Automation & Orchestration SolutionsFlexibility of Choice
FlexibleDIY Simple
NSO‘00s of customers
Prime Infrastructure10s of ‘000s of customers
APIC-EM10s of ‘000s of customers
SP’s and GES SP Wifi and All Enterprises All Enterprises
Programmable Configuration Template Based Configuration Policy “Easy Button”
Service Orchestration / Automation Network Management DNA Controller
Network DevOps
$$$
Traditional Ops
$
SDx Transformation
$
Automation
Abstraction and Policy Control
from Core to Edge
Open and Programmable | Standards-Based
Open APIs | Developers Environment
Service Management UI
Policy | Orchestration
Virtualization
Physical and Virtual Infrastructure | App Hosting
Analytics
Network Data,
Contextual Insights
Network-enabled Applications
Cloud-enabled | Software-delivered
Cisco Digital Network Architecture
Enterprise
Architecture/ NFV
Available on Cisco® DNA-Ready Infrastructure Through Cisco ONE™ Software
APIC-EM Automation
PlatformAvailable now
Base automation: Plug and Play
Available now Cloud version controlled availability June
2017
Policy services: IWAN App and
EasyQoS
Available now
Prime
Infra Now
TBDFuture
June
2017
Cisco Prime Infrastructure 3.xIntegrated wired/wireless lifecycle, assurance and Data Center management
Comprehensive Manageability
– Customizable out-of-the-box Cisco best
practices and validated design configuration
templates for wired/wireless devices
– RF planning and optimization
– Manage L2/L3 services, DMVPN, GETVPN,
Zone-based Firewall, ScanSafe
– Plug-in-play Automated Deployment
– 360° End-user connectivity and application
experience monitoring & troubleshooting
– Multi-NAM management
– Infrastructure lifecycle reports – EoX & PSIRT
– 3rd party device support
– Scalable, deployable, extensible
•Comprehensive Lifecycle mgmt – simplify
end-to-end network operations
•Deep application visibility and performance
Assurance
•Rich compliance auditing and reporting
•One install – Single-pane-of-glass soln
Integrated Platform
`
APIC-EM Delivers IT Flexibility
Enabling Automation Through Innovative Management Principles
OPEN
Static Programmable
Expert CLI Policy + GUI
Greenfield Brownfield + Greenfield
SIMPLE
A B
Manual Automated
Box-Centric Network-wide
Provision in Months Hours
Common Policy Model from Branch to Campus
Application Network Flow Profile
SLA, Security, QoS, Load Balancing
User and Things Network Profile
QoS, Security, SLA, Device, Location, Role
Cloud Campus Core WAN Access
POLICY
Campus WAN AND ACCESS
CISCO® ADVANTAGE
BROWNFIELD AND
GREENFIELDEND TO END
POLICY FRAMEWORK: FOCUS ON
APPLICATION AND USER ENABLEMENT
Discovery
• New Discovery UI for improved UX
• Easy identification of devices with failures for faster troubleshooting
• Editing of Existing Discovery Jobs
• Cloning of Discovery Jobs to quickly create new ones
• Discovery History to track changes
Topology
• Geo-Tagging (Mapbox) for easier management of network topology
• Tagging based on Civic Address or Zip code
• RBAC scope based topology view
• Improved UX
• Faster Topology Rendering
• Easier identification of collaboration endpoints such as Phones
• Ability to disaggregate multiple devices all at once
`
Path Trace App: 5-Tuple Input Through User Interface
Note: Layer 4 port and protocol information is optional but highly recommended for accurate path calculation
Required Information
SRC and DEST IP address
[End host or L3 interface]
Optional Information
SRC and DEST L4 port numbers;
L4 protocol (TCP or UDP)
`
Path Trace App: Enhanced ApplicationFlow Visibility
CAPWAP Tunnel
Visualization
Accuracy Note
(in a percentage)
Link Source
Information
Ingress/Egress
Interface
Interface/QOS Stats
How it Works: Cisco PnP Application
Plug & Play
Enterprise-wide scale
Automated workflow
Pre-provision1 Discovery2 Secure Deployment3
Discovery1 Un-claimed Devices2 Secure Deployment3
Network PnP app pre-provisioned
with device SR number
Configure device discovery
• DHCP Option-43 or DNS
• Installer powers on devices
• Devices download image and
configuration
• Installer powers on devices
• Devices securely connect
to APIC-EM server, waiting
to be ‘claimed’
• Network admin claims devices
based on device information
• Device downloads image
and configuration
Configure device discovery
• DHCP Option-43 or DNS
Network PnP app on APIC-EM
AdminEM
DHCPServer
DNSServer
OR
PnP-Agent PnP-Agent
EM
Device Authentication
Download Image and Configure
Installer
Network PnP app on APIC-EM
AdminEM
DHCPServer
DNSServer
OR
PnP-Agent PnP-Agent
EM
Device Authentication
Download Image and Configure
Installer
PnP Server Discovery Options
Switches (Catalyst®) Routers (ISR, ASR) Wireless Access Points
1
2
3
4
5
DHCPServer
DNSServer
DHCP with options 60 and 43
PnP string: 5A1D;B2;K4;I172.19.45.222;J80 added to DHCP Server
DNS lookup
pnpserver.localdomain ---- resolves to APIC-EM IP address
Cloud re-direction
https://devicehelper.cisco.com/device-helper re-directs to APIC-EM IP Address
USB-based bootstrapping
Manual - using the Cisco® Installer App
iPhone, iPad, Android, and PC (roadmap - Windows mobile)
Roadmap Disclaimer
Many of the products and features described herein remain in varying stages of development and will be offered on a when-and-if-available basis. This roadmap is subject to change at the sole discretion of Cisco, and Cisco will have no liability for delay in the delivery or failure to deliver any of the products or features set forth in this document.”
APIC-EM And Apps Roadmap
v1.3, Oct 2016 v1.4, Feb 2017 V2.0, Aug 2017 V2.1, Nov 2017
SFA 1.1
Sw Image
Mgmt
EasyQoS
beta
EasyQoS
GA 1.0
IWAN 1.1 IWAN 1.2
Platform
Apps
PnP 1.1PnP Cloud
CA
Path Path +Smart
Troubleshooting
Config Mgmt
ESA 1.0
Flexible PnP
Complete DNA
flexible GUI
ESA 1.1
(remove PI
dependency)
Cisco Prime Infrastructure - OverviewRealizing the Vision of One Management
Convergence Consolidation Cisco Advantage
Lifecycle
Converged
management with
integrated best practices
UCS Server
Assurance
Bridging Network and
Compute
Assurance
End-to-end application
experience and visibility
Op
s C
en
ter
Distributed
• Supports up to 10 Prime Infrastructure instances
• Addresses geographic distribution, scalability, resiliency and
visibility
• Single pane of glass monitoring with click-through
management
Centralized
• Central view of assets, alarms and clients
• Single sign-on
• Dashlets aggregated from PI instances
• Central Virtual Domain Management – can add/delete domains from
OpCenter
Scalable
• Consolidated view of network health
• Consolidated view of health of each PI instance
• Reports scheduling from one interface
Operations CenterCentralized Visualization of Multiple PI Instances
Prime Infrastructure 3.1 License Model Overview
Base License
Prime Infrastructure Management Node
(physical or virtual appliance)
ONE-mgmt-Lic(per device type)
One and only one base
license required for
each management
node (physical or
virtual appliance)
• Available per device type (token
based)
• License for each device is include in
Cisco ONE bundles
• Example AP = 1 token
• 29/3900 Rtr = 2 tokens
• ASR1k = 3 tokens
• Cat6k = 3 tokens
• Nexus 7k = 14 tokens
No Node Lock-Also will
accept previous PI 2.x
license files.
License
Dependency
UCS Server
Management (per chassis/blade)
Available in incremental
bundle sizes of 1 (UCS
server does not
consume a LF license,
but LF is required)
HA License
PI Operations
Center (per PI Instance )
Licensed per managed
PI instance or PI HA
pair
Note: Grandfathering Algorithm runs upon the installation of MR3 or MR4
PI 2.x license users, please add devices to inventory before installing MR 3/4
BRKNMS-2701 40
Cisco Confidential 41C97-732036-00 © 2014 Cisco and/or its affiliates. All rights reserved.
Cisco Prime Infrastructure 3.1Technical Overview
Modern User Interface
• Tablet friendly
• Metrics widgets
• Same Menu Structure as 2.2
• Correlated Charts
• Dashboard Export
• Dashboard Tagging for favorites
Network TopologyMonitor the status/services of the Sites in your network
Visualize
• L2 Topology of the network
• Alarms for the Devices
• Device 360 View
• Links status between the devices
• Link 360 View
4
8
Filters
Zoom Settings
Interferers
Active Rogue
AP’s
Clients tracked via
MSE
Yellow – AP’s with
non-critical alarm
Site Maps ConfigurationHeat Maps to visualize the RF environment
Neighbor AP
information and the
RSSI value
Cisco Confidential 49© 2013-2014 Cisco and/or its affiliates. All rights reserved.
Compliance and Configuration Mgmt
Configuration ArchiveNetwork Devices
Archive and Versioning of Configuration
Fetch & store all the configurations on network devices
Store multiple versions of configurations.
Job based for periodic archival
Detect changes done outside the PI server and archive the change
Compare Configuration
View configurations
Compare configurations between versions of same or different devices
Reporting configuration mismatches
Rollback Configuration Rollback
Update the configuration on a device in the network
Ability to specify which configurations to download.
Ability to specify options like reboot, write mem etc
Job based
Configuration diff from the
pervious version
Configuring Network DevicesTemplates for Routers, Switches and WLCs using Best Practices
Types of Templates :
Model Based Templates for AVC, Security, WAAS etc
CLI OOTB Templates
User Defined CLI Templates
Composite Templates to group multiple individual templates together
User Defined Templates :
Has CLI converted to set of
parameters whose values are
provided during deploy time
Use Apache’s Velocity
Template Language (VTL)
Data Types that can be used for
Scripting
Effective Software Image Management (SWIM)
• Ability to add images to software repository
• Archive from current devices
• Manual upload
• Ability to handle parallelism and sequencing
• Use external SCP/SFTP/FTP servers
• Ability to push image using different transport protocols
Baseline Configuration Compliance
• Define configuration baseline policies
• Perform compliance audits
• View compliance audit violations
• Option to fix violations
• Support for IOS, IOS-XE, IOS-XR, NX-OS, AireOS, and ASA devices
Getting Started with Compliance(3.0) Compliance needs to be enable
Go to Administration > Settings >System Settings > Server
Select Enable and Click Save
You must Restart the Server for changes to take effect (NCS Stop/NCS start)
Note: Compliance requires Std/Pro
OVA or Gen2 hardware appliance
55
• Works on most common Cisco platforms
IOS, IOS-XE, IOS-XR, NX-OS, StarOS, AireOS
• Flexible Rules engine including
Input Parameters, Complex Logic, Condition Checking
• Customizable Policy including
Violation Message, Severity & Fix CLI
• Ability to schedule recurring jobs
• Includes EoX / PSIRT reports
Industry Class Configuration Baseline Compliance*
Compliance
Policy
Rule
*requires Std/Pro OVA or Gen2 hardware
appliance
Cisco Confidential 59© 2013-2014 Cisco and/or its affiliates. All rights reserved.
Trouble shooting w. 360 View
Device Monitoring Device 360 View – Device Troubleshooting (Wired and Wireless)
Quick Launch
point for
Smart
Interactions
Can quickly do a ping and
traceroute to this device
On click shows the following
OS version and status
License used/Capacity
Number of Active Aps
Number of Active Clients
CPU and Mem utilization
Provides snapshot of wired/wireless interfaces, alarms, neighbors and WLAN
Launch the 360 view from
any dashboard
Hub with PfRv3 Master
Controller & Border
Routers
Spoke with Single Router
and Dual Routers
6
4
IWAN Configuration Workflow
PfRv3 Monitoring• Quick view to identify nodes with issues
• Sliding timeline to zoom to a specific period
• Detailed view of the site health
• Show PfR events that were
resolve and unsolved
Cisco Confidential 68© 2013-2014 Cisco and/or its affiliates. All rights reserved.
New Plug & Play workflow-Zero Touch Deployments
Plug and Play Dashboard
Easy to understand
Plug-n-Play lifecycle
Smoothly transition
between various
stages of the PnP
lifecycle
Easy to find Profile
statistics right on the
dashboard
Quick Access to PnP
Jobs from the
dashboard
How it Works: Cisco Prime Infrastructure PnP
Plug & Play
Enterprise-wide scale
Automated workflow
Pre-provision1 Discovery2 Secure Deployment3
Discovery1 Un-claimed Devices2 Secure Deployment3
PI is integrated with APIC-EM.
Devices are pre-provisioned with
device SR number
Configure device discovery
• DHCP Option-43 or DNS
• Installer powers on devices
• Devices download image and
configuration
• Installer powers on devices
• Devices securely connect
to APIC-EM server
• Device downloads image
and configuration
• All device information is passed
back to Prime Infra
Configure device discovery
• DHCP Option-43 or DNS
Prime Infra + APIC-EM
AdminEM
DHCPServer
DNSServer
OR
PnP-Agent PnP-Agent
PI
Device Authentication
Download Image and Configure
Installer
Prime Infra + APIC-EM
AdminEM
DHCPServer
DNSServer
OR
PnP-Agent PnP-Agent
EM
Device Authentication
Download Image and Configure
Installer
Roadmap Disclaimer
Many of the products and features described herein remain in varying stages of development and will be offered on a when-and-if-available basis. This roadmap is subject to change at the sole discretion of Cisco, and Cisco will have no liability for delay in the delivery or failure to deliver any of the products or features set forth in this document.”
• Full Hyper-V hypervisor support (2012 + 2016)
• FIPS Compliance*
• New Custom Reporting Framework
• Customization of Alarms and Notifications
• DMVPN Monitoring
• Regulatory Policy Compliance (PCI – now in beta, STIG – beta coming soon)
• Hi Fidelity Wireless Maps
• Enhanced 3rd Party Device Support (incl. SDK)
PI 3.2 (ETA April 2017)
Cisco Confidential 78C97-732036-00 © 2014 Cisco and/or its affiliates. All rights reserved.
Cisco Prime Infrastructure Resources
Americas
Edition
APJC
Edition
EMEAR
Edition
Every Week* Prime Demo Series Topic Same Time Same Place
Every Monday Cisco Prime IP Express
11 a.m. Pacific
(San Jose time)
(90 mins)
bit.ly/PrimeDemo
No registration required
Every Tuesday Cisco Prime™ Collaboration
Every Wednesday Cisco® Prime NAM and NGA
Every Thursday Cisco Prime Infrastructure
Every Week* Prime Demo Series Topic Same Time Same Place
Every Thursday Cisco Prime Infrastructure
12 p.m.
Singapore time
(90 mins)
bit.ly/PrimeDemo_APJC
No registration required
Every Week* Prime Demo Series Topic Same Time Same Place
Every Tuesday Cisco Prime Collaboration 10:30 a.m. CET
(Paris, Berlin)
(90 mins)
bit.ly/PrimeDemo-EMEAR
No registration requiredEvery Thursday Cisco Prime Infrastructure
Cis
co
Pri
me
Dem
o S
eri
es
Op
en
to C
usto
mers
, Partn
ers
an
d C
isco
Peo
pleEvaluations | VoDs | Product Info | Etc. www.cisco.com/go/prime-demo
* Exceptions: No sessions on major public holidays for a given region or during the Cisco shutdown
Learning ResourcesFee-Based and Free Resources Are Available
Instructor-led training (fee) Three days of training available from learning partner
www.cisco.com/go/primeinfrastructure and select Get Training
Electronic-led training (free)
More than three hours of training available on Cisco.com
www.cisco.com/go/primeinfrastructure and select Get Training
Cisco Prime™ Demo Series (free)
Weekly 90-minute customer facing webinars
http://www.cisco.com/go/prime-demo
Cisco Confidential 81© 2010 Cisco and/or its affiliates. All rights reserved.
Prime Advanced Service PortfolioEnterprise Networks
Prime Infrastructure --
Lifecycle
Prime Infrastructure --
Assurance
Prime LMS Deployment
2 Week Engagement 2 Week Engagement
• Develop application
monitoring design
• Examples: Netflow, NBAR,
NAM, Performance Agent
• Tuning of the alarms and
thresholds for applications
2 Week Engagement
• Knowledge transfer (shadowing of
deployment)
• Customized User Groups (Limited to 7)
• Basic segmentation (Site, Device Group
and Virtual Domains--Limited to 15 ea)
• Coordinate pre-discovery and device
requirements
• Discovery of the network infrastructure
(supported devices only)
• Troubleshooting discovery issues
• Tuning of the alarms and thresholds
• Knowledge transfer (shadowing of
deployment)
• Customized User Groups (Limited to 7)
• Basic segmentation (Site, Device Group
and Virtual Domains--Limited to 15 ea)
• Coordinate pre-discovery and device
requirements
• Discovery of the network infrastructure
(supported devices only)
• Troubleshooting discovery issues
• Tuning of the alarms and thresholds
3.0 Videos on Cisco Community
Video Title Duration
(mins)Link
Prime Infrastructure 3.0 UI Introduction 9:54 https://communities.cisco.com/videos/13946
Configuration Compliance (Short) with Cisco Prime Infrastructure 3.0 7:28 https://communities.cisco.com/videos/13941
Client Troubleshooting with Cisco Prime Infrastructure 3.0 12:02 https://communities.cisco.com/videos/13940
PnP with APIC-EM using Cisco Prime Infrastructure 3.0 8:38 https://communities.cisco.com/videos/13949
QoS Configuration & Monitoring with Cisco Prime Infrastructure 3.0 14:52 https://communities.cisco.com/videos/13950
PfR Monitoring with Cisco Prime Infrastructure 3.0 5:56 https://communities.cisco.com/videos/13943
Operations Center with Cisco Prime Infrastructure 12:08 https://communities.cisco.com/videos/13945
Nexus 9K Management with Cisco Prime Infrastructure 8:06 https://communities.cisco.com/videos/13947
Datacenter Monitoring with Cisco Prime Infrastructure 24:06 https://communities.cisco.com/videos/13948
Configuration Compliance (Detailed) with Cisco Prime Infrastructure 3.0 22:47 https://communities.cisco.com/videos/13944
IWAN Management with Cisco Prime Infrastructure 3.0 45:02 https://communities.cisco.com/videos/13942
Application Troubleshooting using Cisco Prime Infrastructure and Cisco
Network Analysis Module (NAM)
30:48 https://communities.cisco.com/videos/13938
Resources on Cisco.com
Cisco Prime™
Cisco® Prime Infrastructure
Cisco Prime Partner Community
Free Trial and NFR Software Downloads
www.cisco.com/go/prime
www.cisco.com/go/primeinfrastructure
https://communities.cisco.com/community/partner/cisco-prime
www.cisco.com/go/nmsevals
Cisco Prime™ Demo Series
http://www.cisco.com/go/prime-demo
ESA (Enterprise Service Automation):ESA aids with orchestration, automation of processes, and service chaining of virtual and physical branches. ESA can design, provision, manage, and monitor the hardware, the hosting platforms and the software services required for successfully getting a new branch up and running.
Benefits:- Service Design: Allows IT architects to create uniform network designs with flexibility to provide standardized configurations.
- Plug and Play: Provides automated zero-touch deployment and day-zero provisioning for the hardware platforms connecting to the network.
- Virtual Service Chaining: Automates service chaining to prevent manual service chaining errors and reduce time required for troubleshooting connectivity issues.
- Role-based Authorization and Control: Supports an RBAC model, providing the IT organization flexibility to define tasks for each role.