Ok, I’m going to give this one a try, and hope all readers help me keep myself honest on this one. Initially, the title of this Post was based on CCNP Security and Cisco Prime Infrastructure Security Use Cases.
So I have been looking for some Security use cases with Cisco Prime Infrastructure, and I think I found some based on correlation and other important things the tool has to offer.
Don’t believe me check the 300-206 Exam Objectives
Now, enough with the chat and let’s go hit the main points on this interesting toolbox
What is Cisco Prime Infrastructure?
Based on its definition from the Marketing Cisco’s site, here is a good excerpt:
Cisco Prime Infrastructure simplifies the management of wireless and wired networks. It offers Day 0 and 1 provisioning, as well as Day N assurance from the branch to the data center. We call it One Management. With this single view and point of control, you can reap the benefits of One Management across both network and compute.
My Point of view
The tool helps you or any Network Engineer or Administrator with interesting tools that help on the day to day job, and it looks like a very slick interface. Devices like Routers, Switches, Wireless Controllers and Wireless Access Point’s along with Other Data Center infrastructure can be checked from this Application
Features that are worth to Mention
The Network Dashboard Overview
This dashboard includes important information on Metrics related to Network reachability, alarms from the devices, Coverage areas, the Network Topology and Ton N CPU/Interface Utilization. This dashboard goes very far on showing lots of information that is very useful
If you are familiar with an IWAN deployment or have completed a semi-IWAN solution for a client, you know that the solution is very complex (Not to say ridiculous IMO) – I’m about to think that this somehow connects with APIC-EM, or this section is stolen directly from it. But for sure I have seen this under APIC-EM
Also like with other Cisco Products, like APIC-EM, Network topologies come very handy and this particular section makes it easy to create dynamically.
Now let’s talk about Security-Related Features
So curious me, was able to find 2 nice and interesting pieces of information from the Cisco Prime Infrastructure
The PSIRT and EOX Report Tool
This was an interesting find because this actually reviews all the installed IOS images on your devices and tells you about the existing vulnerabilities and possible vulnerabilities on the code your devices use. Pretty cool ha? –> Now how is this done? This uses the Cisco PSIRT openVuln API or seems like it does because is the CIsco’s available tool to provide such information.
The DevNet page on PSIRT Openvuln API will take you in the right direction if there is any need for custom applications that need this
Compliance Profiles and Reporting
If the previous feature was not enough, this one will be a really cool one. This one checks your devices for compliance, using profiles with the desired configuration, so that all your sites are uniform and standardized, who doesn’t want this?
The compliance Policies Selector includes few baselines with options for you to pick from
The Profile or Policy Selector lets you choose from different options, I think all relevant configuration settings are found there, just give it a try and play with it
What to look Forward to?
I’m having lots of fun going over the multiple Exam objectives for CCNP Security and finding things that I have never seen before, then that is a good reason for my excitement. I hope you enjoy reading this and it helps in any way.
There are many other 3rd Party tools that provide a lot or even more than Cisco Prime Infrastructure, but so far seems like a product that is maturing and it has lots of capabilities.
About the Author:
Andres Sarmiento, CCIE # 53520 (Collaboration)
With more than 13 years of experience, Andres is specialized in the Unified Communications and Collaboration technologies. Consulted for several companies in South Florida, also Financial Institutions on behalf of Cisco Systems. Andres has been involved in high-profile implementations including Cisco technologies; such as Data Center, UC & Collaboration, Contact Center Express, Routing & Switching, Security and Hosted IPT Service provider infrastructures.