The main goal of the CVD program is to provide networking professionals with a framework for up to date network design and implementation guidance across a broad set of solutions. Navigating diverse technologies can be a daunting task and the CVD program offers network designers solid reference architectures that are easily customized to existing business needs.
The Enterprise Solutions Team at Cisco has invested a lot of time testing and documenting new solutions along with maintaining and updating existing solutions. Unfortunately, with the large selection of guides on Design Zone, it’s easy to miss what has recently been published. In this blog, I provide an overview of recently updated guides, grouped by enterprise networking topics.
Design coverage for campus networks (wired and wireless networks that support the devices people interact with to do their daily tasks) have been updated to align with new capabilities that organizations are seeking. The Campus LAN and Wireless LAN Design Guide covers platforms which have higher densities at higher bandwidths, along with features to enable better network visibility, policy enforcement, and programmability for organizations. Traditional campus network deployments are explained along with a new fabric option for the campus. The Campus Fabric Design Guide goes into more detail for this new offering from Cisco. It explains how you can gain additional capabilities, such as address mobility and user segmentation through the use of technologies enhanced from designs traditionally deployed in data centers.
To help address the rapid growth of network attacks resulting from technology trends such as mobility, cloud, and the Internet of Things (IOT) points of infiltration, we offer guidance using the Cisco NaaS solution toolbox. This solution consists of NetFlow, Cisco ISE, and Cisco Stealthwatch. The Network as a Sensor Deployment Guide helps your entire network detect anomalous traffic flows such as malware and identify user access policy violations. It also allows you to obtain broad visibility and awareness into all traffic on your network
The User-to-Data-Center Access Control Using TrustSec Deployment Guide provides details on using Cisco TrustSec for access control policy to the Data Center and describes use-cases for regulatory compliance (PCI, HIPAA), multi-tenancy, and Bring Your Own Device (BYOD) deployments. The Cisco TrustSec solution simplifies the provisioning and management of network access control through the use of software-defined segmentation to classify network traffic and enforce policies for more flexible access controls. The solution is based on endpoint identity (not IP address) and it enables policy change without network redesign for your Cisco switches, routers, and firewalls.
MACsec is no longer just a campus LAN technology, it is also used over Metro Ethernet transport and Data Center Interconnect (DCI) links, providing a line-rate network encryption solution over Layer 2 Ethernet transport services. The WAN MACsec Deployment White Paper provides an overview of MACsec, compares MACsec with current IP-based encryption solutions, and highlights key WAN and metro Ethernet use cases.
The Application Policy Infrastructure Controller - Enterprise Module (APIC-EM) is Cisco's enterprise SDN controller which provides automation services as an integral part of Cisco’s overall DNA architecture. EasyQoS is one of several applications that run on APIC-EM, allowing network operators to declaratively express QoS policies via an easy-to-use web-based GUI, and to deploy those policies simultaneously to groups of network infrastructure devices. You can avoid spending extensive time-consuming cycles to deploy QoS, and instead deploy QoS policies that are tightly-aligned with evolving business requirements by referencing the EasyQoS Design Guide. The guide discusses the evolution towards policy-based abstraction of QoS design, presents an overview of the use of APIC-EM and the EasyQoS application to create and deploy QoS policies. It also provides a detailed explanation of the QoS commands which are provisioned onto each network infrastructure device (routers, switches, and wireless LAN controllers) as a result of the EasyQoS policies.
A new set of guides for Cisco’s Intelligent WAN (IWAN) offering makes the WAN more service-centric, with traffic monitoring, management and a focus on application delivery. You can select any type of WAN connectivity to help lower cost (up to 70% versus private networks!) without compromising security, and choose a physical or virtual deployment model to easily provision and maintain WAN services.
Cisco IWAN incorporates advanced traffic control and security features into standard routers for routing traffic over the Internet or other low cost links, as shown in the Intelligent WAN and WAN Design Summary. This guide provides a high level overview of several wide-area network (WAN) technologies, followed by a discussion of the usage of each technology at the WAN-aggregation site and remote sites and works well as a roadmap on how to use the companion Intelligent WAN Deployment Guide and WAN deployment guides.
The Intelligent WAN Direct Internet Access Design Guide shows how you can reduce WAN bandwidth and improve user experience by enabling secure direct access to the Internet at each remote site, without routing employee traffic to central network locations.
With all of these new guides, we are certain that will you have feedback and other ideas to share. You can use the new Design Zone Idea Forum to interact with the team developing content to help us prioritize future guides, suggest which guides to refresh, and give overall Design Zone feedback. You can also use the feedback link to notify the team directly with your thoughts. Please provide us with feedback on the CVD program. Development of new solutions is a big investment area for Cisco and we use feedback to make sure we are delivering quality content on the most important areas for your business needs.
What solution areas are you interested in exploring? Is there a topic you want to hear about with my upcoming blogs? Add it to the comments field!
About the Author
Nelson Figueroa is a solutions architect for the Enterprise Infrastructure and Solutions Group. Nelson is a triple CCIE focusing on solutions development at Cisco for the last 15 years.
Here are a few additional ways for us to engage and keep the conversation going:
- Cisco Design Zone
- Design Zone Idea Forum
- Cisco Documentation Feedback- Design Zone
- Connect on Facebook and Twitter too
- Related Unleashing CCDE blog: Cisco Validated Designs by Nelson Figueroa
- Related links: Design Zone for Campus, Campus LAN and Wireless LAN Design Guide, Campus Fabric Design Guide, Network as a Sensor – Unified Wired-Wireless Deployment Guide, User-to-Data-Center Access Control Using TrustSec Deployment Guide, WAN MACsec Deployment White Paper, APIC-EM EasyQoS Design Guide, Design Zone for WAN and Branch/Remote Sites, Intelligent WAN and WAN Design Summary, Intelligent WAN Deployment Guide, IWAN Direct Internet Access Design Guide