network management - cisco connect tr '14
Post on 13-Jul-2015
301 Views
Preview:
TRANSCRIPT
Cisco Confidential 1 © 2010 Cisco and/or its affiliates. All rights reserved.
Name Title
Cloud & Systems Management Technology Group
Prime Infrastructure 2.0 Technical Overview Technical Decision Maker (TDM)
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 2
• What is Prime Infrastructure
Introduction
Functional diagrams
• Prime Infrastructure 2.1
New Features
New Device Support
• Prime Infrastructure 2.0
New Features
Wireless Support
• Functional Description
Lifecycle Management
Assurance Management
Plug And Play
• Architecture & Deployment
Deployment consideration
Product requirements
• Scaling & Hardware Sizing
Performance numbers
• Supported Devices
Wired/Wireless update
• Integration
Identity and mobility services
North Bound (NB) API
• Additional References
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 3
Assurance
End-to-End
Application
Experience &
Visibility
Plug & Play
Simplified
Deployment of
New Cisco
Devices
Lifecycle
Converged
Management with
Integrated Best
Practices
Convergence Consolidation Cisco Advantage
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 4
• Centralized Discovery, Inventory, Configuration Management, SWIM, and Proactive/Reactive Monitoring
• Accelerated Troubleshooting of Wired/Wireless Infrastructure Issues
• Greater device coverage: 3850/5760 (including templates and guided workflows), ASAs, IOS-XR and IDU
• Customizable out-of-the-box Cisco best practices and validated design configuration templates for wired/wireless devices
• Unified Access Management and Client Tracking
• Infrastructure lifecycle reports – EoX & PSIRT
• Plug & Play for Automated Deployment
• 3rd party device support
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 5
• End-to-End Visibility for Service-Aware Networking
− By applications, services and end-users
• Out-of-the-Box Support for Cisco Advanced Instrumentation
− Netflow, Flexible Netflow, AVC, NBAR, PA, Medianet, etc.
• Simplified End-to-End Visibility for Faster Troubleshooting
− Normalizes, correlates and aggregates data sources
• Automated Baselining with Dynamic Thresholds
• NBAR2 Custom Application Support
• Multi-NAM Management
• Service Health Dashboard
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 8
• 5508/WiSM2 – CA Mobility Controller
Backwards Compatibility for WLC 7.5 & WLC 7.6
Platform support only (no new features)
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 9
• New AP support
AP 3702P, AP 3700 (I/E),
AP 3600 with ac module, AP 3602P “Gillaroo” antenna,
AP 2700,
AP 1530,
AP 702W
Support discovery, inventory, monitoring, client monitoring, maps
Feature configuration at WLC 7.4 feature parity (newer feature configuration at controller)
• WLC version support enhancements
Qualify (test and verify support for) WLC 7.4 MR2
Support WLC 7.5, WLC 7.6 & MSE 7.6 support (does not include Client SSO, Policy Classification Engine and Bonjour feature support – these will need to be configured via the WLC web GUI)
WLC 8.0 'basic monitoring support' when available
Cat 3650, AP3700, AP3600 with
IOS-XE 3.3 (feature subset)
IOS-XE 3.6 ready with IOS-
XE 3.3 feature parity
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 11
• Nexus 9K Device Support
• ASR IOS-XE 3.10 (fix SWIM to accommodate device CLI changes)
• ISR Container Management fix for IP unnumbered
• Customer Commitments
Audit Log to Syslog
Porting of all fixes delivered in patches to PI 1.3.2 which are not already part of PI 2.x codebase
Specific fixes for defects and enhancements delivered as part of customer commitments
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 13
• Converged Access Technology Support
• Plug and Play
• Simplified deployment of devices and wired/wireless features
• Extended device support
• ASAs, AirOS, Nexus, ASR 9000, GSRs, MDS, etc.
• User 360 view for fast and efficient troubleshooting and remediation
• Threshold Crossing Alerts
• EoX/PSIRT Reports
• Enhanced Northbound REST APIs
• Greater scalability
• Manage up to 38,000 routers, switches, ASAs and access points in a single instance
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 14
• Plug and Play
Simplified Deployment of routers and switches
• Simplified deployment of Network Services & Technologies
• Including AVC, ZBFW, WAAS, VPN (EzVPN), DMVPN, GETVPN, ACLs, etc.
• OOTB Readiness Assessments for TrustSec
• 802.1x Model based Templates
• OOTB Cisco best practice configuration templates
• Simple configuration of NTP, SNMP, Interface, VLAN, etc.
• Configuration Groups
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 15
• IOS XE 3.2.3 support for converged access switches
Real time troubleshooting
• WLC 7.4 support
• OOTB integration with MSE 7.4
• WLC 5760 controller, 3850 switch, virtual WLC platforms, AP 2600, AP 1550 with EPON interface, High Availability (HA), Proxy Mobile IPv6, and other features
• Next generation maps with automated hierarchy creation
• Application Visibility (AVC 2.0 support) for wireless
• 1-Click AVC Configuration
• AVC Monitoring
• Index Based WLAN Creation
• Mobility Work Center
• Easy Mobility Group/Domain Setup
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 16
• Service Health Dashboard
• Proactive Performance Troubleshooting
• Automated Baselining & Dynamic Thresholds
• Application Visibility (AVC 2.0 support)
• 1-Click AVC Configuration
• AVC Monitoring
• NBAR2 Application Support
• Configuration of custom applications
• One-to-many push to devices
• Embedded Packet Capture for ASR
• Top URL/Domain Views
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 17
• Simplified Deployment of Unified Access Converged Switches
• Deployment guided workflow for tier 1/tier 2 engineers
• multi-tabbed template mode for advanced engineers
• Optimized deployment of wired and wireless features based on best practices
• Cisco recommended mobility domain configurations based on number of APs to be deployed
• Simplified guided guest access configuration
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 18
• New RW API for creating/deploying IOS/IOS-XE based templates
• The following operations are supported for CLI Templates
• Sample Client working API CLI Script to get you started in
Java, Perl, Ruby, and CLI (using cURL)
Type Name Description
GET List Configuration Templates Get a list of the published CLI templates
GET List Device Types Returns the list of device types you can specify for a CLI template.
PUT Deploy Configuration Template Deploy a template to a list of devices.
GET Download Configuration Template Export a template from the system.
POST Upload Configuration Template Upload a new template into the system.
DELETE Delete Configuration Template Deletes a template from the system.
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 19 Cisco Confidential Cisco Confidential © 2012 Cisco and/or its affiliates. All rights reserved. 19
Prime Infrastructure Lifecycle Management Technical Details
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 20
• Stages in this Life Cycle approach:
Design
Deploy
Operate
Report
Administration
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 22
• Configuration
Designing Config Templates
CLI Templates
Composite Templates
Configuration Groups
Model based Templates
Wireless Configuration
CLI Templates
• Monitoring
Design > Publish > Deploy workflow for controlled monitoring.
Thresholds can now be designed proactively.
• Port, Sites and Maps
• Mobility Services
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 23
• Model-based templates are
provided for:
Security ( ACL, DMVPN,
ScanSafe , GetVPN …)
NAM
Wireless controller
• User can create his own CLI
templates which can contains:
parameters (prompted during
deploy)
scripting construction in Apache
Velocity Template Language
(VTL)
• User can define composite
templates (template of templates)
• User can import existing Cisco
Prime LMS templates
Lot more data types are now
available in PI 2.0 !!!
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 24
• Integrated Planning Tool
– Import floor plans from 3rd-party tools
– Configure access point placement, coverage, and other variables
– Generate equipment proposal
• Hierarchical Maps
– Design multiple buildings, floors, regions
• Location and Voice Readiness Tools
– View performance and coverage estimates
Easily Visualize the Ideal RF Environment
Planning Tool
Instant
Access
to Tools
Hierarchical Maps
• Eliminate improper RF designs and coverage problems
• Built-in tools perform site-surveys, RF reassessments and RF readiness evaluation
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 25
Zoom &
Pan
Controls
Next-Gen Maps • Reduced Clutter • Faster Loading • Better Navigation • Scalable Vector
Graphics • High quality
images with zoom in/out
Active
Rogue APs
802.11u location
specific service
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 26
Configuration Group
26
Extends a Composite Template to include Target Devices Feature
A
Feature
B
Template
instances
(model-based
or CLI)
Feature
A
…
Feature
N
… Before
After
Devices are now
part of the
templates !
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 27
Out-of-the-box TrustSec
2.0 Readiness
Assessment
Configure
Security Mode
using easy
wizards !!!
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 28
• Virtual domains allows to control who has access to specific sites and devices
• Virtual domains can be based on physical sites, device types, user communities or any combinations
• By default one single Virtual domain exist called root-domain
Prime
Infrastructure
2.0
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 30
• Device Health (Availability/CPU/Memory) is automatically turned on once device is managed
• Advanced Monitoring can be planned and designed before actual monitoring
• Advanced monitoring leverage Cisco Networking Intelligence (Flexible Netflow, NBAR/NBAR2, NAM)
• Thresholds can be tied to packet capture profile for automatic captures
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 31
• Template based configuration to both wired and wireless devices from single GUI
• Editing and visualizing configurations per device
• Enable instrumentation on routers and switches
• Create your own Golden templates and parameterize it for any device
• Provide the capability to group together discrete templates into a single composite template
• Zero Touch Device Deployments using Automated Branch Deployment
Simplify wired/wireless deployment of branch offices requiring common, standard configurations
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 32
• Integrated workflows and tools:
Receive performance degradation notices
Quickly asses service disruptions
Research resolution
Take action
• CleanAir alerts summaries and reports identify where poor air quality and interferers exist
• Security dashboard and index show current security status
• Voice Tools for customized queries to address VoWLAN problems
• Diagnose the RF environment and mitigate interference from Wi-Fi and non-WiFi sources
• Quickly assess and understand ways to improve the security index of the network
• Quickly discover events occurring outside baseline parameters
Security
Dashboard
Streamlined
Workflows
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 34
• Discovery Wired/Wireless Devices in your network using next gen discovery
• Instantly populates all of the dashboards out of the box for: Site Dashboard
Application Dashboard
Incident Dashboard
Performance Dashboard
End User Experience
• Access to Operational Tools Traditional – Ping, Traceroute, Packet
Capture, Alarm and Events
Advanced – Wireless, Mediatrace, AP path
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 35
High-
Level
view of
managed
devices
Detailed
View for
Selected
Device
Filter by device type,
site groups, and user
defined groups
1-Click Access to day-to-day operational tools !
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 36
Mobility Work Center
helps visualize the new
mobility hierarchy
See the Switch Peer
Groups (SPG) for a given
controller
See all the controllers
for a given Mobility
Domain
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 37
• Device Discovery using
• ping sweep
• CDP/LLDP
• Routing Table, BGP and OSPF data
• ARP table
Filtering capabilities
• Device can also be added
• Manually – Individually
• Bulk import
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 38
Get to the user association history in couple of clicks !!!
IPv6 Visibility
Recognition of IPv6 Global
and Link Local Addresses
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 39
Results
highlighted
visually !!!
Comprehensive search Search by MAC, IP or Name for any map element
*note:association of AP on a map can be automatic but positionning of AP on the map is manual
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 40
SPAN ESPAN WAAS
Prime Infrastructure provides central discovery, reporting of data (ART/TA/RTP), packet capture, pcap file management, application definition, WAAS server config, image mgmt across multiple NAMs in an enterprise.
PA
Multi-NAM
Manager
Cisco Prime NAM for Nexus 1010)
NAM 2200 Series Appliance
Cisco Prime NAM for WAAS VB
Cat65xx/C76xx NAM1, NAM2 Blades Cat65xx NAM3 Blade+
Cisco Prime NAM for ISR G2 SRE
Cisco ISR/G2 NAM Blade
DISCOVER MANAGE CONFIGURE DATA-SOURCE
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 41
3rd Party Support for Wired and
Wireless Devices
Basic : MIB2 Monitoring, Discovery,
Inventory, and Availability
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 42
• Archive and Versioning of Configuration
Fetch & store all the configurations on network devices.
Store multiple versions of configurations.
Job based. for periodic archival
Detect changes done outside the PI server and archive the change
• Compare Configuration
View configurations
Compare configurations between versions of same or different devices
Reporting configuration mismatches
• Rollback Configuration Rollback
Update the configuration on a device in the network
Ability to specify which configurations to download.
Ability to specify options like reboot, write mem etc.
Job based.
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 43
Import Analyze Distribute
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 44
Alarm
indicator
trickle up the
tree to identify
the problem
area
Alarms can be
expanded to see
the de-duplicated
events
Use pre-defined
or create your
own filters
Click on ad-hoc
filter for keyword
based filtering
Take Actions -
Assign,Annotate,
Notify
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 45
• Less time needed to resolve problems
• Communicate with other Cisco experts
Context Sensitive
Device search
Post to Cisco Support
Community from the
same interface
One click access to
support communities &
Cisco knowledge base
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 46
• Less time needed to resolve problems
• Communicate with other Cisco experts
Integrated Cisco service request management: Automates the service request process
Create support cases with Cisco-TAC and partners
Case status look-up
Automatic attachment of problem context to the support cases
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 47
Smart Interactions like Support Forums
and TAC Service Request Creation can
be accessed in just one click from any Device 360° popup
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 48
…
…
• For PSIRT and EOX are
OFF by default, and need to
be enabled one time.
• You can navigate to
Administration > System
Settings > Change Audit
Notification > Check
“Enable Change Audit JMS
Notification” box.
• You can navigate to
Administration > System
Settings > Server Settings >
Enable Compliance Services
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 49
• PSIRT report based on your
configuration & not just the
IOS version
• EOX Report
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 50
Troubleshooting and Monitoring
on-the-go for Prime Infrastructure
• Can be downloaded from iTunes Store
• Add any Prime Infrastructure 2.0 servers.
• Prime Infrastructure can be configured to
send Alarm notifications as SMS to open
into Mobile App.
• Mobile App connects securely through NB
API interface
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 52
• Hierarchical dash boards that reflect the converged network status in real time
• Drill down capabilities to troubleshoot and arrive at rich set of information in one click
• User defined dashboards that allows to create your own view
• Contextual Site, Device, Interface Application, End User experience dashboards to display dynamic network health status
• Service/Domain specific contents grouped in one view
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 53
• Contextual site based information from one view
• What services and users will be affected in my site – Assessed by looking at Devices that are down in a site
• My Applications are down, who are the users that are affected by that – Obtained by looking at Applications accessed by end users in a site
• What are the devices that needs to be replaced or requires maintenance in my site - Top N worst devices that are underperforming in a site
• Are other users in the site affected by latency in transaction time - Users having the most issues in the site
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 54
• Contextual Application based information from one view
• What are the Top Server and Top Clients in my network that are having worst transaction time – Assessed by looking at the Worst Clients by transaction time and Application Server Performance
• Which of my Sites are experiencing worst transaction time for any given application – Obtained by looking at Worst Sites by transaction time
• Which of my Clients are using the most bandwidth- Top N Clients (In and Out)
• How is my Application Traffic statistics over time- Application Traffic Analysis dashlet
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 55
• Interface Centric View
• What is my total over all In and Out bandwidth through my WAN interface? – Interface Tx and Rx
Utilization trend
• What application traffic occupies most bandwidth on a given interface– Assessed by looking at Top N
Application
• Are most traffic through an interface Wireless or Wired - Obtained by looking at Top N Application traffic over time
• What is bandwidth savings on account of applying Class based Qos, how many packets got dropped-Obtained by looking at Class
Map statistics
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 56
• Concise End-User information about devices from anywhere within the product
• 360 views available for wired and wireless Users
• On click shows the following
OS version and status
License used/Capacity
Number of Active Aps
Number of Active Clients
CPU and Memory utilization
• Provides snapshot of device(s), alarms, and application used per device per user
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 57
• Realtime contextual device details from “device” perspective
•Device name, location and type with system uptime
•OS version and status
•CPU and Mem utilization
•Interface status type and visibility of application traffic
• Provides quick snapshot to isolate and troubleshoot device related issues
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 58
• Concise wireless information about devices from anywhere within the product
• 360 views available for wireless Controller & APs
• On click shows the following •OS version and status
•License used/Capacity
•Number of Active Aps
•Number of Active Clients
•CPU and Mem utilization
• Provides snapshot of wireless interfaces, alarms and WLAN
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 59 Cisco Confidential 59 Cisco Confidential 59 © 2010 Cisco and/or its affiliates. All rights reserved.
Prime Infrastructure Plug & Play Technical Details
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 60
• Overview • Provides a quick and easy
error-free way to configure devices in remote offices
• Removes the need for technical personnel onsite
• Remote device gets “bootstrap” configuration from admin (USB iPhone, iPad)
• Remote device connects to Cisco Prime™ Infrastructure server through DMZ and retrieves full configuration
6
0
NOC
Cisco Prime
PnP Gateway
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 61
Two Deployment options:
1) Plug and Play Gateway in a DMZ (w/ PI 1.3): devices connect to over the Internet without exposing Prime Infrastructure (see picture above)
2) Plug and Play Gateway integrated into Prime Infrastructure (w/ release PI 2.0)
Prime Infrastructu
re
Plug and
Play
Gateway
DMZ Network Operations
Center (NOC) Enterprise or SP
Branch
Location
Internet
Router/Switch
supporting Plug and
Play (with Cisco CNS)
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 62
zero-touch config for the installer
Remote ISR
Branch
Location
Network Operations Center (NOC)
Enterprise or SP
Prime Infrastruc
ture
ISP
Network
(MPLS/
Internet)
https
1) Installer connects the console cable ISR to
Plug and Play App
4) Prime Infrastructure registers the Serial
number of that device and sends the ISR
bootstrap config
5) Plug and Play App receives the
bootstrap config (WAN config + CNS
commands) from Plug and Play Server an
puts it in the ISR through the console
2) Installer enter PIN and clicks “Download”
and it download is from the Prime over 3G/Wifi
Plug and
Play
Gateway
DMZ
USB Console cable
3G
Plug and
Play App
3) Plug and Play Gateway
validates the credentials of
the installer
ISE Radius or LDAP or AD or DES/One-Time-Password
3
Available for all ISRs.
Windows PC or
iPhone/iPad supported
with Prime Infrastructure
1.3
6) Installer clicks on “Deploy”. The App
connects to the router via console and:
- Saves the current config
- Applies new config
- Validates the CNS was deployed
- Backs-up the new config 7) ISR connects to Plug and Play Gateway using CNS and request its
full config
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 63
3
Server Setting of
the
Plug and Play
Gateway
Option 1 Pre-specified the trusted list
of Device Serial Number in
Prime Infrastructure
Option 2 1) User is prompted for PIN for
that location/device site
2) PnP App reads the Device
Serial Number through the
console cable and registers it
in Prime Infrastructure via 3G
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 64
• Common Configuration deployed on all switches
• Contains just enough information for the switch to be discovered and inventoried by prime
• Typical Information includes credentials and CNS
Create a bootstrap Configuration in Prime
• DHCP Auto-install is the preferred method
• In scenarios where this does not work, prime has utilities that can be leveraged
• File transfer via email is the last option
Deploying the bootstrap configuration to switches
• Step by step approach to configure layer 2 networking
• Available in Guided and advanced modes
• Leverages Cisco Best practices and technologies like Auto Smart Ports
Configure Wired Features
• Designed with the converged access architecture in mind
• Independent on Day 1 Wired Configuration
• Designed to be easy to deploy
Configure Wireless Features
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 65
• Technology Review
6
5
Pre-Provisioning
In Prime Infrastructure
• Network administrator creates the device PNP automated deployment template in Cisco® Prime Infrastructure
• Administrator specifies the name of the device, desired configuration, and image, and optionally the device serial number and a bootstrap configuration
• A deployment PIN number is generated and emailed to the installer
Installation
At the end-location
• Installer connects the device in its final location
• Installer starts the provisioning by entering the location PIN. The PnP App will register the device serial number using the deployment PIN with PnP Gateway
• PnP App bootstraps the device
• Installer monitors the deployment status
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 66
Smart Install Plug and Play
Device Support Most Catalyst Switches can be
Configured via Smart Install
Supports all Catalyst Switches and Routers
Setup Director switch via CLI (or
template in Prime Infrastructure)
Prime Infrastructure Templates
Management No GUI based Management available Prime Infrastructure
Changing External
Services
No change to external services Might Require DHCP Scope changes
Customizable Unique configuration for each model
type
Unique configuration for each model type
Security All configurations and
communications in the clear
All configurations and communications in the
clear
Touch Points Multiple Directors in network Prime Infrastructure
Guidelines for Usage Recommendations
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 67 Cisco Confidential 67 Cisco Confidential 67 © 2010 Cisco and/or its affiliates. All rights reserved.
Prime Infrastructure Assurance Management Technical Details
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 68
Application Visibility
Traffic Analytics Performance Analytics
Deep Packet Analysis
Network
Performance Application
Visibility
User And
Policy
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 69
Netflow
NBAR2
SPAN/
ERSPAN
PA
NBAR
SNMP/
CLI
Polling
WAAS Medianet
AVC
Solution
AVC
Solution
AVC
Solution AVC
Solution
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 70
NAM module/Appliance
Cisco ASR
Wireless Controller
AVC
Cisco Catalyst 3750-X
w/ 3K-X 10G
AVC
Medianet
Cisco 6509
Netflow,Medianet
AVC
Cisco ISR
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 72
ASR1K
ISR G2
Control
High
Med
Low
App Visibility &
User Experience
Report
Management
Tool
ASR1K
ISR G2
Performance
Collection
Reporting
Tools
NFv9/IPFI
X
3
App BW Transacti
on Time
…
SAP 3M 150 ms …
Sharepo
int
10M 500 ms …
ASR1K
ISR G2
Application
Recognition
NBAR2 FNF
ART
Cisco Prime
Infrastructure
WAAS
QoS
PfR
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 74
Templates to configure Netflow
1-click enablement of AVC Take Action on Application
Traffic
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 75
SPAN ESPAN WAAS
Prime Infrastructure provides central discovery, reporting of data (ART/TA/RTP), packet capture, WAN Optimization metrics, image mgmt across multiple NAMs in an enterprise
PA
Prime
Infrastructure
Cisco Prime NAM for Nexus 1110
NAM 2300 Series Appliance
Cisco Prime Virtual NAM (vNAM)
Cat65xx/C76xx (NAM1, NAM2) Blades
Cat65xx NAM Blade (NAM3)
Cisco Prime NAM for ISR G2 SRE
Nexus 7K Series NAM Blade (NAM-NX1)
DISCOVER MANAGE CONFIGURE DATA-SOURCE
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 76
• Local troubleshooting when PI isn’t available (connectivity lost)
• Netflow will be missing in PI in diagnosing issue when connectivity is re-established; local NAM will have full visibility
• Device CPU Offload
• NAMs can be used in areas where Netflow isn’t supported, possible or feasible
• For instance, in the branch where a device may have high CPU utilization or in the Data Center where a device may not have Netflow capability
• Packet Capture & Traffic Visibility
• Packet capture and analysis for enhanced troubleshooting
• Application visibility
• Application Response Time and other metrics in devices where AVC isn’t configured or supported
• Voice traffic visibility
• MOS scores for all actual voice RTP streams are obtained via NAMs
• Layer 2 network visibility
• In scenarios where traffic that does not cross a router
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 77
Network
Performance
Visibility
End User
Experience
Network Availability and Performance polling with
Event/Alarm generation
Custom MIB polling
Network Traffic Analysis & Reporting
Data and flow collection: NetFlow, Medianet, PA,
NBAR, AVC, SPAN, ERSPAN, RSPAN
Application Visibility
Voice and Video Quality of Experience (Media trace and
users voice troubleshooting)
Packet level debugging and troubleshooting
Users Wired/Wireless experience - Applications, bandwidth
utilization and voice quality experience by user’s end points
Optimized Business critical application delivery
WAN Optimization – Visibility and Performance
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 78
Identify the
Congested
Interface
View Applications and Clients over the Congested Interface
Change the QOS settings to shape traffic for non-critical applications
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 79
Application/Server Delay Client & Network Delay
Analy
sis
E
xperience
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 80
Hourly Base lining -
Bird’s Eye view of
health of business
critical applications
across all sites
Ability to create
Custom Business
Critical
Applications
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 81
Worst RTP Streams
QOS Policy
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 82
Choose the
session to
troubleshoot
Pin-point the device which
originates jitter
Trace the path between Source
and Destination
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 83
Client’s List for user Jack Fields - jfields
User 360 – View all clients
for the user
Wir
ele
ss
Clie
nt’
s
Ap
plic
ati
on
Tra
ffic
Wireless Client’s Conversation Troubleshooting Access Issues
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 84
Centralized view for Packet Captures from ASR1K’s and NAM’s
Centralized decode/deownload of Packet Capture files from ASR1K’s
and NAM’s
Ability to merge different Packet Captures
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 85
• Prime Infrastructure provides network video/voice visibility and mediatrace troubleshooting features
• Positioning: primarily to network infrastructure engineers to help determine that the network isn’t to blame for poor voice/video performance
• Statistics is from a network perspective, and not delving into source/destination of voice/video traffic
• Conversation is an RTP stream and is irrespective of endpoint vendor/type
• Leverages NAMs and/or Perf-Mon
• MOS scoring is unsupported using Perf-Mon statistics
• Prime Collaboration provide far richer management beyond the RTP stream, including:
• Positioning: Primarily to service operators for provisioning, monitoring and troubleshooting of voice/video services as well as powerful analytics for improved planning and trending
• Statistics is from a service perspective, including voice/video endpoint involved in a conversation, traffic type, point-to-point or multi-point, etc.
• Leverages CDRs, 1040 probes/NAMs and endpoint statistics
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 86 Cisco Confidential 86 Cisco Confidential 86 © 2010 Cisco and/or its affiliates. All rights reserved.
Prime Infrastructure Architecture & Deployment Technical Details
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 87
• Virtual Appliance
Virtual Appliances are supported on ESXi 4.1 and 5.0 and above with VMFS 3.1 and 5.0 resp.
UCS B-Series with external storage is recommended way to deploy Prime Infrastructure
• Physical Appliance
Prime Infrastructure Appliance comes pre-installed with Prime Infrastructure 2.0
Deploying Cisco Prime NCS Virtual Appliance on CiscoWorks Wireless LAN Solution Engine (WLSE) models 1130-19 or 1133 is not supported.
Physical Appliances are field upgradable
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 88
• PI supports High Availability in Active/Standby mode
• Failover can be automatic or manual
• Automatic failover is triggered by database check, Server check , Heartbeat
Prime Infrastructure
Primary
Primary Health Monitor
Prime Infrastructure
Secondary
Secondary Health Monitor
Primary DB
Secondary DB
Heartbeat (Every 5s ) /
3 times
Database Sync
Check Database
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 89 Cisco Confidential 89 Cisco Confidential 89 © 2010 Cisco and/or its affiliates. All rights reserved.
Prime Infrastructure Scalability & Hardware Sizing Technical Details
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 90
• Cisco UCS can be used as a virtual infrastructure deployment. i.e ESX/ESXi running on UCS should be okay if the VM
requirements are met.
• Physical Appliances are field upgradable
• Prime Infrastructure Appliance that comes pre-installed with Prime Infrastructure 2.0
• Deploying Cisco Prime NCS Virtual Appliance on CiscoWorks Wireless LAN Solution Engine (WLSE) models 1130-19 or 1133
is not supported.
Physical
Appliance
Physical CPU Memory HDD Size Throughput
(Disk I/O)
Web Clients API Clients
Cisco Prime
Appliance
8 Cores
(16 Threads)
32 GB 900 GB
(4x300GB RAID5)
200 MBps 25 5
Virtual
Appliance Size
Virtual
CPU
Memory
(DRAM)
HDD Size Throughput
(Disk I/O)
Express 4 12 GB 300 GB 200 MBps
Express Plus 4 16 GB 600 GB 200 MBps
Standard 16 16 GB 900 GB 200 MBps
Pro 16 24 GB 1200 GB 200 MBps
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 91
Supported Scale for Express/Standard/Pro Configurations
Parameter Express Standard Pro
Max Unified AP 300 5000 20,000
Max Controllers 5 500 1,000
Max Autonomous AP 300 3,000 3,000
Devices Max Wired 300 6000 13,000
NAMs 5 500 1,000
Wired Clients 6,000 50,000 50,000
Wireless Clients 4,000 75,000 200,000
Changing Clients 1000 25,000 40,000
Events Sustained Rate (events/sec) 100 300 1000
Netflow Rate (flows/second) 3000 16,000 80,000
Concurrent GUI Clients 5 25 25
Concurrent API Clients 2 5 5
Max Number Sites/Campus 200 2,500 2,500 Max Groups :
(User Defined + Out of the Box + Device
Groups + Port Groups) 50 150 150
Max Virtual Domains 100 1,000 1,000
Max Interfaces 12,000 250,000 350,000
Max NAM Data Polling enabled 5 20 40
Mapping of PI 1.x to 2.x
OVA/Bundle/SKU
(In) PI 1.x (Maps to) PI
2.x
Small Express
Medium Express Plus
Large Standard
Extra Large Pro
Use Prime Server Sizing (http://prime-server-sizing.cisco.com) for updated numbers
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 92 Cisco Confidential 92 Cisco Confidential 92 © 2010 Cisco and/or its affiliates. All rights reserved.
Prime Infrastructure Supported Devices
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 93
Device Types Device Families
Cisco® Integrated Services
Routers (ISRs)
8x0 Series, 1800 and 1900 Series, 2800 and 2900
Series, 3800 and 3900 Series, 4451
Cisco Aggregation
Services Routers (ASR)
1000 Series
Cisco Catalyst® Switches 2900, 2975, 3750, 3850, 3560, 4500, 4900, and 6500
Series
Cisco® Network Analysis
Module (NAM)
Catalyst 6500 Series Analysis Module-1, Module-2,
Module-3, NAM2204 Series Appliances
Cisco Wide Area
Application Services
(WAAS)
WAE-512, WAE-522, WAE-612, WAE-674, WAE-7341
Data Center Devices Nexus 1K, 2K, 3K, 4K, 5K, 7K Series, Cisco MDS 9000
Series Multilayer Fabric Switches, Cisco MDS 9000
Series Multilayer Switches, UCS 5108 and UCS 6140XP
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 94
Device Types Device Families
Cisco Mobility Service
Engine (MSE)
2700 Series Wireless Location Appliance
3300 Series
Cisco Wireless
Controllers (WLC)
2100, 2500, 4400, 5500 Series, 5760, Flex 7500 Series,
Catalyst 3650, Catalyst 3750G Series Integrated WLC, Catalyst
3850, Catalyst 6500 Series (WiSM,WiSM2), WLC Module on SRE, WLC Module (WLCM and WLCM-E) for ISR, Wireless
Controller on Service Ready Engine (WLCM2 on SRE), Cisco
Virtual Wireless LAN Controller
Cisco® Lightweight
Access Points (LWAP)
600 Series, 1040, 1524, 1552, 3500i, 3500e, 3600i, 3600e,
801A_, 802A_, 3700
Cisco Autonomous
Access Points (AAP)
1130AP, 1200AP, 1240AP, 1250AP, 1260AP, 1141AP, 1142AP,
1800 and 800 ISR Series, Aironet 1310 and 1410 Bridges
Other Device Types ME2400, ME3400E, ME3600, ME3800, R7200, R7300, R7400,
R7500, R7600/S, CBS, IE/Rockwell
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 95
Medianet Supported Switches Supported
Software
Cat 3560, 3560-C, 3560-X, 3560V2 Series 15.0(2)SE or later
Cat 3750, 3750-X, 3750-E, 3750-G, 3750V2 Series 12.2(58)SE2 or later
Cat 4500E Sup 7-E, Sup 7L-E, Cat 4500X Series XE 3.3.0SG or later
Cat 4500E Sup 6-E and Cat 4500 Sup 6L-E 15.1.(1)SG or later
Cat 4900M, Cat 4948E, Cat 4948E-F 15.1(1)SG or later
Cat 6500E Series with Sup 2T 15.0(1)SY or later
Medianet Supported Routers Supported Software
Cisco 800 and 890 Series ISR’s 15.1(3)T or later
Cisco 1900 Series ISR’s 15.1(3)T or later
Cisco 2900 and 3900 Series ISR’s 15.1(3)T or later
Cisco ASR 1K Series Cisco IOS XE (3.5 or later)
Cisco ASR 9K Series Cisco IOS XR (4.3 or later)
AVC Platforms Supported Software
ASR 1K Series 15.3(1)S1 – 15.3(2)S
ISR G2 15.2(4)M2 and above
CRS 1000 15.3(2)S
ISR G3/44xx 15.3(2)S
WLC 7.4
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 96 Cisco Confidential 96 Cisco Confidential 96 © 2010 Cisco and/or its affiliates. All rights reserved.
Prime Infrastructure Integration Technical Details
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 97
Identity Services Integration
• Shows where security &
policy problems exist
• Drill deeper into issue
details
CleanAir
• Detect RF Interference
• Locate the source
• Automatically adjust to
optimize the environment
Adaptive WIPS
• Assess wireless
vulnerabilities
• Auto-classify threats
• Protect the wireless
network
Context-Aware
• Contextual Info about Wi-
Fi clients and tagged
mobile devices
• Optimize application
delivery
MSE
MSE
ISE
• MSE – Mobility Service Engine
• ISE - Identity Service Engine
MSE
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 98
Device Identity
or Profile from
ISE Integration
Policy Information
Including Posture
AAA Override
Parameters
Applied to
Client
Single pane of glass view and lifecycle management for Wired and Wireless
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 99
Prime
Infrastructure
APIs can be easily added by
Cisco through downloadable
Software Updates
Short Development cycles
Performance and availability
status and history of API
Prime Infrastructure health
Monitoring
Configuration*
Statistics/Reports
RESTful Interface
Strong versioning
Well documented
HTTP Authenticated
Oauth2*
Rate limits can be
enforced
* Not in Phase 1
Just point browser to “https://<pi-hostname>/webacs/api/v1” to get started.
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 100
Wireless Device Details GET Wireless LAN Controller Summary
GET Wireless LAN Controller Details
GET Wireless LAN Controller Utilization
GET Historical Wireless LAN Controller Utilization
GET Wireless Access Point Summary
GET Wireless Access Point Details
GET Radio Summary
GET Lightweight AP Radio Details
GET Autonomous AP Radio Details
GET Radio Interface Statistics
GET Radio Interface 802.11 Counters
GET Historical Radio Interface Statistics in Last 24 Hours
GET Historical Radio Interface 802.11 Counters in Last 24 Hours
GET Client Summary
GET Client Details
GET Client Sessions
GET Client Statistics
GET Historical Client Statistics
GET Client Counts
GET Historical Client Counts
GET Client Traffic Information
GET Historical Client Traffic Information
CLI Template Configuration GET List Configuration Templates
GET List Device Types
PUT Deploy Configuration Template
GET Download Configuration Template
POST Upload Configuration Template
DELETE Delete Configuration Template
Credentials Service GET Credentials
Device Details GET Inventor Details
GET Devices
GET Alarms
GET Events
GET Syslogs
Group Summary Service GET Device Groups
GET Site Groups
GET User Defined Groups
GET Alarm Summary
Statistics GET System Information
GET System Health
GET Application Performance
GET Applications Number of Users
GET Top N Application Hosts
GET Application Traffic Analysis
GET Worst N Application Hosts
GET Worst N Application Sites
GET Ton N Device CPU Utilization
GET Top N Device Memory Utilization
GET Top N Device Temperature
GET Device Availability
GET Device Availability Summary
GET Device Availability Message
GET Device Down Message
GET Device Reachability Status
GET CPU Utilization Trend
GET Memory Utilization Trend
GET CPU Utilization Summary
GET Device Health Info
GET Device Port Summary
GET Interface Availability
GET Interface Availability Summary
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 101
https://<server-ip-address>/webacs/api/v1/?id=sample-client-code-doc
Sample Output
Sample Script
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 104
Every Week* Prime Demo Series Topic Same Time Same Place
Every Monday Cisco Prime LMS
11:00 AM PST San Jose
Time (90 Min)
www.tinyurl.com/p
rimedemo
No Registration
Required
Every Tuesday Cisco Prime Collaboration Assurance & Provisioning
Every Wednesday Cisco Prime NAM & NGA
Every Thursday Cisco Prime Infrastructure (including Assurance)
Americas
Edition
EMEAR
Edition
Day Prime Demo Series Topic Same Time Same Place
See Schedule (bi-weekly)
Cisco Prime Infrastructure (including Assurance) 9:30 AM GMT
(90 Min)
www.tinyurl.com/
prime-emear
Registration Required
Cisco Prime Collaboration Assurance & Provisioning
Prim
e D
em
o S
eri
es
* Exceptions: US Public Holidays and Cisco Shutdown
Free Trial Software www.cisco.com/go/nmsevals
APJC
Edition
Every Week* Prime Demo Series Topic Same Time Same Place
Every 2nd Thursday Cisco Prime Infrastructure Lifecycle Mgmt & Assurance
12:00 PM Singapore
Time (90 Min)
www.tinyurl.com/p
rime-APJC
No Registration Required
Every 2nd Thursday (alternating week)
Cisco Prime Collaboration Assurance & Provisioning
* Exceptions: Indian Public Holidays and Cisco Shutdown
Open to
Custo
mers
, Partn
ers
and C
isco P
eople
Latest Prime Demo Series agenda will always be posted at www.cisco.com/go/prime-demo
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 105
• Detailed, 18-segment Quick Start VoDs cover essentials of how to download, deploy, configure and customize Prime Infrastructure.
• Available on Cisco’s YouTube Channel & PEC
• VoD Series available here:
http://www.youtube.com/playlist?list=PL7406F0EF2BC7DED8
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 106
Cisco Prime
www.cisco.com/go/prime
Cisco Prime Infrastructure
www.cisco.com/go/primeinfrastructure
Cisco Prime Collaboration
www.cisco.com/go/ucmanagement
Prime Demos, VoDs, Online Training, Evaluations
www.cisco.com/go/prime-demo
top related