Built.io Flow Brings Automation and Integration to Everyone

One of the many hats I wear as a sales engineer is to work on proof of concept and conceptual efforts. These activities are usually leveraged to help answer the question “can we do that?” or “will this work with OUR business process?”.

Recently a lot of my efforts have been focused on integrating collaboration tools with business processes. One simple example of this is for someone running a trade show booth and looking to connect with potential clients. Exchanging business cards is so 1995, and there are way better ways to do this. One quick way I created was to have the potential client simply text their email address to a defined SMS number (short code if you want) and then kick off a process to add them to a Cisco Spark space and also update the CRM system with a new contact. This provides an immediate way to have rich interaction with your potential client as Cisco Spark supports not only text, file sharing, but also full audio and video calling and meeting functionality. And to top it off Cisco Spark is free (with some scale limitations).

Enough about why Cisco Spark is wonderful and can solve all of the problems you are facing and onwards to how I achieved building this simple integration in less than a work day. I cheated or at least it feels like I cheated. I have been using a platform named Built.io Flow which provides an easy to use, but very powerful integration as a service offering that is completely hosted. It features many pre-built integrations in to common enterprise applications (Cisco Spark, Dropbox, Twilio, Tropo, MongoDB, Google Apps, Office 365, ServiceNow, PagerDuty, etc.). If their pre-built integrations aren’t adequate you can write some node.js code and run it on their cloud platform as well. And for those of you saying “my data lives in my data center and I’m not ready to send everything to the cloud” you can leverage their Enterprise Gateway which provides a secure bridge between the cloud and and your on-premises environment giving you the best of both worlds. Oh, and before I forget, their technical support is phenomenal (shout out to Pramod Mishra)!

Here’s a screen shot of the application I described above where a simple text message containing an email which will join the user to a Cisco Spark space and also log their information to a Google Sheet (that’s my attempt at a simple CRM system).Built.io SMS Bot

And don’t think Built.io is only designed for small scale testing or proof of concept activities. Many large organizations are using this very platform for production level workloads.

 

Video Endpoints and Cisco Spark

I’ve recently spent more time testing video endpoints with Cisco Spark (SX10, SX20, Spark Board, Spark Room Kit, DX80, etc.) with my customers and have run in to several things that I think many others probably encounter as well.

  1. Check support Spark endpoints – https://help.webex.com/docs/DOC-4205
  2. Is your endpoint running the right software version to avoid certificate validation errors when attempting to register for the first time? (To activate your room device on Cisco Spark, the device must run software version CE8.2.0 or later.) https://help.webex.com/docs/DOC-7709
    1. To upgrade the codec it’s a simple process of downloaded CE software 8.2 or higher and then logging in to the web interface of the codec to complete the manual upgrade.
  3. If you plan to use a Touch 10 with any endpoint you must pair it to the codec BEFORE you register it to Spark – https://help.webex.com/docs/DOC-11657

Before I upgraded my SX20 to CE 8.2 I was seeing errors in the logs similar to

2017-12-09T09:51:08.966-06:00 a8 appl[1796]: 762.54 Wx2Http W: HTTP(2) Error: NetworkError (Peer certificate cannot be authenticated with given CA certificates)

The basic issue is that in releases of CE software prior to 8.2 the necessary CA certificates were not installed so the certificates presented by the Cisco Spark registration system weren’t able to be validated.

Enabling SNMP on VMware ESXi

I always struggle to remember the steps to enable SNMP on ESXi hosts so this post can not help me, but might be useful to others.

How to enable SNMP on ESXi 5.5

  1. Ensure that SSH is enabled on your host(s)
  2. SSH to your host using the root credentials
  3. Once connected run the following commands which will set the community string (as specified by COMMUNITY-STRING, enable SNMP, update the host firewall rules, and finally restart the SNMP service

esxcli system snmp set --communities COMMUNITY-STRING
esxcli system snmp set --enable true
esxcli network firewall ruleset set --ruleset-id snmp --allowed-all true
esxcli network firewall ruleset set --ruleset-id snmp --enabled true
/etc/init.d/snmpd restart

How to enable SNMP on ESXi 6.0

  1. Ensure that SSH is enabled on your host(s)
  2. SSH to your host using the root credentials
  3. Once connected run the following commands which will first reset the SNMP configuration. set the community string (as specified by COMMUNITY-STRING, set the SNMP port number, set the SNMP location information, set the SNMP contact information and finally enable SNMP

esxcli system snmp set -r
esxcli system snmp set -c COMMUNITY-STRING
esxcli system snmp set -p 161
esxcli system snmp set -L "Location (City, State, Country)"
esxcli system snmp set -C email@domain.com
esxcli system snmp set -e yes

Cisco CWS and OpenDNS Data Center Locations

Cisco Cloud Web Security (CWS) and OpenDNS both provide cloud based security services. CWS offers an HTTP/HTTPS proxy and OpenDNS provides security and visibility at the DNS resolution layer. I’ve been asked many times where both CWS and OpenDNS host their services as this can make a big impact in end user experience if the hosting location is far away from the user and could lead to high latency and a lousy experience.

CWS Proxy Location and Status Page: http://servicestatus.sco.cisco.com/status

OpenDNS Location and Status Page: https://www.opendns.com/data-center-locations/

Cisco Tools Link

I regularly share useful links with customers and colleagues and often find that this page is a great starting point to explore some of the web tools Cisco has available http://www.cisco.com/c/en/us/support/web/tools-catalog.html

Some of these tools include the Cisco Power Calculator, Cisco Feature Navigator, Cisco IOS to NX-OS configuration converter, and many others. Give it a click and explore some tools you likely didn’t even know existed.

SSL Host Headers in IIS 7.x

In order to leverage host header capabilities with SSL enabled sites you need to use a command line tool as the IIS GUI management tool does not allow you to bind multiple SSL sites to the same IP.

The ‘appcmd’ executable is in the following path %windir%\system32\inetsrv

The syntax is:

appcmd set site /site.name:"Site Name" /+bindings.[protocol='https',bindingInformation='*:443:site.name.com']

macOS Sierra SSH Client

If you’ve upgraded to macOS Sierra you may have seen the following error message when attempting to use the builtin in SSH client to connect to certain SSH servers:

Mac:~ user$ ssh admin@10.10.0.40
Unable to negotiate with 10.0.0.1 port 22: no matching host key type found. Their offer: ssh-rsa

This issue is caused by a change introduced by the version of OpenSSH (version 7.2) that is included with macOS Sierra. In OpenSSH version 7.x certain older security algorithms are disabled by default which generates the error message above. The fix is to either update the SSH server settings or simply change the configuration on your computer to allow the less secure algorithms by editing /etc/ssh/ssh_config and adding the following two lines to the end:

HostkeyAlgorithms +ssh-dss
KexAlgorithms +diffie-hellman-group1-sha1

Thanks to http://goodbyecli.com/macos-sierra-beta for a quick write up on this!

After you save this file all should be well. I would recommend you research how to correct the underlying configuration the SSH server as more security is usually a good thing 🙂

Communications Manager 11.5 Deprecated Phones

With the release of Cisco Unified Communications Manager (CallManager) version 11.5 support was removed for some of the oldest IP phone models. Support was removed for these phones as they do not support the latest security features that Cisco is working to standardize.

The following models are prevented from registering in version 11.5:

  • Cisco IP Phone 12 S
  • Cisco IP Phone 12 SP
  • Cisco IP Phone 12 SP+
  • Cisco IP Phone 30 SP+
  • Cisco IP Phone 30 VIP
  • Cisco Unified IP Phone 7902G
  • Cisco Unified IP Phone 7905G
  • Cisco Unified IP Phone 7910
  • Cisco Unified IP Phone 7910G
  • Cisco Unified IP Phone 7910+SW
  • Cisco Unified IP Phone 7910G+SW
  • Cisco Unified IP Phone 7912G
  • Cisco Unified Wireless IP Phone 7920
  • Cisco Unified IP Conference Station 7935

For more background on this check out the following Cisco Field Notice

Cisco Cloud Web Security

Link

Cisco acquired a company named ScanSafe in 2009 to provide cloud based web proxy services and this service was renamed to Cisco Cloud Web Security (CWS). Cloud Web Security offers an alternative to on premise proxy services by hosting proxy services in data centers around the world. There is a single management portal where an administrator can create policies and run reports. Once a policy is created it is available across all the proxy servers around the world which greatly decreases the burden of creating consistent policies.

There are a variety of ways to leverage CWS including:

  • Cisco AnyConnect
  • Connectors for Cisco ISR G2 routers (1900, 2900, and 3900 series)
  • Connectors for Cisco ISR 4000 routers (4300, 4400 series)
  • Connector for Cisco ASA firewalls
  • Integration with the on premise Web Security Appliance (WSA)
  • Direct integration via client proxy configuration (point your operating system to the CWS proxy)

The connectors for the routers and firewalls offer transparent redirection which makes deployment very straightforward. The integration with AnyConnect provides a very simply solution for securing internet access for users when they are outside of the corporate network without requiring all internet traffic to be backhauled.

More information on the service can be found here http://www.cisco.com/c/en/us/products/security/cloud-web-security/index.html and information on the current proxy locations is available here http://servicestatus.sco.cisco.com/status

Wireshark Geolocation

Link

Wireshark is the de facto packet analysis tool and it comes with a wealth of options beyond what is included in a default installation. One option I discovered recently was to leverage the free version of the MaxMind geolocation database to enhance the visibility of packet data within Wireshark to include BGP AS assignment information, cities, and countries. This allows you to create filters based on this geolocation data which can be incredibly useful to quickly include or exclude interesting traffic based upon country or origin for example.

The complete setup guide can be found here.