0 Overview
Gilles Clugnac
October 2015
Lifecycle
Converged management
with integrated best
practices
Data Center
Assurance
Simplified operations
management
Campus Branch to DC
End-to-end application
experience and visibility
Day 0 to Day N
Application-Centric
Agenda
Licensing
Security
languages
Platform Enhancements
Composite Reports
tasks
Tasks run at scheduled intervals
AP support at
existing feature
parity of WLC
release
Simple download
available via inproduct update
Integration with MS
Lync SDN Server
Configuration
Lync policy
Lync profiles
Monitoring
ATF Monitoring
12
Compliance
Policy
Rule
APIC Mode Plug and Play using APIC-EM. When a valid apic-em added in prime, this mode auto
switch to apic-em mode.
CNS Mode Plug and Play using CNS gateway.
DMZ
Internet OR MPLS
APIC-EM
ZTD
service
PKI
service
Rest APIs
Prime
Infrastructure
IWAN
App
GUI
Other
Apps
APIC-EM
App Layer
NB APIs
PKI Service
Trust Manager
NB APIs
ZTD Service
Inventory
Grapevine APIC-EM
Device Abstraction
CLI, SNMP, etc.
APIC-EM
Core Layer
bootstrap.
This is a basic bootstrap
lab on Thursday) .
PI PnP Status
APIC EM
Certificate Installation
PI PnP status
APIC-EM
Compliance Management
Profiles
Policy 1
Policy 2
Policy 3
Rules
Rules
Rules
Rules
Rules
Rules
Rules
Rules
Rules
be audited
Jobs run policy Profiles against some
Configuration Policies
BPDU Filter Disabled on
Access Ports
BPDU-Guard Disabled
on Access Ports
CDP Enabled on Access
Ports
Channel Port in Auto
Mode
Loop Guard and Port
Fast Enabled on Ports
Non-channel Port in
Desirable Mode
Non-trunk Ports in
Desirable Mode
Port Fast Enabled on
Trunk Port
Port is in Error Disabled
State
Trunk Ports in Auto
Mode
Security
ACL on Interfaces
Distributed DoS Attacks
Firewall Traffic Rules
Land Attack
Martian Traffic
Null (Black Hole)
Routing
Risky Traffic
SMURF Attack
Traffic Rules
Switching
DHCP Snooping
Dynamic Trunking
Protocol
IEEE 802.1x Port-Based
Authentication
IEEE 802.3 Flow Control
IP Phone + Host Ports
IP Phone Ports
Management VLAN
Port Security
Spanning Tree Protocol
(STP)
Unidirectional Link
Detection (UDLD)
Unused Ports
VLAN 1
VLAN Trunking Protocol
(VTP)
AAA services
AAA Accounting
Commands
AAA Accounting
Connections
AAA AccountingExec
AAA Accounting
Network
AAA Accounting
System
AAA Authentication
Enable
AAA Authentication
Login
AAA Authorization
Commands
AAA Authorization
Configuration
AAA Authorization
Exec
AAA Authorization
Network
Checking atleast one of
Tacacs+ Radius LDAP
authentication
should be configured
Compliance Policies
Granular Feature-level Compliance Definition
Block Options
Does Not Raise a Violation stop checking, all is good, no more checking needed
Raise a Violation raise a violation and stop checking
Raise a Violation and Continue raise a violation and keep checking, go on to succeeding Condition
Match & Does Not Match Action specified for every Conditions
Strings can reference Rule Input variables
Expressions can reference information collected in previous conditions
Fix CLI can be invoked from Audit Job Result (to generate Fix Job)
Compliance Profiles
Profile is an aggregated set of Policies used to audit a set of network devices
Compliance Jobs
Audit Jobs, Fix Jobs, Violation Summary
Audit Jobs perform audit
Results show violations
Violation Summary
Violations by Device
Per-device violation details
Schedule
Standard job options
Violation Summary
Licensing
Customer developed
provisioning tools, manual CLI
changes, and run book
automation for IT Operations
support
Automation
(Workflow / Orchestration)
Controller
(APIC-EM)
NE
NE
NE
NE
NE
NE
NE
NE
Traditional Management
Customer developed
provisioning tools, manual CLI
changes, and run book
automation for IT Operations
support
...
.
NE
NE
NE
NE
NE
PI 3.x
Solution Apps
Ex. IWAN App
Controller (APIC-EM)
NE
Automation
PI 3.x (NMS)
NE
...
NE
*BSA: Branch Services Automation
PI 3.x Licenses are ordered in increment of one unit device license (No
more packs of 25, 50 ..etc)
PI 3.x licenses will now combine Lifecycle (LF) and Assurance (AS)
License into one
Higher priced NW equipment such as catalyst 4K, 6K and Nexus Switches, Switch
stacks, Groups of Instant access switches, Fabric Extenders
If you have 10 Cat 4500 switches they will have 20 LF, 20 AS tokens
When you upgrade from PI 2.x to PI 3.x => The system will translate 1 LF and 1 AS tokens belonging to Cat 4500 to
10 LF and 10 AS tokens on PI 3.x
Thank you.