Cisco has pitched its intent-based networking capabilities as a way to get control over the Internet of Things.
There are good reasons to try and automate the network behaviour of IoT devices: as Cisco's enterprise networking marketing vice president Prashan Shenoy told The Register's networking desk, the ratio of IT personnel to Things, now one human to 100 devices, could hit 1:100,000 over the next few years.
And there's a characteristic of the IoT market that Cisco's perfectly placed to address: it's a jungle of proprietary protocols that often aren't mutually intelligible. In a world that had DECnet, Novell NetWare's SPX/IPX, Banyan Vines, AppleTalk, SNA and more, Cisco's ability to route anything over the Internet stack was the foundation of its 1990s-era dominance.
Shenoy said there's no need to replace the disparate IoT protocols out there; the aim, rather, is to handle every protocol, to “feed information into Cisco's infrastructure”.
That infrastructure has three themes: to handle the devices themselves, intent-based networking (IBN) identifies, locates, and sets policy for IoT devices; to rescue admins from the vast number of devices, IBN provides scalable operations across all network systems; and it offers realtime machine learning and analytics to manage network issues in real time.
Cisco shrinks Tetration for ESX and SaaSREAD MORE
Shenoy said the most immediate impact of the advent of IoT on enterprise networks comes from the newly-introduced diversity of device types, with two impacts: first, stuff like HVAC systems, lighting, or healthcare devices are showing up on networks managed by IT systems; and that brings with it a new population of personnel responsible for devices.
The building systems (HVAC or lighting) are managed by facility personnel; the wheelchair or heart-rate monitors are managed by nurses; and neither of these populations are oriented to IT management.
In product terms this stands on three legs:
- Shenoy explained that ISE – the Identity Services Engine – has been enhanced to apply policy control to all IoT devices (which is why support for protocols like CIP, PROFINET, Modbus, and BACNet is so important);
- The Software-Defined Access (SD Access) solution introduced last year has been extended for IoT devices, covering environments like distribution centres and the like;
- Analytics provide the operational insights to keep everything going. Cisco's WiFi infrastructure is central to this strategy, since it gathers IoT device location to help the cloud-based software “understand the assets the line of business manages”, he said.
The Identity Services Engine has more than 600 new device categories, Shenoy explained, recognising devices based on their profile and protocols. That profile is then married with policies (with coverage of compliance and vulnerabilities), which is pushed to targets such as the firewall, to manage access control; and DNA Center to control who needs to use a device.
On the analytical side, Shenoy said, the IoT imposes new requirements on the IT manager, because unlike a database server, IoT devices can be life-or-death (for example in healthcare).
Even short of extreme scenarios, hospital nurses have a lot of their time diverted by asset management tasks like finding a wheelchair for a patient.
Having the analytical system watch the assets in real time, and raise an alert if a business rule is broken, can relieve that workload – for example, by alerting the right person if a wheelchair leaves the hospital.
In a manufacturing setting, he said, a machine raises an alarm if it's vibrating too much, but that's a local operation; with an integrated IoT system, that alarm can be pushed to the right person, even if they're not out on the factory floor.
Switches, WiFi for IoT IBN
The IoT strategy is supported by two networking product launches: additions to the Catalyst 9000 series; and the Aironet 4800 W-Fi access point.
There are two Catalyst 9500 switches in the launch: a high-density 25 Gbps Ethernet switch for the enterprise core and a single rack unit 25/40/100 Gbps unit.
On the Wi-Fi side, the Aironet 4800 focuses on manageability: its connection back to DNA Center uses “dedicated radio whose sole job is to look for security issues and rogue devices”.
The access point can capture 240 anomaly types in real time to send to the analytical engine, Shenoy said. ®