Cisco IT E-Learning CDO-IT Collaboration Track ...€¦ · Technologies - Part 2 (Security, Network Systems, Data Center) ... in EBCs – Describe how Cisco IDS and IDS signatures

© 2008 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 1

Cisco IT E-Learning CDO-IT Collaboration Track Technologies - Part 2 (Security, Network Systems, Data Center)

Produced by the Cisco on Cisco team within Cisco IT


Cisco IT E-Learning CDO-IT Collaboration Track Security

Jeff BollingerIT Engineering, CSIRTJames KasperSoftware Engineer, IPS Engineering


Cisco NDIS Team and IDS Deployment

120 IDS sensors deployed globally

Work with IDS engineering and signature teams

Provide direct access to some sensors so engineering teams are able to perform real-time troubleshooting

Provide them with a rich, diverse traffic environment for testing new code releases, engines, and different changes and tweaks to code

Problems need to be addressed quickly through direct engagement with IT and engineering groups


Benefits of Partnership

Advantageous two-way relationship

Sharing different customizations with the engineering team helps to provide visibility into what higher end customers are doing

Most importantly, the partnership enables real-time debugging versus having to go through customers or proxies


Problems and Challenges

Performance issues, such as:

– Oversubscription

– Too much sensor

Engineering teams are able to isolate the issue

Helps in developing deployment strategy


Using IDS in Cisco

There is a heavily customized load on IDS sensorsMany custom signatures used to detect special casesLeverage several new features in the product to see if a use case can be made Signature fidelity

– Needs to be tested in live environments as well as a lab because the result is always different


Selling the StoryMeeting with customers in EBCs– Describe how Cisco IDS

and IDS signatures are used

– Show how the product has improved dramatically over the eight years it has been used

– Share it as “our number one tool”


Selling the StoryBeneficial to let customers see that Cisco is using it – In a real production

environment

– On an enterprise network

– And are able to keep up with the level of threats encountered


Running IDS on a Real Network

Enables the team to see many things that wouldn’t be seen in a lab

Cisco has a relatively open network, which allows a view of a broad basis of traffic as well as all types of platforms

IDS is not just placed at perimeters; it is also placed at internal checkpoints (data center gateways) to protect the most critical assets, which are the data centers

Data center traffic constitutes a huge mix with different protocols and thus demands a large percentage of uptime

Reliable security in place is important


Constantly looking for new ways to detect malware and having direct access to the engineering and signature development teams is a huge win for both IT and engineering

It’s a win for IT because issues are discovered

It’s a win for engineering because a better product is made

It’s a win for Cisco because it proves to customers that this is the best-of-breed IDS technology; customers get a better product with better fidelity

Triple Win


Cisco IT E-Learning CDO-IT Collaboration Track Network Systems

<ADD APPROPRIATE

IMAGE>

John MoeNetworking Engineer, Emerging TechnologiesBrian ArmerEngineering Release Manager, Release Engineering


Information technology

Network and data center services

Design engineering

Technology roadmaps

Routing and switching roadmap

1

2

3

4

5

IT Overview


Collaboration and Feedback

Transition from OSM to SPA interfaces

New network requirements (due to TelePresence)

12.2(18) SXF split to SX and SR to accelerate features

Next-generation hardware


CDO-IT Overview

Software group– Manage the major IOS classic

release trains

Cisco IT are an integral part of release lifecycle

– Run large-scale alpha networks and provide feedback

– This feedback ultimately helps make the IOS releases much better and higher quality


CDO and Cisco IT

Monthly meetings– BU provide roadmap to Cisco IT

– Cisco IT provide feedback to BU

Alpha network partnership– Make IOS releases much better products


Cisco IT E-Learning CDO-IT Collaboration Track Data Center

Sidney MorganIT Manager, Cisco on CiscoBill ErdmanMarketing Director, SVBU U.S. Marketing


VFrame Data Center

Cisco IT needed help with how it deployed servers

The model used was job shop-oriented, inefficient, not cost effective, and had a negative impact on business agility

IT challenged CDO to look at the data center from a systems provisioning perspective


VFrame Data Center

Cisco IT traditionally used its own custom tools for provisioning and management

VFrame DC was an opportunity to build something for Cisco IT according to its requirements and then sell the product to the broader market


CDO and IT Relationship

Non-threatening

Cisco IT could specify features it was seeking for the product and share the limitations that it had already seen

This open dialogue inspired Cisco IT to be able to ask about such things without the associated revenue issues

Formed the basis of a good working relationship and a strongly defined provisioning platform needed by Cisco IT


Benefits of CDO-IT Collaboration

VFrame DC is delivering on what both CDO and IT set out to accomplish

It helps to rationalize new technologies– e.g., VMware, virtualized servers and some virtualized storage

CDO and IT collaboration – Helped to build a product now being sold in the open marketplace

– Has helped make Cisco more strategic with customers

– Has enabled Cisco to approach the data center as a system vendor with a true system offering at the provisioning layer

Cisco IT likes to work with all business units to help ensure that products have an enterprise, solutions focus.


CDO Process in Working with IT

1. Defined requirements with Cisco IT2. Defined development milestones and synchronized

them with Cisco IT development goals3. After reaching alpha and beta version levels in CDO

labs, the product was put into Cisco IT labs4. Through feedback from Cisco IT on additional

features required and bugs, the product was hardened in terms of:– How Cisco IT was going to use it– How CDO tests scripts– How it was going to be tested by

Cisco IT


CDO-IT Collaboration: Effect on the Lifecycle

The CDO-IT collaboration produced true innovationCDO would not have thought as broadly about the product without the IT collaboration The broad scope given by Cisco IT added a year to the product development cycleThe result has been an end-to-end provisioning platform that is extremely strategic for Cisco IT and the data center, as well as significant to the marketplace


Resources

E-Learning transcript, presentation, and video available for download

Links to the Cisco on Cisco website, best practices, case studies, newsletters and more


To learn more about Cisco IT real-world deployments, visit

www.cisco.com/go/ciscoit

http://www.cisco.com/go/ciscoit


Documents

Cisco IT E-Learning CDO-IT Collaboration Track ...€¦ · Technologies - Part 2 (Security, Network Systems, Data Center) ... in EBCs – Describe how Cisco IDS and IDS signatures