“it looks like one of the key features not on the list of components for the California boxes is going to be a red discount pen”

Timothy references sources who have obtained a price list and shared it with “El Reg” . I wish Timothy would have contacted an actual Cisco Unified Computing System Advanced Technology Partner, because any partner that is involved in the launch could have explained to him the concepts of List price (List), Manufacturers Suggested Retail Price (MSRP), and Purchase or Buy price.

In this article I want to dispel the myths of server and network manufacturer pricing, demonstrate the true cost of building a data center with blade systems, and at the end provide a cost comparison between legacy server vendors options and Cisco’s Unified Compute System.

First, lets go over some the basic concepts of vendor pricing. At the end of this you should understand the difference between list price, manufacturers suggested retail price, and purchase price.

List Price

List price is a high level number that Cisco publishes weekly in its global price list. The purpose of this list price is to provide a uniform price list across all product sets that Cisco offers. The most important thing about list price is NOBODY EVER PAYS LIST PRICE. Let me repeat that again NOBODY EVER PAYS LIST PRICE. Are we clear? This is similar to list price on a car on the car lot. All list price provides is a starting point where a Cisco partner and a customer can negotiate a common discount and end up with something close to (generally at or below depending on technology type and yearly spend) MSRP.

Manufacturers Suggested Retail Price (MSRP)

This concept is something that anyone who has purchased a car before is familiar with. The number that is on the window of the car when you look on the lot is list price. The first number the dealer brings up lower then sticker is MSRP. Depending on the popular of the product, the competition in that particular space, and the negotiating power of the customer you will either pay that price, or some percentage below. For example if you are buying one new car you may have the negotiating power to get the price to drop 5% off of list. If you are buying 200 new cars (say a fleet) you have significantly higher negotiating power, and you may be able to drop the price by 15% of of list price.

In Networking Sales MSRP is significantly less then list price. A good exercise to see what this number is, is to find a device, say a WS-C3560E-12SD-E (3560 with 12 Gig SFP ports and 2 10 Gig ports) in the Global Price List. You have access to this at any partner level at www.cisco.com/dprg . (my point here is that this is no big secret). As of Friday June 12 2009 the LIST price for this product is $19,995.

Now take that same part number - WS-C3560E-12SD-E and pop it into your google search window. Within the top four links I found this product for $12,434.15 . This price is for  pure fulfillment, with no value added consulting or design work from you local Cisco partner.

If you do the quick math, this price difference is equal to 38% off of list price. Come to your own conclusions, but it would be safe to say that this could be considered MSRP for Cisco products.

Purchase / Buy Price

Buy price is just that, the price at which the customer purchases (buys) the product. This is can be at MSRP, or if the customer is buying significant amounts of hardware at a time, or if there is a “special” (programs and incentives) going on the number could be slightly lower then MSRP.

Percent off of list differences between legacy server vendors and networking vendors

This is where the biggest confusion is coming from. Legacy server manufacturers  have set their list prices much closer to MSRP then networking vendors (remember, MSRP is the price where most customers purchase at).

Why is this? In the networking space, vendors have historically created their own processors, ASICS and boards. This means that the sales discussions are feature to feature. It also meant that you had to have a conversation with the networking vendor or networking partner to properly size your network devices and get a quote – which is around MSRP, not List price.

In the legacy server space, especially the majority of the x86 server space, the market has been essentially commoditized. E.G. – You can buy an intel based server with X amount of memory and hard drives that will perform roughly equally from any of the main manufacturers. That made it much easier for a sever admin to just pull a price off of the web and compare. So what the server vendors ended up doing is setting their list price  only slightly above MSRP.

What this translates to is the list price, between legacy compute vendors and Cisco will be drastically unequal. What is equal is MSRP, or the generally accepted purchase price by common customers.

Why did Cisco set the list price of UCS higher then the legacy server manufacturers?

For the vast majority of its sales, Cisco relies on what is called the channel model. This means that Cisco partners with local Value Added Resellers (VAR’s) who sell Cisco’s products and then provide consultative services to design and implement them in customer networks. Most customers who purchase any regular amount of Cisco product either have a general expectation that they will buy Cisco product at a certain percentage discount off of list and sometimes the partner and customer have entered into purchasing contracts which require that all Cisco product is provided at a specific discount off of list price.

If Cisco decided to set the List price at a small percentage lift over MSRP, this would cause a problem for the entire channel. This would be especially hard for any customer who had a contract to buy product at a specific discount. What would happen is contracts would have to be renegotiated, which generally takes months and is about as fun as pulling teeth.

The second reason for setting list price the for compute the same as list for network is quoting. Right now, if you buy hundreds of different Cisco devices through a reseller it is very likely that the discount is going to be the same across all products. This makes the mechanics of sales much simpler, because you don’t have a lot of math in the quote (this can cause errors). On the customer side, having one set discount makes it much easier to compare quotes and to ensure that they are getting the best deal possible. In short, sticking with Cisco’s current list pricing structure benefits both the customer and the partner.

Now that we have set the record straight on list price, MSRP, and Buy price, lets take a deeper dive into what components make up a blade system powered data center. And then we will compare the price structures of both.

Components of all Blade Systems

Blade Server – The compute blade where commodity silicon elements such as the CPU and RAM are housed. As of writing this article, the latest high performance blades from all major server manufactures support two xeon 5500 processors (Nehalem) and DDR3 memory.

Mezzanine cards – These cards take the place of PCI-e cards in a rack form factor server. In a blade system these provide data network and storage network connectivity. They attach to the blade itself via proprietary connectors that implement either PCI-e 8 or 16 lane connectivity at the time of writing. In some cases other functions such as IO accelerators can also be attached in the mezzanine card form factor.

Blade Enclosure – This is functionally a tin can where eight to sixteen blades are placed. It also is used to provide a centralized power distribution fabric, as wells as slots for interconnections of data and storage network devices.

Data Network Modules – These are effectively ethernet switches that have been miniaturized to fit into the tight confines of a blade enclosure. Classically they have provided 1 gig connectivity to the servers, and 10 gig to the distribution layer, however with Nehalem processors and VMware there is a move towards presenting 10 gig connections to the server, and multiple 10 Gig connections into the distribution layer.

Storage Network Modules – The local disk in a blade server is classically anemic. To provide higher IOPS (input outputs per second) to disk, Fibre Channel connectivity is extended by taking SAN fabric switches and miniaturizing them to fit into the blade enclosure.

Data Network Distribution – If you have multiple blade enclosures there is a need to connect them together at a reasonably high bandwidth. To serve that need a variety of 10 Gig distribution switches are provided from all server manufactures at varying cost and performance levels.

Storage Network Distribution – Along the same lines of the data network distribution, SAN fabric switches have to aggregate up to a SAN distribution layer, or if the installation is reasonably large a “director” class SAN switch. This allows all the blade enclosures to see the same storage network, as well as providing for deterministic storage network performance as you scale out.

Management Infrastructure – All manufactures have a need to manage and monitor all of the devices that comprise their blade system. Many manufactures have multiple management modules per blade enclosure.

Comparison of Costs – Cisco vs Legacy Server Manufacturers

The funny thing, is that many people have assumed that Cisco’s Unified Computing System will be priced higher then legacy server manufactures products. In my mind this is because they associate higher quality with higher price (basically the Mercedes vs Kia discussion). Here is something that will shock you - it costs less to buy an entire blade system through Cisco then to buy from the legacy server manufacturers.

When people hear this, they are puzzled. How can two server manufacturers, who buy their CPU’s from the same company (Intel) and their memory from the same fabs end up with different prices? The answer is elegance in engineering. Lets go through each of the elements of a blade system infrastructure and find out where the costs are. More importantly lets look at where Cisco has innovated to provide higher performance at a lower cost.

Dollars and Cents – How much is the cost difference

I worked up two quotes recently. These quotes included all elements required to build an end to end blade system using both legacy server manufactures devices, and using Cisco’s Unified Computing System. I have broken out two scenarios.

8 blade servers - Cisco wins with a savings of 11%

In this scenario the cost of servers and enclosures were fairly equal. The cost savings started racking up as storage and data networking devices were included, as well as base management software was taken into consideration.

320 blade servers - Cisco wins with a savings of 31%

With 32o blade servers the same cost savings seen in the 8 server scenario were amplified. Economies of scale translated into significantly less devices being required to support the individual compute blades. This resulted in 31% savings compared to the legacy server manufacturers.

Summing it up

Cisco has entered into a highly competitive server market by taking an elegant approach to its blade systems. This approach lowers the purchase price of the UCS through reducing the amount of components compared to legacy server manufacturers. I know that there is a lot of misinformation flying around, and I hope this helps to set the record straight on the pricing of Cisco’s Unified Computing System.Similar Posts:

• Cisco Nexus 4000 Blade Switch
• Simplifying your Data Center with Cisco’s Nexus 2000 Fabric Extender (FEX)
• Cisco introduces the C-Series Rack Servers
• Nexus 5020 – Consolidated 10 Gig Ethernet and 4 Gig Fibre Channel
• Is your network ready for Cloud Computing with Virtual Infrastructure 4?
• Cisco’s Cloud Computing Offering

--Colin McNamara

Confusion about Cisco UCS pricing – Setting the Record Straight

The Server Landscape

If you take a look at most enterprise and commercial customers data centers, you will notice a trend of larger fixed workloads running on two rack unit servers (very commonly HP’s DL380), and newer virtualization workloads consolidated onto blade center form factor servers (commonly c7000 class blade systems, and soon Cisco UCS B-Series blades).

However when you go to a remote site where the compute needs are much smaller, you tend to see a few 1 and 2 rack unit system (DL360 or DL380). Why is this? There are a couple reasons, but the most pressing reason is cost. In a blade system, even if you virtualize there is a tipping point where it costs less to install blades and use centralized storage then it costs to use rack form factor servers with local storage. I find that tipping point is generally between five and 8 blades.

If you are a small remote site, or small to medium size business you may not have the compute needs (especially with virtualization) to push you over that tipping point into the blade center form factor. In that case, a few rack optimized servers provide the optimal return on investment for that smaller site.

Taking a closer look at Cisco’s C-Series Servers

Cisco UCS C 200 M1 -

Effectively this is a clone of the B-200 M1 blade in the B series UCS chassis with the addition of two PCIe slots and two more SFF SAS/SATA drives..

The C 200 M1 is a 1 rack unit form factor server (pizza box). It supports a dual port 10 gigabit converged network adapter. two Xeon 5500 series processors, four small form factor SAS drives, 12 dimms for a total of 96 Gigabytes of memory.

Cisco UCS C 210 M1 -

The C 210 is a 2 rack unit form factor server, with the same CPU and memory architecture as the C 200. What has been added is 3 additional PCIe slots (for a total of 5). There is also support for up to 16 SFF SAS/SATA drives.

Out of all the C-Series servers I think this will be the most popular. The extra local disk and PCIe slots will be extremely tempting. For example if this server was populated with 750 Gig SFF SATA drives and augmented with some Fusion-io cards you could have 6 Terabytes of raw disk inside this server. An end user could install Open Filer or iSCSI Enterprise Target and have a pretty respectable NAS head. The other possibility is someone will notice that the Palo adapter can be used as a FCoE target, and use a couple of these as backends for FC storage. (This FC target functionality is mentioned in Silvano Gai’s book).

Cisco UCS C 250 M1 -

Effectively this is a clone of the B-250 M1 blade in the B series UCS chassis with the addition of five PCIe slots and eight SFF SAS/SATA drives.

The C 250 M1 is a 2 rack unit form factor server. It supports a dual port 10 gigabit converged network adapters. two Xeon 5500 series processors, eight small form factor SAS/SATA drives, and 48 dimms for a total of 384 Gigabytes of memory.

This server utilizes the same catalina chipset for memory expansion that it’s cousing the B-250 M1 utilizes.  The ability to aggregate low cost memory plus the PCIe slots to insert solid state I/O acceleration make this a prime candidate to business intelligence / data warehousing workloads as well as Electronic Design Automation.

When can I buy these?

Putting any new product line into production is a monumental effort that many of us take for granted. My gut feel is that Cisco will focus on satisfying demand for the B Series Unified Compute System first, and once manufacturing has hit their stride with the UCS Cisco will start production of the C-Series. In short, I’m  expecting the first C-Series servers to roll off the line at the end of 2009, and  meaningful availability of the C-Series in the first quarter of calendar year 2010.

How do I integrate these into my network?

This is a question that is bound to come up. Cisco’s C-Series servers can integrate directly into your 10 Gig enabled network. Now, to get the best bang for your buck, you should ideally connect these into a pair of Nexus 5000′s to converge your storage and data networks into simple 10 Gig Data Center Ethernet links.

You may however have site without 10 gig enabled switches. In that case, there are multiple PCIe slots in these servers so we should be free to utilize 10/100/1000 adapters. Then when these sites have the need to move to 10 Gig, the server will be capable of supporting that level of connectivity.

My Perspective

At the end of the day, Cisco is now a server manufacture. Just like the HP and IBM, Cisco has to provide platforms that meet customer needs. While the B-Series Unified Computing System is an outstanding platform, it shares similar entry costs that other blade systems have (the need to purchase chassis and interconnects first) which can server as a barrier for smaller server installations. By introducing a 19″ rack form factor line of servers that share many of the I/O and memory benefits of the B-Series servers, Cisco is directly answering the needs it’s customer base by providing a form factor that can scale across all size of customer installation.

Want to learn more?

Cisco Unified Computing System Overview – colinmcnamara.com

UCS C-Series Rack Servers: A New Path to Unified Computing – Cisco.com

Cisco unveils rackmount servers for UCS - datacenterknowledge.comSimilar Posts:

• Cisco Nexus 4000 Blade Switch
• Nexus 5020 – Consolidated 10 Gig Ethernet and 4 Gig Fibre Channel
• Simplifying your Data Center with Cisco’s Nexus 2000 Fabric Extender (FEX)
• Cisco Nexus 5010 released
• Simplifying remote site security with Cisco’s new video surveillance modules on the ISR
• Usability features in Cisco’s Nexus 7000

--Colin McNamara

Cisco introduces the C-Series Rack Servers

Why do I say that? It is simple, every server that moves from a corporate data center into a cloud provider is a switchport and fibre channel port (and now server) that is not purchased from Cisco. More so, each system that is moved into the cloud hurts secondary sales of security and content switching products.

The promise of enterprise cloud computing

The ability to dynamically scale enterprise compute workloads while only running a “right sized” private infrastructure is top of every CIO’s mind. This is the promise of cloud computing in the enterprise space. However, right now most cloud offerings are too new, and lack the critical integrations with VMware or XenSource (the two most common enterprise virtualization platforms) to make a serious dent in Cisco’s revenue stream. But fast forward 12 to 16 months and the kinks will be worked out. Projects that would previously have required new capital infrastructure will be restructured to use cloud providers as an operational expense. This will present a real threat to Cisco’s revenue moving forward.

John Chambers and his team of technologist are not new to this game, this is not the first threat to Cisco’s sales model. And I am sure that it won’t be the last. So if I was in their shoes, what would I do? (and more specifically, what do I think they are doing)

Create a compute platform that can power the cloud at a much lower cost that my competitors

Cisco publicly announced their computing offering, the Unified Computing System in March of this year. The promise of the UCS is to minimize power, cooling, capital costs and management overhead of data center compute. Looking at this new product line from an enterprise sales perspective it makes sence. For Cisco to continue with their growth plans they had to choose to enter the Compute or Storage markets, with the compute (server) market being the logical step.

While the Unified Computing System is well placed as an enterprise computing platform, I think there is a larger goal in mind. The large goal is to make a platform that can be shared by Cisco’s largest enterprise clients in their emerging private clouds, as well as by Cisco itself for it’s own cloud offering. By producing their own servers, with technology that Cisco alone has access too (memory expansion / hypervisor bypass) Cisco sets themselves up to have both lower hardware costs in their own cloud, as well as lower operational costs (power/cooling). This will provide Cisco with higher margin at the same price point as their competitors.

Distribute application aware network devices at customer locations

Cisco already has a significant edge over any competitive cloud offering. A vast majority of enterprise customers already run Cisco routers, switches and firewalls. If Cisco decided to say, port the TCP optimization code from their WAN acceleration platform into IOS, and configure it to work with their own cloud offerings this would give them an immediate leg up on the competition. Combine this with the existing WAAS auto discovery and Cisco could conceivably automatically integrate a cloud based caching offering with a customer’s onsite devices.

Create an application centric cloud security model that can be integrated with virtualization platforms

Last year Cisco announced a new approach to security called Cisco TrustSec. This technology includes a change from layer 4 based acl’s to an application focused role based implementation. This is applicable in the cloud environment because it provides a standard integration for controlling the access to and mobility of applications as they travel between public and private clouds.

An interesting side bar, is the fact that when integrating public and private clouds, there will always be applications that you want to keep on your internal cloud. The easiest way to do this is to put some sort of meta information on the virtual server containing a flag that this server should only run on the private cloud. With VMware there are fields that are used for DRS that can house just such data. I would not be surprised that with all the work that Cisco and VMware have been doing together if this was not implemented with vSphere (Virtual Infrastructure 4).

Learn as an organization how to profit from a SaaS model

I think this last piece of the puzzle has been overlooked by many people. Cisco already has in house experience dealing with a massive Software as a Service (SaaS) offering – Cisco WebEx. In acquiring WebEx Cisco also acquired the talent and technology behind the worlds largest collaboration platform. Cisco should be able to take the lessons learned from running and improving this platform, and apply them to their upcoming cloud offering.

Summary

Cisco has to go to market with a Cloud offering to maintain long term viability as a company. When they do they will have the benefit of lower cost of building and operating the grids that their cloud offering will run on. They will be able to leverage millions of Cisco network devices in their current install base as well as provide application centric security integrated with these same devices. And most importantly they will be able to use the lessons learned from running WebEx to ensure flawless delivery of an upcoming cloud computing offering.Similar Posts:

• Cisco EMC and VMware partneship VCE VBlocks Acadia and the Partner Ecosystem
• VMworld 2009 Schedule
• Is your network ready for Cloud Computing with Virtual Infrastructure 4?
• Where is Colin ? Passing the VCP exam (VMware Certified Professional)
• Cisco releases Nexus 1000V virtual switch for VMware
• Measuring and mitigating risk involved with sharing virtual infrastructure between DMZ and Internal environments

--Colin McNamara

Cisco’s Cloud Computing Offering

The coolest thing about this chassis is its price. You can get 20 ports of line rate lossless frabric 10 Gig cheap (about 850 a port list price). At that price point, putting one of these top of rack starts to look very enticing to many people.

Want to learn more?

Cisco Nexus 5010Similar Posts:

• Cisco introduces the C-Series Rack Servers
• Nexus 5020 – Consolidated 10 Gig Ethernet and 4 Gig Fibre Channel
• Cisco Nexus 7000 DataCenter switch released – Welcome to DataCenter 3.0
• Identity aware networking using Cisco TrustSec
• Humor inside the Nexus 5000 switch fabric architecture
• Simplifying your Data Center with Cisco’s Nexus 2000 Fabric Extender (FEX)

--Colin McNamara

Cisco Nexus 5010 released

He writes about “the VLAN leaking myth” and how it encourages clients to utilize physically separate network infrastructure in the DMZ’s. Now first things first, I wouldn’t call VLAN leaking a myth. At one time it was a very real and serious vulnerability that was exploited by overflowing the capacity of the switch you were attacking, and causing it to “downgrade” from switch to a hub. Once this happened you now had access to previously protected devices, as well as having the ability to sniff data as it passed through the shared hub backplane.

As he mentions though, this is 8 years ago. Most switches have evolved to the point where backplanes far exceed the traffic that could ever be injected into their switchports. Even beyond backplane enhancements there are many ways to further firm up your security stance – Virtual Device Contexts, not using Layer 3 SVI’s on a DMZ VLAN, utilizing PVLANs, using port security, virtual routing instances, and many more. Of course, there are still many other attack vectors that still remain, but can be mitigated by utilizing features built into the majority of enterprise switches available today.

I think the real question is not “are VLANs safe in a DMZ”. The important question is have you mitigated the probability of compromise (the actual threat) to levels that are acceptable to your business. This question remains whether you have a standalone switch or not. So many times we hear about risk risk and more risk. But risk alone is meaningless in a business context. What is important is combining risk with likelihood. For that I like to use a simple table to come up with the true threat.

For example, as I drive to Fry’s there is the risk of me dying due to a car crash. The impact of me dying is very high (risk) however the likelihood of an accident is low, and furthermore I reduce (mitigate) the latent risk (threat) by wearing my seat belt. So all in all the threat of me dying on my way to Fry’s is pretty darn low.

In a business context this may be that I have public facing web servers and network devices in my DMZ. The impact of them being compromised is that my public image may be tarnished for a short time, and my end users may lose productivity if they are not able to VPN into work, or access the Internet while on premise. I mitigate this risk by using firewalls and both host and network based Intrusion Prevention Systems as well as implementing best security practices on my network and systems devices. The latent risk (threat) remaining is at a level that is acceptable to the business leaders, so the system is allowed.

One question that I have seen coming up more often as we move towards fully virtualized data centers is centered around commingling of virtual infrastructure. There are some hard questions which challenge some practices that we have held true over the years.

• Should you allow sharing of physical memory on a host virtual machine between an internal and DMZ server?
• Should you allow virtual infrastructure from multiple security zones to share a storage array or cluster of arrays?
• Should you allow multiple virtual switches in different security zones commingling on the same ESX or Hyper-V cluster?
• Should you allow virtual firewall and load balancing instances protecting internal and external zones to reside on the same hardware?
• Should you allow virtual routing instances from multiple zones to share a physical infrastructure?

In the past world of standalone systems, the additional cost of providing a wholly separate infrastructure for DMZ environments was relatively low. Each system generally had internal disk, or at most direct attached storage. Network devices themselves were scaled down to support one chassis one function. This fit quite neatly into the Enterprise Composite Network model that was quite common from 1999-2003.

Now, many data centers have moved to the Service Oriented Network Architecture (SONA). In this model the cost of a virtualized data center is primarily focused on foundation elements such as the virtual storage and virtual fabrics, virtualized network, and virtual systems elements. The cost of providing additional virtualized services off these elements is low, however the cost of duplicating the physical infrastructure is quite high on both the capital and operational levels. This is forcing the technical and executive leadership at many companies to take a long hard look at the true threats they are facing in previously physically separate security zones such as DMZ’s, Financial and other secure zones. In the end, they are having to decide whether the threat remaining after their security controls is worth duplicating hundreds of thousands of dollars worth of infrastructure or not.

These are hard questions, with really no single good answer. My gut feel is that over the next few years we will continue the move towards the fully virtualized data center where components such as memory, PCI-X buses, storage and network devices are even further decentralized. This will make the cost of duplicating the infrastructure more and more significant, causing consolidated data center (or compute) fabrics to be the norm. At this point the discussion will move away from securing zones by creating separate infrastructure, to providing end to end security, starting integrated application level security, maybe with TrustSec or a dirivative, all the way down to securing the data at rest on disk. For the time being however, the best we can do is sit down and do an honest appraisel of our security stances, mitigate what we can, and do our best to design data center architectures that provide the flexibility of implementing whatever choice the technical and business leaders agree on.Similar Posts:

• Moving towards a Green Data Center – Truth behind the hype
• Cisco’s Cloud Computing Offering
• About Colin McNamara
• Vote for my VMworld presentation – #3221 Built to fail (shameless pandering)
• Simplifying remote site security with Cisco’s new video surveillance modules on the ISR
• Interesting TechWise TV episode on virtualization

--Colin McNamara

Measuring and mitigating risk involved with sharing virtual infrastructure between DMZ and Internal environments

1. Layer 2 Tunneling Protcol (V3) static and hairpin configuration example - my buddy Rick was nerding it out in the lab and sent a great configuration doc for L2TPv3 my way. L2TP(V3) is used to create a layer 2 psuedowire across layer 3 routed links. This is a great service provider tool that you can use in your own network, no MPLS needed .

2. SNIA Education – Fiber Channel Over Ethernet – There is a lot of buzz going around right now about Fiber Channel Over Ethernet (FCOE). There is also a lot of misunderstanding about the fundamentals of this architecture. This Storage Networking Industry Association (SNIA) does an outstanding job of covering FCOE at both at an architectural level, as well as going over low level messaging structures.

3. Trill (Rbridge) architecture – IETF internet draft – I think the last time I was this interested in an internet draft was when iSCSI was first being proposed in the IP Storage working group. Trill, in my opinion is basically a light weight version of MPLS / VPLS. It has as far as I can tell most of the advantages of this architecture, without some of the configuration and hardware requirement drawbacks. Fair warning, reading this document started a doc hunt that killed my Saturday.

4. Cisco’s Security Response to Sebastian Muniz’s IOS rootkit – Security is a very important aspect of network design. Sebastian’s IOS rootkit demonstration is going to force some customers who in the past have been “OK” with having older, possibly vulnerable IOS versions floating around to update their operational practices and start keeping their routers and switches operating systems as often as they do their servers. Thankfully, Cisco has been embracing technologies such as kernel virtual machines, in service software upgrades and more to lesson or remove the impacts of software upgrades.

5. Turning Wounded Warriors into Network Ninja’s – As a former Marine (well, always a Marine, formerly employed by the USMC) this program goes straight to the heart. Cisco is partnering with Naval Medical Center San Diego (NMCSD, or Balboa Naval Hospital for us locals) to provide technical training to Marines and Sailors who have recieved service ending wounds in Afghanastan and Iraq.Similar Posts:

• Fibre Channel over Ethernet is taking off
• Cisco NX-OS 4.0 | Next Generation Internet Operating System
• Zone based IOS firewalls
• Nexus 5020 – Consolidated 10 Gig Ethernet and 4 Gig Fibre Channel
• Cisco is using Linux virtualization and 40 core CPU’s for its next generation routers
• Cisco Nexus 7000 DataCenter switch released – Welcome to DataCenter 3.0

--Colin McNamara

Link Round Up – L2TPv3 FCOE Trill Wounded Warriors

This switch answers a fundamental problem that has been presented by blade centers and VMware. The problem is increasing density of 10 Gig Ethernet, as well as the creation of SAN islands to provide storage access to VMware ESX clusters.  The nexus 5020 provides a solution that address both of these challenges, as well as supporting Fibre Channel Over Ethernet (FCOE) for the eventual move to a consolidated data center fabric in the years to come.

Want to learn more ?

Mastering VMware Infrastructure

Nexus 5020 Video Data Sheet

Unified Data Center Fabric whitepaperSimilar Posts:

• Cisco Nexus 7000 DataCenter switch released – Welcome to DataCenter 3.0
• Simplifying your Data Center with Cisco’s Nexus 2000 Fabric Extender (FEX)
• Cisco Nexus 4000 Blade Switch
• Fibre Channel over Ethernet is taking off
• Is your network ready for Cloud Computing with Virtual Infrastructure 4?
• Cisco releases Nexus 1000V virtual switch for VMware

--Colin McNamara

Nexus 5020 – Consolidated 10 Gig Ethernet and 4 Gig Fibre Channel

What useability enhancements do you feel are the most beneficial?

1. A separate, IP enabled, Management Interface. This has been a long time coming. The out of band management interface is very similar to a Ilo card in the HP world. it is effectively a supercharged console server that happens to site on the backplane of the sup engine. I am sure whoever pushed this feature through is going to get flowers one day from a Tech who DIDN’T lock himself out because the management interface was effectively a separate system.
2. Finally, a functionally USB Interface that I can transfer IOS (well, now NX-OS) images through. Everyone has a USB key nowadays, even my Grandmother has one, it will make life so much easier when I can have a 4 gig key with me that has most IOS / NX-OS  versions and my common configs and just pop them right in.
3. The integrated Cabling system is CLEAN. I love that it forces you to reserve the appropriate space for cabling, and that there finally is the possibility to avoid the flying spaghetti train wreck we see so often in Data Centers.
4. Front to back Cooling. The cooling design is well thought out. I liked the fact that it draws from directly above the front floor and exits rear top.. This should help out in raised floor data centers that have a large temperature gradient as you move to the top of the rack. It also negates problem of having multiple 6500 chassis side to side and having warm air blowing from the exhaust of one 6500 to the intake of another 6500.
5. Fan Slots are now placed where it is IMPOSSIBLE to cover with cables. I would say 7 out of 10 times when I walk into a new customers Data Center I find that there are cables run directly over the fan tray with no slack. That is not a failure in design per say, but it could have been avoided. With the Nexus 7000 fan trays in the back the problem is solved before it is created.
6. Power supplies are in the back . FAR away from the data cabling. It never fails that 20 amp circuits get uncomfortably close to copper cabling. By moving the power supplies to the back side of the chassis, this becomes a mute point and we remove any shadow of a doubt about EM interference causing craziness in our cabling.
7. This one sounds really mundane, but a quick heads up grouping of status lights. In the past these were normally in a position where you had to squat down to see them, or they are obscured by cables. Buy putting them on the front of the cable tray assembly it ensures these will always be visible.

What can we focus on now to make it a better platform?

1. One thing that worried me a little was the placement of the compact flash cards in the supervisory module. For those how haven’t it up close look at this picture of the chassis  and look for the Grey cover midway up the sup modules in the center slots. Behind them are two flash cards, one for system partition extension, and one to dump log files into. Having these cards available are great features however I could see an operational process of security rotating out the log partitions, or more likely and engineer pulling the flash card after dumping some data for analysis to it, and then pulling the wrong card by accident. Having a simple strap (like the screw downs for power supply plugs) or something similar would go along way towards mitigating that risk.
2. Continue with the spirit of innovation that has defined Cisco over the years. Cisco has consistently came out with or acquired and integrated many great products that directly address the needs of the market place into the product line (MARS, ASA, AireSpace, TelePresence, MDS, ACE, Etc) but frankly the last GAME CHANGING product that set the industry on its heals and forced everyone to rethink how we utilize technology to accelerate business as a whole was the acquisition of Selsius and the introduction of VOIP as an enterprise class product to the world. I remember having the hair stand up on my arms from the excitement of going up against Avaya and Nortel back then and fighting that uphill battle, educating customers and peers about this “new thing called VOIP and how CallManager (now Unified Communications Manager) is your ticket towards productivity.

   When we talk about the Virtual DataCenter, I/O Virtualization (FCOE) and VFrame Automation it is not just another incremental improvement of existing technology. It is a paradigm shift, a leap ahead, a GAME CHANGER. I get the same chills that I did when VOIP was new because I know that those are technologies that will force us to rethink how we approach computing and data systems. These technologies are to the Data Center what IP telephony was to the PBX, and Cisco is the only company with technologies and engineering know how in all the verticals necessary to pull this off.

Similar Posts:

• Cisco Nexus 7000 DataCenter switch released – Welcome to DataCenter 3.0
• Simplifying your Data Center with Cisco’s Nexus 2000 Fabric Extender (FEX)
• Nexus 5020 – Consolidated 10 Gig Ethernet and 4 Gig Fibre Channel
• Simplifying remote site security with Cisco’s new video surveillance modules on the ISR
• Moving towards a Green Data Center – Truth behind the hype
• Interesting TechWise TV episode on virtualization

--Colin McNamara

Usability features in Cisco’s Nexus 7000

CERTIFICATIONS / ACCREDITATIONS HELD

• CCIE – Cisco Systems Internetwork Expert #18233
• VCP – VMware Certified Professional
• CDCUCSS – Cisco Data Center Unified Computing Support Specialist
• VSP – VMware Sales Professional
• VTSP – VMware Technical Sales Professional
• TSS – Cisco Technical Solutions Specialist, Data Center
• GCIH – GIAC Certified Incident Handler
• CCVP – Cisco Certified Voice Professional
• CSNSSS – Cisco Storage Networking Solutions Support Specialist
• CSNSDS – Cisco Storage Network Solutions Design Specialist
• CADCNSS – Cisco Advanced Data Center Networking Infrastructure Support Specialist
• CCIE Storage Networking
• RHCE v4/5 – Redhat Certified Engineer #804006368822511
• RHCT v4/5 – Redhat Certified Technician #804006368822511
• EMCPA – EMC Proven Professional Associate – Information Storage and Management
• NSCA – Netscaler Certified Administrator #2005072
• NACE – Network Appliance Certified Expert #12912
• NACP – Network Appliance Certified Professional #12017 – Data Protection
• NACP – Network Appliance Certified Professional #11985 – Storage Area Network
• NACP – Network Appliance Certified Professional #12911 – High Availability

Retired Certifications

• Cisco Qualified Specialist – IP Telephony Support
• Cisco Qualified Specialist – IP Telephony Design
• Cisco Qualified Specialist – IP Telephony Operations
• Cisco Wireless LAN Design Specialist
• Cisco Wireless LAN Support Specialist

PROTOCOL PROFICIENCY

EIGRP, OSPF, RIP, BGP, MPLS,  Spanning Tree, Rapid Spanning Tree, VPC, VSS, VDC, TRILL, Fabric Path, OTV ATM, RTP, SIP, H.323, LWAPP, RADIUS, TACACS+, Ethernet, Fibre Channel, iSCSI, NFS FCIP, FCP, FSPF, NDMP 802.11a, 802.11b, 802.11g, RBE, ISDN, SNMP

Virtualization , Parallel and High Performance Compute Platforms

VMware ESX, Kernel Virtual Machine, Xen, Platform LSF, Sun Grid Engine, Hadoop

VOICE and VOICE OVER IP

CallManager, Unity, ICS7750, PBX Trunking, SRST, Active Directory Integration, Extended Services, Call Detail Recording, Automated Attendant, Extension, Mobility, Asterisk, Callware and VSR VM.

HARDWARE

Cisco Unified Computing System (UCS) 6100, 2100, 5100, Nexus 7000, Nexus 5000, Nexus 2000 and Nexus 1000v switches, Catalyst 1900-6509 switches, 1600-7500 series routers, Cisco PIX firewalls, Cisco Load Balancers, Cisco

MDS , F5 Load Balancers, Netscreen / Juniper Firewalls, Cisco VPN3000 VPN concentrators, Cisco ASA Adaptive Security Appliances, Nortel Contivity VPN Concentrators,  Aironet Access Points and Bridges, Airespace LWAPP

concentrators. 3com TotalConnect racks, Ascend dial concentrators, Netscaler Load balancers, SSL accelerators, SSL VPN concentrators. Brocade Silkworm, HP Eva Storage

NETWORK MANAGEMENT

Nagios, Cacti, NTOP, IPswitch What’s Up Gold, BIG Brother, Spectrum Network Management, Kiwi Syslog,, MRTG , HP OpenView, Cisco Secure Intrusion Detection system,

Cisco Network Based Application Recognition, Snort IDS, Netscreen Firewall Manager, Unified Compute System Manager

OPERATING SYSTEMS

Redhat, Suse and Ubuntu Linux, Windows 2000, Windows 2003, Windows 2008, Windows XP, NT4.0, BSD, Solaris, OSX

BUSINESS ENVIRONMENTS

Consulting, Valued Added Reseller, Large Enterprise, Startup, Banking, Service Provider, Software Development, Manufacturing, Military

EMPLOYMENT

6/11 -  Present , Nexus IS

Director, Data Center Practice

Responsible for got to market strategy for Nexus IS, a national Cisco DVAR.

Accomplishments

• TBD

1/07 – 6/11, ePlus Technology

Consulting Systems Engineer – Data Center (10/08 – 6/11)

Transformed ePlus western region from a #3 and #2 ranked voice and campus partner to the #1 ranked Data Center partner in Northern California

Accomplishments

• Changed regional sales focus from technology silo’s to solutions based selling covering network, systems, storage and applications under one umbrella
• Developed and deployed go to market strategy for Cisco’s Unified Computing System resulting in significant competitive advantage in the western United States.
• Deployed the first Nexus 7000/5000/2000 architecture into production securing competitive advantage across multiple verticals.

• Increased Data Center revenues year over year in the worst economy in a century.
• Attracted and retained top industry talent.
• Leveraged unique technology positioning to win multiple key global clients.
• Partnered with business units inside of Cisco, resulting in key product enhancements as well as increased revenue for both ePlus and Cisco.
• Passed multiple certifications resulting in ePlus being able to sell and install EMC Vblock.

1/07 – 6/11, ePlus Technology

Senior Systems Engineer (1/07 – 10/08)

Accelerate Technical Sales, design and implement network, storage, voice and systems solutions for ePlus Southern California customers.

Accomplishments

• Changed regional sales focus from technology silo’s to solutions based selling covering network, systems, storage and applications under one umbrella.
• Established a trend of Advanced Technology account wins.
• Accelerated ePlus’s southern California sales by providing high-end engineering support.
• Integrated MPLS service provider designs into cutting edge Enterprise and Casino Gaming solutions.
• Filled PM and lead network engineer roles for large publicly traded company data center migrations.
• Created modular Cisco design / quote format and menu based hardware and services options to address rapidly changing customer needs.

9/05 – 1/07 ID Analytics

Lead Network Engineer

Lead team of four engineers, Define network and application integration architecture for large SaaS (financial cloud) analytics deployment , Leverage networking technology to increase security and availability, and decrease development and product deployment timelines

Accomplishments

• Led team of engineers responsible for all Production and Back Office systems in 2 offices and 3 datacenters
• Designed and Implemented ID Analytics Phase2 datacenter, processing 1.8 million financial transactions daily.
• Designed and Implemented Contents Switching and SSL offloading solution, enabled non-disruptive scaling of core products
• Integrated ID Analytics product with the largest card processors in the world – Equifax, Visa, TransUnion, etc.
• Designed and integrated centralized Fiber Channel and ISCSI SAN solution, increasing application speed and decreasing production database refresh times from 4 weeks to 1 week.
• Managed and maintained over 130 terabytes of storage
• Created lights out server imaging and deployment solution for remote datacenters
• Deployed and integrated monitoring solutions utilizing open source technology
• Created user emulation probes for real time application monitoring and trending of production systems
• Worked with development and Analytics to create structured Development and QA environments
• Spearheaded project to change Analytics / Informatics environment from “unix for workgroups” to high performance computing environment (HPC)
• Provide structured documentation to US Government and Corporate auditors
• Utilized project management skills for international rollouts

2/04 – 8/2005 Openwave Systems
Senior Network Engineer, Strategic Design and Integration Group
Provide technical leadership, Define network architecture, Establish standards and technical vision. Responsible for researching, developing, and architecting technical solutions to business needs.

Accomplishments

• Designed Openwave’s new Pacific Datacenter Networks, with 900 production, and 2000 development servers.
• Designed Openwave’s Pacific Shores Campus Networks, and Showcase Datacenter.
• Responsible for hardware acquisition budget of 1.7 million dollars
• Established ISCSI IP based SAN infrastructure with DR components in 4 major datacenters worldwide
• Promoted from the ranks, moving from running our VOIP phone systems, to Network team lead, to Senior Network Engineer in the Strategic Design and Integration team.
• Active and engaged member of multiple boards covering design review, change control, and security
• Negotiated with Cisco and SBC regarding datacenter purchases saving $906,000 off list price.
• Renegotiated Cisco support saving Openwave nearly $600,000 over our three year term
• Established improved data center controls, allowing Openwave to pass Sarbanes Oxley (SOX) audits
• Wrote and ran multiple RFP, RFQ, and RFI’s
• Utilized project management skills for international rollouts
• Managed, Piloted, and Installed new wireless systems for our Customer Briefing Center
• Responsible for 6 VOIP clusters around the world
• Recipient of multiple awards recognizing dedication and quality work.
• Attended continuing training for security management (CISSP)

2/03 – 1/04 USMC Reservist activated in support of Operation Enduring Freedom
Information Services Coordinator
Implement and maintain Tactical Data Networks, Provide consulting services to hosting units. Maintain Microsoft Exchange servers in both tactical and garrison environments. Perform security audits and remediation. Train support personnel.

Accomplishments

• Performed Disaster recovery of routed ATM LANE environment for Marine Corps Air Station Yuma enabling over 3000 users to resume work (awarded the Navy and Marine Corps Achievement Medal for that event)
• Performed security audit and created a security and performance remediation plan for MCAS Yuma
• Provided project management and security audit skills to 3^rd Marine Air Wing Yuma server support teams, managed server security audit, security remediation, and SMS rollout.
• Designed and implemented Nagios network monitoring system at Marine Corps Air Station Yuma.
• Implemented Norton Antivirus server for MWSS 473
• Provided training on to data teams from MWSS 473, MCAS Yuma Station IT, and 3^rd Marine Air Wing Yuma server teams.

12/02 – 2/04 2 Cups Solutions, Pleasanton , Ca
Principal Consultant
Founded 2 Cups Solutions to provide cutting edge Voice, Data, Wireless and Security services to clients in the San Francisco bay and Fresno areas.

Accomplishments

• Implemented WAN failover solution at two City of Hayward fire stations.
• Implemented email and web solution for Express Mobile Notary.
• Developed and implemented business plan focusing on State and Local Government contracts.

2/02 – 12/02 ExtraTeam, Pleasanton , Ca
Senior Systems Engineer
Design, Installation, Configuration and Maintenance of network systems consisting of Cisco CallManager, Unity, Cisco Secure ACS, LEAP secured wireless, Aironet, Cisco routers and switches, PIX firewalls, and VPN3000 concentrators. Integrating all systems with Active Directory. Performed VOIP feasibility studies. Managed the entire business cycle including sales, design, installation, training and maintenance.

Accomplishments

• Integrated CallManager voice system with Active Directory
• Recovered a failed CallManager implementation at Phase 2 Strategies (PR firm for Logitech). Implemented CallManager with up to date hardware and software, upgraded Unity up to reasonably current levels. Brought up remote office in Phoenix utilizing SRST.
• Implemented City wide wireless network integrated with active directory for the City of Hayward
• Implemented VPN Concentrators in conjunction with multiple levels of firewalls for City of Hayward and Hayward PD to meet CLETS requirements.
• Implemented network configuration management system responsible for the city of Hayward.
• Implemented new wan for Livermore Pleasanton Fire department moving fire stations from isdn to T1 and Gigabit fiber lines in conjunction with moving the location for the network core.
• Designed and implemented IPSEC based wan for Universal life resources, allowing nationwide secure remote office connectivity while minimizing wan connection costs.
• Designed CallManager based VOIP system for a 27 site school district
• Provided emergency support to Fire and Police agencies across the bay area
• Performed security remediation for a large bay area company
• Participated in large switched network cutover from 7500 to a 6509 with flex-wan modules for Stanislaus County.
• Achieved technical certifications for ExtraTeam to become certified under both the Wireless and IP Telephony revised specifications.

7/01 – 2/02 Infobond Inc. Burlingame , Ca
Network Engineer

Responsible for engineering duties in a leadership role. Integrated legacy PBX’s using VOIP technology. Used Quality of service to ensure VOIP service levels. Support legacy voice over IP and voice over Frame Relay technologies. Upgrade from legacy voice integrations to state of the art VOIP integrations. Create project plans and act on them.

Accomplishments

• Cut over evergreen lines shipping terminal from legacy 3com equipment to VOIP enabled Cisco routers and switches. Accomplished all work during Union stand downs.
• Contracted to Openwave, Inc. to run Remote Access while the engineer was on leave. Ran Remote Access for 5 weeks, resolving DSL RLAN issues and IPSec issues, while reducing trouble ticket backload to manageable levels. Assisted other engineers when needed.
• Implemented Cisco 6509’s to replace aging core network of a Benchmark Capital (bay area investment firm).
• Diagnosed and resolved VOIP issues that were stopping call center rollouts for Embarcadero Systems (a large bay area shipping company).

03/00 – 7/01 Knapp Publishing Corporation, San Ramon, Ca
Network Systems Administrator

Responsible for day-to-day operations of e-commerce data center, and wide area networks Performed DNS changes for both internal and external networks. Designed, piloted, and implemented network changes. Installation configuration and maintenance of NT, and Windows 2k file, print, and web servers

Accomplishments

• Improved service levels from 90% to 99.99%, enhanced security and increased bandwidth were benefits derived from implementing a state-of-the-art web hosting data center
• Implemented a network monitoring system to document, report, and notify of network status.
• Designed and implemented ISDN failover of Frame-Relay Network.
• Designed, piloted, and implemented network changes.
• Replaced NT servers with Linux based servers, integrated with the Windows network

01/98 – 03/00 DKA Computers Inc. Clovis, Ca
Manager Information Services (01/99 – 03/00 )

Ran day to day operations of a large valley ISP. Worked with systems manufacturing to bundle client software with all new PC’s. Partnered with local ISP’s to provide access numbers across the valley.

Accomplishments

• Managed web development, and professional services
• Moved web hosting from IIS on Windows NT to APACHE on Linux based servers, drastically increasing site availability
• Produced a forms based web application to configure custom systems online.
• Designed and implemented an IPSec based WAN connecting 3 stores point of sales systems.
• Managed corporate office and data center relocation project.

Senior PC Service Technician (01/98 – 01/99)

Provide on call service. Staff PC help desk. Provide direct customer systems support while maximizing company revenues. Configured all servers ordered from manufacturing.

Accomplishments

• Responsible for all day to day service activities for a 13 million dollar company. Management of 4 team members. Directly responsible for customer satisfaction
• Implemented hard drive imaging system, decreasing both warranty costs and turnaround time
• Installed and configured SCO Unix reservation system for National Park service, Kings Canyon
• Deploy Citrix Winframe Systems, Windows NT 4.0 Systems
• Designed, implemented inventory tracking database, reducing required stock on hand by $40,000

MILITARY

1996 – 2004 UNITED STATES MARINE CORPS RESERVE
Have held U.S. Government security clearance – Secret

EDUCATION

Ongoing professional education

Sans CISSP + Track

University of Oklahoma extension – Fire Science

Cisco Networking AcademySimilar Posts:

• What does it take to pass the CCIE exam?
• I’ll be at Cisco Live 2008 (networkers) in Orlando all week
• About Colin McNamara
• Cisco Certified Design Expert – CCDE – officially released by Cisco
• Challenges integrating VMware into Cisco networks
• Darrel Hinshaw – New Triple CCIE [Storage]!!!!!!!

--Colin McNamara

Resume – Colin McNamara, CCIE #18233

This tactic address one key failing of ISCSI. Specifically an ISCSI interface running at 400 megabit will take 16% of a 3 ghz 64 bit cpu while using a software initiator or target. This can create some interesting issues where you don’t want to have them. By removing the layer3 information, and transposing fibre channel commands over the Ethernet transport a major cpu hit is avoided.

My gut feel is that this technology will follow a similar track as ISCSI did. ISCSI had a very low adoption in the first 3 years. Storage guys are naturally timid, as there are stiff consequences for failure, but eventually engineers warmed up to ISCSI and started deploying it where it was most appropriate, in lower bandwidth utilization hosts. FCOE will follow this same path, however this time we won’t have to fight the FUD of storage of a network transport. What is in FCOE’s favor is that as a protocol it is optimized for the general ISCSI setup of flat layer two transport between target and initiator.

That all being said, we are going to have to see some product releases from Cisco and Intel for FCOE to really take off. If we don’t, then FCOE will fall down the same hole that ATA over Ethernet disappeared down.

Colin McNamara
CCIE #18233 (Storage Networking)
2 Cups Solutions
“The difficult we do immediately, the impossible just takes a little longer”

References -

Intel Project Page

Colin McNamara
CCIE #18233

http://www.2cups.com

“The difficult we do immediately, the impossible just takes a little longer.”Similar Posts:

• Nexus 5020 – Consolidated 10 Gig Ethernet and 4 Gig Fibre Channel
• Cisco Nexus 4000 Blade Switch
• Link Round Up – L2TPv3 FCOE Trill Wounded Warriors
• My CCIE Storage Shopping List
• What being married to a geek who does search engine optimization gets you
• Will Cisco succede where Sun has failed?

--Colin McNamara

Fibre Channel over Ethernet is taking off