are just sitting there? My guess is a large amount. By virtualizing these servers, you allow them to be stacked onto high performance server that can be run at a higher utilization. This lowers the over all power utilization for your DataCenter. Another side benefit is that ever watt that you remove from a server, you get another watt removed from your cooling.

These same virtualization techniques can also be applied to your network devices, which account for 6 to 12 percent of your datacenters power draw.

Ask yourself a few questions

• ” Do I need 4 different firewall clusters?”. It is likely that these are leftovers from organic growth, and that you could consolidate them into virtual firewalls on a more efficient chassis (ASA comes to mind).
• ” Do I need to maintain physically separate infrastructure?”. There are technologies like MPLS, VFR-Lite, Virtual Switching and more that allow you to consolidate onto a shared network infrastructure, taking a service provider approach to providing transport in your network.
• ” Am I running old inefficient gear?”. Power supplies have increased in efficiency over the last few years. There may be a good return on investment for you to upgrade.
• ” Can I consolidate into larger chassis?”. Ask the question, which is more efficient – a closet full of 3560’s or a 4507? There is efficiency in scaling out.

I hope that reading this has caused you to ask some questions, and maybe look at the larger impact of your network operations on both the ecosystem and your operational expenses. With these questions in hand, you might want to talk to PG&E and your Cisco / HP parter about going “Green” in the data center.Similar Posts:

• Is your network ready for Cloud Computing with Virtual Infrastructure 4?
• Usability features in Cisco’s Nexus 7000
• Cisco’s Cloud Computing Offering
• Cisco introduces the C-Series Rack Servers
• New features in VMware 3.1
• Simplifying remote site security with Cisco’s new video surveillance modules on the ISR

--Colin McNamara

Moving towards a Green Data Center – Truth behind the hype

What useability enhancements do you feel are the most beneficial?

1. A separate, IP enabled, Management Interface. This has been a long time coming. The out of band management interface is very similar to a Ilo card in the HP world. it is effectively a supercharged console server that happens to site on the backplane of the sup engine. I am sure whoever pushed this feature through is going to get flowers one day from a Tech who DIDN’T lock himself out because the management interface was effectively a separate system.
2. Finally, a functionally USB Interface that I can transfer IOS (well, now NX-OS) images through. Everyone has a USB key nowadays, even my Grandmother has one, it will make life so much easier when I can have a 4 gig key with me that has most IOS / NX-OS  versions and my common configs and just pop them right in.
3. The integrated Cabling system is CLEAN. I love that it forces you to reserve the appropriate space for cabling, and that there finally is the possibility to avoid the flying spaghetti train wreck we see so often in Data Centers.
4. Front to back Cooling. The cooling design is well thought out. I liked the fact that it draws from directly above the front floor and exits rear top.. This should help out in raised floor data centers that have a large temperature gradient as you move to the top of the rack. It also negates problem of having multiple 6500 chassis side to side and having warm air blowing from the exhaust of one 6500 to the intake of another 6500.
5. Fan Slots are now placed where it is IMPOSSIBLE to cover with cables. I would say 7 out of 10 times when I walk into a new customers Data Center I find that there are cables run directly over the fan tray with no slack. That is not a failure in design per say, but it could have been avoided. With the Nexus 7000 fan trays in the back the problem is solved before it is created.
6. Power supplies are in the back . FAR away from the data cabling. It never fails that 20 amp circuits get uncomfortably close to copper cabling. By moving the power supplies to the back side of the chassis, this becomes a mute point and we remove any shadow of a doubt about EM interference causing craziness in our cabling.
7. This one sounds really mundane, but a quick heads up grouping of status lights. In the past these were normally in a position where you had to squat down to see them, or they are obscured by cables. Buy putting them on the front of the cable tray assembly it ensures these will always be visible.

What can we focus on now to make it a better platform?

1. One thing that worried me a little was the placement of the compact flash cards in the supervisory module. For those how haven’t it up close look at this picture of the chassis  and look for the Grey cover midway up the sup modules in the center slots. Behind them are two flash cards, one for system partition extension, and one to dump log files into. Having these cards available are great features however I could see an operational process of security rotating out the log partitions, or more likely and engineer pulling the flash card after dumping some data for analysis to it, and then pulling the wrong card by accident. Having a simple strap (like the screw downs for power supply plugs) or something similar would go along way towards mitigating that risk.
2. Continue with the spirit of innovation that has defined Cisco over the years. Cisco has consistently came out with or acquired and integrated many great products that directly address the needs of the market place into the product line (MARS, ASA, AireSpace, TelePresence, MDS, ACE, Etc) but frankly the last GAME CHANGING product that set the industry on its heals and forced everyone to rethink how we utilize technology to accelerate business as a whole was the acquisition of Selsius and the introduction of VOIP as an enterprise class product to the world. I remember having the hair stand up on my arms from the excitement of going up against Avaya and Nortel back then and fighting that uphill battle, educating customers and peers about this “new thing called VOIP and how CallManager (now Unified Communications Manager) is your ticket towards productivity.

   When we talk about the Virtual DataCenter, I/O Virtualization (FCOE) and VFrame Automation it is not just another incremental improvement of existing technology. It is a paradigm shift, a leap ahead, a GAME CHANGER. I get the same chills that I did when VOIP was new because I know that those are technologies that will force us to rethink how we approach computing and data systems. These technologies are to the Data Center what IP telephony was to the PBX, and Cisco is the only company with technologies and engineering know how in all the verticals necessary to pull this off.

Similar Posts:

• Simplifying your Data Center with Cisco’s Nexus 2000 Fabric Extender (FEX)
• Cisco Nexus 7000 DataCenter switch released – Welcome to DataCenter 3.0
• Nexus 5020 – Consolidated 10 Gig Ethernet and 4 Gig Fibre Channel
• Simplifying remote site security with Cisco’s new video surveillance modules on the ISR
• Moving towards a Green Data Center – Truth behind the hype
• New features in VMware 3.1

--Colin McNamara

Usability features in Cisco’s Nexus 7000

As with any vendor specific event, there is a mix of for public knowledge and for private consumption content, so I generally choose not to talk or write about subjects that may have been covered in the VT unless I can find some public documentation on that subject. So don’t expect to find any juicy pre-release information or gossip here. I don’t want to have the NDA police knocking at my door, and its just not cool to let stuff slip. So, I will generally avoid the subject.

What I can tell you is this – There is a lot of buzz about the Nexus 7000. It is a rocking platform, and we spent the majority of a day going over it. I can’t share much more then I did the night before the VT just yet (will wait till I get lab access to one) but I can share this.

Yes, most people are proud of their shots with Tom Cruise, or Oprah, Richard Stephens or BSD Girl. But I can Top that.. I have a picture of me and the Nexus 7000.

The DC Channels team was nice enough to take us down to the DataCenter and Network Applications (DNA) lab. Where the Nexus 7000 has taken its new throne. They allowed to ooh and ahh and poke and prod it. Weirdly enough, the one thing that struck most was the attention to detail that went into the physical design of this chassis. It is not only good looking, but has some super usability enhancements that really impressed me.Similar Posts:

• Darrel Hinshaw – New Triple CCIE [Storage]!!!!!!!
• Quoted on ZDnet – Shameless self promition
• Humor inside the Nexus 5000 switch fabric architecture
• Cisco releases Nexus 1000V virtual switch for VMware
• Measuring and mitigating risk involved with sharing virtual infrastructure between DMZ and Internal environments
• BIG Cisco – VMware announcement – 1:30 Pacific time

--Colin McNamara

Me and the Nexus 7000 last week at the Data Center VT

One feature that is new, and frankly extremely exciting is Virtual Device Contexts. Each virtual device runs with its own process, vs the use of tagged differentiators in technologies such as VRF-Lite. This provides for paravirtualized management instances, and clear lines of delineation for both software and hardware for a resource that can be shared between different groups within an enterprise.

Chassis that run NX-OS will support In Service Software Upgrades (NSSU) to allow operations groups to upgrade operating systems with zero downtime. This is accomplished through a combination of modular software architecture, and the decoupling for the control and forwarding planes.

One of my favorite features in SAN-OS is the embedded is fabric analyser. This is a tool that can sniff management traffic without having to plug in a sniffer, or provision a span port. You can dump in real time to a tcpdump like interface in the command line, output to a local file, or map to the ip of a wireshark instance that layer 3 access to the management port. Cisco again has taken the best of SAN-OS and bundled it with NX-OS. You will be able to remotely span management traffic without having to set up rspan, or trudge down to the datacenter to set up a sniffer.

Now, your router can call home right now so that is not a totally new feature. Smart Call Home was released recently into IOS. But that still doesn’t stop it from being a great feature. This allows you to configure NX-OS powered devices to mail an xml formatted troubleshooting email to TAC, and / or your support staff. This has been proven to drop the average time to resolution from 16-30 hours to 6 hours.

Now the drum roll…… All IP routing features are VRF aware. This has been a point of contention with me for a while. As Cisco and the market in general has embraced virtualization as an answer to pressing business concerns of leveraging shared infrastructure, while retaining security controls segregating disparate environments technologies such as MPLS and VRF within the datacenter have become more and more prevalent. That is great, however it never fails that the feature you need at that moment always seems to be coming out in the NEXT IOS release. With Cisco NX-OS 4.0 this is no longer a question.

Now, if I was a CIO and I was reading about all these new technologies that Cisco was pushing with NX-OS, I would frankly be cautious, and rightfully so. The thing is, most of these features are not new, they have been in use, and in production under the most stringent uptime conditions in the world – storage networking. They have been tried and tested on Cisco’s MDS line of storage networking switches. So get comfortable, get educated, but most importantly get on board for DataCenter 3.0.Similar Posts:

• Cisco is using Linux virtualization and 40 core CPU’s for its next generation routers
• The emergence of MDS features in Cisco’s datacenter networking equipment
• New features in VMware 3.1
• Link Round Up – L2TPv3 FCOE Trill Wounded Warriors
• About Colin McNamara
• Arista Networks – Their approach to cloud networking

--Colin McNamara

Cisco NX-OS 4.0 | Next Generation Internet Operating System

Highlights of the the Nexus 7000’s features are -

• 15 Terrabit per second backplane
• Support for 40 and 100 gig ports in the future
• Seperate control and data planes
• link layer encryption
• front to back airflow (FINALLY available in a non NEBS chassis)
• Lossless non blocking fabric (VOQ enabled)
• Fibre Channel, Infinaband, and Ethernet blades in one unified platform
• Cisco Data Center Network Manager (MDS Fabric Manager on steroids)
• Virtual Device Contexts (Network Systems virtualization, the next level past VRF route tags)

You can learn more about this switch in upcoming articles, and at http://www.cisco.com/en/US/products/ps9402/index.htmlSimilar Posts:

• Nexus 5020 – Consolidated 10 Gig Ethernet and 4 Gig Fibre Channel
• Cisco Nexus 4000 Blade Switch
• Simplifying your Data Center with Cisco’s Nexus 2000 Fabric Extender (FEX)
• Cisco’s Unified Computing System – It’s not just a blade center
• Humor inside the Nexus 5000 switch fabric architecture
• Interesting TechWise TV episode on virtualization

--Colin McNamara

Cisco Nexus 7000 DataCenter switch released – Welcome to DataCenter 3.0

CERTIFICATIONS / ACCREDITATIONS HELD

CCIE – Cisco Systems Internetwork Expert #18233

VCP – VMware Certified Professional

CDCUCSS – Cisco Data Center Unified Computing Support Specialist

VSP – VMware Sales Professional

VTSP – VMware Technical Sales Professional

TSS – Cisco Technical Solutions Specialist, Data Center

GCIH – GIAC Certified Incident Handler

CCVP – Cisco Certified Voice Professional

CSNSSS – Cisco Storage Networking Solutions Support Specialist

CSNSDS – Cisco Storage Network Solutions Design Specialist

CADCNSS – Cisco Advanced Data Center Networking Infrastructure Support Specialist

CCIE Storage Networking

RHCE – Redhat Certified Engineer #804006368822511

RHCT – Redhat Certified Technician #804006368822511

EMCPA – EMC Proven Professional Associate – Information Storage and Management

NSCA – Netscaler Certified Administrator #2005072

NACE – Network Appliance Certified Expert #12912

NACP – Network Appliance Certified Professional #12017 – Data Protection

NACP – Network Appliance Certified Professional #11985 – Storage Area Network

NACP – Network Appliance Certified Professional #12911 – High Availability

Retired Certifications -

Cisco Qualified Specialist – IP Telephony Support

Cisco Qualified Specialist – IP Telephony Design

Cisco Qualified Specialist – IP Telephony Operations

Cisco Wireless LAN Design Specialist

Cisco Wireless LAN Support Specialist

TECHNICAL PROFICIENCY

PROTOCOL PROFICIENCY

EIGRP, OSPF, RIP, BGP, MPLS,  Spanning Tree, Rapid Spanning Tree, ATM, RTP, SIP, H.323, LWAPP, RADIUS, TACACS+, Ethernet, Fibre Channel, ISCSI, FCIP, FCP, FSPF, NDMP 802.11a, 802.11b, 802.11g, RBE, ISDN, SNMP

Virtualization Platforms

VMware ESX, Kernel Virtual Machine, Xen

VOICE and VOICE OVER IP

CallManager, Unity, ICS7750, PBX Trunking, SRST, Active Directory Integration, Extended Services, Call Detail Recording, Automated Attendant, Extension, Mobility, Asterisk, Callware and VSR VM.

HARDWARE

Cisco Unified Computing System (UCS) 6100, 2100, 5100, Nexus 7000, Nexus 5000, Nexus 2000 and Nexus 1000v switches, Catalyst 1900-6509 switches, 1600-7500 series routers, Cisco PIX firewalls, Cisco Load Balancers, Cisco MDS , F5 Load Balancers, Netscreen / Juniper Firewalls, Cisco VPN3000 VPN concentrators, Cisco ASA Adaptive Security Appliances, Nortel Contivity VPN Concentrators, Aironet Access Points and Bridges, Airespace LWAPP concentrators. 3com TotalConnect racks, Ascend dial concentrators, Netscaler Load balancers, SSL accelerators, SSL VPN concentrators. Brocade Silkworm, HP Eva Storage

NETWORK MANAGEMENT

Nagios, Cacti, NTOP, IPswitch What’s Up Gold, BIG Brother, Spectrum Network Management, Kiwi Syslog,, MRTG , HP OpenView, Cisco Secure Intrusion Detection system, Cisco Network Based Application Recognition, Snort IDS, Netscreen Firewall Manager, Unified Compute System Manager

OPERATING SYSTEMS

Redhat, Suse and Ubuntu Linux, Windows 2000, Windows 2003, Windows 2008, Windows XP, NT4.0, BSD, Solaris, OSX

BUSINESS ENVIRONMENTS

Consulting, Valued Added Reseller, Large Enterprise, Startup, Banking, Service Provider, Software Development, Manufacturing, Military

EMPLOYMENT

1/07 – Present, ePlus Technology

Consulting Systems Engineer – Data Center

Accelerate Data Center sales, design and implement network, storage, and systems solutions for ePlus west coast customers.

Accomplishments

• Developed and deployed go to market strategy for Cisco’s Unified Computing System resulting in significant competitive advantage in the western united states.

• Increased Data Center revenues year over year in a the worst economy in a century.

• Changed regional sales focus from technology silo’s to solutions based selling covering network, systems, storage and applications under one umbrella.

• Established a trend of Advanced Technology account wins.

• Accelerated ePlus’s southern California sales by providing high end engineering support.

• Increased sales for ePlus’s northern California office by overlaying and training field sales.

• Integrated MPLS service provider designs into cutting edge Enterprise Solutions.

• Filled PM and lead network engineer roles for large publicly traded company data center migrations.

• Created modular Cisco design / quote format and menu based hardware and services options to address rapidly changing customer needs.

9/05 – 1/07 ID Analytics

Lead Network Engineer

Lead team of four engineers, Define network and application integration architecture for large SaaS analytics deployment, Leverage networking technology to increase security and availability, and decrease development and product deployment timelines

Accomplishments

• Led team of engineers responsible for all Production and Back Office systems in 2 offices and 3 datacenters

• Designed and Implemented ID Analytics Phase2 datacenter, processing 1.2-1.8 million financial transactions daily.

• Designed and Implemented Contents Switching and SSL offloading solution, enabled non-disruptive scaling of core products

• Integrated ID Analytics product with the largest card processors in the world – Equifax, Visa, TransUnion, etc.

• Designed and integrated centralized Fiber Channel and ISCSI SAN solution, increasing application speed and decreasing production database refresh times from 4 weeks to 1 week.

• Managed and maintained over 130 terabytes of storage

• Created lights out server imaging and deployment solution for remote datacenters

• Deployed and integrated monitoring solutions utilizing open source technology

• Created user emulation probes for real time application monitoring and trending of production systems

• Worked with development and Analytics to create structured Development and QA environments

• Spearheaded project to change Analytics / Informatics environment from “unix for workgroups” to high performance computing environment (HPC)

• Provide structured documentation to US Government and Corporate auditors

• Utilized project management skills for international rollouts

2/04 – 8/2005 Openwave Systems
Senior Network Engineer, Strategic Design and Integration Group
Provide technical leadership, Define network architecture, Establish standards and technical vision. Responsible for researching, developing, and architecting technical solutions to business needs.

Accomplishments

• Designed Openwave’s new Pacific Datacenter Networks, with 900 production, and 2000 development servers.

• Designed Openwave’s Pacific Shores Campus Networks, and Showcase Datacenter.

• Responsible for hardware acquisition budget of 1.7 million dollars

• Established ISCSI IP based SAN infrastructure with DR components in 4 major datacenters worldwide

• Promoted from the ranks, moving from running our VOIP phone systems, to Network team lead, to Senior Network Engineer in the Strategic Design and Integration team.

• Active and engaged member of multiple boards covering design review, change control, and security

• Negotiated with Cisco and SBC regarding datacenter purchases saving $906,000 off list price.

• Renegotiated Cisco support saving Openwave nearly $600,000 over our three year term

• Established improved data center controls, allowing Openwave to pass Sarbanes Oxley (SOX) audits

• Wrote and ran multiple RFP, RFQ, and RFI’s

• Utilized project management skills for international rollouts

• Managed, Piloted, and Installed new wireless systems for our Customer Briefing Center

• Responsible for 6 VOIP clusters around the world

• Recipient of multiple awards recognizing dedication and quality work.

• Attended continuing training for security management (CISSP)

2/03 – 1/04 USMC Reservist activated in support of Operation Enduring Freedom
Information Services Coordinator
Implement and maintain Tactical Data Networks, Provide consulting services to hosting units. Maintain Microsoft Exchange servers in both tactical and garrison environments. Perform security audits and remediation. Train support personnel.

Accomplishments

• Performed Disaster recovery of routed ATM LANE environment for Marine Corps Air Station Yuma enabling over 3000 users to resume work (awarded the Navy and Marine Corps Achievement Medal for that event)

• Performed security audit and created a security and performance remediation plan for MCAS Yuma

• Provided project management and security audit skills to 3^rd Marine Air Wing Yuma server support teams, managed server security audit, security remediation, and SMS rollout.

• Designed and implemented Nagios network monitoring system at Marine Corps Air Station Yuma.

• Implemented Norton Antivirus server for MWSS 473

• Provided training on to data teams from MWSS 473, MCAS Yuma Station IT, and 3^rd Marine Air Wing Yuma server teams.

12/02 – 2/04 2 Cups Solutions, Pleasanton , Ca
Principal Consultant
Founded 2 Cups Solutions to provide cutting edge Voice, Data, Wireless and Security services to clients in the San Francisco bay and Fresno areas.

Accomplishments

• Implemented WAN failover solution at two City of Hayward fire stations.

• Implemented email and web solution for Express Mobile Notary.

• Developed and implemented business plan focusing on State and Local Government contracts.

2/02 – 12/02 ExtraTeam, Pleasanton , Ca
Senior Systems Engineer
Design, Installation, Configuration and Maintenance of network systems consisting of Cisco CallManager, Unity, Cisco Secure ACS, LEAP secured wireless, Aironet, Cisco routers and switches, PIX firewalls, and VPN3000 concentrators. Integrating all systems with Active Directory. Performed VOIP feasibility studies. Managed the entire business cycle including sales, design, installation, training and maintenance.

Accomplishments

• Integrated CallManager voice system with Active Directory

• Recovered a failed CallManager implementation at Phase 2 Strategies (PR firm for Logitech). Implemented CallManager with up to date hardware and software, upgraded Unity up to reasonably current levels. Brought up remote office in Phoenix utilizing SRST.

• Implemented City wide wireless network integrated with active directory for the City of Hayward

• Implemented VPN Concentrators in conjunction with multiple levels of firewalls for City of Hayward and Hayward PD to meet CLETS requirements.

• Implemented network configuration management system responsible for the city of Hayward.

• Implemented new wan for Livermore Pleasanton Fire department moving fire stations from isdn to T1 and Gigabit fiber lines in conjunction with moving the location for the network core.

• Designed and implemented IPSEC based wan for Universal life resources, allowing nationwide secure remote office connectivity while minimizing wan connection costs.

• Designed CallManager based VOIP system for a 27 site school district

• Provided emergency support to Fire and Police agencies across the bay area

• Performed security remediation for a large bay area company

• Participated in large switched network cutover from 7500 to a 6509 with flex-wan modules for Stanislaus County.

• Achieved technical certifications for ExtraTeam to become certified under both the Wireless and IP Telephony revised specifications.

7/01 – 2/02 Infobond Inc. Burlingame , Ca
Network Engineer

Responsible for engineering duties in a leadership role. Integrated legacy PBX’s using VOIP technology. Used Quality of service to ensure VOIP service levels. Support legacy voice over IP and voice over Frame Relay technologies. Upgrade from legacy voice integrations to state of the art VOIP integrations. Create project plans and act on them.

Accomplishments

• Cut over evergreen lines shipping terminal from legacy 3com equipment to VOIP enabled Cisco routers and switches. Accomplished all work during Union stand downs.

• Contracted to Openwave, Inc. to run Remote Access while the engineer was on leave. Ran Remote Access for 5 weeks, resolving DSL RLAN issues and IPSec issues, while reducing trouble ticket backload to manageable levels. Assisted other engineers when needed.

• Implemented Cisco 6509’s to replace aging core network of a Benchmark Capital (bay area investment firm).

• Diagnosed and resolved VOIP issues that were stopping call center rollouts for Embarcadero Systems (a large bay area shipping company).

03/00 – 7/01 Knapp Publishing Corporation, San Ramon, Ca
Network Systems Administrator

Responsible for day-to-day operations of e-commerce data center, and wide area networks Performed DNS changes for both internal and external networks. Designed, piloted, and implemented network changes. Installation configuration and maintenance of NT, and Windows 2k file, print, and web servers

Accomplishments

• Improved service levels from 90% to 99.99%, enhanced security and increased bandwidth were benefits derived from implementing a state-of-the-art web hosting data center

• Implemented a network monitoring system to document, report, and notify of network status.

• Designed and implemented ISDN failover of Frame-Relay Network.

• Designed, piloted, and implemented network changes.

• Replaced NT servers with Linux based servers, integrated with the Windows network

01/98 – 03/00 DKA Computers Inc. Clovis, Ca
Manager Information Services (01/99 – 03/00 )

Ran day to day operations of a central valley ISP. Worked with systems manufacturing to bundle client software with all new PC’s. Partnered with local ISP’s to provide access numbers across the valley.

Accomplishments

• Managed web development, and professional services

• Moved web hosting from IIS to APACHE based servers, drastically increasing site availability

• Produced a forms based web application to configure custom systems online.

• Designed and implemented an IPSec based WAN connecting 3 stores point of sales systems.

• Managed corporate office and data center relocation project.

Senior PC Service Technician (01/98 – 01/99)

Provide on call service. Staff PC help desk. Provide direct customer systems support while maximizing company revenues. Configured all servers ordered from manufacturing.

Accomplishments

• Responsible for all day to day service activities for a 13 million dollar company. Management of 4 team members. Directly responsible for customer satisfaction

• Implemented hard drive imaging system, decreasing both warranty costs and turnaround time

• Installed and configured SCO Unix reservation system for National Park service, Kings Canyon

• Designed, implemented inventory tracking database, reducing required stock on hand by $40,000

MILITARY

1996 – 2004 UNITED STATES MARINE CORPS RESERVE
Have held U.S. Government security clearance – Secret

EDUCATION

Ongoing professional education

Sans CISSP + Track

University of Oklahoma extension – Fire Science

Cisco Networking Academy

Similar Posts:

• What does it take to pass the CCIE exam?
• Cisco Certified Design Expert – CCDE – officially released by Cisco
• About Colin McNamara
• I’ll be at Cisco Live 2008 (networkers) in Orlando all week
• Where is Colin ? Passing the VCP exam (VMware Certified Professional)
• Challenges integrating VMware into Cisco networks

--Colin McNamara

Resume – Colin McNamara, CCIE #18233

Colin is best known for providing designs that incorporate disparate technologies under a shared virtualized infrastructure. He is a proponent of both network virtualization and the utilization of service provider technologies inside enterprise networks to support the security delivery of Voice, Video, Storage and Real Time Application traffic over shared network infrastructure.

He currently works as an Enterprise Consulting Engineer, focusing on Advanced Technologies with Eplus Technology, a publicly traded technology employing 18 CCIE’s as principle consultants with 31 CCIE certifications between them.

He resides in the San Ramon (San Francisco Bay Area) , California with his Wife and two kids. And is active in multiple boards and organizations, including -

• Cisco Partner Technology Advisory Board
• Consortium of Internet Technology Experts

He can be contacted via information found on his CCIE Resume page . by contacting him via Linkedin or at colin@2cups.com

Similar Posts:

• Cisco Certified Design Expert – CCDE – officially released by Cisco
• Cool new features in 12.4(15)T
• Resume – Colin McNamara, CCIE #18233
• Colin has moved to the San Francisco Bay Area
• Cisco Live 2009 – Networkers class schedule
• Darrel Hinshaw – New Triple CCIE [Storage]!!!!!!!

--Colin McNamara

About Colin McNamara

My background is all over the place. It goes from running a small ISP when I was 18 to managing international CallManager clusters, to enterprise data center design and migrations. I swear that I have tech ADD. I see something new and I am like.. oooooh shiny, lets do a sniff and see how it works.

I actually attempted the Route Switch lab twice in 2002 (still had token ring and dlsw still) but got activated for the war before I could get my number. I can tell you.. that sucked horribly.

So, why did I choose to get my Storage CCIE first instead of finishing up my Route Switch first? Well, over the past couple years I have done a significant amount of IP storage (NFS, ISCSI, ATA over Ethernet, etc) including building my own IP storage heads based on linux. I had also done a little bit of fiber channel work. I felt that I had a significant advantage compared to most network engineers in the storage networking space. And, I think more importantly, the topics that I had to study were new and fresh. Whereas when I cracked open my Route Switch books.. I honestly wasn’t to excited about it at the time ( I think I was holding a grudge from my first attempts in 2002).

The partner e-learning central portion of Cisco has an Excellent lab access to labgear.net. It gives you 2 hour segments of time with 2 mds’s (both with IPS blades), 1 2 port jbod, and 2 2 port servers. They also have introductory tutorials for most major technology segments.

I did all of those, along with the every E-learning class that was on PEC. I think the major ones were the Design, Support, and CASSI classes.I took that, sat for the design and support specialist exams, and took my written last December.

After doing all that work, I was honestly 70% there. I took a little break for january and febuary (There was no open lab dates) and then started hitting the labs I think at the end of febuary.

For the majority of my practice I used the labs available through PEC. I also was able to weasel my way into 8 hour sessions every sunday from our channel SE. (I owe him plenty of drinks at networkers this year) For those 8 hour sessions I had labs created to summarize the major technology areas and to be as evil as possible to myself.

I had one attempt which didn’t work out as well as I would have liked. In RTP the lab starts at 7:15. This means if you are from the west coast like I am you will be getting up at 3:00 am in the morning for your lab. That royally kicked my but. I diverted from my attack plan and ended up
running out of time. It was a classic example of letting the lab run you, instead of you running the lab.

Luckily a data opened up just over a month later. I spent that time just working on my speed (speed is the secret sauce). I migrated to using Fabric Manager (gui interface) instead of command line. After 2 practice runs my time had dropped 25%. I also flew out to RTP 3 days before, and made sure to relax and get on east coast time.

For my final prep I got access to iementor’s lab. Their lab is excellent. I cannot reinforce enough how much it contributed to my confidence in that final week. Roman was really cool about working with an existing candidate to get me squeezed in. They are really cool guys, and they have the only workbook on the market right now.

So, I used their lab 2 days before mine, and then just chilled the day before. The day of the lab I had 70 points by lunch, and had completed configuration of the lab by 12:30. I spent the rest of the day reviewing my configurations (found 2 errors), fixing one bug, and generally harassing the proctor to make sure I didn’t misinterpret anything.

So.. if I had it all to do over again what would I do. I would still do the PEC stuff, and continue to primarily live in the Doc CD. Though I would probably pony up the cash and buy the iementor book and more lab time with them.

Copyright ©2008 | Colin McNamara | CCIE 18233 | All Rights Reserved”

Colin McNamara
CCIE #18233
“The difficult we do immediately, the impossible just takes a little longer.”Similar Posts:

• What does it take to pass the CCIE exam?
• Fibre Channel over Ethernet is taking off
• And it begins again – On the road to my CCIE in Storage
• Cisco is using Linux virtualization and 40 core CPU’s for its next generation routers
• Simplifying your Data Center with Cisco’s Nexus 2000 Fabric Extender (FEX)
• My CCIE Storage Shopping List

--Colin McNamara

Why was Storage Networking my first CCIE? And What did I do to prepare?