What’s NEW in CLOUD Section | CCIE Evolving Technologies V1.1 Blueprint
In this article, I will be discussing the topics that Cisco has added related to Cloud technologies section within the Evolving Technologies V1.1 blueprint update. Please note that I wrote an article earlier describing the overall Evolving Technologies V1.1 blueprint update, which is slated to go into effect on Aug 30 2018. Cisco dubbed it as a minor update (as high-level structure remains the same), however to me it is a major update when you look at what changed.
Kashif Zeeshan @Cisco is the program manager responsible for keeping evolving technologies abreast with industry changes. To put changes that are forth coming in v1.1 update, let’s go back to Kashif’s presentation at Cisco Live that he made at Las Vegas. Let me summarize the key points.
- Cloud, network programmability and IOT are top three areas for CCIEs preparing for future changes or job evolution
- Design/architecture, data center and network optimization are the top three areas for CCIEs that are pretty much busy doing their jobs
- Hybrid skill set is what makes up the Full Stack so to speak
Now, with this in mind, let’s analyze the changes made to Cloud section. As you can see, right off the bat, Cloud section saw the largest additions and pretty much nothing was taken away from the section dating back to evolving technologies v1.0.
Let me recap the new topics that are added.
- High Availability
- Compute Virtualization (Containers)
- Connectivity (virtual switches, SD-WAN and SD-Access)
- NFVI, VNF and L4-L7
- Orchestration Tools (CloudCenter, DNA Center, and Kubernetes)
As clouds mature, cloud scalability becomes a big topic. Even when we believe we have it all figured out, we learn that we have not when you look at the colossal failure of AWS autoscale on Amazon Prime Day July 15th 2018. Amazon support teams had to turn off some portion of international traffic and manually add server capacity to cater for the North American traffic. Amazon cloud team had estimated traffic to many fold of the previous year’s event, but apparently the actual traffic was multifold (or at least x2) of even that estimate (over 100M products were purchased in 36 hours despite the failure that resulted in up to $90M loss attributed to outage).
Scalability remains an important area of focus both for Cloud and on-premise deployments both from technical standpoint and internal processes perspective which you can only see when something doesn’t scale as expected (i.e. Amazon Prime Day event). Your business won’t survive long-term without having a scalability plan to meet both seasonal and unexpected demands.
During Christmas of 2012, Netflix suffered an outage due to running a development process against product ELB state data. This caused data to be lost in the AWS ELB service back end, which in turn caused the outage of a number of ELBs in the US-East region across all availability zones. Previous AWS outages have mostly been at the availability zone level, where Netflix services continued to stay up during AWS outages.
Key takeaway for Netflix outage was that they needed to run Netflix services across AWS regions, i.e. to survive an AWS failure that could affect an entire region. In this incident, we’re talking about cutting edge tech companies that had having issues with cloud HA, having said that, cloud HA continues to be a huge topic both in terms of HA architecture (ELBs what not) and organizational processes.
Data breaches and data loss continue to remain at the top of CSO’s list of priorities. In one estimate, cost of each data breach is estimated to be around $3.86M. It turns out massive security breaches come with equally large punishments, ranging from $40 million for 1 million records lost to $350 million for 50 million records lost.
AWS is compliant with the HIPAA / HITECH ruling, and has certifications for PCI-DSS, SOC, DoD SRG, FedRAMP, ISO 27001 as documented in their website.
Compute Virtualization (Containers)
Containers are nothing but a method of OS virtualization that allow you to run an application and its dependencies within the resource-isolated processes. Containers provide number of benefits over say VM-based virtualization, including but not limited to, environment consistency, operational efficiency, developer productivity and strong version control. Linux containers have been around for sometime, along with some recent ones such as Dockers that made single-application LXCs. Namespaces and cgroups make LXC possible. You can read more about containers here.
Connectivity (virtual switches, SD-WAN and SD-Access)
This requires pretty much no instruction. SD-WAN has really gone from whiteboard to actual deployments over the past 6 years or so. Cisco acquired vIPtela whereas VMware purchased VeloCloud to enter SD-WAN market last year.
SD-WAN is a specific application of software-defined networking (SDN) technology applied to WAN connections or links, which are used to connect enterprise networks – including branch and head offices and data centers – over large geographic distances, generally 100Km or more.
NFVI, VNF and L4-L7
NFVI and VNF products have seen a rapid interest after ESTI’s published framework along with ATT and a few other large telcos back in ~2012. It was a no-brainer for telcos to jump into it with both feet since it promised them to force vendors’ hand around vendor lock-in and reduction in OpEx with simplified and standardized network management functions.
In enterprises, the use of VNFs is mostly in the form of L4-L7 devices such as vFW or vLB that are distributed as virtual appliances.
Orchestration Tools (CloudCenter, DNA Center, and Kubernetes)
I am so glad that orchestration tools made it to the list and a non-Cisco tool that had to be part of this list is Kubernetes. If you don’t know, Kubernetes is a portable, extensible open-source platform for managing containerized workloads and services. It facilitates declarative configuration as well as automation. It has a large, rapidly growing ecosystem.
Well, finally, if you have an exam scheduled in September or later this year, it is worth noting again that above topics in the form of Evolving Technologies V1.1 update, are slated to go live on August 30, 2018 for all CCIE written exams.
OpenStack and Interlcoud
Now, it is not surprising that “OpenStack Components” from V1.0 has been dropped. If you recall, Cisco abandoned OpenStack-based InterCloud efforts back in September 2016. We have also covered this topic in Is OpenStack dead article. Cisco has replaced that with CloudCenter, DNA Center, and Kubernetes.
When will CCIEin8Weeks release new course material?
We already did! All of our study guides and practice exams now include Evolving Technologies V1.1 material.
Please feel free to post your comments and questions, I will be responding to them over the next few days and weeks.
0 (0) Today, we live in a world where there is nothing, and I mean nothing, off the limits for cyberattacks and particularly ransomware attacks. Our hospitals, our universities, oil pipelines, and now even our meat is under cyberattack. The cyberattack that flattened the IT operations at JBS Foods over the weekend turns out was […]
0 (0) Ransomware has been a growing menace for years, but there has been a marked increase, during the recent months, in sophistication and level of innovation in this portion of the cybercrime underbelly. If you didn’t know, cybercrime comes in many different types, such as email and internet fraud, identity theft, financial theft like […]
0 (0) It’s time to check your Pulse. I mean your Pulse Connect Secure VPN appliance. Hackers have been exploiting several previously known and one zero-day vulnerabilities affecting Pulse Connect Secure aka PCS VPN appliances. They are targeting defense, government, and financial organizations around the world. According to FireEye, several threat actors have been exploiting […]
5 (2) OK, we now have another supply chain attack that could become the next big hack. When April fools’ jokes were being published online, one company known as Codecov discovered something that was far from a joke. So, who is Codecov? Codecov is one of the many DevOps tools out there. It provides hosted […]
5 (2) So, what is Ethical Hacking? Well, it is hacking ethically. OK, that was not helpful. There are two types of hacking, white hat hacking, black hat hacking. They use similar tools and have similar goals, so then what is the difference. Well, there is one big difference and that has to do with […]
How useful was this post?