Cisco Systems, Inc. (CSCO) Earnings Call Transcript & Summary

Hello, and welcome. My name is Rohit Sawhney. I'm a group product manager on the cloud security team here at Cisco. And this is networking and building relationships. What we often do is what holds us back. So learn to help others and they will help you. I'm honored to be here today at the Master Series studio to talk with you about this topic. Now you might think to yourself, how did you get this topic, Rohit? Why are you presenting this life skill? And the fact is, I didn't expect to be presenting on this topic. The thing is, a few months back, I did a survey of our engineers in the group that I work in, in Silicon Valley, and I asked, what sort of topics would you like to listen to? And surprisingly, this topic was #1 on most engineers' list, networking and building relationships. And I thought to myself, I didn't realize that, that would be so important, but it makes sense. A lot of the opportunities that I've been privileged to have, have come from networking opportunities and building relationships. And it's not always easy for everyone to do that. So it makes sense to spend time on it. In the next 40, 45 minutes or so, we will go through some tips that I have around networking and building relationships, around mindset, around approach, around the fact that it doesn't have to be so hard, if you think about it in a different way. I'll also have the opportunity to have my colleague join me, and we'll do a little roleplay so we could practice what we actually preach. So with that, let's start with perceptions. Here's a few perceptions that people have in general about networking and building relationships. And as you can see, they run the gamut of it seems hard or forced to maybe it's for certain people, not necessarily for myself. Maybe for myself, it's not the right time yet because I don't have much to offer or no, I'm good. I already have a social network. I have relationships. And I don't think I need to invest more time into that. I'm just going to do my work. All of these things are valid. I, myself, have thought about a lot of these over the years. And I think to myself, well, yes, I don't need to attend that event or I don't need to go there and mingle or speak to these people. There's nothing for me to learn or I have nothing to offer. And ultimately, that's not always the right way to think about things. We all have something to offer. We all have value. And if we connect with people, it's not necessarily about us receiving something back. It's about giving, and it's about how we can make a meaningful relationship. So what are we going to talk about today. We're going to talk about why this topic is even important, how to network a little bit better, some frameworks around networking, the fact that you could think about it slightly differently, farming, not hunting. And then we'll go into roleplay, where my colleague will join me, and we'll do some sample scripting and roleplay exercises that perhaps you can also use and practice for yourself, and we'll wrap up. I would love for you to continue the conversation with me on Twitter or reach out to me. I'm happy to engage, and we'll see where the conversation goes. So let's start. Networking is like vegetables. You know it's good for you, but you still don't do it regularly. I'm not sure if a banana qualifies as a vegetable, per se, but I figured I'd squeeze a cat video into our presentation here, just to make things a little bit more light hearted. The point here, however, is that we all know that it's important, but we don't always emphasize it or spend enough time on it. And like many things in life, you need to practice it before it becomes a habit. There's a lot of sayings that relate to networking. And these are a few of them: "Your network is your net worth." Or conversely, "If you're not networking, you're not working." Now to some of us, this may seem a little extreme. For example, we've studied hard, we've worked to get to a certain point. And we figure that our work will produce results. We put our heads down, we do good things and people would notice. And in general, that is true and you hope that to be the case. However, at the same time, if you build relationships where people notice you and they form a bond, those people will naturally come to you and say, hey, I'm thinking about this person, we've collaborated, we've spent time outside of work or in some other context and you came to mind, and this opportunity comes to mind, would you be interested? That's where you get into stories and relationships. And that really does matter at the end of the day. Think about the people that you know. As they've elevated, as they've had mentorship opportunities, how has that developed? Do they have a personal connection with that individual that they work with? Did they follow that individual from one company to another? Chances are there are a lot of yeses to those questions that I'm asking. And the fact is that, that is important at the end of the day. And you can take this out of the work context to other opportunities. You're entering the school, you're changing careers, you are transitioning in life in some way or another. If someone can help you, that's typically a good thing, granted there are a lot of recommendations out there, a lot of things that we can search for online, but who do you really trust? You want to trust someone that you have a relationship with. And ultimately, that does make a difference in terms of the opportunities that you have, the sort of things that you now get exposed to that you may not know otherwise. So here's what we often do. A lot of us are guilty of going to events and conferences. We're at a conference right now, it's Cisco Live in Barcelona. It's a wonderful conference. It's an opportunity to network and build relationships, but sometimes, we just focus on what we want to do, get in, get out. If we spend enough time online, we think that we build "connections." Are they really connections? I would ask you to ask yourself if you really have a relationship with those connections or not. In some cases, it is valid. I've been in situations where I've had colleagues I've connected with. We've had human connections. I reach out to them many years later, they will respond right away. And that's a wonderful thing to see. But that doesn't always happen. And we have tons of connections that have no meaning or backing behind them. At the same time, we read a lot about networking. And we think we know what to do, what script makes sense that will bring us forward. But oftentimes, we come across looking like this cartoon in the next slide. I'll read it out for us. "Would you mind if I network with you to help my career? I would have said, yes, but you made it feel all weird and creepy. Perhaps you could send me an email that I won't read. That makes you my best friend." Now think about this. Can you relate? Have you done this before? Do you know someone who's done this? Perhaps we've done it ourselves, and it's okay. I've been there, probably early in my career where I forced the situation. And it seems like I'm coming across looking for something. That's not, let's say, genuine, and people understand that. And as such, they may say what they're saying here in this cartoon. So how do you make it more authentic? How do you bring it forward? Let's talk a little bit about that. This example that I'm citing really has no purpose nor intention. But all of us are guilty in trying to do this to advance our careers. Let's talk about what holds us back, and this comes from a wonderful article that I read called The Networking Advice that No One Tells You, and it's a framework that we can use. First and foremost, it's our mindset. For many of you who are familiar with growth versus fixed mindset, this is something that relates. A fixed mindset tells us that we're not good at something, right? We're just not good on networking. We're not good at human connections or building relationships, and so we won't do it. And that is very fixed in its approach. But if we think outside of that, we have a growth mindset, where we say we're just not good at it yet, but if we invest the time, and we put in the energy, it will reap the rewards, and you'll get better little by little. So mindset has a lot to do with it. We'll talk more about that as we go throughout this presentation. We often are also guilty of limiting our network. Think about the people you know, the people you sit down with perhaps at lunch or in the outside work environments that you have. Are they similar to you? They come from a different background or a similar background? Many times we gravitate towards the people that we already know. They're very similar to us, went to the same schools, have the same background, same ethnicities. And that does ultimately limit us. We are also not always strategic, right? We may not be thinking about where we want to go, we may just be thinking about where we are today. And that doesn't always serve a lot of purpose. The next 2, I think, are kind of part and parcel, we aren't always proactive nor do we schedule time to network. If you will join me for other talks I'll do this week around self-care and conversation, this theme comes up again and again. We don't always take time for ourselves. And so this is something to think about. If you schedule time to say I'm going to network or build relationships, this reaps a lot of rewards. An example that I can tell you about is managing by walking around. For those of us who have lead teams in the past, there's this concept of managing by walking around. Putting down your laptop, walking around the office and just talking to people, hey, what are you working on? What do you need help with? Can I help you in some way? Oh, that's interesting. Why? Tell me a little bit about that. There's a ton that you can learn from those experiences. So we aren't always proactive in doing that. We don't schedule time to do it. But simply just scheduling time in your calendar to say, okay, I'm going to stop, grab a coffee or tea and go and talk to people or have lunch with someone and make it purposeful. That reaps a lot of rewards. And finally, we don't always leverage our existing relationships. Believe it or not, we do go to the people that we know, but we don't always think back on all of the relationships we've had in our life. We may think of current, but not the past. We may think about our extended network, perhaps you have kids, and you have a school community. These are existing relationships. We don't always take the time to develop or foster those relationships. There's a ton you can do there if you really think about it and purposely think about the circles in your life. We'll come back to this towards the end as well. So some how-to guidelines. Start with your career goals, I touched on this earlier. Look ahead, where do you want to be in the future. Whom do you want to begin to learn from now? Today, I'm in product management. I may want to go to a career in product marketing. I may want to go down the sales route. Should I connect with those people? Learn from those experiences that they've had and how they perhaps transition from one to the other? That makes sense. Later on, I'll talk about my own journey to product management and how it took me quite some time to develop that and a lot of failures that came along the way. It would have been intentional if I started to learn from those people and learn how they transition in their careers early on. Also know your value proposition. When we talk about our script later, we'll talk about the fact that we all have value. Don't just think about what you do, but how that relates to business outcomes. I work as an engineer, but that helps this product achieve this growth or helps my customers be more loyal or solve their problems. All of us, to some extent, have some credibility and influence. We don't do a great job in marketing that. And I'm going to try to help you with that today. We will help you that -- with that today in our scripting. And finally, and this is probably the most important thing, if you think about networking for building mutually beneficial relationships, you'll go a lot farther. It's about you helping people and people helping you. So some tips around networking and conversation starters. You go into an event and sometimes, we just kind of go straight into, what do you do? What are you working on? And that's great. But we don't always ask the open-ended questions around what are your challenges? What do you need help with? The fact is, many people want to be heard. They aren't often heard, they're talked over. If you can help people by just listening to them and being opening -- being open to their ideas. That helps create a bond. Some of the best conversations I've had is where I'm actually not speaking, I'm there to just listen, whether it be with my partner or with an extended friend, sometimes, they just want to get something off their chests. They want to vent. And the best thing you can do is listen to them, and they may think that's the best conversation they've had because for the first time, in perhaps a long time, someone actually listened to them. They were curious about what they're interested in and what is bothering them or what their challenges are. So what are the 5 Bs of networking? Start by being likable, right? Say something interesting about yourself. When we look through our script later, we'll do this. We won't just talk about what we do and the value, we'll make it a little bit personal. And that way, you get multiple connection points between you and the individual you're speaking to. Perhaps, what you're doing is just boring to them. But something you say about your kids, about the school, about where you grow up may resonate. And that might be a conversation starter. You'll be amazed how that can take on legs of its own. You also want to be brief. People don't want to know all the details about when you did something in June of 2019 and what date you did it in. They just want the essence of what you're saying. So it's important to be brief. You also want to be social, show interest in others, right? This goes back to what I was saying earlier. And most people don't want to just hear about someone venting or complaining. They want positivity in their life. They want something that makes them happy that takes their mind off some stressful situation. Gratitude has a lot to do with that, how you can introduce being -- having that attitude of gratitude and being thankful for what you have really goes a long way to positivity. And people just -- they latch on to that at the end of the day. So some other how-to guidelines, find allies and champions. When you effectively network and build relationships, you will find that the people that you built relationships will come to you unsolicited. My partner, my wife, has done this very well. And I credit here, and I learn from her every day. She has people that she has built relationships in a short period of time. They come back to her and say, hey, we think you'd be great for this opportunity. We thought of you, why not bring it forward. And that has led to lots of nonprofit board relationships that she's had that she would not have otherwise. That's just a simple example of how people can come back to you and think of you and be your champions, even when you're not in the room. Also, going back to being strategic, you want to be thoughtful, it is your way in. And so with that in mind, let's talk about these guidelines. You can't start at an accelerated front and do this every day in and day out. Depending on where you live in the world, you may have that opportunity. For those of us who live in Silicon Valley, like myself, I tell people all the time, if I wanted to go to a product management or an engineering, a technical cloud security event, I can probably do that every day of the week, twice a week -- or every day of the week, twice a day. However, that is not what I want to do. I want to balance my life. So start a little bit slower. Start with perhaps once a month. You transition that to a couple of times in a month or maybe a couple of times in a week. Take the lunch break, take the coffee break, go to an event like a happy hour and make that purposeful and just connect with someone that you didn't know otherwise. And that will make you feel good. Go with that purpose and intention. And go with an open mind to learn and be amazed by others. One of the favorite -- one of my favorite authors is James Clear. He's a -- not only an author of a great book called the Atomic Habit, but also a blogger that I follow. And one of his quotes is, "Focus is the art of knowing what to ignore." You can't do it all. You can't connect with everyone. So focus on what you want to do there. And even if you make one connection in the span of a given time, you're moving forward, you're getting better every day. Another way to think about networking is that it's not about collecting contacts. In my earlier days, I would have been satisfied with going to a conference like this and just connecting with people, picking up business cards or connecting on LinkedIn and being happy about that, hey, I got 50 connections or 40 connections, and now that's going to result in something. The fact is, it's probably not. But if it's about planting relations, right? About seeding. And you think about it from that perspective, a lot more can happen. So let's talk about a script that we can use. And this is a script that I just made up, frankly. But your intro could be the who, what and why. What is the impact you're making? And focus on making it very personal and positive. In talking to my youngest daughter once about something that she was doing, I think it was probably around reading or writing, I made this comment one time and I said, hey, Reya, doesn't practice make perfect? And she said, no papa. My teacher Ms. Nakamura said, practice makes progress. And so that's something I mentioned here because really, it's about trying it, not getting it right, right away. You can't be perfect, you fail. You learn from it and iterate and you try again. It's a very product philosophy, a very agile and engineering philosophy that many of us have in this community, but it's something you can adopt to this as well. So let's go about and try that now. I would like to introduce my colleague, Pallavi Priya, who's going to be joining me for a few minutes to talk through this. Pallavi, how are you?

Hi, [ Rahul ]. How are you?

Thank you for joining us.

Thank you.

So we've done this before, but we wanted to practice this script. And what I thought we'd do is let's go through this script and practice it for our audience, so they can see how it's like. Hopefully at home or wherever they're listening, they can take this forward as well and practice it on their own. So I'd love if you start maybe in, say, 30 seconds and try this, like you and I met for the first time and you're introducing yourself. And then I'll do that myself as well. So go ahead.

Sure. Hi. I'm Pallavi Priya. I'm a Software Engineer in Cisco's cloud security business group, particularly the Umbrella product. I'm a part of Cisco's cloud-delivered firewall team. And I write code that develops applications that supports Cisco customers in protecting their data on public cloud. I care about writing good quality code and solving customers' challenges. Outside of work, I really love to spend time in nature. That's how I get energized, and that's how I practice my mindfulness.

Wonderful. Excellent. So I love that because you told me a lot in that statement. We'll talk a little bit about that as well. So I'll now go, and introduce myself to you like we met for the first time. So. Hi, Pallavi, I'm Rohit Sawhney. I work in product management on the cloud security team within Cisco, part of the security business group. I focus on DNS security, Domain Name System security, which helps customers on and off their network to be protected. It's a large business for Cisco that continues to grow in the cloud space. And we have over 90 million daily active users across 20,000 enterprise customers in the world. I focus on this because it really solves problems for our customers and keeps them and their customers safe online. Outside of work, I really enjoy spending time with my family. I have 2 daughters who are 8 and 11, and I love to coach them in a variety of sports like softball and soccer. I feel that sports teaches you a lot about life and teamwork. And so I want to really foster that in their lives as well.

Good.

All right. So if you noticed, we did that in roughly around 20 to 30 seconds. Now if we think about the opportunities we have with people, we may not have the luxury of doing this sort of script. It may come across rehearsed. Like as I was listening to you, it may sound a little bit rehearsed as well. And sometimes, people don't have the patience for this or you're in a group setting. So one of the things we think about is kind of like the Jesse Owens quote here, "One chance is all you need." And sometimes one chance is all you get, one shot in life to make a good impression. So let's try the same thing we tried, but let's do it even faster. Suppose we're in a group setting, around a table or talking in a networking event, and we're introducing each other around a circle. Sometimes you only get 10, 15 seconds. So let's try to do the same thing in a shorter period of time.

Okay.

Why don't you try?

Sure. Hi, my name is Pallavi Priya. I'm a software engineer in Cisco's cloud security group. I write code that helps customers protect their data on public cloud. Outside of work. I love spending time in the nature. That's how I energize myself. Thank you.

Excellent. Very good. Short and to the point. I'll try as well.

Okay.

Hi. I'm Rohit Sawhney. I work in product management in the cloud security team within Cisco. We focus on DNS security and protecting users on and off the network. Outside of work, I love spending time with my family and my 2 girls and I coach them in a variety of different sports. And I love what that teaches them about life and teamwork.

Good.

Right? So hopefully, as you think about this, you're thinking about how that relates to you. And so Pallavi, one of the things I really loved about what you said is you really related that to value, like you want to write good code, and you care about that and what that brings to the table. And really, what that brings to the overall organization. Now you and I have talked about networking before. And I think you had an interesting perspective on maybe the negative connotations that come with networking. Can you tell us a little bit more about that?

Yes. So somehow the word networking itself gives a negative connotation. And when I go to a networking event, I'd like to make connections rather than adding up networks in my LinkedIn, as you mentioned in one of the earlier slides. So I care about connecting with people, developing meaningful relationships rather than just networking someone for the sake of having a new contact.

So would you say you'd rather not -- if you could, you would rather not use the word networking and just say, connections?

Yes. Connections sounds much more friendly.

Yes. Yes. I mean I think at the end of the day, it is really about those connections that we're making. I'm very privy to the fact or partial to the fact that it's a human connection because I think you get a lot more from that face-to-face with someone. Certainly, you can do that online, and sometimes you don't have the luxury of meeting someone face-to-face until maybe months or years later, but I really enjoy that as well. So that's a good way to think about it is maybe I'll just change the title of the slide set in the future to making connections and human relationships instead of networking. So with that, I wanted to close with a few different thoughts. One of the quotes that I really love from Reid Hoffman, who you may know as a founder is, around this. "Your network is the people who want to help you, and you want to help them. And that's really powerful." And we started with that a little bit earlier, if you noticed in my byline for this talk. And why that really hits home for what Reid Hoffman says is he's not talking about networking. He's just talking about going out there unsolicited and helping someone. If you think back to what I stated earlier in terms of script you can ask these open-ended questions around, what are your challenges? What do you need help with? Can I help you? Many people have started their careers by just volunteering their time, perhaps even for free and interning somewhere and having a conversation. It also makes me think about something that I heard very recently, as I was traveling over to Cisco Live Barcelona. I happened to listen to a podcast on the flight over. And this podcast was by a gentleman named Dave Evans, who is famous for design thinking. He actually wrote a book around Designing Your Life from Stanford and design thinking. And he said that when you have these relationships and conversations, don't go in there thinking that you want a job. If you think about asking for a job, most people don't have a job. Actually, at this very brilliant set, he said 4 to 5 jobs are actually not listed. So if you apply for every job out there, you probably miss 80% of them. But if you ask for the story, what's the problem you have? What's your story? People have stories. People are willing to share stories and get that off their chest. And if you can collaborate with them and talk through that with them, that really resonates. Now if I think about my career, in the last 10 years that have been in product management, the 4 or 5 positions I've had across a variety of companies, including my journey into Cisco, came from relationships, came from sitting down and talking to people. My last one, as I brought -- was brought into Cisco was a coffee conversation with someone in the Bay Area about something completely different. We were not there to talk about work, we were there to talk about a different subject. And he said, hey, Rohit, I noticed that you spent some time in product management and cloud security, would you be interested in x? And that x resulted in a conversation and another conversation, and it goes on and on. Now the individual that brought me in to Cisco, who was in that conversation with me over a coffee, happened to leave Cisco, what happened? I introduced them to someone I knew early on, and now they're helping run that company in a senior leadership role. Another individual here at Cisco, who has since moved on, is looking for my recommendation for another position that they want to enter into. So we're continuing to help each other. And that really is a beautiful thing. If you think about it, it's just relationships that foster over and over again. So in reality, when we think about networking, building relationships, it really should feel like this, it should not feel forced, it should not feel like just a bunch of connections that you're collecting. It's where both parties benefit, where you get really what you give, as it relates to many things in life, you're connecting those dots. And really, it does take a village. If you build your village, as I'll talk about in the next slide, it really helps to bring that back to you, and people will ultimately help you. Ultimately, you'll also have to work for it more than you hoped for. You can't hope that the next opportunity will come around. You have to put some intention into it and give of yourself. But once you do that, it's very important. And the other important item here that I underline is, never dismiss anyone as unimportant. I talk about this a lot, especially in the area that we live in in the world in the Bay Area, this is very true. You just never know who you're going to run into and what the optics of what someone may look like is not in reality, who they are, right? They may look very simple, very humble. I've met a ton of people in my life that are very down to earth, and you have no idea that they're running multimillion-dollar companies or doing all sorts of things. And so you want to treat everyone as important as a human being and make a connection, and you never know that where that will lead to. Never judge someone. So my call to action here for all of us is to consider your network. Consider your friends, whether it be your current or your past and a lot can come from that. Consider your circles. I talk about circles from the standpoint of your interest, your hobbies, maybe even your religion, right? If you have kids, you have a school network, if you participate in sports. Pallavi talked to us about hiking. She might have a hiking group. That is a group of friends, and it's a circle that she has. That circle may intersect with some friends she has from where she grew up to other things that she practices in life. These are all circles that connect. Imagine a Venn diagram that intersect. And so these are all the circles that you can consider when you think about opportunities. And if you think about it from that standpoint, it's really your village, your extended network that can help you, and you can help them. If you happen to be an employee within Cisco, think about employee resource groups or employee resource organizations there, ton of them out there, and these are connection points. If you're new to an organization, new to an area that might be something that really helps bring you in. It's a safe ground where you can meet people of like-minded interest, and that helps form your circles over time. Outside of Cisco, you may have opportunities like that as well in the organization you're part of or use the platforms that are out there. meetup.com is a great one. There are ton of circles through your alumni networks to schools you've been to, through just your friends where you can connect with people. But I really encourage you to reach out, meet up and have a face-to-face conversation with someone. So with that, I'll wrap up by saying something that really I learned some time back. When I was younger, I was encouraged by my mom to ask questions. And frankly, when I was in my, say, early teens, I wouldn't do this naturally, right? I would meet family members in different parts of the world as we travel, and my mom would say, Rohit, why didn't you ask them any questions? Why didn't you ask them where they work? What factory they're in? What are they doing? And I say, I don't know. I was just shy. And it took some time for this to resonate. But at some point, something clicked, and I was like, yes, I do want to learn from people. When I think of events that I go to now, I'm typically thinking of, do I have an opportunity to learn from someone? Is there something I'm going to take away? And so even with my girls today, who are 8 and 11, respectively, this quote is something that I use often with them. I try to encourage them by saying, "If you don't ask, the answer is always no." If you want to do something, ask me, ask your mom, ask your grandparents and take the initiative to state that, whatever is on your mind. What's the worst that can happen, right? We say, no, but at least you asked. The best that could happen is we say, yes, or, hey, that's a good idea. That's something I didn't even consider. So I mention that to all of you because as you think about opportunities that you have, people you can connect with, think about that. If you don't ever ask them and step up and say something, the answer is going to be no. It's a shut door. But if you take the opportunity to talk to people, they may want to reciprocate. They may want to be your mentor. They may want to open up your doors. People want to help people in earnest, there are a lot of good people out there. And so take that opportunity to overcome your fears, have the courage to ask these questions. So with that, I'd like to thank you all for listening. I'd like to thank the Cisco Master Series studio and team here for hosting us here today. And ultimately, thank you for the opportunity to share this time with you. Please go out and make it happen. Thank you.

Hello. My name is Jason Davis. I'm a Distinguished Engineer at Cisco. I'm in our services department, known as CX or customer experience. And I'm based out of our Research Triangle Park facility near Raleigh, North Carolina in the United States. I also work here at the show to help with the network operations center or the NOC. And what I wanted to talk about today is the importance of automation and orchestration. And specifically, we're going to talk about Cisco Action Orchestrator, which is a fairly new tool in our portfolio that helps customers automate and orchestrate their workflows. Let's consider what happens in a service deployment workflow. Many times, a customer -- and I'll use some fictitious names here just to be fun. Requestor Reggie. He's going to go into a tool like ServiceNow and he's going to do some service request management and ask for certain services. And then what happens is, over some time, approver Alan, maybe a couple of hours later, gets involved. And then he looks at the request and says, you know what, this makes sense or no it needs to go back for some changes. So approver Alan does his work. But now another manual step gets involved here and an e-mail gets sent out. Now resourcer Robert is involved. And he's looking for a resource management and maybe using a tool like Visionael or something else just to look at resource availability, ask if we need to upgrade any links, if there's any more capacity and space and cooling in the data center, and he's responsible for that. And these are all reflective of good ideas in ITIL and TOGAF kind of certifications and making sure that our processes are well in place. Well, after resourcer Robert does his thing, he sends an e-mail over to implementer Eileen. And now she's responsible for the implementation of the service and the provisioning thereof. Well, she's going to use any number of tools, could be tools from Cisco like Prime Infrastructure, NSO, DNA Center or maybe some other tools that are available to her. And then after she's done, she's going to call up checker Charlize, and now we're 25 hours into this workflow manually handing off task to person-to-person and using different tools. And after checker Charlize has done her service assurance check, maybe she's doing something with a tool like Netrounds or maybe she's doing something manually with the CLI and running various show commands. Well, now she updates a spreadsheet because everybody uses spreadsheets, right? And now that's the trigger for documenter Dorothy to know that it's time for her to do some asset tracking, and she updates some CMDB in her availability system. Now after documenter Dorothy is finished doing what she's doing, maybe she does a chat message, Webex teams or something like that over to operations Otto. And now Otto is responsible for configuring the network management tools. So now we understand what's being monitored for the services that have been deployed. And operations Otto might be going into Prime Infrastructure, HP NNMi, EMC, BMC, any other number of tools that are out there. And then he is aware of what he can monitor. After Otto is done, maybe he makes a phone call to notifier Ned. And now Ned is doing the service notification internally and possibly, externally to customers that are concerned about the services that have been deployed. Well, there's a lot of people involved. There are a lot of tools involved, and there are a lot of manual steps involved here. And unfortunately, a lot of opportunities to make mistakes. And look at the time, conceptually here took 52 hours to make a change. That's a long time, and we can do better. Well, the next thing we need to do, establish a common vocabulary because a lot of people talk about automation and orchestration in the same way. I like to say that automation is the use of control systems to reduce human effort using -- especially when talking about single or repetitive tasks. An example of that might be, I need to register a DNS host name or I need to ask for the next available IP address. These are single tasks that can be automated. Orchestration, on the other hand, is use of control systems that direct other diverse systems in the execution of multistep workflows or processes. So this is where I start to link things together into a workflow and that's through orchestration, and it may involve different systems. So have you ever ask the question, have you ever needed to do an end-to-end workflow or manage things that involve different IT systems and different vendors? If you look at this first graphic on the left-hand side, you might have your service request management system, could be ServiceNow. You could have NSO or Prime Infrastructure. You might have vCenter. All these tools could be involved in provisioning what's in your IT service management environment. What about extracting data and transforming it, normalizing it and sharing it with other tools? This is something that actually happened to me last summer at the Cisco Live event in the NOC. We had events marketing say, "Hey, let's use NSO in the environment and say that we're using network service orchestrator to manage the network." And that's great. NSO is a wonderful tool for configuration management and provisioning, but it doesn't have a network discovery component. So I had to look around at what tools we had available in the NOC, and we had Prime Infrastructure available. So that was a good tool that was running network discovery continuously. So I was able to pull the data from Prime Infrastructure, transform it into something that NSO could understand and then push it into that tool through an orchestration process. And then just to be complete about inventory management, was able to also put that information into an Oracle database, acting as a CMDB. So this is another great way to use orchestration. If you've ever had issues of scalability with the tool, this tool only scales to 5,000 devices or this tool scales to 10,000 or 50,000 or whatever, then orchestration is an important concept for you. I worked with a service provider, had over 150,000 routers in their environment. Now it was -- interesting about that was the tool they're using only scaled to about 15,000 devices. We ended up with 30 copies of this management tool in order to manage the environment, and that would be very ugly to support. So the way to handle that was going over-the-top of the APIs of the tool to pull that information into a central area and then be able to search against that central repository or big data lake, if you will, of information about inventory, configuration, et cetera. Similar situation might happen with DNA Center. If you have multiple DNA Center appliances, you may need to be able to aggregate that information for multiple appliances so you can have a unified view of inventory. Other situations might be that you have operational or functional gaps in the different commercial tools. And you know the information is there, it's just not rendered in a way that you want in the tool. So we can go again over-the-top of the tool through the API, extract the information we need and then display it or render it in a way that works for us. Now how do you deal with these multiple tools and data sources? And what you're seeing are quite a few tools that Cisco provides, and I'm not showing all of them. We have a huge portfolio. And you're probably thinking, yes, I've got quite a few of these. Well, it's not just about the Cisco tools, it's also about the partner products. There's a broader ecosystem in IT service management. You might be using Splunk, you might be using ServiceNow, along with those Cisco tools. Well -- and it's also not just about the partner products, there's open source tools. How many of you are using git and Ansible, and using open-source operating systems and CentOS and OpenStack? Well, now we think about it, that's a lot of islands of information. And if I don't do something about that, I'm going to be doing the swivel-chair management a long time. And poor Bob here, after 3 years of dealing with 7 computer screens, is getting a chiropractic neck adjustment pretty quickly because he's swiveling back and forth all the time. That's ugly, but you know what, help is on the way. Help is coming from Cisco Action Orchestrator. What this tool is, is a cross-domain, technology-agnostic orchestration platform and allows us to do a low to no code graphical environment to build workflows graphically, dragging and dropping activities into a canvas and following a workflow, just like we would think about following a process or a flow chart. It's microservices-based containerized solution using Kubernetes to manage these docker containers. You can run it on on-prem, you can run it in Amazon, Google or Azure Clouds. And it has a lot of adapters to talk to many different things. Anything that has a REST API, anything that has a CLI is fair game. We're talking Prime Infrastructure, DNA Center, EPNM, NSO, vCenter, Ansible, Oracle databases, an IP-enabled coke machine, if you had one, okay? So I have with me a guest. This is Michael Chenetz. Michael is Technical Marketing Engineer for our Cloud Automation team. And your group is the team that actually develops this Action Orchestrator as part of our CloudCenter suite. So what was your vision of what AO is to be?

So I'd like to explain it like this. When we go to our childhood, one of the first things we learned to build with is LEGOs, right? So we take LEGOs, we stack it up, and we kind of build things together so that we can create what we want using those LEGOs. And the problem that we saw out there was that all these companies want to connect things together, they want to glue things together, and they want to be able to create interactions between various things. But yet, they might not understand how to do it. They might understand how to do it, but it might be a little bit too daunting because they know that it's going to require a lot of code. And what they want to do is have a way to do that, that's not intimidating, and that people can kind of just come into and they can create these interactions. So the way that we created this was that we created these little objects that you can create, and you can kind of just drag them onto a canvas and then allow you to build bigger things out of that. And it's amazing. And the thing is, is that we don't specify what you can and can't build. So you can create your own objects based on REST calls or SSH or whatever it is, create your own little LEGO pieces and then use those LEGO pieces. So we just wanted to make it easy and tangible and something that people can use over and over again. And what we're seeing is that people really, really like this idea.

Awesome. Yes, low to no code is great. I came into Cisco being somewhat of a network programmer, right? I was -- I knew Python -- well, it was Perl back then. I've learned Python and -- so I'm kind of that unicorn red-headed step child kind of a person. I know enough to be conversant about routing and switching. But I always appreciated having tools like this that would allow me to be a programmer, but also to leverage my domain expertise with network management and operations, and routing and switching. So the neat thing about this is, you can go ahead and you could take a Python script and you can emulate what that would do graphically, and probably do it in a lot fewer lines of code and activities. I actually took this challenge upon myself to say, what would it look like if I wrote a Python script that would take some data off of Smartsheet, which is an online spreadsheet-as-a-service kind of offering and pull it into a database? And it turned out to be like 80 lines of code. But when I tried to replicate that in Action Orchestrator, it was about 5 activities. And you can see that we support loops and things of that nature. And the neat thing about doing it in Action Orchestrator, I didn't have to worry about missing a tab anywhere, which is kind of the joke for guys that are programmers.

That's great.

It's great. Now the architectural goals for this were to be 100% cloud agnostic. As a matter of fact, the first release of this product, we didn't even have a vCenter on-prem installer. You could only install it in Google, Azure clouds. So they followed up a few weeks later with a vCenter installer, but they are thinking cloud-first with this tool. It's also very CICD centric. So when you build workflows, you can actually build them and put them up on a git repository. And if you want to, you can share them with other co-workers, and we share those with customers. As I mentioned, I'm in services, the CX division at Cisco, and I've built workflows for customers where we put them into a git repo, the customer can pull those workflows down with their Action Orchestrator tool and then incorporate them into their environments. And then all they're doing is linking targets of the workflow into their environment. So when I build a workflow that needs Prime Infrastructure or DNA Center, they just link it to their own IP address, host name and credentials. The architecture is pretty modular, and we have several adapters that are very useful. Web adapters are great for REST API calls, terminal adapters for talking to anything that has SSH or telnet capability. Could be a router, a switch, wireless LAN controller, CentOS, virtual machine, Raspberry Pi, done it, IP-enabled coke machine again, right? And we're using a lot of common, well-known and mature open source components underpinning like ArangoDB and Kafka, Kubernetes. Again, this is a great solution. You can run it on-prem if you need to, you can run it in the cloud. You can run it in both places. I have one very sophisticated customer that does it in both places. And then he has orchestrator talk to orchestrator, in that way, he's not eating up WAN bandwidth by sending work request over his wide area network. So the number of adapters are growing, and you can build your own adapters too, if you're not happy with the ones that we have. Adapters can be written in Python, they can be written in Go, and just about any other programming language and incorporated with JSON Schemas into the tool. This is what the tool looks like, where we can go and lay out what our workflows and organize them, and tag the workflows so they can easily be searched. So some of the ways that we can use this tool are for provisioning, right? I want to go ahead and configure a device once it's online and drop in my golden config. I can do data collection and analysis. That is how I'm using it here at the Cisco Live NOC to collect statistics about what's going on in the show and to do health checks, data collection and dashboarding. If you go to the NOC, you'll see the dashboards that I've been building. And also data transformation, taking to one -- information from one tool, pushing it into the other. Operational state checks are great. If you're building something like a router with HSRP, you should be checking to see that HSRP is working. Which router is active at this time, and which one is standby? And did they flip? You don't want to wait until you're down to the last router to know that you're down, right? Collection and alerting, we can use this tool to also do operational state checks, and engage it against different standards or policy thresholds. And then send the message out in WebEx teams or create a dashboard or send an email, a text message. A lot of cool opportunities here. So Michael, what are some areas that you've seen customers build dashboards and workflows in?

Yes. So it's interesting you asked me this question. So every time I present to a different customer, they have their own ideas around it. So it's like you really can't go into a customer and talk about what the target is for this because as you bring it into customers -- and to get back to your question, in about 2 seconds here, they have their own ideas about what to do with it. So a lot of people, depending on who you're talking to, have preset things that they were thinking about, but didn't know how to implement it. So for example, if I go into a hospital, a lot of the things that the hospitals are thinking about right now is how do we spin-up AI, and provide self-service for doctors because these doctors need to spin-up these AI -- their AI infrastructure very quickly to diagnose various diseases. So when we go into hospitals, they're thinking about that. If I'm going into someone that does any kind of public utility, maybe they're thinking about automating some of those public utilities and figuring out how we can automate those types of things. So going into an enterprise, maybe they're thinking about how do we automate our whole NOC? Like your -- you've done here at Cisco. So depending on where you go, they have their thoughts about doing this. But it's not only about just tech, it could also be business process orchestration. It could be a lot of different levels. So -- and it doesn't have to be just cloud. It doesn't have to be on-prem, it could be a bunch of different things.

Excellent. So with that, let's show a few of the examples from the Cisco Live NOC and some of the dashboards that we've made. This is the architecture that we have. We don't necessarily use Cisco Prime service catalog. This is from Cisco Live last summer in San Diego. But you end up having a service catalog or a service request management system that front ends it. And then Action Orchestrator acts as the glue across the different tools, like webservers, WebEx Teams, even Meraki as a cloud environment, has a cloud API for their dashboard. And then CMX Prime Infrastructure, Grafana, open source tools, Smartsheet, et cetera. There's just so much here that we can glue together. And I had a situation where I needed to do an availability dashboard, and I was thinking, I've got devices that are in Prime Infrastructure. I've got devices that are in DNA Center, and they're different, but sometimes, they're overlapping. I've got devices that people want me to monitor, that aren't even routers and switches, like at the registration desk, people want their printers monitored for the badge reader -- badge printers and such. So how do we get that into the monitoring? It's not something that shows up in Prime Infrastructure or DNA Center. Well, we build a workflow to say, "Let's grab that information out of Smartsheet", which is kind of like Google Docs or Office 365, as a shared document. They're responsible for putting it there. My workflow pulls it down and puts it into a database and then we're able to ping and monitor all this equipment in one workflow, even though it's going across several sources of truth. And this is what that shared Smartsheet kind of looks like, where somebody can go in and just say, this is the device name, the IP address, the location of the device and what my name is for contact information. And then after building all this information together, doing the pings, creating the dashboard, this is the result. We can see what devices are down, which ones are slow to respond, which ones were doing great because they're green. Green is good, red, bad. Red, bad. Always looking for red, don't want red. Sometimes we see it, red, bad. All right. This is Action Orchestrator. You mentioned this graphical workflow, development and execution environment. So what you're doing is, on the left-hand side, you're grabbing your activities from the toolbox you're dragging them into the canvas in the middle. And on the right-hand side, you're working on the properties of that activity. So that might be dragging something like this web activity and doing a request to Smartsheet. And I would define on the right-hand side, this is the URL that I need to call to pull down that API information. And where you see that blue hyperlink, that's dynamic data. So I'm not hard-coding information into my workflow. I'm able to dynamically pass information into my workflow and pass it into other activities and refer to it forward and backward in my workflow. I can also hit run and go into run time in this tool, and we'll see it go step-by-step through the workflow. Green activities have been successfully completed, yellow are what's executing now. And on the right-hand side, the properties panel turns into an ability to show what the output of a command, an API call, or whatever you are dealing with. And that's helpful for troubleshooting and making sure that everything is doing good. And you might need to modify your workflow because the API output might be something that you didn't expect and you need to make a provision for it. So this is really neat. And if you're dealing with loops, you can even go and see, okay, this workflow had 13 loops to it, let me go see what loop #11 or iteration #11 of this workflow was and see what the output there. Some of the dashboards, again, from our Cisco Live NOC here. This one is about access point client load. Now I built this one, even though we have Prime Infrastructure, and we have DNA Center in our NOC, but I wanted to gather the data from those two different sources, aggregate it and put it into one dashboard. So again, we weren't swivel chairing across the different tools. Prime Infrastructure and the Cisco Live NOC is being used for legacy wireless environment, and then the DNA Center is being used for some of the newer WiFi 6 capable devices. Now the information existed in the APIs of these tools. I would ask each of them through a REST API call, give me all of your access point information, give me all your radio information, now give me all of your client information. Once I had that Action Orchestrator as table information, I can do some analytics on it and find out what is the most heavily loaded access point by client count and what radio is that, and then sort it and then colorize the cell, so I can focus my energies on these access points. And the wireless team can take a look at this and say, you know what, maybe we need to play around with some RF or add some more access points in this area to add more capacity, or maybe they just want to leave it alone. Another one is the wireless client distribution dashboard. You may see this one in the NOC, if you walk by. And it's been enhanced this year to show WiFi 6 capabilities. And I want to see which different SSIDs are being broadcast by our network, and what client counts are in which different protocols in wireless. Now sometimes, information is power, sometimes it's kind of humorous. A few years ago, we had an IPv6-only SSID that we are broadcasting. And using this dashboard, I was able to see that we had one device that was on 802.11g wireless, running the IPv6-only SSID, connected that way. And I thought I need to go find this person, I need to give him a $15 USB dongle to bring him into the 2000s for wireless because he is so frugal he's using 10-year-old radio technology. But so forward thinking, he's doing only IPv6. So wouldn't have been able to find that before just based on what we had, unless we've built a dashboard that would show us where the users are. We also wanted to understand what is the adoption of wireless and the different protocols over the years. This time, we're -- we have the same information, but now we're kind of twisting it around. We don't care about the SSIDs anymore. We only care about what the protocols and what the counts of the clients are per protocol. And this gives us an idea about the adoption of wireless over the years. Six years ago, when we did 802.11ac for the first time, in Cisco Live London, it was less than 1%. And here, we are, you can see close to 90% with AC adoption. Now I can tell you a real-time view of this, AC is now backed off to about 85%. And now we're starting to see about 5% with WiFi 6. So this is great. We're going to see this over the year, adopt more as Samsung, Apple and the rest of them include more WiFi 6 capabilities in the phones, tablets and laptops that you guys all enjoy. Now sometimes, I want to get information and use Action Orchestrator to collect the information, but I don't want to have to create a dashboard. I want to maybe use an open source tool like Grafana, and allow it to do the wonderful graphing and dashboarding that their tool was created to do. And what I do then is just use Action Orchestrator to collect the data, put it into an InfluxDB or Prometheus, whatever I'm using, and then let Grafana pull that dashboard up for me. I like to call this one the Jerry Lewis telethon dashboard. If you're American, it probably resonates with you. But this one shows how many terabytes of traffic we've moved with the Internet in the show network. This dashboard is running live in the NOC. If you want to see it, come by, and you'll see how many terabytes. Last time I looked, I think we were somewhere around 7 terabytes here in Cisco Live Barcelona. Now this is Cisco Live, and people want to know how much traffic do we have going on. And especially, there are some IPv6-efficient Ottos out there. I'm looking at you, and they want to know how much of this traffic is IPv6. Well, created the dashboard to show that. This year, we're actually getting upwards of 25% of our traffic is IPv6. That's great to see the adoption of this new technology. Well, you know what, it's not actually new. It's been around for a while, but it's nice to see that we're finally getting to adopt it. Now sometimes, we want to create dashboards because people may not understand what is a terabyte, right? So I came up with this fun dashboard that would show a terabyte in the equivalent of pages of text in punch cards because I have some older coworkers that remember punch cards before my time. But anyway, I wanted to also say how many works of -- Library of Congress, how many digital movies would that be? My kids were asking me last summer, "Hey, dad, could you create the dashboard that shows how many Marvel movies this would be?" So I said, sure, sit down and do the math to figure out what it would take to encode a 2-hour Marvel movie into MP4. And then how long it would take to push that over the Internet with the Internet links that we had, and then created the math to do that. So last summer, Cisco Live San Diego, we moved about 2,200 copies of all of the Marvel movies, had they been in digitized and encoded. So that was pretty fun. Just different information that can be gathered. And then bringing it all together, sometimes we want to gather information about routers and switches and storage and compute and applications, and wireless and bring it all together into one view as an executive view, if you will. Include the collaboration information too, and that's something we can do with orchestration and our Cisco Action Orchestrator tool. Well, you may wonder, what are the next steps? I saw some pretty cool things here. I'm really interested. Well, your options here are to go to the Cisco Pavilion in the World of Solutions, which is Hall 7, in the cloud automation booth. Michael is going to be there along with the rest of the team, and they can talk about what's going on with the tools and help you understand how you can get the tool. Or if you're interested in getting services about the tool and you want some help getting jump-started, you can see me at the NOC because I'm in the services department. And the NOC is actually in Hall 6, I made a mistake on the slide. But it's in the center of Hall 6, and that's the NOC booth. And you have a couple of links here that will help you get information about the marketing and the technical documentation about Action Orchestrator. I'd really encourage you to look at it. If you want to follow me on Twitter, my Twitter handle is SNMPguy. It's also my license plate. So if you're ever in the United States, in North Carolina, and you see a Chevy Avalanche driving up with SNMPguy, just wave at me. I'd love to hear from you. If you follow me on Twitter, you'll see some of the dashboard updates in real time as we're going. Thank you for your time. Thank you for the Master Series AV tech crew back there doing a bang-up job for us, including the people that did the makeup, all right? This is a wonderful event. Appreciate you guys being here. Have a nice day.

Hi. Welcome to another series -- in the Master Series of talks from Cisco Live in Barcelona. My name is Peter Jones. I'm a Distinguished Engineer, and I'm so happy to be here. So here's the thing. We think networking always goes forward, but my talk today is about doing 10 meg via Ethernet again. So I really like going back to the future. So that's the quick intro. Let's get into it. So here's my agenda for today: I'm going to set the stage, I'll talk about Cisco and the industrial Ethernet. 10 megabit single pair Ethernet, which is the key part of my talk, where we go next and the wrap-up. And just for a quick one, I want to take a quick bow. That's actually my photo over on the right-hand side. That's the PortaFira Hotel, which is right close to the convention center here. That was from last year. All right, let's go. So I've been with Cisco 15 years, and I finally figured out what I do is I add value to infrastructure. So if you think back a little while, this is when the interstate systems in the U.S. started. So it was authorized in 1956, and it was done both for thinking about defense, then for moving people around. They completed it, considered complete in 1992. $114 billion. And they did basically 49,000 miles. Now what's interesting is the lane width is 12 feet, or 3.7 meters. So what you're seeing over there on the left, this is the Corvette from 1956. So that's sort of a car that we're thinking about doing, right? This would have been a special car if you're really well off, or excited. But here's the Corvette from 2020. What's interesting is this uses the same infrastructure they built in 1956. So it wasn't just built for a short period, it was built for ages. And we've done more and more things of that infrastructure. All right. So there's some terms here. I'm not going to go in detail. Information Technology is the general thing that we talk about. This is where most compute networking lives. So this is what you do when you go into your office, you get up to your phone, you get up to your laptop and you talk to their corporate network. Operational Technology or OT, this really is computers to monetize states. So if you consider a building, that's what people in the building use, and then there's everything else, the lights, the HVAC, the building controls. So this is what they call non-carpeted space or fieldbuses. Fieldbus is a generalized term. And it really is an old style of network to control the particular type of device. So one type of fieldbus is called BACnet. There's another one called [ LaLi ], there's one called LonWorks or DeviceNet. So these are all separate and different protocols that the automation systems run on. So the real question is, is how are we going to think about getting those closer to today? So again, going back to the start. This is the start of Ethernet. So the picture you're seeing right now was drawn in 1976. It was drawn by Robert Metcalfe, who's considered the inventor of Ethernet. And this one was drawn to present at the conference. Now what you're going to see in the middle is that this thick white floppy cable called The Ether, otherwise known as thicknet. So if anyone's been around for a while, we know this cable. It looks like the one over there on the left. It was big heavy coax cable. You put a BANpipe [ cap ] in it that they called The Ether. So Ethernet is older than most of the people in the industry today. I think I figured out I was 9 when they got invented. So that was 1973 as Xerox PARC. The patent came in '75, and the first standard that was actually approved in '83. And this has really become the basis of all wide communication. So I do a lot of work with some of our analyst groups like Dell'Oro, and I think about Ethernet speeds. What you're seeing here is the forecast from about a year ago, out to 2022. What you can see is interesting. You see that the bulk of the market is 1,000 -- is a gigabit, or 1000BASE-T. You also see 10 -- 100 gigabit is going away, 2.5 and 5 are growing. What's interesting is 2001 was when we last sold 10 megabits. That's a long time ago. It's going to be 20 years. So why would we want to go back 20 years? So my normal place where I live in the ecosystem is I live in the enterprise part of the network. So I work in the good-to-build Cisco switching, routing, wireless and also industrial. So that's where I really made my career. It's that network that when you're going to work, you basically step down your desk, you plug into a wire, will you use WiFi? That is the Cisco Enterprise Network. So both -- we both fundamentally do the network in the office you live in, and then sort of back into the data center. By the way, quick plug, this is the 2019 Ethernet Road map from the Ethernet Alliance. You got to see this, go take a look at Ethernet Alliance website. I think we have a 2020 road map coming out in a couple of months. What's interesting about this is it gives you a way to describe the breadth of Ethernet, all the way from the service providers, a way over there on the right, through the cloud and webscale guys, Enterprise, where I do my living, in car network, which is coming forward. And the topic of this talk is really the automation sector. OT or automation, how you make that work, bring it forward to Ethernet and give them the benefits that we've had. So let me get going with the story. If you take a look at this slide here, this is really networking in about 1990. So we sort of -- at this stage, every company had their own interface, their own connector, their own protocols. So what's interesting is on that word salad over on the left, I actually worked on a lot of these. Early in my career, I wrote a TDA30 emulator. I worked with DECnet, I worked with Novel. Not so much token, thus, but token ring. So around about that time, we had basically everything in the network. Everyone built up themselves. What's interesting is that we've moved. All these protocols and physical connectors that at one stage were considered key advantages for their -- for the companies. But over time, we've really -- we've migrated everything across the TCP/IP. That journey has taken a long time. I think I got into the industry in -- my first working was around 1984. And I certainly remember this from around about 1990, maybe '89. So we had all this stuff out here. But it's all pretty much gone away. So I'm going to guess if you're younger than 40, you don't know any of these things. So this is the IT network. We went through this migration. And the migration really has been -- Cisco is at the key of this. And it's really been a way to unlock creativity and productivity. The way I tend to say this is that now these days, network access is like oxygen. You just expect it to be there, you don't notice it until it goes away. So the IT world has really gone through this transition. So what about the OT world? Well, right now, they're sort of in the same position that IT was about 1990. Again, if you look over and look at the word bubble, we have Ethernet IP, we have foundation fieldbus. And you tell this to other company, So RS232 is pretty common. DALI is something to use with lights. CAN is all over the place. Modbus, I think, is mostly build automation. HART, I think, is on the outside. So all these things exist all differently. So what you have is you have a whole lot of different networks and different network topologies. Topologies, technologies, and none of them can talk to each other. So if you think about it as the way expectations are changing, this clearly can't finish. So again, the question becomes is, these people have to move, really, how can we help them move? So I'd like to talk about deductibility or consumability. And it really matters. Otherwise, you can build technology that can't be adopted. So let's just think about a simple example of this. This is the Volkswagen golf, right? The Volkswagen golf is an extremely popular car is sold. I don't know how many millions across the world. Everyone can get it, you can go buy it, you can go use it. It's really easy. But imagine for a second, if I say, look, I've gone and done some work. I've been working away for 5 to 10 years. I've come with a car that's 5x better than the Gulf, it's cheaper, it goes faster with service, more comfortable. You will say, great, how we'll get one. Let's say, wait a second. There's only one minor issue. So the car ability is a line and a halfway. So I can't work in any of our current cities, you have to build a new city. That's sort of an analogy for where networking is often being, we've made people change and come to us. So we said, we've got this great idea if you just throw out everything you have, it will be awesome. So that's not really helpful anymore. I mean at one stage, every network was new. So you could sort of get away with it. But right now, we have that infrastructure. And our job is to get more value out of this, not to go and say, build new stuff. I mean a simple example of this is, I did some work on 2.5 and 5G BASE-T that is [ 203BASE-T ] or in BASE-T. So the key point about that particular technology. Which you could take existing category 5-year cabling that ran the 1 gigabit and run it 2.5 for 5. So I could deliver a new value on the infrastructure already owns. Sort of like that Corvette, the Corvette from '56 versus the Corvette from 2020. Very different cars, but they run on the same infrastructure. So a quick background. So probably most people know little a Cisco is involved industrially for that, I certainly did. But when I was having a conversation with my colleagues and standards buddies because I do standardization work. So quick side note, I triply added to about three as a standard buddy for Ethernet. So when you want to start a project, you go to have a conversation with people. What's interesting is to make a technical decision, you need 75% of the room, leading by individual. So when I was going in and having a conversation on industrial Ethernet with people, what I didn't realize was how much we had. So quickly going -- Oops, quickly going forward. Here's sourcing images that we have. And so these are examples of what we call industrial. Now if you look at the one at the top, it's clearly more industrial. The one at the bottom is more like a factory or maybe a warehouse. So these are all the things where you're running what they call operational technology to keep things safe. It may be on a ship, it may be in a shipyard. It may be an oil and gas plant. It may be an eye online. This is the operational technology, and this is where Cisco is actually leading the way. So this slide is clearly a -- too many words. So this is really in here as a reference, right? So Industrial Ethernet, it's using Ethernet in an industrial environment. And so I would say in a automation environment. Because it could be the same, could be in a factory, it could actually running in your -- in the ceiling of your building. Let's imagine you took a look up in your building today, not so much in home, but in your office, you would see a few things attached to the IT network, maybe a couple of access points. When you see everything else. You'll see the lights, you'd see the HVAC, you'd see the temperature sensors, so that's all of the IT world, and we're trying to -- sort of trying to move towards the IT world with Ethernet. What you see, at the bottom here, is that we often have standard Ethernet, and we might fit it in a particularly harsh environment. But the key point here is that this entire automation industry wants to move to Ethernet and current technologies, I mean, they're also going to be using LORAWAN and 5G and those types of things. But they want to adopt Ethernet to make their business better, to make it more efficient, where it innovate faster. So I want to drop up here. This is just a quick list of industrial Ethernet switches that Cisco has Iceland pull this off the website. And part of the reason I pulled this off was to explain to some of my peers in the industry, that Cisco has a massive investment in Industrial Ethernet. It also got into a conversation about connectors. So out of this, right, we saw these, we're highly successful. Over on the top left, what you see is the IE 3400 heavy duty series. So it's the one with the M12 connectors. And if you happen to be Cisco Live some time or maybe just watching online, go checkout the video where we have this running and providing PoE, while it's certainly in a waterfall, so you can sit there and what's the water riding on this thing. So when I was doing my research, I actually went looking, and I found this on the Cisco website. I was a little surprised and didn't realize that we were the leader in the market. So this market, which is going to be coming along slow growing, but it's going to fund and transform the industrial automation market, Cisco is the leader. So you can see right there, this numbers from 2016 and 2018. So we are starting to pull away from the major competitors. What does this mean? This means we have the ability to do the transformation of Cisco enabled in the IT network -- in IT as well. So if you think for a minute, how many factories and facilities that are in the world and warehouses. It's a huge opportunity, both for Cisco and to enable the world. So you tend to see executives talking about, we wish to improve the world. So my belief is that we have the ability to make the world better by enabling companies through what I want to do better. So this is from a marketing. We have a similar one from IHS Markit. So again, what you're seeing is Cisco has become the leading in industrial age networking. So this means we have a great opportunity and also great responsibility. It's our job to basically take the industry forward with us. So we actually deliver the benefits. One of the things I passionately believe in is if we take the entire industry forward and we make it a one big playing field, everyone wins. So we make it so that we have one playing field to compete on, and we compete on their real skills and qualities. So part of what I need to do is make sure I enable and they take the entire industry with me, which is sort of the fun part of my job. So let's get down to the meat of this talk. 10 megabit per second SDA. Yes, that's right. I said 10 megabit. Sometimes, I say this to people like go, you mean 10 gigabit? No. 10 terabit? No. I mean 10 megabit. SPA is a short name, it's a single pair Ethernet. If you go and look at the normal Ethernet division, cables you see in office, the couple of cables, they're all called a category cable, might be category 5E, category 6 or 6A. So they are what's called a 4 pair cable. Now if you go back in time, you'll actually know that originally for 10 megabits and 100 megabits, you only use 2 pairs. But the gigabit, you needed 4 pairs. So we had fun at one stage where people splitting out 2 pairs, but put that to the side for the moment. So the bulk of the Ethernet we sell today in terms of numbers is what's on 4 pair complicating our category cabling. This is 10 megabits on single pair. So I'll talk a little bit of fuel buses before. So she will make this previous about where we can go take a look at this. So fuel buses are really different type of thing. They're not the things that IT guys are used to. So this is the people that go -- who might install elevators. The ones who install your HVAC, maybe the controls on your doors. So field buses the -- they're all over the place in the IT networks. So the thing to think about is in the middle of that network is now Ethernet. So we're really talking about getting out to the edge of that network. So in my not very humble opinion, because I'm really not very humble. This is the next network to converge. So if you think about it for a minute, the first is quiet phone we have sold, I think it was 1998. Let's imagine, at that stage, you're making an investment decision like where do I want to go? Where should I put my money. Let's say you thought this Voice over IP thing, it's never going to work, the laying cable is not right. Let's imagine you invested all your retirement funds in Nortel or one of the other big telco manufacturers. So I think we are on the verge of this conversion, where we can move from field bus to a common technology and common protocols. And I think it's going to be huge. Right. So why single payer? So as I've said before, this is really to the OT guys, right? And there are a different set of people. Convergence is coming, but they come from a fundamentally different point of view. Where maybe in the IT world, we can live with the network going down for a while. It's really not okay to have your elevator to door controls go out or maybe your HVAC. So this technology is being used in a bunch of places. It's actually going -- there's a bunch of work happening to basically make an all Ethernet car. We can have another long conversation upon that, but they want to replace all the technologies, things like lean and can with each network. So right now, the standards, they've already done 100 million megabit gig, 10 megabit is there, and they're actually working on 2.5, 5, 10 and 25 because they're actually going to try and solve autonomous driving problems. If you actually go take a look at how they're going to build a car, it looks like a mini enterprise. There's a lot of sensors on the outside, there'll be compete clusters. So they're building everything. But in the car world, they have very harsh environmentals, they're also very large about wipes. So the car business is not the one I'm personally involved in, I'm being involved in building industrial automation. And the protocols there were harsh and pricing it and dialing in 4 to 20mA. So there's a very simple common thread here, where they are at the minute, they can't stay there. People want to do preventive maintenance. People want to do analytics, so they have to remove that barrier. So right now, they're sort of here. They're on the way towards Ethernet. But here, we have to figure out a way to get them there. So the existing technology can't really do what they need to do. Also, people understand it, sort of look more like me than someone coming out of college. So the way it used to be like in the land for machine, you've seen some go with a hammer. He's going to whack the device. It's going to listen to it and is going to tell you what doesn't work. Of course, I don't want to come in, I want to get my phone, I want to log into it. So these field buses and the gateways are now an issue. We have a huge installed cabling base and have some numbers later on. But basically, what you find is that infrastructure, the basic nervous system of the buildings is all there. The other thing which is interesting is the way they design it is a very deep in the mind. So we know how to sign an enterprise network today is caused sufficient access, it's copper from access to the device, it's a 100 meters dense fiber on fiber. These guys design the things differently. Now I can go to them and say, look, hi, I'm from Cisco, from IT networking, I've got this great idea for you. Why don't you fundamentally change the way you design entire buildings and control structure. Now maybe I'm right, maybe that's the right thing to do, but that's a hard thing to listen. So I think rather than come in and say, look, we know the right answer. We have to really stop from where they are. So we have the commentates, they need to change. Install cable basis is huge, the assets are very long-lived and have a way of doing things. So 10 SPE or 10 meg single pair Ethernet. We can provide the Ethernet brand, the standardization, right because Ethernet just works, you plug it in. The network becomes simple because it took out a whole bunch of devices like can migrate to all the protocols. The other thing is because we looked at how they build the networks today, they don't have to restructure them. So traditionally, in a copper network, you get a 100 meters. So depending on where you are, these guys might want to run a kilometer, they might want to run multi job. So again, I can come and tell them how to change what they do today, but prefer to make what they do say better. So here's an example, and if you take a look at the fine print, you notice this is from an ADVA conference in 2014. ADVA's one of the key industrial alliances on protocols. So even in 2014, they said, we have Standard Ethernet, we have Industrial Ethernet, we're missing a part on the edge. What's interesting about the part on the edge, is it's like the nervous system, right? This is where you need all your information. So while we've got a great benefit from going to the Ethernet, the real benefit they can get to is that site end. So they need things like cabling above a kilometer, right? They're currently running 1,200 bullets hundreds of kilobits. They need to do the rigs and the rights. The environments are different, right? You might be in an oil and gas plant, you might be, in some way, that it has explosions. So they call that time intrinsically safe. So in intrinsically safe piece of gear cannot generate a spark. Clearly, if this piece of equipment is in, for instance, an oil and gas plant, it's in a flat warehouse, you have to guarantee they can't spark. So part of the issues with the current copper-based Ethernet is you can store enough charge insolences capacitors to produce the spark. So we have to look at where these people are and work out how to bring Ethernet to them. Well, it's a single twisted pair that's really easy. It's what's there already. So again, if we start-up with where the people are, and we help bring them forward. This is an awesome story because it makes the value adoptable. So we're looking at the foundation, the heart, the PROFIBUS, 4 to 20mA. There's a lot of different buses out there, but they all are often designed in a similar fashion. So the goal is to bring Ethernet to the edge, be able to build smarter and smaller sensors, provide power and also multi drug. So here's a quick overview of the main standard that we've recently completed. The standard is called 802.3 CG. So in case you're wondering, the CG part doesn't mean anything, it's just named in a sequence. So the first one was 802.3 then A, then B, then C. As you can see, we're doing standards in a hurry. I don't remember how many you have active today, it's probably 14, 10. So CG isn't anything, but the short name is 10 meg single pair Ethernet. So in 10 meg's Ethernet on a single balance pair. Why does that pair instead of cable? Because sometimes people run this across backplanes. So it's targeting building and industrial automation. So similar to the current base Ethernet, we're looking at power and also data on a single piece of cable. So dot 3 CG is finished, they published about now. And it covers 2 point-to-point riches, 15 meters, really designed for cars and 1,000 meters for oil and gas. Multi drop, we have 25 meters and 8 stations, and this technological PLC, I'll talk about it in a minute. So why do we do multi-drop? It's very efficient on cabling. And it's also what the current technology does today. So back to my previous story. I could come in and say, "Look, I'm from IT and here to help. But then the OT guys are going to run the mile. So what I have to do is I have to look at what they have today and make it better. I already talked about cabling capital technology reuse. It's small. We're looking at the size of the connectors that are half the size than our J45. We also want to go to connectorization because a lot of this market runs screw terminals? Yes, I said it's screw terminals, that's what they used to. So they haven't yet got along to the progression to connectorization we want to go to. So if you take a look at the pictures, over there right in the top right, you'll see there is just the round connector, that will be the connector that runs inside an N8 connector. The underneath it, that's the same sort of connect you run in a normal environment. Over in the middle, you see the 2 piece of cable, the blue one. This is what they would normally call 18/2. So it's 2 wire, 18 gauge. The one on the right one is the very similar thing, but this is actually for fire safety systems. These are the target types of cable because these are what are used today. All right. I talked to me about hazardous locations. So there is a working group between FilCom, ADVA and PROFIBUS. So they're really -- their designing what they call the advanced physical layer. So they are building on top of Singapore Ethernet. To really contact process and industrial automation in remote hazardous locations. So again, we're going to take Ethernet to where it needs to be. So I mentioned earlier, we're doing multi drop. So hands up all those. You remember doing Multiresort, that would be me. So the interesting about multi drop Ethernet is if you go into high loads, CCM doesn't work so well. As part of the backlog mechanism. So traditionally, in a high utilization network Ethernet, your throughput went down and your time to get on to the media could actually take forever. So that wasn't going to be acceptable for this market. So we do what's called a recommendation sublayer. We put basically Shemin on top of the multi drop, which makes it work at a 100% load, it also makes it founded latency. So what you can see in the graphs at the bottom, the orange is CSMA/CD, the traditional thing we used to. And what you can see is when it gets busy, your throughput is 6 megabits instead of 10. So the blue line, this is what's called CSMA/CD with PLCA or fire level collision avoidance. And the result of that is under load you have predictable time to go in the media and you have high utilization. So this makes it possible to go and design and control it on top of this technology. So some quick stuff. So I told you a moment ago, we have a standard already done. That's called 802.3 CG. We have another standard in progress. And in fact, I met Cisco Live in Barcelona, but last week, I was in Geneva, working on this standard. In this case, ST&D is single-pay multi drop enhancements. So we did multi drop an issue in the first project. And as we went through the project became more and more interesting. And so we figured out this to make sure things we need to do. We need to provide power and multi drop like we do power on 0.1 over an Ethernet. We need to go further, more nodes, only 1,588. So the example, uses we're hearing about, all right, we have lighting, industrial sensors, elevators, transportation. So the interesting thing you see in the graph over there is, again, even under heavy load with lots of nodes, PLTA throughput stays very consistent. Again, that means I can run, I control it when this thing and not be scaling it, keep up the network. Here's an example. I work a lot with Panther. They are 1 of our partners. This is the headquarters, I built, that put everything that could possibly put on to Ethernet, right? The door controls, the lighting controls, and paint to the cabling company, so then you had to do this. So put it in 600,000 feet of 4 cabling and 500,000 feet of single pair. So my assertion to you, is there's more things single pair cable in the world today than there is for that's the market we need to go. We need to bring it into the IT world. This is a bit of an eye chart. This is the standard activity. The key thing to take away here is you have a lot of good work on this. I tripling its pot. As the guys who run cabling standards in America. So they -- they're doing cabling standards for both enterprise buildings, industrial, ADVA industrial alliance is doing work and I feel it's going ahead. So we have is we have an entire industry working together to move forward. A couple of photos. I was recently at Rockwell Automation there. There's a good picture there of the sports or cable. That's actually the -- that's an example, link running over 1,000 meters of cable. You see in the middle, it's actually it's the picture of the connector. And then -- they're feeling these guys head was back to the future. If you look, you can see the glory in the background, and so they had unbearing single pair Ethernet to control the flux capacitor. So more stuff from Rockwell Automation fair. This is some early prototype stuff from fleet networks for testing. And if you look over on the right there, there's actually a full live demo running from a bunch of people building industrial networks. So this technology is early in this life cycle, but it's starting to come through. All right. So what happens next? Cisco is a network convergence company. We've moved through the physical and protocol layers, voice the network, video to the network, personal Communications and OT is next. So we have the ability to bring all these people along, so I can build one network in the facility. So where are we today? So they're sort of like 1990, but they're on the way, right? They want the benefits of what we've had. So we want to take the network from being in the way to enable them to move forward. What's the opportunity? We can provide the IT network lessons to OT. So if you think about -- if I have something is, for instance, controlling the oil and gas plant. It's critical for me to provide those lessons, newer structures, segmentation in that facility. One network replace the gateway by the switch. The liquid control becomes an outside container. This is the opportunity we have in front of us. What are the barriers? These guys will assets for the really long life cycle. A mine might run for 30, 40 years. And they're very expensive assets, so they take risks. The landscape is sort of fragmented, there's always different companies. We don't do it that way. But in reality, if I was going to go ask to build a new factory. I would want to be risk-free because the investment is so huge. What's our path to success. So we have to focus on the best practice. Like any networking technology, people can build all sorts of things. But if we align to what they're told to build, we have a chance of succeeding. I'm really interested in -- beyond to upgrade the automation over the current infrastructure. So my father lawyer is a well-done. So he lives in the Valley, Victoria, which is full of coal mines and power plants. He actually works on the power plant shutdowns. So every couple of years, they'll shut down the plant 4 to 6 weeks. In that time, I can change sensors, I can upgrade the control seasons that plant. So that's -- I think it's going to be enormous. So the fact I can do upgrade and the new facilities can use the design patents, makes this adoptable. We're also moving towards having a consistent coherent industry message from our 2 networking industries. Right. So let me wrap it up because you've been listening to me for a while. So the base fee is the most successful standard, right? We sold more than 4 billion. We sell that 1 billion -- there's about a billion ports between in devices and switches a year. And Cisco is built on cables, right? That's the foundation which we run. So cables you're seeing at the bottom here is from right to left, there is the -- the red is the Cat 5E, then the Cat 6 and 6A. So this is what people think of Ethernet cable. So I'm going to basically run the same play, but with a single-pay stuff, power and data, design patent reuse, common connectors and adoptability. These are things that -- let me get through this. And the goal is to build away to unlock all this value. So hopefully, you know the name of Donkey 80. And I do use this all over the world, though it's particularly good in France -- in Spain. So forgive me if I get this wrong, the [ Donkey 80 ] is the oldest work of literature in the Spanish language. So [ Donkey 80 ] was a nobleman. And so he wanted to go around riding wrong. That was his thing. He wanted to give back. So him and his faithful man servant, who I think was [indiscernible]. So they will go around like trying to help people right, fix the wrongs. However, his eyesight wasn't so good. So we saw a windmill and decide was a giant. And from this, we get tilting at windmills, which is often is trying to do something that's really hard to do. Well, maybe just a really hard job. So in this case, I'm being [ Donkey 80 ] and the single-pair is my window I'm tilting at. So my goal is to make a transition to enable Ethernet through all of these markets. So that being said, this is the first addition of [ Donkey 80 ] from 1605, and thank you for listening to me. This is the master series from Cisco Live in Barcelona.

Good afternoon from beautiful Barcelona, we are talking today about Cisco data center anywhere. And after this session, I hope you get to understand it, just 45 minutes, all the exciting innovations we have for you to offer in the data center space. With that being said, let's get started. We have a lot to cover today. The very first thing you need to keep in mind is we live in an IT hungry world. Everything we do is driven by applications, we touch around 3 to 10 applications every single day of our lives. And basically, everything needs to be fast. We want things as fast as possible. We're less patient than ever. The other part is we want things to be easy. Whether we consume them or manage them, it needs to be easier as ever. And last part, it always needs to be on in a world where we have music or videos just a click away. We want things to be not only fast, but also reliable. So the same thing, by the way, happens today in an IT hungry world, which may be delivered by the CIO or yourself as an IT lead. If we consider everything we do to deliver these applications, we have to go from infrastructure, again, no matter where it leads, it can be on-prem, cloud, virtual, physical containers all the way through applications, which may be not only delivered with a single click, but also continuously monitored, continuously managed, and again, hopefully, optimized as well. And the last part, we always want this business to be up. The new digital business needs to be reliable and always needs to be secure. With that in mind, we are the only company that through performance IT, we can deliver all this on any cloud on any app anywhere, and we call it performance it. We do not need to be bound to specific hypervisor to run agility to run security or to have better operations. Our idea is to run your business anywhere it takes it. With that being said, I wanted to make a quick pull for everyone out there. So whether you're visiting virtually in this case from home on America or Asia or even Europe, please take a few moments to understand or to let us know how you are prioritizing your IT initiatives for this 2020. We have multiple options. So please go to pullapp.com/latamSE and both for one of these options, please. The first one is, are you thinking about migrating to the cloud. And other one would be, are you thinking about delivering IT services faster? The third one would be, do you want to reduce downtime? Is that something that is constantly hitting you? The fourth one is probably why not leveraging something like AI ops or AI, machine learning and so on? And the other 1 that hits us commonly is security? Do we have any initiative in terms of security? Are we planning on doing some things like encryption or Zero Trust? So I'll give you a few seconds to both so that you can help us understanding what your top initiatives are. In the meantime, keep in mind that, again, everything we're doing in the Cisco data center anywhere story is going to be totally boundless. You don't have to run on-prem. You don't have to run cloud. You don't have to run on a specific hypervisors. So I said, everything is going to be anywhere your business takes us. So with that being said, I know some of you may still taking your time to boat a little bit, but I'm thinking the other part would be probably to deliver IT services faster. We'll keep the poll open and probably get back to the results at the very end, but let's get going with the presentation. The good news is, no matter which option you choose, there's something for you in today's presentation. So let's get going. With this, I am going to invite Jeff Allen, Director of Data Center networking in the Worldwide Sales Organization to join me to talk about a very important topic. We're going to be doing 3 different categories in today's presentation. And the first one that I think every customer out there, you talk to on a daily basis, Jeff, is agility. So how do you see agility driving or transforming today's IT?

Yes. So thanks, Carlos. Agility and innovation go hand-in-hand. And if you're unable to be flexible and you cannot adapt quickly to change, then bad things happen. And the list of companies that have done this is very long and famous, a couple of names that come to mind would be Radio shack or Borders Books is another one, probably one of the most famous ones is Blockbuster, they were unable to change. These companies are not unwilling to change. Just sometimes, there's something in their infrastructure that is unable to adapt to the changes that are happening so quickly around them. So Cisco has been pretty good at this game. We've been very skilled at making sure that we are introducing disruptive technologies changing industries. And we've done this over and over again across compute, we've done it in storage. We've done an invoice. We have a good track record of doing this, but it's not by accident. And our internal infrastructure is set up to be able to adapt very quickly to these changes. John Chamber, he was very famous for always saying that he would predict companies that would be disrupted or industries that would be disrupted and sort of giving a glance of the future, and he would agree with us today. If you were here, when we say that 40% of the Fortune 500 won't be there in 10 years. And when I say won't be there, I mean, they won't -- not they won't be on the list, they won't be around in 10 years from now, which is incredible to think about it. And all that has to do with a lot of these companies are not agile enough. And that is the key metric that CIOs need to be looking at today, is my company set up to be flexible? And can I adapt quickly when I -- maybe I want to because I see the industry-changing or maybe I feel like I need to because a competitor stepping in my space?

Correct. So it's the innovate or die, again, right?

Yes, exactly.

So Jeff, let me ask you this question. How are we innovating at Cisco? How are we helping our customers be more agile?

Okay. Great question, Carlo. So we're doing two things that we feel like if customers are focused on these, they would not fall susceptible to some of the companies that we've mentioned, that is that applications have to be able to be deployed very quickly anywhere on any cloud or in the data center, whatever the case may be, a lot of the applications are cloud ready. But the ability to deploy them. They need to have an infrastructure that set up the applications to get out quickly. So -- and sort of the new DevOps model that you're seeing in lots of places today. The second is infrastructure. So the compute network storage. They all need to have a good automation story around them because automation is really a big driver, and it's a big key to this whole agility story.

Correct. Well, let me then show a little bit of what we're doing.

I'd love to see it.

And probably we can start with the applications. You mentioned the first 1 of 2, right, about focusing on agility. And the first thing that we wanted to do is drive or deliver applications. Whether they are the classical applications, your S&P, your ERP, all these applications that are used to maintaining the business up and running. And the other ones, which are cloud-native applications, which are made for transforming the business down the road. And then well, we would like -- whatever path you are in, right? The current applications or the cloud-native ones, we want all of those to be a click away. And again, it doesn't matter where you want to place them. If it's on the cloud, if it's on-prem, if it's physical or virtual and so on. So for that, I wanted to introduce cloud centers. So that's the very first solution, we'll take a look at. And the idea with this is to have applications and services, a click away. So let me go to the demo and really quick click -- really quick, as you can see, cloud center suite is a SaaS offering, where we are basically aggregating all clouds. It doesn't matter if it's physical, virtual, doesn't matter if it's on-prem or public or even container-based just provide your credentials, and with that, we will download every piece of offering that cloud has. So for example, things like instant size, the cost that they have, the operating systems they have. Once you have all that on a per cloud basis, we can create a catalog. And we model that once. So imagine having a web server model once and then even having the ability to automatically scale that by saying, let's say, I want 10 different instances in peak season, for example, right? Automatically scaling is a huge interest of lots of people. Now once we model that service once, we can let our users single click and deploy the application. With that, let's put a name to it. And as you see, based on the credentials we provided before, we now can compare between all the clouds we have available. So maybe I want to ask you, and I compare it to Amazon? Well, as you can see, there's different pricing, different sizes. Same thing with Google, right? Different pricing, different sizes. So in my case, I'm just going to go, let's say, from now with Amazon. Let's click on it on the smaller size, and then let's click on deploy. So again, with a single click, I have successfully deployed my -- in this case, online retail store and the web server that is holding this web page can also be accessed via SSH. I do not need to store any keys and everything is taken care of centrally, including the cost management. So this is a huge tool, I think, for centralizing in a totally agnostic way, whether that's Cisco hardware, or any cloud, the way you deliver your applications. So with that being said, I don't know, Jeff, what you think about this, but you also mentioned infrastructure?

Yes, I did. So let's just take networking, for instance, as part of the infrastructure. There's a lot that goes to it. Like we talked about, there's compute and storage in this as well, but network is one. And when I started doing networking many years ago, I thought it was complex then. Things like Spanning Tree and Virtual Trunking Protocol and all of the routing protocols, and all these things seemed very complex at the time. But as we fast forward, we realize what the IT administrators have to deal with today are -- they have virtual networking, they have cloud networking, there's containers, there's under lasers, over lasers, SDN. In fact, virtual networking is a big part of this and cloud networking is -- the CSR 1000, by the way, I read that, that's the most popular download off of Amazon's marketplace, right? So this is truly important to people, this is a big deal. So this is -- if these things can't be -- if we can't put all these in a wrapper that makes them easy to manage, then that's a losing battle for that network administrator or that IT department, especially because different groups are sometimes responsible for these different components, right? And some of the things we mentioned, like cloud. That's a different -- handled by different group. So we need something that brings all that together.

Correct. So if I hear well, and multiple personas managing multiple things, probably not consistently, right? So how have you seen the evolution of the network?

So we used to do the switch-by-switch, port-by-port troubleshooting, and we would SSH into Switch 1, we would make a change, then we would SSH into Switch 2. But while I'm configuring Switch 2, I took a phone call and I forgot to put in 1 command. So now I have some inconsistency in the network and I don't know that it's there. There's nothing that goes back and checks that for me. That's the type of thing that cannot happen when we're automating configurations. Everything has to be consistent.

Correct. So -- well, that's extremely relevant. So let me show you a little bit of what you're talking about with ACI. So in this case, we're seeing ACI Multi-Site Orchestrator. You have a central point of management for all your networking sites based on ACI, whether they are on-prem or cloud-based. Just by having these, you have automated data center interconnect, by the way. So even extending Layer 2 is just a matter of minutes or seconds by having ACI, which is extremely useful, in this case considering it's a VXLAN configuration. The second part, now we move on the site level. Now every time you add a new switch, usually takes a long time, right? You rack, you configure the out-of-band management network, you have to configure lots of things. Here with ACI, we automatically discover every single switch you have. So the nice part with this is you have to put a name, a number or an ID to it, and then you're done. As you can see in the demo that we're showing right now, not only VXLAN gets configured, the IP address, obviously, the name and the automatic discovery of new switches is done exactly the same way. So it's only 3 clicks every time you add a new switch. The other part is, very complicated things, like BGP and VXLAN with MP-BGP. Well, just put an autonomous system, add number and you're done, right? Other things, like DNS or NTP, things like -- as you said, you were configuring on a per switch basis, probably, configuring it one switch, and the next one, you would not configure it consistently. Well, you just have to do it once. Same thing with best practices. We have simplified quite a lot of the models so that the wizard does everything for you. The other part is not only you're centralizing all the management and the monitoring for all your physical switches, as we can see right now. As you can see in the diagram, we see the APIC, the control points, the spines and leaves, but also every board is now centrally managed. You can see if it's red, if it's green, if it's yellow, everything is centrally managed, as I said. The other part is we didn't stop at the physical network. We wanted you to see things, like virtual networks. You mentioned Microsoft Hyper-V or VMware or Red Hat or OpenStack. Well, we need to see that virtual network connectivity and how healthy that has been performing. And the last but not least part is containers. We said we might be moving to cloud native. So again, all the way to the containers, if you have Kubernetes or Cloud Foundry or OpenShift, we will make sure that you see all the way to that specific portion of the network. So again, we're trying to cover the whole thing, again, from a single pane of glass in terms of network.

So this is pretty awesome. If I had -- if I had both of these products, one to control my applications, another one that can control my infrastructure, if I'm a company, like Netflix, I'm not going to be disrupted. Clearly, these things would help me stay ahead in the game. So...

At least the network won't be the one to blame first...

Exactly. Yes.

So Jeff, I wanted to ask you another thing. There's another piece of the equation, which is compute and storage. So how have you seen that evolve?

So we announced the UCS 10 years ago, almost 11 years ago, a product that revolutionized the way the server management was done. Customers loved it, it was received very well and it sold very well, still sells very well today. We introduced a lot of new products along the way. And some of those were backup servers. We did rack servers after we did blade servers. And then we did storage servers with HyperFlex after that. And so there was a definite need to bring all of this into a common management platform and UCS was good at that, but what we needed was something, if I had multiple sites that made this very easy to manage. And we did an acquisition after UCS of Meraki, and that led us to some ideas and things that we could do much better than the way UCS was doing them currently, kind of a site-by-site basis. So...

Right, right. And then I think this also evolved, right? I guess we took some other models. What have you seen that we can do to help our customers then?

Yes. So by introducing Cisco Intersight, this gives us now a cloud-based management platform that all of my servers can log in to. I believe, we have 460,000 current users on the platform today, which is just unbelievable. So -- and it is very much a Meraki effect. We have term, what we call it Merakify that we have sort of Merakified what UCS does and kind of a cool term for it.

Well, that's great. And the best thing just to start using it is for free, right? It's free? So -- well, why don't I show you a little bit of how this actually looks like.

I'd love to see it. Yes.

So let's log into Intersight. Let's take a look at it. And the very first thing is that we have the central dashboard, where we can even see things, like power consumption, right? All inventory of every server you have. So we can start problem with things like rack servers. We can see things, for example, like graphical representation of every component of every server we have. So for example, in this case, we can see if the discs are fine, if there's an alarm, if there's something I should be concerned about, again, everything from a central point of view, right? So this is extremely important. The other part is that you get also visibility for blade servers as well and hyperconverged ones. So we get predictive analysis how soon you're going to run out of storage. And not only that, but you're also going to be able to install everything, in this case, with HyperFlex, whether that's Edge or data center versions, directly from the cloud. So again, extremely huge in terms of automation. The other part is the devices, right? Not only can you do servers, the traditional ones, now we also support all other things, like APICs from ACI or integration with UCS Director, which may be a tool for automation that some customers are doing. So we are gradually introducing UCS Director integration as we move on. Last part that I wanted to cover before I move on to the solutions, the operating system. We will even install the operating system directly from the cloud for you. And the other part that we are now announcing is we can even create, with a single click, solutions like Kubernetes installation and SD-WAN. So as you can see, Intersight is a very powerful tool so that we can manage everything directly from the cloud.

Not just servers, not just converged, not just hyperconverged, but all the way down to doing the operating system installation on the servers itself. It's pretty impressive.

That's right. So I think -- Jeff, I really wanted to thank you because I think we're taking agility to the next level. And I mean, I don't know if there's anything else you want to mention before...

I think that's -- you covered it pretty well here, Carlos. So thank you for your time.

Yes, thank you for being with me today. So let me see if I learned well what Jeff just talked -- just talked about. And the very first thing is we're driving agility in 2 fronts. The first one, application delivery. So we're building cloud center so that you have a central point of modeling and even delivering the services that you want on any single cloud, plus your own tools. This is very important. Everything we do at Cisco, not only has built-in automation, but it also has a do-it-yourself. So if you want to use terraform, or you want to use Ansible or you want to use other things, like Puppet and Chef, we can always include that as part of your offering. So again, the result of that, we eliminate thousands of lines of code. We decrease end user wait time, and the best part, we can drive new services to transform our business faster than ever. The second part, network automation. We covered how ACI not only controls and manages cloud, but also multiple sites with data center interconnect, we have the easiest data center interconnect solution in the market. And the last part, we can move freely BMs from one site to another one, decreasing network provisioning times by 80%. The last part we saw is that with Intersight, plus, again, your own tools, if you wish, you can do compute and storage faster than ever. Even we can install solutions, like Kubernetes or SD-WAN, with a single click. So again, stay tuned because Intersight is doing a major uplift, and we're going to announce more in tomorrow's keynote. With that, let me now introduce my good friend, Danny McGinnis. Danny, Director for Marketing. So Danny, we talked about in the previous section how we're building things faster than ever through automation, how we drive agility in any cloud. But once we're running, things will break. And then that's a part that I usually find very amusing, I would say, how we fix this stuff. So what's your take on that? I've been told that you talk to a lot of customers every day in this front?

Yes. So I think -- I mean, you're spot on absolutely. You know we always come down to this, kind of this blame game in networking, right? Especially, I mean, I lived on the customer side for many, many years, and a big part of my day was that troubleshooting and trying to find out, especially, doing root cause analysis, like looking backwards and saying, hey, why did something happen, right? Or what caused this problem? And really trying to find out why it went wrong to avoid it happening again, right? So that root cause analysis piece is kind of -- is very difficult. So let's just talk a little bit about -- I mean, you asked me to kind of double down on this. I mean I think that whole concept of finding where the problem is, right now, is really coming down to the fact that there are so many different teams and so many different components to what's happening on the network. When I was -- you know 10, 15 years ago, a lot of these things were done in silos, right? You kind of -- you built the servers, you built the switches, you plugged the server and it didn't move. Now things are dynamic. They're all over. They're moving out to a cloud. They're coming back. Applications are just -- the pace at which they turn up has changed so dramatically. And so with that, really trying to pinpoint and find that needle in the haystack is not an easy thing to do.

It's always a network, right?

It's always the network. It's always a network. So anyway, I think a big part of where we're going at Cisco is, obviously, the innovation in the hardware and the infrastructure is a big component, but the solutions on top and the applications that have been -- that we've been developing to really -- there's really 2 aspects to it: analyzing the data; and being able to store it somewhere centrally. And that isn't just the network data. It's the telemetry data that's happening in the application, in the compute, in the cloud, in the network. Putting that into a common set of repository so that multiple components can then go learn from it, correlate it and give back very intelligent remediation advice or proactively fix it?

Correct. Well, so with that, probably I can share...

Yes, yes, yes. I want to take us through a couple of these, right?

Sure. In the first section, we talked about networking with ACI, single pane of management for all things networking. We talked about Intersight, single data management for compute and storage. Now let's talk about AppDynamics. So we want a different lens, in this case, which is the application view. So AppDynamics is a SaaS or on-prem offering that shows the whole business logic on an application perspective. For example, in this case, maybe we want to see how our users are experiencing our applications. We want to see, probably, if they are accessing in one country or another one, or if they're having issues in one of them, for example, because the network is so slow, where maybe they have a specific browser version or a specific device that they are not running the right application on. So we want to know as developers or as application owners, if something goes wrong in any of these flavors. So we have full visibility all the way from the end user. I don't know if it has -- if an application has crashed on you, but these things happens as well. So it would be great to have visibility, even at what crashed, in particular, after what the user did, that we have the full visibility even into crash information. The other part is the server information. We want a central pane of management, so we know how my servers are used in terms of CPU, memory, networking, volumes, processes. We have everything we need just from AppDynamics. And even if we are using containers, we have visibility at the container level. So again, it doesn't matter where you live, it's cloud or not, we will get the visibility you need. Last part, the database. So in the database, we will see all the queries that were done as well as how much CPU every query is taking. So we start with a user, went to the server, now are in the database, and we can translate this into business value. If somebody is not checking out at the very last page because of an error, we can see it right away. Or even better, if we're migrating to the cloud and we want to compare how we're performing pre-cloud and post-cloud migration, we have this tool to see it. So there's a lot of value having analytics built on top of AppDynamics. As you can see, we have -- we can see the whole business logic and the whole business value. And if something goes wrong, we can fix it. In this case, we have a better together story as well. We talked about the ACI. We transport the network -- well, we transport applications on top of a network. So we have an integration with ACI here, where you can see the latency, the errors, every connection you have and even troubleshoot directly from AppDynamics by cross launching into ACI. Again, the nice part about this is that, based on the application visibility or the application layers that we built originally, we now know if the web front then is the one that is experiencing some slowness, we know exactly where each endpoint is located and what the error is about, if it is the network, or in this case, it is the memory. Right? So again, unified management for both, networking and applications. So I know how -- did you like that part, the AppDynamics part?

I do. I will tell you. Whenever I talk to customers about this, the feedback we get it's just that extra level of visibility, that -- having that data and being able to do that level of correlation is -- I mean, it's such a time-saving thing. I don't even know how you can operate your network without some of that, frankly anymore. So I think the other thing you wanted to talk a little bit about was kind of this move -- we've been talking a lot about going from reactive to proactive. So kind of along the same lines, it's -- a lot of what is changing, or I would say, some of the coolest innovation coming out of data center space at the moment is really this ability to collect data, and analyze the data and then also use it to make useful remediation insight. So we have this new tooling called assurance and insight. It's kind of a package with network insurance -- our network assurance engine and network insights. And really the biggest piece here is just that we're able to do things ahead of time. So being able to help you make better decisions around, everything from software upgrades, to what resources are being used or how much resources are being used in your data center. Anyway, I know you're going to take us through it. So why don't you jump into it.

I guess the best troubleshooting is no troubleshooting, right?

Absolutely.

So yes. Let's take a look at how that works. So basically, going back to my ACI central dashboard. In this case, I have an anomaly detection and advisory message that says, go to your site on Miami, in this case, we have an upgrade advisory. So we're getting an advisory because there's a potential vulnerability that may hit my environment. So in this case, we can tell you, as a customer, well, basically, there are these 2 devices potentially affected, again, nothing has happened yet, but they may affect your environment based on your configuration. We don't want that to happen. But before we upgrade, we want to know the impact of that upgrade. So we can verify, if I will be impacted if I start upgrading. In this case, I can see the impact of change before it happens. Next, we can perform the upgrade with full confidence that there will be no impact, right? So we automate the upgrade directly from ACI by doing one note first, one of the two effective notes. Then the second one, again, fully upgraded, no disruption at all. And the last part is, how do I make sure that everything is working after the upgrade the way it was before. That's where network insights covers that because now we can compare the before and the after. If something didn't go right, well, that's great because now I know immediately. I don't need to wait for the user to be complaining about, hey, my app is not working right and then go fix it. All of this is proactive, right? So proactive advisory, proactive network management, if you will, and everything is done directly from ACI. So again, I think this is something that we have changed quite a lot in terms of...

You know there's a couple of really big pieces that you mentioned there too. It's just around a change in general. So if you think about, we've been pretty good as an industry at automating changes, right, scripting, off-the-shelf tools, homegrown tools. But the time that you spend modeling a change in a development environment or all the post validation that you -- work you do is really eating up the majority of the time. So what I love about what these tools are doing, it's really helping out in that before and after, right? You know what the impact is, you can set your change control policies that -- to align better with the business needs. And then afterwards, you're kind of guaranteed that things are going to come back up. You know it. Tie that in with AppD, tie them up with some of the other multi-domain integrations we're doing. These are really, really, really time saving. So the other thing, I think, that actually is probably ties directly into cost, right? So I know we're going to go a little bit into -- you're going to take us into TWAN and what we're doing with Intersight next. But I think all of this is really about timesaving and how do we cut down on that operational expense that we see and letting our valuable employees spend their precious time on the R&D side of the business and not waste it in troubleshooting things that it's just not a good use of their time, frankly.

And just think about all that CPU, all that storage, right? Just as we cover network before, and now we go computer storage. All those wasted CPU, memory resources that are not even used, right? So what we came up with, by the way, it's called Intersight Workload Optimizer, right? So the nice part about this is that embedded on top of Intersight. And as one of those modules, we're continuously optimizing and rightsizing the applications, again, based on AI and ML. So not only we have that for networking, we have that for CPU memory and even in a cloud agnostic way, as you will see in a minute. So should we take a look at it?

Yes, please.

All right. So let's go back into Intersight. So logging into Intersight. Now we have a new dashboard for it. That's what we will be announcing tomorrow. So I don't want to spoil that. But basically, the first thing is this is totally agnostic. We can just add the credential of any resource you have, any hypervisor, any storage, any network, any cloud. It doesn't matter, just provide your credentials. And from there, we will start analyzing how you are behaving or your infrastructure is behaving today, and providing you with specifics on how you can optimize, not only your investment, but also your utilization. So in this case, for example, you can see there's congested -- CPU that is congested. In this case, Workload Optimizer is telling us to move it. Or the other use case, among many others, is to scale up or scale down resources, like memory or CPU. The nice part about this is that based on these recommendations, the only thing we need to do is now click on the actions we want Intersight workload optimization to perform, and it will be done automatically. Next time, if I don't want to go and click so that it gets performed, I can create automation policies. So we can say Intersight, next time, you want me to move a load because of congestion, just do it automatically. I don't want you to tell me that I go and click and then perform the action. The other part that is quite interesting, Danny, is we do predictive analysis and your resources. So again, it doesn't matter if it's on-prem, doesn't matter if it's on cloud. We will tell you how much more you have till you exhaust your resources and even how much more investment you may need at some point. Another one that our customers have quite a lot is cloud migration. We can tell Intersight, in this case, hey, just move all my VMs to Amazon. How would it look like? Well, basically, today, some of our customers try to perform the same analysis and most of them underutilize or overutilize resources. So if they purchase the same amount of resources at the cloud or on the cloud, that would cost, in this case, around $22,000. 93 out of that 109 machines are over-provisioned. We will make sure you always run with the right resources you need. Not only that, but we will also tell you where to place them, what's the best possible location, how much it will cost, and then also the actions you need to perform in order to move and migrate those load to the cloud. So again, this is extremely good because this is ongoing. This is not a onetime thing. We will always continuously be optimizing things. You remember AppDynamics, right? So the other part is how my infrastructure is impacting my business. And well, a better together story with Cisco comes whenever Workload Optimizer, plus AppDynamics build up. And we can, for example, in this case, detect a yellow light saying, well, my business KPIs are not being met and that is because of the infrastructure, [ CIWO ] detects it or Intersight Workload Optimizer detects it, and we can execute the action so that, in this case, we scale the memory up. After we do those recommendations, well, basically, we're having a self-driven data center, right? We can refresh the window, and now all of a sudden, everything looks great. So again, everything is greater than before, fully automated, and now we have a proactive operations way of doing things instead of reactive. So Danny, what do you think about that? Any last-minute thoughts that you have about it?

I think -- I mean, again, we're just -- there's just so much data out there. And having the tools that can collect it and make these insights and correlation for you. Not only are we saving people money, but we're saving resource money. I mean that's really what a lot of this is coming down to. And more importantly, we think we're offering our customers the ability to give their customers just a better service, more uptime, more agility, faster time to value, so that they can start to see revenue be better, be more competitive. So I mean, these tools are amazing. I love watching all these innovations come to...

Excellent. Tomorrow, we will have a keynote and we will have all these great announcements so hopefully you can join.

Yes, that will be exciting -- Smart, good day.

Danny, thanks a lot.

Thanks, Carlos. Appreciate it.

So let me see what I learned from Danny today. And the very, very first thing is, we can monitor everything now. In today's world, it's not a matter of monitoring the network only or monitoring the compute part or the storage part, we have 3 lenses that are fully integrated to one another, and we can review the troubleshooting points for application and infrastructure. Second part, we can optimize our investments. Through Intersight Workload Optimizer, we can see ROI within 90 days or less, and we can increase utilization in 20%. We also saw cloud migration and other things that are extremely useful. And the nice part, again, this can live on any cloud anywhere. It doesn't need to be Cisco gear. The third part, we can enable self-driven data centers, not only with network insights, but also with Intersight Workload Optimizer. Again, we can automatically rightsize your infrastructure, get advisories, get -- again, assessment and change, which may be network or cloud migration and simulate some of those. So again, really, really useful to leverage AI and ML to the fullest. So with that being said, now let's move to the last section of this episode or this, I wouldn't say episode, I want to say this segment. And well, basically, I have here my good friend, Andrew Tennant, who is one of the regional managers in data center networking in the worldwide sales organization and partner in crime several times.

That's right.

So I wanted to bring you in for one of those topics that is always very important that means security, right? So how have you seen security play an important role in today's IT?

Well, Carlos, look, as we can see by the folks walking around here at Cisco Live today, right? Security is on everyone's mind. It's absolutely part and parcel of what we do inside and out in every one of our customer conversations. Now when it comes to the risk and the cost involved, the ROI is obvious, right? The average data breach itself is over $3.5 million just for a single data breach, right? And the massive damages that have been incurred by companies just in the past several years have been just outrageous trillions of dollars lost, right? So the good news is there's a built-in reason to have these conversations because the downside is so substantial.

Oh, man. I know. I mean these hackers are becoming more and more sophisticated every single time. So what are we doing to protect our customers, Andrew?

Yes. So from our standpoint, when it comes to the data center, right, you can't secure what you don't see, right? So first and foremost, we have to understand what's actually going on. And to do that, we use titration as the foundation, right? Titration is like turning the lights on in the data center. We can see the flows, we can see the patterns, we can see the traffic. And once we have that and establish that framework, then we can begin to act upon that. And that's crucial because what it allows us to do is in an intent-based networking approach, we can take what we've learned from that titration approach and apply it to workloads, both in our -- in the infrastructure itself. Tied into anything going on at Layer 4 through 7. And then ultimately, we're going to tie that back into all the policy that goes end-to-end wherever that workload happens to be.

Yes. So consistency is key, right? If we don't protect consistently, then I guess we are not protected at all.

Consistency is important that ubiquity is important, but also, again, that anywhere approach. We have to have a consistent policy regardless of what type of workload and where that workload may exist.

Okay. And I guess we were discussing before the section encryption, it's also not a good one, right?

Yes. Yes. So it's great if you have policy telling things -- what can talk to what that sort of thing. But you still have to secure the actual payload and the traffic between these things, especially if they're traversing an arbitrary path through public clouds, private clouds, hybrid spaces. So with that encryption at all layers is crucially important. And we have solutions for that.

So let me show you a little bit of the demo, how we do layer defense. Okay?

That would be great.

So let's move on to titration. As we can see, we have a security dashboard, where we're analyzing multiple things, vulnerability scores, process hash, attack surface. And wait, actually, that score, did you see, from A to B plus? So it seems that our forensics score just went down. So it seems that there's an endpoint, in particular to the first one that their vulnerability score is now at 50. So well, we can double-click there, by the way, it can be living on top of Amazon or any cloud, again, this is totally agnostic to the hardware it is living on, and then we can get the full visibility of every command, everything that happened inside that workload. So that's really good because now we can see there, if you can see as well that there is this process, in this case, Tomcat, that's a web service, right? That just executed this command called Wget. Wget is a download command. So basically, my web service process is downloading something from the Internet.

It shouldn't be doing that.

So that's a remote code execution vulnerability. In this case, they are downloading this program called MiniTools. So the next part with titration is that now we can explore every single flow that has happened from a historic standpoint. So let's take a look a little bit deeper into it, and we can probably say, hey, I want to see titration, every flow containing the recently downloaded program, which is called MiniTools. Again, we can see every flow from there, and then we can filter and say, well, I want to see who this is sending information to. Actually, this is an IP in China, by the way. And then we can also see which port it is using. Do you remember that you said that titration performed an initial application dependency mapping to understand if who is talking to who?

Absolutely, yes.

Yes. Well, we can now compare that, that communication that we suspect is vulnerable to my initial ADM or application dependency mapping baseline. So let's do that. Let's put the source and destination address and the provider port and as you can see there, it says that it should be denied. So this is happening when it shouldn't be happening. With titration, the only thing that is separating us from being secure is a single click. So we can say, I want you titration to enforce policies and my agent that was reporting all the flows now becomes a firewall. So this is true micro segmentation, no matter where it's running on. Now we can extend that policy, as you said, on the next layer, which may be the network. So probably you cannot in sell an agent on a mainframe or for whatever reason on the server. Well, you can define exactly the same network policy in terms of security now on ACI. Hey, you want a firewall that may not even be Cisco, it doesn't matter. Same policy just drag and drop and integrate it into ACI. We're totally agnostic and integrated policy in depth. So with that being said, as you can see, we can see a lot of things with titration. But also, we detect threats, and this is extremely important because we're constantly running threat protection and detection. So based on Talos, our intelligence group, we're constantly comparing the loads within each one of the workloads that are happening on the agents against our intelligent systems. And not only do we do that in titration, but we also do that on Intersight. Again, so you're consistently and constantly protected, leveraging the full power of Cisco, in this case, with Talos. So I don't know how that looks like.

So it's fantastic, right? The key is find it, remediate it as quickly as possible. That's what it comes down to.

Exactly.

And leverage the power of the broad customer base to be a sensor for your own network?

Correct.

So you can find something somewhere else, bring that knowledge to bear.

So with that being said, I think we're extending that outside the data center, right? So we're going to bring this to the campus and to the one and making sure that policy is consistent, correct? And the policy will go anywhere, your applications or users go.

And then what's also important, I just want to come back to one thing we talked about, let's never forget the simplicity of encrypting traffic everywhere it traverses, right? Because that's so essential, especially as the data lives everywhere today, so do the flows. So whether it's MACsec at the server side, whether it's IPsec at to clouds, whether it's cloud sec itself, right? We need to make sure that we're leveraging our differentiated benefits for our customers we have.

So it's a 2-way play, if you will, right? First policy from the data center to the campus, you're seeing ACI DNA center to the one using SD-WAN and be managed. And then as you said, encryption, doesn't matter the cloud, whether that's MACsec or cloud sec at the hardware level, or IPsec all the way to the cloud and the CSRs, right? So -- well, it seems that we have pretty much a very comprehensive approach. But what if you remember back at the beginning, we talked about cloud center. So what if not only we deliver single click applications anywhere, but we deliver single click protected and monitored applications anyway. And that's where cloud center played a role. So anything we deploy, well, we can, with a single click, install AppDynamics' agents. So imagine a single click application delivered on any cloud. Now it's also instantly provisioned but also instantly monitored with the power of AppDynamics. And the same thing with security. So for example, again, you want an application to be titration visible? Well, just install it with a single click from cloud center. And from there, you will have immediate reaction or immediate visibility into it, start doing application dependency mapping and threat protection. So I think we -- that gets us to the very end of our presentation. So Andrew, any last-minute thing, you want to say?

I think it's -- again it's not a feature or a capability. It's an approach to how we do everything. Security is foundational to what we do, whether it's in the data center, the campus, the WAN, we have to have a consistent policy approach.

Excellent. Thank you, Andy. So let's finish up with the things that I learned today. The very first thing. You cannot protect what you cannot see. With titration, you see every flow, every process everywhere. The other part is granular visibility, automatically -- application dependency mapping and forensic analysis. The second part is in-depth protection. So we provide not only our workload application and protection, which some of our competitors do, by the way, based on a single hypervisor, we can do it for every hypervisor, any container at the true world level, which is the operating system. Then if it doesn't work for you to install an agent, we can go to the network, and then we can go to your Layer 4, Layer 7 firewall of choice. So again, the true or the option here is to provide consistent 0 trust, no matter where it leads. Last but not least, minimize the threats. So again, we have the full power of Cisco intelligence so that no matter, whether you're running titration and/or Intersight, we will always detect any vulnerability and reduce that time to remediation. So with that, let me take you to my key takeaways for today. By the way, we kept running the poll for a while. And I have to say deliver IT services faster was the one that won, then migration to the cloud. So I hope this was in line with what you will learn today, but my key takeaways for you are: one, agility. We need to provide services and we need to provide them fast. So by having built-in automation, plus do-it-yourself automation will help you quite a lot in any journey you have. Two, see everything anywhere. We not only monitor everything through three centralized point of management; AppDynamics, ACI and Intersight, but we are also automating and creating proactive operations. And third one, we're consistently secure at the policy and encryption level. So with that being said, all these demos are available on YouTube, in Cisco Data Center Made Easy. So please take a look at it and follow us over there. So thanks a lot, and happy Cisco Life, Barcelona. [Presentation]

And we are officially live coming to you from your Cisco Live Barcelona 2020. Welcome, everyone, so glad to have you here on the live broadcast, the live stream. Stay with us all week long, we are about to have so much fun over the next few days. You're going to meet amazing people. You're going to hear incredible information. We want you to be a part of every single bit of it as we go. Remember, reach out to us on social media using #CLEUR wherever you like to connect, whether it's on Insta or Twitter or Facebook or LinkedIn or you name it, reach out to us and I promise, we will be reaching back to you all day long. But again, welcome, welcome, welcome, so much excitement. We are just about 15 minutes away from our incredible opening keynote. Dave Goeckeler, Wendy Mars kicking things off for us. We're going to talk about that keynote coming up shortly, and you don't want to miss a minute of it. Right now I've got another great host in the studio with me. You guys all know me, but here's somebody new for you to meet. You just saw him in the video. Zane Powell, hanging out next to me. Straight out of Scotland, Mr. Zane Powell.

Thanks very much, Steve. And you said I'm great so I think it's excellent to be great.

You are great. We've covered all of that. We're all good now.

And I'm definitely from Scotland. So a big shout-out to all the Scottish team. I know there's clients here, there's customers and also the Scottish team. So hi, guys. And you know what's great, Steve? I've only been at Cisco for 6 months. I'm actually on the graduate program here. So to get along to this event is absolutely amazing. I'm just so excited to get started and see what's coming.

And I'll tell you, over the last couple of days, as you and I have been talking, the amount of passion that you bring to this is really indicative of what we hear from the people who are in Barcelona with us, from those of you who stream live. And by the way, if you, like Zane, have never been to a Cisco Live before, first of all, you got to get down to the show. But being here for that very first time, Zane is going to be like your eyes and ears, his first exposure to this conference. I think you're going to relate to a lot of what Zane has to say. So we're excited to hear from you all week long, unique perspectives. Yes. Let's meet a couple of our other hosts as well. We're going to go out live to the crazy keynote show floor, which is already loading up quickly. You met one of our continuing hosts here at Cisco Live on the TV team. But also, we have a brand-new host with us, David dela Cruz. So David, Nish, can you guys hear me wherever you are out there?

Thanks, Steve. I'm so excited to be here back at Cisco Live Barcelona in 2020. My name is Nish Parkar. I'm based in London. I work in our security sales team. And I'm here with a brand-new host for 2020, David. How are you doing?

Hi, Nish. I'm doing great. My first Cisco Live here in Barcelona. I am beyond excited. It's crazy in here. There's like a drum band playing right next to us. I'm really excited to see what the week to come is going to be like.

I mean the energy here is just incredible. I'm having to shout over the mic. There's drumming. There's so many people standing up ready for the keynote. And I'm here and just found my good friend, Gerri Elliott. So Gerri, you're our Executive Vice President of Sales and Marketing, what are you excited about for the week and how are you feeling?

I am so excited to be here at Cisco Live. This is my fifth, my second time in EMEAR, and we are here with record-breaking attendance from our customers, over 18,000 of our best customers and partners are here in Barcelona. I couldn't be more excited.

Amazing. Thank you very much for joining us. Keep checking back with us, we'll have more people to interview.

I will keep checking back with you. I can't believe that you got Gerri right out of the gate there, talk about a terrific score, well done. And Nish, boy, can you tell the excitement for Nish out there? Her voices went up like 4 octaves all of a sudden. But I'm telling you, it gets so crazy, so busy out there on the show floor and it's exciting. I've got to bring in our own Chintan Patel here into the conversation, our great Chief Technologist here at Cisco. And I love that we get you right here in the opening show because this is technology, technology, technology. It is the personalities. It's the communication, the connections, the learning, the certifications, but it comes down to the tech, doesn't it?

It certainly does. And it's great to be here. Thank you for having me. What an exciting time to be here. I think this is the biggest Cisco Live in EMEAR, 18,000 people, as we said, on the show floor, incredible, right? And so many more watching online. So it's just great to be able to bring that excitement to the masses as it were.

It's growing so quickly. And when we talk about the number of people that we had here last year, the quantity of growth, the word is catching on. It took a little while for people to begin to get the concept of exactly what this event is all about. Again, the intent, the excitement of it all, the thrill of being in the room and getting access to everyone, including a lot of the executives and people like you. How often do people get to walk up and actually talk to Chintan. We got you right here on set with us.

It's great to be here. One of the stats I saw the other day, where nearly 1/3 of the people here are first-timers. So it's great to hear that there's so many new people coming to the event, hearing about the technologies, which is so foundational to everything in the world today.

That's so true. We need to get personal. You actually were doing a bit of research on Chintan, right?

Yes. I was doing a bit of research. And you know what, Steve, I'm lucky enough. I see Chintan every single day at work and...

Do I need to be worried about this? Are you guys okay?

Keep that a secret.

Yes, right, exactly. It's personal.

A little birdie told me that actually we're lucky to have Chintan here because the likes of the BBC and Sky News are actually chasing Chintan to get some interviews. And I believe you spoke to the BBC recently, Chintan?

We did. We had a great opportunity to share what we're doing around the Internet of the future. It's great that these organizations want to hear what Cisco is doing. What we're doing globally around technology. The Internet and technology plays such an important role in everything that we do. We celebrated some big milestones last year. There was a big birthday. The Internet turned 50. Can you imagine that? And not only the Internet turning 50, but also the World Wide Web turned 30, the biggest application on the Internet. And then the way we access the Internet today through our mobile devices using WiFi, WiFi turned 20. So it's really a seminal year for technology. And so Cisco being involved in all of these areas, these organizations want to hear from us.

Absolutely. As I look on to the Hi-Boy, we're going to talk a little bit more, but we've got about 11 minutes before the keynote kicks off. Again, stay with us here on the broadcast. And once again, as you ramp up excitement along with us, #CLEUR. Please send us your thoughts, photos, images, videos, ideas of what we're going to hear. We are going to head back out to the crazy keynote floor. And I think Nish is standing by maybe with -- oh, with somebody there in the crowd. Nish, great to see you.

Thank you. Yes. I just bumped into my good friend, Shelly Blackburn. Shelly, how are you?

Good. How are you doing?

I'm great. I'm so excited. You're one of the most amazing women in tech I know. And I'm lucky that I get to work with you in our security team. So how are you feeling for the week, are you excited?

Oh my gosh. I am so excited. I love Cisco Live. Being an engineer in Cisco, this is like the Disneyland of Cisco so it's a great time.

And is this your first Cisco Live?

Oh my gosh. I think I've been here -- this is -- I'm going on 15 to 20 times, so 20 years. So Cisco Live is, it's the Mecca of our engineering team.

So what changed over the last few years, you think?

Well, first of all, the number of women here -- I have to do a big shout-out. The number of women here is fantastic. But I would just say the energy for Cisco Live is different than I've ever seen. Obviously, the number of products, the number of people, it has been fantastic.

We have a Women of Cisco event coming up later this week so I'm really excited about that. Now you're a part of an exciting security event on Monday, right, for our attendees, so tell us a bit about that event.

The event was fantastic. So we had partners, over 100 partners at that event. We had CISOs at our event. Security is the place to be so I'm very excited to be here.

And what are you most looking forward to this week?

What was that?

What are you most looking forward to this week?

I am looking forward to customers, partners, the announcement of many of our products, where we're headed and of course, just seeing great people like yourself.

Thank you, Shelly. So you mentioned 20 years you've been here at Cisco. Now for 20, I believe that says really a lot because over the last 20 years, we've also had never had any see this. I think Cisco has really changed her life. So let's see the video about Net Academy.

Going to bring back live here. Okay. Actually, we're going to go back to me, Nish, not your issue at all. We're going to go ahead and we're going to take the Net Academy information and we're going to move it to a different segment here in our broadcast, but I appreciate it. Nish, can't hear a thing out there. You can tell that they're all just keeping up with the excitement on it. Again, we're about 8.5 minutes away from the keynote. Before we get to that, though, Chintan, because we have you here, you are a specialist in so many different areas. And we talk about the nature of technologies here at the event, Kubernetes, Hyper-V, data center infrastructure. We're going to talk all week long about public and private cloud. The multi-cloud environment is growing, building security, device management, threat prevention, on and on. What do you see as being some of the bigger and broader trends that we are going to see this week here at the event that may take a level above what we have talked about at past Cisco Lives?

Look, I think it's -- first of all, it's such an exciting time to be in technology, I think. And some of the things that we're doing at Cisco are really pivotal and foundational because they're the building blocks of the Internet. And I mentioned earlier some of those stats around how the Internet is growing, how important it is to all of us. We reached, again, a seminal moment last year where -- a 50-50 moment, where 50% of the world came online. We've got the next 50% to go. And so what we're doing is building the foundational blocks of what are we going to require to put into the infrastructure and kind of the fabric of the Internet to take us and propel us forward. So you're going to hear about that because that really is the Internet of the future that we're building. You're going to hear about the application space. More importantly, because that's how we interface with technology. We use apps. Whether it's in our cars, whether it's in our homes, whether it's on our devices, applications play such a critical role because they're the interface into the business and the processes that we all run as customers. So you're going to hear a lot more about that because the way applications are being designed, the way they're being deployed and ultimately consumed by every single one of us are being dramatically changed by all those technologies that you talked about, that containerization mode. And so we've got some really cool things that we're working on as a company and which we'll be announcing this week which will really help propel that for the developers and the DevOps organizations and our customers. And then clearly, as we get more connected, we have to become more secure. And that's such a critical part. So you'll hear more about what we're doing in security, not just security, both in the carpeted space, but in the non-carpeted space as well. So how we're taking cybersecurity and putting it pervasively throughout everything that's connected onto our infrastructure.

And I feel that there's such positive and negative working together in balance, positive in that we expand out the capability of the apps; but of course, the negative aspect of that is we increase the threat landscape at the same time, which is why security needs to become native to every single thing that we do. That interconnectivity is so vital, right, Zane?

Yes.

But as we do better and better at it, no company is approaching it like Cisco because nobody else has the depth and breadth of Cisco to bring all those capabilities together.

Yes. And you know what, you're touching on a few points here. And there's something, Chintan, I really want to ask. And I know you did a lot of work on this around the U.K. of DevNet and programmability. How does that play and fit into exactly what Steve has said?

It's such a huge area. I mean we're -- if you're here, you'll see DevNet is absolutely everywhere. It's such a key part of our strategy. DevNet's big here because we've announced our certifications. And there's many, many engineers who are taking those certifications. They're important because we've added DevNet capabilities across our portfolio. So whether you're working on AppDynamics, whether it's Meraki, whether it's our security portfolio, whether it's our DNA Center and our networking products, we've added APIs and software development kits across all of that environment so that people can program and build on top and build the application environment. So not only is it the ability to extend into new applications, but also new skills for people and new skills for engineers in this world of automation.

Such an incredibly exciting time. Stay with us, Chintan. As I look down here, we're just about 5 minutes away from the opening keynote. Again, so excited about this, but we're going to head back out to the excitement of the keynote show floor and our own David dela Cruz. Hello, David. Can you hear me at all out there?

It's a real struggle, Steve. I'm not sure if you can hear. There's a drumline back here. I don't know if we can get a shot of that. It's pretty impressive but also incredibly, incredibly loud. It's really exciting in here. The place is starting to fill up. The atmosphere is really electric. But I've actually just run into a colleague, Emma, who's our VP of Marketing for EMEAR. Hi, Emma. Thanks so much for taking the time to chat with us.

Hello.

So Emma, you have been to a few Cisco Lives, I'm guessing, what would you say are you most excited about for this year?

I love Cisco Live. I love the opportunity to spend time with customers on our customer advocacies and The Gateway. I'm going to go and explore the Cisco Investments Village with its 8 new start-ups, some brand-new, innovative technology. I'm going to spend time in the World of Solutions and some of the demos and some of the Innovation Talks. So I'm ready to be inspired as well.

Really awesome, thank you. And if there was one session you would say that's not to be missed, what would that one be?

Oh, crikey, that's really hard. I like to hear -- so we did this for the first time last year, where within The Gateway customers are speaking to customers. So it's hearing from your peers. And I think those customer stories will be really interesting. So I'm going to definitely spend time on that stand.

Absolutely. I was at The Gateway stand yesterday and it's really cool. If you're a customer and you love Cisco and you want to talk about it, there's an opportunity to get a few surprises. In fact, if you do 4 of the challenges here on-site, you get access to a special Gateway lounge with massages and beer and all sorts of really fun things. For a Cisco Live first-timer, like this is my first time in Barcelona, what would you say are your top 3 tips for it?

Top 3 tips. It's like anything in life. The more you put in, the more you get out. I think if you don't do anything else, you spend a good day or 2 in the World of Solutions. This is the chance to have those live demos and really get to know the technology. So I think there's 130 demos available. So pick your priorities and just demo away.

Absolutely. Thanks so much for your time, Emma. And I think we're heading back to Steve, Zane and Chintan in the studio.

We are. Thank you so much, David. I appreciate it. Boy, if Emma didn't just nail it right there, right? That's what it's all about. The more you put into it, the more you get out of it. You guys were talking about this a minute ago off over here to my right. We got just over 2.5 minutes before we go live to the keynote, incredibly exciting. Chintan, I want to take one more moment with you. We are going to hear a lot about the Internet of the future coming up in this keynote. Give us a little preview. What can we expect?

Well, look, this is probably one of the biggest things we've announced as a company. We've spent years on the engineering and record investments, 3 key areas. We need the Internet of the future because of the things that I just talked about earlier, but 3 key areas that we're building as a company. So right down from the silicon, so these are the chips that actually power. They're the brains of the Internet, think of that as the engine of a car. So again, with tremendous innovation in engineering in that space. Then it's the optics. It's the optical networking that actually connects the switches and routers in the backbone. It's great having all that processing power at the edge, but if you can't actually transport that data and the huge amount of it. Take this, for example, in the next 2 years, more traffic will cross the global Internet than in the last 50 years. So that's the kind of thing we're sizing up for. And then the software that sits on top of that helps orchestrate that. We live in a world of automation now where we simply need humans and machines to work together. And so that software orchestration layer at the top will be really instrumental in making the Internet of the future a reality.

It's fantastic. I am incredibly excited about this. And again, for those of you watching on the live broadcast, we're about 1 minute and 20 seconds out. The keynote is going to take about 90 minutes or so. We're going to hear from so many people, Wendy Mars, David Goeckeler, Scott Harrell, Liz Centoni, who we're going to be back with a live interview with Liz coming up immediately at the back end. And Liz also is going to guide us into our first innovation, the talks of the day. We have 5 great Innovation Talks that we're going to introduce you to. So it kicks off with the keynote to really set the stage for the entire week but also for the year ahead for all of 2020 and what we're doing at Cisco, but then those Innovation Talks will carry us through the day and through the week, great information. Liz will be a part of it. Sri Srinivasan, Alistair Wildman will be in on it, Jonathan Davidson, an amazing crew coming up in this keynote. Let's just get one last maybe 10-second thought from each of you before we go back on. Zane, let's start with you.

It's all about IoT for me, Steve. I can't wait to hear what Liz Centoni has to say.

Love it. What do you think, Chintan?

Yes. There's a lot of things happening here at the show and hear about the certifications, hear about what we're doing across the portfolio.

Absolutely. I can see that Nish is still out there. I don't think we have time. I think we've only got about 20 seconds or so to go. But again, you can see the feed going back out there. As the excitement continues to grow and build, I encourage all of you, again, if you've never been here before, you want to get down to the show, #CLEUR. We're going to head to the keynote live. We'll see you on the other side, enjoy. [Presentation]

Please welcome, President of Cisco EMEA, Wendy Mars.

Hello, and welcome to Cisco Live in Barcelona. You have come from all across Europe, Middle East, Africa, Russia and beyond to be here with us. And we're all here because we believe in technology. We are excited about technology. We believe that it provides answers to many of the challenges that we face on a daily basis. But also, we believe that it creates opportunities for us for challenges that we didn't even know existed years ago. We all have a musculoskeletal reflex. But in addition to that, we have a digital reflex. And did you know that actually, 61% of us admit, the first thing we wake up in the morning, we actually go straight to our digital device before we even talk to anybody. And actually, I, like many of you, will use multiple digital devices first thing in the morning, be that engaging -- before I go for breakfast, engaging with Alexa, engaging with a robot to do the housework. Now whilst we're so reliant on those digital services, when they don't work, 44% of us admit that we actually use bad language, and I mean, out loud. So we're actually dependent, we're hooked and we love it. We are -- as consumers, we can have what we want. We can have whatever we choose, and we are able to make very well-informed choices. And of course, we expect things instantly. We require from our suppliers not only the products and the services capability that we know that we're interested in, but also we look at integrity and values associated with those organizations as well. We are in a wonderful place as consumers. The Internet truly has built our expectations sky high. And if we look through that telescope, we see a wonderful world full of possibilities. We're like a child in a sweet shop. Whatever we want -- we can have whatever we want, and we want it now. But actually, the expectations of the Internet of the future have built more than ever before. Now actually, if you look through the other end of the telescope, we find ourselves in a very different place. That's where actually it's back to us, all of us here in this room. We have to deliver on those digital services. We have to deliver them in a unique and a personalized way with the highest standards of integrity and trust that our customers expect. So actually, life at this end of the telescope, put bluntly, is a little bit harder. Actually, sometimes it's a lot harder. But actually, there's going to be days when you find that you feel everything is out of control. Problems for us will be opportunities or feel like they are for our competition and for start-ups that are out there. But we have whole industries being reshaped, and they're reshaping as the way that we shop changes, the way that we date changes, the way that we exercise changes and also the way that we relax changes. New technology is being introduced that, of course, may help to solve some of these challenges. New technology in the form of robotics, of security, of AI and also 5G. But actually, what's most important, that all of this new innovation and new technology provides value to your business. Because at the end of the day, it is all about the use case that is relevant for you. So whilst you may feel that sometimes you're in the center of that vortex, surrounded by stormy weather swirling around you, and you're actually at the risk that digital disruption will hit your business and hit your industry, and it may hit it really hard, but you know, we are all in this together. Those disruptors for us at Cisco came in the form of cloud, of SaaS delivery models. You may have that same experience in your business or others. Actually, they're more specific to the environment in which you operate in. But we all will travel through this together. And actually, if I look at this and think about digital transformation overall, whilst this can feel overwhelming, there are 3 main things that are so important to work on: It's actually the business model. So with that, as our business models evolve, which, of course, they do with this transformation agenda, thinking about how we innovate constantly in our portfolio, innovating in our portfolio to stay attractive to our customers. Also making sure that we deliver a phenomenal customer experience at all times. It's about the business operations, making sure that we think about our processes, our tools and our systems and how we run our businesses efficiently. But also, and maybe most importantly, it's about our people and the culture that we operate with. Because at the end of the day, if you don't have that, the transformation will not happen, never mind operate smoothly. And of course, as you look at these things, every change that you make in one of these 3 areas from a business requirement creates a technology change requirement. And that technology change requirement may be a new connection, it may be new requirements from an analytics perspective or it may be a new process. And of course, as I think about this, for me, it feels like a wheel. As you look at this graphic, it feels like a wheel. It's important to keep it balanced. And any change, even if it's a slight change at the center, can result in a really significant change at the edge. So you have to manage through it in the right way. And as you think about that wheel, if you move too slowly, it will fall over. If you move too fast, you will lose control of the direction in which you're going. And if you get it wrong, the wheel will buckle and it will break and then you end up going nowhere. But if you get that right, you will have a fabulous force multiplier. You will be in control of your direction. You will have the velocity that you need, and you will get to the destination of your dreams. But you know it's tough, it's exciting, but it takes time. But in addition, for us, within this region, this is an exciting region for all of us to be in. It's very diverse with all of the different countries that we operate within. But within that diversity, we have strong and unifying forces that hold us together. We lead the conversation in the world in many different topics as well. And one of the key elements that we talk about is trust and privacy is important for all of us. You push us quite rightly on transparency, on trust, on privacy and security. And you do that because they are key conversations that you are having with your customers. And quite rightly, you should push us on that. And did you know it's actually Data Privacy Day today? Europe has led the conversation within GDPR. And actually, it's important for us now within the Middle East and Africa regions as well. Data and data sharing are very important and foundational for us from this digital transformation journey. In Europe, the conversation is about data sharing. Actually, in the Middle East and Africa, it will be about the data movements. So governments' engagements and conversations are getting more involved there, thinking about regulation and how do we manage through some of those different steps as well. And what does this mean? It impacts how we share stuff. And that, of course, is critically important for us. But in addition as well, it is really important our customers care about our sense of purpose, our values and our purpose as organizations. The European parliaments and commission is looking at how do we use technology not only to drive economic value but also societal value, and of course, as we manage through this transformation, thinking about how we do this in an inclusive way, an ethical way and also looking at the sustainable elements and meeting our sustainability targets, thinking about skills and thinking about diversity elements as well. The European Commission under Ursula von der Leyen has recently introduced with her Green Deal the promise to try and get Europe, from a continent standpoint, to be carbon neutral by 2050. And also here, within Spain, within the new government, one of the top 3 priorities is actually on climate change. So as we think about this week ahead, we are in a world of continuous change, and technology has been the cause of a lot of that. But actually, technology is the answer also to a lot of that and provides a huge amount of solutions. So you will be thinking in the week ahead about how you evolve the requirements in your business and what that means for your applications. You'll be thinking about how you secure your data, how you transform your infrastructure in order to always be agile and to be ready and how you empower your teams. But also, for those of you who are taking certification exams this week, I wish you good luck. I know from my own experience, back in 1998 when I took the CCA, just how hard that is. But also I know how it's worth it when you get there. So I wish you good luck with that. Now we're going to transition to David Goeckeler and the engineering team. We're going to get techy. But first, let's go to the video. [Presentation]

Please welcome, EVP and GM Networking and Security business, David Goeckeler.

All right. Good morning, everyone. Everybody ready to go? Everybody ready to talk some technology? Thanks, Wendy. That was a fantastic start. All right. It's always great to be back in Europe. It's also really good to be back in Barcelona for the start of Cisco Live! This is a fantastic week if you're a Cisco engineer because we get to talk about all the stuff that we've been building, sometimes for years, before we get here and start to talk about it. Now what's also great, if you're in my position, as you had to start with a video like that. You get somebody like Michael Bay to create a video for you, one of the most innovative people in the world. And I have kind of 2 takeaways from that: First of all, we need to explain to Michael what a terabit is. It's not a dinosaur. So we're going to go work on that. That should be pretty straightforward. But the really interesting part of it is here, you have somebody that's one of the most creative people in the world talking about technology is in its infancy and we're just getting started. And that's kind of amazing for all of us because we've been doing this our whole careers. This whole thing has been moving so fast, it feels like we're going so quick. Technology is evolving so fast. And here are the people that are using this technology, and they're talking about, "Wow, this is just in its infancy. If I start to look and see what I can do with all this technology, it's amazing." And that's what's so exciting about what we're going to do here today. Not only are we in Barcelona to kick off Cisco Live! We're here to kick off Cisco Live! 2020, so the start of a whole new decade of technology that's going to start right here. And if we look back, let's look back at the last decade, what happened? It really was about the application. It was the rise of the application, whatever we want to call it. There's lots of words for it. There's the rise of the application economy. There's every business is a software business. There's digitization. Whatever you call it, there's been all of these accelerants, cloud computing, the mobile ecosystem, data science, that have really, really accelerated the development of the most sophisticated applications in the world. And they drive everything we do. Application is king. Towards the end of that decade, the infrastructure business that we're all a part of started to keep up, started to catch up. It's only been less than 3 years ago that we announced intent-based networking. And what I think this decade is going to be about is how these 2 worlds come together even more seamlessly to power this world of the most advanced applications. As Michael Bay said, we're just getting started. And we're going to talk about a lot of that technology here today. Right. Last year, on this stage, I spent a lot of time talking about a multi-domain architecture, about what Cisco is driving to transform all of the infrastructure. It's not just about innovating in one part of your infrastructure. It's not just how you evolve your campus network or how we evolve the data center or the multi-cloud environment. It's how we bring this all together into a multi-domain architecture to build that integrated, automated and secure infrastructure to drive that world that the people like Michael Bay are going to innovate on top of. But let's zoom up for a second. We're going to talk about more than that here today. We're going to cover the whole portfolio. We're going to talk about all the outcomes that you need to drive. And at Cisco, we think about 4 of those: One, how do you reimagine your application? We're going to start with that. Two, how do you secure your data? One thing that's not going to change from the last decade to this decade is the importance of security. It's been the #1 or 2 CIO concern for years and years, continue to be that way. Cisco's largest enterprise, cybersecurity company, we're driving that portfolio across the entire infrastructure. Three, how do you transform your infrastructure? Intent-based networking, we've talked about that. And four, empowering your teams. We're going to talk about the Collaboration portfolio. But it's more than that. It's how -- it's our customer experience team and how do we work with you. It's DevNet. How do we change -- how do all of us change to deal with the new technology we're using every day? All right. Let's get started. We got a lot to cover. There's a lot of things we've been working on we're going to talk about here. I got all kinds of friends that are going to come up and talk about them. But before we jump into it, I want to introduce one person sitting in the front row up here. All you people should know Gerri Elliott here, Global Head of Sales and Marketing for Cisco. Gerri, welcome. All of you have a tremendous advocate in Gerri and her entire team at Cisco. All right. I'm going to keep us grounded as we go through all of these because, again, it's a big portfolio. There's lots of stuff to cover. There's lots of innovation we've been driving. We're going to start with the application. Where better to start? We're going to start with the application, talk about the evolution of the portfolio around AppDynamics and what we've been doing. But I want you to really pay attention to this because there's going to be some surprising things that come out here. All right. Danny Winokur leads that business for us. Danny, take it away.

Thank you, David. Good morning, everybody. So as David said, applications over the past decade have moved from this role that they used to have of supporting our business to now playing a role where they actually are our business. And this has put all of us in IT under a lot of pressure. We're being expected to support constant change across hybrid, multi-cloud environments. That have to now keep pace our developers on those environments, have to keep pace with the demands of experience-driven digital businesses. And this is really hard, right, because the environment that we're all operating in have become enormously complex. We have different layered technology stacks across public and private cloud and traditional data center technologies. And it begs for us the question of how do we actually manage all of this exploding complexity and the constant change without breaking things, making sure that these applications that we're delivering remains flawless, which they have to do. Well, the way we need to do that is we need to get visibility to see what's going on. But visibility is not enough. We also need a lens through that visibility that allows us to actually prioritize what is really important so that we focus on what matters most and can avoid and eliminate the distraction of all of that noise, right? This is what AppDynamics does. Right? What AppDynamics does is we tag and trace each component within your hybrid multi-cloud application and the calls among and between all of those components. And once we do that, we're able to monitor key performance indicators for the technical performance of the application, but we also correlate those to business performance metrics that actually are the ultimate thing that you need to accomplish as a business, right, because the business, again, is inside that application. And we do this through the lens of what we refer to as a business transaction. And you can think of a business transaction as a pathway through your application to deliver a key outcome for your users, right? So while this is a powerful lens, we're really excited today that we're going to be introducing an additional new lens, and it complements the business transaction. So the business transaction allows you, when something goes wrong on the back end components of your application, to immediately pinpoint what went wrong on the back end and look through that lens and focus right there on that root cause. The new feature that we're introducing today is going to complement that by giving you a view on the front-end user experience, where the screens are that the user is actually seeing on the front side of their application. So what I'd like to do is jump in and let you take a look at how this feature actually works. So here you see AppDynamics monitoring a fictional application, an application we call NextGen Financial. And like most businesses, they rely upon their mobile and their web applications in order to interact and deliver all of their products and services to their customers, just like you would expect from an online bank. And you can see that they offer things like insurance quotes and loans and online bill pay. And AppDynamics is looking at the key business metrics at the top of the screen. And you can see that we actually have a problem, a yellow warning, on the dollars that are being generated by the insurance quotes. Down below, you see a list of all of the individual business transactions. Those business transactions are again those pathways through the application that are delivering those key outcomes. We've got a couple of issues there as well. You can see that we've got a challenge with quotes being sent. And then further down in the middle, we've got a challenge with response time on applying discounts. Wouldn't it be helpful if we could actually correlate these different warnings through that lens of user experience in order to understand if and how they're related and what we should do about it. That takes us, if we click on the 450k warning, directly into the new feature that we're announcing today. This is the AppDynamics Experience Journey Map. It uses AI and machine learning in order to automatically map the journey your users are taking through the actual front end screens that make up this application. And you can see that it's found 3 top journeys through the application that, of course, correspond to the top business metrics that we started with, right? So you can see that we have there paying the bills, the loans and the quoting. And if you follow the quoting journey, the bottom one of the 3, you shouldn't be surprised to see that, in fact, there is a problem with applying discounts because we saw that in the prior screens. And where they are able to see not only that we have a technical problem, but you can also see that it's correlated to an important business metric, which is user abandonment, right? So we're losing 70% of our users at that stage in the journey. But just as importantly, if you follow that path through the journey all the way to the quotes being sent, you'll notice that there's no user experience problem there, right? Our abandonment is the same as normal, and our technical performance is the same as normal on that screen even though we saw on the back end that there were some technical issues with components there. So we can click in and get more detail. But what we've learned now is that we actually don't need to immediately prioritize the quotes being sent. We need to focus our efforts on the challenges of applying discounts because that's what's actually affecting our users. And so we can now go up and click on Dashboards and Reports and go -- dig down deeper, AppDynamics has a wealth of additional information, and we can begin to drill in and say, "Okay, let's look at what's going on in the stack that is supporting the application." So we've got some challenges on the application servers and in the VMs. But we know from the prior view and the application -- sorry, in the Experience Journey Map that we need to worry more about the discount services and the VMs there than we do about the application server problem on quotes being sent. Now with any other APM tool, this is where we'd likely get stuck. Because we would have siloed information for the app ops team and separate siloed information for the infrastructure ops team, and we get into pointing fingers at each other and not know how to come to agreement on what the real source of the problem is. But I'm excited to let you know that we have another new innovation that we're announcing today, and so to help me with this, I would like to invite my colleague, Liz Centoni, onstage to help us troubleshoot. Liz? Hi, Liz.

Hi, Danny. I can help you with that.

You think so?

Absolutely.

All right. Let's do it.

To do that, I've got to go into Intersight. And actually, before I do that, let me do a brief summary because I can't expect that everybody would know what Intersight is about. So think about Intersight as our Management as a Service platform. So our customers actually use it to set up and manage their UCS servers, their HyperFlex clusters, their storage arrays, and it actually does the full life cycle management of the infrastructure as well. So think things like former reversions, OS upgrades. And it is a cloud service, so it can connect back to Cisco. And so if you have a machine that's not well, it can actually log a service request with Cisco tech, send things like logs and files and do this with very minimal human intervention. So we can get to root cause much faster. But today, I'm excited to announce that we have new capabilities within Intersight, and it's called the Workload Optimizer. So let's go into what the Workload Optimizer looks like. So the first thing that you see when we launch the Workload Optimizer is a dependency graph on that left side. Each of those circles actually represent a different entity. What the dependency graph is saying is that each one of these entities is dependent on something else or uses those resources. So here, as you can see, we have 11 business application. They're dependent on a number of app servers, VMs, and it goes all the way down to the storage LUNs to the servers, even down to the switch ports. So in a sense, what it's doing is it's giving you a view of everything from the infrastructure all the way to the application. Now the question would be is, how does Intersight get to know all of this? We actually make API calls to all of those entities. And we're able to find out the immediate dependency of each one of this, correlated, connected, and it builds out the dependency graph. Now the Workload Optimizer also has a new capability, which is a recommendation engine. And that recommendation engine pulls together performance, efficiency, compliance constraints. It takes a look also at historical usage patterns. It can spit out a bunch of actions in terms of saying, "Here's what you need to need to do in terms of troubleshooting," as well as how do you optimize your resources, especially in a hybrid multi-cloud world. So pretty cool stuff.

Very cool stuff. So it looks like you're actually pulling in all of the application topology data from AppDynamics. You're joining it with other data that you've collected from other elements in the infrastructure. And in this view, it looks like you're actually monitoring all the applications in the estate, not just NextGen Financial.

You're right. And the recommendation engine is pretty powerful. So as you can see, not all those circles on there are green. Some of them are yellow and red. So the recommendation engine is saying, "Hey, look, you've got a couple of alerts. You can go check them out and take action on it."

Okay. So Liz, this looks pretty powerful. But what about NextGen Financial? That's the problem we need to solve.

That's what I came up here to talk about, right? I got a little carried away. All right. So let's go into what NextGen Financial looks like. I'm going to click on the application button, and it takes you down to -- it shows you the 11 applications. And by the way, we pull this information from AppD. So I'm going to kick -- as you can see, the third one on there is NextGen Financial, and I'm going to click on that. It opens up and builds out the dependency map just specific to NextGen Financial. It again makes those same API calls, looks at the immediacy and builds that out.

Very cool.

Now as you can see on here is the app actually looks green. Nothing wrong with it. But both the app server and VM actually shows that it's yellow. So if I click on the VM, what it does is it shows me that both VM 3 and VM 4, by the way, these are the same 2 VMs that you showed on the AppD graph or in the AppD dashboard, they're running a little hot. So the recommendation is saying, "Hey, increase the memory allocation by about 1 GB, and you can actually bring the application back to its optimal performance." And all the other capacity stats look pretty fine.

So that's pretty amazing. You've actually got the exact same VMs, the same data that we had in AppDynamics, but you've been able to drill all the way down into all of the infrastructure dependencies and root cause immediately to the memory congestion with a recommendation on what we can do to actually fix that.

That's right. And actually, it's pretty simple. All you do is actually click apply, and the action is taken. By the way, our teams, in terms of the infra ops teams and the app ops teams, they have the same view to this correlated data set. So they'd be actually working on this already and taking proactive action before you actually even see your application or your end user having an experience issue.

Excellent. So should we go look at AppDynamics again and see if the app is better?

Here's the result of it.

All right. Look at this, you fixed my problem. Everything is green. Thank you. Now I'm not aware of a single other application performance management tool that can do this, right, where we can actually go from the application all the way down into the infrastructure stack and actually solve something together across teams that quickly.

If you think that's cool, I've got another use case for you.

Okay. What else do you have?

So we looked at proactive troubleshooting. Let's go and take a look at how do we optimize resources, especially in a hybrid multi-cloud world. Because I think everyone in the audience would say, "If I get an opportunity to save money. I absolutely want to do that." So I'm going to take you back into Workload Optimizer. This time, the dependency graph that you're seeing is in the hybrid view. So it's looking at all resources that the application uses, but not just on-premises but in the cloud as well. Again, it makes API calls to the multiple cloud providers and is able to actually pull up this information. So I'm going to hover over the VMs because it's actually showing that there's a number of severities, both in red and yellow. I'm going to click on the ones that have actions against it in yellow, and it gives you a whole list of them. If I highlight one that's related to the cloud and expand on that, what it does show you is actually your application can move to a different instance type and it can save money. And it gives you this very granular view, down to the decimal, in terms of how much money that you can save. Because when you think about it, optimizing for the cloud brings its own set of challenges. I mean think about it. Last year, you probably had a set of instance types. Today, when you look at it, you probably have more than double that. And each instance type comes in that's curated for its own memory, compute, storage, bandwidth and capacity, and they've got their own rate cards. And usually, when you're deploying your application, you use the most optimal for what's needed for your application. That's important. But it's not sufficient because you've got to look at the whole life cycle of the application, and as it changes, how do you continue to optimize resources. That's exactly what Workload Optimizer does for you.

Sure. So that looks pretty powerful. And it looks like you're actually optimizing across both public cloud instances and on-premise instances. Are you using machine learning to actually accomplish that?

We have to because we're pulling in massive amounts of information. Because when you look out there, you get examples of where this is done at the infra layer, or it's done at the virtualization layer or it's even been done at the app layer. This is the first time where actually we're showing a full-stack view from the infrastructure all the way to the application.

Wow. It's really, really powerful. So if I take look now at the combination of what we've just been able to build, we're now all the way up at the experienced journey level and the business information, looking through that lens of user experience. We see a problem, we've now gone down into Intersight and actually shown that the data is transmitting from one to the other, so that our teams can work together in this new powerful closed-loop operating model.

That's right. And in addition to that closed-loop operating model, in terms of predictive troubleshooting, it also helps you optimize the resources in this hybrid multi-cloud world. So think about it. The infrastructure is dynamic. It's now moving and changing to the changing needs of this experience-driven application. There's a lot more that we're launching today. And we can go through this in a little bit more detail. So actually, come see us in the Launch Zone or in the World of Solutions. So David, I'll hand it back to you.

All right. Thanks, guys. Fantastic stuff. All right. So Danny, first of all, just to make sure I got it. That was a lot in 15 minutes.

It was.

And to your point, Liz, they can be out there in the Launch Zone or in the World of Solutions. But first of all, journey maps at the application level. So more detail, more granularity, application is king, get more detail into exactly what's wrong and where problems are.

Exactly.

And then, Liz, the ability to actually -- even in a hybrid cloud world, which everybody uses, the ability to drill down into the infrastructure and correlate the application world to the infrastructure, and not only correlate it for troubleshooting, but optimize the infrastructure to get the best performance possible.

You summarized it well.

Perfect.

All right. Fantastic. Thank you.

Thanks.

I think we're just going to continue to see more and more integration. I think one of the things I talked about last year is every click of the portfolio, when we launch more technology, you're going to see this broad portfolio we have get closer and closer integrated to deliver a very different value proposition to all of you in running your business. All right. Let's go on to the intent-based networking. I talked about that in the open. Big change in the way networks are built. We launched this not even 3 years ago now. And in Cisco, we've now brought the entire portfolio from the campus, wireless switching to the branch, to the data center, all under one leader. That's Scott Harrell. He's going to come on stage and talk to you about what's latest in intent-based networking. Scott, take it away.

All right. It's awesome to be here. We just got to talking a lot about applications. But this is Cisco Live! so it seems imperative that we talk about the network as well. And there's no bigger change in the network right now than the move from SDN, software-defined networking, to intent-based networking. And really, when we break this down about what is so different about intent-based networking, it's about the idea that you're going to use English language policy and use a network-wide fabric to program the network. But also increasingly important is every single controller that Cisco is building, everything we're doing that's around the network, we're also now bringing in a next-generation of analytics layer to bear. And we're doing this across everything we make, whether it's in the branch, in the campus, whether it's in the data center, the IoT infrastructure or out to the cloud. And the goal here at the end of the day is for you that are operating these complex networks, these global networks, to simplify things. Because we know your world is getting more dynamic. There's more change than ever, and you need to run at a faster speed. But at the same time, security never goes away as a care about, as David said. And we know that things like segmentation now need to be able to be done everywhere you have a network instance to provide that better security. And this is another outcome intent-based networking can drive. But one of the things we're really focused on is also about how this interacts with the cloud. The multi-domain story that David was talking about now is inclusive of the cloud. And that's where I wanted to start with automation. And for a lot of your organizations, the cloud is just this magical, wonderful place. It's a serene place that you want to go hang out, and it's going to solve all your IT problems. The reality is though, for many of you in IT operations, this is anything but the truth. Instead of this incredibly peaceful scene, it's much more like the running of the bulls in Pamplona is what you feel every day because now your world has become more dynamic. You become responsible for those workloads in the cloud that Liz was talking about. You become responsible for the connectivity out to that cloud and the security. And that increases the things you have to deal with as an IT organization. And so what we're doing, and what Liz and Danny showed you at the end there, is we're starting to bridge those 2 worlds. We're starting to bring IT operation consistency between the cloud and on-prem so that your single tool can now help you manage both. And what you saw was how we do that for app and workload management. But we're doing the exact same thing for security. We're doing the exact same thing for networking. In fact, last year, here at Cisco Live! Barcelona, we launched something called ACI Anywhere, which is about how you take your policies from your data center and seamlessly migrate them into the cloud. And we basically make it simple to do by calling the APIs, by taking all the semantics that are native to different -- that are different between AWS and Azure and GCP and abstracting that all the way so you can have the same segmentation policy on-premise and in the cloud. And as new applications appear in either place, it can dynamically adjust. And so we're going to continue to do this from a networking point of view, and there's no hotter market right now in networking than SD-WAN. And what we're doing at SD-WAN is, of course, we're automating across any type of WAN connectivity, whether it's cellular, whether it's classical MPLS or whether it's broadband. But increasingly, we're being asked by our customers to not just integrate and automate out from the branch, but into the cloud, into your SaaS providers, into your IaaS providers, into your colo facility. And this is where we've been making a ton of incremental investment, and it's been extremely well-received. In fact, of our customer base, 70% of the Fortune 100 customers now have Cisco SD-WAN. Amazing take-up. And we know that for many of you, you either have a project for SD-WAN or you're going to have one in the next couple of years. And what I would encourage you to think about as you go down this path is not just think about selecting SD-WAN as a connectivity medium from the branch, but starting to think about how you actually are going to use SD-WAN to automate your on-ramp to the cloud and what we're going to do to interconnect it with your SaaS services, your IaaS services, your colo services so that your SD-WAN fabric now extends into the cloud itself. So I'll give you some idea about how we do this. When you think about Office 365, it's a suite of applications. We have integrated with the APIs directly from our centralized SD-WAN console so that we dynamically and automatically optimize those connections for all your users. And what it means for your users is they're going to get up to a 40% performance improvement when they use Office 365 with Cisco SD-WAN. We're doing the same type of thing with your IaaS providers, your Infrastructure as a Service providers, AWS, Azure, where we're interconnecting SD-WAN directly into their clouds. And so that as new VPCs are discovered or VNETs are created, we automatically configure segmentation, we automatically configure connectivity and security into that cloud using that same central SD-WAN console. And then a lot of you are actually starting to embrace the colo and start to use the colo as a local DMZ, a drop-off point for your traffic. And we've partnered with people like Equinix to make that simple as well, so that when you want to extend your SD-WAN fabric into that colo, we can make that a 1-click as well. And in fact, we even brought into the same management console the ability to orchestrate security services for that colo. So the sum of all this is that we come back to what I started with there, which is around IT consistency. How do we make your life simpler? How do we enable you to expand to the cloud in a much simpler way and actually retain your sanity, make sure that you have the same type of kind of zen moment that, that picture implied when your organization adopts the cloud? So that's a lot about where we're innovating in automation. But when I started talking about intent-based networking, I said one of the biggest changes is this need to actually start to adopt analytics. And we at Cisco, we believe strongly that every network element must become a sensor. Every network element, whether it's a switch, whether it's an AP or whether it's a router must produce data really to drive 3 primary outcomes: one is around security insights, two is around business insights and three is around IT insights. When we talk about security insights, this is really around how we start to do new things that have never been possible before, how we start to balance the needs for security for an enterprise with the privacy of an individual using technology like encrypted traffic analytics, where we can inspect the flow without ever decrypting it and assert whether or not it's potentially malicious. Nobody else in the world can do this. And we can do this by using the data that comes from the network. About 6 or 7 months ago, we actually launched something new called DNA Spaces. And DNA Spaces is really about taking the data that's available from the network and allowing you to mash it up with other sources of data in your enterprise and actually drive outcomes that drive business outcomes, drive better customer engagement when they are in your facilities, help your users and your employees actually be more intelligent about how they use the environment they're in, things like wayfinding, things like loyalty engagement programs and make your environment more dynamic and leverage the power of the network to do that. But I know many of you in the audience, you're in the business of running a network. And so there's probably no bigger concern than the IT insight side of this. And we've been investing heavily in the IT insight side, bringing analytics to all the different controllers we make. And Liz and Danny talked a lot about how we can use those analytics to simplify how you troubleshoot apps. But the reality is we know from a lot of experience, many people in the room know, that the first thing that's usually blamed whenever there's a problem, whether it's with the user or with the app, is always the network. And we want to help you with that problem. We want to help you actually troubleshoot that network when it's in the data center. And the challenge here is that data center has gotten much more complex to troubleshoot. We know that as the workloads increase and the amount of workloads that you're trying to manage become more dynamic, the troubleshooting of that environment becomes increasingly complex. And you're going to have issues. 97% of you, so pretty much everybody in the room, your company has experienced some kind of critical business application outage in the last 6 months. And when those happen, time is money. The average cost per hour of an outage is around EUR 228,000 per hour. And so this ability to synthesize all this data and get you to the root cause fast is critical. And sometimes you're going to start from the app layer. Sometimes you're going to start from the compute layer. And sometimes, you're going to start from the network layer. And this is where Cisco data center Network Insights comes in. It's a brand-new solution that actually integrates directly inside of your existing products, ACI, DCNM, and for your data center and allows you to actually use those tools to get to a root cause. And we can do things that nobody else can do. We can actually not only bring out all the stats and the data that we know from your Nexus switches, but we can also combine that with flow data because our cloud-scale ASICs produce the richest set of flow data of any ASICs on the market. And we can use that to quickly pinpoint an issue with an application and get you down to which leaf potentially had a problem, gets you down to whether it was the switch or whether it was the server or whether it was a particular app. This is something uniquely that Cisco can do. It's available now, and it's available, integrated inside of ACI and DCNM. All right. So that's all about analytics. So we talked about automation. We talked about analytics. We talked about how important they are for intent-based network and then how you want to send them to the cloud. But all of us still have our on-premise facilities. And what we see happening in our on-prem facilities is actually that one of the biggest disruptions is the marriage of IT and OT. And the fact that many of you that have historically been in IT are now being asked to take over the management of OT. And we've extended our intent-based networking solutions into the OT. We've actually brought them together so you can manage it in a simple way, manages a unified solution so that you can produce outcomes like better security for your organization. And rather than me talk about it, I actually want to bring up our IoT expert, who happens to be Liz Centoni, back up on stage and talk to you about it.

Thanks, Scott. Last year, when we were here in Barcelona, we talked about how we're extending intent-based networking to the IoT edge. So think about it in terms of we're helping you connect your factories, your ports, your refineries, your minds. Your network is actually becoming even more important to meeting operational goals like availability, reliability and safety. But the top concerns still remain. Questions I get asked is how do I protect my critical infrastructure? How do I make sure that I have complete control of my operations so that they do exactly what I needed to do? And how do I keep my people and assets safe? So I was talking to somebody who actually lives this every single day, thinking about this every single day. So I asked him to come in and join us. So please help me welcome the Head of Product Security for Airbus Helicopter, Stephane Chopart.

Hello, Liz. Hello, everyone.

Thank you so much. I realize that I went by the slides and also missed the fact that 68% of our customers actually talk about security every single day, which is something that you had confirmed as well. So Stephane, when we were talking about this, one of the things that you mentioned surprised me. You said that Airbus makes one out of every 2 helicopters in the world.

Yes, that's right. It's almost half of these are going to military forces. That's why it's very important for Airbus to protect our IP and trade secrets. But we have also to ensure the resilience of our manufacturing facilities in order to be able to deliver to our customer on time and that our product meets the highest quality standards. One day of lost production anywhere in Airbus [ vehicle ] may have a huge financial impact. And even worst, if a worker who modify the configuration of our industrial asset, it can put our workers, our customer at risk, and that's not acceptable.

So let me see, I'm just going to summarize what you just said in terms of -- because you had a long list.

Yes.

You want everything from -- you want your production running 24/7, you want the highest quality and you want to keep people safe and assets safe as well. And when we were talking, we're talking about the challenges that industrial network space because these networks have been around for -- or industrial environments have been around for a very long time. So how are you going about -- and this is what the audience would like to know, securing your production facilities?

So we initiated a program to better protect our industrial control system. The ICS network is a network controlling of CMCs or sensors on all the assets we used to manufacture and assemble the various component of a helicopter. But over the years, we added many new industrial assets, many new network equipment and connectivity. And the business was more focusing on the operational objective than under security architecture. So the first thing we did was to perform a full risk assessment on the OT domain.

So you use Cyber Vision to do that. Now as you went through that security assessment, do you find anything surprising?

So we worked with our -- one of our cybersecurity partner, Orange Cyberdefense, to perform this assessment, and we used Cyber Vision to discover the asset. This solution is great because it listens to your network and automatically discover the assets and map the communication flows. Finally, this assessment gave us 3 main things. First, a list of vulnerabilities or equipment, and now we have a plan to fix it where possible. Second, we have an excessive list of the machine with cellular capabilities for remote maintenance and now we can better control the access; and third, we have a list of machine, which were not correctly or adequately configured, and we have a plan for optimization. As you may know, many ICS network are flat, and we wanted to work on segmentation in order to avoid the threat can propagate over the ICS network. And at this stage, the inventory of asset was a key first step.

So just have been looking at your list, right. So assessment gave you, hey, these devices are vulnerable so you patch them. You made sure that people only who need access to the machine should get access to it, not everybody else should and now you're proceeding with segmentation. Does that cover it comprehensively?

Not totally. But the integration of Cyber Vision with ICC will help the deployment of this segmentation project. We are preparing the move to industry for the 0. And the fact that Cyber Vision is now natively built in Cisco switches will speed up and help the deployment of this project. What we have to look at now is oh, to integrate this in our security operation center. The plan is to streamline the investigation and the remediation of both IT and OT incidents. But perhaps in this area, you can help again.

So I'm going to talk about that a little bit more in terms of how we're helping IT and OT, 2 teams that most often don't talk to each other -- that's another thing that we talked about as well, come together to solve these security issues. Stephane, thank you so much. Appreciate having you here.

Okay. Thank you. Thank you so much.

So as Stephane talked about the fact is that you have to start with visibility. He needed to know what was in his environment before they even take the next step. So when we look at this is, we look at it and go visibility is that first key step that you take before you do anything else. Because once you do visibility, you then get the identity of the device. You know what the devices are, you can actually group these together and once you do that, you can define policy which then gets executed. And when that is established, you can now monitor for changes that are happening in this environment. Because not every change is malicious. It could just even be plain human error. For us, Cyber Vision is a key part of our IoT security portfolio. It automates the discovery of a number of operational assets that actually sits on things like a factory floor, a PLC, which is a programmable logic controller; it could be an IO, it could be a drive. In a utility area, it could be a remote terminal unit. And Cyber Vision actually uses passive DPI. So it never gets in the way of your industrial processes. And it decodes a lot of protocols like PROFINET, MODBUS, EtherNet/IP. And the information that it actually pulls out is very, very granular. You get make of the device, you get the model number, you get the serial number, you get the firmware version. It tells you the vulnerability. It tells you what assets are talking to what other assets. And what changes are being made? If somebody actually comes in and modifies that program that you have on the PLC, which is very critical and absolutely running that production line better. And it actually can pull all this information out into a dashboard, so somebody like a plant manager on an Airbus factory floor can drill down and look at just the information that they need for their job. And by the way, industrial networks are not just, as we know, contained in 1 factory. It could go across an entire country. It could go to many remote locations as well. So how do you do this visibility and identity of the devices at scale and at a reasonable cost? This is why we took the Cyber Vision sensor, and we've integrated that into our industrial switches and our routers and our APs. So now you're decoding all that traffic locally, and you're only sending back a summary. So think about it as a summary of that network traffic. That simplicity at scale, good performance at a pretty reasonable cost. And we've integrated Cyber Vision into [ ICC ] so you can do things like bringing segmentation and microsegmentation, things that you're doing in the enterprise now down into these industrial control systems environments. And for those of you who actually use Stealthwatch, we take this traffic, we take all the device information and pass it into Stealthwatch. So from that Stealthwatch console, now when you look at it, you can get granular information on what is sitting behind that IP address, whether it's a PLC, it's an I/O drive or a vision camera. So to meet the threats of today and address them going forward as well, you need to help IT and OT come together, helping IT bring the tools and the capabilities that you've been working with and knowledge that you have for the past 10-plus years; and where OT brings in the business context. We're helping IT and OT come together, driven by security. So David, I'll hand it back to you.

All right. Thanks, Liz. Well, Liz, you've been busy. You're getting a lot of stuff done here today.

Just a little bit.

So we -- you've been driving this IoT business now for a couple of years. And again, you see, we just continue to drive the portfolio together. First DNA center that covers the IT and the OT environment. Then Polaris across all the regulated switches and now in security, bringing all the industrial protocols into the whole security architecture.

I'm very proud to say we have the assets, and we're driving the integration to bring IT and OT together.

Okay, great. Thank you, Liz.

Thank you.

All right. Let's change gears real quick. Let's talk about the big I, Internet, that big, big, big Internet and all the technology it takes to build that network. And if I go back to the video, and Michael Bay was talking about streaming 250 terabits. How do we think about the technology it takes to build the largest networks in the world and to build the Internet that we're going to need for the next decade or more? That's a problem we've been working on at Cisco, of building that fundamental technology. These are projects that are years and years in the works, and we're now coming out with a whole new set of technology across the fundamental parts of networking to build the largest networks in the world. To tell you about that, Jonathan Davidson, who leads our service provider business, come on up, take us through it.

All right. Thank you very much, David. I am excited to be back here in Barcelona with all of you. It's not very often that you get to have the opportunity to explain how we've been building technology for the next phase of the Internet for the past 4 years, and we've had the opportunity to spend well over $1 billion doing it. So it's a big burden to be able to spend $1 billion, but it's well worth it and you'll see that in the coming future. But before we get there, I want to explain why we decided that we needed to go and spend all of this money to help create the innovation necessary to propel us into the next version of the Internet. And it comes down to some simple factors. And those of you who are in the service provider domain know that your CapEx budget has basically stayed flat since 2012. However, the data rate on the Internet is still growing at 30% annually. In fact, mobile traffic continues to grow at almost 50% annually. So if your budgets are flat but bandwidth continues to grow, that means a single dollar or a single euro needs to do 11x the amount of work today than it did just a few years ago. And that's only part of the problem. Because for every single dollar or euro of Capex, you have $5 additional that go into the OpEx side of the business, managing all of that infrastructure, the buildings, the power and all of the things that you need to pay for to actually keep that infrastructure running. So what we did is we wanted to go and focus on the key elements, the seminal technology that actually will help you transform and build that next version of the Internet. We focused on 3 key things. One is specifically around silicon, optics, software and how those all come together in systems. So let me dive into each one of those for the next few minutes. First, in December, we announced an entirely new family of silicon, starting with Silicon One. This is the first piece of silicon that breaks the 10-terabit barrier for routing. Now we wanted to have a clean sheet architecture. We didn't use any prior [Audio Gap] Now Cisco, you may not know, but we actually have been building optics for well over 10 years now. But over the last 12 months, we have spent $3 billion to acquire 2 new optic technology companies. One, Luxtera, to help us automate the actual building of optics themselves, specifically around 100-gig CWDM, but we also announced the intention to acquire a company called Acacia that is going to help us, when that closes later this year, go and move into the coherent optics space. Now it's important to note that if you go back, one of the reasons why we did this is not only for architectural change, but also how money is being spent. If you go back 10 years or so ago, and you look at the cost to move a bit from point A to point B, about 90% of the cost was actually in the router and 10% was in the optic. If you go to today, you're looking at well over 50% of the cost is in the optic and the rest of that is in the network element. If you move to a coherent world, you're looking at well over 80% of the cost is now in the optic and then the rest of that are in the network elements. So not only is the -- where the cost is changing, it's moving around, but also the fact that we have this new technologies with silicon and optics coming closer together, there's new architectures that we can take advantage of as well. So later this year, there's actually going to be a new type of optic coming out called ZR and then following that, called ZR+ for longer reach. That's going to enable you to take a transponder that was traditionally in a separate chassis and actually put it into the pluggable and then plug that directly into your routed elements. This means that you can dramatically simplify your infrastructure, have fewer network elements inside the infrastructure and make it easier to automate that infrastructure. This is something you'll be hearing more about as the year progresses. All right. We talked about silicon, we talked about optics. It's time to talk about software. Cisco IOS XR powers the majority of the world's Internet. But it's also 20 years old, and we determined it was time to reimagine this OS. And so we were spending the last several years going through and simplifying it, optimizing it, actually removing code out of this software so that we can go and make it easier to deploy by shrinking the image down. We also can simplify it with new and greater open interfaces, so we can tie more easily into your automation systems. And we've also created a whole new level of trust inside of XR as well that starts with hardware and goes all the way up through the OS. But this is also the first operating system for critical infrastructure that is cloud enhanced or cloud augmented. And let me talk to you a little bit about what that is. So first of all, Cisco Crosswork is taking intent-based networking and applying that automation portfolio to the service provider. It's a set of on-premise applications, but also we've now augmented that with a set of cloud-based applications. The first of which I want to tell you about is Cisco Crosswork Network Insights, which helps you understand if any of your BGP routes have been hijacked anywhere in the world. We have real-time data on over 300 million BGP routes globally, and we can notify you within seconds if anyone accidentally or maliciously has tried to take control of your routes anywhere in the world. That's number one. The second is Trust Insights. We want to make sure that you know that you have an immutable source of truth so that the hardware that's deployed is known good hardware and then the software that's deployed is known good software as well. And that's Cisco Crosswork Trust Insights. The third one is all about the qualification environment. One of the things that people tell me is the amount of time that it takes from when we deploy new software and put it on cisco.com to the -- all the testing that needs to happen for you to then go and put that software into your network. We wanted to make it a lot easier for you. So what we've done is we've created a cloud service where you can upload your configuration, you can select what hardware platform you have and what version of code you want to test on and using machine learning, we actually dynamically build a test plan for you, which you can then run in the cloud or you can have a connectivity back to your own lab and you can actually run the tests from the cloud, utilizing your own equipment in your own lab. We expect this to dramatically decrease the amount of time between when we put out a new software release to when you're actually able to deploy that release into your infrastructure. So you can go from 3, 6, 9 months of manual testing that you might do down to a few days of testing or even less than that, something we're very excited about. All right. Now if you take the silicon, you take the optics, you take the software, you need to be able to put that together in market-leading systems. And what we have now is an entirely new platform called the Cisco 8000 family that in a single RU, you can have 10.8 terabits per second in a single router device. And if that wasn't enough, you actually can go and have a modular platform going all the way up to 18 slots at 14.4 terabits per slot and you can have a grand total of 260 terabits in a single platform. This is going to enable the next version of the Internet with all of these great architectural foundations coming together. So with that, a real recap just because there's a lot coming at you. Number one, the most advanced silicon in the world is now out, Silicon One. We have cloud-enhanced operations with XR7 with a whole new level of trust, and we have a whole new family of portfolio, the Cisco 8000. You can go out into the World of Solutions, take a look at the platform family itself and you also could take a look at the silicon as well. Don't forget to take a selfie. All right, David, back to you.

All right. Thanks, Jonathan. All right. Jonathan, I always think of -- when I think of our portfolio, I think in my business networking, silicon, software, optics. How do you put all 3 together, you get networks. And all 3 are new. Is that right?

You got it.

All 3 are new from the ground up. Okay. Thank you very much.

Thank you.

All right. That's a lot. Everybody hanging in there? Good, good, good. All right. Now we're going to get to the coolest part of the portfolio. The part of the portfolio that everybody can reach out and touch and talk about all the new things going on in collaboration. Sri, come up and take it away.

Thank you, David. Buenos dias, everyone. I am so happy to be in front of our -- in the midst of our best customers in this beautiful city, at the start of this decade, talking Cisco Collaboration. What more can a geek want in life? So if you haven't seen Cisco Collaboration lately, you're in for a big surprise. It's a whole new world. A modern workplace, a modern portfolio back in your workplace, your employee experience and your customer experience. Now rather than me telling you, let's hear from one of our customers, one of you. [Presentation]

Wow! [ All this ] is taking advantage of the entire portfolio. They are pretty much not only transforming their employee and customer experience. They changed how they do business. Now we've gone from disparate apps from calling, meetings, messaging into 1 single, simple, gorgeous app that meets all their needs. This new app, Webex Teams, is fully personalizable to bring your brand into the workplace rightfully so. Modular to work the way you want it, if you only want to use Meetings. If you are a person who just loves to make calls on a message, any combination thereof, you've got it. It's live now. Now this app, here's the kicker. It's part -- it's the tip of a very large platform iceberg. And one of the important benefits of this, important in here in Europe, is the immense security blanket enveloping this platform. We've taken a security and privacy respectful approach to our intelligence platform, Cognitive Collaboration. Now let me tell you how that works. I'm sure you can empathize with me. We all spend way too much time in meetings, don't we? What's with all those action items you have to keep track of every single day? Even harder, trying to remember what we said in those meetings. When you go back at the end of the day and try to remember one of those small tidbits, it's so hard, right? If you have that problem, we've got a solution for that. Our WebEx platform now comes with real-time transcription and translation capabilities so that you can track those action items with ease and fear of forgetting what was said in the meeting, a thing of the past. Let's take a listen. [Presentation]

Cool, eh? WebEx speaks Spanish. I'm sure many of you in this room are wondering skeptically, is my data stored right here in Europe? Is it encrypted? Is it secure? Do I have the privacy controls? I would be one of you, too. I got you covered. WebEx rest assured has the privacy controls, is GDPR compliant. Now what I just showed you, this app, for all types of WebEx users, all types of WebEx users globally connects to 1 single platform. So there's something missing in this story of mine. Interoperability. Good news, folks. Now we connect to Microsoft, Google, Apple and all the other applications, your employees live in every single day. Hello, ecosystem. Let's take a closer look. [Presentation]

I'm sure many of you are wondering. Did you just say Microsoft on stage here. Yes. Yes, I did. For too long, Microsoft has been an or. Microsoft or Cisco. Now it's an and, Cisco and Microsoft. Now let's take a look at one of those example scenarios. I've got a Microsoft Teams meeting here, you can see the purple band with a bunch of folks joined on their desktop, on their mobile phone. And we've got this beautiful Cisco device there in this large meeting room of ours, waiting to join that meeting. Neil, can you hit that green button? Now as soon as you hit that green button, we go from the Cisco Webex cloud securely all the way into Azure into Office 365 and bring that interop across these 2 worlds that have been separate for far too long. It does take a little bit. And as you can see, it's now there. It's connected right in so the lights are shining bright. And Neil, can you change the layout from prominent to equal? So that we can see that the device is fully joined. It will be better in a smaller meeting room. And as you can see, we come with all the rich layouts that you've come to see in our device portfolio. Thank you, Neil. As you can see, we're only getting warmed up. We're getting started for the sake of the choices our end users make. Not only with devices but also calling. Now on the subject of calling, if you happen to be one of our CallManager customers, one of the 92 million users, despair not. We've got something for you, too. This unified app connects directly to CallManager blowing open to the door to all the innovation I talked about: Meetings, messaging, transcription, cloud-based innovation without any additional deployment cost to you, resulting benefit to you, a killer employee experience. Webex now is the connective tissue driving modern-day workplace transformation, whether you're on your mobile phone, in front of a desk, in a meeting room, we make sure you get the same information wherever you go. Now no session of ours is complete if we haven't shown you one of our brilliant devices. I've got a few up my sleeve today, and I plan to show you at least 2 of them. So the very first one, announcing the instant office, the WebEx Desk Pro and joining us, Annemarie from Oslo.

Yes. Hi, Sri, and hi, everyone. Great to see you all. So I'm now joining you from the amazing new Desk Pro. And these new features are so cool. Right now for example, I've been sitting down for a couple of hours. If you guys don't mind, I'll just get up and stretch my legs a little bit. You see that? The camera is automatically following me.

So Annemarie, you've got a pretty messy office back there.

You think?

Yes.

What mess?

That's cool, right? So this adoring audience that has just woken up would love to see you right here in Barcelona, showing these devices.

Sure thing. So thanks to my Desk Pro, I can actually now join meetings from anywhere as a professional in any meeting.

Thank you, Annemarie. The Webex Desk Pro, everyone. You guys ready for this piece of innovation, join us at the World of Solutions and see how this device is going to transform every desk in your office or the remote office. Now you've been table pounding for a long, long time for a new immersive, rich experience for C suites, boardrooms and executive rooms the world over. Alas, the wait is over. For the first time in Europe, announcing the new Webex Room Panorama, everyone. With Annemarie, again.

Welcome back. And I now moved into the boardroom, right, and we're using the brand-new Room Panorama. So that's the same setup as you guys have on your side. And this is our new flexible, immersive flagship experience. So instead of cutting the table in half, we're now cutting the room in half. And flexibility means more options in room design. It could be bigger rooms like the one we are in, it could be the more classic immersive scenarios that you all know or anything in between.

It also means we support any type of meeting, immersive or multipurpose, you name it. So it's really a great experience for me to sit here and being able to easily engage with all of my colleagues here in this room. And at the same time, being able to look down the table and fully connect with all of you. Well, I should say, almost all of you. So back to you, Sri.

Thank you. Thank you to Annemarie, [ Tobias ] and the whole Oslo team. They are just fantastic, aren't they? Come back at the end of the session, you can come and check out this beautiful Webex Room Panorama, join us in the World of Solutions We've got a device there, too. Now as you saw from [ all these ] video that I shared with you earlier, it's not just about employee experience when you're transforming your business. It's also about your customer experience. Let me show you how WebEx Contact Center can help. Today, more and more companies, as you know, are selling experiences, not just products, like these companies out here. We, as enterprises in this room, we as consumers in this room, are used to that best experience where there's no support call. Enterprises in this room know that a support call is just inevitable. But are we proactively ready to handle today's changing customer expectations? Can we preempt issues? Can we self-heal problems as they manifest? Do we learn from every support incident? Is the product getting better? Now customer buying patterns today are influenced by stellar customer experiences, more than just product. With Cisco Webex Contact Center, we are infusing intelligence into every facet of that engagement. Intelligent, experienced management to bring awareness of that customer journey, that important customer journey. AI-powered super agents with the right information at their fingertips to expediently resolve issues. No more reactive agents. And finally, Cognitive Collaboration. You heard [ us ] talk about this. Bring the human back into the interaction with the customer. More and more, you have to leave an indelible positive mark with that customer, and our customers are future buyers, too. Let's take a look at how our Contact Center is transforming the experience at T-Mobile. [Presentation]

Wow, what an incredible story. You saw [ all this ] and T-Mobile powering some amazing transformations. We are here to learn. We are invested in your future with our innovation engines, modern Cisco Collaboration with its focus on AI, security and privacy, respectful approaches, beckons here. Thank you. Back to you, David.

All right, Sri. That was a lot. WebEx translates Spanish in real time, integration with Teams and whole new devices for the desktop, for the whole room. Fantastic stuff. Thank you. All right. Take care.

[ Slightly busy ]. Thank you, David.

All right. We've covered an enormous amount of technology here today. And we've got 1 group that's going to take us home, which is all about how do we help you consume all of this technology, which is really important to us. And how do we engage with you and there's been a lot of changes in that space in Cisco over the last couple of years. And of course, it wouldn't be a keynote if we didn't cover DevNet. So to take us home, Alistair Wildman and Susie Wee. Come on up. Take it over.

Thank you, David. Thank you. First, let me start by welcoming you all to Cisco Live 2020, and thank you all for being here today. I'd also like to just say that it's a year since we've been here, but our company mission hasn't changed. Our #1 mission is to make sure that we make you successful. And what I'd like to start to do first is to run a video of a customer we've been working with this year to help them be successful. They're from Dubai, from the Middle East. And they're preparing for the world's greatest show. Roll the video. [Presentation]

Amazing. And this is an incredible project. And well done to the team behind this. In October 2020, 25 million people will visit Dubai for the World Expo. And it's an incredible example of how everything has to be faster, it has to be bigger, and it has to be better. And that's exactly what you're telling us. We heard from Wendy in the opening keynote today about how the digital transformations are driving this all forward. And we know that every one of you in this audience today is working for a company that is doing some form of digital transformation. No matter what your sector is or no matter what size that company, you're all transforming. And we also know that digital transformation is difficult because you're transforming technology and business at the same time, and it can no longer be business as usual. As you saw from David and all that amazing technology that we show today, there is an implicit expectation. As you move to a software and subscription model that you need to move the entire business process to a life cycle methodology. And it's really, really important that we get this right. We can no longer just land the technology, and we have to do it together and we have to do it at scale. And the great news is Cisco and our amazing partners are here to help you as we help you move through that life cycle, and we're also helping you to bridge the new skills gap as we move into this brave new world.

So as Alistair said, it's not business as usual. And what happens is, as we talk to all of you, our customers, what you're doing is you're coming to us to Cisco and our partners and asking different questions, so before you came and asked for networking and connectivity. But now the questions are different as your businesses have grown, your networks have grown, and they're starting to get more complex. So now our customers are asking, help me automate my infrastructure, help me automate, automate, automate. And help me use it, help me use my infrastructure to solve my business problems. So that represents a big technology transformation, where we can use the capabilities of the new network to automate, but a shift where we actually use the infrastructure to solve business problems. And the reason that we can do that is because it's an entirely new network with new capabilities. The network from 5, 10, 25 years ago is different from today's network, as you saw from David and the team. This network uses intent-based networking and multi-domain networking. It's programmable. It has APIs, which lets it support DevOps workflows and automation; and application areas like IoT and edge computing and cognitive collaboration all come together; and then capabilities like AI and machine learning and security are built into the network, not just done separately. And so as we put those together, that's how we can use the network to accelerate business, to do automation at scale, to gain insights and intelligence and then also to drive business outcomes. Now Alistair always likes to talk about the future and think about the future. So what we're going to do is show you some innovations and collaborative intelligence that will be coming to you. [Presentation]

Thank you. Collaborative intelligence is the future of the customer experience solutions. It's an incredible, incredible platform that we're developing. And I was trying to think of what's the right analogy to explain how we're bringing this to market. And I thought about this new smart meter that I've just got into my kitchen. And before that, I used to get a gas bill or electricity bill and I just need to pay it by direct debit every month. I never ever looked at the bill. And about a year ago, I got a smart meter. I got this lovely little device with a user interface, and I can press buttons and I get a graphical interface of all that interesting information behind it. I didn't actually know that electricity was 50% cheaper in the evening than it was during the day. But now I've got that intelligence because of that user interface. And what we're doing with collaborative intelligence is the future. We're going to provide you with a digital experience. And we're going to take all the amazing telemetry and data of all the products and solutions in Cisco. And then we're going to map them to the use cases that you use to buy those solutions and your life cycle journey with those solutions. And then we're going to add experts, and they could be Cisco experts. They could be partner experts, or we'll hopefully make you the experts as well and bringing them all together that will give you that incredible collaborative intelligent experience. Now not only is this new, we're also showing this in a World of Solutions. So if you have time this week, please come and join us at the Customer Experience booth. And we've got 5 demo pods, and we'll be happy to show you the future of the customer experience solutions. And not only with this great new experience solutions, we've also got a fantastic portfolio that will help to drive the digital transformation. And I'm really pleased today to announce that we're reimaging our flagship services product, the Business Critical Services 3.0. And for the first time ever, this will be brought to market with our partners, and it will be scaled through our partners. Thank you.

And so as Alistair said is, it really is all about our customers and our partners, all of you. And what we've been doing is really working to help you continue to build the teams that you need to grow your business. So as we took a look at your technology teams and your IT teams, what we see with all this new technology is that it's a combination of the world of infrastructure engineers and the world of software developers. And more specifically, that as you're building your teams, what you need is infrastructure skills and expertise and software skills and expertise. So what we announced is an entirely new set of Cisco certifications, so the new Cisco CCNA, CCNP and CCIE certifications. And we added to that an entirely new set of Cisco DevNet certifications to also certify your software expertise. And so these come together for you on February 24 so that you can train your skills and certify -- train your people and certify them to get the certifications that they need. And this prepares you for new job roles that didn't exist before because of the technology. So now that you can do automation and that the technology is programmable, we have new roles like a network automation developer. And you can get that by getting a DevNet professional certification along with a DevNet specialist and enterprise core and enterprise automation and DevOps. So when you put these together, you can then figure out the network automation developer. Another new role is the web scale engineer. And this is not just for a web company. It's for any retailer, for anybody who has an infrastructure that works at that scale. And you can train for that web scale engineer with the DevNet professional together with ACI automation, data center automation and programmability, and then DevOps skills. So this is the way that we're modernizing to make sure that you can have the skills that you need to grow your business. And the new DevNet certifications come available February 24. And what we're going to announce is that the first 500 people to earn those DevNet certifications are going to be recognized as the DevNet 500. So sign up to be those first ones. Who's going to go out and get that. Anybody? And also, what you want to know is, which are the partners that are really scaling up and being able to offer these capabilities, the DevNet capabilities and the CX capabilities? So what we're doing is we are launching our DevNet specialization and our CX specialization for partners so that you can differentiate your business and that our customers can know who's delivering these types of solutions. And you can get started now because we have 61 new courses that you can send your folks to, that you can go and learn today. These are all becoming available January and February, so you can start learning today to earn those certifications. And so as we bring this together, what we do is we ask us to work together and join a challenge together where we, together, drive business outcomes with the new network...

Embrace the new customer experience solutions to get to value faster...

And then we look forward to working with you as we did in the last 25 years to really drive your business success with the Cisco ecosystem for the next 25 years.

So we've always known that you are the heroes of IT. So please join with us, and we'll help you make the heroes of your digital transformation. Thank you.

Thank you.

Over to you, David.

All right. Alistair, I saw this new collaborative intelligence portal being built. I probably saw the first version about a year ago, and it was amazing. It's amazing how fast it's evolved. And I think more and more, this is going to be the entry point of the higher portfolio. So I want to tell everybody here, if you're going to see one thing here this week, go see this because this is really a big change in how we're -- the whole customer experience for Cisco.

Definitely, it's amazing. Thank you very much, David.

And Susie, there's just might be a little bit of something for DevNet out there, too?

There might be a couple...

There might be somewhere people can go...

There might be a DevNet that's out there.

That's probably half the place out there is DevNet. Thank you very much.

Thank you, David.

Wendy, join me back -- why don't you join me back on stage? All right. Look, we just want to close real quick. This is really an exciting week for us. We thank you all for being here. Literally, there's probably hundreds and hundreds of people from my team that are here from around the world to work with all of you and show us the greatest technology that we have and that we've built over the last year. So have a great week. Wendy, thanks for hosting all of us and making all this happen.

It's a pleasure. Thank you, David, to you and the team. We've announced some amazing stuff, some fantastic demos, capability, get yourself to the hub. And also -- do you want to be in the -- in that DevNet 500? You're going to join me?

I'll be in the DevNet 500, for sure.

Fantastic. Enjoy everyone. Have fun.

All right. Take care.

Welcome back, everyone. So glad to have you back with us in the studio, coming to you live from the Fira Gran Via in Barcelona. My name is Steve Multer. We're really grateful to have you with us. Remember to keep reaching out to us on social media using #CLEUR throughout the day and throughout the week. We want to hear from all of you what an incredible opening keynote. So much power, so many great speakers: Wendy Mars, Dave Goeckeler, Liz Centoni, Danny Winokur, Sri Srinivasan, Scott Harrell, Jonathan Davidson. That was a mountain of technology. We heard about so many different capabilities. And we're going to use this wrap-up to quickly kind of recap what it is that we heard and what it is that we've learned as we've been moving here through the day. Again, continue to send us your questions. We do want to hear from you. Some of the really interesting things that I heard about is the way that we are creating change. We are reshaping the nature of the Internet. We're going to hear about so many of these capabilities. We're going to head right out to -- I don't think we're in the keynote space. We're more in the general Cisco WoS space. We're going to go back out to Chintan Patel and our own Nish Parkar. Guys, what did you think of the keynote and what really stood out to the 2 of you?

Thanks, Steve. Yes. So we're here in the World of Solutions. You can see it's really starting to get busy now. People are coming out of the keynote. They're wanting to have a look around. And I'm here with Chintan. Chintan, how are you doing?

Very well. How are you?

Yes. Good, thank you. What an amazing keynote. There were so many speakers, different topics, go through highlights.

Fantastic. Look, we're laying the foundation for the Internet of the future. I mean that's a huge thing, the building blocks, changing the economics of the Internet. I think that's fantastic to see as we see so much growth going on. We heard about the new things we're doing in the application space, full stack visibility from the application all the way down to the infrastructure. We live on our apps, right? We need that visibility all the way down to the infrastructure. So some amazing announcements.

And I was really quite amazed on the collaboration announcements that we saw. So tell us a little bit about that. We heard a lot about WebEx. What's new?

We heard some great announcements on WebEx. Actually, the future of work with new devices sitting in our desk, in our offices, some amazing new intelligent endpoints that we've announced with some remarkable features. So come along to the show floor and see them in action.

Phenomenal. Zane, we're going to come back to you. I think you've got someone in the studio for us.

Thanks, Nish. Thanks, Nish and Chintan. And welcome back to the studio, everyone. What a keynote, lots of talk about innovation and that set us up nicely because we have Phil Kirk with us here, who's Head of Investments for Cloud, Data and Analytics and EMEAR. Phil, how are you?

Doing great, Zane, really excited to be here.

Fantastic. Now Phil, what's unique about Cisco's approach to innovation?

Yes. Cisco has a really phenomenal approach to innovation. We've got a ton of R&D that's driving all our products. And then we have a very externally engaged motion with entrepreneurs, VCs and start-ups. And we're bridging that gap for us, for our customers. We're a superactive venture investor, been doing it for 25 years. We've got 120 companies in our portfolio. And we're investing $250 million a year globally to find the best innovation for Cisco, for our customers and for our partners.

Fantastic. Now we all know that Cisco is a big investor. But what start-ups are you targeting here at Cisco Investments?

Yes. We kind of have 2 pieces to our approach. We first think about, what are the priority technology areas for Cisco, things like multi-cloud, security, collaboration. And then we try to look out over the horizon and try to incorporate all the innovations that are happening to the market, things like encryption, SaaS, developers and then try to bring that together. And so we have a 2-step approach to think about what's happening in our current portfolio and then what's happening over the horizon and put that together to build a really exciting portfolio.

Fantastic, Phil. Thanks very much for having you here with us. And Steve, do we have any final thoughts about the keynote?

I have about 17 pages of thoughts actually over here. As I was listening through it again, when you get this much content from this many incredibly brilliant people, it's amazing how much it both inspires and overwhelms simultaneously. And I was trying to pick out those things that I thought were real nuggets, real nuggets of wisdom, gems that we can grab right onto. I loved what Wendy started out with. The idea that this is not really just about technology. This is about trust and the integrity and honesty. We think about these concepts on such a frequent level and what it is that they mean to the end user. It's not just building the right technology. It's making sure that they understand that we have their best interest at heart. And again, that comes from a position of trust. We establish these relationships with one another. And once those relationships are in place, now we can move forward with the technological capabilities. That excites me a lot. We talk about delivering a constantly positive customer experience at all times. Dave Goeckeler is always very focused on that. How do we drive both economic value and also societal value? We're going to continue to break down the things that we've heard over the course of the show, but again, really, really exciting. And if you're interested, by the way, in speaking to any one of our Cisco sales representatives about any of the new and exciting technologies you heard about on the keynote or that you see throughout the week here on the broadcast, go to cisco.com/go/sales. Once again, cisco.com/go/sales, and you can ask about any of these capabilities. We want to bring them all to you. All right. So we're going to dive back into the studio. I've actually got guests here with me. And we get a chance to talk about compute here at this point. So welcome, guys, good to have you with us. We'll make the really, really quick introductions here of Todd Brannon, our Senior Director of Product Marketing for Unified Computing here at Cisco.

Good to see you again.

I'm so glad to have you with us. And I'm going to flag down because we actually changed things up a little bit. But I've got Siva Sivakumar here with us as well.

Pleasure to be here.

Oh, I'm sorry, you know what, we're going to -- sorry, we'll figure it out. Todd, you and I are going to talk to each other for a couple of minutes so my apologies there on that one. All right. Let's talk about what we saw specifically from Liz and Danny here in the keynote. What about these new announcements that we heard, what can we expect in their iTalk? Let's try to sum it up, if you possibly can.

Sure. I mean they came out and talked to us about a toolkit for modern applications essentially, right? And when Wendy kicked off the keynote, she was talking about that application experience, right? So we're all competing on experience in some way, right? Whatever product or service we're in the business of, it's how do you create the experience for the customer around that product or service as you deliver it, and it's increasingly being done through applications, right? We know that the average consumer touches 34 apps in a day, right? And the IT teams have a material role in whether or not experience is going to be good or not. So really, what we're going to see from Liz and Danny in their iTalk here later on is unpacking this toolkit that we've built for IT teams to help assure that experience and also optimize and lower their cost of computing at the same time.

Absolutely. All right. So Siva, let me go ahead and let me toss over to you here on this one. Senior Director of Engineering, Cisco Computing here, when you hear what comes out from the keynote stage, first of all, it gets us all very excited, right? We always love to hear our own capabilities talked about. But let's specifically go into Cisco insight a little bit. I want to drill down a little bit there. Liz gave a really nice overview of Intersight. But in terms of workload optimized or the integrations that we've done with AppDynamics, which we heard a lot about from Danny, how does this fit into the overall evolution of what we're seeing here in insight and Cisco's primary focus?

Yes. Yes. Absolutely. So when we built Intersight, we truly wanted to create a revolutionary management platform that is absolutely a single pane of glass for the entire life cycle of both the infrastructure and things that are deployed and running on top of the infrastructure. This is a very unique experience. This is a very unique way of bringing this capability or this service, if you will, into the data center. And when we did the infrastructure modernization with Cisco Intersight, the evolution was very much what we thought about, which is bringing compute, UCS, HyperFlex and other capabilities but expand much more down beyond that by bringing in other heterogeneous infrastructure, whether it is networking, whether it is storage and other capabilities, then layer on top, how can I bring OS, hypervisor experiences on top? But what you saw today was a super exciting capability, which is looking at much more of insight into the application that drills all the way back into the infrastructure. The ability to give you insight all the way from the infrastructure, all the way to the app layer, looking at specific implementations and looking at specific areas where you can optimize and improve your experience, not just performance, but your overall experience, is truly the vision of Intersight. We are extremely excited from the engineering standpoint to see some of these vision actually start to be in customers' hands and get the feedback from them that they are absolutely delighted to use these capabilities.

It's so good to be able to finally see this on a full drill-down picture, right? When you look at the big image, we used to look at this incrementally. Now we are going everywhere from the app down into the infrastructure stack to be able to solve those problems quickly. How do we tell this story to our customers in a way that they will understand and embrace?

Sure. I think it's about breaking down silos, right, in the tooling and the teams themselves because we've grown up as an industry and really created different functional silos in IT in many cases. And so we've gotten to the point now where these application experiences are so critical to the business. You've got teams that are focused on the application, all those interdependencies, and they're looking at the world through one lens, one set of data and tooling. But then you have the people that run all this infrastructure that actually powers these apps either on-prem or in the cloud, and they have their own tooling. And they're looking at the world kind of as stacks, right, of infrastructure. And so what we can do for our customers now is give them a common view, a common source of truth by correlating all of this telemetry, right, both across the application tier and then what's going on in all those different pieces of infrastructure powering that application. So when we can bring that view together and help them work better together, it's really just helping them with a new kind of closed-loop operating model for how they support these apps.

It's so exciting. Guys, do me a favor, stay with me. We're actually going to go out onto the WoS show floor, and we're going to go into the compute booth, but I want to come back and have a bit more of a conversation. Right now, oh, good, I looked down in the monitor, it is my pal, David dela Cruz. And you're out there with Eugene Kim right now, right, David?

Yes. Hi, Steve. Thanks for that. I'm standing in the World of Solutions in the data center section and I'm here with Eugene Kim and Vijay Venugopal as well. Hi, guys, thank you so much for being on the show.

Pleasure to be here.

Awesome. So we've obviously heard a little bit about data center this morning, and we're going to be hearing more shortly from Liz Centoni. So Eugene, just a quick question, can you tell us about [Audio Gap]

Welcome to Cisco Live Barcelona. This is a Master studios presentation. My name is Tim Szigeti, and this morning, we're going to be talking about bridging the gap between IT and OT. Just a few minutes ago in the keynote with David Goeckeler, our SVP, Liz Centoni was talking about this very subject of how IT and operational technologies, OT people, have to come together in order to drive digital transformation in industries. This is widely referred to as Industry 4.0. And the reason for this is quite simple because every decision that's made based on data and being driven by data is better than one that isn't. You get to make things safer in your plants, you got to generate more output, higher-quality products with less waste, higher efficiency. All of these things come from making smarter decisions and smarter decisions are rooted in having the data to find out what solution is the better. So this digitization, though, it presents a revolutionary change in industries that have been doing things the way they've been doing for decades. Well, we all know change can be challenging at the least, difficult at the worst, then sometimes it's even met with resistance. And therefore, to be successful in this digital revolution, it's really important to understand how the change are going to affect the key people involved, the stakeholders. And in this area, there's two very distinct personas. There's a persona of IT and OT. And that's what we're going to talk about today. Operational technology people, OT, they're responsible for -- in manufacturing for what the company makes or in transportation, the services being provided or in utilities, providing the power and so on and so forth. That the main reason the company's in business is what OT folks deliver. They are supported then by IT personnel. IT personnel, we manage the network, we manage security, we manage the apps and the data center, so on and so forth. Traditionally, though, these people don't talk to each other. They're -- in wide gap between the two, they -- their worlds rarely intersect. And as such, they don't really understand each other and their roles, their concerns, their priorities and so forth. And therefore, to drive digital transformation, it's actually not just a technical challenge. And incidentally, Cisco is leading the space in the -- and meeting the technical challenges of digital transformation, they're bringing their 30 years of networking and security to the industrial scenarios. But it's not just a technical challenge we're dealing with there's also a major cultural challenge. And again, Cisco is taking the lead to meet this challenge by developing the awareness that this exists and then also showing how to bridge it. And Cisco is a company that's bilingual, that is they can speak the language of IT and OT. And so that's what this whole session is about to draw attention and awareness to this cultural challenge, and we're going to illustrate it by role playing. We're going to exaggerate these personas. I'll be playing the role of an IT person, and I'll be joined by my colleague and friend, Albert Mitchell, who'll be playing the role of an OT person. And there's a lot of biases in this place, and we're going to try and exaggerate some of the concerns and some of the personality elements. And that's why I'm going to start off by wearing a rather, I don't know, bold perhaps even arrogant shirt because well, what's happened in these cases is that IT is almost immediately perceived as arrogance because they're the ones driving the change. They think -- they come into a meeting and they're being perceived that, oh, these guys think they have all the answers when they really don't know much about how the company runs. So that's why I'm wearing this shirt. Just want to exaggerate again these persona differences. And again, we're going to be setting the stage. This is a meeting to start the collaborative process. The first meeting between IT and OT to get the ball rolling. So join me, please. Albert, thanks for making the meeting. Glad you can make it.

Yes, I recognize you. You're in IT.

Yes. Yes. Okay. My name is Tim. We've actually met several times before. Maybe you don't remember, but that's okay. Thanks for accepting the meeting. This is a really good start. I call this meeting because our Executive Vice President keeps mentioning that we have to move to Industry 4.0, so what are your thoughts on this?

Well, I was really kind of hoping this whole digitization thingy project, whatever you call it, I was hoping it would just go away. I've been down in production. I'm working my line, and we're busy, right? I got stuff going on.

Well, I hear you. But you see -- that's what I want to help with because digitization can actually really drive productivity gains, and that's what our big boss -- that's what's on his mind. He went to some manufacturing seminar and that's what he came back with, and he keeps pinging me for updates. So I have got to tell him something.

Yes, the big boss has got some lofty goals. And he's been annoying me with those updates as well. So pain in the butt.

Yes, well, I thought that he assigned this digitization project to you. And actually, I thought you would have called this meeting because you need me to get this done.

I've been busy. Production, but I'm here now. So I'm reaching out man. I'm here.

Well, I know one of your guys, Roy was it. He tried to do a digitization product -- project a few months ago, but it didn't go well.

Yes, yes, yes. So what Roy did was he try to produce it in his line a few months ago. Disaster. I thought the boss would have learned a lesson from that. I mean because there was a huge loss of productivity when Roy tried it, it was bad.

Well, I know what he did. And no offense, I'm not sure what he told you about. He didn't approach us for any help or guidance and just went entirely on his own, and he made some really big mistakes along the way.

Yes. Whoppers, huge mistakes.

Yes. Well, we know what he did wrong, though. And that's what I told the big boss because we won't make those mistakes.

We? All right. Okay. I'm here, right? So I actually thought about this project a bit, okay? So if this happens, right? Here's what we need to do, right? We actually need to get some production data out of my product line and send it to some application somewhere. We really want to just kind of stop doing production data entering it manually, right? So stop the manual process?

Yes, I 100% agreed. So just tell me what's the app? And where does it reside?

Reside. I don't know what you mean by app reside?

Oh well. It could either -- it's typically cloud-based or on-prem. So...

Cloud? What's prem?

Well, cloud is in a managed data center that's off-site and on-premise, well, that's a data center that we take, but you don't -- hang on. That's not important right now.

I mean, look, we've been here what 5 minutes, and I'm lost, and we're talking about the cloud. I mean...

Okay, I'll -- like if you want to do this on your own, you could, but the big mistake for Roy is that he didn't know anything about networking and security. So if you want to go this and do-it-yourself. All I would recommend is for you to like really get up to speed on networking and security to make sure that you're able to connect your machines in a manner that is secure, highly available, it's got deterministic fail over, segmentation and so forth.

Me, learn networking. How long it take you to learn networking?

Well, I got my CCNA. That's my Cisco Certified Network Associate, almost right out of university. And then within a year, I got my CCNP, that's the Cisco Certified Network Professional. But then it did take me a couple of years to get my IE, the CCIE, that's the big ticket. Cisco Certified Internetworking Expert. I think the whole process took me about 5 years.

CCNP, what? I mean what are you doing to me, man?

Okay. Well, they're networking certifications, training. And the cool thing is, right now, Cisco is actually updating all of their CCA, Cisco Certified Training, NP, NA, IE, and therefore, you're going to get the biggest bang for your buck. If you start on this new technology track, get the longest life out of it. The best time you could start is now.

Well, 5 years. I mean I haven't got that kind of time. Plus, it sounds like this training school you went to, they don't speak English, right? I mean I don't understand half the stuff you're talking about.

Okay, okay. Fair enough. It's like -- I know there's a lot of jargon, a lot of acronyms. It's very heavy that way, but that's just how it is -- that was just the thought.

Well, okay. Let me flip it. How about you learn a little operations, right? A little bit of process, roll up your sleeves. Learn how we actually make stuff in this company.

Okay. Well, I guess, okay. But like, let me ask you, how long does that take to learn?

No formal training, really, I mean, 20 years for me.

20 years. Clearly, clearly, this isn't going to work. I can't learn your job and you can't learn my job in time. I can't wait 20 years. You can't wait 5.

All right. I guess we're going to have to work together on this one then.

Yes. It's...

I'm not learning networking, for not no 5 years.

Well, I'm not going to spend 20 learning production. That's just not going to work.

If we're going to have to work together, then you got to understand more about what's going on, right? And where you, Mr. IT guy fit into all of this. They say a picture's worth 1,000 words. So I got a picture for you. So I prepped a little bit for this presentation. So just a little bit about how I'm viewing the world.

I see. Okay.

This is an OT company, we make money based on what I do. Right? We're the profit center, let's be clear about that. And IT is just this little satellite rolling around my world, barely impacting the tides on my planet, okay? Let's be clear about it, this is how -- we were doing just fine before IT came along. And we're going to keep doing fine without -- with IT.

Okay. Well, that's a generous dose of humble pie so early in the morning. But -- okay. Well, why don't you lay it out for me, okay? Then if you want me to learn your world, tell me, what are your priorities? What keeps you up at night? What do you want out of this project? What do I need to know about your world so that we can actually work together?

Yes, okay. Yes, now this may be that -- the big boss may not think this is the #1 priority. But me and the guys on the floor, we want to walk out the same way we walked in every day, uninjured, safe. Safety number one, right? Hard hats, glasses, right? Walk -- safety. The boss cares about units produced. We have quota that we have to hit, and they never reduce quota. Defects, we got to make sure that we're hitting it, but quality is in this case, job 2, it' s not [ Ford ], it's job 2. First is units produced then quality and all about efficiency, where we're really trying to reduce waste. So throw away as little as possible. And we measure everything, right? So we're -- work in this constant optimization loop to produce things, reduce defects and waste. Here we go. This is just a cycle about how we're operating things.

Okay. I hear you so far. That makes sense. But -- so what keeps you up at night?

Yes. Yes. Okay, so here we go. What's keeping me up at night, is unplanned downtime, right? We have some planned downtime, but if I don't know what's happening or if I'm not controlling it or understand every aspect of it, that's a problem because when things go wrong. First, we got to figure out what went wrong? How to replace it? We're talking thousands of dollars an hour for everything that goes down, right? So unplanned downtime is a major problem for me. And the other thing is that the old guys -- I may look old, but there's guys older than me out there. They're all taking retirement, and they're going, and we're not filling them in with the young guys they're not coming in and filling it in the gap. I'll tell you a story, you ever hear the one about the guy who fixed the machine with his hammer and had a huge payday. You never heard this? You never heard [indiscernible].

No, never heard that story. Is that an OT story?

Yes, this one -- it's like -- this guy who -- Yes, it's an OT story. You need to know these.

Enlighten me.

You got to work with these. You need to know these.

Sure, okay. I like stories, grandpa.

So there was this machine that was in operation, no one really knew how it work, but it was running and everyone just kept their fingers crossed. One day kaput, the machine goes down. They had to bring in the guy who was maintaining the machine after years of retirement. So he comes. He agrees to come in. He walks around the machine, analyze it, ask a few questions, takes a hammer out of his bag and smacks it really hard, one time like magic. Machine just starts up, right? Everyone's happy. Machine's back and running. A week later, he sends in his bill, $5,000, exactly. And the boss goes. $5,000 seems a bit high. I need to see it itemized. Here's his itemized bill. $5 for the hammer, $4,995 -- knowing where to strike the hammer? This tribal knowledge is key to actually keeping things operational, right? That's the 20 years that we've been talking about.

Yes, fair point. Got it. Okay. Well, what about digital transformation, what are your thoughts?

Yes. Yes. Yes. I'm ready. I got you covered. Exposure in [ limitability ]. Again, I got to maintain control. I'm concerned about digital transformation and my exposure to things that I don't control, and my danger and liability there, right? Complexity. I look at what you're trying to do, and I see a brand-new bunch of boxes, I don't know what they are. And all of a sudden, I can't live without them, right? And safety is #1. We can't be having wires running everywhere. So keep it simple, keep it controlled. I mean these are the things that I'm really concerned about with digital transformation.

Okay. Got it, so far.

And frankly, right now, I'm self-reliant, and I got to stay that way. I know you got this whole process of opening up trouble tickets, I mean, I'm not down with trouble tickets. I mean -- I'm not going on -- I'm not calling first-line support only to get wait for hold for fourth line support and then told 4 hours later, someone will be there, no. I mean that's a process that will not work for me. So we're going to change -- if that's your process, we've got to change processes already. So self-reliance. Again...

So what do you want out of all this?

So from digital transformation. If we're going to do it, and this is what the big boss believes, and I don't have any reason to doubt him as long as he's signing my paychecks, right? We're going to increase production. So we already have a situation where today, we go into routine maintenance every 6 months regardless. We take the line down, we repair, analyze everything. Now the dream is we can get the data into some sort of application that will tell us: Do we need to do routine maintenance every 6 months? Can we wait another month, 2 months, 3 months? The few -- the less we bring down the line, the better production is, right? It's all about uptime. So we're -- maybe we're doing maintenance where we don't need to, right? So that's what the data ultimately is for. And we want to increase quality. We want to be having the data, analyzing it, figuring out what we can do better. Again, remove the defects, increase the quality, more money for the company, right?

More money, more better.

Exactly. More money, more better. Couldn't have said it better myself. Nonstop operations, right? Let's keep this thing rolling. If we're going to digitize it, it's got to help with the automation portion of it all as well. And -- man, I can't stress this enough. We know reliance on IT, we got to keep it simple, rip and replace, right? Self-sufficiency it -- I can't wait 4 hours, right, for somebody to come and tell me, "Oh, just log into something or other or other and do these x commands." No, that isn't cutting it, man. So that's kind of where I'm coming from.

Okay. So that's a lot to absorb, but it's very helpful. Now let me flip it back to you. It's like -- let me share what you need to know about us and where we're coming from, our priorities, what keeps us up at night, and what we want out this project. So that we can put it all on the table and then find a way to work together. Is that fair?

That's Fair. Let's see it, Mr. Ego.

Okay. Well, you showed me your picture of the world. This is how we see it. Now we're the unsung heroes, and we support everybody, we support you, we support sales, we support engineering, support marketing. And it's a thankless job, man. It's hard and it's thankless. It's like you constantly putting out fires and when we finally put them out like...

You can't be showing me this.

All we get is, why was there a fire in the first place? So it's not an easy role we play, man. It's like -- we deserve something. Like you, uptime.

I'm all about uptime.

Up time. Yes, we got to keep that network up. That's the backbone of all our communications, all our apps, all our -- everything. So that's got to stay up, but we're under constant attack. We can't leave ourselves exposed to these new and evolving multistage attacks. And it's like we always have to stay one step ahead and maintain a healthy security posture, and that requires a lot of effort, vigilance and protocols to be in place in order to make that happen. We solve problems, and we got to keep close details of all these cases and what was tested? What was tried? We can't -- if we don't log all of this somewhere, then we have to start from the top every time we start troubleshooting. And then, it takes that much longer to solve any given problem. So yes, we have to use tickets, we got to like use a system and formal process to get here because ultimately, we're a cost center. Yes, I know. You make the money, but we need -- we keep the company running and humming too with all the data and all the services we provide, but we have to ask for money. We have to justify it. And we got to show when we need headcount or equipment. So that's -- those are the key things that I...

It sucks being a cost center.

Yes, it definitely does. We don't have the funds you guys have. You control a lot more of the budget than we do. That's laying it on the table as it is.

Glad you see it that way.

Yes, it's true. It's true. So let me tell you what keeps me up at night.

Here you go.

Never ending cyberwar. Number one, I've already talked about it, I don't have to keep rehashing it, but that's the biggest on my mind. The next thing is rogue devices that are just being added to the network. You told me a story about your guy with the hammer. Let me tell you a story about a janitor with a thermometer. Janitor says, you know what, I'm tired to walk into this fish tank in the middle of the casino lobby to check the temperature so that I do whatever I need to do. I'm going to drop a little IoT thermometer in there, and it saves me having to walk from my closet where I live and I go out there. And then once he's done that, that's an IoT device that is a foothold to the whole casino got hacked and breached. So -- to what, save the janitor 20 steps. Come on. This is the type of stuff that keeps me up at night. These rogue devices being added without talking to IT. It's crazy. The other thing that just worries me to death is when I look at your network, it's insane. It's like you just add device to device, and it's a flat network. There's no hierarchy, no scaling, there's no segmentation. If something gets infected, everything can get infected or if there's a loop, everything gets taken down...

That's something that happened to Roy.

That's exactly what happened to Roy. It scares me. And then you guys never upgrade your software. I walk around your floor, I see Windows XP, Windows NT. Dude, these are my grandfather's computers. Fred Flintstone called, he wants his computer back. It's like what's going on with that?

If it isn't broke...

It isn't broke, but it's vulnerable as crap. It's like we got to do something about that. So what worries me about this digital transformation project is that we're massively increasing our threat surface. We already manage over 100,000 devices, but once we add your production lines, we're going to be hitting close to 1 million. It's like -- that's a lot of places that we can get attacked from. And then it's just managing those sheer number of devices, like I say, that's big numbers we're talking about. And when we have to apply policy throughout, we can't leave little chunks and holes in our armor. We have to be comprehensive and push this out entirely to really enforce it, to have value. So these are some big challenges. And I just need you to under -- to really understand the risk that connecting all these devices, especially devices that we haven't approved brings along with it. This is -- are some real serious concerns that I have.

All right. Okay.

Yes. So what I want you to take away, maybe just from this meeting is that, hey, when you add a network connectivity, it's not the same as adding a junction box. There is like a whole potential of security concerns that that can bring along with it. So make sure you choose the right box. Let's talk about that. And the same with devices, don't -- please don't add any IoT devices to your network without having a conversation with us first. They have so little security and they're just so cheaply made, and it could just really expose ourselves to a lot of danger. And then when you guys add these cellular gateways, every one of those is a backdoor. I need to know about all those back doors.

All of them?

All -- every single one. It's a backdoor to all the way into our company, and it's like I got to make sure that I know about them.

Just [ vendors ] kind of like sneak them in sometime.

Exactly. So it's like we have to find some. This is, again, why we have procedures and protocols because if these things are done without our knowledge, I can't protect what I don't know. So yes, we got some tools, we have some methods, maybe they're not quite what you need, but we'll figure out something that will work. But there is a reason for everything we do. This is -- 30 years of experience. There's method behind this madness. It's not just madness.

Okay, I get it. You're not just sitting there playing video games all day long.

Not all day. So I'm confident we can get you a secure solution to get the data from your app -- from your machines to your apps, absolutely confident, and that will make your production faster, better and cheaper.

Okay. So that all sounds good. But before we get started, what do you know about PROFINET?

PROFINET? Well, not -- honestly, not much. I've heard of it. It's a protocol, right?

It's one of the protocols that we use on the production line. And it's based on IP. But it's such that the data that we need is coming from these PLCs that are running over PROFINET.

Okay. So this partner that I want us to use, Cisco Systems, they know IT and OT. And they're the global networking and security leader, and they have been for the past 3 decades. And they have a whole line of industrial products and I was reading the data sheets on these products and PROFINET was one of the protocols listed as supported on them.

Sysco, you mean the food company?

No, no, no. That's -- it's a different company. I'm talking Cisco with a C, C-I-S-C-O, not S-Y-S-C-O, systems. Cisco Systems, it's a networking company, and like I said, they got industrial products and solutions, they've been doing industrial automation for over a decade. They support all these major products.

What about CIP? Do you see that on the data sheet?

Yes. I saw CIP, I also saw Modbus and Ethernet IP and some other protocols. I don't know them. I'm being honest, putting the cards on the table, but they were on the data sheet, they're supported.

Okay good. Because they're important. So Cisco, and they're already supporting PROFINET and CIP and the other protocols we run. All right. Good start, it sounds like you made a good choice for partner. All right?

Okay. Well, I'm glad you think so because I'm really excited to get going here because like -- what I really want to do is, first of all, segment your production network. I want every cell assigned to a VLAN with its own DHCP pool. And then I want to start using scalable group tags and software-defined access and then really like rolling out intent-based networking all the way to that IoT edge and then your floor and everything that's so jazzed. I'm so excited.

Well, HTT, ACLs, I mean, you're talking English. I recognize the words, but I have no idea what you're talking about. We got to solve it right now.

I'm getting ahead of myself. I'm just so excited. This is a real opportunity for IT to shine and be more than just a cost center, to really be a strategic partner in digital transformation. I get sometimes carried away. We don't have to dive into the weeds yet. Let's just focus on -- I think we can work together. You do what you do best, let me do what I do best. And you set the requirements and the constraints. I'll find you a solution, and then we'll deliver that solution for you to meet your needs with all the appropriate security, networking, everything best practices.

That's fine. I can sort of deal with that at a big picture level, but I got to be self-sufficient. If I have to rip and replace or something gets -- to get back up and running, right? I'm a little concerned about these trouble tickets. You understand?

Yes, I hear you. You know what, you'll define the intent, we'll deliver it. We'll find a way to keep you completely self-sufficient. And then as the business needs evolves, we'll just sit down, like we're doing now and we'll figure it all out together. How -- what do you say to that? Doesn't have to be painful.

Okay. Because the big boss needs a successful pilot project to erase the memories of what happened with Roy.

Yes, I hear you. And you know what, I'm willing to learn these industrial automation protocols. Like I said, I don't know them. And I want to know how your production line works. And how we make the widgets we make.

Fair enough. I guess I could stand to learn a little bit about networking and security. Branch out a bit, if you will, but don't use the term widgets anymore.

Okay. Okay, my bad. I guess we hit a nerve there. Okay. So I think we are -- we got a good start.

So I'll let my production line be the pilot for this digitization project thingy, but by the hammer of Thor, you better test this out, right? None of this amateur hour on my production line. This better be thoroughly vetted before we go production.

Absolutely. And again, this is why I think working with Cisco would be the right choice because they do these things called Cisco Validated Designs. Where they stress test and scale test and these solutions have been deployed by thousands of customers, so you can bank on it. It really derisks the project. So that's what I want to leverage. And then we will test and prove everything out, and I'll show you everything working before we go live on your line, how about that? Is that fair?

That's fair. So to be honest, I have no idea how my production data is going to get to that dang cloud application thingy. But I guess, there's no avoiding it. I held out for a long time without a mobile phone, and now I can't live without it. So there's a lesson to be learned there.

Yes. And I get -- I think our boss is on to something. I think this is the right way forward.

So you know what, taking a shining to you. Why don't you come on down to the production line sometime, and we'll show you around and see how things are really operating.

You know what, I'll be there first thing tomorrow. I want to make this successful. So I guess, I got to buy a hard hat. I'm not really even sure where to buy it. Maybe I'll go online, Amazon and have it droned delivered and get it here ASAP. And yes, I'll join you. And then you know what? Maybe later in the week, we could go out for a beer or something.

Now you're pushing it, all right? Tell you what, I'll let you sit by me in the cafeteria, okay? I'm tired of seeing you sit over there by yourself.

Okay, whatever, boomer.

All right. Hey, Tim.

Hey. Thank so much, Albert.

We're going to be successful.

We're going to make it.

All right. Back to work.

Okay. So while we exaggerated a bit for comic effect. I think you get the main points. IT and OT are very different personas. They have different skill sets, different areas of expertise. And you can't replace one with the other. Not easily. They have years of knowledge and experience that just can't just be ignored. So really, therefore, this has to be a partnership where they're brought together in order to make that joint project successful. So it all starts to bridge the cultural gap that exists here. Getting to know each other. Just we're talking about here, we have to understand what are their respective priorities? What are the respective concerns? What are the respective expectation of digital transformation? And then while there's a lot of differences, these differences do not preclude collaboration and success, and this gap that exists between IT and OT can be bridged, and it's bridged by having the kinds of discussions like we just illustrated in the skit today. So this is what we want to leave you with, three key takeaways. IT and OT collaboration, it's inevitable. It has to happen. Industries have to transform digitally. And the sooner they do, the better for their business, and we encourage you to partner with Cisco. They are the leader in this IT-OT collaboration space. We see this in the hardware that Cisco makes in the products, in the software and also in the solutions like CBDs were mentioned. So we want you to understand these technological requirements and cultural challenges to have IT and OT collaborate successfully to drive digital transformation in the industry. Thanks for joining us.

Hello, and welcome. My name is Rohit Sawhney. I'm a group product manager on the cloud security team and I'm honored for you to join us here today. Today, we'll talk about how diversity changes business at Cisco. Here's what we're going to discuss in a very short minute here, I will introduce our panel, who has joined us for this discussion. The backdrop for our conversation today is a product that is built in the cloud security team called App Discovery. I'll briefly explain that. And then we'll go into a panel discussion, which is where we'll spend the majority of our time, then wrap up. As I said, I'm honored to have our panelists here today who've traveled from near and far to be here. I'm very grateful for their time and their opportunity. So what I'd love to do is -- starting with my right here, I'd love for you guys to tell us a little bit about yourself in terms of your name, your role, where you're located, and what defines you.

Sure. My name is [ Joseph Arnett ]. I'm one of the cloud security architects. I work on the Umbrella teams. I've worked with the cloud security CASB products as well and App Discovery, obviously. I'm located in Eastern Washington state. So I work remote. And what defines me? I would say, my teams, my relationships with my friends, who I'd like to call friends within the company. I think that defines me. Those are the people that I do my best work for every day and who I think about when I make decisions.

I'm Pallavi Priya. I'm a software engineer in Cisco's cloud security business group. I work in the cloud-delivered firewall team. Prior to this, I was working with the App Discovery team. I'm located in San Jose, California. And what defines me? I was born and raised in India, I moved to U.S. about 15 years ago, looking for better opportunities. So I'm defined by the Eastern culture and influences.

Wonderful.

My name is [ Yaron Caspi ]. I'm an architect on the cloud security product management team. And I have lived on 3 continents. So born in South Africa, lived most of my life in Israel and then lived for a good 6 years in the States. So I'd like to think that I have a bit to contribute to diversity as I've experienced it.

Wonderful, [ Yaron ]. Thank you.

And my name is Claudia Love. I lead our User Experience team at Cloud Security, and what defines me is that I am a somewhat recent immigrant. I came to the U.S. about 6 years ago, born and raised in Uruguay. I'm also the product of a multinational, multicultural home. And I'm based in San Francisco.

Wonderful. Thank you, panelists, once again, for joining us. So one of the things that our panelists have in common is that they were all in one way or another, involved in this product called App Discovery. And I'd like to spend just a few minutes giving you some context around this product, and then we'll go into our panel discussion. So this product called the App Discovery is essentially a shadow IT product. For those who are not familiar, shadow IT is the discovery of applications that are not under the control or visibility of an IT organization. So for example, you work in an organization and you use Box and O365 applications. There may be more usage in your corporate headquarters from the standpoint of Dropbox and Netflix and Google applications. Those may be applications your IT department is not familiar with. As you can see on the dashboard here, we help visualize that. It's in the context of the Cisco Umbrella, cloud security suite and there is not only discovery of those applications, but also risk associated with them and workflow management. Any IT administrator can go through this product and be able to then see the risk, the identities, the requests and total traffic going in to those applications that helps them to ultimately block or allow those applications in their environment. Why do we talk about this is because this product was actually made up of several different teams. We had over 30 team members across several cities and countries that enrolled in the creation of this product. And we thought it developed a nice story, which is why we have our panel here today. The result of it was pretty impactful. We have launched this product as of October of 2018. And you can see there's over 20,000 enterprise customers that are using this. This is for the Cisco Umbrella product, where we effectively have those number of customers. So it's been a huge adoption in not only that, but active users and the discovery and control of all of these applications. So let's go ahead and start our discussion with this in mind. And I'd like to kick it off, [ Joseph ], with yourself, if you don't mind, which is one of the hardest things that we know about building products is understanding the what and the why. What are we doing? Why is it important? Given that many of you didn't know each other prior to this product, can you start us off by telling us how you came together?

Sure. So when we got started with this product effort, I had just been hired into Cisco. I've been hired into the Cloudlock CASB team. And I wasn't familiar with any of the members that were part of this team. I was asked to design a system to start from scratch. Imagine a greenfield project, where you start with nothing, shared nothing. We didn't want any dependencies on old technology, we wanted to make everything brand new, and we wanted to set this up so that it could succeed as we integrate it with other Cisco products. One of the challenges there is when they asked me to do this, they said, we're going to go next week, and we're going to do a kickoff. That meant I had 0 time to think about the problem, which presents its own kinds of challenges. And when you think about a greenfield project, we had to actually design not just the product and what it would do, but the infrastructure, how we would manage that infrastructure, how we would build and deploy everything, everything you can imagine. And it's quite a daunting task. And so I put together some decks, but when we showed up at this kickoff, I very quickly went through these and I said, I think it's going to take this much time, which obviously, everybody wants everything right now. But as a team, we ended up spending a lot of times in different breakout sessions. And going over those designs and refining those as a team and approaching it in an MVP approach, where we acted as if we're a brand new startup. We understand we have tight and short deadlines, but at each layer of that architecture, we iterated together, and we negotiated until we found success. And I think that spending time with each other, really made a huge difference.

Interesting. Now where does that kick off? And how many team members that include you?

Oh, this was in Tel Aviv, and I've never been overseas or at least not that far overseas before. And I want to say there was probably -- at least all 30 people who were part of this, and we went through team by team and gave presentations, talked about how we understood the problem and what we thought we needed to do.

Okay. Any thoughts of any other team members who are there at that kick off? Any remembrance?

Yes. So one good thing about the teams were there were different teams, they all have their own working styles, but we all got together for 1 week, and we got to know each other. And when we went back, we were able to work with each other in a very productive way. I think that's one of the key factors here because we all are good in what we do, but the most important thing is for us to work together in the best possible way.

Was there anything significant that happened during the week to help you bridge those working styles.

Yes, actually. So one of the interesting things that happened for me is being in Eastern Washington and trying to bridge the divide -- the global divide of working with those teams, my boss agreed to let me relocate over there for 2 weeks. So I stayed with the team for 2 weeks, which is really cool. I got to meet everyone. And one of the things that I found about -- at least the teams in Israel is they really cared about making me feel welcomed. And so we spent every day and basically, every night together, where people would go through and they'd cycle through and take turns, taking me out and entertaining me, and I became very fast friends with most everyone on the team. And we did some really great things like we went paddle boarding in the afternoons, and we always made sure we ate lunch together. And so I think that was significant. Other challenges that we had, it was such tight deadlines, and we were moving so fast that we would constantly negotiate what we could achieve in this next sprint, et cetera. And one of the things that really stood out was we would do things -- and I think you'll talk about this later, is we did these things called accelerators -- accelerated workshops. And when we negotiated some of the more challenging pieces of the architecture, I would actually go out and have coffee, and I would have coffee with [ Ati ], the leader at the time, and we would negotiate when things could be done and find out, like, how do we manage that cadence. And I remember directly sitting with you and [ Ati ] multiple times, almost every week, I believe, and we would negotiate what was the cadence for the next sprint, what pieces were more important, and we would take that time and plan this out. So it felt like a very smooth process, even though we know that we were all learning during that phase. And so it was a real challenge. And I think that made a difference.

Yes. The power of that human connection and conversation is so great. So what we thought we'd also do is for our audience, since we are talking about diversity, and you might have heard about DNI or DEI, let's go ahead and define that. And so we've taken the opportunity to do that here. Diversity is effectively the fact that everyone is individual and different. So that's inclusive of gender, age, race, ethnicity orientation, all the things that you see here, something that we're very mindful of. Now one thing I didn't mention as we began this panel is, none of us are experts in this space. We just recognize the fact that we all came from different backgrounds together to build this product, and we thought it's a story that is worth sharing. Another thing we often hear about is something called equity. And equity is equal access to opportunities. Now this visual that I'm going to share with you really helps bring this home, I believe. There is a difference between equality and equity. Equality is effectively everyone has equal access, one size fits all solution, as you can see here. You have a single platform that everyone could stand on, but as you can see in the visual, not everyone can reach that goal, in this case, the apple. That's not the same as equity where everyone needs slightly different things to get equal access. In this case, some have gotten additional means to be able to reach that apple, you can see on the right-hand side. I was thinking of an example of this just earlier today. In our cloud security team, and you guys can probably empathize with this, which is we have town hall meetings. And the town hall meetings typically take place, facilitated by our general manager, on Thursdays, California time. So on the West Coast. But we have global teams and global teams are really in India and Tel Aviv, as we touched on, in the U.K., they cannot access that information at the same time. So we have regional town hall meetings. And we have leaders who help bridge that gap. That helps to form equity in this case because now all the employees have equal access to that information. So hopefully, that story helps a little bit. And then finally, I want to touch on inclusion. Inclusion is a sense of belonging. I feel we do this pretty well in our cloud security team, where we talk a lot about inclusive culture where people feel welcomed, valued, respected, accepted and heard so they can do their best work. So with that, Pallavi, we have a question for you. As we were embarking on this project, I believe we had an opportunity to bring together these different working styles like we were talking about. Can you describe a little bit about like the first few weeks or months together, building on what [ Joseph ] said, where you might have felt a bit more inclusive or integrated into this team. Were there any occurrences or stories that you can share?

Yes. So I think it started about 3 years ago, when Cloudlock was integrated with Umbrella and Cisco. There were 3 different companies, and we were all trying to come together and build a common product. So I felt very welcomed and there was, of course, a sense of belonging. We were invited to Waltham, the Cloudlock headquarters, and we had very useful and good meetings with the co-founders of Cloudlock also the other stakeholders. We spent a week doing brainstorming on how to build a road map for the product. We discussed how all of us could help each other. So that gave a very good feeling of belonging. And then we had a workshop in Tel Aviv that [ Joseph ] talked about earlier, which was very useful. We made friends with the team. And then after that, no co-location was not a deal at all. So we were very comfortable working with each other over WebEx teams or just having a phone conversation and trying to solve problems. And talking more about inclusion. I think it's in the DNA of Cisco. Every floor in Cisco buildings has its own culture, and every acquisition maintains their own culture. So we all work in different styles, but at the end of the day, we are able to work together very well.

Yes. Yes. So you touched on a few different things there. You talked about Cloudlock. For those who don't know, that was an acquisition Cisco made in August of 2016. Prior to that, there was OpenDNS, which is rebranded as Cisco Umbrella. That was acquired in the summer of 2015 for our audience. And so you had all these teams coming together, so you had this extra complexity. [ Yaron ], I want to touch with you on this. You were there through a lot of this journey, and you had these new teams coming together, but also integrating themselves within a greater Cisco. Did the team feel any extra pressure? Or are there things that you noticed that were just kind of unique to the startup culture emerging into a larger environment?

So I think more than anything else, what describes these two products and the cultures that stand behind them that have built these products is, like you mentioned, that start-up type of culture, which kind of gives the teams a huge advantage, right? When you're faced with something new, you have 2 types of reactions: one is to be either defensive about that and the other one is to see the opportunities that are involved. And given that these teams are kind of young teams, they came with a lot of drive, it was almost more like they were thinking, oh, here's a great new toy. Here's a great thing that kind of complements what we have or fill the gap that we have and gives us the ability to go to the market with a much stronger element or a stronger value. I think that's definitely on the business side and on the technical side, on the engineering side, again, it's more like, hey, here's a new toy, let's play with it.

Claudia, did you feel any of that as well as you were integrating with the team and working with all these entities, maybe in different parts of the world, you hadn't worked with before.

Yes, absolutely. And for me, as a manager, it wasn't so much about a given project, it was more around the organization of the design team. Cloudlock had designers, Umbrella had designers, these two groups coming together introduced a whole lot of challenges from adding new time zones to the different teams using different tools and having to align on those aspects that new cultures that people hadn't worked with before. But echoing what my coworkers were saying here, I think you can either get frustrated and defensive about situations like that or you can have a more open approach and just think about the overall good. And if a group has a better approach to doing something, embrace that for the whole group instead of kind of like pushing back against it. And I saw a lot of that in these 2 groups coming together. There was a lot of openness and a lot of like thinking about the opportunities that these presented in order to overcome those challenges.

Yes. I recall also, having been part of this project, that it was very design and prototype-focused. You're doing a lot of Build, Measure, Learn, for those in our audience who're familiar with that engineering culture, and you had folks like [ Uri ] in Tel Aviv that were leading the charge there. And there are a lot of incarnations of this project. Did you feel for your UX team that there was learning that came from that, like they had a different way of going about solving a problem than perhaps a traditional team?

Yes. Yes. And I think everyone respected that there was the [ sign ] team that had been working on this for a while. And for us, it was more around like, okay, how do we bring this into Umbrella in a way that is as consistent as possible for the Umbrella customers. I think that's what everyone was thinking about. How do we align these things visually, how do we make it seamless going from one part to the product as we bring this new feature in.

Yes. Wonderful. I want to take it back just briefly to something [ Joseph ] you had mentioned, but, [ Yaron ], from your perspective in that part of the world, which is these accelerators, right? A lot of the effort was driven, as we acknowledged earlier in the kickoff from Tel Aviv in engineering, and they had this unique style of how to actually solve problems and get things done and bring people together called the workshops. Can you touch a little bit on what that was like and how that maybe has seeded itself in the organization?

Yes, sure. So there is within -- general, the thing is really culture this kind of tendency, which can be a bit abrupt for some, but involves getting down to business. Not skirting around issues but actually getting down to work. So in general, I see meetings as having two different types of meetings. There are meetings where you talk about something and there are meetings where they're more like working sessions. These workshops were working sessions. They almost became like mega hackathons. So there were deliverables within the actual workshop itself, not just at the end or maybe a few months down the line. People got a chance to actually work together. And one of the really cool things about that is -- you were mentioning equity and equality beforehand. One of the great elements that I guess, promote to me equity is the fact that you have technology. So you're not just walking into a room with people that are different and have no common basis. Their common basis is the technology. They all have their expertise, they're all coming together to work on something. Take that and kind of add a very deliverable oriented type of event, and you actually get things coming out of there. It's not like you're only planning something, you're also actually building it while it's happening.

I see. So at the end of that given period, you had something to show for it. Is that right?

Yes. Exactly. We already had something not only to show, to demo, but we had the basis. So it wasn't like we were thinking only about the ability to kind of prove a point, but also about how that can then be used as a foundation.

Right. [ Joseph ], you and he hinted at this a little bit earlier, how do you feel that, that has persisted, if at all, in the organization?

So to be completely honest, working with that team, embracing that culture, fundamentally changed the way I work every day.

And how long you've been working?

I've been in engineering for 20 years, and I've been at Cisco for about 3. And when we do these accelerators, one of the things that I saw was each one of us brought a special talent, professional skill. The equalizer was absolutely technology. I wouldn't say it was always that way for everyone. One of the larger challenges that I saw was, I would introduce new technologies or new approaches that scared a lot of people, but because we spent time together -- I went out of my way to spend time with these folks. We trusted each other and I would take them on a journey of learning brand new technologies, brand-new approaches, and they would go with me in that journey, and we would accelerate that. We would accelerate that in exceedingly short periods of time. And within a small amount of time, they would actually develop what I thought was groundbreaking technology, and they would do that in a way that just kind of blew my mind. And so this is something I've repeated over and over and over again, since I've been here.

Yes. Can I ask you something? You mentioned trust, and they trusted you.

Yes.

Can you comment on how that came about?

I mean I think it was -- when I looked closer at what drives them. I spent time to talk to these folks. Talk to them and become friends and talk to them about personal things, the personal ambitions. What did they want to do. And we would work as a team to actually drive toward that. At the same time, I would provide anything that I could to assist in their efforts. And they would do the same for me. So we became a team. True team.

Okay. Wonderful. Pallavi, I was thinking of a conversation we had before around the integration and [ Yaron ] was touching on the Israeli culture and maybe just their nature. I know you were also learning of that as you integrated with the team. Can you comment on that?

Yes. So first of all, it was very nice of the HR and Cloudlock to expose us to the Israeli culture. And they told us that they're very straightforward. So don't take things the other way. That's just how their culture is, and I found it very useful because the team was very good at giving feedback, early feedback, very good reviews, which helped us a lot. And going back to the workshops, I attended a couple of those, and I found them very useful. It was like a 1-day sprint for 5 days. And at the end of the week, we were able to accomplish something very substantial. And we got early feedback, and that was a very good kick start for the App Discovery product.

Yes. And I believe these workouts were not just limited to engineering or architecture. I think Claudia, would you agree that this has also seeded itself in other parts of the organization?

Yes, absolutely. Absolutely. Yes. And this, we see this all the time.

Yes. Okay. So I wanted to switch over a little bit and talk about something else, which is this concept of unconscious or implicit bias. So by definition, these are learned serotypes that are automatic, maybe unintentional, deeply ingrained in us and universal, but they influence our behavior. I was thinking of an example of this, and I came across something that one of my colleagues cited where they said they entered a meeting, and they were dressed in a particular way. They happen to have a suit because they just came from a conference, and they're going blindly to this meeting and a bunch of people that don't know this individual. And they naturally assume that he, in this case, was the boss. It turns out the boss came a few minutes later, very casual looking. But by then, they had shared a bunch of information with him that he didn't necessarily need to know, but they just made this assumption. So Claudia, a question for you as a hiring manager and someone who's focused on ensuring that we have diverse teams, how does one actually recognize and maybe check or overcome these biases?

Yes, I think it starts at the hiring process, I think it's important to have diverse interview panels. If I am a woman and I am interviewing at a company and everyone in the panel is a man, I may not think that there's a place for me in that organization or that my voice might not be heard. So I think that's the very beginning. And then I think it's important to keep it in check in day-to-day interactions. I can think of meetings as being kind of like a place where some of those things come to light, right? So when you have a meeting where some people might be culturally wired to be more on the quiet side and not really speak up, some people on the contrary are very loud, and they sort of like take over the meeting. So I think it's important. It comes down to self-awareness, and it comes down to having present that those biases exist so that we can spot them when it happens, whether it's in our own behavior or in others and bringing it up and having constructive ways of addressing it.

Yes. For the rest of the panel members, is there anything you find that we can do to help support that a little bit better?

I would say just lean in.

What do you mean by that?

Give people the opportunity to talk, ask them what they think, ask open-ended questions and truly listen to what they're saying, try to recognize your own biases or your own failures, when you look at somebody. You might have different opinions, just on that very first impression, like you were talking about. And if you recognize that in yourself and you lean in, sometimes, you're very much surprised on what you find out about the other person.

Yes. Yes, it's amazing what you can learn if you just listen and hear others. Any thoughts, Pallavi, your own view on what you can do to support that environment?

So resonating with what Claudia said, we have a culture in our team that we give everyone a chance to speak, like people from different cultures have different working styles. So some people don't like to talk. So we make sure that everyone gets a chance to speak. So it's -- in one way, if you have equality, then it solves lot of problems. [ Yaron ], would you like to add something?

Yes. So a lot of this has to do kind of like also with the leaders that are in the group because -- like you've all mentioned, there are quieter people and there are people that kind of are more expressive, and leader like a good quarter back, kind of, also makes sure that the ball gets to the different players in the team, kind of gets that ability to express themselves, and sometimes even bring them into discussions in smaller forms. But at the end of the day, I mean, our main strength is the people that are in that room or in that team or in that effort, having the ability to give them their voice is pretty much one of the main goals, I see on the leader's part.

Yes, wonderful. So as we talk about this subject, I also figure that you guys have some insights or stories that you wanted to share. So in no particular order, I want to go around the table and open it up to you. We have a lot of leaders who are listening to this and thinking about this concept. And it's not always easy, but we want to surface the fact that diverse people coming together with different opinions, different backgrounds can do amazing things. So as you have the audience listening to this, is there anything you want people to take away from the discussion that we haven't touched on already. Claudia, I'll begin with you.

Yes. I think it's important to keep an open mind and to give people the benefit of the doubt, assume good intentions. When different cultures come together, different backgrounds come together. Someone might say something that rubs people the wrong way. Like this is natural. It's going to happen. And I think as long as there's that trust foundation that we talked about and assuming good, assuming good intent, the team should be able to work through those things constructively and get the most benefits out of this diverse way of thinking.

Yes. Nice reply. [ Yaron ]?

Yes, so more than anything else, there's a reason, if you're on a team that you've join that team, be yourself more than anything else. If you're quiet, tap into your quiet element. If you're expressive, be expressive, but don't try to be something that you're not and try to bring across, I think, your personal voice and your personal capabilities, because, again, there's a reason they wanted you on that team in the first place. So just be yourself.

Good. Pallavi?

So I think engineering teams should not shy away from hiring people with diverse backgrounds. For example, our team in San Jose, the research team, especially had a person who was a bank manager in his past life. Then we had a chemistry major. We had a math PhD. So these diverse backgrounds brought different ideas to the table, and it worked together very well. So I think leaders should not shy away from hiring people with noncomputer science background for coding-related roles.

Wonderful. [ Joseph ]?

I would like to actually support that thought. I mean a story comes to mind. I think about somebody who, kind of really impressed a lot upon me that I had an opportunity to work with. It's very easy for you to meet somebody and you look at their credentials or you look at their background and you say, okay, yes, this person isn't the right fit. And you immediately shove them off. This particular individual was a film student. If you think about high-tech -- film and high-tech, those two don't necessarily mix. And I don't know, most people would overlook this individual when they were thinking about hiring for a technical position. I remember having discussions with this guy, and he was exceedingly intelligent. He was self-taught in programming. He could absolutely do the work and he used to have really insightful things that he didn't really understand he was saying. For example, I'd say, hey, this is a design that I think we need to meet. And here's why. And he would look at it and he'd say, that's great, but I have to operate that. How do I look at that and say that's making my job easier if you're going to add more work, please make sure you're moving something. And that was an important statement. Later, I spent time with customers. And I started listening more carefully. And I heard the exact same thing, not to point fingers at myself. That's not really what this was about. It was about the opportunity to listen to somebody who had brilliance in just what they were saying, even though they didn't know they were saying it. And the fact that he was with us, he was part of our team, made a huge difference in the way I started looking at other problem sets. And I think this is something that's transcend everything I've done from that day forward on every design. And when the teams work with me, I look to see how do we make the most successful product, how do we hit the target and still achieve objectives where people feel strong about what they put out there.

Yes. It reminds me of the scientist, Bill Nye, and his quote, "everyone you meet knows something you don't".

That's right.

It sounds like you've cited a few examples here today where it's really changed your career and the way that you actually think about things even in an advanced stage in your career.

That's right.

So with that, I wanted to wrap up our session here. And if you are a Cisco employee, there are a lot of resources available to you. You have the office of inclusion and collaboration, where you have diverse talent accelerators, the Multiplier Effect, which is an initiative that was started by a Cisco executive. I encourage you to continue the conversation with any of us, our Twitter handle, social feeds, you're welcome to do that or in the comments for this recording. And hopefully, if you took something away from this session, you find an opportunity to pay it forward. Be mindful of those that are with you that have a voice and that do not recognize inequality. If it seems off that people are not contributing to the conversation, and you feel that they have something too, or they have a different opinion, but that's one that is well served to share with others, please help to encourage that and bring that forward and be open, as we talked about in learning from others. So with that, a quote I love to cite is, "Strength lies in differences, not in similarities", from Stephen Covey. There is really an opportunity in what we're talking about here. It's not always the easiest path, I will say, but I encourage you to put in the hard work and the rewards will come over time. I'd like to thank our panel for joining us here today. I thank you for trusting in this session. I also wanted to thank the Master Series studio and the film crew here and [ Shareef ] and team for trusting in this topic to raise this platform for us, and thank you to all of you for listening. I encourage you to take this path forward and create the things that you wish existed. Thank you. [Presentation]

Hello. Welcome to Cisco Live Master Series. In this session, we're going to be talking about Meshing With Your Mess. My name is Shannon McFarland. I'm a Distinguished Engineer focused on cloud networking and other cloud-native technologies such as Kubernetes and Service Mesh. Today, we're going to talk about the Service Mesh. What does that actually mean, when we look in microservices and Application Deployment. Then we're going to get into what a Service Mesh is and why you may want one. And then we're going to pick 1 particular example of a Service Mesh, Linkerd. And we're going to talk about the architecture of it, the design of Linkerd, how do you obtain it, and then we'll walk through a live demo of what Linkerd would do with a specific sample application we have. Then since Linkerd is an open-source technology, we're actually going to talk about contributing to the open-source technology within the community. And then we're going to wrap up with deploying Meshes on the Cisco Container Platform. So the Service Mesh. Before we get into microservices and the Service Mesh solution to some of these problems, we kind of talk about the monolithic application, where most of the applications historically have been, where you are taking a single executable or a single binary and you are wrapping all of the infrastructure components such as logging and a web interface and databases, into that monolithic application. Then come along the microservices architecture. So within the microservices application framework, you break each of these monolithic components into discrete individual kind of byte-sized components. So you have web, you have logging, you have databases and so forth, but they are broken down into smaller more easy to manage services. But when you do that, you create a network of these services, in fact, that we've got to still deal with each of the services themselves. But now we have to account for how they're connected to one another. So when we look at scaling a microservice application, we first look at how we used to scale monolithic applications. So we tend to have kind of the scale-up model, where we would wrap more resources around that monolithic application. We may add more CPU or more memory or more network or more storage to make it more perform it based upon the load. We may also scale it out, create more versions of it and then create a network of those applications, maybe via a load balancer. When we build a microservices application, again, we have smaller byte-sized chunks of that application, but we use something like Kubernetes, which is a scheduling and kind of placement tool that we have to -- at our disposal for the microservice side, and we begin to just spray those services around based upon specific criteria. But as we do this, and we scale out those applications, we create even more interconnectivity and more resource requirements as it relates to how we distribute traffic and how we gain access to these applications. So the problem enters in when we begin to deploy service features for each of these microservices. So we can see here on the top right-hand side that we've got kind of a 3-part application built of 3 different microservices. We've got a Web Server, we got a Payment Service, and we've got Order Management Service. And what happens in a microservice world, and it's an actual benefit, is that we actually can have different teams, even different companies, develop using whatever framework using whatever tools they want for each of these components. So one part of this could be Python. Another part could be Node.js and so on. But what tends to happen in a lot of these kind of divide and conquer models in the microservice world is that each one of these teams begins to develop all of the infrastructure and service features for their own thing. So that could be their own version of logging, their own version of load balancing, their own version of security and trust. And then when we begin to scale that across each one of these microservices elements, we can see that, in fact, it becomes very difficult for us to actually get a singular view of everything that is happening in this application because logging and metrics and tracing and so forth may be disjointed. So when we start to lean towards this Service Mesh technology is when we begin to offload some of those features into a service-to-service communication element. And this is what we call a Service Mesh. So we still have the same services. We've got Web Servers. We got the Order Management. We have the Payments. But we take some of those service features and we deploy a Service Mesh that is responsible for taking care of all of those individual components on our behalf. So it is taking care of authentication. It is taking care of load balancing and so forth. And so we will expand upon this idea of a Service Mesh, taking care of some of these infrastructure components, so that the Application Development team does not have to inherently write that code for each one of their applications. So for the sake of our discussion today, we're going to take a look at an application service requirements list. And we're going to build on this and then eventually demo what this would look like inside of a Service Mesh. So we're going to assume today that I want to deploy my application on a microservice. And I want to deploy that microservice using Kubernetes. And then I have a bunch of individual service requirements that I need to handle. I need to be able to deal with service failures. I need to be able to deal with retries, but I need to intelligently deal with retries in such a way that after a certain time, I kind of give up. So I don't create a retry storm. And there's many other things that we'll talk through, circuit breaking and tracing and so forth. So let's define a Service Mesh, and then let's build a Service Mesh. So simply put, a Service Mesh is an infrastructure layer for service-to-service communication. So if we take a look at our topology here, we may have users or tools or a service that is consuming our microservice application, and we may be entering that through a load balancer or an ingress of some sort. Prior to a Service Mesh deployment in this picture, we would have each of our individual service components, maybe the UI, talking to the Payment Service. And they would be speaking to one another directly. Well, since we're building this microservice application on Kubernetes, we use this concept of a pod. And a pod is just simply this abstraction or this component that we put more than one container into. In this particular view, we have the main body or the service container listed in blue. And then in the Service Mesh deployment, we do something what we call injection. We inject a sidecar proxy. Now sidecar proxies have been around for quite some time. What makes them interesting in the Service Mesh piece is not only is the sidecar proxy doing stuff on behalf of the application, but we are also wrapping a control plane to better manage and create visibility of each of these sidecar proxies. So we're going to use this theme throughout the rest of our session together, and kind of look at what are all the architectural components that make these things up. So quickly, what are all of the Service Mesh options out there? There's a lot of hype around each and individual one because there's alignment with some versus another based upon the community that you're associated with, and even based upon the organization you may be associated with. Today, we are focused on application Service Meshes. These are Service Meshes that are dealing with applications from Layer 4, like TCP, all the way up to Layer 7. So you can see the list here, things like Istio, Linkerd, which is one of them we're speaking about today and many more. There are also other types of Service Meshes out there. So Network Service Mesh is focused on similar types of problems, but they're really aimed at Layer 3 connectivity. And then there are the historical types service proxies and API gateways that have been around for quite some time. So let's pick one of those Service Mesh types, Linkerd, and kind of build on what it does and how we would use it. So Linkerd is a Service Mesh project in CNCF or the Cloud Native Computing Foundation. And this is an organization that handles many big-ticket open source projects, things like Kubernetes, Prometheus and many others. So Linkerd has been around for a while, and you can see kind of the short list of customers that use it from day-to-day, to include Cisco Webex, and it is growing in popularity and get a very strong community. So what does it do? Well, these particular items that we see here in this slide are not necessarily just specific to Linkerd. Most of the application Service Meshes try to accomplish these 3 things. So the first one is observability. We want to be able to create a service level view that includes successes of each of our connections between every one of our microservices. What are the latencies between those things? What are the throughput criteria associated with that? And then finally, we want to have a service topology that shows us graphically the flow of traffic and what all the dependencies are in our services. The next is reliability. We want to be able to, based upon a policy, identify how many retries, when do we do retries, time out value, how do we do load balancing, maybe we want to spray traffic from one part of our deployment to a different part of our deployment based upon a canary release, maybe a new version of our application. And then finally, we also want our Service Mesh to kind of offload the requirements we have with things like Mutual TLS or Mutual Transport Layer Security. This is dealing with encryption. But not only is it dealing with encryption, it's also dealing with trust. How do I know that one service communicating to another service is who they say they are? And so these are the types of things that a Service Mesh deals with. And then finally, we want to wrap all of that up into a very ultra-light package, as we'll talk about in next slide. It's very important for us to ensure that we are not injecting latency into the application itself as much as possible. So this is exactly what the Linkerd design looks like, is in short, we want to do less, not more. When you begin to crawl up the application stack, especially at Layer 7, you have all types of capabilities of getting involved in the flow of those communication processes and doing magical things. The problem of that is the more you get your particular tool or Service Mesh or proxy involved, the more you can inject latency, the more you can delay certain legs of your application and the more you can create complexity. So the Linkerd design is focused around doing just what you need to do to make a Service Mesh work. And you want to do that from a 0 config perspective, meaning that you do not have to refactor your Kubernetes based application to make Linkerd function. The other thing that we talked about in the last slide, which make them ultra-light. We want to be able to introduce these components, both the control and the Data Plane that we're going to talk about here shortly. We want to do that in the most efficient and least impactful way. So when we look at the Control and Data Plane, which we wanted to talk about here in the next couple of slides, we look at a very low impacting components. We looked at the Control Plane, which is written in Go. We look in the Data Plane, which is written in Rust, which is a super efficient environment. And so we can look at something like sub-1 millisecond delay when we put a sidecar proxy in the delay -- in the path of this, we're really not negatively impacting the application. So let's take a look at the Linkerd 2 architecture, and then we're going to break some of these components down into smaller byte-sized chunks. And then we're going to show them in the demonstration. So in this particular slide, we're looking at Linkerd 2. There is a Linkerd 1. And it was built on, what we call, the Twitter stack. It was very JVM focused and had -- basically was not aligned necessarily to Kubernetes and so forth. So Linkerd 2 is again, comprised of a control at a Data Plane as most Service Meshes are and we've got several components here, and a few of them we'll mention here, but we're really going to talk to each one of them in detail in the demonstration. So first off, we have a CLI and a web interface that are talking to the public API, and we're going to work with both of those here in just a moment. Then we have the tap component. We'll also see that in the demo, but the tap component in brief is a way for you to take live detailed flow information from Layer 4 through Layer 7 and tap into those flows. We can see things like gets and post and so forth. The destination component is where the Data Plane or the proxy or the sidecar is going to find out where they need to forward or route particular request that passed through them from the application. Identity is pretty self-explanatory. That's where we're dealing with encryption and trust. The proxy-injector, we'll actually see in our demonstration, that is the component we use to inject the sidecar into the actual application flow itself. And then Prometheus and Grafana, these are 2 monitoring technologies that we'll actually look at in our demo. And then finally down the Data Plane, it looks much more simplistic, but the Data Plane actually carries the load of the Service Mesh. It is the thing that is there speaking on behalf of the application itself. So it is taking in Layer 4, taking in Layer 7 information and doing something with it. And so we'll talk through that as we move through the demo. So Linkerd, how do I get it? Well, getting it is pretty easy. So you got a linkerd.io and you can begin through the Getting Started page, and you can actually start looking at what features are in which releases and which one you might want to obtain. And because Linkerd today, Linkerd2 specifically today, is built to run on Kubernetes clusters, you would go out and deploy a Kubernetes cluster. You would deploy the Linkerd binaries. And then you would deploy or add Linkerd to your microservice. So the next few slides, we're going to kind of show some animation of building a cluster, installing Linkerd and then deploying a sample app. And then we'll switch over to a live demonstration after that to kind of work through what is it the Service Mesh is actually doing for this application. So we can see in this particular example. We're using the Google Kubernetes Engine, GKE, to deploy a cluster for us. And so we can see the clusters up and running. And then we're going to go out and do a get credential, so that we can actually log in and do stuff with our cluster. And then finally, we're going to go out and create a cluster role binding. This is a way to give us rbac or role-based access control to actually do things with the cluster based upon specific permissions. Then next, we're going to do the Linkerd setup. So most of the Service Meshes out there, you're just simply curling an install script. It downloads local to your machine. And it's just installing the client library. Once you do that, you export the path to go gain access to that particular file. And then you run a pre check against the cluster we just built. And it's going to go through and make sure that Linkerd can be installed in your Kubernetes deployment. What's happening now is that we're actually installing Linkerd in the cluster itself. So it's doing things, like deployments and cluster role bindings and service deployments. And it's basically building all of the things we looked at in that infrastructure slide. Then once it's installed, we do another check to make sure that Linkerd, in fact, is running as we want it to inside of the Kubernetes deployment. So finally, we can take a look at a Kube control and get deployed and actually look at all of those different Linkerd components that we looked at in the architectural view. So the destination in Grafana and the tap and the web service and all of those things in our environment is up and running. So finally, let's go ahead and install a sample application. So there's a book application out there that we're deploying, and we're going to engage with here in just a moment. So we basically go and install it, just like we would any other Kubernetes-based application. We're going to wait for that deployment to come up. And then once it comes up, we're going to then do that injection thing that I talked about a few slides ago. So that Linkerd inject is simply saying, here is an existing application that was just deployed. Inject the Data Plane or inject the sidecar proxy into each one of the microservice components that comprise this application. And then the next thing we want to do is we want to do these kind of per route metric type things. And so we do this by using OpenAPI or swagger components that are basically things we know about our existing application, and we create a Linkerd service profile. And these service profiles are, in fact, just routing rules. But they're not routing like you would expect in like a Cisco router. These are kind of Layer 7 routing rules that say how to gain access to very specific parts of our microservice application. And we can see, in this case, all of the successes are up for the things that we are trying to engage with. Cool. So we went through that process, and we've got our cluster up and running. We've installed our application. And so now we're going to switch over to a live demo here and actually take a look at what Linkerd is actually doing to our application. So as we switched over to our live view here, basically, we're taking a look at the Linkerd clusters that we've deployed inside of our Google Cloud Platform. And we can see that it's up and running. We can see that we've got a list of workloads. Those are all those things that comprise of our microservice application, authors, books and so forth. And we can also see that we've got an entire list of all of the Linkerd Control Plane Components. We also see that we have created a bunch of service objects. These are all standard Kubernetes types of things that we can see listed in here. And we can see that through our application deployment, our web app already has a public IP address. And if we click on it, we can now see our actual application. So this is a pretty simple sample application. It is a web app that we're looking at and that web app is actually going out and talking to the book's microservice and the author's microservice. So we can engage in this environment and enter someone in here. Add an author. We can add a title here, put a book count and we can see it's a functioning application. We can actually now see that our author and our books are there. So now when we go over to the Linkerd UI, if you recall, there's 2 ways into our public API. There's the UI and the CLI. We're going to take a look at both of them. So we're not going to walk through all of these different elements. But some of the big-ticket items that we want to look at is, for one, we can see all of the Kubernetes name spaces that exist in our cluster and in our particular case, our application is actually deployed in this default name space. So if we take a look at that, we'll do a refresh here. We might have actually timed out over here. Yes, that's what happened. We timed out on our dashboard. We'll give that a second to come back up. So that will relaunch itself. There we go. So if we come back in here and take a look at this name space, we can actually see, it'll start as traffic enters here, we'll actually start to see it paint itself out. But we can actually take a look at all of the deployment. This is everything that makes up our microservice environment. And we can actually go over and see all of the same thing inside of our CLI. So inside of our CLI, we can go in and engage with our Kubernetes cluster, and we can see the same types of information, and we can also engage in the actual Linkerd API itself by running the actual Linkerd command. So we can see here that we've got our web app. We can see what's in the Mesh. We can see what the latency looks like. And if we take a look in the UI, we can see the same types of objects. So now let's drill a little bit deeper into this environment. So from the web app perspective, we can actually see that we have a traffic generator that is generating traffic to the web API. And then our web app here is actually talking to the various components of that web page, the books, the author's page and so forth. Now here's what's really cool about a Service Mesh is in a Service Mesh, we are getting Layer 4 through Layer 7 time statistics. So we can actually see this information as being updated in real time. So we can actually see Layer 7 information, like gets and post happening in real time. So you're not having to capture this information or go dig for it way down at a packet capture. You can actually get this in real time. So we can click on some of these things, and we can see what service is talking to what service, what pod is talking to what pod and so forth, and we can even create a tap. So taps are great when something is going wrong. So if you have maybe a new version of your microservice application that someone just published into your Kubernetes cluster, and then all of a sudden, your delay goes through the roof and maybe someone's calling, saying that something is slow performing. You can click on a tap and actually generate real-time flow information. You can do it by CLI as well. And we can actually see all of these gets and post that are happening between the web app and all of the things that the web app is talking to. So we can actually go in and see all of the request, all of the responses and so forth. So pretty cool information. Also, when we kind of take a look at another way of viewing this, we can look at the Grafana and Prometheus part of our Service Mesh. So built into the dashboard is the Grafana view. And we can look at the success rate, the request rates, all the inbound outbound types of traffic. And we can see that on a per-deployment basis. We can even see all of the pods individually as they make up our microservice application. And so we can go into a particular pod and take a look at all of the things that it's speaking to and its live calls. And we can also pull up Grafana individually for specific pod. So that is pretty cool. Now one thing that we want to kind of dive into here real quick is when we referred to the sidecar proxy part of our implementation, that is one of the most important elements of any Service Mesh is that sidecar proxy. Because it's the thing that's getting in the middle of our microservice environment. So let's take a look at a particular view of a pod and see what a pod is comprised of inside of our environment. So we're going to take a look at the author's deployment here, and we're going to come back to our Kubernetes dashboard, and we're going to click into authors, and we're going to see down here, there's all the statistics that you can look at, but we can see that this deployment is based upon 3 pods. We asked for 3 pods, and we got 3 pods. So let's click into one of these pods. We're going to score all the way down here, and we're going to see that it actually contains 2 containers. We have that main body service container that we talked about. This is the thing that's actually running your application. And then there is the Linkerd proxy. If you are looking at an SDO environment, you would see an envoy sidecar proxy and then this service proxy. So most of the application Service Mesh is that do sidecar proxies, this is the way they're done. So this is really how things happen. Now what's really cool about this is that once the Service Mesh in your cluster, the Service Mesh in your application, the last thing that we're going to show here is the fact that as you need to scale out or shrink in your cluster, the Service Mesh just grows along with that. So if we come back here and take a look at our list of workloads, we can see authors has 3 of 3. So we asked for 3 pods. We got 3 pods. So normally, when you're actually building these applications, they will respond to traffic load. They will respond to all kinds of policy things that you might build in your framework, and they will expand and can track as they want to. But for the sake of our demo today, we're actually going to create a need to go and expand our cluster. So let's come back over here, and we're going to clear out of here. And we're going to go back into Kubernetes, and we're going to create a new replica. So our replicas currently now are 3, and we're going to create a fourth replica. So we're just going to add that. The cluster is already scaled. So if we come back here and do a refresh, we will see that we've got 3 of 4. 4 of them are being built. So that will take just a second to do. And we can see it's already done. So if we come back in here to Linkerd, we'll be able to go back to our list of pods, and we can see that we have 4 available pods here. In just a second, you'll see the success rate go to there. So again, we're not doing anything into the Service Mesh to expand its capability. We're letting the application expand and contract as we need to, and the Service Mesh is going to follow. So that wraps up our demonstration. Okay. So let's continue moving on. So as I mentioned, Linkerd is a part of the CNCF or the Cloud Native Computing Foundation. And that means it's open-source. So when you are dealing with an open-source community, you want to contribute to it. So Linkerd has an awesome community. So there's several ways of engaging with that community. So first off, everything we do in the CNCF world, we are doing pretty much against GitHub. So there is a GitHub project, where you can go in and look at all of the tickets and all of the poll request and all the things that you want to do from a development perspective. A great place to get started is to join the Slack channel for Linkerd. So you can follow the link, just slack.linkerd.io, and go sign up. And that's a great place to go in and kind of watch what the community is doing. What's on the road map? What problems are they having? What use cases are they trying to solve and so forth. And so that's a great place to go and get involved. Now the final thing we want to talk about is how can you get started today. So if you are running your own Kubernetes clusters, that's great. If you want to begin running your own Kubernetes clusters on maybe the public cloud, that's great as well. If you want to take a look at a Cisco product that actually deals with deployment of Kubernetes in a managed way, then we'll spend a moment talking about CCP or the Cisco Container Platform. So the Cisco Container Platform is a turnkey container management solution. And so its goal is to allow you to run Kubernetes on pretty much any infrastructure. It is straight up upstream Kubernetes but what CCP is doing for you is it's taking all of the weight away from you from having to go and deploy the Control Plane, figure out networking and storage and so forth. So it's there to automate the installation of not only the management cluster, but all of the clusters that you build from that point forward. The other cool thing about CCP is not only is it deploying this in your on-premises data center for Kubernetes, it also has the ability to reach out to AWS and deploy EKS clusters, Azure for AKS clusters and, coming soon, GKE clusters. So you can go into the single interface of CCP, deploy on-premises clusters and public cloud clusters and manage them from one place. So really quick, what does it look like to deploy a CCP environment. So the first thing you would do is once you receive the bids, you would go and deploy a Control Plane Cluster on whatever hardware you're working on. So for example, today, you can deploy CCP right on top of a vSphere environment or on top of a HyperFlex environment and so forth. So once you deploy that Control Plane Cluster, which is Kubernetes itself, you will then go from there and begin to launch tenant cluster. So these tenant clusters are what your real workloads are happening. And you can create multiple of these clusters. And they are basically treated as completely separate entities from one another. Now the reason I bring this up is not only is this cool because it really takes away kind of the headache of managing and operating the life cycle of Kubernetes, it also allows you to deploy the Service Mesh from inside this interface. So currently today, CCP supports Istio. That's that blue icon you see in that Cluster Ops screen, and that basically looks like the sailboat, and that's the icon of Istio. So currently today, you can go inside of CCP and enable Istio on your cluster from the UI itself. You can absolutely deploy Linkerd and other types of Service Meshes in there. But today, Istio is the one that's automated inside of CCP. So I encourage you to go take a look at that. Here are some references for you to gain access to what the User Guide looks like and certainly what CCP does with Istio. So to wrap up here, it's really about the application, not the infrastructure. For so long application developers have had to take on the platform operator role where they are not only writing the application, the business logic of making an application alive, but they've also had to deal with logging and metrics and availability and security and so forth. Now with Service Meshes, we can offload those things to maybe a platform team where their primary goal is to do those infrastructure components and then allow that application developer to focus on the application. We learned today that Service Meshes, from an application perspective, is there to inject these sidecars, along with the rest of our microservice application and then manage the life cycle of those sidecars on your behalf. We also talked about the things that these sidecar proxies in the Service Mesh do for us are there to offload the service to service communication things, such as authentication and telemetry and so forth. And the final part here is that the best thing about these Service Meshes is that you do not have to create a one-off implementation of these things like security or logging for every one of your application. It provides uniformity across all of your applications. So you may have service A and service B doing 2 totally different things, but they can be based upon a common Service Mesh architecture that allows you to not have to recreate what encryption looks like or recreate what logging looks like. So this is a pretty powerful thing to look at and a go evaluate if the Service Mesh is right for you. So that wraps it up for us. There are going to be some URLs that have been posted on the screen. My name is Shannon McFarland, and you can reach out to me at eyepv6, eye, e-y-e-P-V-6 on Twitter, and I'd love to continue the conversation with you there.

Well, hello, and welcome to Cisco Live, Spain. This talk here is Demystifying Zero Trust: A Technical Truth Versus Marketing FUD. Now what does that mean, a technical truth and marketing FUD? Well, to me, personally and to a lot of others, Zero Trust has become like cloud. It's basically a marketing term now. People use it as a way to want to sell you something. However, Zero Trust, in its real formality, should be a guideline. And if you don't know what a guideline is, a guideline is not required, like a policy. A guideline is like industry best practices. So ideally, it's recommendations for best practice for security. So my goal today, I'm going to have 2 things I'm going to do for you. First, I'm going to explain really what it is. I'm going to define Zero Trust, how we got here, what it means, the actual guideline; and second, I'm going to talk about how you can take this guideline and apply it towards your security capabilities. So ideally, use it to help you may be more secure. Hopefully, you'll walk away, after seeing this presentation, understanding what Zero Trust is, and you can actually really talk about it, not the marketing FUD that's out there and then also be able to apply it. Now you may want to know who am I? Like, why listen to me. My name is Joseph Muniz, or Joey, and I cover America, South America and Canada, for everything security at Cisco. I also, as you can see, I write a bunch of books. Now I'm not bragging by showing the books. The idea is, you can get an idea of my look at security, like I'm the guy that writes the pen test book, the security operations and the best practice book. Yes, I do some product stuff, too, but I try to look at security holistically. I do have some new publications, I have a new security operation center book, [ now ] on Cisco press coming out this year. I have a VPN book, yes, product-oriented, but more for the certification update for the CCMP certification. I have an ISE class coming out. It's a video ISE class, and I have training I'll be doing throughout the year for various certs. So that's my publications. I got a blog, thesecurityblogger.com, where you can see a lot of lab and stuff I talk about. And then lastly, on a personal note, I'm a football or in America, soccer player, where here, if you're in Spain, you may find me on the evening. So next couple of nights, I'll be out there hacking away at the local standards on the football field. So that's who I am. And again, this is about Zero Trust, holistically, not about basically a part -- a marketing pitch. So by the way, I have to mention, since -- if you are here in Spain, I have 2 other sessions. I have a session today at 5:00 p.m., which is going to be about reversing malware. Don't be intimidated by the malware term. I will be covering this, of all levels, so basic to advance. And then in 2 days, I'll be running a lab, which, by the way, hang with me, at the end of this presentation, I will give you my e-mail where you could request access to the same lab and be able to do things like the Zero Trust concepts I'll be covering today. So if you are here live in Spain with me, come check out these sessions. If not, I mentioned, you can reach out to me and I can give you a lot of the same content after today's Cisco Live event. Okay. So let's start off with the concept of Zero Trust. What is Zero Trust, what is people talking about, let's get through, demystify the FUD. So back in the day, security was simple. And when I say security -- cybersecurity. Essentially, people would put up walls. So imagine your firewall, maybe IPS, maybe antivirus, you put up these gateways on your Edge, or you put up this software on your end point and you're done. But the simple concept of defeat is what if something gets on the network. So as time has gone on and this attack and defend, constant change kept happening, security has become more complicated as a reaction to the attacks becoming more complicated. So you can't just rely anymore on, I buy this product and I forget about it. Any industry certification is going to tell you best practice is people, process and technology. You don't just go buy something and set it and forget it. It requires process, people actually looking at it, et cetera. So that is actually best practice. So hopefully, we all understand now. It's not as simple as putting a firewall on the network. There's a lot more to security. Now what's happened is people create these guidelines. I mentioned Zero Trust being a guideline. ISO is another guideline. NIST, that's another guideline. These are recommendations for best practice. And as security has become more complex, people try to explain it via "Go to this guideline and learn about the best practice," where Zero Trust is pretty much the same idea. People initially thought about the idea of least privilege, and then sort of building upon that term of what should be the best practice for trust. Because essentially, that's what security is about, it's protecting data. Anybody will tell you also, data is protecting the data confidentiality, integrity and availability, or the CIA. So any certification, the CIA confidentiality, integrity, availability, which is all about data. So Zero Trust is all about protecting data. Over time, analysts started taking these terms and sort of throwing out, well, what is best practice for protecting data. And that's where like Forrester, Gartner, a lot of the analysts said, you know what, we're going to call this thing, eventually coined Zero Trust. So that's how this terminology -- that's how we got here today. But here's the challenge. It's not just least privilege. I asked a lot of customers, what is Zero Trust? What is it to you? And they throw out, "Oh, it -- least privilege." Now if you don't know, by definition, least privilege is, provide the least amount of access required to do your job. So if I'm an employee, but I'm not in HR, I shouldn't see people's personal information. I should just have access to what I need to do my job. That's least privilege. But again, that is not Zero Trust. So if somebody says, that's Zero Trust? No. Least privilege is a concept for security and it's an element of Zero Trust. So what is Zero Trust? How do we actually define it? How would you explain it to me? Here's how I will explain it to you. Here is a definition. Zero Trust is about people, it's about the technology, and it's about the data within the technology, it's all 3 of those. Now some of you may say, well, I understand that, Joey, I got it. However, this is the old definition of Zero Trust. So just by addressing people, addressing technology and addressing the end point, doesn't mean you're doing Zero Trust. Because again, we're talking guidelines, best practice. So here is what I would call the misconception or old Zero Trust, the original definition of Zero Trust, which is not the current best guidelines. If you look at these 3, the first 1 is eliminate network trust. To some people, this means if I do multifactor authentication, I'm good. I'm going to challenge that. The second is, if I do segmentation. I'm good. I'm going to challenge that as well. And lastly, if I do continuous monitoring, I'm good. So all I need is multifactor authentication, segmentation and monitor things, I have Zero Trust. Here is the challenge. I want you to think about this because you may say, "What the heck this guy is talking about, I'm doing this and I think I'm secure," here's the challenge. First off, if you -- it's called a golden ticket. You can do 10,000 factors of authentication. But if you don't continuously challenge a person, if it's authenticate them and then give them access to everything. If the attacker can compromise that device, they'll have access to everything. So this idea of Zero Trust for users has got to be ongoing. You can't just check onetime and give full access. And I'll give you some best practice in a little bit. The second is segmentation, which is fine. But what about if something gets inside a segment? A lot of people have challenges with -- and they use these terms like microsegmentation. Well, I'm going to keep segmenting and segmenting, but at some point, devices have got to communicate. And if a device gets on the network or a segment, that's called establishing a foothold. And from there they're an insider threat, and all they need to do is get between other segments or attack systems within that segment, and they're going to basically get into your network and do malicious things. Understand exploitation, it's called chain exploitation. It's never a -- like remember, like Jack Bauer in like, 24. There was a person, Chloe O'Brian who would go, "All right, I'm in. Like, Jack, shut off the cameras. I'm in." It doesn't work that way. It requires you to gain a foothold, understand the network and do different exploits to eventually get your way to the data. So my point is, if you're going to do segmentation but allow easy access to a segment, you're allowing a foothold on your network. The last one is network visibility or continuous monitoring. Now what I find, when I ask questions, what are you monitoring? What they're actually monitoring is just the edge. They have a next-gen firewall or some product on the edge, maybe some host stuff, and they got some general logs coming, but they can only see what they see. If you're not looking at inside the network, for example, then you're blind. Give you a common example. A lot of people, for data center security is a firewall on the edge, but nothing on the inside. Even though 90% of the traffic is inside the data center, it's all happening in here, they're just seeing what's coming and going. Another example on the end points, do you know about the processes, do you know what's actually running on the end points? Later, as I mentioned today, I'm going to talk about reversing malware where I'm going to basically disassemble malware, and talk about how malware will hide on your end point and disguise itself as basically trusted resources and trusted processes. So are you monitoring that? Probably not. So continuous monitoring is not monitoring in the edge, it's monitoring everything. And to me, these are the challenges. These are the gaps in the old method of Zero Trust. Because of this, the attackers are targeting these 3 areas. We're seeing a continuous rise in identity theft because, again, they know, if I can steal the identity, regardless of their authentication, then I can get access. And once I'm past the multifactor, I'm freaking in. Second, they understand that a lot of these IoT devices use apps. And the apps and the IoT devices, in both cases, suck at security. I live in America, in the U.S.A., and where I live, there are no laws to enforce IoT security, only California. And that law sucks. It's like so easy to work around that any big manufacturer can get a lawyer and work their way around. So my point is, there's no law, there's no reason to force IoT devices to patch and be secured. Now some vendors are very good. I'll give props to Apple. When Apple finds a vulnerability, they almost force you, like you have to update this right now. But the majority of IoT devices is not like that. So essentially, you could have a device on the network, you're doing everything you can, but it's vulnerable and an attacker could own it. Because there is no fix available because of poor development. Your only option really is segmentation and monitoring, in that use case. So again, attackers are exposing the weaknesses of the old approach to Zero Trust. I'll give you some examples. I got somewhat infamous in 2013 for our talk we did at RSA. This is Emily Williams. Emily Williams doesn't really exist. So she works at a restaurant at the time, I came in the restaurant, but they have like owls and they have orange shorts, and they sell chicken wings. I don't know if you know what restaurant I'm talking about. If you don't, Google orange shorts, owls, chicken wings, attractive women, you'll know what restaurant I'm talking about. Well, this person worked there. She gave me some pictures because I basically was doing a penetration test at a company located right across the street. And the idea was, can I own this company just using Facebook and just using LinkedIn. So we created this fake person. And literally, within an hour, we're being endorsed for her Cisco skills. So congratulations on your CCNA. Yes, I know Emily Williams. This is all bull crap, like this is -- again, I've made this person up and took pictures of this person at the restaurant, yet people are still endorsing her. Within a few days, we are basically social engineering IT. The person in charge of mailing laptops was on Facebook. I noticed who that was. And as Emily Williams said, "Hey, you want to be my friend?" And that person was like, "Hey, do I know you?" Here's the challenge. Think about this. Do you actually know your own Facebook footprint? This is what I did. I looked at Facebook and saw 10 years ago that the guy worked at Hungry Howie's Pizza. So I said, "You don't remember me?" I was -- and I cooked Hungry Howie's Pizza and saw the person had 5 friends, 1 named Derek. And I was like, "I was Derek's girlfriend. You don't remember from 10 years ago? I'm Emily Williams, Derek's girlfriend." Then I click Derek's Facebook page, and it said current location, New York City. And I was like, "Hey, yes, I was in New York City, ran into Derek and basically, he told me that you happen to work here as well. And it so happens I'm a new hire. Hey, by the way, I don't start for 1.5 weeks because I have to finish my contract, but I would love to get a laptop and start working today." I got a laptop sent to me. Now you may think, oh, this whole social engineering thing was just that. No, no, no, much more. We -- actually to go back at this concept here. We actually did what's called the browser injection framework. It's called BeEF, it's a browser attack. And at Christmas time, we posted Christmas cards on Facebook to a lot of the employees. If you clicked our Christmas card, you would see reindeers dancing around, Merry Christmas, but we would be doing a browser injection attack and the attempt was to basically steal credentials and screen shots, that kind of stuff, which we did, got VPN access and owned the hell out of this customer. So again, you can do multi-factor all day long. If you get owned by BeEF, I am doing browser injection to your network. If I get VPN access, it doesn't matter about that, I'm already authorized. I'm stealing your credentials. Now the second thing is, well, what about end point security? Well, I did a talk at DEF CON, on a hacking conference last year where I hacked back. And the idea is you can wrap a payload, you can wrap a backdoor in any trusted software. So when I say continuous monitoring, we are not monitoring the data center. You're not monitoring the end points. It is actually easier than you think to create a backdoor and put a backdoor on a computer. What I'm showing here is exploit code that you can use using Kali Linux Metasploit. This is vanilla. This is like the hello world of programming. It takes you 30 seconds to create this backdoor in Metasploit. Then on the right, I have a tool called Sienna's Fireware 1, old, old wrapper, which literally you can take any application and wrap the backdoor in the application. So if you remember like Napster days, you could take a music file, a program, whatever it is and wrap a backdoor. And if the user opens that file, you own them. Now I'm not -- this is magic land, I know it'll be recorded. But in magic land, I want to hack back because there's these a-holes that will call you and say, "Hey, I work for Dell support," and try to trick people into installing stuff. So what I did in magic land was basically struck back. And I don't recommend doing this, by the way. But what I'm showing here is, first, I created a payload the same way that I just explained. I went into Metasploit and created a payload. Now these people sent me this document saying, we are Dell support. And here's a document, fill this out, and then they were going to start basically abusing my computer. So I took this backdoor and placed it into their own Word document and sent it back. Now here's the disclaimer. I'm dumb and I didn't actually fill up the document initially. I just got all excited and sent a blank document back. But it doesn't matter. All I need them to do is open the document. So what I'm doing here is I'm pasting the macro of basically the backdoor into the Word document where if you open the Word document, this will be hitting, this part here. But what would happen is, you would essentially be installing my backdoor while opening this document, unknowingly. So now the next piece is the phishing attack. And I'm basically phishing back. So I e-mailed them back this document and I wait for them to open it. Now again, I messed up -- I didn't actually fill out the document because I'm dumb. But I'm waiting, and I'm waiting and waiting, like, hopefully, this guy will open the document. And eventually, the person opens the document. When he or she opens the document, now I have a backdoor to their computer. So it's like hacking back. Now I got all excited and started like -- you guys to be -- fast finger some stuff. But first, what I did was I opened the access to their desktop. I want to actually see their computer. So you're going to see -- now I see the person's desktop. At this point, the guy is like, why didn't you fill anything out? And I'm like, oh, I'm sorry, let me fill out the document. But this is the person's desktop. And then from there, I fill out at the document and send them the actual document. But it doesn't matter, I already own them. Now my buddy who did the research with me works at a different company, so I'm not allowed to show the video. But what we did next was I turn on the camera, and you can see the guy had a turban and a beard. I can see the call center where they're basically doing these attacks across the world. Now at magic land, I destroyed the guy's computer and their data center, but I probably made them more secure. Because essentially, now they know that people could strike back and they probably could just get another computer and be good with it. So again, I don't recommend hacking back. It's illegal in many countries, and anything, I'm making them more secure. But my point is, I wanted to show how easy it is to wrap a backdoor and do the same thing that they're doing to you. So if you think your antivirus is good enough, if you think your continuously monitoring is good enough, I challenge that. And then lastly, is IoT. Oh, IoT. As I mentioned, the manufacturers, in a lot of cases, suck at security. These -- all these devices are examples of devices that I have owned with IoT. Now you may say, well, how do I do it? This is Joey's top 5 for hacking IoT. First off, understand a lot of devices have USB and micro USB, and you can plug in and get access to the IoT device. Now my favorite way to exploit IoT is, is basically IoT devices have firmware. And in a lot of cases, you can go to the website and download the image. Here you just download the update. I just showed you, you take spyware Sienna 1 and wrap a backdoor and then just get them to install the update, and boom, you pop that box. But as most IoT devices only look at the size of the file and the format, they don't have like a firmware validation like Cisco's, like catalyst switches or something that validates. This is not a valid version of code. No, they don't -- this is IoT. As long as the size and format is correct, your money in all run, including the backdoor that I just planted. So that's another way. A lot of the applications are very vulnerable. I did a talk where we're hacking these jukeboxes in New York City, where the jukebox would go to an app, and the app would call down the playlist. So all we did was pop the app and we would play that song -- Hansen, like doo-wop. It's like "doo-wop, do it," that really annoying Hansen song, and I would queue it 10,000 times. So imagine being in a bar, hearing this cheesy song over and over and over again, and they got pissed. So they would unplug the jukebox, plug it back in. The jukebox would go to the app and download another 10 -- what, oh, we'd start the queue. Hansen 10,000 times. My buddy and I also hacked some toilets where the toilets had speakers, we played at Hansen. We made the toilets hot, we shot water in the air. So a lot of times, you're hacking the application, not even the IoT device. So oh, and JTAG by the way. JTAG. A lot of the IoT devices, you literally could open them up. And if you have a JTAG tap, you tap into it and you get root. Because what it is, is a lot of the IoT devices are buying chipboards from China and other countries, so they need a way to tap the chipboard. But they don't know how to get to the chipboard, so they use JTAG, which means as an attacker, you can open it up and do the same thing. I get IoT devices, they're very vulnerable so just assume that they're a high risk. With that being said, Zero Trust is not a firewall. Think about what I just talked about. How is a firewall going to help you on me wrapping backdoors in the back -- inside a computer? Zero Trust isn't least privileged. What about IoT, there's no user. Zero Trust is not network access control. Think about users off-network, think about cloud. This is what I mean when I say Zero Trust has become marketing FUD. Firewall vendors, access control vendors, IoT, IAS or identity type tools, all these vendors are saying, buy us and you have Zero Trust. They're all elements of Zero Trust. I would argue and say, yes, they can provide value for a Zero Trust architecture, but they themself are not Zero Trust. This is what Zero Trust is. According to Zero Trust extended, whatever framework or analysts you're going to talk to, this is the leading Zero Trust model, which is Zero Trust in people, workloads and data. What do I mean about Zero Trust of people? Zero Trust of people means you can't just authenticate onetime and get access to everything. Zero Trust for people means you do that. But once they're on the network, you authenticate them again. So for example, at Cisco, I have to do my multifactor authentication and we use Cisco Duo. So I have to prove I have my phone, I know my password. But they want them on the network, and I'd go to access my expense reports, the expense report says, are you Joey? If I go and I have to log in to some other sensitive system, that system, that application will request for me to log in. So there's no inherent trust for me. I log in to prove who I am as I access things. Now this may sound annoying, but with Duo as an example, it's super easy. I just click to prove I still have my phone and I am who I am. And that allows where if somebody steals my identity, they may not have my phone. Some people at Duo even argue, do we need passwords anymore? I'm not going to go there. But I would say that a solution that allows you to continue to authenticate people is the right approach from Duo -- Duo from Cisco is one example of that. Another example is the work load. And I've already talked about this. Do you know what's running on your end point? Could you tell that I have just phished you and you've installed or ran that Word document, but a backdoor is now running. Most people I talk to, that's a challenge, especially in the data center. They have no visibility of what's running on the servers, and essentially, they have a problem with security. Here's a concept. What do you think is more secure, whitelisting or blacklisting? Think about that. What is more secure, whitelisting or blacklisting. Hopefully, most of you are saying whitelisting. Yet, why is it that most people do blacklists? Because of convenience. To be clear, blacklist means these are bad, everything else is good. Whitelist means only trust this, everything else is evil. That's why whitelisting is better. But in most data centers, and in many cases, we're doing blacklisting because we don't know how to whitelist. We can say this is what's trusted. But 5 seconds later, everything changes. What you need is a way to understand the process level and the changes associated with the process level so you could start to enforce whitelist security. So I would actually argue and say that you need a monitoring solution that continuously monitors and creates policy. From Cisco, the technology I'm talking about is Tetration, where Tetration will learn and adapt and create whitelists that you can then spread throughout your technologies. So that's one example. Another one will be Cisco AMP as an example of a breach detection, and I say this because Cisco AMP actually does anomaly and behavior-based security. It's not signature based. So if you were to open that Word document, it would see why is every other Word document doing this, but this particular Word document is trying to open a backdoor. This Word document, there's no signature. So I don't want -- it's not day 0. It's a wrong terminology, but it's an unknown file. Yes, its behavior is unusual, it's malicious and it's unusual. So anomaly behavior is kicking on. So I would say Cisco AMP is one example. I would say Tetration are examples of technologies that can get you visibility into the actual end point, the workload. Finally, is the workplace. The workplace, as I mentioned, is access control-type technology, but you need access control and you need monitoring. If you're just doing traditional segmentation, but you're not monitoring what's on the network, you're allowing basically the attacker to get a foothold. So I do agree that you need to segment IoT, you need to segment switches using basically [ BUN ], ACLs, et cetera, for your printers, for your IoT, for your employees, for your guests, all that is fine. And you can do super micro, however you want to do it, but you also need monitoring within those segments. It can't just be the gateway. Examples of what I'm talking about from Cisco, ISE, which is a network access control solution, it's going to tell you who and what's coming on the network. However, a solution like Stealthwatch, for example, would monitor what they're doing when they're actually on the network. The same could apply for like vulnerability scanners. Do I have any vulnerabilities? Well, whether you're using Nessus or Tenable, whether you're using Rapid7's Nexpose, whatever vulnerability scanner you want to use, if you integrate that with your access control technology, now you know who and what's coming on the network and you're scanning them for vulnerabilities. So my whole point is, we need to go beyond access control and start to think about monitoring between the segments and think about posture, what are we checking when these things come on the network. That's going to make your workplace much more secure. And to me, this is what I call a guideline. This is a guideline. If you look at what Zero Trust is trying to provide. It's -- this is the best practice for protecting your data. Zero Trust of people, Zero Trust of process and Zero Trust of the workplace. If you were to say, "Joey, what from Cisco can accomplish this?" I already talked about Duo. Duo is one example of a way to do multifactor from the application itself. So you're constantly checking the user. Hence, Zero Trust of the user versus just onetime check and full access. Zero Trust of the workload is being able to monitor the processes and create your actual whitelist. And then from there, ongoingly enforce that as well as identify when we have unusual behavior like fileless attacks. I gave you 2 examples, Tetration being one tool from Cisco, Cisco AMP being another example that can provide that value, going beyond antivirus, which, by the way, AMP does have ClamAV, so there is antivirus, if you want that. And AMP does vulnerability scanning, you may not know that as well, but AMP for end point will actually tell you what vulnerabilities are on your end point. Lastly, I talked about that the workplace -- where I mentioned segmentation is great. But you should consider network access control, integrated with continuous monitoring. Not just monitoring the edge or a couple of places, monitor the entire network. I gave you the example of Stealthwatch being an example, where Stealthwatch can be on the LAN, it could be inside your cloud, it can even be on the end points. And I'll also give you the example of other integrations, such as the vulnerability scanner in other ways where you see what's happening. This is what Cisco would call our recommendations for Zero Trust, the Cisco trust, Cisco reference architecture. But to me, take away Cisco and call this a Zero Trust guideline. This is a guideline for best practice for security. Security is a cat-and-mouse game. If you think you're going to go buy a technology, and you're going to be secure, things change. Give you a prime example, when the sandbox first came out, super effective. You would take like a honeypot, sandbox combo, put it on the network, when you get an attacker, they want to attack that first, you get an alarm and you're done. What happened? Sandbox technology was reverse engineered by malware and now a lot of the malware's sandbox aware. So whatever technology you're going to buy, I assure you, just like I do research, as you saw against the attackers, they're researching our tools. They have Palo Alto, Fortinet, Cisco in their lab. So you need to continuously invest and think about how to make security better. A lot of you probably have the old model of Zero Trust, multifactor authentication, some continuous monitoring and some segmentation. You need to do more. The cat-and-mouse game. You need to continue to invest in security. You need to invest in your people, your process and your technology. And to me, the Zero Trust guideline can give you a lot of value. So I challenge all of you to think about what I talked about today. The challenges between the old Zero Trust model and see how your security will defend against that. Now as I mentioned, I'm here live, but a lot of you are not. And I want to make sure everybody feels warm and fuzzy with gifts. So here is a gift for all of you, wherever you're at in the world. I've written 2 comic books, and I'm working on a third. This is not, by the way, a phishing attack. I'm not a jerk. This is real links that to 2 comics I wrote. Both comics were hand drawn by a cartoonist. I paid USD $10,000 to have them hand drawn. They talk about a lot of the concepts. They like Mr. Robot. They're the real stuff versus like these fake comics like Superman flying around, doing magic. We have real concepts, real screenshots. You can see the bottom right-hand corner, that's a screenshot from like ransomware for example, and we talk about these concepts. So all of you can download these comics. They're super cool. I'm coming out with a third one, hopefully, later this year. But check those out. And I'll also give you my personal e-mail address because, as I mentioned, here at Cisco Live in Barcelona, I'm running a lab on Thursday. It's a 4-hour lab where you do basically attack and defend. And we're going to cover a lot of the Zero Trust concepts. I'm going to cover like what happens if you get owned, they get a backdoor, et cetera, et cetera. And I want you all to have the opportunity to do this lab. So if you e-mail me and say, "Hey, Joey, I saw your Master Series presentation. I thought it was pretty cool", hopefully, "and I wanted your hands-on challenge, let me know." What I need to do is go to Cisco dCloud. So it's cisco.dcloud.com, create a free account. Let me know you have free accounts, your user name and your e-mail and ask when you want to do this lab. And I'll be more than happy. I don't care if 10,000 people have this request. I don't care. I have 5 data centers around the world that could offer this lab to anywhere at any time. It's called a cyber-defense clinic. I'm one of the creators of this. You can see it, even though we're sold out on Thursday, but any of you could e-mail me at [email protected], and I will give you access to that lab. So I challenge you all to do a couple of things. One, check out the comics. They're a lot of fun. Two, reach out to me, take the lab challenge. You'll learn how to attack, what happens when you don't have the security. And then you'll learn about how to defend against it. Not to mention it's real stuff. So we just want to play with Kali Linux, if you want to play with some Sims, we have like Splunk, QRadar, et cetera, you're welcome to do that. And the last challenge is, understand security is a journey, not a destination. You can't think because you've made investments that now you're secure. Things are constantly changing. Security, you don't get -- you become secure, it's a journey. You keep investing. You need to think about things like tabletop exercises, which is basically, you go through scenarios, like I talked about today. Think about today, the attacks, I did. Walk through those scenarios, how would your company react? Do you have process in place, who is responsible if like I give you that same backdoor? That's called a tabletop exercise. Maybe penetration testing, it may be auditing. Challenge your security and use things like the Zero Trust guideline as a way to basically test and evaluate where you're at with security. So that's my challenge to all of you. Think about Zero Trust as a guideline, think about how you'll apply that guideline. Take my lab challenge, e-mail me about that and download the comic. I appreciate everybody's time. Hopefully now, if somebody asked you about Zero Trust, you're not going to have some stupid marketing FUD message. You're going to be able to talk about Zero Trust from a guideline best practice perspective, and more importantly, you could take that guideline and apply it against your own security. Again, my name is Joey Muniz. I'll be here all week if you're live here at Spain, Barcelona, feel free to come talk to me. But thank you again for your time.

Hello, again. My name is Jason Davis, and I'm a Distinguished Engineer with Cisco, and I'm part of our Customer Experience Services department. And I get the opportunity to talk to you today about the Cisco Live NOC. This is a wonderful place for us to work in as Cisco employees, to serve you to build this network in ways that delight you hopefully and allow the speakers to do the best thing that they can do across this venue. First thing we have to think about are -- when we're designing this network are, what are the functional requirements? So one of the first things we do is find out how many sessions are going to be recorded? And how many keynotes they're going to happen. And things like this, the Master Series studio. These are new things that we're being offered. And so we have to think about how we connect all this equipment up. What kind of switches we need? What kind of routing is going to happen? The wireless networking? And once we understand all the requirements, we try to think about providing a highly available, seamless mobile experience for you. We also need to recognize that we have to be able to rapidly execute configuration management at any time. We need to be able to change any switch, any port, any access point at any time. There are no maintenance windows, we just make changes whenever they're necessary. We also pride ourselves on thinking about providing high levels of visibility into the data that we collect. And we do that in the NOC area, where you can see digital signage that represents the same tools that we're using in our work area in the back. You can see the faults, you can see the metrics. And then we're also spending time tweeting out some of that information. And if you're interested, you can follow me on Twitter, I'm known as SNMPguy. We also are concerned about the security of your data, and we try to protect your privacy and security as much as possible. When we see problems on the network, we try to find you and let you know if you have been compromised in a botnet or cryptomining attack and let you know that you need to work on remediating your device. We also want to make sure that these systems are intuitive for managing our environment because not everybody uses the same tools all year long. Some of these people are vendors -- I'm sorry, some of these people are volunteers to help us out at any number of times through the year, and they not -- they don't use every tool at the same time in their regular job. We want to make sure that we're providing nonstop high-performance for all show hours. And then after hours, we kick back a bit, and that's kind of fun. After we've selected the hardware and software we have to think about the mapping of the functionality to how we need to monitor this environment. Sometimes, we think about what SNMP telemetry might be available if they're streaming telemetry options, if there's sensors, if we can use some new capabilities like NETCONF or REST, or if we have to fall back to doing CLI scraping through SSH connections. We also asked the question, "How often do we need to pull this data? How often do we need to see it? Is it interesting if we gather it more frequently? Or is it okay if we take a longer time frame to gather it?" Another good question is who's using this information? If it's a technical person, it may need to be portrayed in one way, but if it's an executive, we may need to be able to show it in another way that abstracts the information a bit more or predefines it, if you will? And how do they want that information, a dashboard, an e-mail, a Webex Teams message, maybe a PDF, or in some cases, we've actually provided APIs for other exhibitors to get access from us. And we have to do that in a secure way and a scalable way. How long does that information need to be gathered and maintained is another good question. And can we glean new pieces of information when we mash up the data from multiple sources. And what do I mean by that? Well, if I have data that's in Prime Infrastructure, and different types of data that's in DNA Center, can I bring those together and get new insights out of that? Different sources of information provide new insights. Now another question is, how long does it take to implement this? And if it takes too long, we don't have the time. We only have a few days to get set up before the event. And do we have the appropriate security, privacy and performance expectations of ourselves that you have for us also? Now we all know that we need to be ready by registration open. Nobody wants to get into registration queue and find out that there are hundreds of people waiting to get their badges, and you can't move because nobody is able to get a badge printed out. Those days, hopefully, are long behind us. The earliest parts of the event are focused on setup, obviously. Now what you can see here a little calendar, July (sic) [ January ] 2020, the 20th and 21st were travel days for most people. I left Raleigh, North Carolina, where I live in the United States, on Monday, the 19th -- sorry, the 20th, and I got here on the 21st, which was Tuesday. Started working. Pretty much Wednesday, the 22nd was when everybody was here. And we're starting to roll out the equipment, the switches to the different rooms, we're making sure access points that are needed in different areas to be filled in are put out there. And then by Saturday, we hopefully have the network up and running in a production way so that on Sunday, when registration opens, you guys are able to have a good experience. And then Monday, the 27th, we kicked off, and the network was ready to go. And hopefully, you've been enjoying the experience that we've provided for you. I want to share a video with you what this environment that the Fira venue looked like before everything was done. So let's roll the video. So here I'm walking through the back area, faster speed. In the IT management, they have these signs that would blink when you walked by, that was kind of neat. And then there was this coffee area, it hadn't been finished and the guys were working on a seating area. There's a lot of forklifts and other types of lifts that are out there, you got to be careful. People working on the different booths, the walk-in self-paced clinic over there getting their screens all installed. Here's our NOC area without the screens or any of the computers driving the monitors. And then we're walking up to the Cisco studio and over to where the social media hub is. The Umbrella area and then the Cisco store, and you'll notice they got all their 18 cameras there. This guy is working on the scissor lift and working on the lights. And then as I walk through the hallway between the halls here, you see where the water streaming is that would eventually become that water curtain. Now I'm going into the World of Solutions, which initially just said World of Solution and somebody noticed they were missing an s on that sign. So we had to work on that. And there's a lot of containers all over the place with the sound equipment, lighting equipment, people wearing high visibility vests to make sure they don't get run over by forklifts, or people driving by really quickly on scooters, like Remco and Paul. Just running by on the scooter there. And a lot of people are using scooters to get through this venue, going from end-to-end. We're talking millions of square feet of conference center space. And as we approach the back here, this is the Cisco Pavilion. And you can see we did not have carpet. We didn't have the booths done. We didn't have any of the screens, really. And this is where we take the environment from bare floor up to what you see now. And it's been really transformative to see in the last few days. Now here is the network diagram of what we eventually built for you. And what you can see at the top is the venue, the Fira venues acting as the service provider, providing BGP connectivity to our core routers, which were ASR 1002-HXs. We had dual 10-gig connections to this venue, right? We had multiple 100-gig connections down to our own Layer 3 core, which were also 9,500 next -- Catalyst 9500s with Quad 100-gig connections into the data centers. There was a data center below hall 2, another data center below hall 6 and 7. In each of those data centers, we had another set of 9500s that acted as the wireless network aggregation switch. We had 3 DNA Center appliances in each one. We had 4 wireless LAN controllers in each one of those also. Below that are the MDFs. These are, again, Catalyst 9500s, and these provide the aggregation points for all the smaller Catalyst 3560 switches that became connection points for access points, digital signage and the different classrooms where people were. And again, here are the equipment types and the quantities that we used, ASR 1002s, again, dual 10-gig connections to the Internet. Catalyst 9500s for our core and aggregation, Nexus 9336s for data center access. And a lot more of the Catalyst 95S and 93s for MDF access and high-density access when we had rooms that needed more than a dozen or two connections. 8 wireless LAN controllers, over 800 wireless access points. We had 8 HyperFlex units, 2 UCS Minis, and our NetApp partner brought in MetroCluster IP systems to provide 130 terabytes of storage for us, where we loaded all of our virtual machines, our management tools, things like Network Registrar. And then we also had a couple of Raspberry Pis. The Raspberry Pis, I set up to be GPS-enabled NTP time servers. And we put them by the windows in the venue, and they could see the satellites and get time signals from those satellites and provide good clocking through the rest of the network. We had a lot of software that we installed for this tool -- for this NOC. Prime Infrastructure, we had a couple of those systems, 6 instances of DNA Center, we had Cisco Action Orchestrator, which you may have seen me talk about yesterday. An Action Orchestrator provides automation and orchestration for us to glue together workflows to talk to the different tools, to extract information, to make changes in the environment and to create the dashboards that you had seen. And then we had various open-source Linux distributions like Ubuntu and CentOS. And these operating systems provided jump servers and it's tools like Samplicators. We had various scripting and InfluxDB and Grafana, and a fast ping utility called fping. And somebody asked me, what is a Samplicator? Well, a Samplicator is essentially a tool that takes in SNMP trap information, Syslog event messaging or NetFlow data and spreads it across the network. And why is that important? Well, if you have tools, that multiple tools that need that information rather than setting Traps, Syslog and NetFlow receivers on every device, you can send it to one target that's acting in a cluster and then have it spray that information across all the tools that need to consume that. We also used Ansible. And Ansible was a good tool to help us provision our data center equipment. And then we have a custom homegrown solution we call Cisco Live automation solution that was created by our very own, Andrew Yourtchenko. Thank you very much, Andrew. And that tool provided staging, planning and configuration management for the equipment as it was distributed across the environment. Now this dashboard shows us what's going on in the network. And while we have a lot of interesting graphs, RPM meters, thermometers and things like that. We asked ourselves, could we show this information in a topological way? And so we laid this architecture out in PowerPoint and then decided it would be great if we could find out what links are uploading and downloading traffic at different speeds. And we came up with a way that we could overlay that information dynamically on this PowerPoint and render it every 60 seconds. So if you go by the NOC, you'll see which uplink is pushing traffic, whether it's core 1 or core 2, and whether it's coming from the data center or coming from the wireless network. Obviously, we also have our own commercial tools like Prime Infrastructure. And Prime Infrastructure has been a great tool for us over the years. It is a legacy management tool that does element management, configuration management, inventory, software image management, fault management, and performance management, bringing all that information together for low-end devices, all the way to our highest-tier service provider equipment. But as you may know, the days of traditional element management are starting to be short. And we are moving now towards distributed fabric type networks like SDA, Software-Defined Access. So we also had Cisco DNA Center installed, which was providing the configuration management, monitoring and assurance for our SDA environment, which was in hall 5. Hall 5 is where 'Meet the Engineer' happened. So one area of this network was SDA. We also like to gather information about what's going on in the network? How much Internet traffic is being passed? And I lovingly refer to this one as the Jerry Lewis telethon dashboard. And what we're doing here is collecting SNMP metrics from each of the core routers and finding out how much of this is IPv4 traffic, how much of this is IPv6 traffic, how much of this is core 1, core 2. And then putting that into a nice dashboard with a time series representation so we can see when the peak activities were in the network, the low activities, and understand what the ratio and mix of IPv4 to IPv6 traffic was. This provided us some good insight. If you don't collect this kind of information, it's hard to make good business decisions about what you need to do in your environment. Now it's not always about serious documentation and instrumentation. Sometimes, it's about having a little bit of fun and sometimes people don't understand because they may not be hardcore technologists. What is a terabyte, what does that mean? I can't visualize that. So we spent some time. So if we were to take a terabyte and decide how much data is in the U.S. Library of Congress, how much data, if we were to digitize all of Beethoven's work or all of Shakespeare's work. Or if we go back really old home school and say, how much data would be on a 3.5-inch floppy disk? And we can do the math and do this dynamically and say that, in this case, 15 terabytes would be equal to 10 million 3.5 inch floppy disks. That makes me feel pretty old, to be honest. But also Blu-ray, DVDs and CD-ROMS. So this is kind of a fun way for us to represent how much traffic we've moved through the network. Also, understanding the wireless protocol distribution and how much traffic is going on wirelessly, how many clients are connected to the network, with your phone, your tablet, your laptop and whether they're using some of the older technologies or they're using some of the newer wireless protocols. As you can see WiFi 6, and we had WiFi 6 or also known as 802.11ax on the 5-gig band was enabled. Here, we're showing over 660 clients connected and we had disabled the 2.4 band specifically. I was really encouraged to see this traffic because last summer at Cisco Live San Diego, we had less than 1% of the traffic was WiFi 6. Here we are 6 months later, and we're up to 8.7%. And it's actually more than the WiFi 4, which is 802.11n combined. That is very interesting to me. That makes me think that the adoption of WiFi 6 is going to be pretty fast, probably faster than the adoption of 802.11ac over time. The other thing that we were able to glean using automation and orchestration in the NOC was pulling data from Prime Infrastructure and DNA Center and the wireless LAN controller altogether, where what were the clients connecting to from the SSIDs that we provide using the different wireless protocols. Now funny story about this graph when we used it a couple of years ago, was that we had a user with a client device that was on 802.11g but they are also connected to the IPv6-only wireless network. So we had to find this person and find out why they were doing this. For one reason, they were using 10-year-old radio technology. So they must have been very frugal. And the other thing was they were connected to the IPv6-only network. So they must have been very forward-thinking about network technology. So I wanted to meet this forward-thinking frugal person and give them a new USB dongle to bring them 10 years into the future with wireless technology. We also collect access point client load. So the information in the back is, again, collected from Prime Infrastructure, and we're using that orchestrator to gather all the access point information, all the radio information, and these access points may have 2 radios on them. And then all the client information. And all this is combined into a database and then analytics are done on it, and then a dashboard is created to show us what the most heavily loaded access point radio is and then we colorize them to make sure that we understand this access point needs to be modified, maybe the RF needs to be tweaked a bit or we need to add another access point nearby to help with the load. And this is good information for us to have. We also have other tools that are collecting information about the core network and the data center network, how much network address translation tables are going on? ARC caches, network discovery for IPv6. These are consumable resources, and it's important for us to monitor, and I can tell you why. About 7 years ago, when we were at Cisco Live, Las Vegas, we had an upstream service provider that knocked us off the Internet and we were no longer passing any traffic. And it took us a while to understand what was going on. And finally, after an unfortunate hour of troubleshooting, we realized we're not getting a routing table. It's supposed to be a huge routing table from the Internet, but it's much smaller than what we expected. So what we ended up realizing is, we need to monitor the size of our routing tables from the Internet. And it's okay if we see a little bit of fluctuation. But if it drops pretty hard, then we need to know what's going on, and that's usually a trigger for us to start talking to our service provider to find out why we're losing routes. Collecting that information after we made the mistake the first time is important. None of us expects zero defects in our team members. We know we're going to make mistakes, but we want to learn from those mistakes. And I'm happy to say that this team is very anxious to do that. To learn things about monitoring routing tables to monitoring IPv6 NDs, to make sure network address translation tables are being monitored and such. Another part of interesting information that showed us last summer at Cisco Live in San Diego was that we had a switch with a slow memory leak, we would not have seen that had we not been looking at this over a longer time period. And we realized yes, it's a memory leak, but it's slow enough that we can go for the rest of the show without having to reboot that device and causing any issues, and that's what we ended up doing. But again, if you don't have that information, you don't know how to make a good decision. Now we also have some fun with automation in the back. We have Webex Teams, and we like to do what we call chat ops, back there. So Joe Clark wrote this really cool automation that would allow you to talk to a bot that he put into the Webex Team room. And you could talk to the bot and say, Clive, get this IP address or get this Mac address. Now that information or directed message to live bot would go back to Webex Teams, they would do a webhook back to us at Cisco Live NOC, which would kick off some of our automations to look at the information for that IP address or that Mac address, looking through Prime Network Registrar, which is our DNS DHCP service. Looking through Prime Infrastructure, or looking through DNA Center. And so what you're seeing here is the bot getting the information and pushing it back into Webex Teams, which then push that message into the chat room. And now we have the perspective from 3 sources about who this device user is, where they're connected, what kind of device they are, IP address, what access point they're connected to, what wireless LAN controller is serving that access point and other types of information. This is very useful to us when we're trying to troubleshoot an attendee's wireless problem. Now another thing, I believe, is very important when we have a lot of tools is to try to bring that information together in a converged way. Now these tools provide good insights into their niche areas. But as an IT manager, I'm more interested in knowing how my overall IT ecosystem is working. And so I want to combine information about my routers, my switches, my access point, compute, storage, my applications, my voice and video information in collaboration. The consumption of different consumables or KPIs, how much of my WAN bandwidth is being used? If I can bring that together, I know where to focus my energies, and these are important considerations for us to have as IT managers. So what is it like to serve in the NOC? Well, it's a lot of fun. It's a lot of long days. And even with all of the automation or orchestration we're using, there's a lot of work to do. So it takes a lot of people, and these people need to get along well, and I think we do in the NOC. So it's a great thing. Now if you're like me and you're one of the network management operations-focused people, you're going to get there early, and it's going to be pretty empty. It's going to be 6 or 7 in the morning, and you're doing the network readiness checks to make sure that the core routers are working, DNS services are working, the traffic that's being blocked and access lists and firewalls are being blocked the way they're supposed to be, that the wireless LAN controllers are working, the digital signage and collectors are working fine. And it's pretty quiet in the morning until people start showing up, usually by about 7:30, we start to see a big ramp of traffic coming into the network. Now you can also see that our team likes to have a little bit of fun. If you noticed the DMZ tape that's on the left-hand side of that graphic, somebody decided when you cross this line, the demilitarized zone of this room, you need to check-in equipment using your badge. And when you cross that line, again, you need to check equipment out so we can make sure that we have good control about our inventory when it's coming in and out of the room. So the DMZ was the visual reminder for people to know to badge scan when they cross that line and go into the storage room, which is off to the left-hand side there. Now if you're on the wireless team, then you're very busy, you're sitting there, building up all of your access points, you're putting them on to mounting brackets, probably stripping off some old tape from a previous event and putting new tape on it to identify the equipment. And these folks are installing what was about 110 access points in the environment. So there's a lot of equipment to be done in a short period of time. What I also enjoy being part of the NOC when we get here early, is just walking through this tremendously large venue, and it's just empty. And you can see all these halls before the carpet gets laid down. And this is hall 3, the keynote area before they brought the screens up. And you can see that screens weren't even all functioning correctly because they had panels that were out. But it was interesting just to walk through, and I enjoy some of the audio/video technology to see electrical connectivity. You've got to bring in big amperage connections in all the amps, all the switching equipment and then eventually, it turns into what you've seen. And on the back of the NOC, we have our NOC team face wall where we have pictures of each of our team members, and they share something about themselves, like what they do for Cisco regularly, what country they work for, and what their hobbies are. And I may not work with somebody who's on the wireless side or somebody that's on the security side all that often, but going here, I can kind of get to know who they are. And this is the team that really makes it happen for us. So it does take a team. I'm proud to be part of that. But these are really the people that we should be thankful for, our Cisco Live 2020 NOC team members from all across Europe, some of us from the U.S., but all of us very devoted to providing you the best experience that you expect from Cisco. I thank you for your time. I thank you for the opportunity to serve you in the NOC, and I thank you for being a customer at Cisco. Have a wonderful day.

Hello. Welcome to Cisco Live Barcelona 2020. This is going to be a really interesting session that we're going to go through here. What we're going to be talking about in this session is Cisco silicon, and we're going to talk specifically about ASICs that Cisco develops. What I hope to communicate in this session is the importance of ASICs, how we develop them, how we create them, why we create them the way we do and the functionality that they provide. So I think this will hopefully be a really, really interesting session for you. Now anybody who's ever seen me present before will know that somewhere in my presentations, there's going to be a picture of a rocket or a high-performance aircraft. This particular rocket is a space launch system that NASA is developing. And the reason for that is because I tend to talk through things at a fairly fast rate, and that's why I put the #highbitrate on the bottom of the presentation. So by way of introduction, my name is Dave Zacks. I'm a Director of Innovation for the CX team within Cisco. I've been with Cisco about 20 years. Inside Cisco, we say we live in dog years. So if you're a little dog, that's 5 years per year. If you're a big dog, that's 7 years per year. So on that basis, I've been with Cisco anywhere from 100 to 140 years so far. You can see on the bottom of the slide here some of the things that I tend to focus on, which are flexible hardware, fabric networks, Assurance and machine learning. Those are all the kind of the areas that I specialize in within the company. And today, specifically, we're going to talk a lot about flexible hardware and delve into that in some depth. Now this is a quote that Chuck Robbins tweeted out. He tweets out from time to time, and I captured this one when Chuck tweeted it because I happen to really agree with this sentiment. The network is going to be more important than it's ever been because the network is really at the center of everything that we do in IT. Everything connects to it, servers, data centers, users, everything attached through a network. But I'm actually going to take the liberty of correcting Chuck because, in my opinion, it's not so much about the network being more important than it's ever been, it's about innovation in the network being more important than it's ever been. And that's really kind of what I want to go through in the session is talk about all the innovation that we're doing in silicon and that we're doing in ASICs. So most people have probably seen a stack like this, talking about how we develop intent-based networking. And typically, a lot of times, we focus at the top of the stack, up here with the applications and APIs and domain controllers, things like Cisco DNA Center. But what I'm actually going to do in this talk is focus at the bottom of the pyramid, the ASIC, the silicon layer at the bottom that forms the basis of all the platforms and products. So why do we want to start there with ASICs? Well, ASICs really are the foundational component that everything else is based on top of, and the functionality provided by those ASICs really conditions what we can do with the platforms are made out of and what we can do with the solutions that we make out of all the different platforms that we have. So here's a picture of David Goeckeler. You probably saw him at the keynote yesterday for Cisco Live. I took this picture a few years ago, and David is holding something in his hand there and pointing at it. And the thing that he is holding is one of these. It's a UADP chip. Effectively, this is a chip that forms the basis of the Catalyst 9000 product family, and before that, the Catalyst 3850 and 3650 platforms. So we're going to -- one of the things we -- we're going to talk about those chips. So one of the things we often see our executive is saying is that ASICs really are a pillar of Cisco innovation. I think that's absolutely true. But I want to explore it in a session why that is and how important they are because ASICs are a bit of a hidden gem in our portfolio. I don't think we talk about them enough. Now interestingly, I have given out a few of these ASICs to people over time. And sometimes, they're not so much a hidden gem. This is an ASIC that I gave this ASIC to a friend of ours, and she turned it into jewelry. She actually turned it into a necklace. And so that would be one of my challenges is if I end up giving you an ASIC at some point, see what you can do creatively with it to actually turn it into something that might be a piece of art. So to really talk about ASICs, we have to have a common language about ASICs and how they're designed and how they're built. So I'm going to go through a short period here where we're going to talk about ASICs and how they are designed and built kind of from definition to deployment. So when we start thinking about how we develop an ASIC, there's many, many things that go into it. We have to think about the state of the art of what's possible, market transitions that are happening, technology trends, R&D, what are customers asking for, how much investment protection and backwards compatibility we need to provide, what are our competitors doing? All those things get synthesized through marketing and then marketing interfaces with engineering. And you can see that's very much a 2-way arrow because marketing will ask for the moon, the sun and the stars. And engineering will say, well, I can't give you the moon -- I can give you the moon and the sun, but the stars are going to cost more money. There's a back-and-forth process. But at the end of it, what you end up producing is a specification for the chip and what it needs to do. After that, the code -- the chip actually starts off as code. Most people don't know that something that starts off as hardware like this is actually -- starts its life as a software. The chip gets written as a code. There are 2 languages that are used in the industry commonly for this: one is Verilog and one is VHDL. Cisco uses Verilog. And essentially, this chip right here, which contains about 3 billion transistors on it, actually represents a couple of billion lines of Verilog code. So the chip will get coded over a period of months, and then we'd run it through a process called synthesis. That code would essentially get compiled, but it wouldn't compile to an object code that would run on your laptop or your smartphone. It actually compiles to what we call a netlist. And a netlist is a file, maybe a gigabyte in size, that's what we would actually send out to the chip manufacturer to get the chip physically built. Now the chip itself is actually designed in pieces, and it has to go through a thing called floor planning and placement. You essentially design a chip in functional blocks, different areas on the chip. Just kind of like designing rooms in a house, you'd have different rooms, different areas. This is a bit of an art as well as a science because you -- for the different functional blocks that are placed on a chip, we have electromagnetic interference effects between the different areas of the chip that have to be accounted for. But effectively, we're connecting it up to power. We're limiting crosstalk. We're doing all the things that are necessary to get us to a functional chip design. After that comes the process that most people are probably most familiar with, which is actually etching the design onto a silicon wafer. So we start off with one of these. This is a raw ingot of silicon. This is what would go in one end of the factory. Effectively, you would have here a chunk of the pure silicon material. You're going to then refine that down into an ultra-pure wafer. And on to that, you're going to photo image the chips themselves. So we have a light source that would effectively etch the chips onto this. Now because of the high density that we use for chips today, we don't actually etch that on using light anymore because the wavelength of light is too coarse. We actually use ultraviolet or today, even extreme ultraviolet radiation, to actually etch the image onto that chip. And the chip is etched on with multiple layers as well just like multiple layers in a circuit board. It's a very involved process. This is typically where you see the people in a clean room running around. Now what we're really talking about here is transistors and how many transistors can I fit onto a silicon chip. Those transistors used to be discrete transistors. Now the transistors are actually implemented with a technology called MOSFET, metal-oxide-semiconductor field-effect transistor. That is a phrase that you should take back and talk to your family about tonight and quiz them on because that's just such a cool acronym. But effectively, what this is, is shrinking the transistor down to a very, very small size onto the die. And in fact, these are so small today that we actually use a technology called FinFET, where the transistor is spun on its side and we effectively build the transistors up in 3D to get greater packing density, kind of like moving from a single-dwelling house into a high rise. Now it's a little known fact that the entire technology industry, not just networking, but everything in technology is fundamentally based on 2 gate constructs, 2 circuit constructs called the NAND gate, a NOT-AND gate; and a NOR gate, a NOT-OR gate. These 2 gates have the interesting boolean property that they can be combined into virtually any logic circuit. So effectively, what we're doing is taking that code that was written, running through a synthesis process and ultimately laying out a huge number of gates, millions and millions and millions of gates onto the silicon die, which ultimately is what we're going to produce the chips out of. When you see this silicon die, what you're looking at is many, many, many chips that are etched onto that. And then the chips are all cut into pieces, packaged and put into this traditional silicon chip that you would see. So I mentioned at the beginning that I'm a bit of a space buff. So here's a bit of a fun fact. We put a man here as long as you believe that we actually did put a man on the moon. And if you don't, we can have an interesting discussion later about that. But we put a man here on the moon using this thing called the Apollo Guidance Computer. And that computer was built from 4,100 individual integrated circuits, each one contains a single 3-input NOT-OR gate. So in other words, we put a man on the moon with less than 10,000 transistors. But today, we take more than 19.2 billion transistors on the most advanced one of these chips to route your packets with the appropriate QoS and encryption and fragmentation and everything else that we do on that chip. So what we're really talking about here is transistors and how many transitions we can pack onto a silicon die. Now most people are probably pretty familiar with Moore's law. Moore's law basically states that every 18 to 24 months, number of chip -- number of transistors we can pack onto a chip will double, but of course, that's not a progression of 2, 4, 6, 8. That's a progression of 2, 4, 8, 16, 32, 64, 128, a runaway progression. So it's really the ever-shrinking transistor. We've gone from 65-nanometer to 45-nanometer to 32- or 28-nanometer or 22-nanometer. The current state of the art is 7-nanometer chip manufacturing and probably will be a 5-nanometer chip manufacturing within about probably next 12 to 18 months in production. So a lot of people have challenge with understanding how small a nanometer or 1 billionth of a meter is. So maybe by some comparisons will help. A human hair is actually 100,000 nanometers in width. So if you take a look at an individual hair on your arm or on your head, what you're going to see is something that's 100,000 nanometers wide. Maybe that gives you some idea of how small a nanometer is. But maybe we can draw another comparison, too. If we took one of those hairs, cut it into cross-section like this, so that's a cross-section of a single human hair, and made that as tall as the Empire State Building in New York, on that scale, a red blood cell would stretch up to about the 10th floor on that cell -- single red blood cell. A bacterium over here would stretch up to about the third floor. A piece of protein on that scale would be about the size of a small dog down here on the sidewalk. And then finally, over here, we come to this little pinprick, which would be a size of 3 pennies stacked on top of each other. And next to that Empire State Building-sized hair, those 3 pennies stacked together represent 1 nanometer. Now we build chips with transistors that are nanometer-sized. Like I mentioned, 7-nanometer or 14-nanometer chips are very common today. And if you don't think this is magic that we can build things at this sale, then I don't know how to explain magic to you. This is an incredible technology that we use. So there's a whole process, as I mentioned, that we go through to design and develop chips. Typical time line for a chip from an idea on a whiteboard to something that we're actually shipping out to the market is anywhere from 2 to 5 years. And the chip that I'm going to talk about here a lot actually took us 5 years to design. So there's a lot that goes into building ASICs. There's a lot of time and treasure that's spent developing chips. And the first question you might ask is, why do we do it? Why do we go out and develop our own chips? Why doesn't Cisco just go out to the market and buy chips from merchant silicon vendors and base our products in that? And the answer is sometimes we do that, but only a very small percentage of what Cisco actually ships to the market is based on what we call merchant silicon. The vast majority of our products use a Cisco custom-designed silicon for a bunch of reasons. One of those reasons would be something like simpler deployment options. So one of the things that we really would like to have is the ability to simplify network deployments. Most people are probably familiar with the Catalyst 6500 platform. The Catalyst 6500 has a really interesting deployment option called VSS, Virtual Switch System. And what we're able to do with VSS is to take 2 Catalyst 6500s, link them together with a number of 10-gigabit interfaces and make them into a single switch. All of them operate as a single switch. Now in order to do that, you have to actually extend the backplane header a packet would have when it goes into a switch. In other words, when a packet goes into a switch, there's a bunch of information about the packet that doesn't come in with the packet. These are things like, for example, which port did I come in on? Which port am I leaving on? What's my priority in crossing the switch fabric backplane? In order to link 2 switches together as 1 with a Virtual Switch System on the Catalyst 6500, we need to extend that backplane header between the switches. We have an ASIC, codenamed R2D4, that lives in the Catalyst 6500 supervisor module, which extends that backplane header for us. In other words, if I want the simpler deployment option, I need to have silicon support for it. Another thing might be better insight and optimization. So for example, one of the things that we really place a lot of value on is understanding what's happening in our networks. And for that, we use a technology like NetFlow. Now if you think about what a switcher or a router normally does, if I'm a switcher or router, a packet comes into me, I send it on to -- figure out where it needs to go, send it along to its destination without reference to any packet that came before or any packet that's going to come after. In other words, switches and routers normally operate statelessly. But there are a lot of instances where I might want to have a stateful information retained from the device. For example, maybe I'm tracking all the flows in the network from a security perspective or I want to do traffic planning, traffic analysis. So I want to use NetFlow. Now if you want to build NetFlow into a device, you need to build that in the silicon. You can't add this later through a software. And especially if we want the security application, I might need to maintain NetFlow information on every single packet going through the network. In other words, I can't just use sampled NetFlow and look at 1 out of every 100 or 1 out of every 1,000 packets. That might be good enough for statistical analysis, but it wouldn't do me any good for a security application because there, I need to be tracking every single flow. If you want full-flow NetFlow in your ASIC, you have to design that in upfront, and that's one of the reasons why we would take a look at that as a marketing requirement and then take that all the way through into the silicon design. We might want to increase security, we want to be able to use more flexible security and things like Cisco TrustSec, for example. If I want to be able to understand TrustSec headers in packets, I need to build that in a silicon. We, of course, need to build it to the appropriate scalability for devices. Things are far different at the access layer than they're different in the core in terms of scale and table size. But probably the most important aspect of this is what I call flexibility and investment protection through programmability. And let me talk a little bit about that. So when we think about how -- when we put network devices into our deployments, we normally want those devices to last for a period of time. Usually, when I talk to customers about this, they will tell me that they want that switch to last 5 years or 7 years or maybe even 10 years in a deployment. But think how much has changed in technology industry. Over the last 5 to 10 years, we're now seeing all the things coming with fabrics and integrated security requirements into networks. We're seeing encryption come in. We're seeing all these different requirements come into a network environment. And what we need is the flexibility to adapt to these because when these new technologies come along, we want to be able to adopt them. We don't want to have to rip and replace big chunks of our network in order to get there. So the -- here's how a traditional networking ASIC works, ours or anybody else's traditional non-flexible ASIC. The packet come into a port on an ASIC. So here's a representation of a packet coming into a port. Normally, what would happen is that packet would come into the port on the switch. And when it goes into the switching ASIC, the first thing it would go into is a parser block. The job of the parser block over here is to figure out what is this packet. Is it IPv4? Is it IPv6? Is it MPLS? What is it? It's going to examine it. Remember, we said the chip started this code. There's going to be code here that's now been turned into hardware, into silicon, that's going to examine that packet to figure out what it is. And that will handle a certain number of packet headers that it's precoded or prewired to do. Then the packet is going to move down a pipeline. And in that pipeline, it's going to reference some very fast-memory tables. But the pipeline itself is going to be fixed. It's going to have Layer 2 lookups, Layer 3 lookups, ACL lookups, QoS lookups. And the functionality of that pipeline, again, was created not at the time you buy the product, but the time we designed it, which could have been years earlier than when you buy it. Now it's going to go through an ingress pipeline. The packet is then going to go down an egress pipeline, assuming we didn't decide to drop it by reason of an ACL or something. The packet is going to go down an egress pipeline, go through a similar set of lookups on the egress pipe. At the end of that, we're going to go through a rewriter block where we're going to rewrite the packet. So for example, we might be rewriting the Mac address for the next hop, decrementing TTL for the next hop, where we're going to forward the packet out. Now this is how any traditional networking ASIC works. They worked this way for years. They're very fast, but the challenge is their fixed function. If you want a set of capabilities that, that chip doesn't do, then you're kind of out of luck. So for example, right here, I have a chip. This is a chip called ALUDRA. This is the heart of the Catalyst 6500, very, very popular switch platform, 6500 and 6800. This is a traditional fixed-function ASIC. So this means that it can handle, for example, on that chip IPv4, IPv6, MPLS, GRE and hardware. That's all great. But for example, it doesn't do VXLAN in hardware. If you want VXLAN, that particular chip is not capable of doing it in hardware because that protocol didn't exist when the chip was designed. So what can we do about this? How can we address this challenge, that this ASICs are fixed in nature and, yet, we want to keep devices in our network for a long period of time because real innovation is moving from hardware to software in networks. So the challenge here is that if I have a fixed pipeline, packet comes along like VXLAN or something like that, that the packet chip doesn't know how to handle, you'll get this dreaded, not supported in hardware. Now what that means is, at that point, there's really only 2 things. If a packet comes along, the fixed chip is not designed to understand, there's really only 2 things the chip can do. It can either punt the packet to the CPU, in which case we'll go from millions of packets per second to maybe a few thousand packets per second, so not very useful or the chip can drop it. So those really are your only 2 options if you end up with protocols that aren't supported in traditional fixed chip hardware. But yet, we see the network evolving. We see the evolution of the network to address things like fabrics, which are based on VXLAN and LISP and TrustSec and these different protocols, which we need to run end-to-end to create the intent-based networks that we want to have. So this is really where flexible ASICs come to help us. The concept here is a flexible ASIC is itself programmable, so different elements on the chip can be changed through software. What you would see as a new iOS version that you load onto a device and reboot the device, all of a sudden, you get a whole new level of functionality, but you get it in hardware because what we've done is we've changed or updated the microcode on that chip in real time. And now you've got a whole new level of ASIC functionality, but you get it at hardware speeds. So this is really an incredible capability. So for example, if we take a look at how does a flexible chip differ from a fixed chip, the first thing you'd see over here is that we have a flexible parser. Remember, I talked about that parser block and the portion of that chip that figures out what the packet is when it comes in. Well, on a flexible chip, the parser block is itself programmable so we can program that parser block to look at any different field in the header of the chip. For example, this chip, which is the heart of a Catalyst 9000 series switch, this particular chip, it can look up to 256 bytes deep into the packet header. It can parse on and alter anything in those first 256 bytes. That gives us the ability to have almost any packet header out there that we know about, even maybe packet header formats that haven't been invented yet, we could reprogram the flexible parser to understand them. Then we take those fixed blocks, those formerly fixed blocks in the ASIC pipeline and turn those into flexible programmable blocks as well. So what we see is that every block here can take a look at and alter the packet individually. In this particular chip, the UADP chip, the Unified Access Data Plane chip that the Catalyst 9000 is based on, we actually have a 17-stage ingress pipeline, an 8-stage egress pipeline. So I have 22 or 25 stages depending on the version of the chip that we can -- and each state -- that we can examine to pack it with, and each stage can do 0, 1 or 2 lookups on the packet. So we literally have dozens of opportunities to examine and modify the packet as it moves down this flexible pipeline. At the end of the flexible pipeline, we also have what we call a flexible rewriter. So again, the portion of the chip that rewrites the packet, that changes the packet as the packet's getting routed through the device is itself programmable so we can rewrite the packet in multiple different ways depending on what we need. So really, what this gives us end of day is complete flexibility in the forwarding pipeline, very, very different than a traditional fixed ASIC and much more flexible and capable. So for example, I can build a chip, and these chips will handle IPv4, IPv6, MPLS, GRE, all these different functions, including things -- more advanced functions like VXLAN, for example. Now VXLAN is an interesting one because VXLAN and GRE as well are tunneling protocols. And really, all the interesting things that we see happening in networking today are based around tunnels. So I'm going to talk in a short bit about how the chip handles some of these protocols that are tunneled. But one of the key things here is the flexibility that this chip offers -- a flexible chip like this offers. If we invented IPv7 tomorrow, and we hope the industry doesn't invent IPv7 because we've taken 20 years to adopt IPv6, but if the industry were to invent IPv7 tomorrow, we could probably handle it through this concept of the flexible, programmable pipeline, very, very powerful concept. Now I talked a little bit about tunneling and how tunneling is required for certain protocols. So for example, let's say, I took an IPv4 packet, spun it through the chip and my forwarding decision was this needs to forward into a VXLAN tunnel. Maybe it's entering a fabric like an SD access fabric, for example. So I take that IPv4 packet, then I wrap it at a VXLAN header, but now the destination of the packet has changed because now it's going to the end point of the VXLAN tunnel and not the end point where the user originally sent it to. That means I need to take the packet for another spin through the chip. We highly optimize the chip for what we call research dilation in terms of bandwidth and performance. For example, in this UADP chip, I can recirculate a packet off the end of the egress pipeline back to the beginning of the ingress pipeline in less than 500 nanoseconds. So we have a very, very high-performance research path. In other words, I can recirculate packets through this chip so quickly that you won't notice it. Now we could actually recirculate the packet up 16x if we needed to. We don't have a need in this chip to recirculate it more than 7x with any use case we've currently come up with. But recirculation is really key because all the innovation that's happening now in networking typically involve some sort of tunnel and requires recirculation. So the point here is really it's very, very exciting. And I hope I'm communicating that the passion that I have for this to you about how with ASICs that are programmable, we have the capability to update via software the chip but still operate the functions at hardware speed. I remember the first time I saw this within Cisco, sitting in the back of a building with a couple of hundred engineers in that building. And there was a lecturer at the front who is talking about this chip. This was probably about 3 years before we shipped the first version of the UADP chip in 2013. And this particular engineer was a gentleman named Hiroshi Suzuki. He would develop a lot of QoS functions within the chip. And I would estimate on Hiroshi that this up here runs at about 200 -- 100 to 200 gigabits per second. This runs at about 25 gigabits per second, so there's a significant speed mismatch there. And as you can tell by his name, he's Japanese by origin. And so when he gets excited, it all kind of comes out with 16-bit encryption. So I remember sitting at the back of a room of a couple of hundred engineers, trying to keep up with 25 gigabits per second of 16-bit crypto. But when I understood what we had built in this flexible chip, my instinct as an engineer was to stand up and applaud because, finally, we built this piece of silicon that we can adapt to different functions over time, and it's just a huge advance in what we're able to do. So you've seen this type of silicon come into our product line over time. You've seen this evolution from former platforms like a 3550 and 3750, and folks remember those platforms, that were based on fixed-function ASICS, up to our latest generation of silicon, the UADP, which really came to market with the 3850 and 3650 platforms and is now at the heart of everything that we build in the Catalyst 9000, right from the bottom of the range with the 9200 to the top of the range. And you could see that this is all Cisco-developed silicon. So we've developed all of this in-house, and we reaped all the benefits of what I would call vertical integration by doing so. And you can see that the very sophisticated chips, 7.5 billion transistors or the latest one now is actually 19.2 billion transistors, these are among the densest pieces of silicon being developed anywhere in the world. So again, this is a family of chips. It's been an evolution from our initial platforms based on UADP 1.0 and 1.1 up to UADP 2.0 and 3.0, which really formed the basis now of the Catalyst 9000 product line. And our latest version of this, because we don't always just make things bigger, we've actually gone smaller with a mini-me version of the UADP 2.0 mini, and this is where we absolutely based the Catalyst 9200 platforms on. So again, it's an evolution over time of all of these platforms. When we take a look at the core architecture of the chip, we see that we have on one side of an ingress boarding controller, talking to those high-performance lookup tables and egress looking forwarding controllers. So this is kind of the block diagram of the chip, if you will. And when we zoom into that a little bit more, what you're going to see is individual processing stages inside. I mentioned that on the UADP 2.0 and 3.0, we have a 17-stage ingress programmable pipeline, an 8-stage egress programmable pipeline. You can see those blocks in there called IGR and EGR. They stand for Ingress Global Resolution and Egress Global Resolution. So these are the blocks that figure out what to do with the packet once all those stages have processed it because one stage could have said rewrite the QoS information and the DSCP value. Another stage might have said, drop it because it matches an ACL. So those blocks figure out what to do with it at each stage. Again, we're running packets through this programmable pipeline in the highest end UADP 3.0 at over 1 billion packets per second. So that is just an incredible level of performance we're able to achieve here with all this flexibility and programmability. And as I mentioned, we also take this downscale as well with something like the UADP 2.0 mini. The UADP 2.0 mini, we did something pretty interesting. We actually embedded the CPU into the ASIC as well. So it took ARM core CPUs and embedded those into the UADP ASIC. This helps to reduce the price point of the switch and gets this technology, this flexibility down to an even lower price point so we can get it into more places in the network and you can deploy it in more places. Now we're not only doing innovation in wired networking. We're also doing innovation in wireless as well. And we actually -- Cisco actually has a long history of this. If you take a look at all the things we've introduced, CleanAir, Hyperlocation, Flexible Radio Assignment, Intelligent Capture, all the things that we've done as we've continued to evolve our access point product line. One of the things I want to talk about here is a really interesting innovation that we've come up with called the Cisco RF ASIC. And this is a cutaway version that I have here of an AP -- the AP 9120. And I'll draw your attention on here. If I flip over to the backside of this, to a little board up here, a little red board that you could see, and this little red board is actually called the Cisco RF ASIC. So what the RF ASIC is, is a custom piece of silicon that we built into the access point for doing processing of wireless traffic. So with this, we're able to do many different things. For example, one of the things that we do in wireless is a thing called Dynamic Frequency Selection, which means that we also have to automatically be looking at the channels that we're on and making sure that we avoid certain channels where other things may be present, like radar signals, for example. Then normally, in all our other access points, we would have done this in software-only, meaning that we'd have to hop off channel in order to determine if we've got interference. Here, we can actually leverage hardware like the RF ASIC, which will allow us to do this and increase the performance of the AP because we're able to do this in hardware. Again, here's a little close-up of where this chip lives in some of our latest access points like the 9120 and the 9130. Now we've built a lot of -- as we typically do, we built a lot of functionality into the silicon. We've only realized a fraction of this functionality in software so far. One of the things that we will be able to do as we go forward is turn on even more and more functions that we've built into silicon with more and more features on the access point. That's one of the really cool things about building things in hardware is we can build in functionality. The software may not even leverage right away, but over time, we're able to leverage more and more of that capability that we've built into the silicon. So the RF ASIC is a really interesting addition into our wireless product line that gives us a really cool set of capabilities. Now one of the things you probably heard about at the keynote yesterday, and you've heard Cisco talking about this for the last short while, is this new chip that we've developed that's called Cisco Silicon One. This is a new ASIC that we've developed, very high-end ASIC that we're basing our Cisco 8000 router series on for service provider networks and for web-scale networks, meaning things like massively scalable data centers, for example. So when you take a look at the Cisco Silicon One chip, and I put up there a URL where you can go watch a YouTube video about this chip, there's a few things that I'll call to your attention here. The first one would be around performance. This particular piece of silicon can handle up to 10 terabits per second. That is an astonishing amount of throughput. The highest throughput that we get through the UADP chip that I talked about earlier, the highest-end version of this is a 1.6-terabit chip. Here we are in the service provider side, we need to go to the next level of performance, and this is a 10-terabit chip. Now to put that in context, that would mean that if everybody, let's say, in the city of Vancouver, where I'm from, I'm from Canada, if everybody from the city of Vancouver was simultaneously streaming a high-definition Netflix video or a video on Prime, what you'd see is that if every single person, a couple of million people in the city was streaming that high-definition movie simultaneously, all of that could go through a single one of these ASICS. So very, very high performance. But also very key, down here, you'll see at the bottom, programmable, using a language called P4. P4 stands for programming protocol-independent packet processors. Again, that's a good acronym you should go home and quiz your family on tonight. This basically means that just like we talked about the programmability in the UADP chip, this ASIC as well is also fully programmable, and that's very, very exciting, again, for use in a service provider context, not just in an enterprise context, as we'd see with the UADP and ASIC. So lots of interesting stuff going on in silicon. But at the end of the day, we have to think, what does this all mean for me, right? What does this all -- it's very, very cool that we talked about ASIC, and I hope that, again, I've communicated some information maybe a few things about ASICs you didn't know, but also, hopefully, I've given my passion for this. But at the end of the day, what does this all mean? And the real concept here that I think is very important is that our programmable hardware really provides for flexibility and adoptability, flexibility to adapt to new protocols and new functions over time, which increases adoptability because now as new -- as we create new things like software-defined access, you can actually adopt those in your network. Think about, for example, if you bought the first Catalyst 3850, switch off of the line in January 2013, you would still be able to use -- we didn't ship software-defined access as a solution until 2017, over 4.5 years later. But if you bought the first Catalyst 3850 in 2013, you would be able to use software-defined access on it with the VXLAN encapsulation and SGT taggings at Cisco TrustSec 4.5 years later. That's what I mean by adoptability. We've developed a new solution. We've come out with a new solution, and you're able to adopt that and use that in your network. That's why this is really key on this concept of going to intent-based networking is because this allows us to effectively create new solutions which we can roll out in software, which you can then adopt into your network and operate at hardware speeds. So that's what I mean by the focus of innovation, moving from software or from hardware to software, we've built a flexible hardware base that now we can support innovation at the speed of software on top of it. So ASICs really form a critical role here, this critical role of flexibility in silicon because ASICs are the foundations for products which ultimately are the foundations for solutions, which also ultimately is what provides benefits in our networks. It all starts with that ASIC silicon at the bottom because that is really providing the strong foundation on which the products and the solutions are based. Just like the foundation for a building, this provides a strong foundation on which all of our solutions build. That's why ASICs are so key and why you constantly hear our executives talking about the importance of ASICs and the importance of silicon. This is why it's so important. Now if you want to know more about ASICs, I actually teach a course here at Cisco Live with my compatriot, Peter Jones. We teach a course called Cisco Silicon: The Importance of Hardware in a Software-Defined World. It's actually happening tomorrow morning. And we subtitled that session From the Gates to the GUI because what we do in that session is we really move from the gates, silicon gates, remember, we started off talking about those, up to all the benefits that we drive through our GUI-based architectures that we have today. So with that, I will wrap up the session. Thank you for attending. I really hope you enjoy your time at Cisco Live and all the different sessions and information that's made available to you here. And I look forward to talking to you more about ASICs in the future.

Welcome to Cisco Live. Thank you for watching our talk. I am Gabriel Zapodeanu, Technical Marketing Engineer with Cisco business unit -- Enterprise center business unit. Today, with me I have David Hunt.

Thank you, Gabi. I'm thrilled to be here. I'm the Technical Architect for Cisco's Technical Experience team. So thrilled to be here.

During our talk, we are going to cover briefly REST APIs and Webhooks. We will show you how to configure Cisco DNA Center Webhooks. We will share with you how simple it is to create a Webhook receiver. We will go over the implementation of Webhooks that tech heads use during the Cisco Live Latin America, and we will share with you how to build the different integrations in Webhooks. What is REST API? You probably are seeing a lot of conversations about APIs, and REST API is one of the many different types of APIs that us, network engineers, need to be comfortable with. RESTful APIs use HTTP requests to create, read, update or delete objects. We can ask a server to create a new resource, we can read information from the server of that existing resources or delete them. Making REST APIs are very easy. It's very simple to create a new API request. Our client application will start a request, will send it to the server and the server will respond. The transaction happens very quickly. All the information the server is needing, requires for that request to be successful, will be provided by the client application. There are only a few components that REST API is required to make it -- to be successful. One is the URL. We need the application server and API resource. Of course, application servers could have multiple API end points. We need to provide an information to the server to know what resource we are accessing. Most of the times, you are going to need to provide an authentication. That could be most likely HTTP basic, custom, OAuth, and there are some platforms that do not require any authentication. The headers, a typical one could be application JSON, if we are going to require the server to provide us information in that format. The request body is what we are sending to the server, the client application, mainly to send the server the -- a specific data in order for that request to be completed. The method is what we are asking the server to do for us. We may want to create a new resource with POST, GET will ask the server to provide that information regarding the resource, with PUT we can update the resource and DELETE will delete that resource. Here is a REST API request example. In this -- this API request will ask Cisco DNA Center to provide us information regarding a Mac client -- the Mac address of the client that specific time. The URL is composed from the application server and the resource. The header instructs the server that I'm going to send information using application JSON. And in this case, I'm going to ask the server to provide us the information that we are asking for [ MAC header ], JSON. The header will include also the authentication that Cisco DNA Center requires. The method is GET. I am going to ask the server to send me information that is existing regarding this client. Then I will use the Python JSON libraries to parse this response. The response components that are included are going to be always a status code, telling us if the request has been successful. We may have some clients' errors or server errors. There will be enough information provided to us to allow us to troubleshoot should something not happen as we expect. The headers will provide us information regarding the data. This is provided to us. It could be JSON or XML formatted data, it could be files or it could be all the information regarding the date and the UTF encoding. The response body includes the information that we are asking. Here is the example of the REST API response for the request that we presented before. The status code is 200, which means has been successful. The header includes the UTF encoding and the fact that the data is application JSON, and the JSON response body. This is what we ask the server to provide to us. There is a lot of information in these payload. However, we are going to select only the information that we are interested in. In this case, we are looking for information regarding the [ IPRS ] of the MAC headers of the client, the host type, the -- also information regarding the switch and the access VLAN. In a summary, the REST API request and response exchange is very simple. The URL, the header and the method GET will be sent to the server that composes a request. The response includes all the information that server has about that client. That response is going to be assigned to the client response variable, which we will parse using JSON to select only the information that is important for us. Let's look at the demo of how to send a REST API request to Cisco DNA Center. Here, on the assurance page for the Client 360 view, we have the information regarding the client, MAC headers, switch that it's connected to and the access VLAN. This is a sample code that will be used to send the API request. The function GET client info includes all the information and steps required to make this API request successful. This is the output that has been provided by Cisco DNA Center and the information that we selected from the output. There is a lot more information that Cisco DNA Center provided to us regarding the client. What about Webhooks? Sometimes, they are called reverse APIs. Unlike REST APIs where the client application will send the request to a server, Webhooks, the server, will notify the client application. They are event-driven and will send data when needed. They typically use POST or PUT methods to a receiver URL. There will be an auth method that could be basic auth or a variety of different other things like API keys, integration keys, or maybe no authentication required. Webhooks are very simple to use and lightweight. In this case, the application server will send a Webhook notification to a receiver, followed by the receiver accepting and sending the status code that will received that Webhook. In a summary, Webhooks and REST APIs, in many ways, similar; however, there are significant differences between them as well. REST APIs are used by clients to interact with servers, Webhooks are used by servers to publish data to clients. They both use POST and PUT methods. There are slightly different in a way that, typically, the client will send the request to the server in case of REST APIs; and the Webhook is the data will be sent from the server to the client. They are a pull model and a push model. Let's look over how we can configure Cisco DNA Center Webhooks. To configure Cisco DNA Center Webhooks, we need to go first to the platform, followed by developer toolkit, followed by events. We will have a list of a variety of different events that we can subscribe notifications to. In our case, we are going to subscribe to notifications to the event interface, connecting network interface that is down. This is obviously a critical event that we want to be notified real time. We will click subscribe and then we will have access to the screen where we can actually configure the Webhook. There are only a few different things that we need configure, name of subscription; the type of subscription, in this case is REST; define the URL, where we are going to send the Webhook; the method is going to be POST; and provide the basic auth, authorization, that the destination receiver expects; and then we will subscribe. With only these few steps, we can subscribe to one event or multiple events. This is a typical Cisco DNA Center Webhook sample payload for assurance events. There is the incident ID, which is the unique identifier for this issue; the type of event, it is a nonfabric wired; and the number that matches to the Webhook event that we just configured. It will give us also details regarding the network device that triggered this event, the timestamp [ info ] time, and details regarding the interface that has been detected as being down. Let's look at how Webhooks can be sent from Cisco DNA Center to a receiver. We will review the configuration that we described earlier, platform, developer toolkit, and we are going to look for the event to 51 for interfaces down between network devices. The Webhook PA is for PythonAnywhere. And this Webhook has been configured to send notifications from Cisco DNA Center to PythonAnywhere to a Flask receiver. This is the Flask receiver configuration. It's a very basic Flask configuration, running application on PythonAnywhere that provides us the ability to send notifications using Webhooks. We are going to trigger an event, shutting down the interface Gigabit Ethernet 105. On PythonAnywhere on the console, we can see the Webhook that has been received and the further steps that you are going to see in the next few slides during the other use case. Highlighted is the Webhook, all the information from Cisco DNA Center that is relevant regarding this issue is provided to the receiver. We are going to use this information to create integrations and alert us using a variety of different notification systems like WebEx Teams or PagerDuty. How to build a Webhooks-based integration, the Webhook payload and the options may not match the destination. The source may send us data, like what you are seeing here on the left-hand side, and the destination like JIRA Cloud or PagerDuty may expect the data or the authentication to be provided in a different format. Because of this, we need to convert the payload and also build the auth required by the destination. These operations can be done on an application like a simple Webhook receiver that I'm going to share with you. This application needs to have a web framework to support REST APIs. It can run on a Linux container, virtual machine or cloud. It needs to be reachable from Cisco DNA Center and can reach the platforms we decide to integrate with. Flask is a micro web framework for Python. It's a very easy application to learn. It's very popular. It includes all the libraries required to build this framework. It supports back-end integrations with databases and other applications. Setup is really very fast and it's simple, it takes only 5 minutes. And even for those like us, I am not a developer, I'm a network engineer, we can do it in very -- literally with very little effort. The Flask application, in my case, will run on PythonAnywhere. The reason why I'm using PythonAnywhere because it is very to set up. I need to be able to reach PythonAnywhere from a variety of our cloud platforms. Also, it does support fully Flask applications and databases, has great documentation and tutorials. This is the web application dashboard. I can see their information regarding my application, how many kits per month, statistics per day. I have access also to troubleshoot my application looking at server logs or access logs. And also, I have the options to configure this application from this dashboard. Next, we are going to turn to Dave to share with us his use case of how they deployed Webhooks during Cisco Live Cancun.

All right. Thank you, Gabi. And thank you for letting me be here. I'm part of the Technical Experiences team, that means that we end up building these networks for Cisco Live, Cisco Live Cancun, Cisco Live San Diego as well as others. So I just quickly want to talk about who we are, what we do and, of course, the deployment, the need that we have for the automated tools so we can monitor and troubleshoot much more efficiently. We need to. We build these entire networks from -- within a very short period of time, within 5 days. So this slide, I'm really just showing is what is our charter. The Technical Experience option, we have to build a network that's secure. This very broadcast is being sent over the enterprise network that we -- that the team like ours builds. We don't actually do the Cisco Live Europe team, we do all the other Cisco Lives. But this is a -- it has to be a reliable network they build. That means that registration has to work, that the WiFi -- the attendee WiFi must work. But at the same time, we want to make the network part of the demo. So we've introduced the technology. There's one here today called open roaming. We -- it's latest-grade, this technology. So we get a chance to showcase what Cisco does and the latest technologies do, at the same time providing these very secure communication, right, the secure network that we must have. So quickly, this gives an overview of some of the topologies that we build. These are the largest ones that we have. Cisco Live San Diego this last June was stretched along a mile -- a mile-long of Bayfront property there in San Diego that we had in several different hotels and several different locations. Then we moved to Cisco Live Cancun, which we're going to talk about the successes we had with Webhooks there. But again, another property stretching along a seafront property, multiple hotels, indoor and outdoor, that provided the backdrop for Cisco Live there. And then we move to Cisco -- we have our IMPACT. This is our sales event that we have. Very large. Again, 97 IDFs, 580 access switches that are involved in there. A huge number of access points, approximately 800 access points deployed there. And then we have our event that we're going to attend this very next month where I hope to, again, bring more of our tools that you've helped us provide here in Melbourne. And that's an event right there in downtown Melbourne in a new convention center there. Sorry about that. So why do we need these? It's important to know that we're about 5 guys that work on this full time. 5 guys to configure, manually touch each and every one of these switches, literally into the thousands of times, let alone the access points, the controllers, the Internet edge, all this stuff, we need to actually build up rather rapidly. We have -- after this event here, we'll be moving into Melbourne, which is less than 4 weeks away. So we need to be efficient with our time, and automation is a necessity. And then when we're on site, this is where Webhooks comes into a key highlight, is that we need to be able to be proactive rather than reactive. So with that, we -- let me show you what we did in Latin America. We have implemented the Cisco DNA solution using Webhooks. We put this up onto a Teams space that all our members, not only the 5 guys that do this full time, but the 15 volunteers, the best and brightest that Cisco has, our systems engineers that we bring in to help us with this, we can monitor each one of these events that happen. And with that, during this 4-day event, we had almost 5,000 network issues that were brought forward. Some of them just minor, someone unplugged the device because they were moving that device around, interface goes down. It's important to know this is happening. Something unique with Latin America is that we actually move and readjust the rooms from day-to-day. And when that happens, sometimes it's just unplugging the switch. But this next example was kind of unique for us. We noticed that we were seeing interface flapping, messages coming up. Something that without Webhooks, we wouldn't have been able to be proactive. Usually, when the Cisco NOC that we are show up on site, the user looks for this and thinks, "Oh no, what did I do wrong?" not, "Oh, they're here to help," typically. Not when they're not called in to help. So in our case, we showed up on site, and here we were, we saw this interface flapping, 2 of our engineers went up onto the -- into the opposite, we think we have an issue, and it was the testing center. The last thing we want is our customers to be in the middle of a CCIE exam and the testing center is having issues, right? That would be horrible. So we showed up, up there. What we didn't know is that we didn't pay attention to the testing center's hours, they had closed early that day and they were doing upgrades. The machines were upgrading and power cycling and ports were going up and down. But it was an expected behavior, but we got to be proactive with that. We've got to be the network that we wanted to be that we see problems before the user knows or was even aware these kind of things were going on. So we were, to say the least, very excited. And Webhooks showed its true value for us. So with that, I'm going to hand it back to you, Gabi.

Thank you, Dave. The part that is very interesting is that actually, we talked in like probably mid-September about Webhooks and the use case and the proof-of-concept that I developed. And then later, maybe about a month, you have a full application stack, ready for production, tested and be able to take full advantage of these capabilities during Cisco Live Cancun.

And it showed, too.

It is very fast for us to innovate and integrate using these kind of applications. And next, I'm going to share with you how to build these integrations. Of course, Webhooks are great, but we need to use them. And in this next section, I'm going to share with you how we can build an integration between Webhooks from Cisco DNA Center to a variety of different systems, like PagerDuty for notifications, JIRA cloud service desk for IT ticketing and WebEx Teams. You're going to see that it will take only a few seconds from the moment that Cisco DNA Center detects an issue. We are going to have a ticket created in JIRA. We are going to be able to send notifications using Webhooks to a variety of different platforms. We are going to send notifications to WebEx Teams and PagerDuty. Also, this enables us to do other things. We can log all the received notifications for as long as we need. We are going to be able to build reports, dashboards, training, or even analyze them and be able to proactively detect issues that could become chronic over time. It will allow us to have much better accuracy and a lot of different -- enable us for a lot of different innovation in time. The Webhook receiver, in my case, run from PythonAnywhere. It will receive notifications from the Cisco DNA Center. Once the notification is received, it will be processed, then the data transformation will select only the information that is important to create a JIRA service desk ticket. Using the service ticket, we are going to send a notification to PagerDuty. This notification will include links to the ticket system and the issue and to the Cisco DNA Center issue details. We are always going to send also notifications to our WebEx Teams, like the one that you had during Cancun, so the network operators are aware of these new issues. Also, this Webhook receiver will publish REST APIs that allow me to get access to all the logs received from all the Webhooks, be able to integrate with additional systems like voice assistant platforms. Here is a sample of what the IT integration looks through JIRA cloud service desk. It includes a brief description of the ticket -- a description of the problem and the link to the Cisco DNA Center issue details. By accessing that link, we will have access to the Cisco DNA Center details for this issue where we can find out more information about the issue. The Cisco WebEx Teams notification. In this case, I have 2 different notifications that has been received. One is for an interface down, a second one is for a power failure on a catalyst switch. We have here also a bot where we can ask the -- basically the receiver how many notifications have been received today, and we had 11. These are a couple of screenshot for the PagerDuty notifications, one is on the mobile app and the other is on the web page. Both include, obviously, the link to the JIRA issue details. And very important, the link to the Cisco DNA Center issue details. Let's go over a quick demo. We are going to trigger an event by shutting down an interface, I'm using the script using NetConf to disable this interface. We are going to see that in a few seconds, we are going to get a notification on WebEx Teams that a new event has been detected. From WebEx Teams, we have access to the DNA Center issue details and the incident in JIRA. Accessing the JIRA event details, the issue details, we are going to have information regarding a brief description of the problem and the link to the Cisco DNA Center issue details that allows us to continue our troubleshooting. The Assurance event details gives us even more details regarding the issue, the network devices that are connected and the opportunity to run troubleshooting commands on Cisco DNA Center to troubleshoot this problem. For demonstration purposes, I'm going to run the configuration commands. I'm going to find out the interface configurations on both ends of the interface that is down. PagerDuty has information regarding the event and it is convenient for those customers that have PagerDuty to observe how they can use PagerDuty to collect information from the JIRA ticket or the Cisco DNA Center issue details. Those links are provided. In a summary, Cisco DNA Center Assurance real-time event notifications enable us to build integrations using Webhooks. They enable IT organizations to become proactive and provide us access to full issue details and the suggested actions. The sample code for the use case that I presented today can be found in this repository on GitHub. This repository is part of the GitHub Cisco Enterprise networking programmability organization. This organization includes a lot of our use cases and sample code that you may find useful when you use the REST APIs provided by Cisco DNA Center. There are few other resources that you have available to learn about APIs and how to use APIs in Cisco DNA Center. Those are on the enterprise network programmability YouTube channel, where we publish videos with demos of how you can access information that is available on Cisco DNA Center. There are a lot of other resources that are hosted by DevNet, with a lot of code exchange or automation exchange. Also, using the DevNet Sandboxes, you can start your troubleshooting -- your development efforts without investing in your own lab. Thank you for joining us today. And should you have any questions, you can reach me on Twitter, or you can find the information on how to reach me or submit the questions on the Cisco Enterprise networking GitHub organization or the YouTube channel. Thank you. Thank you, Dave.

Thanks, Gabi.

Hello. Welcome to the Master Series at Cisco Live in Barcelona. I hope everybody is having a great Cisco Live so far. And what we're going to talk about in this session, as you can see through the title, is we're going to talk about solving the big problems. We're going to ask and hopefully answer the question about: What Can a Few Talented, Committed Engineers Accomplish? So by way of introduction, my name is Dave Zacks. I'm a Director of Innovation in the Cisco CX team. I focus on many different things inside the company, including flexible hardware, which I talked about earlier today; fabric networks; Assurance; machine learning. Been with Cisco about 20 years. And I hope to have a talk today that is going to be really, really interesting for you and maybe different than any other talk that you're going to see at Cisco Live. So what are we really tackling in this talk today? Well, what I really want to take you on is a bit of an ambitious presentation. This is a journey that we're going to go on from innovation from the lowest levels in silicon to the highest levels of solutions in networks. And we're going to try to tackle all the way back from the low level to the high level, all the way in the next 40 minutes. So let's get started. Let's start with the basics. We're going to start talking about quantum tunneling challenges at the 7-nanometer process node in silicon. So as you probably know, quantum mechanics dictates that we have a -- whenever we have electrical fields in close proximity, that we have leakage between different areas within a semiconductor. What we're going to take a look at is the leakage -- or start off with a leakage between multiple gates and multiple drains within a piece of silicon. We're going to examine some of the formulas that are basic constructs and making this work. And specifically, we're going to start off by taking a look at this paper, which has designed a 14-nanometer tri-gate transistors on bulk wafer FinFETs. So let's get started. Now you actually think I'm going to talk about that, don't you? I'm not going to talk about that. I'm actually going to talk about something totally different and something that you've probably never seen in a Cisco Live talk before, but I think we'll be -- I hope will be really, really interesting for you. I'm going to put up an assertion that I strongly believe in. And this assertion consists of 5 words. It's important to have heroes. I strongly believe that it's important to have heroes in your life, people that you look up to, people that embody some of the elements of what you potentially yourself would like to be. Some of my heroes would include people that you would recognize, like Albert Einstein, like Steve Jobs, like Elon Musk. These are people all embody different elements that in many ways are very admirable. And you may look up to these as heroes. And we all have our individual heroes. These are some of mine. But what I want to talk about is somebody else who's one of my heroes, somebody else that you're probably not familiar with, and that person here is this name, Paul Castenholz. So you're probably not familiar with Paul. So let me explain a little bit about Paul's background and what he did. And as I go through our presentation, I hope to explain to you why he's one of my heroes. Paul was a senior rocket engineer working in a company called Rocketdyne. So Rocketdyne -- and Paul, specifically at Rocketdyne, he had a long career in designing the rocket propulsion systems for various different projects. He worked on multiple engines in the Saturn program for Project Apollo. They got a man to the moon. He was actually the program manager that developed the Space Shuttle Main Engine. So he had a long career in rocketry, and I'm very interested in and passionate about rocketry. So Paul is one of my heroes, and I hope to explain to you why. Now as we take a look at what can few talented, committed engineers accomplish, who do you think this is a picture of? And most people will look at him and say, well, I recognize that person. That's Paul Bezos (sic) [ Jeff Bezos ]. He's the CEO of Amazon. But then I'll put up this picture and say, "What is that a picture of?" Now when I saw this picture in publication a few years ago, I was extremely excited when I saw this picture. But what is that a picture of? It looks like a person on the deck of a ship, washing off something that looks like a big manhole cover. He's washing that off. When I looked at this, I thought, "Oh, my goodness. Look at that. That is the critical component that really got the man to the moon." Because that is what's called the injector plate from an F1 engine in a Saturn V moon rocket. I was so excited when I saw this picture. Now what's the connection between this critical component for the moon rocket, the injector plate in F-1 and Jeff Bezos? How are those 2 things connected? Well, Jeff Bezos actually has a company called Bezos Expeditions, and they recovered those F-1 engines from the bottom of the Atlantic Ocean floor because after, of course, the moon rocket launched, the first stage cuts off, it crashes down into the ocean and sank. And they recovered those off the ocean floor 14,000 feet down. That is pieces of the rocket are actually visible in museum. There's a museum in Seattle that actually has these components of the rockets that you can view. So let's examine and talk a little bit about the Saturn V moon rocket. Now as we're explaining this, I actually brought a Saturn V with me to the show today. It's right here. Let me grab it. So this is a Lego model that I built of the Saturn V. It's a complete moon rocket. It actually consists of 1,969 pieces. This was my very first Lego project that I ever built, and I've built this over the holidays that have just gone by. So to explain a little bit about this rocket, it's really a 3-stage rocket, consists of 3 individual stages. And let's take this apart so we can actually see the individual stages here. Here's the third stage that I'm taking off right now. And then this is the second stage. And then we have the first stage here. So let's examine what each one of those stages is kind of all about. So it's a 3-stage platform. It takes 3 stages to launch a man to the moon. The complete rocket, as you can see here, weighs about 6.4 million pounds fully fueled, so about 3,000 tons fully fueled. It has about 7.5 million pounds of thrust in the first stage. So 7.5 million pounds of thrust, 6.4 million pounds of weight, 1.1 million pounds of positive thrust and up it goes. The 7.5 million pounds of thrust comes out of 5 engines in the rocket. Then we have the second stage, which also consists of 5 engines, but they're a different type of engine called the J-2 engine. This is a cryogenic engine. Altogether, they develop about 1.5 million pounds of thrust. That's out of the second stage here. And then finally, the third stage, which is one J-2 engine, and this is what -- actually the stage that would take the man to the moon. This component would go into orbit around the earth. This stage would actually burn, again, a second time to launch the person towards the moon. Then they would jettison in the third stage, lunar module and the server command -- service modules would actually end up going to the moon. So we're going to talk a lot about the development of this rocket, specifically about the development of the engines on the bottom of the first stage because that's really what my hero, Paul Castenholz, has worked on and perfected the rocket engines that are in there. So this vehicle is one of the most complex machines that's ever been built by humans. It had over 3 million parts in the rocket in total and stood fully assembled over 363 feet tall. So it's just a massive, massive thing. If we have a human being standing next to this, the human being would be smaller than my fingernail here compared to the total size of this rocket, just to give you some idea of how large that actually is. And there was actually challenges between the different teams, the German team and the American team, that were working on developing this rocket in terms of doing what they called man rating the rocket stack. In other words, how many times do we build this rocket in total before we dare to put a person on top and actually launch it? That's called man rating the rocket. Now if you take a look at what the commitment that the United States made of getting man to the moon, you had John Kennedy, who stood up and said, "This country should commit itself before the decade is out to the goal of landing a man on the moon and return him safely to the earth." In other words, this is a goal, landing a man on the moon and returning him safely to the earth, and this is the goalpost before the decade is out. So in order to actually get to the stage where they could be prepared to launch this complete, very, very complex vehicle to the moon, there's 2 approaches to engineering that. One would be to build and test the first stage multiple times. Then once you've got that perfected, to build and test the second stage multiple times. And then once you've got that perfected, to build and test the third stage multiple times. And if you had unlimited time, you could do that. But we have to get man on the moon by the end of the decade. So that was just several years to get it all done to build and assemble this massive rocket. So they moved to a system called all-up testing. All-up testing basically says they build the entire rocket stack all at once, all that complexity, and launched it all at the same time, right? So this was the concept of all-up testing, which was really the brainchild of a gentleman named George Mueller, who pushed this concept through considerable resistance, I might add, initially inside the organization. But eventually, they had to move to all-up testing to meet this time line, to meet this goal. So you can imagine the pressure that was on the engineers to achieve such a complex thing in such a short amount of time. Now the F-1 engine on the bottom of the rocket, in particular, was revolutionary, much more revolutionarily bigger than any other engine that had ever been built before. Here's a picture of Wernher von Braun, who was the father of the Saturn V, the inventor of Saturn V in many ways, next to a picture of just one of the F-1 engines. And you can just see the massive scale of that F-1 engine here compared to a human being. They're just massively huge. Now we're going to talk a lot about the engineering of the F-1 engine. But what I'd really like to do is kind of let the engine speak for itself for just a minute or so and let you observe the awesome power of this engine during a liftoff. So let's take a look at that. [Presentation]

Sucked down into the vacuum of the engine that's basically prelaunch. It's just astounding to see the power of these engines. I'd never get tired of watching the videos. So the F-1 engine was the instrumental component that was used for the first-stage engine in a moon launch, the engines on the bottom of the first stage. And what did this first stage actually do during launch? Well, it launched the entire rocket stack, remember, 6.4 million pounds of rocket, 50 miles down range, 40 miles in altitude, accelerated the rocket up to Mach 7, 7x the speed of sound. It only lasted for 2.5 minutes during flight before they would cut off the first stage and go to the second stage. And during that 2.5 minutes, it would burn 4.5 million pounds of fuel. So it's just kind of astounding that this engine that they created was much bigger than any previous engine. It was on order of 10x bigger than any engine that had been successfully built before. And it was a massive, massive engineering problem to build something that big. In rocketry, when you increase the power of a rocket by 10% to 20%, you've achieved something fairly significant. Here, they were going 500% to 1,000% bigger than the rocket engines that have previously been built. And that's what you have to do in order to get to the moon. It's just math. You work backwards and say, "The space capsule weighs this much, the lander weighs this much, and you just do the math and work backwards, and you find out that the rocket to get to the moon has to weigh on the order of 6 million to 7 million pounds. So it's just a massive, massive structure." So here's a close-up view of a little bit of the F-1 engine. I'll just point out a few key components to it here. 1.5 million pounds thrust per engine. This is the biggest liquid-fueled rocket engine even to date that's ever been built. It had a chamber pressure approaching 1,000 psi inside, 1,000 pounds per square inch, and a temperature inside the combustion chamber approaching 6,000 degrees. So imagine the materials that you have to build this out of to withstand that kind of temperature and pressure. So let's zoom up a little bit on the top of that engine. This is a picture I actually took of the back of one of those engines when I was visiting the Cape Canaveral at Kennedy Space Center. And one of the things I've circled there, if you can see it, it might be a little bit hard to see. But right in the center here, you can see this component, which is, if you recognize it, is that plate, the injector plate that, that person was washing off on the deck of the ship before. That's what sits right at the top of the engine bell, and the injector plate is where the fuel comes together, what we call RP-1, and locks. RP-1 is rocket propellant 1. It's basically a highly refined form of kerosene and liquid oxygen come together at the injector plate, mix and combust and burn. So the fuel rates through that engine are pretty astounding. 28,000 gallons -- or pardon me, 24,000 gallons of liquid oxygen and 15,000 gallons of RP-1 per minute per engine. That type of flow rate, by the time we have 5 engines on the bottom of the Saturn V, will empty an Olympic-size swimming pool full of fuel within about 3 minutes. So it's just an astounding amount of fuel that has to flow through these injector plates. Now the big problem they had when they developed this engine is it's what we call dynamically unstable. So let me explain a little bit about what that means. When the engine is burning and the fuel is combusting, there are pressure waves that form within the engine bell. This is normal and natural. But the engine waves need to dampen themselves out. The engine -- the pressure waves basically need to dampen out in there so that we don't get our self-reinforcing construct going where, basically, if they end -- if the pressure waves start to feed on themselves, the engine within a couple of seconds will either melt or explode. And if that's happening below 6 million pounds of highly volatile rocket fuel, it would instantly be adios rocket, adios astronauts. And because that would be happening live on national TV, adios moon program. So it's very, very important to solve this problem of the instability of these engines. Now what they do when you're testing engines is they put them on to a test stand out in the desert and test to see how well does a rocket work. We burn it for a few seconds and a few seconds more and a few seconds more, up until the full-rated thrust of the engine. And at June 28, 1962, combustion and stability resulted in a total loss of one of these F-1 engines. So what that means is, when you're putting it on a test stand like this, you can see the big fuel tanks up top and you can see the engine burning at the bottom, just like we saw in the video, that engine burning. They're burning the engine on the bottom there. One of these engines basically exploded on the test stand, totally destroyed test stand, fuel everywhere, rocket components everywhere. And if that has happened for real during a launch, it would have been the total loss of the rocket. So as von Braun dryly remarked at that point, "This problem of combustion and stability assume new proportions, right?" He's taking a gentle stab at it, I suppose. So this problem really got handed to a team led by 3 people to fix: Jerry Thompson from NASA; my hero, Paul Castenholz; and Dan Klute from Rocketdyne, the company that was actually building the rockets. They have to diagnose the problem, come up with a solution and test the F-1 unit until they can actually certify it as flight-ready. Now this combustion process is too complex to be simulated on a computer. They basically have to resort to seat-of-the-pants engineering, throw in all their skill and all their focus at solving this problem. And what's at stake here? If they can't fix this engine, nothing else matters. The entire moon program rests on getting these engines on the bottom of the Saturn V to work and to work reliably. In other words, this is a situation, right? They have to solve the problem. This is a complication. It's too complex to simulate, and this is the implication of what's at stake if they can't fix this problem. Now let's zoom in a little bit more on that. This problem actually took over 24 months to solve, over 2 years to perfect this engine. But this wasn't just happening in isolation. If we take a look at the time line here, up to and through the moon landings, this was a time line when they were working on testing and perfecting, if they could perfect it, the F-1 engine, about that 2-year period. But all of Project Apollo is going on at the same time. Now I've adjusted the cost here of Project Apollo into today's dollars, and you could see through this graph that at the peak of Project Apollo, it was over $40 billion a year that the moon program was being -- was being expended on the moon program. Over $200 billion in total in terms of adjusted dollars. And if they can't get the F-1 engine working during this period here, this 2-year period where they have to basically solve all the problems with it, then none of the rest of this is going to be possible. There aren't going to be any moon landings. There isn't going to be a space race. There won't be Skylab. There won't be all the things that came out of the Apollo program. And you also have to remember, this wasn't happening in isolation. All the rest of the Apollo program was going on at the same time, the people developing the second stage and the third stage, and the lander and the Apollo spacecraft, the command service module. All that being developed at the same time, the ground support facilities, everything else, all the subcontractors. So we're over 400,000 people working on Project Apollo at the peak. But if these 3 people leading this team can't solve this problem, there's not going to be any moon landing. So imagine the pressure on these engineers to solve this problem. Now this didn't -- also didn't happen in isolation. It got out into the press that there are problems with the development of the moon rocket. This was public. It wasn't just happening in private, was happening very publicly that they had a problem in developing these large rocket engines and getting them to work and to work reliably. So it turned out it was actually useless to try to design the F-1 engine. So it never went dynamic -- so it never went unstable. The engine was too big. There were too many complications. It was subject to too many disturbances inside the engine. They could never dampen out the instabilities entirely. What they needed to do is to move to a concept called dynamic stability, which meant that once the instability started to happen, the engine would automatically correct itself, and they needed to do that within a maximum of 400 milliseconds. So once a disturbance started to happen, it would dampen itself out within 400 milliseconds. Now they actually developed a component inside the engine called the rough combustion cutoff that if the combustion became unstable for longer than that, the engine would automatically shut down so it wouldn't keep destroying engines during their testing. However, the problem is that doesn't work for a real launch. Because if you're launching the rocket, then the engine cuts off, you don't have enough thrust to get into orbit. So they really have to solve this problem of combustion instability. Now the key to this was the injector plate. That -- remember that piece that the person was washing off with the hose on top of the deck of the ship? That's why when I saw this picture, I was so excited about this injector plate, seeing it for real and seeing it recovered from the bottom of the ocean because this was the key, the heart of the system. Now if you look at that injector plate, you'll see hundreds and hundreds of holes. There's about 3,700 holes on it, in different patterns in different places. And then there's these big copper baffles that are around it. Those holes are how all the liquid fuel, both the RP-1 and the liquid oxygen, are vaporized and injected into the engine bell. And it turns out the placement of the holes, the pattern of the holes and the placement and pattern of the baffles has everything to do with the shape of the flame that burns at the bottom of the rocket engine and has everything to do with controlling or not controlling the combustion instability problem. So the engineers initially installed a series of copper baffles. I've highlighted some of them here so you can see them. And these have to control part of the problem. They basically had problems developing these 2 because the initial ones they put in were too small. They warped under the pressure of a massive flame of -- that the engine would burn with. And so a few quotes here from Jerry Thompson, "We tried every trick we could think of. It got so the engineers couldn't come up with a theory for the plate that they hadn't tried before." So they had to keep iterating and iterating and iterating at this problem. And one of the big challenges they had is that the combustion instability was both intermittent and unpredictable. Does that sounds familiar to anybody who's dealt with networks before? Intermittent, unpredictable problems? I think as network engineers, we can kind of empathize with that. There was no consistency. The combustion instability would happen for reasons that the engineers never really quite understood. So they had to keep iterating and iterating and solving this problem without necessarily having a great definition of what the problem was. Now they had to and eventually got to a point where the engine would no longer become dynamically unstable, but that wasn't good enough for these engineers. They decided that they had to introduce instability into the engine. In other words, they wanted to be able to produce instability on command. So what they would do is they got to develop a test where they would actually initiate instability by putting a black powder charge, basically a bomb, inside the engine bell and set that off while the engine is firing. In other words, when you have the engine firing on the test stand like this, they would set off a bomb inside the engine that would cause a massive momentary overpressure and the engine have to survive that, too. Obviously, that could never happen for real in flight but they needed to introduce instability, the word possible instability, and then the engine had to dampen this out as well. So really, it became about testing and iterating and testing and iterating small refinements, small steps forward to move towards their goal. And in mid-1964, they actually came to a conclusion of changing the angles of the holes within the injector plate. This actually reduced the efficiency of the engine a little bit, but a markedly improved combustion stability. So more and more adjustments were made till eventually they could set off a bomb inside the engine bell, while engine was firing, and the engine would dampen out that instability, not in 400 milliseconds, but in 100 milliseconds. So this is a major, major achievement in terms of making this engine stable enough to launch people on. And this really, for Rocketdyne, was the turning point. So if we take a look at this, this graph here shows the cumulative burn time on the F-1 engine. You can see how it starts off with not very much burn time in 1962, 1963, and they're getting more and more time burning and testing the engine. That 2-year period, 2-year-plus period we talked about before was broken into about 7 months of testing with low thrust and about 11 months of testing with weighted thrust with full-weighted thrust, so by 18 months of testing, during which they would test and refine for that spontaneous combustion problem, spontaneous instability problem. And then about 9 months more of testing with forced instability, that setting off the bomb inside the engine bell. So by the time they got to the end of this, they had a very smooth running engine that would work smoothly under almost any conditions. And you can see from there, they got more and more and more testing, more and more burn time into the engines to a point where they were ready to actually do the first flight, the first full flight. Remember, we talked about all-up testing because this is just the first stage. But they're also testing the second stage, third stage, all-up testing, first flight of the Apollo Saturn V moon rocket. The first crew was put on the rocket here in late 1968, with Apollo 8, and they orbited the moon. Apollo 11 launched in July 1969, landed on the moon on July 20. And then all of the follow-on missions and even beyond Apollo, including in the Skylab, if we take a look at the -- what was achieved here, if -- Rocketdyne will say that the -- one of the stiffest challenges the company ever faced was their combustion stability investigations and solving those was one of their most satisfying achievements. All rocket engines have this concept to some level of combustion instability, but the huge size of these engines dramatically increased the size of the challenge in terms of solving it, and that injector plate was really key to solving it. That's why I make the assertion that this was a key component that got a man to the moon. Now here's the result. The Saturn V is one of the most successful launch vehicles that was ever launched, never suffered a catastrophic failure of the F-1. And look at that rocket in flight. Remember, I said the rocket itself is 363 feet tall. But the flame coming out of the back of those engines is 1/3 of a mile long. It's just incredible, the power and the capability of these engines. And it was really an engineering triumph to create these. So that's why I got so excited when I saw this picture of a person sitting on the deck of a ship washing off that component, washing off the injector plate because, to me, this is a central component that put a person on the moon. And just an incredible feat of engineering. And remember, this really came down to only a few people to solve this out of 400,000 working on Project Apollo. So how is this related to what you, as a network engineer, do every day? I mean I really like rocketry. I hope you can see -- sense my passion about rockets and high-performance aircraft and this kind of thing. I'm very, very passionate, very interested in those things. But how is this related to what we all do every day as network engineers? Well, we're not building a rocket with 3 million pieces in it. We're not building a rocket with 3 million parts, but we do build networks that have thousands of devices, tens of thousands of users, hundreds of applications, quality of service, embedded security, all the different functionality, multipathing, failover, redundancy, all the different complexity that goes into building a network. And I would argue that, effectively, what we're building with networks is a huge distributed machine. Just like building the complexity of a rocket, we're building the complexity of the massive networks that we all work on. So in my opinion, it's very comparable. And also, just like the moon landing is dependent on this rocket, your company absolutely depends on the network. Think about what happens in an organization. If you take the network away, if you were to say, "Okay. I've got a major, let's say, hospital and the network simply goes down, goes away, that's probably pretty catastrophic to the functioning -- the proper functioning of that organization." So companies that you deal with, depending -- no matter what industry you're in, manufacturing, health care, retail, everybody depends on the networks that we all build, that you build. And as a network engineer, you get to design the solutions, you get to solve the big problems. In other words, you get to be the hero, just like my hero, Paul Castenholz. So I think it's critically important to understand the level of importance and the level of criticality to what we all do in building these large complex distributed networks. You should be proud that you get to be the person that actually gets to step into the breach and solve these big, important problems when they arise and design the solutions and the next-generation solutions. It's an incredible privilege and you're carrying on an incredible heritage of the engineers that have gone before you that maybe worked in a different discipline like rocketry. But really, there are many, many things that are comparable between the -- what a rocket engineer would work on and what a network engineer would work on. So like I said, that's one of the reasons why Paul Castenholz is one of my heroes because he was central to leading this team to solve the problem with the F-1 engines on the Saturn V. So if we take a look briefly at what does the future hold, in my opinion, we're living in another golden age right now of space exploration. Just like 1960s was a golden age with Apollo, we're really living in a golden age in many mays. Most people probably know there's a mission underway inside NASA that's called Artemis III. The Artemis III mission is designed to put people back on the moon by 2024, right? This is the current goal. And that will actually launch on a new rocket that NASA is building called Space Launch System. This will actually also dock in orbit around the moon with a new space station that will be built that won't orbit the earth, that won't be in lunar orbit. It will orbit the moon. This space station will be called Lunar Gateway, and it's actually what the astronauts will dock with, work there before they go down to the moon surface and after they come back up. So actually, we have a space station not just in orbit around the earth, International Space Station, but in orbit around the moon as well with Lunar Gateway. Now here's a few more details on the Space Launch System that NASA is putting together. This is actually going to be built in several stages. The first stage will be Block 1, which can send 26 metric tons into orbit. This will be a twin 5-segment rocket, solid rocket boosters on the side, very similar to the ones with the space shuttle but more powerful, and they'll actually be reusing space shuttle main engine that my hero, Paul Castenholz, was program manager on RS-25s. They will be reusing those on the core stage as well. And by the way, the core stage of this just rolled out of the Michoud assembly plant last month. So they are making good progress now on putting SLS together. This will be enhanced in the future with a Block 1B exploration upper stage, which will actually be -- have the power to get humans to the moon and to get humans potentially farther out into deep space as well. It can launch a bigger payload. And then beyond that, we'll go to Block 2 of SLS, would actually have a total amazingly of 11.9 million pounds of total thrust. If you compare that to Saturn V, biggest rocket that's ever launched before that was 7.5 million pounds. Now we're going to be almost 12 million pounds of thrust. And this would give us the ability to lift up to 45 tons of payload out into deep space. So this will be a pretty amazing rocket when it launches, and it's currently slated to launch for the first time with Block 1 next year. Now beyond that, of course, there's also a lot of other things happening within rocketry. We have SpaceX, who's been developing amazing rockets, starting with the Falcon 1 in 2008, which was SpaceX's first rocket they launched into orbit. And that was designed to carry the Dragon capsule. The Dragon capsule carried by Falcon 1 and now by Falcon 9 is what is actually designed as an uncrewed component that is designed to redo things like resupplying the International Space Station, for example. Now to actually launch the Dragon rocket, this one of the reasons they had to move from Falcon 1 initial experimental rocket, up to Falcon 9 to carry their heavy payload of this. Now one of the things that was just tested recently, about a week ago, was a Crew Dragon. So Crew Dragon is the module that will actually allow humans to be launched on top of a Falcon 9 rocket and carry humans back to orbit from U.S. soil, back to the U.S. -- to the International Space Station, carry U.S. astronauts there. Now this -- just went through a test where NASA actually blew out a Falcon 9 rocket. They launched it, exploded the rocket deliberately partway through flight, and you tested the crew escape system. Those rockets on the side that are called SuperDraco rockets that launched this capsule off the top. And basically, that would be for the astronauts to escape if there was a real emergency during the launch. So that was really the last big test that they have to go through with the Crew Dragon before launching it for real up into space. Now beyond this, of course, the next stage is going to the rocket, which was tested -- first tested last year, which is Falcon Heavy. Falcon Heavy is very interesting. It's actually a 3-core rocket, 2 outer cores and an inner core. Of course, the real innovation that SpaceX has brought into the market is the concept of reusability. I don't know if you got a chance to watch the first Falcon 9 launch -- pardon me, the first Falcon Heavy launch, when it launched, but it was an absolutely amazing launch. They used clustering technology with the rockets on the bottom. So it has a total of 27 rocket engines that Falcon Heavy launches on, 9 in each one of the 3 cores. And it was just amazing to watch that not only this rocket launch, but to have the 2 cores come back and land in synchronization. It was almost -- it was beautiful. It was almost like ballet, watching the 2 rocket cores land after propelling the main core out into space. It was incredible to watch. So this concept of reusability is really the key component that SpaceX has brought. Now in addition, of course, they're working on other rockets beyond this, like Starship, for example. So Starship will be an even heavier-lift rocket, and this is really part of Elon Musk's plan to take human beings well beyond Earth's orbit and out, in fact, to Mars and to create a -- ultimately a self-sustaining colony on Mars. It's incredible work here that's being done by SpaceX and other private space contractors. I wish I had time to talk about everybody that's doing things in space these days because there's many, many companies working in this area, but SpaceX is doing some pretty amazing things. So we've seen these heavy-lift rockets like Saturn V. There's other ones. A lot of people don't know that the Soviet Union was actually developing a competitor to Saturn V to get a man to the moon called the N1 moon rocket of a comparable size and scale. The Energia rocket, also developed by Russia, and Falcon Heavy, which we talked about, and also boosters that come from elsewhere like, for example, the Chinese have boosters, like the [ MSA ] Rocket, the Long March 9, which is currently under development, hasn't launched yet. And as I mentioned, things like SLS Block 2 and Energia, right? These are all different heavy-lift rockets that are being under development right now. Now and I think these are, in many ways, are very comparable to the heavy-lift networks that we all build SD-Access, SD-WAN, data centers, all of these massive networks that we build, in my opinion, are very comparable in many ways in terms of the complexity and the mission criticality to the rockets that we are examining here in designing and building. So let me wrap up and conclude with where I started with. I think it's very important in your life to have heroes. People that you look up to that embodies some of the things that you want to be. And maybe you -- that's -- so one of those heroes is who you already are. I pretty much can state that a lot of people are already heroes in somebody else's life. So you may already be a hero. That might be people in your family. It might be people under your coworkers. But it's very, very important for you to be a hero to them, but it's also important to have heroes because heroes are who you can aspire to be. So when I think about somebody like one of my heroes, Paul Castenholz, I think about the qualities that he embodied, I think about the capabilities that -- and the things that he accomplished, and it's absolutely phenomenal. It's very inspirational for me to have people like that to look up to. And I think that you can think about this in your own life and think about many, many different places where you have heroes or you can think about people that are heroes to you in different ways. So I'm going to conclude and wrap up with this. This is something that's written on a wall in Vancouver. It's a wall mural on a building out in Main & 7th in Vancouver. I've always loved this saying. You never doubt that a small group of thoughtful, committed citizens can change the world. Indeed, it is the only thing that ever has. I think that's just a great saying, but I'm actually just going to change it a little bit, and I'm going to replace that with a small group of thoughtful, committed engineers can really change the world. And think about the people that worked on Project Apollo, these engineers changed the world. They changed our perception of what possible is. They changed it from it's impossible to put a person on the moon to, of course, we can put a person on the moon. And we have that technology and that capability and that power. So this is just something you should be very proud of as an engineer, is that you have the ability to contribute in a way that materially impacts and changes the world. Now I'll finally wrap up by saying, if you do want to understand where I was kind of joking at the beginning of the presentation about understanding network innovations from the bottom up, you can attend the session that I'm doing with my compatriot, Peter Jones, tomorrow here at Cisco Live called Cisco Silicon, the Importance of Hardware in a Software-Defined World, and that's where we -- I promise we won't go into quantum tunneling challenges at the 7-nanometer process node, but we will talk about how we develop Cisco Silicon and how that actually impacts all the products and solutions that we've built. So -- and then, like I said, I'm co-presenting that with my compatriot and friend, Peter Jones. And with that, I will wrap up and wish you well on your own personal journey, both here at Cisco Live and in your life as an engineer.

[Foreign Language]. My name is Rohit Sawhney, and I'm a group product manager on the cloud security team at Cisco. I'm happy for you to join me here today. Today's topic is Self-care for Busy Professionals, learning to invest in yourself by gaining practical advice so that you can use today to train your mind to see the good in every situation. This particular topic is a deeply personal one for me, and I want to take you through this journey of hopefully storytelling and sharing life lessons. Our agenda is as follows: I'll start with mind, body and spirit. The intersection of all 3 of those and how that balance is so important. We'll then go into a 5-step process that I found to be very helpful, a framework let's say. Based on learnings and authors of bloggers that I follow, I'll be sharing stories, and one of those is focused on something called The Dot. I'll leave that as it may, and we'll talk a little bit more about that as we go about. And we'll close with a call to action. So let's begin. What does it mean to be healthy? Healthy is the intersection of all these 3 things: body, mind and spirit. We'll actually begin with mind in a few seconds here. But if you think about this and step back, think about having a good, healthy mind. The fact you are present, you practice mindfulness, for example, but you may not be healthy from a body standpoint. Maybe you're overweight. Maybe you're breaking down in terms of your body based on how you've treated it in the past. You may have a healthy body, but in your mind, you may not be feeling present or clear. You might have a bunch of thoughts rolling in your head that prevents you from sleeping at night or staying focused. And finally, spirit. You may have 2 of the 3, you might have body and mind. But in terms of spirit, you don't feel like you're doing enough to give back. You don't feel a welcome spirit, one of gratitude, that you're helping maybe humanity. And that may be important to you, or it just may not be present today. I feel that all 3 of those are very important and recognizing those imbalances can make a big difference. We often find that the biggest battle is between our hearts and our mind and controlling that is the key to life. I know that in my experiences in life, I found that I've sometimes been imbalanced. I've also had situations in my life where perhaps I was doing a lot in terms of spirit and feeling good about that. And my body was very active and healthy in terms of what I was eating and how it was taking care of it, but from a mindfulness standpoint, I was conflicted. I felt it in my heart, and things just didn't feel right. I go for a run, and I'm worried even after what should be a stress relief where you're in a better mood. Sometimes we say about workouts, you're only one workout away from a good mood. Well, in that case, I didn't feel it for weeks upon weeks. And in that particular case, I actually had to leave my employer because I was so stressed and not feeling it in my mind. And that's a very short example of what that imbalance could feel like. Now I'm not a doctor nor have I actually played one on TV, but I've read a lot about this tiny almond-shaped lobe in your brain called the amygdala that I'm showing in the graphic here. The amygdala is actually responsible for decision-making, for emotion and for memory. However, it also is important, and why I'm bringing it up is because it focuses on negative information. Have you ever thought about how sometimes our mind focuses on negative information? Someone is not doing well. There's negative news that's out there on TV. Or we read about something and we gravitate towards it, but don't quite understand why. Well, the amygdala is actually responsible for that. So in my mind, I think, fight the amygdala. Fight this tiny almond-shaped lobe in your brain. It's obviously important for decision-making and memory and emotion, as I mentioned, but it also feasts on negative information. And that's something that we should just be cognizant of. Part of that also translates to what you see here. It's not what happens to us in life that's important, it's the way we react to it. The reality is life happens. As much as we can plan things out, we can be methodical about the way we approach our day, a situation, something we're going to do, things happen. If you have kids, you know this. If you have a spouse or a partner, you know this, right? There are things that just happen to us that we have to react to. As soon as we start becoming comfortable, things change. And so it's really our attitude on how we react those situations, see the good in things that makes the difference. It's easier said than done, I understand that, but it takes a lot of practice. And if you can just see the positive in situations and say, I'm going to roll with it. Things happen. Life happens, and maybe this was meant to be, then you'll see things in a slightly different way. And that sometimes makes all the difference. Let's shift a little bit to body. So I went from mind to body, and this is sometimes evident of things that we see at our local gym or where we're exercising, right? I'm the gentlemen here that's looking to my left and I'm saying, "I wish I look normal like that guy. I bet he's happy." So this is an assumption this individual is making. Now that individual in blue may be thinking slightly differently, right? He may not be thinking about that or even looking to his right to see what that gentleman is glancing at. He may be looking to his other side and thinking, well, I wish I could lose these love handles like that guy. I bet he feels secure. Right? Once again, this is an assumption. We always want something better. We always wish we were something else. And if there's any message you take away from our talk here today, it's this: Start with the present. You are where you're supposed to be. Deal with that reality and take a step forward to get better each and every day. We can't resolve the fact that we should be 20 pounds less weight, or we should be this point in our career. It might sound nice, and maybe that is the truth that we should be there based on our trajectory and what we've done, but we're not there, and things happen to us in life. So start with the present, deal with reality and take a step forward and try to get better each and every day. As such, try not to compare yourself to others. There's really no comparison. As you can see with this quote between the sun and moon. They shine when it's their time. When it's your time to shine, you will shine. Sticking with the body. There are a lot of natural things that are out there that we can use, and I love this quote that I saw. I believe it was actually at my local gym, and I found it and it ended up being a nursery rhyme that I didn't realize. It states that the best 6 doctors anywhere are as follows: sunshine, water, rest, air, exercise and diet. All natural things, all things that are available to us in different parts of the world. Hopefully, you have access to clean water. You have access to sunshine. I implore you to get that if you don't. And sometimes we're privileged that we have that, I understand that as well. But these are all natural things that are generally out there without any sort of supplements, drugs or any enhancements. And so I encourage you to seek those out as much as you can. It really helps the body. What also helps the body is something very natural that we don't always think of. It's this. It's water. And sometimes I find that if I keep water in front of me or have my water bottle that I travel with, I drink it a lot more. I felt I had to drink that since the slide is all about water. But nonetheless it really helps in all the ways that you see here on this slide: preventing headaches, metabolism. One of the best things you can do in the morning is have a glass of water by your bedside and drink that. And sometimes, people believe it should be slightly warm with some lemon and turmeric, like my mom will tell me. Some people like it just room temperature, some like it really cold, whatever makes sense for you. But it's important to have that and it really helps with a fresh start, but it also helps with clear skin and having a better mood. And once again, it's typically accessible to us. We don't often drink it enough, but it's very, very important. Another thing that's very important that we sometimes take for granted, and sometimes we have to have technology, funny enough, to remind us, is to breathe. I find this fascinating. I do have an Apple Watch, as you can see here. And it reminds me almost every day to be still and to take a deep breath or have a minute of breathing. And typically I find myself doing this as I'm putting my kids to bed or after a workout. But just think about that, technology actually has to remind us to breath. We're breathing at all times, but we're not always taking deep breaths. One of my latest mantras has been, and I'm sharing this with my partner, is when you feel really angry or stressed, take what I said in the previous slide: take a big glass of water and down it and then take 10 deep breaths. Deep breaths and do that 10x. And then see how your mood is slightly different. You've allowed yourself to retrospect and breathe. And maybe that's a situation that was really stressful to you is not going to be as stressful where you've had the time to think about what made you angry, what made you upset, something someone else was doing. And after that glass of water and those deep breaths, perhaps you might feel slightly different. Try that. Let's transition a little bit to eating. And I'm not going to spend a ton of time on this, to be honest. But I found this quote to be very helpful, which is keep good things in front of you. If you don't want to eat those bad things, like those sweets or those other maybe treats that you have that may be important to you, in certain times may be comforting, get rid of them. Keep the good food in your fridge, and you'll tend to eat those good things. When you reach for that snack, if you have that drawer at work or perhaps in your backpack, keep good ingredients there in front of you. And there's a ton of them out there. It's important to start to read labels. This is something honestly I didn't even think about until my, say, mid-20s or 30s. Taking the back of, say, a granola bar, turning it around and after reading that label, looking at things like serving size and calorie count. And more importantly, nowadays, I'm actually spending time looking at glucose or sugar. There's a ton of things that have a ton of sugar, and we don't always realize that. So take the time to actually educate yourself and learn about that and keep those good things around you. So when you turn in those times when you really feel hungry, or hangry, sometimes they say, that you reach for good things. This particular quote is actually just a picture I took from my local YMCA where I live in Silicon Valley. And it says, don't go on a diet. Diets are notoriously ineffective and rarely work for the long term. It's one of the strongest predictors of future weight gain. Instead, adopt a healthier lifestyle incorporating whole foods, more movement, exercise, and nourishing your body instead of depriving it. Now I will state that a lot of what I'm sharing here is a personal bias that I have. I'm conscious of that. And I know there are a lot of people that do subscribe to diets. In my experience, they don't always work, and I've never been a fan of those. It may be effective for you. However, I also feel if you step back that why deprive yourself of things that you do enjoy. Once in a while, it's okay to enjoy that pizza or that craving that you may have. There's something called the cheat day, funny enough, that a lot of people subscribe to. If you're doing healthy things during the week, 6 days a week, take a day and indulge, and that's okay. You want to have that dessert, you want to have that meal. Or someone wants to share some treats with you that they made, maybe home-baked items, go ahead and have that. Don't feel guilty. But don't deprive yourself of those things. Naturally, focus on having healthy meals the majority of time, moving your body. And typically, those healthy lifestyles will become habits over time. This quote essentially says the same thing, but the main takeaway I have from this particular thing is to find things that you love to do. I think that's hugely important. I tell this to people all the time with respect to exercise. I'm a huge fan of exercise. It what fuels -- it's what fuels me, and I always take at least 30 to 60 minutes a day to find that time for myself. This will go into the framework we'll talk a little bit about later as well. However, not everyone enjoys going for a run, like I may, or going to the gym. These are things that I practice over time and they fuel me because I do think slightly different. But I do try to make it fun. I'm not always doing the same thing day in and day out. However, I encourage you to find things that are fun for you. If you like dancing, dance. If you like walking, walking is one of the best things that we can do and something you can do until your older ages. Likewise swimming. But if you like more nontraditional things like gardening, or just going for a long walk on the beach or something else, some other cardio, let's just say, then go ahead and do that, but make sure it's fun for you. I also translate that to music. Sometimes music can really fuel you and provide you inspiration. I can tell you from personal experience that sometimes putting on that right song at the right time can give you that extra push that will make you go for that extra mile or do that extra set of push-ups or weights. And it's amazing how that can play into our psyche, and sometimes even affect our entire day's mood. I tell people sometimes that you should have a theme song. And that can change by the week or sometimes by the day. There's so many great subscription platforms that are out there today, pick one, Pandora, Spotify. There's other ones in -- I think Deezer is one in Germany, if I don't recall, if I recall correctly. Whatever it is subscribe to one, discover music, talk to friends about it, and you might find inspiration in a particular song you hadn't discovered before. Share that with others, and that will really fuel you like this beautiful quote states. As we wrap up the section on mind, body and spirit, I'm going to talk a little about now the aspects of spirit in a second, but sometimes our mind is so busy at the end of a given day that we don't spend enough time soothing it and calming ourselves down. And I've often read that people make a concerted effort to wind down at the end of the day. Now you can do that in many different ways as a ritual. You could start dimming the lights. You could have a glass of water and digest your food after some time. You can read a book, which is I find one of the best things to really just wind down and make you sleepy. And so whatever it is that you do, try to calm yourself down. But one of the key things is don't look at your phone. Don't look at technology if you can prevent it. Start to go dark after 10 p.m. or 10:30. Now I'll admit I'm guilty of this all the time. Myself and my partner, we have to work sometimes after putting our kids to bed. And it's difficult at the end of a day because you haven't found time during the day to complete all the things you wanted to do. So you have to real -- deal with that reality. But as much as you can, try to wind yourself down. And you find that you'll have much better sleep as a result of that. The body benefits from movement, and the mind benefits from stillness. Think about the juxtaposition there, right? We just talked a lot about moving your body, being active, but the mind just wants deep breathing, wants you to be still. Now I'd like to go a little bit into spirit, and spirit is really about positive thoughts to me. Surrounding yourself with positive thoughts, positive energy, it will restore you and ultimately make your body healthier. Think about stories. Think about people that we know. People are always complaining and talking about negative things, gossip let's just say, it doesn't always fuel you. But think about positive stories that you hear in humanity, in people helping each other and good things that they did. That really does provide inspiration, and that typically enlightens yourself and your mood. So try to think about that. I find it fascinating that a lot of these things that we've just discussed in the last few minutes are actually learned at a very young age. When my 2 daughters were in kindergarten, I would see tons of things around the classroom where I'm like, yes, that kind of makes sense. We should not hit people. We should play fair. We should share things. And we should give back and have balance in our lives. So if you think about this slide and all the things that we typically learn at a young age, they're very true today, but we often forget them. With respect to that, I think about the spirit and gratitude. And these are some pictures that I'm sharing from my personal experience. I've been fortunate enough to spend time volunteering, and this is something I love to do. And typically it has to do with children. As you can see on the top right side here, I spent time in a HIV/AIDS orphanage in India. I spent a greater part of my life just volunteering with an NGO called Freedom Foundation outside Hyderabad, India. And the 20-plus kids that I spent time with there were just fascinating. These kids were anywhere between 2 and 12 years old. They all were HIV positive. And their parents were no longer around because they either passed away or abandoned them. I didn't cure cancer. I'm not a doctor. I just went there every day and spend time with them. I sat with them. I didn't actually even speak the same language. I speak Hindi, they spoke Telugu in Hyderabad. But I played with them. I played cricket, which I enjoy doing, and I learned from them. I spent time at festivals. And we've built a library for them where I fixed computers. Whatever I could do, but it was my contribution. And really at the end of the day, it provided me energy and gave me a lot of inspiration to keep me grounded. Likewise, when I came back to the States from that experience, I wanted to make an effect on someone's life. And I met a young boy named William who is an undocumented immigrant, although he didn't know it at the time. I met him through Big Brothers and Big Sisters. He was 14. He's now 23. And I happen to have the experience of spending time with him. His parents left to go to Mexico one day and they never came back. They were undocumented and they could not ever return back to the States. Shortly thereafter, he found out that he was not born in the States and was no longer a citizen. He was actually born in Mexico, but his parents never told him. So to this date, he continues to remain undocumented. But he is thriving through our support and through his own -- through just his own accord, he's done a lot of great things to improve life for himself and for his siblings. And so I get a lot of inspiration from him, and we stay in contact very often. This last picture probably begs some explanation as well. You're wondering why I'm in a tutu. One of our friends had triple-negative breast cancer. And so I just did a fund-raiser for a half marathon that I was running. I said if I could raise over X amount of dollars, I'll go ahead and wear a tutu during the entire race. And the fact is I got this tutu from my younger daughter's preschool teacher. It was a size too small. I put it on that morning. And I think I felt that I had to go to the bathroom pretty much in my first mile. I never stopped. I just kept going and going because I wanted to make my time. And it was a great experience. But these were just 3 examples of things that I've done that fuel me, give me inspiration where I was able to give back. And I continue to do that today in many ways through coaching my daughters and spending time with kids. You don't have to do those things. You can choose your own path. But having that positive spirit and surrounding yourself with learning really I find gives you inspiration but also grounds you. Like we're really lucky to have this platform, all the things that we have around us. And typically most people in the world don't have that. So let's be thankful for all the things we have. And I find that, that allows you to really just open up and do greater things in the world. So let's focus on the little framework that I like. It's a 5-step process. Let's starts with focusing on yourself. Think about an airplane and the oxygen mask. And maybe you've heard this analogy before. Why do we put on the oxygen mask first as opposed to giving it to someone on our side? It's because we need that energy. We need to be running on full versus empty. If we just grind ourselves down day in and day out and we're running on empty, we can't give of ourselves. If we have enough energy, and we focus on ourselves, we can give a lot more to others. Step #2, make time for the things that are important. We are often guilty, myself included, of saying we're too busy. It's been busy. It was a busy day. We didn't have time for this. Too busy is really a myth if you think about it. People are spending time on something. We all have the same 24 hours. We're spending time doing something. Maybe it's watching a show. Maybe it's on our phone looking at a social feed. We're spending time doing something, and it's not something else. So I find that people do make time for the things that are really important to them. If you look back in retrospect on your day, look at all the things that you did. You spent time on those and you didn't spend time on something else. So that's what you prioritize, which we'll go into our next topic shortly. Something I did want to highlight about making time is a fascinating book called Make Time. This is actually something that in our product organization at Cisco, we read. All the product managers read this. And it comes from Jake and John who both spent time at Google. And they have this really great framework that you can see an image of here where they talk about what is my highlight today. If I wake up in the day or maybe even the day before, which I encourage you to do, take a post-it, write down what are the great things that you want to do the next day. What is your main highlight. I want to give this talk to all of you so you're aware of self-care. Or I want to really finish that coding project and crank out the code that I wanted to do to help my teammates. Or I want to spend time with my spouse, or I want to make a fabulous meal for my family. That's your highlight. Gravitate towards that, laser focus on it and see the things that give you energy during the day. It's about self-recognition and using that framework. I encourage you to look that up. In terms of prioritization, which I hinted earlier, try this saying: I don't have time. It's not a priority. And see how that feels. Once again, we all have the same 24 hours, but we're choosing to spend it on certain things. So if you can actually say it in front of someone, I didn't have time because it wasn't a priority, that will really hit home as to whether that individual that you're speaking to or that thing that you wanted to do is a priority or not. Set boundaries. One of the authors and bloggers that I follow is a gentleman by the name of James Clear. He resides in Columbus, Ohio in the States. And he says, the ultimate productivity hack is saying no. For those of us who work in the product management space, we're notorious for saying no to engineers and other teams. It's actually a mark of a good product manager to say no. Why? Because you can't say yes to everything. If you said yes to everything, you're probably oversubscribed. You can't do it all and someone is going to be disappointed. Likewise, you have to say no to things in life. You can't go to every event. You can't say yes to every social obligation. And you're just going to tax yourself. You're not going to take out time for yourself. So ultimately you do have to focus on saying no. And it's a very difficult thing to do. I'm not trying to say it's easy. You have to practice it. And you also have to make sure that other people's feelings are not hurt. If you have family, you have relationships, you can't say no again and again to attending something with your kids or your partner or family members. They're just going to cut you off. They're not going to invite you after a while. So you have to balance that. You have to find the right balance to take out time for yourself, but also say no to certain situations that maybe you already experienced. Maybe it's not a learning opportunity or it's just not a focus right now because it's taking you away from what really energizes you or what your highlight of the day was. Another very important lesson is that little steps matter, little and often makes much. This once again comes from James Clear where he says, optimize for tomorrow as in literally the next day. Don't think about a week from now, a month from now or a year from now. Just save to be a little richer tomorrow, exercise to be a little fitter tomorrow, or read to be a little smarter tomorrow, 1% every day. And so he has this fascinating graph that I'm going to share with you that really extrapolates this out. And for those of us who likes science and math, I thought I'd share this with the community, the power of tiny gains. If you just get 1% better every day and focus on that 0.99 to the 365 power -- sorry, 1.01 to the 365 power is 38% rounded up better in a year. Think about that. You're 38x percent better at the end of the year by just making 1% incremental improvement every day versus the opposite of that, as you can see. So that's just focusing on not trying to do too much, just trying to get a little bit better, pushing yourself a little bit more each and every day. Another thing I think about is pushing yourself slightly to the edge. Think about any of us who've attended, say, a sports or recreation class. Maybe you attend one of those boot camps that are so famous, or a biking class. Or a friend invites you to some yoga session, but it's an advanced yoga session because they're used to advanced sessions. You go there, you push yourself and then you find yourself never coming back. Does that sound familiar? We've all somewhat been there whether it be with exercise or doing something extreme. And so the Goldilocks principle, if you know the story, says it's not too hard, it's not too soft, it's just right. But finding that balance of just right and slightly above that is something that we can really embrace when it comes to our mind and body and spirit, but also as it relates to work. If you can find that right project that pushes you just a little bit, but not too much, you're going to be in that zone where you're really going to be able to push yourself and benefit from that. And so that's something that as a leader, we can give to our teams, but that's something you can also recognize in yourself. Is it too intimidating? Have I been given a project or something I'm embarking on that's just way too much over my head? Sometimes people will react to that in a negative way and you might revert. Whereas you can embrace the challenge if you find something that is slightly at the edge of what you know you can do. Another framework I really love is from a book that I've read called Life as Sport from Jonathan Fader. I encourage you to read it, especially if you're like me and you like sports analogies. And he focuses on something called The Dot, D-O-T, doing, outcome and thinking. We often gravitate towards the outcome, right? We want to be somewhere in the future. We want that VP position. We want to be 20 pounds lighter, et cetera. But we don't always focus on what we're doing day in and day out, how we visualize those things, our breadth, our routine, our process. Nor do we focus on how we think about those situations, our self-talk, are we psyching ourselves out, are we motivating ourselves. Jonathan Fader talks about doing things, thinking the right way, the mindset and not focusing on the outcomes. The outcomes will just follow and naturally over time. You might see the intersection between this framework and what James Clear talks about, what I highlighted earlier. Very similar where they're not focused on the end result, but really on what you do day in and day out and how you improve your situation and how you think about that. So this comes again from a quote that I found. Why focus on process when the world is outcome driven? Don't results matter? Yes, they do matter. You can take shortcuts. You can optimize for the outcome, and you may win one time. But if you optimize for the process that leads to great outcomes, you'll win again and again. Think about that, right? We can all take shortcuts. We can all find ways to get there. And sometimes, people take extreme measures to get there. You often find that in sports where athletes will take certain enhancements or drugs to cheat their way to the top. And maybe that will fuel them. Maybe that will give them the next contract, but there's a repercussion for that. They may win then and there but they're not going to win every time. Their legacy may be tarnished at the end of the day. And I'm sure you know people like that. So if we optimize for the process that leads to great outcomes, we'll do it again and again. We can win again and again, and that really is the right approach. A way to start and a very simple one is make your bed. It may sound very trivial and very basic, and you might be thinking to yourself, Rohit, what are you talking about? You put a whole slide up here just about making your bed? Yes, I did. I say to my kids every day. It's something I do day in and day out, and it's a habit of mine. Before I even brush my teeth, I've probably made my bed. Even if I'm late for work, I'll probably stop and make my bed. If somehow the bed is not made in the way I want just because I'm anal about it, I'll make it again. That's just me, right? But it's still something that you can do as a first thing, and you've accomplished something, right? Just like people have sometimes done a bunch of work before 9 a.m. like going to gym or have time for themselves, had a nice breakfast, read a book, it's some accomplishment that will fuel you and motivate you. And so the simplest thing you can do is make your bed in the morning. Another thing that you can do to retrospect on this that I found is journaling. Now I actually don't do this, but I found this 5-minute journal concept. I do this in slightly different ways, I'll admit. I do have a lot of thoughts in these journals that I write and keep with me on planes and trains and things of that nature. But if you use this framework of the 5-minute journal, you'll see that it reflects on a lot of the things that we've talked about today, inspirational quotes that you find. How would I like to make today great. What energizes me, what's my highlight of the day. What are my challenges. What am I grateful for. That intersection of mind, body and spirit is documented here. And so this is just another tool that you can use in your tool kit to think about this, enforce it. It also makes a wonderful gift by way, so give it to yourself or give it to people that you know and care about. Another very important thing I'd be remiss if I didn't focus on this is support. You want to find support for all these things. You need to let people know in your life and in your circles that you're trying to improve your life, that you need to take time for yourself. I just need 30 minutes. I need 60 minutes. My family knows this about myself. If they see me go out for a run or they see me go to the gym, they're like, okay, Rohit needs his time. That's all he asks for. The rest of the time is for the family. So we appreciate that. You need support from the people around you, whoever they may be. And we all have different circles, whether they be at work, ourselves, our own mind and talking to ourselves, our friends circle or those in our family. There's an intersection or Venn diagram of those as you can see, but share that, that will also help with accountability at the end of the day. So with that, I'd like to end with a call to action to you. If there's anything that you've gotten out of this talk, and hopefully there's a few nuggets that you've been jotting down, it's about recognizing those imbalances. If you feel off in some way, I'm spending a bunch of time at work, but I'm not spending enough time on myself. I'm not spending enough time with my family. Or I'm not spending time in my own thoughts to be creative. Recognizing those imbalances I have found is so key, and it takes a ton of time and effort to be able to do that. I'm in my 40s now and I've discovered that only in this period or in this decade of my life. So don't beat yourself up. It takes time. But just recognizing that imbalance is half the battle. Also, as I mentioned earlier, go with the flow. Sometimes, you can't control life. Life happens, things happen. Go with the flow, see the positive in all the situations. But still find ways to make time for yourself. Even if it's 5 minutes of the day, do that. Go in a corner somewhere. Do some deep breathing. Find a way to just do a 10-minute exercise set. Whatever it is that you need to do, and that will fuel you, but also give you time to retrospect in your own thoughts. Seek support, as I touched on earlier. And finally, and really the most important thing I can say, make it fun. I tell my girls who I coach is you should respect each other. Listen to your coaches. Give your best self, right, try your maximum effort. But ultimately, have fun. You're here to have fun. If the sport doesn't feel fun, if this process is not fun, let us know. So find fun in all the things you do because ultimately that's what life is about. You want to commit to the process and that will ultimately determine your progress, as the quote says here. And finally, because I'm a fan of quotes, I'm going to end with this, one of my favorite quotes from Roy Disney, which is, "When your values are clear to you, making decisions is easier." It allows you to feel grounded once again. And know that this is important to me in life. As a result, I'm going to make this decision. I'm going to say no to this. I'm going to spend time here because that's important to me, that part of my core values. And once again, that requires a lot of retrospective, timing your own thoughts to recognize that. With that, I'd like to thank you for the opportunity. I'd like to thank the Master Series studio and the crew here in giving me this platform to share this with you. And I'd like to thank you for listening. Please take a step forward and look to get slightly better each and every day. We all have an opportunity to do this. And so I encourage you, there's never been a better time than today to start. Thank you.

Hello, everyone. Welcome to Cisco Live and this is the Master Series studio. My name is Andy Sholomon, and I'm here to present about doing micro-segmentation with ACI and Tetration, and next to me is Remi. Remi?

Yes. It's fun to be here.

It is? So Remi and I have worked together for how many years now?

Too long. Way too long. Yes.

So today's agenda is -- we're going to be covering why doing micro-segmentation is important, how to do it with ACI, and how to improve your security posture and how to use Tetration to improve your security posture as well. But I really want to begin with why micro-segmentation is important.

That's actually a really good question. Why is it important, Andy? Because...

Tell me more. So why is micro-segmentation important? There's a lot of security risks we run into in our everyday world. And more and more times, we keep hearing about people being breached. And really, very often, the breaches are about lateral movement across your network. And so if you look at the slides on top of the slide there, there's sort of the typical 3-tier architecture: the web, app and DB, and a lot of people would think that, that's very secure because of the fact that they have firewalls between there. But what happens very often is a single server can get compromised. And sometimes this is just your HVAC server, Windows server, and in nowadays, in today's world, a lot of these servers are virtualized. And when they're virtualized, people tend to clone them and when they clone them, they have to have the same security vulnerabilities amongst all those servers. Generally, they're in the same patch level. So if one get -- one server can get owned, once it does get owned, with this type of setup, the lateral movement is quite simple. If you can own a server, you can own the second server next to it and then the one next to it as well. So this just adds to the amount of problems you can create. Sometimes, they are not even the same type of server, but they're in the same patch level. So getting some kind of segmentation's very useful.

So and does that mean -- are you saying -- so just to understand, you're saying it's kind of open bar between all the servers in the same level?

In general, in general, that's what we see.

Well, that seems fun.

I know. This is a lot of fun for a hacker.

Oh, yes.

So a very simple micro-segmentation use case would be something like, hey, I have my web servers. 99% of the time, there is no reason for my web servers to speak to each other. So if I could just keep them apart, just like I'm doing in the boxes here, if one of the servers does get owned, as we're showing in this slide, that's a bad thing.

Hence the animation.

What's that?

Hence the animation.

I know. I get paid by the animation.

Oh my god.

Every blink is an extra dollar. And certainly, if one of your servers does get owned, the likelihood of you getting hacked becomes a lot smaller, right, because those servers can talk to each other. And we do have some form of security between the app and the web servers. So that's a very simple use case for micro-segmentation that some people would enjoy. Other ways of looking at it is, you could have your prod, your QA and your dev all on the same subnet.

That never happens, Andy. What are you talking about?

No, no, no. All -- everyone has a very, very well-defined security posture, and they separate all their VMs.

I was a bit scared that you're saying this. You're saying that they're [ put that on that ] network? No.

No, this almost never happens. But on the very few cases that this does happen, having -- this is a very simple segmentation process: keep your prod away from your QA, your QA away from your dev, and you're in good shape, and you can still use all the same subnets. And the idea is now your automation orchestration can get a lot simpler because I don't care that I'm all on the same network.

That makes sense.

Yes. And then another very simple use case is, hey, I don't have to split my web app and DB on separate subnets. If I can do some form of segmentation, I can say my web can talk to my app, my app can talk to my DB, and the usual, my DB cannot talk to my app, a very simple use case but can be useful for some people.

So is that more like simplified, you can have the networking constructs and -- without getting -- without compromising security?

Exactly. And at least, this is a simple way that people would consider micro-segmentation as well.

Okay.

One thing that's super important that if you get nothing else out of this entire session, and you probably won't, you need -- you cannot do any kind of segmentation without having some sort of application dependency map. You need to know that app talks to DB and not to web. And how to do that is very -- well, it's simple to say web, app and DB. In the real world, it's never that simple.

Oh, yes, because you don't even know which servers are actually part of web and app and DB usually if you're talking about like 10,000 workloads running across your environment.

Yes. And things can get really complex. So we have covered up the IP addresses here to hide the innocent. But this is a small -- well, it's not a small -- this is what a real data center communication looks like. What possible tool could have done such a beautiful picture?

I don't know, Andy. You'd have to tell me because I'm amazed that, that seems a great communication. So what you're saying is that, the little dots and the arrows are all the communications between tiers and so on?

Yes. And look, the thickness means more or less. The thicker the bar is, the more communication is happening. It's like a chord bar or something, chord graph or something.

A cool chart. I wonder what could have done that.

But to be serious, doing segmentation on this would be very, very complex, right? And so if you look at it, this is just one small data center or one real big data center, and all of those conversations are going around. And to be fair, because I'm going to give away the ending, this is not something that you can just do with something like ACI. And then finally, if you look at a simple thing, this is a single application. So we were talking about web, app and DB, that doesn't exist, right?

Oh really, the famous 3-tier app that everyone uses doesn't exist?

That doesn't exist, because this is what an actual app looks like in a data center, and so you can see the complexity and the fact that we're going to have to do something a little more complex than just web, app and DB, which brings us to sort of the ways of doing enforcements, right? There are 2 types of enforcement points we're going to talk about today, a host-based and a network-based. And they all have good and bad things about them. I mean, the host base is close to the application, but it has some cons because it's guest OS-dependent. And sometimes it could be complicated. A network base is also very good, and that's the one that you see with firewalls, general or access control lists. There are very good things that distribute it, and you can do a lot of -- you can do a lot of, bulk of data, but there are some cons because, a, you're not very close to the application sometimes. You have memory and TCAM requirements and just could be very complicated as well. So the real idea here and the reason we're doing this as an ACI and Tetration session is because we feel that combining both a host-based and network-based tiered security is the right way of doing it. And it's good because it's tiered, and it's good because you can have operational diversity as well.

And so the idea is kind of going towards defense in depth with having some policies, maybe a bit wider, that can go higher. And then the further you go down the stack, the more, let's say, fine you are in terms of policies?

Absolutely. If only we had some slides to cover that.

Yes. Wouldn't that be awesome, right?

That would be amazing.

So there are some slides then?

Wow. Shocking to me. I should have looked at the slides ahead of this.

That would have been nice. But then -- so in short, to a hammer, everything is a nail, right? As simple as that. And so when we see a problem, we try to apply the same thing every single time. And the problem we're having is that, well, I mean, some things are not very well enforced on network. That's just -- I think that's like that. You've connected to a firewall with over 1 million ACL, I'm sure.

Just a couple, yes. But at the bottom, there's always a permit any, so it's okay.

Exactly. See why your protection is a famous one. So yes, absolutely. Yes. So in the end, you're thinking, well, okay, if I have that big, why can I just put less policies per VM and just have them across all the VMs? And so if you look at how the thing is done on one firewall, you would have, for example, 1,000 policies. But maybe you might want to move to say, hypervisor-based enforcement. Eventually, you have 2 hypervisors, still the same amount of VMs. So you get maybe 2 x 500. That's 1,000, I heard.

I'm doing the math in my head.

Yes, it's very complex at this time. Or you can actually make it very simple, and you could have 100 x 10 policies. Obviously, in real life, it will probably not fall that perfectly in terms of spread. But that is a good idea, where it goes.

Absolutely. And it gets simpler when you do it this way.

Yes. Even just in troubleshooting, I mean...

There is never troubleshooting. Everything always works.

I forgot about that. Everything is about perfection, right?

That's right.

So if you take my very simple, classic net -- enterprise network, right? It's always as simple of that. There's a firewall, followed by a fabric, followed by VMs, right?

That's what everybody's network looks like.

That's what I thought. Everyone, some people tell me that you can do more complex things, I don't get it. So let's look at the firewall at the edge. It's a hardware box. It so -- it means they can do high throughputs. It can do some advanced features on it. So actually, it's a pretty good place to enforce incoming traffic, yes?

Absolutely.

Now would you want to actually drag your traffic coming down from the Internet down to final servers, to go in, in force? I mean that's a bit far.

I probably wouldn't.

It's not a great idea. I mean...

Nope.

Some people may have tried. Let's put it like that. But the problem with those boxes as well, I mean, the blast radius is -- I mean it's pretty big. If you mess it up, you're kind of the -- the system is down.

It's the good old story of hard outside and soft, chewy inside.

Exactly, just like chocolates. So the beauty of that is, if you think about it, if you could get to have a very low rate of change at the edge and then keep the kind of the higher rate of change towards the interior of data center, you're actually going to reduce the risk of breaking something as well.

Absolutely. Or the risk of breaking everything is a better way to put it.

Actually, it's -- that's probably much more accurate. So what you would do there is you will create some super course rules, like Internet is allowed to access, my load balance are at port 80 and 443, campus is allowed to access my DCN 389, 443. That's it.

That's it? And you don't change it? Ever.

No. So obviously, from a security standpoint, if you leave that like that, we don't do anything more, it's probably a bad idea.

What does my permit any go?

Done. No more permit any, Andy. It's finished. No more permit any.

No more job security for me.

You don't need it anymore.

Fair enough.

And then now, remember, we're layering. I think that's really important. Don't stop at the first part. It just someone -- people are watching. Be careful. Don't stop now, listen to the whole thing. So now look at ACI. ACI is a concept of EPGs, which we can simplify in zones. I mean it's probably not fair, but simplified in zone. And ACI happens to be ASIC-driven. So if you look at that, I mean, it can take high-volume of traffic and basically is going to handle that really well. But then again, do you really want to come and touch that thing every single day, modify policies?

Absolutely not.

Yes. I mean kind of make sense, plus why would you want to do that as well?

No, you don't want to be touching the policies on that. That may even be a change management nightmare.

Oh, yes, my God. Don't start with that. That's so terrible. So let's look at that. Now we have some different sets of rules here because now we can say campus is allowed to access dev or port 80, because you know it's dev, dev can go over port 80 and campus can access prod or port 443. Trusted, can access, shared over like 53, 1233, 89, they're kind of classical, kind of shared services ports. Again, it's wide, but it's tighter on the edge of your network. So as you move forward, it's actually getting smaller and smaller and smaller.

And those groups can also be dynamic. So if you are using something like VMware, ESXi, I can tag VMs, in essence, tag VMs to it, they will end up in the right EPG. So it becomes dynamic without you having to touch the policy.

Yes. That's perfect. Now everything is dynamic in [ EPC ], we [ action request ].

Exactly.

That's the future.

Is that the future?

That's the future. We're there.

We're there. This is so exciting.

Now we're getting to the final step. Ready?

I'm ready.

Let's talk about microsegmentation. And when we talk, I would want to clarify, when we say microsegmentation, we actually mean microsegmentation. We don't mean micro zones, because I mean, that's something that tends to be confusing on that. So now we are moving one step down, and now the traffic is actually arriving to the host, has been cleaned up quite dramatically, like no more Internet traffic, campus traffic is thin and now the access is actually restrained, so my rate of traffic is lower, and I have more workloads, so I can actually go much finer in policy. So I can go from 1 or 2 policies at the edge, 3 or 4 in the middle, to maybe 10 or 20 down inside the center. And now I can say, while this active directory group is allowed to access the server or port 80, and now you can create those kind of super, super fine grain policies when in your environment. Coming through dynamic attributes. But if you were to do that on the fabric, you will actually end up being, doing like so many changes per day that you'd be unhappy.

It would be a tough one to figure out, right? So we can even call this Pico segmentation, even smaller than Nano. We're going to have to, like...

Copyright that? Yes, I think that's called a...

I can hear the money rolling in as we speak. I want to make a t-shirt.

We'll make a t-shirt out of this one for sure.

That's right.

That's kind of the idea of how deep you can go at this level in terms of segmentation.

And so now we'll take one of those layers where -- one of the things I want to be sure that we all get to is the fact that nowhere does this mean that, hey, if you have ACI or if you have Tetration or if you have ACI and Tetration, you throw away your firewalls, right? That's defense and depth conversation. And it's -- maybe you simplify your firewall policy, but you will still need those firewalls there.

Absolutely.

And so now we'll talk a little bit about how to improve your security posture using ACI, and then you are going to take us home with amazing Tetration knowledge.

Absolutely.

Wow, I'm very relieved. I was hoping that, that's where the slides were going.

I think that's the -- Yes, it is.

So if the second thing I'd like to take away from this, the first 1 was, you need to have ADM as an application dependency map, but for me, please, you should realize, there is no such thing as running ACI network center trick or application-centric mode. Are you shocked?

I'm in total shock.

I am shocked too. There is no such thing, folks. Let's just please learn this. What your -- these are some terms that we came up with a little while ago where people were talking about just using contracts or not using contracts in ACI. And somewhere along the way, there was a divergence. But the reality of this is that in ACI, there is no thing as application-centric or network-centric mode. You can use both of them at any time. There is no reason for you to lay yourself into a place where you're only using one or the other.

So there's no switch to be application- or network-centric?

There is no switch. There's not a network-centric button. I know. We have every other knob, that knob does not exist.

I didn't know that. I was looking for it for like the last 4 years.

I know. It's amazing, isn't it? So I guess the bottom line of it is that you can bring things in without policy, if you don't know what the policy is because you need an ADM, and you can slowly move things to a policy-based model where you start adding contracts. And we are not going to spend a lot of time about covering how preferred groups works and things like that. But the reality of it is that there's all these tools inside ACI that you can use for getting into a policy model, which is what people now call application-centric. So there's a few things that you need to know about ACI, and they are important when you were doing your security policy. ACI that uses a concept of white list model, the default behavior in ACI is that 2 endpoint groups cannot talk to each other.

Two endpoint groups, okay?

Okay. That's default. We can check our checkbox and allow them to speak to each other. But the default behavior is two endpoint groups or 2 zones, by default, will not speak to each other without the use of a contract.

Okay. So it's kind of whitelisting by default sort of thing?

Exactly.

Okay.

And then you can even whitelist all the way down to within the endpoint group if you want to, where I can say these are all my web servers. And frankly, they have no reason to ever speak to each other, even though they're in the same endpoint group.

Okay.

We can even apply policy that says, okay, I will allow ping between the web servers and nothing else. So we can really be very fine grained within that endpoint group range. But there are other things that are important to understand. When you're talking to your security team, you have to understand that ACI does Layer 4 contracts, right? So at Layer 4, we do the contract. To be quite fair, it is, I would say, stateful-wide mean you do have a small state engine in the fact that you will allow the traffic back. So if I allow traffic 80, port 80 into a port group, I will allow the traffic to return without me having to open it. So it's not completely in ACL, but it's ACL-like behavior. So -- but it's not stateful. I want to be very careful here, okay? We do not keep [ sin, sinact, act, flags, ] things like that, are not things that we are tracking, not sequence numbers or something like that. It's an ACL. So we run at a Layer 4 ACL, it's hardware-based. We can push stateful policies into the B switch though. We can use OVS for some stateful policies, but still at Layer 4. And then we can do some stateful connection tracking using AVE or some other tools. But the bottom line of it, it is still a Layer 4 firewall. So if you're going to go to something that's more granular or something that's more defined, then you can go to Tetration to some more granular policy. And if that's not the use case, then maybe a next-gen firewall for that EPG is the right way of using it, that they can look deeper into that, the workload.

Okay. I see. Okay?

All of this enforced at the leaf layer, and it's all hardware-based, and we can do it at line rate. So if you have 100-gig ports, we can do policy at 100 gig. There is no penalty for applying policy.

Okay.

But let's look at the real world, right? One of the reasons that people end up in what we call network-centric mode is sometimes they bite more than they can chew. I know, I know [indiscernible].

[indiscernible] a little bit more.

Because I think they come into this whole ACI thing and they go, you know what, I'm going to have an ACL for everything. Every single packet that we'll ever go through, we're going to create a policy for. And without having a good application dependency map and -- it's very difficult. And sometimes, you'll end up in a situation where either you just consume such time, you make things too complex. So when you look at this application on the screen right now, that's a real-world application, there would be 50, 60 contracts to make this thing work. It's doable, but it's complicated when you start out. But what we can do, what makes people more successful, in my opinion, is doing something like this. I can tell you that these 7 VMs, these 3 containers and these 4 bare metal servers are all part of the same application. And if I can just say, okay, I'm going to take all these different parts and put them as a single application, and I will put them in the single policy group, I don't have to go 443, 80, 197, blah, blah, blah, all port 80 and all that stuff, I can add them into one policy domain like this and then have contracts from the outside in, and from that entire application to all my shared services. And now you're looking at 5 contracts per application, and then this is a very easy thing to do with tagging of your VMs or using an IP address or VM name, you picked the way of doing it. You add them into a single application. Generally, applications do not have to talk to each other in the east-west way. They tend to go across the way you're looking at it that way. And generally, I can make sure that, hey, you go to my load balancer that's done on the firewall, as you were mentioning before. And then I keep all the rest of it as a single sphere. Eventually, I can unpeel this onion or I'm trying to find -- what's a good word for here? I am lost. We can unravel this whole thing, and then we can start adding more policy and more contracts to it, but doing it the way I have it on the screen here, I think it's very achievable. People know which servers are part of which application.

That sounds fair. I mean -- and that looks a bit like application-based sort of segmentation. It's simple to understand.

Yes.

Again, low rate of change once it's done.

Absolutely. So -- and this is a very achievable way of doing things.

Yes.

And now to you, Remi.

So let's unravel the onion. So let's save it up, how we're going to address that with Tetration, and what I'd add on top of what Andy was explaining from an application standpoint. And indeed, the idea to move from the application, which was maybe one EPG and maybe more, down to individual VMs with the less, let's say, maintenance, our overhead on the upstream. We like upstream. We don't want to hurt them.

And just so we are cleared, Remi, they're giving me the stretch signal. They want you to talk about this for about 15 minutes.

For 15 minutes.

I'm feeling that you can do it.

I can do it for like 20 minutes.

All right. We'll do it. Challenge accepted.

Challenge accepted. So let's talk a bit about a real data center.

All right.

Because in the end, that's really what we're talking about. We've shown the kind of the simple diagram, the one that has like 3 VMs and that's it. Actually, a real data center is a bit more complex than that.

Sort of like the diagram we showed, that chart we showed earlier, with the hundreds and hundreds of flows?

Exactly. And at the best part of all that, usually that's not running in one location. So you are talking about multiple sites, you're talking about multiple clouds, you're talking about mainframes.

Oh, I love mainframes. Now you're getting into my sweet spot. See that's -- I know it's of your age, so yes. Some token ring in there, just in case?

I will put some token ring. Absolutely. And so we're talking about multiple layers of virtualization as well. Because, I mean, in the same way, VMware comes in, hey, we have lots of overlay solutions and stuff like that. Everyone has a bit of VMware. Okay. Hyper-V comes in. Hey, Microsoft will give you a good VM license, if you do authorization with them. Then some entity in the customer is going to say, "We have container projects. We are just starting about that.

Never heard that before. [ Containers ], is that a big thing now?

No, no. I think it's been for a while, don't worry. And then you start looking at things like the campus because at the end, I mean, we're developing applications and delivering applications, so people can consume them. So campus has to come in on that: AWS, RSU or GCP or any local cloud. We don't have any specific shares with AWS, I just want to make that clear.

Should have gone with clouds.

The cloud. [Foreign Language]

Yes. Is that the French for cloud?

Exactly. That's the French word for cloud. So that's the environment we live in. And some things we can define in some areas, but demands us to be some legacy in some areas where you might not be able to enforce for whatever reason. I mean some people still run some very low 6,500. I mean that's still the case.

They do that. And also, they run workloads that can't have any kind of agent on them. They're bare metal that we have no context into, and it can be very complicated.

No, absolutely. So when you're looking at this total mess, but I think we can say it's a total mess, we can derive the kind of rules that we have to define when we're building the policy. And when we're were building that, there's a period we need to look into. First one, we're trying to protect workloads at the end. That's our end goal, for everything. However we do it, that's the goal.

Absolutely. Connecting users to the workloads is what we're trying to do, and we're trying to do it securely.

Absolutely. And so if you want to protect your servers, there's a fitting way to do it. So micro-seg is one of them. But actually, you should do much more in micro-seg.

Yes, defense in depth. Always defense in depth.

Exactly. So let's say, the first thing we'd be able to do, handle scale. Seems stupid, but I mean, it's very easy to show them over with 10 workloads.

Yes, on a 3-tier app.

On a 3-tier app.

That doesn't have to have to have used DNS or anything else?

Yes, exactly. Completely...

Always works in my lab.

Yes. I mean what's wrong with that? We see them every single day.

Absolutely.

So the problem with that is the real environment, especially when containers coming in, now we're talking about tens of thousands of workloads.

And with containers also coming up and down constantly, right?

Yes.

It's a very, very fast-moving environment. You can bring up pods in seconds?

Yes, absolutely. Seconds and you probably have some kind of software development life cycle process. And then the guys kick off a build, the build starts and then 500 pods come up.

Yes.

The build runs, 500 pods go down?

Exactly.

You still have to secure them. You don't know how long they may stay.

And the other thing that I think a lot of people don't realize about this is, even if you automatically are adding those 500 pods, don't forget you have to also pull them out of your policy console. And the policy churn is ridiculous. I mean it can be hundreds per minute.

Absolutely. And think about that, if you're making those changes, if you're losing -- just to give you an idea, like we run builds in Cisco multiple times per day. Imagine if we had to update all our firewalls across the whole campus multiple times a day, I think you might not be very happy about it.

I believe that's going to be a little difficult, yes. So now you have to do -- change management 5 times a day?

Exactly. All the Board approval, all that stuff, change request board.

Can't wait for the freeze.

Oh, yes. No more builds.

No more builds.

Now the next thing is like, I haven't seen that center yet, which is 100% experimental or 100% virtual or 100% containers.

Have you spoken to folks at WMware? Everything is VMware.

Oh yes, I forgot, of course. Everything is VMware.

Oh, that's going to come back to bite me on Twitter, I can feel it now.

It's going to bite you back, that's for sure. So we, to be able to do whatever we're trying to do, it has to work across everything. And to your point, I mean, some areas, you can't put an agent. So I mean, you have -- I don't know, a big epsilon or something like that.

Or Oracle, sometimes won't let you put stuff on their databases, right, because they would make it unsupported?

Absolutely. So if you look at that, you're like, hmmm. That might be a problem. So we need to build a solution. And when I say solution, I mean, a holistic solution that actually works, both for things which are on-prem, in cloud, in containers, in bare metal, on mainframes, on a stored server and so on. That's kind of a challenge around that.

But do we have a solution, Remi?

We may, we may, but you have to stick in until the last slide to know that.

We have a last slide?

We have a last slide.

Can't wait.

Let's talk about speed now. And we talk about rate of change, but it's also the rate of application. So changing the workloads is one thing. You might have a change across 500 workloads. It's painful. It happens. But you still have your container, this container might have a full lifespan of 5 seconds.

Yes.

If you take one minute to change a policy across the whole environment, that might be a bit of a problem. So you need to have some very high rates of change inside your policy as well to react to those events across your environment.

And the way it's going today, it seems to be faster and faster and faster. And that's one of the reasons that containers are coming such a popular way of doing applications moving forward. That microservice architecture is very interesting.

Yes. Plus it comes down to the cattle versus pets thing. Like, if you have cattle, it's okay.

Everything I own is cattle, man. I have no pets.

Yes, I see that -- I can see you being a cattle guy.

Just power it up.

And then as you mentioned, how do you address these temporary workloads? You set a policy, you enforce it. If you forget to remove it, and you've just left a nice big hole in your environment.

Yes. And something that used to be a web server may now be a database server.

Exactly.

I mean I'm oversimplifying because containers don't do that way, but yes.

So it will be kind of a problem.

Yes.

So that's kind of your framework around it. And then there's a few things you need add to that to take into account, sorry, from a feature perspective. There's lots of activity.

I think somebody won something.

Yes. There's a quiz. So the quiz is about, I don't know what. So micro...

I'll listen to them while you speak.

Okay. Make sure we win, please?

Yes.

So microsegmentation is the #1 thing we want to achieve. It's just -- it's the biggest bang for your buck. That's really what it's about in there. As you said, if you block lateral movements, you're actually stopping people from moving around in the environment. So it's super important to get there. And it's complex.

Very.

It's complex, who as you said, understand what you need to put in there, how you put it in there, where you put it. All those are the kind of questions you need to be able to address.

Also just being able to have a visibility of where it went, right? So all the visibility and the troubleshooting is incredibly important because just throwing stuff in there without having that visibility makes it unusable.

Then you have the ops guy that chase you down, like, "You told me..."

That's right. We've been there. In that case...

So microsegmentation is the best. It's the thing where you can invest probably the more time and you get the more kind of benefit from. But there's a few other things that you need to be able to do. Vulnerability management, without going down to patch management, I mean, people get attacked lots of time because the firewall is badly configured?

No.

I hear that not too often though, let's be honest. It's usually a bug in software. It usually ends up being that.

It goes all the way back to my very first slide.

How surprising.

Shocking. I like how you tied that back together. It's fantastic, right? You're a genius.

So we're going into that world and then we see vulnerabilities, but where you can have an agent, you can actually go deep and see the process, and you can see packages. If I see packages, I can see vulnerabilities. And if I see vulnerabilities, I can help make decisions.

And you guess what? You can do that on your network. All I'm seeing is packets. And this is why we're talking about defense in depth.

Exactly. Exactly. Because it wants -- to be fair, once your server has been gone, potentially, you might want to say, okay, I might want to take a second action? Yes. Well, we have a solution.

That's right.

So then you have a further thing that you're going to look at. It's going to be integrity monitoring. Your point you were mentioning, you clone VMs so they broaden more and more. So if you get one VM done kind of thing, well, you clone the problem.

Exactly.

So if you can understand how the system is actually moving on the platform, it actually gives you quite a bit of information, an understanding of what's going on, what processes hash, how they're behaving with -- http server used to be process hash a on this one, and now it's b, well, it's still a on 2 other servers.

Gee, that probably means something bad.

I think it's probably for something bad. Either developers changed the binary directly, that's really bad, or someone else did it, and that's even worse. Then we look at things like exploitation and stuff like that. Things will go bad at some point. How do you understand what happened? That's pretty important. And then we're looking at more volumetric kind of data on what happens from a data leakage standpoint. Is someone trying to extricate large amounts of data and so on.

Yes.

And all that can be collected by the software sensor because that gives us all the value there. But things like that, a leakage, things like communication, things like dependency maps can actually be also sent back from information coming from the network.

Yes.

So cover the blind spots. So you can get a pretty complete view of that.

Again, in depth and depth and depth.

Exactly. It's all about going down a very deep end and going, ideally, down to the actual sockets running on server and to the binary. That's what we're going to go through.

Absolutely.

And finally, encryption, because encryption is fun. But now when you see something running over 443, there is no way to know what's running behind it. This guy is really...

He is having more fun than we are.

Yes, he looks like it. We need to go and cut his mic off. We just -- with encryption, you actually need this metadata to understand what's running in your network. Otherwise, like it's [ HSRR ] for 443?

Absolutely. Yes.

So it's really doable.

And it's pretty much permitted everywhere.

Exactly. So those are things that you might want to look into. So it gives you a good overview picture of everything that actually needs to happen in that environment.

Is there a product that would actually help us with this, Remi?

There is a product that can help you on that, and this product is called Tetration.

I'm going to collect that paycheck later on.

Yes. You earned it, you earned that stuff.

For once.

So what does Tetration do? What Tetration does, basically, everything you saw in the previous slide, it takes and understands what's going on in the network. It builds out a map of what's going on. It tells you what you should enforce from a policy standpoint in your environment to get to an absolute perfect whitelist. Then it goes and manages vulnerabilities across your environment, it tells you what is vulnerable. It tells you what packages, what server. It allows you to define policies based on those vulnerabilities as well. It's actually with detection of exploits, down to hardware exploits, because one thing we haven't covered is obviously, like hardware-based attacks. I mean you talked about there in movement, for example, between 2 VMs, but you could actually do that technically through the CPU, with things like Meltdown or Spectre. So you need to be able to understand that across the environment. Then we're looking at things like integrity and finally, we look at data leakage. But the beauty of all this approach is that everything we build here is actually streaming an open policy out of Tetration. So we actually can enforce it. We can stream it out. And then so the vulnerability has been streamed out, can be enforced in different points in your environment to get to defense and depth.

Absolutely.

So one single pain of policy, one view to go test, analyze, validates, everything is fine. One point to actually even troubleshoot your policy across the whole environment.

Exactly.

Pretty cool, right?

That would be cool. Where do I buy more of this?

I think you've heard [ Kyle ] on this, okay? So to give you this overall picture across the environment. The final, final view...

Take us home. Take us home, Remi.

I will take your home right now, okay. So we have 2 sets of products, and people think the same thing, that we're trying to compete between products. But actually, that's not the case. We are strongly believing in the defense in depth approach across environments. And this defense in depth will go through hardware and software working together, I think that's fair.

That's -- absolutely. That's the recommended option for our customers, right?

And at the end, we want to do things like network-based segmentation, network automation, you want to do those things in ACI. It's built for that. It works in there.

It does a great job, yes.

Exactly. And you want to do post base, process, that kind of detail in a software product like Tetration. And when you get them together, well you can enforce everything in the middle.

Absolutely. And with this, also, the policy model works exactly right. You don't have to touch the firewalls very often. You don't have to touch the ACI fabric as often, and then all the policy gets -- the things that need to be changed quickly happen inside Tetration. And we have probably an ops -- different ops groups managing all of those policies as well.

Absolutely. So in short, I mean, Andy, I think we covered some pretty deep segmentation without any play on words or whatever.

There's probably like 3 people still alive and not asleep, which is very exciting to me.

Oh, they're bluffing it.

Hello. I'm glad to that you're still alive. And thank you very much for joining us.

Absolutely. Thank you.

Hi there. Welcome to another session of the Master Series from Cisco Live in Barcelona. So my name is Peter Jones. I'm a Distinguished Engineer in Cisco Systems. I work in the enterprise hardware team. But today, I'm not really going to talk about technology. We're going to talk about people. So the title of this session is Becoming the #PeopleSwitch. It's really about the transition from being an IC to being an evangelist and influencer. So in the best terms of preparation for software, I found my interviewer on the weekend. He's very nice. So my interviewer today is going to be Jens. And so I'm going to throw it to Jens. Jens, can you introduce yourself?

Sure. Thanks, Peter. Thanks for having me. Yes, my name is Jens Soeldner. I'm -- my main role, Professor for IT Security and Information Systems at the University of Applied Sciences in Ansbach, Germany. That's near Nürnberg, close to Nürnberg. Nürnberg is close to Munich and Frankfurt, if you're not familiar with the lay of the land. And I'm here at Cisco Live in my role as a consultant as freelance press. So I cover the event for [indiscernible] media in Germany and [ DIX ] Magazine. And I know Peter for a couple of years and very happy to be here.

So if you can [ turn it up ].

So Peter, I know you in your role as the Ethernet Guru, but your role has evolved over time. And I see you talking all the time to all sorts of people, and they react very friendly to you. So you are kind of a PeopleSwitch. How come?

So I think it's sort of a long story. When I think about it, I think there's a basic idea in Australia that we should play as a team. So it's a saying in Australia that a team -- a champion team will be the team of champions. So I've always thought of myself as a jack of all trades. And so I don't believe anyone succeeds by themselves. So the name actually came about a while ago. I was working. I was at a meeting in [indiscernible], 802.1. And these people showed up, and they're actually a company working in WiFi. I knew something about them because [ Cisco ] had a relationship. They're obviously new. And as we'll talk about it, right? Every standard group is a different culture. So it's like, I waived and said, "Hi." Next, they explained what they wanted. And I said, "Okay. I know there's a set of people you have to go talk to." So I willed them around. I did the introductions, so they could become effective faster. So that was good for me and good for their company, but it was actually just the right thing to do. So I was halfway through this, the more the people I work with says, "You're a real PeopleSwitch." I was like, "Oh, that's a good name." Because if you think what a packet switch does, when the packet arrives you take a look at it, then you figure out where it should go. So I try to do that with people. And you don't need -- if it's a hard problem you don't have to know the answer. You have to know where they go to next. Does that make sense?

So it's basically some sort of economy of scale. The more people you switch, the better you get added. And if you have got -- developed some sort of like understanding for people by switching a lot of them, it gets better and better. So originally, you started out as some sort of internal engineer, right?

Sure.

So it must be quite a big way from the engineer kind of nerd who develops chips and so on to be a people person. Can you elaborate a little bit more on this?

Sure. So I actually started with Cisco at the end of 2005. And so I did -- I wandered around just doing those small things for 6 months. But then I got put on a project that was at that stage called NGWC, the Next Generation Wiring Closet. Of course, it's the next-generation because there's always a next generation. So at that stage, the project was in its infancy. We were trying to reimagine the most successful switching product on the planet, [ laser 50 ]. So I came in, and I didn't know the Cisco product that well and hadn't done that many switching ASICs. But I had the ability to come in and bridge across people. So one of the things I did initially was they assigned me to go and -- to assemble software architecture for this new stackable system. Now I didn't know this stuff or architecture existed already. But I could go out and ask people and then form together a group of people to run this. So I effectively edited and assembled a software architecture. As it went on after that, then I got asked, "Okay, can you sort of sit between what the ASIC guys want to build and what we think we're going to use and bridge that gap?" So that worked out. And so what happened was I became what's called one of the G5. The group of 5 reviewers what would go into this ASIC. Now I started working on this in mid-2006, basically you shoot product in January '13. The first ASIC was back in 2011. So it was a long project. So with long projects, they tend to -- they vary out. So we had to make sure that we could decide what had to go in and what had to go out so I became part of a cross-functional group to that. So at this stage, I'm really interfacing between the ASIC guys, the hardware guys, the software guys and product management. We were also doing it also between the switching group and a wireless group. So I think what it did was that -- it almost helped that I'm Australia because I wasn't in any of the cultures that were there. So I could really start to think about how can I work around culture to bridge the gaps between people. And so that went on. And so we -- when we're getting close to shipping the product sort of mid-2012, I got asked to go to Cisco Live to help support it because we were starting to teach our sales engineers how to make use of this thing. I mean let's imagine, if you come in with a brand-new product that does it differently, and the [ AC ] in the field is not ready for it, it's bad. So I've got assigned to go and help teach the field this. And they sort of liked me so then someone took me on to Cisco Live to start talking to customers. Now because I've actually been in the field role before, I was quite comfortable doing that. And so it just spiraled from there. I was going to more Cisco Lives. Then in 2014, I got asked to go do work in [ Autopology ]. So I started in 802.1, which is bridging in TSN. But I moved to 802.3 when the project started. So as the project started by one of our competitor technologies to say we want to do this thing. At that stage, Cisco was 6 months away from shipping products. So in standards world, what often happens if you're behind, you start a project and you say we should both restart, right? Just start again. So I got assigned to go working on 802.3 and try to make sure that didn't happen. So 802.3 these days is mostly physical layer guys, but they're single analyst there, both of the guys are single integrity. That's not me. But what I did know is how they fit into our system and what value it would have for customers on there. So the tricky thing about working at 802.3 is it's individual voting. Anyone in the room can vote, mostly. You need 75%, 3 quarters, to actually make a decision. So if your room is full of your competitors, your supplies, your consumers, the cabling guys, how do you construct 3 quarters? So I went through this and was like, how am I going to deal with this? So I'll start off with the fact of I want to tell a story about what's best for our customer. Because often, the technical people will argue about coding formats, right? Is this code better? Or is that code better? Or you want this thick? You want that thick? Our customers actually don't care if we deliver bits by carrier pigeon. So by telling a story of value and understanding these are groups that could construct the consensuses. So for any given -- given my position, I could find out how to get a 75%. So results of this was is we went through as fast as possible. So there's also -- there's a first stage of the project where you really decide what you're going to do, and you start to do it. So we got through that first project as fast as possible. In the first meetings with the task force, we agreed our baseline technical proposals. So thereafter, I was just walking them through. So that was a huge learning of how to go and find a way to tell stories and understand people. So I came in from outside the group with some knowledge. Now I came in to Cisco, which is handy, but you can't go into this group and say it's Cisco. Because I'm from Cisco, you should listen to me. It doesn't work. So the fact I can work out how to represent the unique customers to these guys and then them to each other helped us get through. That was a long answer, but does it make sense?

Yes. Quite awesome, quite awesome. So you have quite a varied career, I would say, like developer, industry venturist, PeopleSwitch and so on. So can you share with our audience like a couple of like personal tips on a development level? Like how do I find my position to play? And how can I get ahead in my job while at the same time, doing good to the overall community, helping other people. Can you share a little bit about this?

Sure. I can certainly start. I mean one of the things I believe in is playing as a team, right? So we had this conversation earlier. Let's imagine you're following football or soccer for the Americans. Let's imagine I had Real Madrid and everyone in the team was Ronaldo. But that doesn't work so good. Well, let's imagine you want to play a particular position. Say I want to play goalie, but there, we have 2 goalies. So then, you look at the team. You look at what it needs and how you can contribute. So again, as I said in the [ ASICs ] standards, what they're actually doing is a whole lot of complex signal processing, trying to figure out how much DSP they'll need. Do we trade-off the DSP resources with it's -- with the channel. That's very high level stuff. But you can follow-on and work out where to ask questions, right? So let's say there's a discussion between 2 people with different proposals. You can start by saying, "Okay. I sort of understand what you want. Like, why do you think yours is better than his? What are the trade-offs?" Equally, when you're reviewing documents. So I might not be able to review all the math behind it. But I can read the document, see if it's consistent. I can cross-check things. If that's the case, they're coming up with your skills and seeing if we fit into a team. But to do that, you have to believe the success of the team is more important than personal success. So if you come in trying to be the king, the ruler. It just doesn't work. So I think you start off saying, what's my goal? If your goal is to just to succeed an individual, I think you should be in a different business. If your goal is to take the set of people around you, deliver something that works, I think it becomes much easier. But you have to put your ego to the side. Yes. It's hard, right? There was times in the standards group that I had built -- you got to calm down because we have this thing about decorum. But you try and make sure that it presents to the entire group how you see the compromises. Now if you don't win them all, but if you start off with that focus on value and then trying to understand everyone around you, it's easier. If you just try and take -- make your point again and again and again, so I'd say good luck. If I went to Germany, I'd say give me this because I don't understand. I want this. Just saying it again and again louder isn't really effective. And you must have run across this in your career, right? Either in your university career or as teaching, right? You have to understand the people you're teaching to. So let's imagine you talked to a class of first years versus fourth years. You don't put in the same material. You don't present it the same way. So the way I think about this is it's 3 basic things in communication, the talker, a listener and a message. So if I just speak to you the way I think about it, you may not understand. So like in this conversation, if the point don't make any sense, you're going to go, I don't understand. So a good talker starts to understand the listener. That's empathy and will encode the message for listener. So ideally, if I'm going to Germany, I'll speak in German. But if I go down to South Africa and speak in German, not so good. Now there's languages, so there's culture barriers as well, and they're almost harder to deal with.

Right.

When you have a language barrier, it's really clear there's a culture barrier. But when everyone speaks English, it's harder to detect there's a problem. So you'll notice as well, if you work in the industry and you work in a university setting, you can't treat them the same.

No. Absolutely not.

And so what you find -- what you often find is people come in, they come in with a set of assumptions. They're trying to treat everything like the same thing. Now we do this a lot in our business, right? I am right, and here's why. But if you start with empathy, you think about how you're communicating, you, too. So a really good listener will help you, right? They'll do things like facial indications. Another thing is called reflective listening. So reflective listening is actually a parenting technique, which I learned because I -- my kids went to participation school, and we had to go through parenting classes. So let's imagine a 5-year-old comes up to you very excited and says, "Daddy, daddy, I made a plane." If you go, "Well done for making the plane." She doesn't actually know if you understood. So what you would do back is you reflect it back in your own words, right? I see the plane is this nice. You put it together that way. Then she knows what you said. So let's say I'm talking to someone I don't understand. I'm going to go back. Here's what I think you said. Now if I got it correct, we understand each other. If not, you say it again. So this is not a part of a whole communicating. Where do I come from? What am I trying to communicate who to? How can I say it so they'll understand? Now in the -- in a world of [ basic design ] that I work in, they call this tuning. Because the transmitter and receiver have to tune together. So the receiver has to move to figure out where the transmitter is. So in that world, I would explain it like this. The receiver tunes the transmitter. So the transmitter gives you clues. And you must have found the same thing, right? If you're -- because I know you said that you write. Imagine if you were writing a piece and you did not understand the audience. How would that work out?

Complicated. Yes. You have to adopt somehow.

But if you don't know the audience, what do you do?

Try to find more about them.

Sure.

Try to gather information and get a feeling.

We're do the very basic level. If you're writing for mostly English magazine versus in mostly German magazine, the storyline is the same, but the way you say things is different. The way...

Definitely.

Because the cultural background is different.

Definitely. I see this is a lot when I compare articles in both magazines. Makes sense. So a lot of life wisdom in there. And I -- you spent a lot of your work time or even like free time leading a nonprofit vendor alliance. We've already talked a little bit about this. So how do you apply these principles that you have outlined in these cases?

So this is a bit of an interesting story. So as I told you, mid-2014, if I back up 1. 2013, I was looking for my next promotion. So I went to -- I reported to our VP. So I went to -- he had a director I work closely with. So I said, look, "I want to move forward, right? What do you think?" So that stage I was a principal engineer, which is the third top rank in Cisco technical. I want to become a distinguished. So basic level as principal is mostly internal, distinguished means you're supposed to influence industry. So he said, "No problem. Let me just go and Google you." He did, and he got back nothing. So it was like, "Well, okay. Got it." So I negotiated with my company to send me back to standards work, which I've done before in my previous company. So I was really interested in Time Sensitive Networking because that's where I sort of come from. So I went back to 802.1 and I started trying to establish myself there. Again, get to know the culture, the people, work how to contribute. But as I said before, in late 2014, we had this product coming out that we would call Cisco GigaOm multi-gigabit. Standard is now to [ 802.vz ]. And that goal was actually to run faster speeds around copper cables. So Cisco was within 6 months of shipping products when they started. So what happened was we're up in Ottawa. So I was in 1 meeting, and I got 3 colleagues from Cisco that said, "Hey, this is the [indiscernible]. Go talk to him." So I tried to figure out what was going on. And so that week was very busy trying to figure out because if they said it gone badly, right, our product shipments will be delayed a couple of years. So I went back and I wrote, basically, a report up for my boss and his peer, the software VP and the hardware VP, and I said, "Look, here's what I believe we need to do. Here's the way it should happen. Here's why I'm not the right guy to do this." And they read the report and said, "Excellent. Thank you very much. Wonderful. Go do it anyway." Okay. And what often happens because IEEE is a very technical conversation. You can't really talk about much in the market. And so you also -- you can't collaborate too heavily. So we did, in parallel, was to set what's called a Vendor Alliance. So it's a nonprofit to advocate technology. So our competitors' had one. It was called the MGBASE-T Alliance. We set the NBASE-T Alliance. Initially, it was 4 companies. It was Cisco, Freescale, Xilinx and Aquantia. Aquantia was the prime manufacturer. So we had to set up a Board. And Aquantia was the president. And so me and the marketing guy I'm working with, we should be Chairman. He's like, "Well, do you want to do it?" And he says, "No, no." He's like, "Okay." So I became Chairman of that alliance. So that alliance started in November 2014 but then continued. It wrapped up about mid '19. So we grew from 4 members to about 55. We told the story of value. We also were very crystal with it and how that went. So that folded back into the 802.3 and formed a consensus. So we advocated for what we did, why it made sense and why they had to get it to market. So at that stage, I'm the Chairman of a nonvendor nonprofit alliance, which is sort of weird. But for that, I had to go -- so likely at the front, they took me out to do some press training. And so then because at the front for press and for analysts and for media and for -- going outbound. So it's like, okay. Can I do these new things? So I was very successful at achieving this goal. But it came into the end of its time. So the nonprofits, when they dissolve, you have to give away their assets. So if you have money, you can give them away to another nonprofit. But what I wanted to do is make sure we held the brand we've built and also the IP. So what I did was I negotiated with the Ethernet Alliance. So back up a second. The Ethernet Alliance is an organization that represents all of Ethernet. So like the Wi-Fi Alliance, but for Ethernet. So NBASE-T Alliance was a subset of that. So what I negotiated to do was to follow the alliance in, transfer the assets, transfer some members so all that stuff could continue. At that stage, it was like I've been being a Chair for a while. It's like I go off [ being quiet ] for a while. So at the same time, we have another project coming up in 802.3. We're talking about 10 megabit Single Pair Ethernet. And there's another Master Series on that one. So what I thought I would do is start a new subgroup inside Ethernet Alliance to advocate for that. Because you need a lot of business development to make sure you can create for those consumer demand. So I'm happily going off and doing that. I'm talking to partners. I'm going out to automation fair shows. I'm beating the drum everywhere. So what happened was the current Chairman of Ethernet Alliance, the previous to me, his name is John D'Ambrosia. He had been Chairman for a long time. Done a wonderful job. He had to step back from the role. And so from that, from their Board, I had some people more functional, but they needed like the [ API ] evangelist. So they rang up and said, would you consider doing this? And I said, "This is a great honor. Are you sure?" And he said, "Yes. We talked about it." So okay. So then we had a conversation with each one of the Board members saying, "Well, here's what I would like to do." And they said, "We think that works for us." So one of the things I want to do is be a team to focus more on very high-speed networking and power. I [ don't ] want to tell a bigger value of Ethernet story. I also want to get more voices out there in the world. So I don't believe that the lead -- I don't believe the leader is a team by himself, right? There's a saying, a leader without followers is the guy taking a walk. So my goal is to try and take the industry forward. So to do that, we have to better explain the value of Ethernet to our users. You have to explain the needs of our users to the standards community. I also need to relate sideways to relate the Wi-Fi Alliance maybe industrial people. Because if you build a network, you can move forward. Does that make sense?

Yes. Totally. So you had quite a very rich career in the last couple of years. Have you encountered any challenges around, like, finding a voice of your own in all of these vendor premiums and also like a foreign land like this Ethernet Alliance? Any challenges you want to share?

Sure. So I think the thing is -- so I'm an Australian. There's not that many of us. And so to some extent, I'm always in a different culture. But the -- so for instance, let's say I set up the Ethernet passport work group. I think it's 500 people. Let's look down. You got -- look, I come in. The first day, I'm sitting at the back. What do I do next? Now somebody would just have to [ back their ] monitor. That's fine, but it doesn't get you any influence. So then you have to start, okay, let me watch what's happening for a while and see who influences. Who's interesting? Who's presenting well? It's just like I even asked them to explain. So -- and there's still that way. There's also -- I had help from most of the social media people. It's almost the same thing. You watch your influencers. You watch who's intriguing. And then you sort of look at that. Then you think how will this fit for me? Because I need to find my own voice, right? So let's imagine, a friend of mine is Silvia Spiva. She is a social media lead for DevNet. Silvia's voice is really interesting, but it's not mine. But when I saw how she directed, I could figure out how to apply it to myself. So this is one way to find your voices. Let's say there's a lot of good social media content coming out at Cisco Enterprise. If all I'm doing is say the same thing as them, it wouldn't mean any value. So I use Twitter as my media because it's short and stacky, and that works for me. So you got to look at something that comes out and figure out how to make it relevant to people who want to listen to you. Again, if you're only doing one voice, it's not so interesting. You also need to sort of mix between the really technical or what matters and the other things I'm interested in. So for instance, I've been posting about recently on Twitter about privacy. These are the times [ because the Ethernet ] got a privacy project running. So I think it's really interesting. So I post some of that on to Twitter. If it seems to be on the exact corner of computing, I'll post that because your voice on Twitter is not to issue a company, right? It's something bigger. So this goes into the personal branding thing I've talked about a while ago. So if you think about Cisco, for instance, Cisco is a great brand. We've got lots of products sitting that fits the brand. That brand is really the expression of value, and it's about -- in general, that stuff just works. And it does only make it better, right? We are focused on the customer. So that's, okay, what's -- Jens, what's your personal brand, right? So if someone looked at you ignoring the job, what is it they would see? So I spent some time thinking about this. And part of this was during -- when I was going for my promotion for distinguished engineer, so that's a really big deal in Cisco. That requires an application packet. The review committee is DPs and CTOs. It's across the entire engineering world. It's a big deal. So when I first started on this, they give you this big template to fill out. I'm looking at this template. I can't figure out how to write that. I had writer's block. So at this stage, I spent a couple of months, every weekend, I'm looking at this thing. And so my wife was about ready to kill me. So I said, "Okay. This is not working for me. So I put that to the side and I said, "I'm going to write slides for the things I've done that I'm proud of." So I started writing them. It was much easier. So I think I got up to 55 slides. I thought, this is good. This is me. So I'll share it with some friends, right? And this is hard, right, because you're sharing really what you think you are. Does this feel like me? But going back with some comments, later on the Chairman said, sure. This is great. I wonder if I'm going to use this to get endorsements. Because you need to collect endorsements, both inside and outside Cisco that you're -- you are worthy. You're at that level. So I would use these to get endorsements. So I would send it off to someone and say, "Look. I'm going for this promotion. I'd love your support. Here's the background information on me." So at one stage, I'm wondering around with this, and I'll go to see Jeff Reed, who was the SVP of Security. So I actually knew Jeff the first day he came to the company. He came in as product management director for Catalyst 3K, which was pretty funny because we were out and golfing. And at first, I'm reading this. So here's a set of things I want you to think about. And so Jeff and I was studying context. So he said sure, right? So I said, look, can you please read this 55-page deck? And he looks at me. He looks at me some more, and I said, "I'll come back." So like, this is not going to work, right? So I chopped it down. It ended up being about 6 pages even then it was pretty dense.

It makes more sense. Yes.

So I went back to him and I said, "Look. How does this look?" And so the goal was to ask people who would support -- to support me, to remind me of what I've done, but then let them tell the story themselves. So the result of that was is I got a faster rate support, right, really, like, choice support. And when I went in front of the committee, I got approved for the first thing, which is unusual. So the story was for this to make sense. And so more recently, we have mentioned, I've sort of tried to take the same approach. So when I did mentoring, it's tricky because you really have to establish a trust relationship. So I tend to start off with explaining things about myself to people. Because then I can ask them to explain themselves to me. Because if I just say, tell me all the things that really matter to you, what you're worried about, that's not equal. So I changed it. You sit and listen and your cultural background. So you feel from certain places, certain things mean things to you. And you've got to sort of figure that out, right? Family relationships are very much tighter in India. So a lot of people that I work with from India, they'll fly home every Christmas break to take the family -- the kids to their family. So the culture is different. So once I learned some of this, what I normally ask people to do is to go and write themselves a 3-page slide deck. Who are you? What do you do? What you care about? And they say that's hard. Like, what should be in there? I say tell me. What I can tell you is it can't be 45 page lines and a cover and a closing page. The first, I did this that worked out really well. One of the things he did for the company, for our group was he was our photographer. So on his opening cover page, he had a picture of himself laughing and covered with the powder he used a -- he was in a festival called -- I don't remember the name of it. It's a festival with colored powder. So they throw colored powder at each other. He also had a bunch of the photographs he had taken. So there was the technical work. There was the things he did. There was the stuff he cared about. And once you get that really crisp, it's like you have the key for who you are. It becomes a part of your personal brands. So I can hand this to someone and say, look. Take a look. This is me. So it's both like a [ genius sort of ] discovery, but it comes really useful because I can go and take it to anyone. I can take it to my manager and say, look, here's how I see myself. Do we agree on that, right? And then, here's what I want to do next. I can use it to apply for a job. Have you done much interviewing for people? Interviewing to hire?

Not really. So I'm running a small business, a little bit interviewing, but not in the massive scale as you would do it at Cisco.

Sure. But you know, resumes and LinkedIn profiles don't tell stories. If you get this down, like a presentation, it tells a story. If I'm going to hire someone, I want to understand the background. I'm not so interested in exactly what he's done last year or so because I want to develop people over time. I want to know who this person is. And if you thought of that upfront, it's going to make life easier because you can communicate to the interviewer, here's where I want to be.

Okay. I get it. So a mental picture of the success factors that need to be present to be a PeopleSwitch is forming in my mind. But one topic that is especially dear to my heart is since we are in a very lively community, is about giving back, paying forward, contributing. So can you share your insights that you made in your career about paying forward, giving back, keeping the community alive?

Giving back and paying forward sounds funny, right? So the reason I tend to use paying forward is let's imagine I'll be mentoring for a mid-level in Korea. I'm going to try to work out what the goals are. I'm going to help them do their goals and how they might progress, right? I'm expected to do that to juniors as well. So if I'm mentoring someone like -- let's say I'm mentoring 6 people. I want each one of them to be mentoring another 6. I don't need them to give back to me so much. I need them to pay it forward. So this is like -- it's a teaching role. How do we help people become better? Yes. I mean one very brutal way of thinking about it, in an ideal world, if I get run over by a bus, there's someone to replace me, and that's sort of my job to make sure it happens. Also, I find that once you connect with [ building ] careers and you give them a spark, they'll go off and do really interesting things. So mentoring for me is not a go do this and go do this. But tell me who you are, and then we can try and figure out what goes next. So one of the things that I do, for instance, is let's say someone comes in and says, "I'm not sure whether I want to become a program manager or one of these." I will then go and try and find one of those people in the same cultural context to explain. So let's say someone wants to be a program manager and it's an Indian female. I'll go find another Indian female to explain it. Same thing for a German male, right? Because the way you think about it is different. So if you get information presented in the way people can understand, that's how it helps. So what I find is that doing this sort of mentoring is personally very rewarding. So it's good for my company. No doubt, right? Because if I can grow better people faster, that's good. I think it's actually good. It's good for the soul. So you mentioned community, you want to see the community grow and become richer. So not just big, but richer and more diverse. So by the way, that's called [ officiation ]. For one of my slides, I used to have this in there for Ethernet speeds. So they used to just go at 10 megabits a second and 10s. But once you start having new environment, you fill in the middle bits. So we want to make our community richer, which means there's more skills involved. And if you have a team that's all one sort of person, it's often not as creative as it could be. So I want to see different skills come forward. I want people to have the ability to use their skills and grow new ones. I want to at least to help that happen, not to force them to help. And once you approach it with this sort of view, I find joy in this.

Awesome. So to sum it up, like, the successful factors to become an effective PeopleSwitch that people like us around that they see as a contribution to the company, to the community as a whole, is basically ingest information, derive the information, derive the right kind of information, classify kind of by listening, making a mental model and then distributing it, paying it forward. Is that like how you would see it?

That's got a bunch of it. But I mean, I don't know everything. So a key part of it is being well connected in the community. So I can look at someone here then and say, "Okay. This person over here can help you." I don't have to understand the whole part. I just have to get, okay, this relates to that. So what I find in general is almost everyone in the community is happy to help. So you sort of keep a background there for -- of where things have to go. So like one area that we -- I got involved in a little while ago was really cool is the group called [ rattagods ]. I think it was [ rattagods ]. So what they do every year is they raise money to send a couple of early-in-their-careers to Cisco Live in the U.S. It's a learning thing, right? So this is part of their contribution to the community. So I was having this conversation with [ Dustin ], he's one of the guys, I was like, you know what we should do is take the people they send. What they do is they raise money. They send them to buy a ticket, et cetera. The goal is building careers. We should put them in with the Cisco Champions. So as you know, the Champion program is our big influencers. So imagine if you came as an early-in-career into Cisco Live. That would be intimidating. But imagine if you embed those people inside the Champions community. Imagine the ability to go to see the influencers and learn from them. You know that community, right? The community loves to teach. So if you can go and look at what the skills are of people and their passions, make use of them, you make the world a better place.

Yes. Makes sense. Yes. Awesome. I think I learned a lot actually and got quite inspired by your obvious ability to connect people. We've seen this already the last few days where we've met a couple of times already. And you've always managed to connect me with others and so on and so on. This is an amazing capacity, actually, that will help anyone in their career. So really thankful. Thank you, Peter.

So Jens, thank you very much. So guys, this finishes another episode of the Master Series. I'd really encourage you to go and make use of this information. I'd also love to hear feedback, right? Good feedback, bad feedback, let us know how it is because I want this to continue. So again, thank you for watching the Master Series from Barcelona, and I'll hopefully see you again. [Presentation]

Welcome to Cisco Live Barcelona, the Master Series. My name is Tim Szigeti, and this morning, I'm here to discuss How to Present at the Elite Level. Almost every one of us that attends a conference like Cisco Live has to engage and deliver technical presentations. Perhaps it's just once in a while, perhaps it's every single day. How can we deliver these effectively, achieve outcomes and have fun doing it? That's what this session is all about. At any given Cisco Live, we have about 500 to 1,000 speakers. And each one of them are delivering technology breakout sessions or techtorials or labs or all these sessions. And every single one of these speakers is dying, maybe even sometimes willing to kill for this one coveted price, to walk away, to go home with this trophy. Yes, look at it in all its magnificence and glory. It's a Cisco Live Distinguished Speaker pin. It's about a cheap an item as you could possibly manufacture. There's no monetary award that comes with it. But yet, this is just the holy grail that all speakers want to get out of a Cisco Live. So what is this all about? Well, Cisco has actually achieved a master stroke of motivational psychology by introducing, in 2013, the Cisco Live Distinguished Speaker program. And basically who decides who gets to have one of these pins and become a distinguished speaker? You do, the Cisco Live audience. So every time you attend a session, you fill out surveys. And in that survey, you're asked 2 questions -- well, actually, several questions, but 2 that relate directly to the speaker. One, did he know what he was talking about? That is subject matter expertise. And two, how well did he convey that information -- he or she convey that information to me? That is presentation skills. So what does it take to become a distinguished speaker? What's the score that you have to achieve? Because you rate us on a scale of 1 to 5. What kind of scores does somebody have to achieve to get that coveted pin? While they vary from show to show depending on the ratings that you provide. The bar can be very high. For example, about 1.5 years ago, I was presenting at Cisco Live Australia and for presentation skills and subject matter skills, you could see the scores here. They're quite high. When compiling the overall score, they average these 2 together. The average of these 2 scores, 4.895. Expressed as a percent, that's pretty high, that's nearly 98%. And I thought, all right. I'm pretty sure I got this one in the bag. And then I got this disappointing e-mail saying, "Oh, you just missed it, the cutoff for the top 10% scores that would earn you a Cisco Live Distinguished Speaker badge was 4.9." 4.9, it's a high bar to reach. So this is very -- it's a very impressive achievement for any Cisco speaker to achieve. However, if you've achieved this at 5 or more Cisco Live conferences, you get inducted into what is called the Cisco Live Hall of Fame. Your name goes up on our website. And also your name goes on a plaque that's displayed in the speaker room. And so it's just the recognition just fuels the speakers. We're very competitive. We're very high over -- highly achieving people. We really want to go after these. And so it just fuels us to keep putting our best into these sessions. If you achieve Cisco Live Distinguished Speaker status 10x, 10 different Cisco Live conferences, then you get invited to a very rare club called the Cisco Live Distinguished Speaker Hall of Fame Elite. Over the years of all thousands of speakers that we have since this program was introduced, only 14 individuals have ever achieved this designation. And you'll see their faces on the website that's listed here. I'm very proud and humbled to be included in this company, and I'm just in awe of some of these speakers. And if you really want to be a good speaker, attend one of their sessions. Even if it's not the technology interest that maybe is your primary focus, you can learn an awful lot about presenting by attending their sessions or viewing their sessions at ciscolive.com. So that's why I've been invited today to share what has worked for me to achieve this status, but with the focus of saying, look this can work for anyone. This isn't about tips and tricks like knowing a little hack in PowerPoint, but really it requires a lot of work, a lot of ongoing persistent effort. And that's what I want to share with anyone who is really interested into elevating their technical presentation skills to get to this level. That's my goal today. So let's get into it. Where do you start by becoming a distinguished speaker? Well, it's not even about developing first your message and what you're going to say, but it's rather developing that art of listening. For instance, do you know your audience? Are they technical? Are they business decision-makers? Is this a presales or post-sales conversation? If they're technical, what's their level of technical depth? Are they just new to this given technology that you're going to talk about? Or do they want to go down the rabbit hole with you as far as you possibly can take them? That's really important to know upfront. Sometimes, people come and they'll present a technical session, and they'll present it at Cisco Live. They'll present a technical session as if it was a sales pitch to a customer that hasn't yet bought into the technology. But most of the audience at a Cisco Live technical breakout is here because they are a Cisco customer already and they're looking to implement. So if you get that wrong, you could just lose your audience right from the start. So it's really important to know your audience first and foremost. And don't be afraid to ask. One of the best ways you can do this is by coming early and by engaging introducing yourself to some members of your audience, asking what are their expectations from this given sessions? So that you can tailor and focus on the points that are most -- of most interest to the specifics of what your audience is looking to get out of the session. If you're not able to come early and you're part of maybe a series of speakers, then before you get up, it might be advantageous to check in with the host or somebody that's been there already and get a sense of the conversation so far. Was there may be some objections or maybe some challenges that were unique and of concern? And therefore do you want to like focus on those problem areas more so and adapt and tailor your message and your session to the needs of your audience. So really start with knowing your audience. Before you even start crafting the message, know who is it I'm going to be speaking to, so I know all of these things and I can organize my material appropriately. Now let's look at the message itself. The core message, how should you start putting that together. Where do you begin? Start with why. The single biggest recommendation I can offer you, if you haven't already, watched this video by Simon Sinek. It's in the TED Talks' top 25. I think it's the #4 overall session. More people have viewed this session than live in this country of Spain where we happen to be. That's how influential this very simple presentation, without even PowerPoint, but Simon Sinek presents on how to organize your key points to really be of influence, to be inspiring in how you deliver your message. You always start with why. Sometimes us engineers we're so excited about our technology. We start detailing, oh, this is how my technology works. This is the architecture, and this is the how. And you can figure all the technical weeds. But unless you have conveyed clearly to your audience why this is helpful to them, how this will benefit them or make their lives easier, solve a problem for them, whatever the case may be, then what interest do they have into listening to you go into deep in the technology? You have to clearly convey why this is of importance to your audience before you're going to gain their attention, and then can proceed to the details of what it is you're trying to present. We can apply this message, for instance, a very effective way that we -- that this was crafted by some members of the enterprise networking team at Cisco when we were putting together why we were delivering a new architecture, the digital network architecture, was a very simple statement as shown here: transform our customers' business through powerful yet simple networks. So the why of DNA is we're not looking just to upgrade a network or a switch or a wireless controller. We're here to achieve digital transformation, to have a business level impact for our customers. How are we going to approach this? A 2-pronged approach, powerful yet simple. At Cisco, for 30 years in this business, we've been really good at making powerful networking solutions. An area that we haven't been as strong in, candidly and frankly speaking, is making those solutions simple. So every time that we came to one of these, we look, okay, is it a powerful technology? Great. Is it simple for the users, our customers to leverage? Oh, okay, maybe we've got to do a little bit more work here. And then, finally, what were we delivering, ultimately? Networks. But of the order of importance, why, how and what, the networks are the lowest on that scale. And so here's a way that we can present that message in a way that resonates with customers. They know why we're doing all this, the key elements of how we're doing it and delivering it, and then, finally, what we're building. And then we get into that technologies, all the nuts and bolts, et cetera. When you're starting to present a technology, again, just before you get into the technical weeds, make sure that the problem that, that technology is to address or to solve or to make easier is very clearly laid out, so then you can follow up with the solution that you're offering. Let's share an example of this. When it comes to network security, almost every expert will say an important step is to segment your network. You want to make contained portions of your network. So that if you get breached or if there's malware, if there's a virus, it's contained. It's not just going to wipe out your entire domain. And so make these little isolated segments. Okay, very widely known, there isn't hardly anyone, I don't think anyone would dispute that recommendation. So why doesn't everybody segment their network? Well, it's challenging. It's difficult. 20-plus years ago, we only had one type of network, a data network. And then we started adding IP telephony, phones, to this network. So we made a separate VLAN for phones. And then later, we said, okay, we have a lot of guests to connect to our network. We probably want to keep them separate from the rest. So we make a VLAN for them. Then we noticed a lot of employees bringing their own devices. Oh, it's a good idea to put a separate VLAN for them. And oh, maybe some of these devices don't meet our security standards. Maybe we'll put those in an isolated area, quarantine VLAN. Now all these IoT devices are coming on. So all these reasons to segment networks, well, that starts by creating a VLAN. But then every VLAN, a Layer 2 entity has to be matched to a Layer 3 subnet. So we have to start carving out these subnets to align to each one of these VLANs. We have to program all of this into DHCP pools. Then every VLAN will need a gateway to get out. And not just one router, but 2, HSRP, GLBP, whatever you're going to use, so that you have some level of redundancy. Then you have to achieve routing throughout the organization. And then, finally, your policies, which typically would be static access control list, how do you have to go about doing this? Well, you've got to touch active directory. You've got to touch your AAA servers. You've got to create those VLANs and subnets. You have to implement the policies and detail all those ACLs. And ultimately what's on your routers? Well, you're going to have tens of thousands of access control lists. That's the problem. What's the solution? The solution we've been sharing in DNA, it's called software-defined access. How do you achieve segmentation now? Well, it's a lot simpler. You create a name for your virtual network. You drag and drop the things that you want in the virtual network. In this case, I've created a virtual network for IoT devices, and I click save. I'm done. Was that a lot simpler? See when you lay out the problem first and then the solution, the solution becomes that much more impactful. And that's the point to really showing the value your technology is bringing to a business problem that our customer is having. Then when you have the key messages outlined, why, how, what? Now it starts -- now it's time to start crafting your story, crafting your presentation. And how do you go about this? Four key parts: grab, guide, point and shoot. What do I mean by this? Well, you want to grab attention right from the start. I remember a presentation given 15 years ago by a director of solutions engineering. And he came into the presentation holding a hammer and holding a banana. He says, "I have 2 objects in my hand." This was very attention grabbing in a networking session. Why is this person holding a hammer and a banana? Well, he said, "Look, 2 objects, they're both useful to me at different times. However, if the task at hand is putting a nail in the wall, one of these tools is more useful than the other. Similarly, in our Cisco iOS tool set, we have thousands of tools. I'm going to show you the right tool to use for the right job." And then we got into the presentation. So grabbing attention by something that's not even related to networking is a very effective way to do this. But however you do it, just remember to start with grabbing that attention of your audience. That's a fundamental first step. You don't want to lose them. And if you really want to prepare and memorize 2 parts of your presentation, well, memorize your introduction and memorize your conclusion when you wrap it up and put a pretty bow on it. The rest, just remember the main points, and you'll add the words as you go. Focus on the ideas, not the words. You don't want a fully canned memorized presentation, but it's good to memorize at least those 2 elements, so that you get your wording as effective and concise and impactful as possible. Okay. Once you've grabbed their attention, then what do you do? Well, now it's time to guide. You're guiding through a technology solution. And an effective guide can speak to people who are very experienced or very novice and deliver something of value to either group. And nobody with an experienced guide feels lost or concerned. They're benefiting from an effective guide. That's now your job to guide through that technology, and I'll expand on that in the next point. But once you've guided and you've accomplished this, don't just wrap up the conversation by a summary and leave it at that. Give your audience a direction. If you're saying, "Okay. You've started down a path, where do you go from here?" This is your single most effective opportunity to extend influence. If your audience has stayed with you to the end, likely, you've shared something of value with them. And this is your most potent point to affecting outcome. So be sure you take advantage of that opportunity, point them to the next step, where do you go from here, and then inspire them to take that next step. So point and shoot. Make sure that you tell them where to go, and then inspire them to do just that. Is my sound okay? Okay. Great. We had a little background noise, I wasn't sure. Okay. So then after this, I really want to focusing now on the guiding part, how do you become an effective guide. Well, one of the most important things here is to make the complex simple. And this is actually quite challenging. We deal with a lot of complex technology. The effective presenter or the effective guide will be able to break that down into very digestible little pieces and to simply express it to their audience, whether the audience, like I say is a novice or someone very experienced. Let me share an example of what I mean. Perhaps some of you are familiar with the UADP ASIC, the Unified Access Data Plane ASIC. This is the heart of any 9000 switch, Catalyst 9000 switch. The first generation ASIC was also present in Catalyst 3650s, 3850s. Okay. Now I'm going to talk about the UADP, which is internally codenamed doppler. That's why you'll see doppler on some of these ASICs as shown on the graphic. The queuing structure on these dopplers, what do I mean by queuing structure? Well, whenever you have more packets or anything coming into a node then can exit the node, then you have to determine some method of queuing. Think about going to an airport. If more people arrive at an airport counter than the people behind the counter can serve, what happens? A queue begins to form. And there can be a queue for the economy people, where myself and all Cisco employees will be checking in. And then there'll also be maybe queues for business class or first class, and they'll get a different treatment. It's same way in networking. So in this hardware, this is a queuing structure. All catalyst hardware has a queuing structure that comprises of Ps and Qs and Ts. What am I going through this for? I'm going through this for, again, as an example of conveying a very complex concept, and I want you to do it as simply as possible so that you can gain insight regardless of your technical background. Maybe you couldn't care less about queuing structures, but hopefully, you'll understand what we mean by this queuing structure in just about a minute's time. So we have a number of Ps, Qs and Ts. The number of Ps say how many strict priority queues I have, the business class or the first-class queues. And then we have a determined number of nonpriority queues and we can allocate bandwidth. Say, hey, 30% to this queue, 20% to that queue, 50% for the other one, whatever the case may be. And we'll talk about thresholds in a moment, let's just pause that for a second. How do queues work? Well, you allocate the bandwidth percentages of how these queues are serviced. But then if any traffic appears in a priority queue, well, scheduling from these nonpriority queues is completely interrupted, completely halted until the priority queue is fully serviced. Makes sense so far? Okay. Let's now look at thresholds. Thresholds deal with if my queues are filling to capacity, how do I ensure that there's always a little bit of room left in case something important arrives later on. In this case, I have packets marked to different colors. Green is good packets, the most relevant packets; yellow, it's maybe important applications, maybe not; red, I simply -- I know for a fact, these are not important to my business. Maybe they're YouTube cat videos or something like that or Netflix. These packets come in. And then at a certain point I buffer them. But when I reach a threshold, I start throwing certain types of packets away so that I always have room. That's the idea behind thresholds. At a certain point, I'm no longer buffering red packets. At another point, I'm no longer buffering red or yellow packets. That's all thresholds all are about. That way, I can make sure green packets, the most important information, is always captured and carried and transmitted. Okay. Now on the doppler ASIC, the queuing structure is 2 P, 6 Q, 3 T. So there's 2 priority queues. One is intended for video, real-time video applications like TelePresence. And the other is intended for voice. Either priority queue can interrupt the scheduling of all the nonpriority queues. P queue in turn can only ever be interrupted by P Q1. That's it. Do you understand 2 P, 6 Q, 3 T queuing? Hopefully, you do. But making these slides that illustrate these concepts takes a lot of work. If you look behind the scenes at the kind of animations that an engineer might have to put the effort into crafting in order to simply convey a very complex concept, it takes a lot of time. It takes a lot of effort. And that's okay. That's a key to being a good technical speaker. Take that complexity, and you take it on and keep up behind the scenes so that whatever you present to your audience is as simple to absorb as possible. It's a challenge. It takes time, it takes effort. But nobody asked you how long it took for you to make a slide, that's not what's important. The only thing that's important is that your audience gets the point. Then once you put your entire deck and slides together, then it's time to prepare. There's no shortcuts here. You prepare at every level. You prepare how you're going to make your points. As soon as you know that you're going to do this presentation. And you do it in your spare time, like when you're walking or driving or in the shower, whatever the case may be, you're continually thinking about how can I express this effectively. How can I make that point? What illustrations can I have? What anecdotes can I share? Then, closer to the time when you're about to present, usually the evening before at the very least, make sure you present out loud and in front of a mirror. Why out loud? Why not just go through a deck? And then, mentally, it's like, "Oh, yes, I got this point. I got that point." You'd be surprised that even though you know the points, the exercise of articulating them out loud, verbally, will help you make the segues clean and smooth, so that you don't end up in like an Austin Powers-type of situation where you're fumbling over your own words. Please allow myself to -- allow me to introduce -- or allow myself to introduce myself, I think, was the line. It's a very awkward line simply because you got yourself into a rat hole and you don't have a smooth way out of it. When you practice connecting all your ideas, you're filling in the words as you go. And some of these connectors, the segues become smoother and the transitions more easier for your audience to absorb. And practicing in front of the mirror is very good, too, because then it identifies maybe mannerisms. Maybe you've got one particular mannerism you use a lot. Or maybe you don't make a lot of audience contact, and you're always looking down, always looking at your notes. That becomes evident when you look at yourself on a mirror. And then if you present at Cisco Live, and there's video after the fact, take a look at yourself on the video. It's sometimes painful to do. You may be a little bit embarrassed at times. Because you're like, "I didn't know I did that. I didn't know I leaned this way or that." Whatever it may be, you'll learn to improve the overall posture and body language, which is a key part of communication as well. Then, finally, also check where you're going to be presenting ahead of time, at least the day before. Go physically to the room. Check the connectors in the room. Are they all there? Can you run your demo from the room? Maybe you need a VPN access, and maybe you're not going to get it because of firewall rules. Or even something as simple as making sure if you need a bottle of water, have a bottle of water there. All of these little details, make sure they're in place so that you can focus on your presentation. One of the key points too is to be yourself. And this sounds ridiculously simple, but it's not necessarily so. I've been presenting for 20 years. And about 10 years ago, a lady from one of the largest banks in the U.S., we're meeting with them in San Francisco. And this is not at a Cisco Live, this was a customer meeting. And she came up to me after we had a meeting there. And she said, "I've read your books and you're funny." I thought it was funny. And then she said, "And I've now met you in person." and she goes, "And you're funny. But when you're at Cisco Live, you're not funny." I was just like laughing at that. I'm like, I'm sorry. But it was -- I really thought about it. And I realized that when I was at Cisco Live, particularly doing techtorials. And the techtorials, if those of you are familiar with, these are like 4 or at those times, there were only 8-hour sessions. And customers would pay not only the admission fee but an additional $1,000 or now maybe closer to $1,500, I'm not even sure what the techtorials cost. I haven't purchased one myself in a while. But they pay a lot of money to be there. And so I kept thinking and dwelling and focusing on that. And I'm like, okay, they're paying a lot of money to be here. I just got to stick with the facts, the technologies, the details and really deliver what I thought this is the most important thing. And don't -- I like to be funny. I like to have a little fun and humor. It's like put all that on hold and just focus on like being a data sheet, for lack of a better term. But then what I realized is that when you're not yourself, you're lacking authenticity, and that prevents a connection with your audience. And so after that comment, I started introducing a little bit of humor where I thought it would be appropriate just to reflect that. And actually, it's a good thing because it benefits your audience. If you're just technology, technical, technical, technical, it's mentally exhausting. And sometimes it's good to have a little bit of a break, and some of these points can be very memorable. Let me share you an example of what I mean. I was making the point that hardware varies. People say, "Why do you have so many different platforms with different ASICs and different capabilities? Differences, differences, differences. Well, our hardware varies because when you design hardware, it's for a specific purpose. Think about cars. The primary hardware in a car is the engine. And so you wouldn't expect the engine that's designed for an economy car to be the same engine that's designed for sport utility vehicle. They have different requirements. Nor would you expect that to be the same engine that you put in a high-performance car. You design the hardware according to the need. This is why we have different types of hardware. And it's like, okay, so the audience got that. Then I have different versions of this slide. I tailor it to my audience. This is my American version when I'm speaking in the U.S. I have a version of this for when Cisco Live is hosted in Germany. And I have a nice sexy version of this for when we host Cisco Live in Italy. Now when I was called on to present at Cisco Live -- Cisco Connect in Toronto, in Canada, where I'm from. I'm like, well, we don't have a native auto manufacturing industry. How do I translate this concept to something that a Canadian audience could understand? And this is the best I could come up with. The point is introducing a little humor made the point, but it also stuck with them. And it gives the audience a little bit of a mental break and then allows them to then refocus as you dive then back into more details in technology. And not only that, it makes you more authentic, if it's your personality. If it's not your personality, I'm not saying here, crack jokes. That's not it at all. And incidentally as I was leaving here for Cisco Live on the Friday, I was -- I took my 6-year-old daughter to her school and dropped her off. And then say, "Okay, don't forget, honey, daddy's now going to leave for a week for work." And then I went an hour later to the airport, and my 6-year-old daughter says to me, "Okay, Daddy. But don't forget, if you're going to do a YouTube, make sure you tell a joke because nobody wants to be bored." So it's like even she recognizes that, okay, people need a little bit of a break at times when you're conveying a lot of technical concepts. But the key point that I'm trying to make is not to necessarily just introduce humor. If that's not your personality, that's not what the point is. The point is to be authentic, to express yourself as you are. And if that's not your personality, then don't do it because then it will come off as contrived, as artificial, as forced. But if it is, by all means, do that. Then how does a person actually be themselves? Well, the key point to remember here is not to focus on yourself. It's not about you as a speaker at all. And this is where we get trapped, and this is what makes us anxious. And anxiety itself is not a bad thing. We're only anxious about things that we care about the outcome. If I'm completely indifferent if the session is going to go well or if it's going to go poorly, I'm not going to get anxious. I couldn't care less. But that's not the marking of a good speaker. So having a level anxiety is very appropriate because you care. And furthermore, that anxiety can be channeled into enthusiasm, even excitement about what you're talking about. However, if it's too much, then some people struggle with that. In fact, people find public speaking, for the most part, to be very anxiety-inducing. How do you then break out of that anxiety loop of like saying, "Oh, I'm so anxious. And look, my palms are sweaty. I got butterflies in my stomach. My mouth is dry." And incidentally, about mouth being dry, I'm just going to make a slight tangent. I mentioned before, I always have a bottle of water if you experience this when you're speaking. About 1.5 years ago, we were copresenting in Cisco Live in Vegas and I was with a first time speaker. And he was presenting, and his mouth, you could tell was just getting dryer and dryer as he went. And I was sitting near the front, and I was already had a bottle of water and I was sipping from it throughout. And all of a sudden, he comes close and he grabs my bottle of water. I'm like, "What are you doing? That's mine." He goes, "I know." But he was so desperate, he took a drink anyway. So don't get yourself into that situation. But the point I'm trying to make, the higher level point here, is that regardless of the physical manifestations of nervousness or anxiety, if you focus on yourself, then you kind of reinforce an anxiety loop. It's like, "Oh I'm so nervous. You're going to see that I'm nervous," and that makes you more nervous. Whereas if you break out of that by focusing not on yourself being self-conscious, but focusing on your audience, that's what you're there for. You're not there for you. You're there for your audience, you want to give something to your audience. There's something of value that you're seeking to impart and to leave them with a gift. And then you're focused, are they receiving my gift? Are they appreciating that gift? And then are they understanding -- then your focus comes away from yourself and it resides where it should, on your audience. And that helps you break out of that loop, and that will then make you less self-aware and more natural. Then a final thought here is that we're never finished. Don't ever come into a presentation that you've done before and just think, "Oh, I'm going to go there and press play and just go into autopilot." That's the worst way to present. You're always should be looking at your deck and say, "Oh, what can I improve? What's new? What can I update? Or yourself as a speaker. How can I keep on improving? Or where can I see some adjustments that I can make to be more effective?" It's a continual process. And that's why speakers -- session group coordinators, for example, they'll always say, "Hey, give us your slides early. Give us your slides early." Most speakers will not turn in their slides until the day of or the night before. Even for this session, I think I turned in my slides about 2 hours before. Even though, the organizers, they want the slides earlier. It makes them feel very good. But because you're always focused on saying, "What else could I do? What else could I improve?" You're working at it until you absolutely run out of time. And then that's your best. And then next time, you're going to raise that bar again. So what have we covered? Knowing your audience, start with listening, knowing what their expectations are. Start with why, why, how, what. Craft the story. Grab the attention. Guide your audience through the technical details. And don't just wrap up and leave them wondering what to do next. Point and shoot them in the direction to continue their journey to their desired result. Make the complex simple. That takes a lot of time, a lot of effort. Don't shirk it. Don't be afraid of it. Just put in the time, put in the effort to the benefit of your audience. Prepare, in every way, your presentation, the mechanical details of your room, all of that. Be yourself. And the key there is not focusing on yourself, but really recognizing it's not about you, it's about your audience. That was what we're covering today. So I'm going to point and shoot you where to go next. If you haven't already, it's worth 18 minutes of your time to watch Simon's "Why, How, What" TED Talk. If you haven't done this, by all means, this should be your very next step. This will noticeably raise your scores as it has mine by watching and applying this. If you've already seen it, or after you've seen it, what to do? Well, take just one point from this presentation, just one. And the next time you present, really think about how can I apply that one point and elevate my presentations? Then, finally, it's just a rinse and repeat exercise. You keep on going. You're never done. And that's how you continue to get better until you get to that elite level of the speaker. Then maybe the next time we check the Distinguished Speaker Hall of Fame Elite, we're going to see a picture of you. So thanks so much for taking the time for joining us today on the Master Series. I hope you found it interesting. Make sure you follow-up on those videos and give it your best in your presentations. Thanks, again.

[Foreign Language] My name is Rohit Sawhney, Group Product Manager on the cloud security team here at Cisco, and welcome to How to Have a Better Conversation, because everyone you will ever meet knows something you don't. Today, I'm going to ask you to take a bit of a leap of faith with me as we go through this journey. And so with that, I'd like to ask you to please close your eyes. Wherever you are, unless you're driving or you're part of the film crew here, just close your eyes for a few minutes as I go through this exercise. Take some deep breaths. Please think about the last conversation that you ever had. Was it short? Was it long? Was it strategic? Perhaps it's tactical. Prior to listening to this session, maybe you came across a colleague or a friend, a loved one. Now think about those recent conversations. What did it feel like? What makes it memorable? Was it just recent in your mind or something that sticks out? Now continue to keep our eyes closed. And finally, allow yourself to think for a moment about the best conversations you've ever had, all time, in your life. Go ahead and open your eyes. If you have a pencil and a piece of paper, please jot down a couple of things about those conversations. Who were they with? And what did you talk about? Once again, who was that conversation with that was so memorable? And what did you talk about? We'll come back to this later in this session. So you might be asking yourself at this point, Rohit, why did you choose this topic of conversation? Well, some would argue, like Celeste Headlee, who is a National Public Radio journalist, that there is no more important 21st century skill than being able to sustain a coherent and confident conversation. Think about it. It's not something that we get trained on or learn in school. Unless you're actually in the space of being a journalist, a panel facilitator, a moderator, you're probably not going to spend too many cycles thinking about this and optimizing for conversations. But arguably, it's a very important skill to have. As we go throughout our lives and we meet different people, random conversations to more strategic ones, those with our loved ones, those with our kids, it's very important to have certain fundamental things to have an engaging conversation. And so I'm hopeful that in today's session, you pick up some tips, maybe you learn about some habits that we all have that we tend to practice that we should maybe correct and we allow ourselves to be open to learning from others. So here's what we're going to talk about today. We're going to talk a little bit about differences and inclusion. I have some guidelines and frameworks that I'd love to share with you. We'll talk a little bit about community and belonging and purpose and why that intersects with conversations. The types of conversations that we typically have, especially in this modern world, they're evolving. Another framework, some bad habits that we tend to fall back to. And then we have a colleague of mine named [ Joseph ], who's going to join me to have a conversation and share his reactions and finally, a call to action. So with that, let's begin. You think about these simple rules in life and what's stated here in #1, #2 and #3, they all require some sort of conversation. Sure, you can probably just be heads down and do the work that you're doing and perhaps hope that someone recognizes that, but oftentimes, you have to ask. You have to stand up, sit up and engage with someone to impress upon them that you want to do the next thing: You're asking for this. If you heard some of my talks from early in the week, one of the things that I share with my 2 girls, who are 8 and 11, respectively, is that middle statement: If you don't ask, the answer will always be no. So speak up and say that you want to do X or Y. I wouldn't know otherwise, and I encourage you to use your voice. Especially being a father of girls, it's very important, in my opinion, to share that with our girls that they have a voice, and they should not be talked over. They have important things to share. Another thing that I really love is this quote that comes from Richard Wurman. I'm not sure if many of you are familiar with him or his work, but he's known for a couple of different things. He's actually known as the father of Information Architecture, but more famously, he's known as the father of TED, or the TED Talks, technology, entertainment and design, which actually started in Northern California, many, many years ago in the '80s. And he had this wonderful quote here, which says, "You only understand information relative to what you already understand." It's something that I came across a few years ago, and I think about this pretty often and share it with my friends and colleagues. It's important to know context. It's important to know background and why someone behaves the way they do. Perhaps they grew up in an environment where they were not listened to or a certain mentality was prevalent in their family or their culture, perhaps religious beliefs. This is why they're acting the way they are, and it's not that they're not open to your feedback or way or thoughts, but that's what they know, and they may not know any different. We'll talk a little bit more about that as we go through this journey. So I'd like to now share some guidelines that come from the TED Talk speaker and journalist I referred to earlier named Celeste Headlee. And she has these great frameworks. I would encourage you to also spend time looking at her TED Talk, which has millions and millions of hits on YouTube, and I'll reference that towards the end of this slide. So she says a few things. She says, "Don't multitask." We're notorious as humans, and technology experts in this case, for multitasking. Think about video conference calls or even conversations you're having with people, you're probably thinking about the next thing you're doing, you might have your phone on you, you might have chat in the background. We suck at doing that. We may think that we're good at multitasking, but most people are not good at multitasking. In order to really have an engaging conversation, you need to be present. With that, it's also important to ask open-ended questions. Think about the sort of questions you're asking people that you meet. How was that dinner that you had yesterday is a good question, as opposed to a closed question that just response -- that results in a response of yes or no. So what did that feel like? What was that like? Great questions to ask. If you heard my chat earlier in the week around networking, this can be leveraged in the same respect, with respect to networking and building relationships, asking open-ended questions: how can I help you, what are the challenges you're facing, opens people up to a lot more detailed information where you could pick off details and then dive deeper. Go with the flow. What that means is, sometimes you might have thoughts in your mind and you might need to dismiss them right away, so you can be present and engaged in the conversation you're having. And finally, stay out of the weeds, is one of Celeste Headlee's additional guidelines that I'll reference here and a couple of others as well. But stay out of the weeds really just says, don't go into all the detail. You might be reciting the fact that you went to Paris in July of last year and you're thinking to yourself, okay, it was in July 7th -- oh no, no. It was the 10th. Nobody cares. Unless you're really trying to pin down the fact that you were there at a certain time when someone else was there or some event took place, no one really cares about the details. And I know I'm being blunt here. But if you stay out of the weeds, the essence of the conversation is really that you did this, you went somewhere, you accomplished this. That's really what people care most about. And finally, the most important thing that will segue to our next set of slides is listen. If you listen, as Celeste says, you will open yourself to being amazed by what people have to share. One of the things I quote to some people is that God gave us 2 ears and 1 mouth, and we should use them proportionately. And if I think back on my own personal history, some of the best conversations I've ever had in my life have been where I truly just listened. Think about a partner, a spouse you may have, and they may want to vent about something that took place in their day. The best thing that we can honestly do is just listen to them, acknowledge and say, "Yes, that sounds rough" or "I'm sorry about that situation." They may not want a solution to their problem or for you to come with some sort of guideline of how to fix the problem. Sometimes the best thing we can do is just listen. In my memory, the conversations I had with my father before he passed away my age of 20 were just him coming into my bedroom as I was waking up on Saturday and Sunday mornings, as I was kind of half asleep and groggy, and he would just talk about history, about things that he went through in his life. And I never really responded to that. I was just there in bed as I said, kind of waking up but just listening. And I miss those conversations. Those are conversations I can never get back, but they really just required me to listen and take in all the information and knowledge that he was sharing. This quote, as I began the deck with, comes from Bill Nye. He's a scientist that's famous in the United States. And he says, "Everyone you will ever meet knows something you don't." Think about that mentality. If you come with that into a conversation, a space that you're heading into, a conference like this and you open yourself to others, you will be amazed at what you can learn. But really, it requires you to set yourself aside and be present in learning from what that other individual across from you or from within that group is sharing. So with that, this is a bit more of a lengthy quote, but the essence of it, as you read, is about engaging with others, the people around you. One of the things that I tell folks that I live -- that I live in the Bay Area in California and having been there now for about 20-some years, there's not a day that goes by that I don't go somewhere in the Bay Area and meet someone that I know, whether it be at my local gym, at a church, down the street, on my runs in the morning, I see people I know. I may not know their names, although I try to introduce myself as often as I can, but it feels good when you make a connection. And that connection taps into our human psyches around belonging and purpose that I'm going to talk about next. One of the things I love to do is exercise and go for runs. In fact, I went for one just this morning, prior to this talk. But when I do that on my local trail in Silicon Valley, I see people that I know. And there's this one gentleman that I see in the morning, typically this is going to be around sunrise, around 6:30, 7:30. And the gentleman just walks up and down the trail. He says hi to everyone, "Hey, have a great morning." We do a high five, and I look forward to that. It's not a conversation, but it helps me belong, and it helps me know that there's a community of people that have like-minded interests that want to say hi. I've been on some runs in my life on that same trail, which happens to be the Stevens Creek trail, in case you want to look it up, where I just acknowledge through eye contact and this peace sign. I'm running like this and people respond back. And I've had some beautiful runs in the morning, where every single person that I met engages with me in that way. That itself fuels me for the entire day. And that might sound really funny for you to hear that, but that sort of extra boost that you get from engaging and connecting with people, taps into our psyches around belonging, like, "Hey, this is a community. These are people that I'm connecting with in some way, shape or form." And in this case, I never even uttered a word or said anything. I just acknowledged through body contact. Likewise, it taps into our sense of purpose. We all want to be part of communities. And the more circles we find, the more communities we can tap into. There's a poster that I picked up in Vancouver, Canada many years back, somewhere around 2009, and it looks like this. This actually is in our kitchen. And it exists there in our kitchen for all of our family and kids to see. It cites how to build community. And you can see some of the things here, if you zoom in: Turn off your TV, leave your house, engage with your neighbors. These are all the things that we value as a family, and so I really love the fact that this is reinforced by this poster. If you want to buy it, take a look at it. One of my colleagues at work actually really liked it and purchase it for herself and her family. So now take a look back at your notes, the notes that we started with as part of this conversation. Look at what you wrote down. Who did you have your conversation with? And what did you talk about? What did that actually feel like? Think about that. Hopefully, it felt like some of the things that I'm sharing here with you. Great conversations are those that are very engaging. They have a flow to them. They're just kind of natural, like you're sitting down with a group of friends on a couch on a Friday evening, maybe around the dinner table. Often, they're very inspiring as well, and thus they may be memorable to you in your memory bank. Conversations can also be very fun. And in some way, shape or form, they may have made an impact in your life, positively or negatively, but they made an impact nonetheless. Now there's a lot of very varied conversations that take place in today's modern society. And I think a little bit about this. I'm a huge fan of one-on-one human conversation, but that's just a bias I have based on my age and how I grew up. However, if I reflect and observe, there are a lot of conversations that take place nowadays that are not face-to-face. Think about text and phone, instant message over Hangout, a team space, whatever it may be, that's your mode of communication. And I have siblings and relatives that engage in very deep conversations this way. It's not necessarily what I choose to do. If someone engages with me this way, to me, it sounds or feels tactical or transactional. But to some people, that is a conversation that they're having, and they go into deep lengths and details in that. So I'm open to that as well. Final thing I want to mention here before we move on to types of conversations is there's also this concept of having a conversation with yourself. And if I truly think about my life and the conversations that I've had, some of the best ones have actually been with myself. They may be when I'm exercising and the endorphins are running, on a run or just when I'm trying to level set before engaging in a conversation with someone else. Taking deep breaths. Listening to my breath and thinking about what I want to do, visualizing that conversation and being prepared mentally before actually having that. And that's a conversation I'm having with myself, to just make sure that my mind and spirit is present, and I'm engaged in the right way to go off and do my best work. So think about random conversations that you've had, that is also a conversation that can be very enlightening, not one that we just calculated but just something that took place. I have one in particular that comes to mind, where I was at an event in Carmel, California in the evening, and I met a gentleman that I've never met before. We were sharing a drink. And if I think back on it, why it was memorable to me is the gentleman and I connected on our kids. We were both fathers of girls, and we talked about life lessons and mistakes that we've made in our life that we're trying to impress upon our kids. And so that really felt like a very natural, flowing conversation. We talked for a good hour or so. I've never seen that person again, but I still draw back on that conversation, and it really felt like a very smooth and fun random conversation. So I would also encourage you to, drawing back on what we talked about earlier, use a lot of open-ended questions. And for those of us who are in the engineering or science space, we know this as whys, or sometimes what we do from a drilling down standpoint is 5 whys. And I'll talk about them in a second. But always be asking why: why did this happen, why is that important to you, why is it that you did this or that. By doing that, you actually allow yourself to understand a little bit more about the root cause of why something took place. Allow me to share a very simple example that hopefully everyone can relate to. And that's in this next slide here. You start with a problem statement, like my car is not starting. Why? The battery is dead. Why? The alternator is not functioning. Why, why, why? And you can read the slide and see that the root cause may have been that just I didn't take care of my car when I was supposed to. This is something, for those of us who come from this engineering space, we use. I used to spend a ton of years in customer support in my first roles in Silicon Valley. And I was encouraged to ask a lot of why and open-ended questions to our customers to drill into the details of their pursuit. In the product space, we're encouraged to do this as well. If you're a researcher, you're familiar with this as well. But if you translate that to the context of a conversation, you really dig into the root cause of why someone pursued something by probing a little bit further. So I encourage you to use these guidelines in this framework. Now some conversations are very engaging, lighthearted, you're having fun. And others don't always feel that way. One of my favorite authors and bloggers that I reference in other slide decks that I've done is James Clear. And he had this saying that he shared on Twitter just around the holiday, so fresh about a month or so. And he uses the statement that says, "You'll probably be right." He says, "you're probably right is becoming one of my favorite phrases." Why? Because sometimes you disagree with people. We just don't connect, and they're saying something, and you fundamentally -- you just don't believe it. It's not what you believe. Now you can have a contentious conversation. You can go into nth detail about it, or you can just kind of brush it off and say, "You're probably right." And that would be a guideline I recommend. I've shared this with my spouse as well. Where you don't have to go into detail about trivial arguments where you consume a lot of time and energy. But at the same time, you've given the individual across from you some validation that you heard them. And you've also actually provided some positive confirmation like, "Hey, you're probably right." But the probably is very open ended. So in earnest, you haven't agreed with them, but you've given them that impression. It's just a tip, a framework you can use, but I really loved it. And I felt it was a quick way to end conversations that just maybe are not worth your time and energy. Another thing to keep very much in the forefront of your mind is that people are going through lots of things in this life. And one of my favorite quotes is this one, "Everyone you meet is fighting a battle you know nothing about. Be kind always." I came across this about 10 years ago. Someone posted it on, I think, LinkedIn or Twitter, I can't remember. And I think about this because it allows me to emphasize with someone's situation. They may be acting a certain way. They may be reacting to something because that's where they came from, that's their cultural background or they're just going through some stuff. And so you're probably right or just brushing something off is appropriate in certain situations where it doesn't make sense or you would just want to acknowledge that they're in a certain place right now, and that's something that they're dealing with. So it's important for you to just keep that in mind. Another framework that I would like to share with you comes from an author I'm going to cite here, which is Julian Treasure. He had this nice blog post around how to speak so people want to listen. And it says HAIL, which stands for honesty, authenticity, integrity and love. Honesty is just about being your authentic self and not overembellishing the facts. Don't exaggerate. I encourage you actually at the same time to talk about failures. We don't do this as much as a society. We talk about the great things, and sometimes that's very intimidating to the audiences that are listening to us. I encourage us to talk more about failures that we have because there's learning that comes from that. And people appreciate that. Be yourself. Authenticity. Speaks for itself. Integrity, doing what you say you will do. It's one of the best ways to build trust. Especially for those of us who are leaders, I encourage you to do that. And ultimately, love. Wish others well. Positivity matters. People draw themselves to that. They don't want negativity. They don't want gossip. They want positive thoughts and vibes. And that typically will engage you in a better conversation with the person that you're speaking to. So going back to open-ended questions, ask those sort of things when you meet someone. What are you working on? What are your challenges? Where do you need help? People appreciate that. That means you're listening to them, and you're finding some connection where you can actually help them. And the people that you can help, will likely come back and help you. Another guideline and things that we talk about is bad habits we fall into, when we hear but we don't necessarily listen. So take a look at some of these things that are cited here. They all have something in common. It's things that we're doing where we're not really listening. We're trying to come up with a better story than the other person that we're speaking to. We're nodding yes but we're not really listening. Maybe we may not be present. We have something in our mind, that's just kind of sticking there and not flowing out. The third one's actually a trick one. You make eye contact with the speaker. That's a good one to actually say yes to. You want to be saying yes to that. But the other ones you can read here are things that we fall into traps on, so just something to be conscious of the next time you're trying to listen to someone and be present. This particular interlude comes from my 8-year old's second grade teacher, just came from the fall time [ primer ] last year. And I took the screenshot and e-mail and just highlighted something. Take a look at that last sentence that says, "What did it feel like when you and your partner said, 'Get over here' in a happy tone versus 'get over here' or 'Get. Over Here", in a mad tone. Tone and intonations make a big difference. And those of us who are parents, we know this in terms of how we say something and how it comes across. Kids are very intelligent. They'll pick up on this stuff just based on how you're saying it and your tone in your voice. So keep that in mind as you're engaging with your colleagues, your friends. Are you having the right tone? Because that will dictate how the conversation goes, even before you really said a full sentence. So with that, I'd like to now just kind of pause and introduce my colleague here, [ Joseph ]. [ Joseph ], thanks for joining me.

Hey. How are you doing?

I'm doing well. Can you tell the audience here, just briefly, yourself, your full name here, where you reside, what you do at Cisco?

Sure. I'm [ Joseph Arnett ] I work with the Umbrella team. I'm one of the architects there, and I live in Eastern Washington.

Excellent. Well, thanks for joining us. I know we had some other sessions earlier this week. So I really appreciate you being here. I know we've talked a little bit about conversations, and you said that you had certain reactions to the information I shared here. As I was going through this exercise, I don't know if you closed your eyes and drawed upon great conversations you've had or a random one. Did any come to the forefront of your mind?

A great many, actually. I've got some pretty interesting stories. I remember what it is to feel a part of a community. And I moved into Boston -- Oh, gosh, this was back in 2012. And at the time, I didn't know anybody in Boston. I had been driving a lot for work, and it was a real challenge. So I needed to move closer to work. The first day I moved in, one of the neighbors saw me, and she came over and introduce herself. She went out of our way, she took me from house to house, and she introduced me to every single neighbor.

Nice.

What was fascinating about that was, I was completely unprepared. And they were very sweet, and they talked about who they are and what they do, and they got to know me. And from that, from that day on, we were friends. Every weekend, we spent together. Every weekend during the summer, we'd barbecue. In the winters, we'd hang out and we'd have drinks. And that was really impressive to me. And so just that feeling of belonging made me absolutely love Boston. And that's one of the things that you wouldn't have expected because Boston is really known for very cold people.

Yes. Just fascinating you'd say that. I had a conversation with people where they've been in a certain city in the world, and they just never made those connections. The city itself, the space may be fabulous. And to us, it may seem like, "Oh, it's so wonderful that you live there." But they never found that community and belonging based on their ethnicity, where they grew up. And so having like-minded people is just so important.

Yes, that's a big deal. And another story I wanted to share was, I thought a lot about this. And at one time in one of my projects, I remember there was a lot of conflict initially. As an architect, I have to draw what I think the vision is and how we get there. And we work with the teams to try and get there. I introduce a lot of new technologies all the time because what I want is, as I want these teams to enjoy what they're doing. But I would get a lot of static sometimes. And I remember sitting with one of the leaders there. And I asked, "What's going on? Can you help me understand? Why am I feeling so much pushback?" And he said something really interesting. He says, "Joe, we might look older. And like we've been doing this a long time. But most of us served in the military. Every one of us served in military, and we served for at least 4 years, which means we're 4 years behind the curve. And you're introducing new technologies which scare us, we haven't touched these yet, and we don't know if we can actually win here, and we need to win." And so that taught me something. That taught me that it's really important to understand the fears. Listen to people, try and understand what are they hiding? What are their -- what's their agenda? What are their aspirations? How do you team up with them? How do you make that happen? And we spent the next few months, and I taught them all of these different technologies. And then I've watched that cascade throughout our entire company. I've watched them touch other people and teach those same things and behave in the same way. And it's a really powerful thing.

There's 2 things very fascinating about that. One, you had the courage to actually ask that question. And then the gentlemen that you're speaking of, actually became vulnerable in this case to acknowledge the fact that there is fear associated, which is not something most people will be comfortable sharing. But the fact that perhaps you had some trust or some relationship allowed them to do that. Is that right?

Well, I think it was the way I asked.

Okay.

What's going on? Please help me understand because it wasn't confrontational. It was like pleading. Yes, I want to help you, and this is really important. Let me show you why. And he took time to say, "Well, here's what I'm afraid of," and I took the time to listen. And that mattered, right? I exposed that we have -- I have vulnerabilities in that same discussion. And so I shared it myself, and I think that's probably why he shared with me.

Yes, wonderful. Wonderful. So as we continue here, we have lots of leaders, technology folks that are listening to this, hopefully, and gathering some insight from their own conversations. What tips, [ Joseph ], do you have for them especially for, in this case, let's say, engineers that may think just doing my work and doing a great job is what I should be doing, what I've been trained to do. Should they kind of step outside that comfort zone? Should they promote what they're doing? What have you learned and what tips do you have for them?

Well, for engineers, I'd recommend listening. You're really smart. You have a lot of talent. And maybe you have a huge ego, and don't let that get in the way of your success. Listen to people. Listen to what they have to say, try and understand their fears, try and understand why they're trying to make decisions or push information at you and absorb that, so that you can actually respond to that. Take the time to listen. And challenge your own beliefs. I've got another great story for you. I remember I did a hackathon. And you're going to know about this product in a few months, I think. But I did a hackathon, and I did it for fun. And every time you do something for fun, you don't expect to have to go and challenge it. But as an engineer, you feel that this is your baby. You did this. You really want to champion this. You want to make it big. And I had product management. Your boss, I think, it was, came over to me and says, "Joe, I think this would be a great product." And I said "Okay." And so he pulled me to a room, and I talked with my leaders at the time and they said, "Hey, why should we make this a product?" And all of a sudden, I felt on the defense. Just the approach really kind of freaks me out, to be honest.

Right. You weren't expecting that in that conversation.

I didn't expect that. And I said, "Well, why would you ask that?" And of course, one of the other PM leaders stood up and said, "Well, you're talking about scanning malware in the cloud. You're talking about scanning Office 365. This is a Microsoft product. You're talking about scanning Google Drive. This is a Google product. These companies protect themselves. They're not going to allow malware into their cloud." And I sat there and I did what you talked about. I agreed. I just listened to my breath. I didn't immediately respond. I didn't jump and immediately try and react to that. What I did is I said, "Maybe they're right." I said, "You're right." And I leaned in and I said, "I think you're right. It doesn't make any sense. Let's prove that it's wrong."

Okay.

And from that moment on, we couldn't find a cloud that didn't have malware in it.

Right.

It blew my mind because I never expected that.

Right.

And I didn't have to champion it, and there wasn't an argument.

Nice.

And so as an engineer, as a leader, listen to the people. Challenge your own beliefs. None of us are infallible, for sure. As an architect, I probably know that better than anyone. No one is infallible. And so challenge yourself. Listen to others. And make friends because we're all in the same boat. We all want to succeed. And as a team, we can go really far. If we try and go alone, you might go fast, but you might burn up fast, too.

Yes, definitely. Yes, very wise words. Thank you, [ Joseph ]. So as we wrap up here, I wanted to just have a call to action here to our audience who's listening. Hopefully, once again, you gathered some insight. [ Joseph ] had a lot of great knowledge that he just shared there in terms of storytelling, be present when you're having these conversations. Listen, just like [ Joseph ] was talking about. Seek and you will find, as a result. If you're closing yourself off in your mentality, you're not going to find those nuggets of information that you can latch on to, to help solve problems, for your leaders or even the people that are surrounding you and your loved ones. And try it more and more. That's the only way you get forward is by failing and trying. What's the worst that can happen? But then think about the best thing that can happen. Doors open up, you may find someone that you never would have connected with otherwise, maybe you'll find a lifelong partner or a friend. And your commitment to the process really will determine your progress. Keep at it. Keep trying. Get better, 1% better each and every day. So with that, I'm going to end with a quote, which is from an artist named Phora who says, "I don't write music to convince you to believe in me. I write music to convince you to believe in you." I'm sharing this knowledge and all the conversations that we've had here, not because I need that. I like listening to this stuff. I like the self-help. And I'll continue to do that on my own. It's hopefully to inspire you, that you can do this as well, that you can take a step forward and take that leap. So with that, I thank you for listening. I thank the Master Series studio and crew for giving me this platform. And remember, all of us have the power of great conversation. Listen, connect and prepare to be amazed. Thank you.

Welcome again to Cisco Live Barcelona. In this Master Series, we're going to provide introduction to IoT, specifically geared to network engineers. My name is Tim Szigeti. I'm a principal engineer in the Technical Marketing Group for the IoT business unit of Cisco. Let's get rolling. So what is IoT? Well, it's big. It's broad. It covers a lot of things. So sometimes people have a difficulty grasping the essence of it. And so the analogy I like to use is comparing digital technologies to the human body. If we do that, then naturally, compute resources would compare to what? Well, probably, you think that compute resources would be most analogous to our human brain. That's where we do all our -- we gather our memories. We do all our processing. We do our learning. All of this is done in our brain. However, our brain is very abstract, and it needs a conduit to interact with the physical world. And how does it do this? It's through our nervous system. And effectively, that's what IoT is all about, connecting digital compute resources, the brains of digital technologies, with the physical world. So the way we connect is that we have sensors. We have eyes that sense light, ears that sense sound, fingers that can sense temperature, touch, texture, a whole bunch of things. We have all those senses. But not only can we sense, taking input from the physical world, but we can actually change and effect change in the physical world by actuating our bodies, again, via the conduit of our nervous system. So as a very simple overall analogy, that's what IoT is all about, connecting the digital world with the physical. And as such, we see tremendous amount of digital transformation in all industries being driven by this type of IoT-enabled digital transformation projects. In mining, we have autonomous vehicles to make the mining operation safer. And not only safer, but they can even -- autonomous robots can make mines even more productive because then they can go and extract resources in areas that it wouldn't be safe to send in workers to. And so productivity gains as well as safety gains, so forth. We have, for instance, medical supplies in Africa being delivered by drones that are controlled via IoT technologies. And that again makes people safer. It gets them the medicine they need. We see advances in agriculture and farming, oil and gas, manufacturing. Virtually, every industry is adopting the value that IoT presents in its digital transformation. And why is that? Well, it's very simple because all of these different sensors can generate data. And if you have data, every decision you make based on data becomes a better decision. You can increase your safety, improve your productivity, reduce your -- I mean, improve your efficiency, reduce your waste, so on and so forth. Okay. Given that landscape, from a networking engineers perspective, what are the 3 main challenges? It's not to say that these are the 3 only challenges. Just because we have a fixed amount of time today, let's focus on the 3 main challenges of IoT when it comes to networking. What do you think the first challenge is? Well, if you're thinking security, you're absolutely right. That is, by far, the first and foremost challenge. 2 out of every 3 customers say, you know what, what's holding us up or what we're most concerned about in our IoT project is security. And that stands to reason because when you start connecting all these devices, you are massively expanding your threat surface and all the vectors that you're open to attack. And all these devices that are being added to your network, very few of them have any levels of security built into them whatsoever. They don't have digital certificates. There aren't users logging on and authenticating through these devices. They're just coming on the network. They have very lightweight capabilities, little or no security designed in them. It's a top of mind concern for every network engineer and architect designing a solution for IoT. What's the second main solution -- challenge? Well, scalability. Regardless of what analysts you listen to, the projections are all astronomical as to how many devices are coming online. Here at Cisco, of a company of 70,000, we already managed more than 500,000 devices today. Just one company, 0.5 million devices. So you can see how as this scales, and over time, there'll be even more devices coming on online, scalability to address all the needs to manage all these devices, that's another overwhelming challenge. The third main challenge is simplicity. If I have to have one set of systems or platforms to manage these devices and others for those, and these -- it becomes overwhelming. And our IT departments are not scaling with people to the same level, if at all, like we're scaling the number of devices coming on to our network. So we have to do more with less, and we have to keep it simple as possible. So 3 main challenges, again: security, scalability and simplicity. There are other ones as well, like meeting the environmental needs. These devices sometimes are living in very harsh environments from a temperature extremes point of view, from electromagnetic radiation point of view, from -- if it's on any type of transport vehicle, from a shock and vibration, all of those have to be taken into account. But these are the 3 key ones. So let's focus on that this morning. How is Cisco meeting these challenges? Let's talk about some of them. So let's start with the networking platforms themselves. When we take our networking platform such as this Catalyst, industrial Ethernet, 3,400 switch, we're basically ruggedizing platforms that our customers are already familiar with. This is effectively the same catalyst switch as you have in your wiring closet. It's running IOS XC, just like your Catalyst 9000 switches are running. So it has all the same programmable interfaces, got the same capabilities, supports the same features, and most of all, can be managed by the same platforms, except it's built completely reengineered from the inside out to withstand the rugged environments that they're exposed to. Similarly, on the routing side, this is a ruggedized ISR router. It does everything your regular ISR router does. However, you can see the form factor is quite small. This is actually a router plus an expansion module so it can have dual slots, redundancy. I might have dual connections, maybe one to one carrier, one to another. And I can run SD-WAN solutions on it just like I would any other ISR router because it's got all the same capabilities, same programmable interfaces, tremendous amount of flexibility. I can hot swap modules, pulling them in and out -- pardon me. I can hot swap my modules, pulling them in and out, so I can go from 3G to 4G to 5G when it's available in my area, and then I have myself all this flexible future proofing. So starting with this type of hardware is fundamental. It meets the needs of environment and low power. This actually takes less power, 1/10 the power of a regular incandescent lightbulb. So 10 watts of power, extremely low draw. So that's very valuable in remote locations, too. Where you might not have power available, you got to rely on solar cells. Okay. So starting with these platforms then, they all have compute capabilities as well. Where do we go from there? Well, we secure the device, first of all, at every single level. At the mechanical hardware level, we have anticounterfeiting chipsets that prevent even software to be tampered with. Also, we secure all the communications. We're using encryption like MACsec or IPsec, depending on the platform and the use cases. We secure all the applications. So there's security at every layer, not just within the platform. But as we're going to talk about soon, we have a new security product called Cisco Cyber Vision that we'll talk about and demonstrate that secures the entire industrial control system. Now how about simplicity? What are we doing in this area? Well, you've probably heard about intent-based networking. What is intent-based networking at a high level? Well, when you're giving instructions, whether it's programming a computer or even interacting with a taxicab driver, there's 2 ways that you can provide instructions. One is called the imperative model. The imperative model is where you break down every last detail of your instructions to multiple discrete steps, and you provide all of that detail. We say, okay, if you're dealing with a cab driver, take me to the airport. You don't tell him that. You say, go on this street for 100 meters, turn left, go 200 meters, turn right, and then you break it down like that. That's called the imperative model. That's very complicated, requires a lot of detail. However, to simplify that, you can use what's called the declarative model. You just express your intent. What is the result that you want to have happen at a given time, and then you leave it to the intelligent agent, in this case, the taxicab driver, to deliver that intent however they see fit. So that's what intent-based networking is about. We've embedded a lot of intelligence in our network controllers that can deliver the intent that you expressed. And therefore, you don't have to provide all those details. Not only this, but we're the only company that can provide intent end-to-end, all the way from the applications in your data center through your enterprise network, all the way to your IoT Edge. That's huge. That's an architectural game changer, this multi-domain story that we offer to our customers. And then once we've solicited your intent, we don't require you to go box by box and program it. Our controllers will take care of that via automation. So here's how you meet the scalability challenge. You comprehensively and consistently, without error, push out all the policy that you've expressed across your entire network very simply, very efficiently. This is how you meet scale, scaling requirements. So you don't need 100 people to configure all your network devices line by line using text editors and so on and so forth. Okay. So now let me shift a little bit of focus to a new technology that we just announced a couple of days ago here at Cisco Live Barcelona in the keynote speech with David Goeckeler's keynote speech, our SVP. Liz and Tony shared the details of what we're -- the huge steps forward we've made in the operational technology area of IoT, and this is Cisco Cyber Vision. This is the result of the recent acquisition we did last year of a company called Sentryo based in Lyon, France. So what is this all about? Well, in these IoT environments, particularly industrial IoT environments, it's heavily focusing on what is called operational technology. That is the sensors we talked about and the actuators that cause physical change. Whether that physical change is to build a car or some other product, to pump oil or to deliver utilities like power or transport services, whatever that is, these are all the same overall type of technologies. And they're technologies that we may not be familiar with in an IT environment. We have all the things themselves, and each of these types of things, these sensors or robots or actuators, are controlled by little computer systems nearby. And these types of computers are not typically, like I say, in an IT environment, but are industrialized, specialized. They use different protocols with different types of interactions and communication patterns. Programmable logic controllers are one of the most popular. And basically, that will control the thing. Tell it what to -- give me your inputs, and I will tell you what to do as your output -- as the output from the PLC to the device. Then groups of these are then supervised by various SCADA systems, Supervisory Control and Data Acquisition systems. And then these then are all integrated with the broader enterprise network using a model, an industry -- traditional industry model called the Purdue Model. And you can see, there's lots of hierarchy, lots of separation. You want a complete demilitarized zone, not only between the company and the Internet but even between the IT part of the company and the production OT level of the company. There's a lot of separational requirements there in order to keep security. Not only separation, but even then these groups, these production lines can be grouped into cells so that they can restrict communication within them. And this is an industry best practice as well. So you can really see the need for segmentation and this kind of enforcement of how the communication is to happen. Now that's the theory. In practice, in the most part, it's not quite this way. And this type of -- this reality has actually been exploited in the recent decade in various forms of OT attacks. So OT attacks like -- are different from IT attacks. IT cyberattacks typically deal with breaches and exfiltration of data, more recently, with also holding data for ransom. Those are the main styles of IT-oriented cyberattacks. OT attacks leverage that unique conduit between the digital world and the physical world to actually disrupt operations somehow, to cause something to fail physically. So the first of such attacks was the nation-state attack against the uranium nuclear program. And what had happened there is that the uranium nuclear program, the devices that are controlling these large centrifuges that are vital to producing what is required to run it, they're controlled by programmable logic controllers, and it was completely air gap. There's no external connection to these systems. However, a nation state or possible multiple nation states contrive and use some 4-day 0 vulnerabilities to spread some malware on 1 of the 5 vendors that had access to these systems on one of their computers. As they were brought in to do maybe some test and maintenance or upgrades, that malware then was spread from within. And it looked for specifically Siemens programmable logic controllers, and it issued them a new command. And the logic controller is allowed to command the thing that it's controlling, in this case, the centrifuge, and the thing will never question what it's being told to do. And it basically just said, spin faster. Let's say it was 30 RPM originally. And then it would say spin at 75. So just a slight difference, a variable difference. And now these centrifusion spun so fast that they literally tore themselves apart. 1 in 5 were damaged by the end of this attack. So a digital attack with very real-world physical consequences. A few years later, we saw another nation-state attack. This time with the first successful attack against the utility company. They took control of utility systems. There's even videos. You see people in the control room, and they have no control. And they're like, what is this person doing? They could see them moving around and changing things and turning on -- and they shut down power for over 200,000 people for up to 6 hours. So a very real-world consequence. Then we started to see a shift that these attacks were targeting now private industries. Not Petya. It seemed like ransomware at first, but it was not. It was deliberately masquerading as such to distract attention to its real purposes, which was to attack these industrial control systems. Companies suffered huge losses. For instance, one company, Merck, a pharmaceutical in the United States, they estimate -- their latest estimates of their losses during this 2-month period of interrupted operations to be $1.3 billion. About less than a year ago, the world's largest aluminum supplier, Norsk Hydro, they were hit again with malware that was deliberately targeting their production, their operations. That's where -- if you want to hurt a company, you target their operations. That's their bread and butter. That's where they make their money. And this type of attack took them down for 2 weeks, and it costs them $75 million. And incidentally, Norsk Hydro is really to be commended. They recently won a PR award for crisis communication. They were extraordinarily transparent at what was happening as it was happening. And therefore, it benefited the industry at large so that they could implement measures to protect themselves by learning the lessons that Norsk Hydro was unfortunately experiencing. So kudos to them for that. Less than a month ago, a U.S. port was shut down because, again, another type of ransomware attack that came in through IT and it found its way to the OT networks, and it started shutting down the things that load freighters onto boats. It even shut down the video surveillance systems and a number of operational systems. So we see these becoming more and more prevalent. In fact, recent analysts have been saying that 40% of attacks are now OT targeted. Again, if you really want to hit a company hard and make them hurt, that's how you do it. Okay. So that's the environment. That's what's been going on. So how do you protect yourself in this environment? Well, first, recognizing that these 2 different environments have very different requirements when it comes to security. IT attacks, we can recognize worms and viruses. They have very specific signatures. In OT, for example, we have commands that are very legitimate and coming from a trusted source to a trusted destination. And in the case of Stuxnet, like I mentioned, the only thing that was suspicious, and malware was a variable that says how fast to spin, and my hypothetical example, going from 30 to 75. That was the attack. Otherwise, it looked like a completely legitimate instruction from a completely legitimate source to a completely legitimate destination. How do you protect yourself against that kind? Even if you have a security policy in place, you are saying this PLC is definitely allowed to talk to that thing and issue it instructions, but how do you know when that instruction is the wrong one? Other challenges is that a lot of devices in these environments are very old. And therefore, they haven't been keeping up-to-date their firmware to protect themselves. And this is a concept that OT environments, it's relatively new. And there's a lot of resistance to software upgrades and security hygiene. So how do you address that? Well, this is where Cisco Cyber Vision plays. It delivers device identification, operational insights and anomaly detection. Device identification is pretty straightforward. We'll talk a little bit about that in a moment as is anomaly detection. But what do we mean by this term operational insights? Well, basically, it's giving these OT people the information of what's actually happening on their network because a lot of them, they think, okay, well, as long as I have a firewall in place or as long as I'm air gap, I'm safe. Remember, we talked about Stuxnet. That was an environment that was completely air gap, and it was still subject to this huge attack. What we see in these environments is that there's this false sense of security, thinking that I've taken the necessary precautions. But when we start diving into the details, we see a lot of red flags and a lot of vulnerabilities. Let me share one specific example, and this was in a German auto manufacturer where we did an early field trial of Cyber Vision. In their factory, we noticed that there was a PLC that had recently received a whole new program. And then we brought this to the supervisor's attention, hey, here's something that we noticed. Were you aware of this? And he's like, no, no. That's a bug in your system. That's impossible. We don't upgrade those, only at certain periodic intervals. And only when there's -- it's signed off by several levels of hierarchy [ in place ], and only then do these things ever get upgraded or changed. It's a bug in your product. And then there was a little bit of curiosity. It's like, well, who -- or where do you allege that, that instructions, those new instructions came from? We said, well, it actually came from an IP address and a local service provider outside of your organization. And their response was, again, we're telling you, you're completely wrong. Your software is buggy because there's no possible way that can happen. We have a firewall in place. That communication is not even possible. So again, that thinking of what is the security posture versus the reality. As we jointly investigated into this further, what had happened? There was a production line manager that wanted to improve the performance on his line. So after hours, when his line was down, at home, he decides, I'm going to make a slight change to the way that my line operates. And in order for me to upload that new program, I got to get through that firewall. So he gets on the phone to his buddy in IT, who punches a temporary hole in the firewall, allowing for that communication to come in, allowing for that change to be done, and then it was cleaned up. The point is, all of this was done without the supervisor knowledge at all. And this was a -- this was not a malicious intent. This was a very legitimate intent. He wanted to do something good. But the method that he went through to do it, obviously, it isn't the optimal one, and it wasn't well tracked and reported, and it was completely oblivious to the people that are ultimately in charge. And so to have a tool that can report to these types of supervisors in OT of these kind of events is tremendously valuable. Now we also talked about device identification. In OT environments, you have all these devices. And from an IT's perspective, you don't know what they are. They are just Mac address and IP addresses, and there's communication between them. Is this legitimate? Is this nefarious? You have no idea because you don't have the visibility. You don't know what those devices are. So how can you address policy? Or sometimes, they talk not only to themselves, but there's communication flows to, say, the industrial data center or the enterprise data center or maybe even to a cloud provider like our vendor that's running diagnostics. Are these, again, legitimate flows? Or is this some sort of command and control that's happening? Again, if you don't know what the devices are, you can't implement policy. That's a challenge. Device identification is a challenge. How can we meet that challenge? Well, we're going to look at a demonstration now of Cisco Cyber Vision into action. And the use case that we're outlining is a baggage handling use case. A lot of you perhaps to attend the Cisco Live had to travel by air. So baggage and conveyor systems are probably very familiar to you. Now what most people don't recognize sometimes is how these are connected in networks. In these environments, typically, the networks are just flat Layer 2 network. No security. No segmentation. Completely vulnerable to broadcast and multicast storms, and they can bring down these entire systems. Other than Vancouver and our airport went down, and they had to divert traffic because the baggage systems went down because of a broadcast storm introduced by a Layer 2 loop. Can you imagine that? That's how critical baggage systems are to an airport. They're the second most critical function, second only to air traffic control. If you can't handle the bag, then the airport just gets crushed and falls over under its own weight. So that's how vital these operations are to the functioning of, say, an airport. Now even if these systems are completely air gap and kept separate from the outside world, very commonly, technicians will come in to do maintenance, diagnostics, upgrade firmware, and they'll connect their own laptops. And if that laptop has malware on it, the malware will spread laterally end-to-end. There's nothing to stop that from happening at all. This is a very, very common occurrence. This is what, in the use case of Stuxnet happen, and it happens very regularly. So let's take an example. I have a little setup over here that's simulating an airport conveyor system. And basically, even though it's miniaturized, even though it's simplified, all the functional components in this demo are very compatible with the real-life full-scale event. We have basically sensors and actuators controlled by programmable logic controllers. And then all of the traffic that's going through these are monitored by our Cisco devices where Cyber Vision has an agent running in the software of the network devices. And so that's an important point to recognize, first of all, is that Cyber Vision agent is running in the network devices themselves. We don't have to drop in additional sensors in the network that passively listens to the traffic that's in the network so that it doesn't interfere with the production traffic in any way, but it looks for all these communication patterns, not only what is being said -- I'm sorry, not only who is talking to whom, but what is being said, even at that variable level. So let's take a look at the output by what Cyber Vision is seeing in this example here. So if I log into Cisco Cyber Vision. Then in my example here, from my baggage control system, it's a tool that is very much oriented to OT and IT environments. And so I can see all my components, and I can see the communication patterns. I can view these in a number of ways. If I'm an OT person, I might want to see all my systems in a Purdue Model, as we demonstrated, because that's familiar to them. And incidentally, you can see that any given system here that has a vulnerability is called out with a nice big red dot as to, okay, what systems have some sort of software or firmware vulnerabilities. And by clicking on these, we can introduce OT to security hygiene. So here, we know every single device. Why? Because our Cyber Vision sensor speaks the language of these industrial protocols. It knows what they are because they're announcing it in their communication. We know the make, model, serial number and firmware of any given device. And so we can locate these as needed if we have to do, say, a firmware upgrade. For example, I clicked on this Rockwell controller. And now here's the list of the security vulnerabilities that are known for this type of Rockwell controller, this firmware version. And therefore, we can put in to -- implement a plan to address these vulnerabilities to raise the security posture of my OT environment. It's very simple and easy to -- interface to understand. Not only this, though, for anomaly detection and operational insights, we talked about those as well. What I can do is I can baseline my network that says, okay, if I take a look at my network, I can see how things are communicating. I can see which traffic is control traffic or network traffic, where the communication patterns are going to and from as well as what's being said, the variables, the details of the operation, and then I can compare. I can say for one point in time to another point in time, have there been any differences? I can see things, new devices that have appeared. They're shown here. There's 3 new components. What are they? I just click on them, and it's highlighted for me, what are the new components. What are the new activities, the new communication paths that I didn't see before and even to the variable level. Coming again back to our Stuxnet example. All that changed there wasn't that there was a new component on the network. It wasn't even a new communication flow. The PLC was talking to the centrifuge controller. All that was new was a new variable, spin faster, and we can even detect these as well and provide that operational insight and anomaly detection. So now when we return to our diagram, we have a much better view of our entire network because we can see all these things and effect our security policy. By the sensors that are in the network devices monitoring all of these, we can understand what the devices are, and we can share that information. This is very much a multi-domain solution. We take that information, share it with Cisco DNA Center. We can very quickly deploy segmentation policies, which we're just about to do. We can even share this information with our security products, like Stealthwatch, and enhance that visibility by providing the source device details or with Talos or with FirePOWER management center and so forth. Well, let's continue the story to implement a policy and show how this is now even far more effective and easier to do. So for example, we have new capabilities just launched again this week. And Cisco software-defined access, security, policy extended node. And what is this about? I'm going to explain. It's all about segmentation. The ability to segment your network from these virtual networks, which is traditionally very hard to do. You've got to deploy VLANs. You got to deploy addresses, program these into DHCP scopes, a plan for redundancy in your gateways as an exit from these VLANs to the rest of your network, deploy your routing policies and, ultimately, your access policies. You have to touch a lot of different management systems to do this. And it takes a lot of time, a lot of planning, a lot of effort. And ultimately, it ends up with a lot of complexity on your networking hardware, especially in forms of access list. There's a better way to do this. We'll demonstrate that now. So if I log in the Cisco DNA Center, if I want to create a virtual network for my IoT devices, I just click the plus button here, give my virtual network a name, and say, okay, what devices do I want in this virtual network? I might want badge readers, HVAC systems would be another good one as an example of IoT devices. And let's see, security cameras. And now as soon as I do that and click save, I'm done. That's all it's taken me to implement what is called macro segmentation, these large policies that isolate these devices end-to-end across my network and make sure that from their point of view, all they see is an IoT network. They can't even see, let alone talk to, the rest of the network. This is macro segmentation. This is what I've just deployed with a very few clicks. Very easy. But I can actually go further, and this is where the value of the new functionality in IOS 17.1.1, secure policy extended node, and it's available on our IE switches now as well. And so this allows me to do micro segmentation. What does that mean? If we zoom in on the given IoT VLAN that we created, we put in cameras. We put in HVAC devices, and we put in badge readers. Should a video surveillance camera ever be talking to a badge reader or vice versa? No. They really have no business talking to each other. But within a virtual network, you can have any to any communication. However, the only time when one of these devices would try to talk to a device of a different type, it'd likely be when they've been compromised and part of an IoT attack. And now they are scanning to see who else can they reach and communicate with so that they can propagate the malware. So if we want to lock down that type of communication so that cameras only can communicate with cameras or their controllers. Similarly, badge readers lock down to that type of device. Or HVAC systems, they -- even though they're in the same network, it's as if they're completely isolated from these other devices. How complex is that to do? Let's return to DNA Center, and then we create a group-based access policies that leverage scalable group tags. And again, to implement -- add such a policy is very easy. All we got to do is give the policy a name, and then we say, okay. Let's say, it's badge readers is going to be the source, and HVAC systems, the destination, what is the specific of the policy that we want that will govern the communication, we'll say we're going to deny the communication between these 2. And optionally, very quickly, we could say, you know what, do that in both directions. So the badge readers can't talk to HVAC systems nor can HVAC systems talk to badge readers. And it becomes that simple. I click save, and it's pushed out. That's intent-based networking. I didn't have to do complex operations. I got all the information from Cisco Cyber Vision for identifying these things, sent them to -- via pxGrid to ISE. So ISE, in turn, shares them with DNA Center. DNA Center then goes down and programs the device. So a lot going on, but that complexity is abstracted from the end user operator. It becomes just intent-based networking. Very scalable, very simple, very secure. Okay. So today, we talked about how IoT is changing the world, especially in industry. From an IT engineer and network engineer's point of view, the 3 greatest challenges, by far, are security, scalability and simplicity. And we covered what these challenges are as well as what Cisco is offering in each of these spaces to address them. We talked about security. It's at every layer in our devices, in the hardware, in the software, in the communications, at the application level and even at the system level. We talked about Cisco Cyber Vision, new technologies specifically designed for the OT space. For scalability, we showed the value of automation. And then simplicity, we showed intent-based networking, leveraging that basic policy. These can talk to those and nothing else. And we express that very naturally with just a few clicks, and we've then deployed that comprehensively through our entire network. So we hope you enjoyed that introduction to IoT from a network engineer's perspective. Thank you for taking the time to join us this morning.

Hi guys, and welcome to Cisco Live and its Master Series class on AI and machine learning. My name is Robert Barton, and I'm a Distinguished Architect with Cisco, obviously working in the area of AI and machine learning. So today, we're going to talk a little bit about this technology. We're going to demystify it a bit for you, and we're going to talk about what is Cisco doing in the space and making it so interesting, worth talking about? Well, I think -- we're in the city of Barcelona here at Cisco Live. And when we go to the most famous street of Barcelona, it's La Rambla and at the bottom of La Rambla is the statute of Christopher Columbus. Now in the year 1492, we all know the story, he left for his voyage of discovery, he went to the New World. A year later, in March 1493, he came back here to the Port of Barcelona. He was met by the King and Queen of Spain, and he started to tell his stories about what he had discovered. And without a doubt, this was the most disruptive event of the 15th century, probably of the entire millennia. Think of all the changes that happened because of this voyage of discovery. Well, Christopher Columbus and the King of -- Queen of Spain, probably all the people that have met him really had no idea the impact that this discovery was going to have. And yet, it changed the world. Well today, we're seeing a similar type of disruption, and that is artificial intelligence and machine learning. Everyone's talking about it. Everyone has an opinion on it. Most people don't really understand it. They can only basically tell you some ideas about it, maybe some from the movies, but they really don't know much about it. But it really is something that is going to change the world, and it is already doing so to many, many companies. In fact, it's hard to think of a company or an industry that is not being disrupted by artificial intelligence. Sometimes, friends will get around at a coffee shop and they'd name a company, name an industry that is not being affected by AI, even traditional ones like the taxi companies. These are disrupted by Lyft and Uber. The video services companies being disrupted by Netflix and other types of online video services. They're AI engines that are really changing the way we interact with each other, with products, the way we talk to customers, and Cisco is no exception. We see this list of products here. It's just a sampling of the area where Cisco is using AI both for our own intelligence and for our own products to make them better but also to serve our customers better and support their machine learning workloads. We look at the 4 fundamental pillars of Cisco's strategy. One is about our applications on the networks we run them on, securing our data, transforming our infrastructure, and finally, empowering our teams through things like communications and Webex. These are the 4 fundamental things that drive all the product development at Cisco. And every single 1 of them actually has a lot of AI built into it. It's hard to even think of a Cisco product now that doesn't have some relation to AI, either using the data from the network to make the networks smarter or again helping our customers with their AI problems. So let's talk about what this means. What exactly is AI and machine learning? We'll just take a few minutes to describe it and we'll maybe take away some of the complexity, and then we're going to explore exactly how Cisco is using this in a few major products areas and categories. So we've heard about machine learning. Machine learning is about taking data, training algorithms and helping them to make decisions without being explicitly programmed. That's what machine learning is all about. But actually, it's part of a bigger world called artificial intelligence. So we'll use these expressions almost interchangeably, AI and ML. Well, they're very related but they're actually a little bit different. So just like what a human has to learn something before they can do it, a certain task, whether it's something like riding a bicycle, you have to learn first before you can really do it well. Well, it's the same with computers. You have to learn and be trained to do something before you can go and do it. So that's the difference between machine learning, is you learn first based on historical data and training data, and then you go and you execute it in the wild, that is true artificial intelligence. There's a special class of machine learning that gets a lot of attention in the media called deep learning. I say deep because it's very, very deep and important, but it's actually just a class of machine learning that does some very, very cool things. It gets the attention because it makes machine learning much, much faster than it ever has been in the past. And even though machine learning as a science has been around since the 1940s, deep learning is solving problems and letting us do things that were just never possible before. So it gets all the attention. In fact, we at Cisco are using deep learning also called neural networks, in many, many different product categories. And I'm going to show you some examples of these in just a few minutes. Well, let's just take a little bit of a snapshot, what some of these main methods of machine learning are. We'll just look at 3 of them and help you understand where we had applied these types of different algorithms and what sort of problems they're able to solve. The first major class of machine learning is called supervised learning. This is when you have a lot of training data, a lot of historical data and you use it to train an algorithm so that it can predict something that it's never seen before. Now in the world of machine learning, data scientists, they love to use examples of pictures of animals. And for some reason, they love cats and dogs. So let's say we take lots of pictures of cats and pictures of dogs and other animals and we label them. This is a cat or this is a dog, and we get thousands upon thousands of pictures to our algorithm. Eventually, by looking at the pixels and the formation of the pixels, it gets trained so that 1 day, when we show it a new picture that it's never seen before, it can tell us it's a cat or a dog. So we typically call this an A to B mapping. And again, it's based on historical data. And the more training data you can give to an algorithm, usually, the better it gets. So you need a lot of data to make this effective. In fact, we often will say that data is the rocket fuel for machine learning. You don't have a lot of data, it's hard to train those algorithms to make them useful. So keep that in mind as we go through our discussion today. The second class of machine learning is called unsupervised. So the first one is supervised based on historical data, and we're leading to a particular mapping, whereas unsupervised learning, we're not really leading to a mapping. We just have a big jumble data, a collection of data points. We really don't know what it means but there's a hidden pattern in there somewhere. Well, it's very hard for the human eye to pick up patterns that are in very high number of dimensions. If you're looking at 4 to 5 dimensions, even 500 or 1,000 dimensions. How can a human look at all the patterns and really understand it? Well, there's value in that data but machines are really good at finding what those patterns are that are just unseen to the human eye. Well, that's what unsupervised learning is all about, finding what the patterns are, finding where the cluster boundaries are and very importantly, as we'll see in the world of security, figuring out where the outliers are. The thing that just sticks out like a sore thumb that just shouldn't be there, the anomaly, that's what unsupervised learning is really, really good at. So think of it as a way to look at patterns and understanding the boundaries of where those patterns are as opposed to supervised learning, where we're actually trying to predict something or map 1 thing to the next. Now the third class I want to talk about is deep learning. And this is a very, very important 1 because it's able to solve problems that we just couldn't do before. Now deep learning uses this idea of layers where you have an input layer and the output leads to another layer. And at each layer, there's little things called neurons. And the idea is that this type of machine learning mimics as close as possible to the way that humans think or so we theorize. Probably, we don't think exactly like this or the brain doesn't work exactly like this. But this is a general concept of perhaps how we can display in a computer mechanism the way the brain is functioning. And the idea is when you make a decision, you have a series of inputs and these inputs have certain weights. So for example, you're going to go on vacation next summer. Where are you going to go? Well, you have certain criteria, like how much it's going to cost, how far you're going to travel, how many days of work you have. These are parameters or input variables. And you give a weighting to each of these. Now you multiply your input weight by the variable value, and then you lead it from 1 decision criteria to the next, and eventually, you lead to an output. Now the value of deep learning is that it lets you do a lot of this computation in parallel. So it means you can come to your results very, very quickly. And deep learning allows us to do things like natural language processing, where a computer can understand your speech, and you can translate it for things like Alexa and Siri and Hey Google. All these capabilities are because of deep learning or computer vision where you can identify an object or a human face and you can identify what they're doing. That's all because of deep learning. So think about it as breaking this complex job of machine learning into a lot of little small ones and processing them in parallel. So is this supervised learning or unsupervised learning? Well, it can actually do both. It has that kind of flexibility and power, which has really made it 1 of the most popular types of machine learning today. Okay. So the stage is set. Those are the types of technology we're dealing with, the type of algorithms involved. Let's explore how Cisco is using them. So I want to start in the data center because that's where we start to process all that data. Now an important concept to understand is what's the difference between a CPU and a GPU? Well, I think we all know what a CPU is. That's the processor that goes in our computers, in our phones. We use them almost everywhere. It's like the Swiss Army knife of computing. It can do almost everything because it's a reduced instruction set type of architecture. It's really very, very flexible. Now a GPU or a graphics processing unit is a bit different. It's a specialized type of processor. The GPU was actually invented for the video game industry by NVIDIA in the late 1990s, very specifically for pixel manipulation to accelerate video graphics in games. Well, it turns out, GPUs are very, very powerful when it comes to machine learning. So they're not like the CPU that's the Swiss Army knife. Think of them more of the specialized instrument that a surgeon might use. Now if you were going in for an operation and you were lying there on the table and they're going to do some surgery on you, and the surgeon walked in with a Swiss Army knife and he was ready to start surgery on your body, I think you'd be running for the door. This guy is not using the specialized instruments. No, he's not even trained to be doing this. Well, in the world of AI, machine learning, primarily we use GPUs because they're specialized for that task. So if we try CPUs, they would work but they're really not optimized and they won't be that fast for this type of operation. So GPUs are really the central thing for machine learning. Well, what is it about the GPU that makes them so useful? It's their ability to do parallel processing. So whereas a CPU might have a couple of cores, you might have a dozen cores even on a fairly powerful CPU, the GPU by contrast has hundreds, if not thousands, of cores that lets you process a whole bunch of things all at the same time. Now do you remember, in deep learning, we have lots of these input variables and we have lots of layers? In real machine learning networks where we're looking at images, for example, in self-driving cars or language processing, you could have thousands of input variables. If you were to do that in a CPU and look at each variable 1 by 1 by 1, it would take a very, very long time to process that, probably not even making it very useful. Now a GPU can process a whole bunch of them all at the same time. So imagine that different core inside of this GPU having a different input variable or a neuron in that deep learning network, and it processes it all in 1 clock cycle. That's the power of the GPU and that's why we want to use it in a lot of these types of machine learning jobs. Now is the GPU the right type of tool to use for a serialized task, something that doesn't need a lot of parallel processing? Well, of course not. You would not use a GPU for that. You want to use the right tool for the right job. That's 1 of the key aspects of any type of technology. Well, let's take an example for image analysis. So here, we have multiple layers. We look at 4 input layers into our deep learning network. We have these things in the middle called hidden layers. These are the middle processing layers where the output of 1 leads to the input of the next. Now if we apply this to image analysis, perhaps we're just starting with a picture of a face. Well, the first layer is looking at the edges. So where are the dark to light edges of this particular image of the person? The next layer, we look at objects like the ear, the nose, the mouth, aspects of the face that tell us features, exactly what we're looking at. The next, we get more and more refined and as we go through these layers, we can very quickly get to a definition that this is a human. We can even identify who that is, perhaps even more details about them like their emotion based on the facial expressions that they're making. Now in this diagram, we're only showing 2 internal or hidden layers. In reality, it's going to have a lot more, but this is a very useful aspect of parallel computing because I can do all these pixels 1 after the next, 1 does not relate to the next, and I can get to my output and allows me to get a result from this A to B mapping. Now just as a little anecdote, some time ago at the Google Data Center, they thought this is -- this whole deep learning thing, this is a really great tool to do image recognition. And this is one of the first examples. They'd said, "Let's build a cat detector." And again, data scientists love to find images of animals and to map them. It's sort of a subculture in the world of AI for some reason but you'll find a lot in this space. So at the Google Data Center, they built this cat detector, and they built it with over 1,000 servers with 16 cores each so 16,000 cores looking at all these pictures of animals. The estimated cost of this infrastructure was the minimum USD 1 million, probably was much, much higher. But the cost of the powering of these servers in the data center, it was huge, 600 kilowatts of power being required for these 1,000 servers, that's a very expensive cat detector. Why would anybody build such a thing? Well, of course, this was a scientific experiment. But then the researchers over at Stanford's AI lab got hold of some GPUs, and they said, "Well, there's probably a much, much better way to do this because we don't need the heavy lift computing of a CPU. All we need to do is a very simple matrix operation in these little cores of the GPU, and we can do this whole thing in parallel." So over at Stanford, they got just 3 servers with a total of 18,000 cores because of their GPUs, only cost them $20,000, and it did the exact same thing. Well, the good news is that everyone can build their own cat detector now almost for no cost because we have these types of things on the market that are very, very inexpensive. This just shows you the power of the GPU when it comes to AI and machine learning. So what is Cisco doing in this space? Well, the leaders in the GPU space are, of course, the processor companies like NVIDIA. They lead in this space. Cisco has partnered with NVIDIA. In fact, what we see here is the UCS 480 ML (sic) [ UCS C480 ML ]. So this is a server that's stacked with NVIDIA Tesla V600 -- or V100 GPUs. This 1 server has over 5,000 cores in it. It's meant to do a lot of parallel processing. So if you have to do image analysis, speech recognition, noise cancellation, any of these type of typical machine learning, deep learning type of projects, this is the server you would buy. You would not buy this server for just a regular off-the-shelf application. This is very, very specifically built for the world of AI and deep learning. So this is an example of a product we built to help our customers with their AI projects. And of course, we have to partner with companies like NVIDIA because Cisco doesn't design these types of processors. There's other companies as well that build processors like Intel and AMD. And even Google has processors they have built very specifically called Tensor processing units. So we'll see a lot of this developed as we go forward. But again, it has to be a very specialized server. Well, what about in the campus? What about in enterprise networking, what is Cisco doing in this space? Well, we announced last year something called DNA Analytics. When you think about rockets or -- when you think about machine learning, uses data like rocket fuel. This is what fires the algorithms, and it lets us -- it predicts the certain events as they occur. It does these mappings of A to B. It finds these cluster boundaries, these anomalies. Well, you need a lot of data to be able to do that. When we look at the network, it generates an amazing amount of data about itself. This is not the data you just pass through the network. This is the data that the network is generating from telemetry, whether it's syslogs or it's SNMP data or its net flow data or it's firewall logs, these are events that the network is recording about itself. Well, no one's really looked at all this data holistically and started to apply deep learning techniques to these types of data. But what if we could? What if we could start to collect data from our own network and then compare that with everyone else's network? What if we had a way to look at every big network around the world and start to collect this together and start to see what makes the network perform well? Under what conditions does it start to fail, a wireless network? When do people start to lose connectivity? This is a very classic machine learning type of problem. When we look to things like the automotive industry, they've been doing this for a long time. The robots and the machines that are on the production line, they collect data from those machines so they can predict when that machine is going to fail or whether a part is going to break. Well, we can do the same thing in the network now with DNA Analytics. It lets us do different types of machine learning to do root cause analysis, do predictive maintenance when part of the network is about to fail for some other reason. And it tells us even when our performance is suboptimal. This is a project called KAIROS. And the intent of KAIROS is to build a cloud data repository that pulls in data from our customer networks all over the world. So as customers start to deploy DNA Center, they generate data about their networks. The KAIROS Cloud allows us to pull this data and anonymize it. So we don't see anything that's unique to the customer. We don't even see their IP addresses. We just collect metadata about what's going on and the performance of that network. Now as we start to collect this net -- or data, we apply it to machine learning models. We've trained those models to understand the behavior of that network. And under all these input variables, what's making a certain network perform well and a different one perform poorly? And we start to get a clean idea of how networks will behave with all these different environmental variables at play. So let's take an example of how KAIROS works. So let's say you have an issue with your wireless network, and for some reason, performance is just not good. Everyone is saying, "Your WiFi is terrible. Let's call Cisco Tech." And what's Cisco Tech going to tell you? "Okay, Mr. Customer. I'm sorry, you have to go do a site survey again." And you say, "No, I've done a site survey. I am telling you a site survey is not the problem. I'm still having wireless performance issues." People are taking a long time to connect. Their performance is terrible. Well, site survey is not going to necessarily help you with performance issues. There could be a lot of things at play. You could have some type of collision issues. You could have contention issues on the wireless domain. There could be quality of service issues. Who knows? It could be 1 million different variables. But what if you applied DNA Analytics and you applied these machine learning models? Could you tell what the root cause of that problem is and perhaps even warn the customer as it starts to occur and before it becomes an issue and is apparent to all of those users? Well, that's exactly what DNA Analytics is all about. So take this example here of some analytics that DNA Center has given to us. So you see this top band, we see this green band that fluctuates up and down. Well, this is given to us through a machine learning model. Based on all the data that we're getting from the environment, from the wireless access points, from the controller, from just the number of clients that are on, the type of applications they're using and measuring their performance, we can come up with an estimation of what the projected performance of that network should be under those conditions. This is a predictive algorithm that is the output of a machine learning tool. And primarily, this is a regression technique that uses deep learning. So we see what the predicted band here, this green band up and down. Now do you see that little line that's going through the green band? That's what our actual performance is. Now at some point, the line goes underneath the green band. It tells us that you have worse performance than you would expect with these type of environmental variables. Based on the conditions we see, we see your performance is dipping below. Other times, it looks normal. It's right in the middle of the green band, as we would expect. But we're really interested to know why did it dip below? Why is our performance poor under certain conditions? Well, that's where we need to do some root cause analysis. So first, we're using regression and deep learning techniques to understand the expected behavior of our network. Now we compare it to what we're actually seeing, then we start to look for anomalies. We start to use some unsupervised learning techniques to actually understand, where are the anomalies? Where are those outliers that are just not -- shouldn't be there? They're performing for some reason in a poor way. Now here we see different examples of signal strength, of signal-to-noise ratio and very quickly in that little band we see in the middle, we can see where things have dipped down and we can identify quickly, it's a signal strength issue. So very quickly, we're using data now in a powerful way to help us understand the actual performance of our network. Let's look at a third area where AI/machine learning are being used a lot at Cisco and that is in the world of collaboration. When we think about collaboration, we think about WebEx and TelePresence suites and these immersive rooms. These are using computer vision. Computer vision is a field where we're using deep learning to look at objects, to identify what they are, to understand what is being said, in some cases, we can even talk to our WebEx board and communicate with them like you would with Siri, Alexa, Google, these types of things. We can now do the same thing with WebEx. And there's a host of capabilities in most of our WebEx and TelePresence systems. Well, what enables this? Do you remember the technology? It's the GPU. Without the GPU, you cannot easily do computer vision, natural language processing and these types of capabilities. So every Cisco WebEx board has 1 of these GPUs built into it. This is the Jetson GPU built by NVIDIA. It's the same type of GPU that gets put into self-driving cars, autonomous vehicles, and it lets us do a tremendous number of interesting capabilities. Now here's an interesting one. Have you ever been on a conference call when people have a lot of background noise, perhaps an ambulance goes by or a fire truck or perhaps people are typing on their keyboard and they forgot to put themselves on mute? That's 1 of the most irritating things to me, tap, tap, tap, and you're just like, "Who is the person that's typing on their computer? Can we just mute that person?" Well, wouldn't it be nice if the AI system in that conference could detect that, could see that this is 1 of those anomalous noises we just don't want to have on our system? Or if there was a barking dog or some type of disruptive noise that's common, that's well known, and we could just cancel it out. Well, this is a game where we're using AI. Now do you remember, we talked about image recognition is something we use deep learning for to identify images, to identify exactly what it is? Well, when we look at spectrograms of sound, we can display these as images as well. So for example, the pattern of a human speaking is very different from a dog barking or a siren of an ambulance, a fire truck or a police car or the tap, tap, tap of the keyboard. It has a certain cadence that identifies it uniquely as that type of a sound. So at Cisco, what we do is we train our WebEx system in our engineering. We know what these types of sounds are, we classify it with thousands of samples of dogs barking, of sirens, and we put that into the system and we do detection of it. And we detect it through a deep learning network. And what do we do when we hear that or detect that type of sound? Well, we send out a cancellation noise that will prevent that from being sent across the WebEx, across the conference call so other people are not disturbed by that particular sound. It's a very, very useful application of deep learning embedded directly into our collaboration tools. Well, another capability is identification of the people on the video conference. Have you ever been on a video conference and there's these other people in the room, and you know you recognize these people, but you just wish someone would introduce themselves so you could attach a name to the face? Well, this is a very common problem. You're not alone. We've all experienced that. With AI face recognition in our WebEx system, we're actually able to look into the directory, and we've actually deployed this at Cisco using our own directory system and the images of people's faces. So when you're on the Webex, it will actually show the name of the person below their face, and you know exactly who it is that you're talking to. Of course, I'm not sure it's been tested for people who are twins and look extremely similar. It might get it wrong in certain cases. But AI is pretty good. It can detect even micro differences between people that's hard for the human eye to pick up, but an AI system with computer vision, especially when it's in HD, is able to pick up these differences, and you can tell who you're speaking to, and you don't need that formal introduction and hopefully not embarrassing yourself. Well, computer vision is a fascinating subject, and these applications of AI almost seem limitless. Just across the way here, across the road, there's a display that WebEx has of the sentiment analysis. So you can walk into the booth and it can tell you a lot of things about you, the emotion that you're expressing. Are you happy? Are you sad? Are you calm? Are you nervous? Are you tired? Like I tried to just before I did this broadcast and it was pretty accurate. It told me exactly my age. It told me my gender, good thing we got that one right. And it could tell me if I was happy or sad. And then I tried to scowl, and tried to be really angry faced, and then it says you're angry. So it seems to be pretty accurate in picking up the sentiment. And my buddy that I did this with, he's like, "Why would you ever use this? Like who is ever going to use a sentiment analysis?" Well, imagine you're a teacher in a classroom. And you want to see if you're being effective as a teacher. So you point your camera back to the class, and now you can see the sentiment of the students in the classroom. Are they enjoying the material? Are they bored out of their minds? Are they falling asleep? Well, the AI can tell you and can give you an average sentiment score for all the students that are in the classroom. Well, that's pretty useful. That can help the teacher understand. He needs to kick it up a notch or he's doing a good job. It also brings up some interesting questions of potential bias. This is a very important area of AI, where we can start to see aspects of a person which actually might lead to discrimination. So in the world of research and AI, a lot of the academic research is going into, how can we actually remove bias when we see certain people displaying certain traits? For example, if we look at perhaps the criminal population, do they look a certain way? And are we trying to identify people who are completely innocent as criminals? Well, we may not have designed our AI algorithm to be discriminatory or to show bias, but by the trainings that we give it, are we leading it to a biased outcome? There was a fascinating story on 1 of the largest tech cloud companies. They were filtering their resumes and using a deep learning model to look at all the words in the resume. And what they would do is compare it with successful candidates who had got jobs at this company, and they would use this filtering mechanism to automatically get rid of the resumes that were just not suited or not likely to become successful employees. Well, guess what happened? In this company, the majority of the workers were males. So the AI algorithm, by the data it had been fed, started to conclude that you had to be a man, a male to work at this company. Of course, that is not a very good outcome. It's very, very biased. Females are just as qualified as men, but just because of the training data it was fed, it was leading to the wrong conclusion. So after the company realized this, and they went back and they started to make some changes and while we have to train this algorithm differently, that wasn't our intent at all. But even then, suddenly, the language that was used typically in a resume that's put together by a man versus a woman is different. And because of that, it started to pick up these differences. And say, well, again, this is the type of resume, you need to be, to be successful. Well, these are traps that can easily fall -- we can easily fall into with AI systems and we want to avoid them. So how do we do that? It's still a bit of an art and it's being researched. We as humans don't want to be biased and show discrimination. But sometimes, the data we feed into these algorithms can lead us to these biased results, and it's something that you really have to watch out for if you do an AI project. The last area we're going to look at is AI in the world of security. And perhaps this is 1 of the most important and impactful areas for Cisco in using AI. Well, when we look at the landscape today and we see the number of attacks that are out there, it's very, very difficult to stop them and 1 of the biggest reasons is that so much traffic is encrypted. We look at the amount of traffic today on the Internet that's encrypted. It's well over 80%, leading to 90%. We may hit the point one day that almost 100% of traffic on the Internet is encrypted. Well, how do you find the malware and the nasty attackers if they're all inside encrypted traffic? It's very difficult, isn't it? Look at this picture here. Do you see the assassin lying in wait to hit someone? Well, it's very hard to tell. It all looks exactly the same. It looks like a bunch of rocks. But if you look very carefully, there is an assassin in there and he's holding a rifle, waiting to shoot. This is the kind of problem that security architects and security analysts have to face in the world of IT today. How do you find the malicious attacker? Well, it turns out, you don't necessarily have to look just at the inside of a packet. You can look at the behavior of a packet. We often say that 90% of communication is nonverbal. In other words, you can look at the way a person thinks by the way they move, the way they move their head, perhaps their body language. It says so much about them, their eye contact with you. It tells you really what they're thinking, if they're interested in you. Turns out we can do the same thing with network analytics. If we look at the behavior of traffic flows, if we see the behavior of certain metadata, the size of packets, the space between packets, where their source is, where their destination is, the type of traffic at the headers, that will tell us so much about the traffic itself that we can start to identify it. Now what type of machine learning do you think we're using here if it's anomaly detection? Well, again, we're looking for outliers, those anomalies. This tends to be unsupervised learning. So we're looking what those anomalies are. Things that's just out of normal. It doesn't seem to be normal traffic flow. That's probably your attacker. That's the one who's trying to do something nasty on your network. So we look at these linear decision boundaries. And the way we find these boundaries is through the magic of unsupervised learning. We feed it a lot of data, we look for the clusters, and we see what's healthy versus what is dangerous on our network. And it's the first line of defense really in identifying what the nasty things on the network are. Once we've classified it as an outlier, then we can look at other types of machine learning, regression techniques and deep learning techniques to really classify what it is and why this anomaly is trying to do something nasty on our network and then feed it back even to firewall rules and other types of intelligent network systems that will stop that malware and stop that threat actor. One of the examples of this is something called ETA or Encrypted Traffic Analytics. What ETA does is takes us -- net flow information, so a lot of the information from the header of the packets, metadata about the packet, and we send it back to Stealthwatch. Now the ASIC underneath that allows us to do this is something called UDPA or Doppler. It takes all this information, sends it back to Stealthwatch and we feed it into these machine learning models. We then look at a classification of this, we look for whether it's benign, whether it's nasty. We classify it as an anomaly, and then we pass it into more machine learning tools to say, we need to stop this or we let it go. Well, how effective is Encrypted Traffic Analytics? Well, turns out, it's very effective. In a lot of testing, we've been able to find 99.9% accuracy that something is nasty without even seeing inside the packet. Just by looking at the behavioral analytics of the packet, we can tell what it's up to, what it's trying to do and whether it should be prevented from our network. So we've looked at 4 different areas of machine learning, and AI, how Cisco is using it. It's probably just the tip of the iceberg. We've been down this AI journey for a couple of years now, and we're already using it almost in every product we have across our business units, product categories. We looked at just 4 different areas, from collaboration to the data center, to enterprise networking, to security. AI is really becoming a foundational tenet of our technology and it's extremely exciting, I think, what we're doing today and what we're going to do in the future. So hopefully, you've enjoyed this Master Series class and learning a little bit about the fundamentals of AI, machine learning and how we're using it. And hopefully, you take something away from this and you can enjoy learning more about it in the future. Thanks, guys, and have a great day.

Hello, and welcome in our master session, SD-WAN at Cisco Live Barcelona 2020. My name is Nikolai Pitaev. I'm technical marketing engineer responsible for SD-WAN. And guys, we are doing this for the first time in history. So actually, we are guinea pigs. And I'm not the only guinea pig here. I have an honor to have with me Marty Ma and Hamzah Kardame helping me to explain and present all new SD-WAN features, all new SD-WAN use cases we have for you at Cisco Live Barcelona. So Marty, back to you.

Sure. So I guess I'm the guinea pig #2, the one in middle, right? So my name is Marty Ma. I'm a technical marketing engineers' manager. So I'm responsible for actually driving all the core features for SD-WAN in Cisco.

Hey, everyone. My name is Hamzah Kardame. I'm a technical marketing engineer with the Cisco Software-Defined WAN business unit. I work closely with the managed service provider segment of customers. I've been with Cisco for almost 10 years and looking forward to doing this.

Excellent. Thanks a lot. And as you guys see, yes, guinea pigs, 3 guinea pigs but really technical oriented. So yes, we do have one manager just to see what we are saying. But the reality is we can go deep and we'll go, in some cases, deep and explain what exactly do we mean on a technical level. It's a technical conference, and let's get started. That's our agenda for today. So we will have just a brief SD-WAN at Cisco Live Barcelona overview for you. And then we will jump into what's new, features, strategy that will be really interesting to see what is happening around SD-WAN, what is new. One important topic always coming after new stuff is migration. How do I migrate from non-SD-WAN to SD-WAN? And how Cisco can help to migrate my network? And last but not least, we have application quality of experience demonstration for you, really nice feature which will help to improve your performance, especially in case of high delays on your bandwidth. That's our agenda for the next 35 minutes. Let's get started. And really quick, we have a lot of SD-WAN-related sessions. On Monday, we had 3 different tectorials. And by tectorial, I mean technical seminar which will be 8 hours nonstop. Well, small break for lunch, yes, but 8 hours, the whole beauty, SD-WAN, from the overview to the latest bytes and bits and then we keep going. The whole week, Tuesday, Wednesday, Thursday and even Friday, fully packed with different sessions, laps and even [ depth ] sessions you can try out around SD-WAN. So I just want to highlight security session. I want to touch on the cloud topic as well and automation. But even the topic, how I do my customer proof of concept, my CPOC, we have a session for this. So what we would like to today for you is to have like win the sense, the summary, best of the best of all sessions presented for you in this session. That's our goal. And let's get started with what is new related to SD-WAN and the cloud. Marty, please. It's all yours.

Sure. Thanks, Nikolai. So in my part, I'll basically share with you guys what we are introducing in this event, was to what's coming in the next few months. So the first thing is actually SD-WAN as we're seeing today. I mean we have a widely deployed customer base. And then our goal is really to continue these innovation in all different form to address common customer use case. So in this event, we basically introduce a couple of different areas in improvement and enhancement. First will be what we do in a cloud to help facilitate. I mean one of the major use case for SD-WAN is really for customer heading into the cloud, how do we maintain the same user experience when they move an application from on-prem to their cloud. So a lot of the innovation there, no matter is going with the IaaS, with SaaS, with other things, with colo, then we're doing a lot of enhancement there. Second part is the security. Like Nikolai mentioned earlier, security is paramount across other things. And then we do allow you to have a very elastic solution going either to be on-prem or in a cloud. The third part is really, I mean, for SD-WAN through the end of day, we are really servicing the application user experience. So we want to make sure the application in terms of quality of experience, we can help user to enhance no matter under which kind of a condition. And then finally, Cisco has been well known for the integrated service router platform. And we want to show you, okay, now instead of compare with other vendor solution where you needed 2 box, we really can integrate the unified communication or voice-related service on to the SD-WAN into a single box solution. So here first, we look at the -- when on the cloud off-site. So Nikolai later is going to talk about mainly on the Cloud onRamp for SaaS and IaaS. And then also, we recently announced AWS TGW, the integration we have there. So to simplify deployment and also automate the whole process so user don't have to go into different control panel and console to actually do things. The second part we'll want to talk about really highlights our integration with -- cloud integration of the security Internet gateway, right? So a lot of our customer now, they choose to basically integrate their security service either on-prem or in a cloud. And with Cisco's SD-WAN solution, we basically can finally integrate this conversion step to simplify it so user can basically go through a single pane of a glass to configure both their SD-WAN with security on top of it. So no matter you look -- users looking for things like traditional application-based firewall, going further into things like IPS, IDS, URL filtering, even for things like defense malware progression, we can all go through a single pane of glass to actually configure that. The third part we're really talking about is to enhance application performance. Then Cisco's SD-WAN solution is really [indiscernible] 4 agnostic. We want to make sure we can compensate for -- no matter which kind of a carrier are you using, if there is any characteristic on the transport that need to be compensated to improve the user experience. We're going to see a couple of examples that were -- through things like DCP optimization, through Forward Error Correction, we can basically help improve the quality of the transmission so that we can make sure the application get the right level of experience at the sort of user level. And then finally, we talk about things like the [ AMBO ] security. So beyond just the -- providing the traditional zone-based firewall service as well as application-led service, we really have -- through the ISR platform, we have an integrated security solution to provide things like firewall, IPS, IDS, URL filtering and then also like AMP, the advanced malware control so that we can actually have a complete portfolio. So user have the flexibility. No matter they want to deploy security at a branch level or they want to basically break out, we have a service actually delivered in a cloud. All these solutions can actually be quickly delivered and then deployed actually through our single pane of glass viewing portal.

So Marty, I have a question on that.

Sure.

Basically, what we saw as cloud-based firewall and web-based security, cloud-based security on one hand, your slide with Umbrella. And on the other hand, you have a choice -- or the customer to run on-prem security.

Correct.

So one question we are all getting is, hey, what will be the Cisco guidance? Do we have any advice? What will be the use case where you will go for cloud-based? And in which cases you will run on-prem? So what are your thoughts on that?

Okay. So typically for security, the fundamental concept is really you want to enforce security where -- the closest to where the resource you want to protect. But in many cases, I mean, when customer have different branch site, oftentimes they wouldn't be able to deploy these at every site. So we do offer both with the same set of feature set. So we give the flexibility back to user. No matter which way they want to deploy it, we can fully satisfy their need in either case.

Makes sense.

Yes. So finally, we're going to talk about one of the things we're going to bring to the table. When we initially have SD-WAN integrated on the ISR product family, we kind of skipped through the traditional -- the voice feature we are able to provide. And in the upcoming release, we're going to bring this feature back. So the ISR are rather well known for its integrated service where a customer can deploy a different type of integration like voice and other things integrating into one platform. We're bringing that back to the table. So customer no long -- want to ask you why a service no longer need to go through multiple different device to configure things, we are putting things like FXS, FXO, SRST, all the [indiscernible]-related stuff all back to the IOS-XE. So through a single platform, when user are deploying the SD-WAN solution, at the same time, they can also get their voice service configured, and then the corresponding require like the quality of service, app experience, all the characteristic, can be automatically provisioned at the same time. So with that, I mean, we can see a lot of these innovation actually all related to how things get delivered across Internet, across the cloud. So I'm going to pass the ball back to Nikolai to talk about what we're doing, especially with things like AWS and Azure, in this front.

Thanks, Marty. And it's really a great question because what we see a lot is the question, hey, guys, my workload, my applications, they go to the cloud. How can I connect my infrastructure on public cloud like Amazon Web Services or Microsoft Azure to SD-WAN? First question is what is the benefit. Why do I need to connect my infrastructure to SD-WAN? What's the point? And that answer is very simple, because you will be able to use one centralized policy for security, for provisioning, for quality of experience across your whole network, including cloud. So cloud will be a part of your network as just a branch. And you will have end-to-end view from your application through your different transports all the way out to the cloud. That's the answer. So now basically, the question is how. I got it, it makes total sense to integrate multiple public clouds with SD-WAN. How? One option, you see it on the left side here on the slide, is do-it-yourself model. So you will run vEdge cloud, CSR 1000v virtual router with SD-WAN functionality in each VPC, in each VNS you have, and interconnect this with SD-WAN. Well, fine. It's okay for small use cases where you have 1, 2 VNS. But what if you have multiple? Can it be automated? And the answer is yes, we have [indiscernible] for Infrastructure as a Service, which will create transit VPC, transit gateway, and do the full automation for you. So you'll be entering just your public cloud credentials, provide some information like naming. Yes, you need 2 licenses for 2 routers. And then you will click Deploy, grab some coffee, come back in 10 minutes, and you will have your public cloud infrastructure integrated with SD-WAN. And if you will send more traffic, if you will create additional VPCs, it will out-of-scale for you. So vManage will deploy additional router and make sure that this will be another bottom line. And this is what we have for a while. Basically, that's a solution we have here in the middle, fully automated with Cloud onRamp for IaaS, which has some pros and cons, but we have it ready to be used now. What I would like to show you now is what is coming next. And this is -- this last line saying, integrated solution, SD-WAN and TGW Transit Gateway or DRAM. That solution will scale and will allow you to use VPC attachments up to 50 gigabits. So we are not talking about TGW limit anymore of 1.25 gigabits. Yes, VPN attachment to digital wall is still 1.25. But you can have a architecture with VPC attachments which will scale up to 50 gigabit, totally different number. And let me explain how it works. Here in this example, you have one SD-WAN router connected to AWS with engineering and marketing being in different VPCs. Fair enough, nothing special. And -- but now we have Azure, and we have HR having infrastructure on Azure. The same SD-WAN router will interconnect multiple clouds. So what we have is we have IPsec tunnels from colocation SD-WAN router to Azure, DRAM and to AWS TGW. We run BGP on top of this standard IKE-based IPsec tunnel, and we exchange routes between BGP from public cloud to OMP. OMP is Overlay Management Protocol we use on SD-WAN side. So what we will do is we will do standard redistribution from BGP to OMP and vice versa. And yes, you can do route filtering. Yes, you can use route maps. All what you know from standard route protocol redistribution is available here. And that will interconnect multiple clouds on the same router with SD-WAN, fully automated. That's basically the video we have as a demonstration. What you see here is I'm going in my vManage to Cloud onRamp for IaaS, and I will add a new TGW connection. I need to enter my credentials, and then I need to set up the region. And vManage will auto-discover my TGW. There's no need to enter something else. You simply select this, hit Run, and vManage will do some API calls, and it will connect your branches with TGW. What we see here on AWS side, if you look at topology and geographic distribution, you see 3 branches. They're connected to TGW. That's my virtual infrastructure on AWS side going to SD-WAN on the left side. That's, in a nutshell, what we are doing next. And this is what you just saw as engineering software. We don't have it yet. It will come this year. And please forgive me if you will see in the final release 1 -- 2 additional buttons. Can be different, but you've got the whole idea. What we do is fully automated connection from the branch side to TGW. That's the main point. And now if you go back to slides, we will talk about migration. So Hamzah is our best TME dealing with many top-level customers migrating from non-SD-WAN to SD-WAN. So Hamzah, let's talk about migration.

Cool. Thanks, Nikolai. Thanks for the introduction. All right. So when we talk about migrating to SD-WAN, right, one of the basic steps that we look at is to templatize to integration. So what that means is I look at or examine my existing routers and all of the configuration I have therein, and then I say, okay, how many pieces of this configuration can I put into templates? And looking at the way we manage softwares today, I have 2 options to do this. I can either go on the vManage UI and I can say, I'm going to create individual feature templates for be it BGP or OSPF or maybe VPN creation, things like that. And then I can say, these are my building blocks for my device templates. So then I take different sets of feature templates, meld them together into a single device template, and I say, this device template is now going to be applicable across maybe several hundred devices in my overlay. So that is one way of doing it. The other way of doing this is to use CLI templates. So what that means is perhaps I'm a CLI junkie or maybe I'm a service provider or a partner. I use or examine existing CLI and turn that into templates and reuse that on the fly, variabilize parts of that particular template and apply to several hundred devices at once. So there were a couple of things or a couple of changes we wanted to make with that implementation. So what you're seeing over here is what we have today in terms of implementation. So on the left is the implementation details for CLI templates. So whether it's an XE SD-WAN cEdge device or a vEdge-capable SD-WAN device, if I want to apply CLI template, I have to create a template and use SD-WAN-based CLI and push that template into the vManage, and the vManage underneath the hood is essentially going to identify, am I applying this template to a vEdge platform or am I applying this to a cEdge? If it's a cEdge, what the vManage does is it takes that CLI and translates it into IOS-XE-based YANG CLI and then pushes it into the cEdge. So think of it like there's a translator built into the vManage that's doing this operation. So some changes we're making with that regard is post our next release, which will be coming out in a couple of months, we are going to give users the ability to define that CLI as if it were a native YANG IOS-XE-based CLI. So if you're someone who has a Cisco platform today, you already know or are very familiar with Cisco IOS CLI, this is good news for you. You can take the CLI from your existing router and reuse that as CLI within the vManage to apply to your -- it'll migrate the device in the future. You don't need to untag or unlearn some parts of it. You don't need to learn new SD-WAN CLI or figure out how to map one thing to another. You can reuse the same thing. So one other thing we'll be doing in this regard is a similar flexibility enhancement even on the device template side. So again, looking at the way things are today on your bottom left panel, you're seeing, how do I configure a device. I have the option to either push all my device configuration as a device template, which means defined feature templates on the vManage and create a device template on -- or a template on the UI, and I'm attaching this. Or the other option I have is to define it as a CLI template. But now post that same release, which will come out later this year, 17.2.1, we will give the ability where you can mix and match to do. So you could have a device template. Parts of that or majority of that device template is going to be all feature templates that you've created on the UI. But for those extra additional knobs that you want to add on the fly later, you won't have to go and find a feature template or create it manually. All you need to do is go to this particular c-Edge add-on CLI feature template, paste those specific commands just like you would from an IOS-XE device, and the vManage essentially will take and merge all your feature template configuration along with this particular add-on CLI block that you've put into the vManage. It'll meld all of it together and push that into the cEdge. So that'll give the users a lot of flexibility to kind of mix and match how they want to do this. Especially for our managed service provider and partner segment of customers, they will like this because this will help drive us toward their co-managed use case. What I mean is where a sales partner can say, hey, Mr. end customer, you can go and configure everything you want on your particular SD-WAN router using feature templates, but I have the ability to use YANG CLI add-on feature templates to override any of those configurations if needed using just CLI from my site. So that's going to be one big, big feature add from that perspective. Another good thing with this is feature delivery. So we realize a lot of our customers migrating into Cisco SD-WAN have been using IOS-XE, and IOS-XE has been around for maybe a decade or 2. It's very, very feature rich. And we realize a lot of our customers who move into the cEdge or XE SD-WAN platform want to make sure they can leverage those existing rich feature sets and have the SD-WAN goodies baked in at the same time. So within Cisco, we have the same vision for our end customers. That's the end goal. But until we get there, until you -- and that's probably a couple of releases out, we want to make sure that we provide some quick and easy feature delivery vehicle for our customers to consume those rich services rather than wait for them to be delivered through a UI. So that's one of these things that -- having the CLI template is going to help us do. So as an example, let's say there is a particular feature like AAA or DSL, PPPoE, those kind of capabilities that were always available on IOS-XE and maybe perhaps are not available on XE SD-WAN today. Once this feature is available in the future, you can go and add those basic CLI using a CLI template or an add-on CLI template and augment your existing maybe feature template-based device template, augment it with those particular CLI and add them on the fly to your XE SD-WAN devices. So in this way, it gives us within Cisco a quick way -- a quick and easy way to deliver feature to customers who need it who may not want that dependency on a UI or a lot of buttons to go and configure those features. And of course, down the road long term, we will add all of those using the UI itself. But in the meanwhile, you have this ability to add these capabilities in directly through the CLI template features. Maybe a quick, quick explanation of one of those. As an example, with OSPF today, if you want to apply or if you want to have the feature of a conditional default route advertisement on XE SD-WAN, if I use my feature template on the vManage, I can't exactly do this particular configuration. I cannot originate a default route with a particular route map as a trigger. But once this feature is available with the YANG add-on CLI feature template, I can just click that add-on template, paste that particular CLI line or that command line into that block and add it to the rest of my device template configuration, and my Edge device will now support that particular feature. So that's a very easy way for our customers to start using that capability in the near future.

So Hamzah, I have a question on that. So it looks like just one CLI feature, and we're doing a lot of features released or release. But it's critical. And if I understood it right, especially here in Europe, DSL is a big deal.

Yes.

So we have customers asking about DSL connectivity. And right now, DSL is not supported in vManage. So basically, with this CLI feature, we can use DSL configuration from IOS-XE, port it into this add-on CLI template and push it down. That's the idea.

Yes. You are almost got it right. So on the vManage, we do support PPPoE today. But think of it like IOS-XE, for example, supported PPPoE. Think of it may be like there are 2 dozen commands out there. Today's version of XE SD-WAN supports maybe 10 out of those 2,000 commands. But as a customer in Europe, you need one of those CLI critically to make your deployments successful. So using this feature, you can go in and add those CLI as we expose them in a code. So we'll, of course, document and release sort of all of these commands we're going to support. And you can just use those templates, add on those extra knobs that you put into -- earlier to the vManage. So in that way, you can really consume features much, much quickly as opposed to earlier.

Right. So that can be actually a deal breaker because if you as a customer waiting and waiting for this particular DSL feature because you cannot start, you will not connect, you will not be able to go online. So in this case, this feature will enable migration, enable your project?

Yes. You got that right. Exactly. So moving on to other things. Again, looking at migration strategy for most customers, they're going to be evaluating new platforms. So on the ISR front, we have a bunch of new platforms coming out, especially on the ISR 4000 Series. We have the ISR 4461, which has started as the highest-performing ISR to date, right? So exciting things to look forward to over there. And then you guys will also probably see that under the pure-play section, we have a couple of new platforms, the ISR 1100s. So these ISR 1100s are what we consider the platform evolution for the VPLS vEdge platforms. So if you were examining VPLS SD-WAN or Cisco SD-WAN today and you were examining the vEdge platforms, in particular the vEdge-100s and the vEdge-1000s, what we're doing within Cisco is we're giving the same Viptela operating system with SD-WAN so all of the pure-play SD-WAN capabilities like application-based sharing, SLA matching, all of those goodies will be available on Cisco's ISR 1100 Series platforms. Those are the part numbers, 110-4G, the 6G and 4G LTE. So those particular platforms, they're probably, this day, really good for small to medium branches. There was support from these -- all of the pure play SD-WAN capabilities. And in the future, we'll also probably provide a knob where you can toggle these platforms and move them into XE SD-WAN as well. So you have the ability to start your deployment today using the best-of-breed hardware from Cisco and the best-of-breed SD-WAN software from Cisco as well. And then over time, if you need to, you can migrate the platform into XE SD-WAN down the road.

And just one joke about the naming. Like you see 4G and 6G. Guys, it's not about that's WiFi generation. It means that's 6 1-gig E port or 4 1-gig E port. So we're not doing 6G on that box yet. Probably later on, but 6 means the number of ports.

That's the idea. We'll probably start with 5G and someday hit 6G as well. So with that said, I'm going to hand this back over to you, Nikolai, and thanks.

Thanks, Hamzah. And let's talk really brief about application quality of experience, and that's a huge topic. I can spend hours and hours talking about app PoE because you guys need this. Your customers, your users, they will screen. If they will see that performance on O365, on any cloud-based applications. And in Europe and also in the United States, the packet loss is not really a big deal. What is hurting us is actually latency. If you go from just last 2 years, East or here from, let's say, Asia to Europe, you might run into latency, which is 400 milliseconds or more. And the question is, how can my SD-WAN solution help me to increase the performance, increase quality of experience on this high-latency link? And let me give you an example. Here was a demonstration. What we see here on the left side is a client going to a server, and we have around about 20 kilobits. So it's not much because I have 400 milliseconds on the way. I'm using LAN emulator with 400 milliseconds installed. There's no TCP optimization policy yet. You see here it's just a preview. I am matching on a [indiscernible]. Lazy TME just created a demo, but you can mention anything you want. And now what I will do is I will push the policy. So I will activate the policy. You see here 2 [ vis ] marks for redundancy. And I'm pushing my policy to both these marks. Once it's done, I need to reestablish my TCP stream because TCP will go down. And now I need to restart the session and check the bandwidth, what I will get. And I get 160. So before TCP 20 kilobits, there's TCP optimization enabled on the same link, still 400 milliseconds delay, 160. And for CCIE among us, you can run some CLI charts just to verify and see low-level details, stream information bytes and bits. Still highest stream possible. We are not taking it away from you, but you don't need it for this functionality. You can just push the policy and you are done. So now let's go back to slides and talk about next innovation we have around Software as a Service. So what you see here is Office 365 as a use case. So it's a Software as a Service application. And you might have multiple ways, multiple exit points from your network to the Internet. That can be directly using direct Internet access from the branch. That can be going to MPLS or MPLS to your colocation router, and then exit from colocation facility to the Internet. The main question is what is the best way. How can I make sure that my application will be running on the best path? Well, the simple answer is just use Cloud onRamp for SaaS. We will run probing [ http ] from all exit points automatically to your cloud-based application, Office 365 as an example. And we will calculate Viptela Quality of Experience score, which is just a number from 0 to 10, and we will do routing based on this score. So you don't need to care and you don't need to write complicated policies and do probably time-based policy activation. We do it for you. That was available also last year. So your question will be, well, Nikolai, what is new? What we're adding is for Office 365, an ability to use telemeter data from Microsoft. Means in the whole configuration process, where you will set up your path and then process in the GUI, you will have a checkbox saying, "Do you want to rely?" "Do you want to trust Microsoft telemeter data?" And based on your Microsoft experience, based on your previous experience, you can say, well, I will trust Microsoft, and I will use telemeter data, and that will be our foundation to find the best path. Or you can say, no, I just want to use simple implementation we have, working implementation. What you know from last year, it's still available. And then we will do polling; we will run probing for you. So you have a choice. You can try both. You can always go back. But that's the new thing. That's really innovation we do in a partnership with Microsoft. You can use now telemeter data from Microsoft and do your decision, your routing decision based on that. Okay. So let me conclude. We talked about different sessions we have -- we had this week and still have tomorrow, Friday, all topics you can imagine, from security, cloud, even to proof of concept. So Marty and Hamzah, one question to you. If you guys will think about all 4 days, all your questions you have, funny questions and key messages you delivered. If our audience need to remember just one thing out of the whole week -- I know it's a tough question, but, I mean, I'm from Russia and we have a KGB job saying, people usually remember the first and the last thing. So if you will think about that, what will be your one thing you will give to our audience to remember for SD-WAN from Cisco Live Barcelona? So Marty?

Right. Okay. So if one thing I can actually highlight out basically for me was the security background. I'll say what we actually have around security, the ability to say, for example, to improving to the secure Internet gateway, that will be one of the very innovative thing. And then the ability to basically build a tunnel and then to auto-register the service really going to create a difference because a lot of more customer now, they want security, but they don't really have the flexibility like we talked about earlier to deploy on-prem or on a branch. This option enabled them to actually have a wide selection of features they can deploy through the cloud either through a third-party vendor that has a partner or through Cisco's Umbrella service.

Thank you. Yes, it's a big one.

Right

Hamzah?

Well, I guess I'll say this is just the geek in me probably, but 2 things. One is when you're evaluating your SD-WAN vendor, architecture is key. We have the best architecture. So if you are a customer, if you're a partner, you are evaluating SD-WAN vendors, think of -- you're redoing your entire WAN, you need something that is scalable, flexible, open, our SD-WAN has the best architecture, scalable at the control plane, scalable at the data plane. This is what you would want to use for your SD-WAN deployment, right? So that's one of the key things I would mention. And the other thing will be all about multi-cloud, right? So we've been talking about this for the past year. There are a lot of innovations happening on AWS and Azure, and everyone is trying their best to kind of keep up with that pace while, at the same time, trying to move to the public cloud. So at this whole time of transformation that's happening, everyone wants to adopt and move things into the cloud. They want to increase asset option. But we all know, realistically speaking, this is going to take a couple of years. You're still going to have this hybrid of on-prem hardware, you're going to have some maybe colos, and you're going to have a bunch of self-serving in the cloud. You will need something that can stitch all of those things together. You will need it to be scalable, you need it to be secure. And Cisco's SD-WAN is going to provide you everything that you need to enable that architecture.

Thanks, Hamzah. I think you will not qualify for KGB training because if they tell you just one, tell one. But I agree, both is really important, and it's a key. I just want to mention one thing, and it goes into the same direction as you mentioned, and it's about automation. Because if you're talking about multi-cloud, you don't really want to go to Azure and code and use GUI from this cloud provider. You don't want to go to AWS and...

Yes. Multiple touch points basically, yes.

Multiple touch points, different languages.

Yes, right.

It's all different. So the point is, what will be your job as -- with human mistakes and going back and forth, it's tough. If you have this know-how, yes, you can do. And the -- that's what is Infrastructure as a Code. So you will code this, you will use different programming languages to automate this. But if you're just a standard midsized enterprise company, you probably most likely will not really want half gigs doing [ VoLTE 3 ], AWS, SDK with all the fancy automation. In this case, you will just go to vManage and use our automation tools and drink coffee for 10 minutes, come back and that's all done. So automation is the key. And that's why I would like to highlight automation. That's the rule from what we see this week during Cisco Live.

Yes.

I think that's all. Thanks. That's all about SD-WAN in 40 minutes. I know we skipped a lot, but thanks a lot. I'm really happy to have such great experts with me today and be able to transform key messages here around SD-WAN to you. Thanks a lot.

All right. Thank, everyone.

Thanks, everyone.

Yes.

Hello, everybody. Welcome at Cisco Live. So we are live here and together with Marcel. And I'll quickly want to introduce myself. I'm Markus Harbeck, I'm a Senior Solution Architect in Customer Services. And I will guide you today and, of course, Marcel, through an SDA environment, how to get it from 0 to 100, and make sure you understand all the components of SDA until it's up and running. Let me give Marcel a chance to introduce himself quickly.

Okay. Thank you, Markus, and hello, everybody. My name is Marcel Rothstein. I'm a Technical Solution Architect based in Frankfurt, Germany. And today, I'm here to help Markus a little bit with the introduction of SDA. So Markus, how can we start?

So let's do a quick introduction. The first of us -- or the two of us, we are both German. So for anybody watching this presentation, the accent might be very bad. So you can ping us later on if you have a good idea how we can improve this. So let me dig into the presentation. It is about Software-Defined Access. You have heard that this is a new solution offered from Cisco and has been developed over the last couple of years. So software-defined access have been built on top of our switching portfolio, and we introduced new capabilities into iOS. In the beginning, everybody on earth was doing this using command line interface. So you remember the days where we all -- we're at the keyboard and trying to figure out how to get the VLAN configured, how to get a different gateway configured, how to make high availability enabled. And you know all the hustle together with Spanning Tree and the large broadcast domains and failure domains and to troubleshoot those environments. So the idea of Software-Defined Access is to put a controller on top of the environment, that means we completely abstract the way we do the network. So the abstract means you buy a piece of hardware. It can be a Catalyst 9000, it can be 3850, it can be anything. So you buy a piece of hardware. On top of the hardware, you usually have an installed iOS version. And this can be a big variety of different iOS versions, right? So all the iOS versions behave differently. And the third level on top of hardware and software is about the license. So the network behaves very differently if you buy an Essentials license or if you buy an Advantage license. So what we have done in the past, we left our engineers, and of course, our customers and partners a little bit alone with how to configure the environment, how to make SDx-es possible, how to make switching possible. And if you update the environment, you may have recognized already that commands may change. So what we have done here is we have created a control and MD&A center (sic) [ DNA Center ]. DNA Center is now in the version of 1-3-3-0. We've recently announced this release, it is a week old by the way. And DNA Center is taking care of this abstraction. We call this intent-based networking. So the intent is about what I want to do. It's not about how I configure my network, it's not about which different commands you need to use. It's about I want to get a fabric up and running. I want to connect an end user and the end user should be capable of connecting to the data center or to his or her application. So DNA Center brings all of it. Does it make sense for you?

Yes. For me, it sounds really great. The only question I have because I can see that you've put ISE in your slide as well. So your SDA solution is not just about automation, isn't it?

That is correct. So that's a very good question, Marcel. So DNA Center brings automation into it. We call this intent to automate the network infrastructure. It gives you context with this Assurance and analytics because you need to troubleshoot it. And regular networks, they're just made for connectivity, for forwarding, so connecting the device and you ping your application. You can open e-mail and do things like this. But as of today, security becomes more and more relevant to our network environments, so the idea is to utilize Identity Services Engine, embed them into DNA Center. So we have a channel between ISE and DNA Center and use all the beauty of Identity Services Engine for policy, for security, for user identification, for authentication, radio syntax into the switches. And we didn't build a new environment for this. We just took Identity Services Engine, which is out for a while and integrate this into DNA Center. So having said this in the beginning, I mentioned we left you alone with CLI, and now we have DNA Center to automate it. That means, on the other hand side, now you have ISE, and you need to provision ISE on it. And we did exactly the same thing. So we go and abstract ISE from the network and DNA Center will take care about ISE configuration. So whenever you create a policy, DNA Center is using a pane of glass. You configure your policy like you do, you set up your fabric and DNA Center pushes this into Identity Services Engine, and you don't have to touch it.

So great. So I'm just using DNA Center to set up my network, to create my policies, and later on, to troubleshoot it.

Yes, you got it. That's exactly what it's meant to be.

It sounds really cool. So what else do I need to do in my networks to get such a solution?

Yes, let's begin. So there are components. We talked about DNA Center, automation, analytics and Assurance, the Identity Services Engine as a component for policy. By the way, it's a requirement. You need to install ISE to make SDA happen. And let's dig into the different things and components out of SD-Access which are important. So the first you need to know is that we distinguish SD-Access into 3 components. It's the control pane, which is built on Locator/ID Separation Protocol. So that's your route reflector. That's where we are learning all the routes from the end points, that's where we're learning all the routes from the data center and the external networks. Since we go to a fabric environment, we decided not to do Layer 2 connectivity anymore. So you don't have to build all the VLANs, all the [ trans ] or Spanning Tree, multi [indiscernible] channel, things like that. But therefore, we needed to introduce a new encapsulation so that we can get the traffic from the client from the end point to the network, and this is VXLAN. And VXLAN can distinguish between a micro segment and the macro segment. The macro segment is a virtual network, and we're going to deploy one of these networks in a minute. And the micro segment is about separating the two of us in a single network. So we can make happen in a policy environment that you can meet, but you can ping me, but you cannot connect via file transfer in any other protocol. And this is all automated under the covers. It's just a component because we want to inform you what's going on because it will be very easy to set it up, and we will see this in a minute. But of course, if something goes wrong, it may be good to have some ideas what's under the covers.

Okay. But at the end of the day, I have to know about these protocols, but I don't have to configure them because this is something DNA Center can do for me.

That is perfectly correct. So you need to know it because, of course, you want to troubleshoot it, but all the commands will come out of DNA Center, it will be fully automated. And we just want to make you comfortable that you understand the environment and can create the confidence that we do not do anything which is very crazy and would not work. And we go on to the console, and I will show you a couple of things happening in the fabric.

Looking forward.

So what are the fabric rules and terminologies. We already talked about DNA Center automation. DNA Center automation is taking care about what kind of devices in the network, software version and license and then push the configuration to the switch to the router or to the wireless controller, so wireless is part of it. As soon as we have discovered or introduced a device into DNA Center, it will start collecting analytics data and will give you a view. Is it in a good health status or is it in a bad position and we give you guide remediation. Today, we will focus on the SDA portion of DNA Center. So Assurance comes along, it is included in the licensing, and it will run automatically. You don't have to do anything in addition. Identity Services Engine, as we have discussed, runs in the background to create policies and make security available. And of course, under the covers, there are a couple of components. We have a so-called control plane nodes. And the control plane node is responsible about learning the end point devices. So let's do an example. You connect to your network, and the network switch will learn your IP address and your Mac address. And we will announce this address, like we do it in DNS towards the control plane, and the control plane exactly knows where Marcel sits in the network. Actually, to be honest, it doesn't know that it's you, Marcel, but it knows your IP address. So the second piece is the fabric border node. So inside the fabric, we do VXLAN encapsulation. But you may want to talk to foreign devices, devices on the Internet, in the data center, in your traditional environment once you have now migrated everything. And the border node is taking care that we translate Software-Defined Access, VXLAN encapsulation into the traditional way of forwarding IP packets. The third component is the fabric edge, and this is the most [ fierce ] one. It is your access layer switch. So the access layer switch is the one you connect to. It will learn your IP address, it will, as mentioned, register your IP address to the control plane. And by the end, it makes sure that you are reachable for all the other devices and takes care of the encapsulation into the fabric and the decapsulation because most likely, your end point doesn't understand VXLAN.

Absolutely. If I look on your slide, that just looks for me like a traditional 3G network design with 4G distribution access. But I see some grayed out switches in the middle. So what does this mean for me? Can I use my traditional network physical topology? Or do I have to re-cable everything?

Yes. Perfect. So the grayed out devices are called intermediate nodes in SD-Access. That means if you have a very large network, you may have a border, which is your connection to the data center, but then you need to distribute everything into the buildings. So you don't want to run cables from every single access switch to your major locations. And therefore, you're most likely run distributions with switches per building or in several areas. And the intermediate node is acting and behaving as a distribution node. It will be a fully routed environment. It will interconnect to the edge node, but it doesn't participate in VXLAN and any of the control plane instances. So it's just scaling the environment. You can do a core distribution access design, as you know it from the past, but it's even more capable. I will show you LAN automation during the presentation. And we are very topology-independent. So you can build ring topologies, you can do triangles, you can do daisy chaining. So there are almost no limitations. Of course, for scalability, we may hit one, but we released a couple of the topology dependencies we had in the past.

Oh wow, that sounds great. And as you already mentioned some kind of automation with the LAN. So does it mean I can fully configure everything from DNA Center without using any CLI?

Yes, that is correct. So the DNA Center is taking out of full CLI configuration. The only thing if you have very special features. Let's do an example, storm control. You want to make sure if I have a broadcaster that I control it into the switch. I mean the impact is only the edge node itself, but those commands are not being pushed by the DNA Center because we don't consider them. And therefore, we have a template programmer, and you can push all the commands you need in this environment after SDA provisioning has happened.

Oh wow. So it really looks nice on the PowerPoint, but how is the reality?

Yes. So I will show you the demo in a second. Let's go to the last component, the fabric wireless controller.

This is interesting.

Yes, exactly. We have this wireless controller and we do embed wireless into SD-Access and convert the access point into a VXLAN speaker so that they participate the same way an edge node in SD-Access does, and it's part of the fabric and is embedded and has the same policy environment, the same [indiscernible] environment in SD-Access, so even we take care about all your wireless devices.

So -- and even the WSC is managed by the DNA Center?

That is correct. You'll read in the wireless controller, you add it to the fabric and you are done. That's all you need to do.

No more SSIDs, fabric AP groups, nothing at all?

This is all gone. You need to create your SSID, to be honest, because you need to tell the controller what to provision. But all the rest of it is gone, so there's no complex configuration in terms of the access point at all. So let's go into the live controller. This is DNA Center. It's an up-to-date version. They [ got ] me a new update on the top right corner for those who have recognized that we have the little cloud with the 13 updates. Nevertheless, we have DNA Center. When you start with DNA Center, you need to give some information into the system because it doesn't know who you are, who your organization are, what your IP address team is. So this is something we do under the design aspect. I already prepared an environment for you, and we will run the demo in Berlin in Germany. So you see a design structure for a couple of locations. I have prepared Berlin. It's the country itself, and I have prepared a building. So the DNA Center knows where it is. And you can, of course, upload a floor plan and position your access point in this and get proper heat maps, et cetera, later on. The next thing on the design you need to do is to explain DNA Center, what are my network setting, what is my DNA server, what is my DHCP server, what is my radio server, what is my banner method for today, what are my images I want to use. So all the site aspects, we cannot know because DNA Center, once we provision the network, will form the entire configuration out of these parameters. So the next thing, which is fairly important, is about IP address pools. So SDA has a different way of doing IP addressing. So in the former Live, you may remember that we had a VLAN and an IP subnet tied together. And normally, it was the case that we tried to have small subnet to keep failure and broadcast domains very small and make the impact, if something goes wrong, not distributed into the entire network. Maybe we can cap it in the access layer only. So what we have done here is we said, "Okay, we do register /32 addresses." So your end point ID, your end point IP. And therefore, you can have a very huge subnet configured for a fabric side, and I will go to show you what a fabric side is in a minute. So you only have 1 IP subnet for your virtual network if you want. There are some use cases having more of them, but it's as simple as it is. And I've prepared one of this which is for my demo here. So I prepared an IP pool and then IP range under the DHP server already.

So that's everything you have to do? Nothing else?

That is correct, from the design perspective. So we get to the next stage and provision the fabric itself. And then I will show you that the IP configuration on the switch will completely automatically retrieve out of this.

That's interesting. But one more question because I saw that you can add new IP address pools. And we all know that some customers already having some kind of IP address management systems, which already used for -- yes, setting up their IP ranges. So is there any way to get these information already into DNA Center?

Yes. So that's a very common ask, so thanks for asking this question. So what we have done -- this looks like an IP address management tool. What we have done, we built an integration. On the top, you see platform, and the platform piece and DNA Center connects to third party systems, which can be your Microsoft DHCP server or can be Infoblox or BlueCat, just to name some of the examples. It's completely independent, what kind of DHCP vendor you have. And we are able to learn from the DHCP vendor what subnets are already assigned. So we fill up this table automatically. Or if you want to provision the pools from DNA Center, DNA Center will make them available, for example in Infoblox, and also activate the DHCP ranges. So you don't have to touch the IP address management tool anymore.

That's great.

And may also, there's one more thing. If you want to edit and say, I need to do get IPv6, it's just a matter of the point in time you want to run IPv6 and the overlay. You just enable IPV6, get an IPv6 pool into it, press save, and it will be auto-deployed into your network end-to-end. So once we have done the design, let's go to provision. I've already set up the switches in terms of time, right? You can bring up everything using LAN automation. Let me quickly go into this. There's a process called LAN automation. You can select the primary side, which is called Berlin, for example. So it will give you the possibility to add devices out of Berlin, which we call a C device. You can then select an IP pool for this specific device and you can provision everything without touching a single time this command line interface. That means even the [ seek ] unit, which is the border and the future in many cases, will connect home to DNA Center by plug-and-play protocol. DNA Center will take care of the configuration, will push the IP pools and will take care of the next layer. The intermediate node, you asked for, the grayed out one, and the edge node, and will bring up all the devices from scratch and you don't have to touch the CLI a single time.

So does it even mean that I do not use any templates because I know many customers use them in the past using from infrastructure [ APPM ], setting up a template, pushing it, using plug-and-play. So this is different plug-and-play?

That is 100% correct. So what we have done is we took all the beauty and the features and functions out of plug-and-play and SDA means its intent. So we precreated all the templates for you, they are in the back end. And once we do LAN automation, it knows this switch is an SDA device. So we create the template for you and will be pushed automatically in the background. You don't have to create CLI, it's all done by us.

Wow, that's really cool.

So I've done this for you. So these switches are up and running. Let's go into the fabric environment. So let's do the cool stuff right now. You see, I already have prepared a so-called fabric domain. A fabric domain means this is owned by an administrator. Today, it's me. If I dig into this one, I do see already a couple of fabrics up and running. So a fabric side is something like I have a set of switches, in Frankfurt, in my case. I have a set of switches in Düsseldorf, et cetera, et cetera. But we were talking about Berlin. So in Berlin, it's nothing. Let's assume it's a new location. So the thing I need to do is to create and add a new fabric site. And you don't have to do it. On your purpose, what you can do is just select Berlin because it's already been pre provisioned by DNA Center in the design phase, and it will automatically create you the fabric site. The only thing you need to answer is which virtual networks do you want to have in Berlin? So which users need to connect. In my case, it's just a demo 1 VN. Let's assume these are employees. So let's enable this, and DNA Center will do a provisioning in the background and will set up the fabric side for you and automatically assign, if I click into the fabric, all the devices, which have been preassigned to the site using the LAN automation process. So whatever came up by LAN automation is already part of the site. Let's zoom in a little bit. You see I have a couple of 3850s, 9000s, et cetera. So what we need to do now is to identify the bottom node and the control plane. This is mandatory. There is no SDA without the border and control plane. So what I do is my border device I just selected, I need to give the information for BGP, which is my autonomous system number, and I've predecided it's 65 125. It may be different in your environment. And then explain, I do have a transit exit. That means I explain the border how to connect to the outside world.

So to my traditional network, to my data center, everything which is outside the new fabric.

Correct, everything. That is correct. So this means we use this transit network and the transit linked to learn external IP addresses. So let's add this. That's pretty much it. The second thing we need to do is to enable the control plane. As mentioned, it's mandatory that we do have a control plane.

So can it run on the same device?

Yes, that is correct. You can run a control plane and the bottom node co-located on the device. But if you want for high availability reasons or for scalability reasons, you can separate border node and control plane.

So that's really cool. That means if you are a small environment, you can co-locate it on the same box. If you want to grow, you can split them up again?

That is correct. And also, you can put the control plane into different locations to make sure, okay, I have some kind of physical high availability. The next thing you need to do in this case is to enable the edge node function for the access switch. And this is only the one you do. I do it, the 5 ones individually, but I show you a better way how you can do it in a second because if you run like hundreds of switches, you most likely don't want to do the way I do here. And all you do in the background, while we are talking, is to apply the configuration in the network. So edge node is just a single click, no information at all because we already defined the border. We have already defined the access point and the control plane, and you have to predefine IP pools, so what we now add to the fabric is all the IP configuration for the underlay so that all the edge nodes & borders can reach each other.

Amazing. Because you just swipe a button, and is there really configuration changes on the switches?

Yes, there are really configuration changes on the switches. Let's quickly step in. In the background, you see something is going on, on the switch. I have a conflict archive logger in. So you see, we are really pushing things like a map resolver into the switch, and the map resolver is a LISP rule for the control plane. So there's really live happening something on the switch, and this is not a mockup. This is a live network environment. And the beauty of it, you can step into this switch, and you can read all the configuration that have been pushed for your convenience because if you start with Software-Defined Access, you most likely want to create some trust. And okay, "Cisco, what are you doing there?" So you can learn all the commands if you want, but it's a lot of work because it's a couple of hundred commands being published in the background.

But given this way, I'm much faster in rolling out my new network, aren't I?

Exactly. Imagine, you have like hundreds of those switches. And they all come in by plug-and-play. And all of them will be completely automatically distributed, and you don't have to prepare anything. The only process you have to start is LAN automation. So you can do it building by building, and it can be done by an operator who most likely has no deep knowledge of VXLAN and LISP. But it can also be done, of course, by the knowledge people in the beginning and helps really reducing rollout times.

So you're hiding the complexity from the administrator or the user just to make their life a little bit easier as well.

Absolutely. That's the idea of intent. So we want to make sure, okay, we give you all the insights to create trust. But once you have understand this and tested it, we just want to make sure it's a single open environment to get a [ brand new ] edge node. Imagine, you build a building, 50 switches and a year later, you get an extra space and you need additional switches. It's a matter of mounting the switch, cabling the switch, power it up, press these 3 buttons and you're good to go.

Okay. So now I have these switches up and running, but what happens if I want to try to connect with the clients?

Yes. Yes. That's what we do next. So one is for everybody in the room, it's about I can also select multiple devices and assign an edge role, right? I can go into edit. They are all in the fabric, and they complain because they already distributed. But you see I get this edge node button, so I can do this for hundreds of devices simultaneously and don't have to run through every single device. You may have recognized the host onboarding button here.

Yes.

So this is now the magic piece, which is the next step. This has some preparation to be done. SD-Access, we had a former name called Secure Access. It's about security. So you need to decide what kind of authentication you want to do. You are coming from a traditional network, most likely you don't have authentication. So your client's running 802.1X supplicants, stuff like this, so you can go no authentication. Or you say, no, I want to do a closed authentication environment. So the end point needs to authenticate and authorize using the network. So we send credentials and do a challenge and response. We send an AV pair all the way up to Identity Services Engine, they will -- ISE will make sure all Marcel is existing and push back the policy with the proper VLAN and IP addressing for you and opens up the port so that the end point gets the correct IP address.

So it means if you just select closed authentication and set as default, all my wired network is now up and ready for .1X.

Correct. In the same moment, it's completely up and running for 802.1X. Imagine how many commands 802.1X were on the switch in the past.

Yes, but just thinking about how many lines of configuration that was needed in older times to configure .1X on my switch ports was a lot of pain. So this looks really easy for me.

Yes. And the fun was if you have different platforms and different iOS versions, it was a lot of fun. If you are a network engineer, you know what we are talking about. But by the end of the day, you don't want to deal with this anymore. And it's also taking care about software updates. So if we get a new version, it will push the proper configuration to the device. So the next thing we need to do is the virtual network itself. We already selected the demo VN, which is being provisioned in the network. You may have recognized there is an infrastructure VN. So the infrastructure VN has the job of connecting access points and extended nodes, so smaller switches which can be connected to an edge node. And access points need to operate in the underlying network to reach the wireless controller and do all the roaming management. And therefore, we have built a VN which is not a VN. So finally, it's a sure IP route, no configuration, but the name of it is intra-VN. So we don't have to touch this because we do the wired demo for now. The only thing I have to do now is, okay, I need to add an IP pool. So we have created this IP pool before. There is no IP pool, that is interesting. So this is about live demos, right? Let me get into it. So in general, we have to add the IP pool which is not present in here. So the demo failed. This is all about live demos, right? Normally, we get the IP pool into the controller. We have the authentication profile -- something is really going wrong here. I'm sorry about this. This is normally always happening. So we cannot add the IP pool here. Let me go through one more time and see if it's after reload, if it's game. So adding the IP pool to the virtual network. So back to VN, back to host onboarding, back to virtual network, back to demo, add an IP pool, and we still don't see it. So let's leave it like here. So we're adding the IP pool to the network. Given the job of being a data pool for a voice pool, which ends up in the decision to be provided as a transport for a phone or if you provide just as an access port in that case and decide if this is -- has a scalable group for further policy tests in that case. So once we have done this, we can add this. And so in this case, it's not showing up. Let me fall back. I have a plan B for you, and I really apologize that this happened to the controller. So let's go in my demo VN in my other fabric side. You see that I have added IP pools in here. And this end up in provisioning the IP information into the switch. We are configuring interface VLAN with a number. And the number is up to us so you don't have to distinguish between numbers or prepare anything in here. And we push to the switch and make the switch IP reachable. And as soon I save now because with 802.1X enabled, if you log in to the switch using 802.1X, you will be assigned a proper VLAN, and you immediately get a DHCP answer and can work.

Wow. So again, there was no CLI until now, right?

There's no CLI until now. So once I've done this, I can go further down. And now I have -- I do see the list of my switches. In my case now, the Frankfurt domain because Berlin has some issues. We need to troubleshoot this later on. There will be an Assurance message most likely, what's going on. So I get a full overview about my switches. And in this fabric, I have a couple of switches. [ I got my ] case with different number scheme, and they are all enabled by LAN automation. And I get a full overview about my network environment, my connected ports. You see I've already configured some, let's sort them with the link up status. So you can detect, okay, there are a couple of devices connected already. And those devices are different. I have 1 port which has no configuration in it. So it looks like empty. But my default authentication is 802.1X. In this port, I already have pre assigned this port aesthetically to a given thing. So let's do it for this specific port. Let's assign it because there are 3 different ways of assigning a port. We have a so-called user or end point policy or profile, means UPC. You make whatever end device you have. It's just an access port. We have an access point, therefore, we need the intra-VN. And we do have the server port if you want to connect the server to the network. And the server most likely runs in separate VLANs to serve different customers, or different applications to your end points. And it will provision a trunk to the interface so that you can be part of different virtual networks if you want. Once you have selected it, you can select the IP pool for this environment because we do not do 802.1X. 1X will return a VLAN ID for you. So we'll be auto-assigned to the correct VLAN. If you do a static authentication, we don't have this information. So you need to do this manually. You can assign a group for policy, which I'm not doing here right now. And you can say, no, it's a no authentication. So I do an exception to my default policy. So the port is aesthetic standard traditional Layer 2 access port as you know it from the past.

Okay. So just in case I have an old printer, which is not capable of running .1X, this would be the solution to get the printer up and running.

That is a perfect example. I can put a description on top of it. So that if you want to do this, I mean, okay, I have this printer connected to my network, I can put in a special description and DNA Center will put the description into the port configuration for you. So when I opted this, I need to apply the configuration. You may have recognized I can do it now, I can schedule it. And schedule means I can also send this change all the way up to an IT service management tool like ServiceNow, Remedy or whatever you have in mind. And this will create a change in this change management and somebody needs to approve the change. If the change has not been approved, then the change will not be fulfilled from the system. So nobody configures the network. Either DNA Center doesn't push anything, and if you approve the change and the time window matches, then DNA Center will fulfill the change at a given time.

Okay. So I assume the integration in any IT service management is exactly the same like the integration of ISE or the [ iPalm ] services?

That is correct. So we do -- did exactly the same. So we put in [ iPalm , we put in IT service management. And this has opened as this. So we integrate -- if you go through the controller, you will see ServiceNow, but it's totally open to integrate other IT service management vendors. So we want to be independent in that case. And therefore, we opened up the platform. And there may be some work on the other vendors' side to do because they need to call our APIs, but this is all documented, and there are also software development kits available.

Okay. So now given the fact that the fabric is up and running, how do I troubleshoot? How do I see? Because I can remember at the beginning, you mentioned something with Assurance. So what's this kind of feature in DNA Center?

Yes. That's a good ask. You have seen that we have now brought the fabric up and running. The ports are connected either authentic dynamically or you do a static port assignment. We saw a bit of wireless. We embedded the wireless controller. We did not in the demo, but it's as simple as this. So you just add the wireless SSID, assign an IP address scheme, and it will push it out to the network. So the next thing is once you're up and running, of course, you go into the life cycle of the network. And therefore, the DNA Center comes along with network Assurance. So in the beginning, I told you when we enable the devices and put it into the inventory of DNA Center, the DNA Center automatically starts collecting the environment. So we get analytics data from the switches into DNA Center, and DNA Center will do a math and calculate the analytics data, either in good shape or in bad shape. And as you can see, I at least have a wireless controller, finally, which is one of the unsupported controllers in my network which has not been but my core distribution and access environment is fine. You see have about a 70 -- 97% health of my wired environment. So I have 35 connected devices to the fabric. And it may have happened that in Berlin, some of the 1X clients already showed up and connected to the network and are already into operation and pinging through the network and doing the application stuff.

Okay. So when I remember correctly, at the beginning, there was ISE mentioned on your slides as well. So ISE is already known for the policies. So how is the policy integration with ISE working with DNA Center? Is there something special? Because you mentioned, I do not have to go to ISE.

That is correct. So what we have done, if you go to settings, I give you a quick overview where you can see ISE in the system. So we haven't touched it. But on the -- in the System 360, we have a connection to ISE. It's based on peak spread, so you just have to give DNA Center an IP address of ISE and the credentials and press on apply, and we'll form a trust connection between the two. There is a change certificate and form a secured channel. So that's all you have to do. They turn green. And from now on, ISE connect as a radius and [ tech ] server for network and user authentication, but it will also be the policy engine. So we talked about security in the network. So the fabric we have set up is actually just serving IP connectivity. And you're allowed to do anything, whatever you want. If it's IP reachable, it's not limited. No access list, no additional security, it's all up to the firewall. In the policy module of DNA Center, we utilize Cisco TrustSec, and we have also a policy matrix inside Identity Services Engine. And what we did is we mirror the view from Identity Services Engine into DNA Center, and this is what we see here on the screen. So we get the matrix, you see all the groups. So the question is, where do the groups come from? And actually, I have connected my Identity Services Engine to the access directory in the lab. And these are the groups we have learned from active directory, which is for instance, it's a user group of employees, of guests of a company, i.e., of partners. So some examples just to make it visible. And these groups can have a relation. You need to bring the groups into a virtual network. So if I go to the virtual network tab, I have the option to go into demo and just drag and drop groups into the virtual network. And from now on, the new group, the TrustSec servers will be part of virtual network demo 1. So if you authenticate in that group, you automatically get the correct VLAN provision onto your access port.

And all you have to do is just using drag and drop?

Drag and drop, that's all you need to do. So then the next thing is let's go back to the matrix. Now you can start limiting the traffic. So if you want to apply a policy and let's grab one of the policies here. You can just click on it and we've prepared one. And the policy has a name and has an access list in it. And the access list in this case is permit HTTP and HTTPS only and do or deny any at the end. So what's now available is that from BYOD to contractors, so these are the 2 groups. Maybe I log in as BYOD user, you log in as contractor. If we are belonging to the same virtual network, we get an access list applied to our access switches. So when I want to contact you, I can do this view on the HTTPS basis, but I cannot ping you anymore and cannot STP you anymore. I give you a simple use case. One of the use cases is, if you have a printer and an employee is sitting in the same network, you want the employee to print in the network. But if you don't want to employee to manage the printer, that means that we limit the traffic -- sorry, there's a fly on his head so that's why we are laughing. I apologize for this. So it happens from time to time. So that is about live, live streaming in here. So the employee cannot manage the printer, but they are capable of printing to the printer. But if I'm a desktop administrator and the print administrator, I can print and I can do SSH and HTTP management into the printer environment in that case.

So I don't have to know anything about the actual SGTs and contracts and so on? All I have to know what kind of services I want to limit?

Correct. So this list, you tell HTTP from A to B and the rest is under the covers. And just to give you a last example, if you go into the work center of ISE, you don't have to get help. It's fully complete -- it's completely automated from here. You go into the TrustSec environment, you go into TrustSec components, and then you have the security group access list matrix. It looks pretty much the same as in DNA Center and you find the contract of HTTPS. So if I pull the contract, you recognize that this contract is now being translated into real CLI. So this is the HCL we are going to push into the network.

So you've done everything through DNA Center, so even if there was some kind of configuration in ISE, if there was some configuration in the item system, I still have my single point of view. I didn't need any CLI to get the switches up and running. And there was the Assurance part, too, and any troubleshooting steps necessary to step into.

That is correct. That is absolutely correct. So before I sum up, I just completely hidden behind the network and we're behind the DNA Center so that we do all the work, all the CLI work you formally did, it's completely automated between ISE and DNA Center. So let's do a quick summary of what we have done in the last couple of minutes. We have talked about Software-Defined Access, which is an up-to-date solution between DNA Center and the network environment. We integrated this into Identity Services Engine for policy and we did a full automation to bring up a client and a network device zero touch. That means that network switch boots up into the DNA Center, it will get the full configuration. We assign a policy to the access port like 802.1X. Marcel can log in to the network, get IP connectivity, and by the end of the day, once he has connectivity, I give him a policy so that he cannot connect to the printer anymore. For that, I want to close now, and I want to thank you for participating in my session, and I hope it was very valuable for you and you get some learnings out of this. And I encourage you to try this out in our lab and play around with this to get a new stuff learned.

Yes. Thank you, Markus, and thank you, everybody else. So again, it was really amazing to see how easy it is to setup the separate DNA Center without using any CLI and to get the integration advice on all the other products. So I'm looking forward for everybody to try it out, and thanks a lot.

Thank you. [Presentation]

Barcelona 2020, and we come to the end of the first day so it's time for our next daily show. So lots of people are kind of heading towards the Keynote, we're going to be bringing you that very soon, but just before that, we're going to be chatting a little bit about the start of the day. And we'll be building it into that Keynote and taking you there. 17,000 people here in Barcelona are here at the show are also getting very tonight's party. But we'll have Nile Rogers & Chic. So very excited for that myself as well. But just before we get to the Keynote, we get to the party, I'm thrilled to be joined by Charaka. So hey, Charaka, how are you?

Yes, really good, thanks. Thanks for having me.

Thank you for joining us in the studio. So you are the Chief Technology Officer of Panaseer. So tell us a little bit about Panaseer?

Yes. So Panaseer is the leading product in continuous controls monitoring for cybersecurity. Basically, we help security leaders and security teams get visibility into the organization security posture. So we help them construct complete inventories of all the assets they need to protect. We assess whether the controls are deployed everywhere where they need to be to protect all those assets. And then we measure the performance of all those security controls to make sure that they are performing optimally.

And we've had a huge focus cybersecurity here at Cisco Live Barcelona 2020. So what would you say is really kind of the customer needs or what's the challenges that you're trying to solve with Panaseer?

Yes. So we see a couple of different scenarios. We see customers who have no visibility into their security. They're really quite early in their maturity curve. And they don't have the insights they need to make security decisions. And then on the other end of the spectrum, we see customers who are spending a lot of resources trying to get their visibility manually. And the reason why it's so hard to get that visibility is first of all, you've got all these security tools that are out there, some customers that we're working with have over 50 different security tools that they need to manage. It's impossible to get visibility across that amount of security tooling. And then on the other hand, you've also got the IT infrastructure landscape that's evolving quite rapidly with everything leaving the data center, everything is moving into the cloud, into mobile environments, into IoT environments. So all this complexity in the technology landscape is making it really hard to get that unified view that the security team needs.

And that's sounds really difficult with kind of skills gap that we've got in cybersecurity right? And the lack of resources that a lot of organizations have these days?

Yes. I mean, we see some security teams are spending 30% of their time creating reports to get this visibility. So that's 30% of their time that they're not spending doing security. We need security teams to actually be doing security and protecting their businesses.

Yes, definitely. So, obviously, you mentioned cybersecurity key focus and some of the challenges. So how does Panaseer actually work?

Yes. So it's all a data-driven approach, really. So we have a connect to catalog over 70 different connectors, a whole load of Cisco integrations as well, which allows us to reach into all of these IT and security systems. And collect the data that we need to mine to get the visibility. And then essentially, what we do is we construct dashboards that present reports of this visibility to different stakeholders.

Got it. And so obviously, we talked about some of the challenges. But why is this so hard to do? What's unique about Panaseer? What are you bringing to the table for customers?

So again, it really comes down to the data. There's the volume of the data. There's the distribution of the data. It's really spread across so many different data silos and also, there is a diversity in the data as well. You've got every system is talking about the same security artifacts. So they're using different formats and different languages to do that. So what we do is bring all that data together in one place and unify it, standardize it so that you can do consistent and accurate analysis on that data.

Got it. And obviously, here in Barcelona, as already mentioned, we've got around 17,000 people here at the show. So what brings you as an individual here to Cisco Live? And what are you bringing to Cisco Live community with Panaseer?

Yes. I mean, we're huge fans of Cisco Live. I mean, this is the third event that we've been to. We've got a whole range of relationships with Cisco. So Cisco is, first of all, an investor in Panaseer. We're also -- we've also provided the product to Cisco. So Cisco is a customer of ours. And we're also a close partner of Cisco. As I mentioned, we're deeply embedded in the Cisco ecosystem with our integrations. And we can provide visibility on top of all of the security products out there, Cisco as well as non-Cisco products.

Got it. And obviously, with Cisco strategy, we're always investing in startups. So we think have really great potential and are aligned to where we're trying to go, obviously, with our own security approach as well. So what is it that -- how -- tell us a bit about your journey with Cisco? What's that been like? Obviously being quite a small startup and -- but you kind of see it here at the show the kind of scale of Cisco, right? So what's that journey in that?

Yes. I mean, it's been quite overwhelming actually at times. There's so many different strands, many different people to meet and so many different opportunities that are available to us now that we're part of the Cisco ecosystem. And really, it's all about how do we focus our resources to get the most out of those opportunities that you guys have made available to us.

Got it. And just one last question because obviously we're coming towards the end of the show here. So what's been your highlight of the show this week?

So I've made a whole range of different potential customers, potential partners and what I'll be taking away is trying to figure out what the next steps are with those customers and prospects. And seeing how we can capitalize on those opportunities for Panaseer.

Amazing. Well, thank you so much, Charaka, for joining me in the studio. We're going to take a look at this 1-minute Cisco video. It was another event that happened this week, take a look and stay tuned. [Presentation]

Wow. What an inspiring video. I love that and I really wish I could make it down to the event, but there's so much going on this week, I didn't get a chance. I'm definitely going to make sure I do that on my next Cisco Live. So Steve and Zane are out in the Keynote space, so I'm really excited to check in with you guys, how's it going over there?

Hello Nish -- my Nishi, we're going to call her Nishi here for the whole -- for the time. Look how cool this is. All right, so they've opened up the main doors. We've got the band jamming back over here on this side. They keep putting the NetVets up on the main screen. And as I said to Zane earlier, my name is never up there in NetVets, what's the deal?

I don't know, Steve. Why is Steve name not up there?

I don't know. This is my first time out here.

My name is up there.

What? Your name is up in NetVets already? All right, I'm going to talk to somebody. I'm talking to Bonnie. We're getting this thing taken care of. All right, so let's talk about what's going on. We're about to move into this closing Keynote, Richard Browning, pretty amazing dude, right? So I mean, he's the rocket man. He's the guy, he's actually, I believe, we're going to see something at the beginning. I'm not going to give it away here right now. But what's so cool about his company that he built up, started in 2017, right? They did a huge amount of events right out of the gate, first 18 months, 60 different events in 20 countries in just 1.5 years and it's built up the name of this organization so quickly, and he made such a name for himself. And what's really cool, it's education based. And so much of what Cisco Live is all about is what? Education, bringing people along get them hyped up, right?

Totally. That's what we're here for. Listen, Steve, I have learned so much this week. This is my first ever Cisco Live, I feel like my brain has literally grown, I guess, grown? What do you think?

Absolutely. By the way, you decided not to do it. All right. So here's what we were going to do. We have this idea of having Lucy, our spectacular makeup person who's been with us all week. We're going to actually do #CLEUR, which is our social media post, right -- wait, is it there?

No, no.

It's not there. You were going to put it in there. I wanted to put it across Zane's forehead. I thought that would be the most fun thing to do.

I think so.

You backed out on the whole thing?

Well, no, no, no. So listen, we're going to put #CLEUR on that side of my face, just wait. So it's -- oh, oh, it's on the screen.

It's on the top of the screen. We just found out.

There we go.

Something to argue. So I'm just going to let you guys know in the back. Are you actually superimposing it over Zane's forehead like we asked. You can tell me, you can be honest with me. Okay, great, it's right across your forehead. Just so you know right now, #CLEUR, right up to the very end. 6:15 is when we're going to be wrapping up here. But then you and I, along with Nish and David back in the studio. We're going to come back. We're going to put a little button on the end of the week here. We've had such an incredible time, but we're going to recap some of our favorite moments of the event for all of you. And again, invite you guys to continue commenting in using #CLEUR but be a part of the event, there's really nothing like being right here in the room, right, Zane?

I sense same, Steve. I sense same. Listen, if you're watching from home this time, next time, you need to get yourself here. Just look at this. Feel the energy, man. We were dancing earlier on.

Sorry, we have to do one more thing. Follow me over here, Steve. Come here. So these things here, by the way, I just wanted to let everybody know. This is how cool. So Richard is -- all right, I'll go ahead and let you guys know. He's going to be flying in here, in the suit, which is pretty cool. If you've ever seen him do that before. They've given these really awesome headphones to everybody because those jets on his jetpack are ridiculously loud. So you think it's loud in here right now. Everybody is going to need to be wearing these things. So they're hanging over the back of each of the chairs, which I think is really, really cool. Again, where else do you get to come to an event and enjoy this kind of crazy stuff. The dude is just going to fly in on a jet suit.

I don't know, Steve, I don't know.

All right, should we -- why don't we go find some friends to talk to like back over there on that side, in fact, we'll get some of our champions. David we're going to go back up to you in the studio for now, but please come back to us, okay?

I certainly will, Steve, thanks for all that intro. And I'm joined by our final guest for the week. And I think it's -- we've scored an absolute great interview for the last session of the week, just before the closing Keynote, a prime spot. I'm honored to be joined by our SVP and CIO for Cisco's IT worldwide. She comes from my neighboring Australia. We're pretty much neighbors anyway. Many people forget that Cisco itself is a large customer, a large IT user. And I think our guest has a particularly difficult job because our users, our engineers tend to try and break stuffs all the time. So I don't envy that aspect of the work. Jacqui Guichelaar, thank you so much for being on the show today.

Sure. Pleasure.

You were telling me backstage just now that you've only been at Cisco for 10 months. And I guess that means, this is your first Cisco Live.

11 months.

Eleven months. Your first Cisco Live in Europe? How have you found it? How is it different to Cisco Live in other parts of the world?

Yes. So yes, first one in Barcelona. I mean, it has been absolutely incredible. I definitely grew up in Australia, as you know, but I was born in Uruguay. So I'm actually Latina as well. So I've been practicing my Spanish. I've been eating lots of tapas, I really love the culture of the people here, I mean, in Barcelona. And honestly, that whole European flavor that we get into our sessions here has been great to watch.

Well, I'm glad you're using the opportunity to flex your Spanish skills there. Where have you been spending most of your time this week?

Good question. Everywhere, everywhere. I kicked off the IT management program, where we had 1,000 of our customers actually sign up for that specific program that my team and I basically organize, share what we're doing, whether it's what we're doing with WebEx solutions, what we're doing with DNAC, what we're doing to transform Cisco IT and actually help Cisco transform so that's one part. I've been walking the floor, talking to the companies that we're investing with and partnering with, just to see what solutions are coming out in the security space, in particular. And yes, and just customers, customers, customers, customers.

And I'm glad you mentioned the IT management program because for some people that might be a new topic, what were the sort of key themes or takeaways from IT management and where can people sort of find out a bit more?

Yes, sure. So this year, what we did was we focused on technology and people, technology and teams. And what was interesting was many of the participants took away a couple of things, which is technology is changing at a pace we have never seen before in the industry. But what is equally important, I think, as the complexity gets higher, is the leadership challenge around that. The cultural challenge around that, how do you rally thousands of people in IT, engineers, how you said earlier, how do rally them behind a vision that can help transform Cisco IT and Cisco as fast as we can go. Because actually, speed is probably going to count more than it has ever counted before. So everything from talking about security challenges, data at the center of everything we do, how do we move things to the cloud in a multi-cloud environment, while securing it. All the challenges that you can imagine, we have covered all of them in the last couple of days.

Absolutely. And I think your point on speed and agility, I think that's not going away anytime soon. If anything, the pace of innovation, the pace of change and also the pace of the new challenges that are coming towards us and our customers is only going to get more and more as we go along.

Absolutely.

And you being the first-time attendee, always keen to understand what were your personal takeaways, your personal highlights from the week? I don't know if you managed to escape the IT management program at all?

I did, I did.

What did you take away from the show overall?

Well, I think, look, I mean, what's clear is, I mean, even being inside Cisco now for 11 months, I was a customer for decades before, a customer of Cisco. I'm now inside Cisco. I've spent the last 11 months learning Cisco, the products, the solutions, our partners, and I still have a lot to learn. So my big takeaway is how do I ramp up and continue that learning process, while I mobilize the team to start really attacking the areas of the transformation that we have to do in Cisco IT. So learning, partnering with others in the industry, I think, is key. And then figuring out as a leadership team, how do we lead Cisco IT through the transformation that we need to do for the company and for our customers.

Yes, great. And all that time as a customer, you never made it to Cisco Live Europe before then?

I know. Isn't that bad? I mean, my team went, my team went. It wasn't anything personal. I was waiting for the invitation from Chuck it never came.

Unbelievable.

But I we've got a better invitation now, right?

Yes, that's right. We'll take it up with Chuck later. Now obviously, the show is primarily directed at people that can't make it to Cisco Live in person. So what would you say to the viewers at home, what are they missing out on by not being here in person live in Cisco Live Europe?

Wow, I mean, great question. I just don't had to answer it in the amount of time we have. I mean, I would say the first thing is the relationships that you build here, and I've built many with customers and partners and other Cisco colleagues in the last 3 days in a way that I can't do in my -- at my desk, in my job. So you have to come here for relationships. Everything is about what's happening in the industry and how quickly you can adapt to it and understand it and learn it. So that's the first thing. Secondly, the amount of products and solutions that we have here to share and experiences that customers are going through. So you said it before, I am a customer. As other CIOs and their teams are here, I'm learning from them, they're learning from me. And I think from my perspective, learn, partnership, keep up with technology, keep up with solutions. I mean, if you don't come, you absolutely should come.

Absolutely perfect note to end on. Thank you so much for your time, Jacqui. You've heard it here, you've got to get down to the show, just to feel the atmosphere, get the networking done. And I think we're going to head out to Steve and Zane, who are out on the show floor, trying to get a bit of an idea of what it's like out there.