Network Design Principles - Security

(#4 of 7)
To continue the series, this post talks at a high level about principles you should consider when you're looking at the security aspects of your network design.  Be aware I am not a cyber security guy.  But I do know what security elements you should consider when you build a network design, so this is what I'm discussing herein.  If you want more on cyber security, you could find a lot worse starting point than fellow #CiscoChampion Zoë Rose's blog https://www.zoë or follow her on Twitter @5683Monkey.

[Disclosure: Zoë proof read this post for me to help keep me honest - thank you!]
As every security course ever taught points out, there are three fundamental goals of any security design:
Confidentiality - ensuring that data is not accessible by parties from whom it should be hidden.  Most network security mechanisms are concerned with this in some way - including access control; network segmentation; policy definition and enforcement; and encryption where…

Network Design Principles Series Index

● Introduction ●  ● Availability ● Scalability ● Security ● ● Supportability ● Simplicity ●  ● Pragmatism ●

Network Design Principles - Scalability

(#3 of 7)

Continuing our series on design principles, the next area of consideration is scalability.  Every design guide you ever read extols the virtues of making networks scalable, but in reality what does this mean?
The usual definition of the term relates to ensuring a network has sufficient capacity for the current usage patterns and for projected future growth.  This works at two levels - at a micro level, this is ensuring that we provide sufficient ports of the appropriate speed, that we use network devices with sufficient aggregate throughput, that the circuits we specify have sufficient bandwidth for the use cases identified during the collection of user requirements. We monitor those elements and carry out trend analysis to ensure the environment stays within the bounds within which we built the network, and we can add more capacity simply and with minimal disruption when it is required.
At a macro level, we ensure our overall network architecture is built in a mo…

#CLUS here we come!

So #CLUS is almost upon us, let the feast of networking goodness begin!
Over the coming week or so I'm planning to immerse myself in the Kool-Aid (never mind drink it) and geek out about some of the exciting stuff that's coming up from the networking giant so many love to hate on!I make no apologies for this - my recent career has been built on the back of their gear and this peculiar ability that I amongst many others have to be able to make it do what we (or our customers) want it to do *most* of the time.  Disclosure: I am a fan and a #CiscoChampion.(I am also pragmatic and obviously know when things aren't so good, but on the whole I think these things balance out)
I'm expecting to see loads of announcements and developments for the Digital Network Architecture (DNA) - hopefully new integrations and some SD-WAN capability for DNA Center.For Application Centric Infrastructure (ACI) could we perhaps have some nice shiny hybrid cloud capabilities?Plenty of IoT, defi…

Network Design Principles - Availability

(#2 of 7)

In the first post in this series, I shared a summary of my fundamental design principles which I try to apply to every network design I am involved in.  The follow-ups to that summary post will discuss these at greater length - this one addresses Network Availability.
The network exists to provide the transport for endpoints to be able to consume services in a "remote" location.Whether the endpoints are application servers in racks in a DC trying to consume database entries, wireless clients accessing an application in the data centre, sensors collecting data and dropping that data into storage, and regardless of location of the services themselves - public cloud, private cloud, co-lo DC - the fundamental measure of success of the network is availability of the service to the endpoint and thus the user.
Clearly then availability isn't a simple measure of the network as a whole - it takes a number of capabilities and properties of the environment to contribute.…

Call to Arms!

Completed a great couple of days in labs and discussions with fellow travellers on the journey to the programmable network!  We were in London on a Cisco Cat 9K/DNA Center Programmability course, with the legend that is John Swartz (of Boson tests and Cisco books fame).  He really started opening our eyes to the possible, looking at how through the magic of Python it is possible to run event-driven processes on LAN switches, orchestrate the management capabilities of DNA Center, and build platform-agnostic configurations using YANG models, then deploy them over NETCONF.

This stuff really brings it home what is there now and what will be possible in the networks of the 2020s.  It's time to start assembling the ideas to build out the real tangible network service that we can offer customers so that they can consume the networks the way they need to for their business.  Zero-touch provisioning for IoT.  Software overlays for abstracting the complexities of the network transport and p…

The Tyranny of the Immediate

I've been reading about and trying to make more sense of the "Tyranny of the Immediate", a situation to which I seem to fallvictimall the time.  The phrase can be applied to all manner of scenarios – indeed if you Google it you'll come up with references to everything from the housing market to prayer.  What do I mean by it and how does it affect me?  Basically it is the daily conflict between what isdeemedto be urgent at that moment versus what is important in the longer term.
In my day-to-day, this takes one of three forms: Things or people busting my plans for the day/week/month with something that is just so urgent that it can't wait;Misunderstood priorities and/or dependencies in a project or infrastructure delivery leading to a short-sighted tactical solution;Short-termism in career and personal development – looking at what skills are needed now and studying for those, without considering the long term goals.