APIC-EM - Typepad
APIC-EMAdam Radford – Distinguished Systems Engineer
Agenda Introduction Inventory/Topology Path Trace Plug and Play IWAN EasyQoS
APIC-EM Controller ArchitectureScalablePlatformHighlyAvailableElastic serviceinfrastructure andauto scaleservice modelMaximum uptimefor mission-criticalapplications andseamless upgrade Single TouchPointNorthboundRESTful APIsFast and easyinstallationRBAC-enabled
APIC-EM - Platform ArchitectureAPIC-EMApplicationsNetwork PnPIWANPath TraceNetwork InventoryAdvanced Topology VisualiserAPIC-EMApplicationsAPIC-EM ControllerNorthbound REST APIs gyServicesData AccessServicePolicy AnalysisNetwork PnPElastic Service ervicesAddressesScale Outand HARequirements
Manual to Systemic Policy DeploymentManual PolicyConventional ModelDeploymentController Led PolicyDeploymentThe WhatThe What“Security Policy forBranches A-N”AdminDrivenThe How“Change ACLs inthe followingelements”“Security Policy forBranches A-N”AdminDrivenThe How“Change ACLs inthe followingflements”SystemDriven
Inventory/Topology
Controller Application - Network Discovery Quick, easy, and efficient networkdiscovery functionality Flexible discovery options Based on CDP and IP address range Ability to start, stop, and delete the scan at anytime Auto-discovery of newly added network devices Ability to initiate a discovery job through the UI ornorthbound REST APIs
Controller Application - Network Discovery
Network Discovery - Input Parameters Seed IP address for CDPbased network discoveryIP address range for discovery scope Click on the Add icon to provide multipleIP address ranges
Controller Applications - Device InventorySingle Source of Truth Real‐time network device inventory and assetservice management Includes all network devices with an abstraction for theentire network: Full knowledge of networkAwareness of the overall operational healthof the physical network Detailed inventory information for easier consumption bycontroller services and applications Allows applications to be device-agnostic Inventory service runs in the background to maintain anaccurate database
Controller Applications - Device Inventory
Device Inventory - Hardware Layout Detailed device inventory information
Device Inventory - Tagging Layout Sophisticated and automated devicesare given a role assignment based onintelligent matching against pre-settemplates and attributesGeo-site (location) and custom tags for completeflexibility in grouping and classification of devicesbased on business logic (for example, lines ofbusiness, service mix, etc.)
Controller Applications - Host Inventory Real‐time network host and endpoint inventory(PCs, wireless devices, IP phones, printers, etc.) Detailed information about each host and endpoint: Network attachment point for the host to the network device Host name, IP, and MAC address information Host inventory service runs in the background to maintain theaccuracy of the database: Information collected through CDP, LLDP, andP device-tracking database lookup SNMP traps are used to update the host inventory database(wireless host only for Release 1.0)
Controller Applications - Host Inventory Detailed host informationNetwork attachment point for host
Scale Numbers – General AvailabilityNetworkDevices:2000AccessPoints:2000 EndHosts:20,000Note: These scale numbers are for the APIC-EM platform and the base applications.Some other APIC-EM applications might have different scale numbers.
Path Trace Application:Controller basedTroubleshooting
APIC-EM Path Trace ApplicationAccelerate Trouble-Ticket ProcessingUserTrouble TicketITPath TraceNETWORKBENEFITSSDNSimple WorkflowEasy visual discovery of trouble spots in thecommunication path based on 5-tuple OpEx for ticket processing decreased by 98%from 1.6 hours to 1 minute
Path Trace App: 5-Tuple Input ThroughUser Interface Required InformationOptional InformationSRC and DEST IP address[End host or L3 interface]SRC and DEST L4 port numbers;L4 protocol (TCP or UDP)Note: Layer 4 port and protocol information is optional but highly recommended for accurate path calculation
Path Trace App: Enhanced ApplicationFlow VisibilityCAPWAP TunnelVisualisation Accuracy Note(in a percentage)Ingress/EgressInterfaceLink SourceInformation
Path Trace App: Detailed Device InformationDevice InformationDescriptionDevice IP addressIP address of the network device or end hostTypeType of network device or end hostLink information sourceFor all the links along the application flow path trace, the link information source is displayed. Some examples for this particular field include: Routing protocols (OSPF, BGP etc.) - The link is based on the routing protocol table ECMP - The link is based upon a Cisco Express Forwarding load-balancing decision NetFlow - The link is based upon NetFlow cache records collected on the device Static - The link is based on a static routing table Wired and wireless - The end host is a wired or wireless endpoint connected to the network device Switched - The link is based on Layer 2 VLAN forwarding information Traceroute - The link is based on information collected by the trace route appTunnelsRelevant tunnel information is present along the application flow path trace. For APIC-EM Release 1.0, only CAPWAP and mobility tunnelsare supported.Note: The Path Trace UI provides a visual graphic of the CAPWAP tunnel along the path traceIngress interfaceIngress interface of the device for the application flow path trace (physical or virtual)Egress interfaceEgress interface of the device for the application flow path trace (physical or virtual)Accuracy noteIf there is uncertainty about the path trace on a segment between devices, a note about the accuracy of the computed path on this segment will bedisplayed as a percentage. Click on the note to view suggestions of corrective actions to take to improve the path trace accuracy. The accuracynote is not displayed unless the APIC-EM is certain about the path.Example: If the APIC-EM is unable to obtain the exact egress interface for an ECMP scenario with two paths, the accuracy value would becalculated as 50%.
Path Trace App: Topology View
Path Trace App: Enhanced ApplicationFlow Visibility Reverse Path LookupYou have the ability to visualise the bi-directional path in a single view
Path Trace App: Path Trace Flow DiagramInfo kupCloudCloudECMPDecisionInfo Source:Poll NetworkDeviceECMPDecisionInfo Source:Poll ayLookupInfo Source:APIC-EMNIBInfo Source:APIC-EMNIB HSRPCampusInfo Source:Poll NetworkDeviceInfo Source:APIC-EMNIBL2LookupInfo Source:APIC-EMNIBBranch
Network Plug and Play:Controller basedDeployment
Network PnP with the Cisco APIC-EM AutomatesDevice ects and SitesRemoteInstaller Policies Match rules Configurations,images IP addressing Mount andcable devices Power onAPIC EMPnPAgentSmartInstallProxyPnPAgentPnP AgentPnP AgentUnskilledInstallerGUI-BasedPnP ServerConsistent for Devicesand Pin (Campus,Branch)The networkadmin remotelymonitors theinstallation statuswhile in progressBooting devicescall home to thePnP server,and requestinstructionsSmart Install ClientHighlySecureEnd to EndGreenfieldand Brownfield
Network Plug and Play - ComponentsPnP Helper AppDelivers bootstrap statusand troubleshooting checksPnP ProtocolRuns betweenAgent and ServerOpen schemaPnP ServerCentral server - APIC-EMPnP AgentRuns on Cisco switches, routers,and wireless access pointsAutomates the deployment processManages sites, devices,images, licensesProvides northbound REST APIs
OptionCisco APIC EM: PnP ServerWorkflow-Based and REST API Pre-provisioning Ad-hoc and unclaimed devicesDevice Repositoryand DatabaseEnterprise Applications and Orchestration LayerPnP REST APINetwork PnPApplication UIPythonAutomation Framework(i.e. Python script,configuration generator)IWANAppTopologyDiscoveryREST APIAPIC-EM APIPnPServiceAPIC-EM ControllerCLI, PnP ProtocolCustomer’s ExistingAutomation FrameworkCisco DevicesCatalyst , ISR, ASR, Access Points
PnP Server Discovery OptionsSwitches (Catalyst )12Routers (ISR, ASR)Wireless Access PointsDHCPDHCP with options 60 and 43ServerPnP string: 5A1D;B2;K4;I172.19.45.222;J80DNSServerDNS lookuppnpserver.localdomain ---- 172.19.45.222 (PnP Server)Cloud re-direction - roadmap elper re-directs to 172.19.45.22(PnP Server)4USB-based bootstrapping5Manual - using the Cisco Installer AppiPhone, iPad, Android, (roadmap - Windows mobile and PC)
APIC-EM PnP Login Screen
Step 3. Add devicesWorkflow on the APIC-EMIf any external TFTP server is used for configurationsand images, for a given site information must beentered here. This is not recommended.Name of deviceDevice typeSerial Numberof deviceSelect the image from an availablelist already loaded intothe APIC-EMDrag and drop the deviceconfiguration here as a txt file orselect from uploaded configurations
OptionNetwork PnP: Installer AppRedparkRJ45 toApple 8pinRJ45 toApple 30pin Get ConsoleAppleAndroidAirconsole 2.0Bluetooth Adapter* Tested with Network-PnP Solution
Installer App - WorkflowPnP Server - Sites and DevicesRemote Installer Mount andcable devices Power onAPIC-EMPnP-ServerHTTPProxyWi-Fi, 3G, 4G WAN link up VPN up (Internet)!interface GigabitEthernet0/0description To Corp Networkip address 171.71.223.88 255.255.254.0no shutdown!! PnP Server Configpnp profile pnp-wantransport https ipv4 172.19.45.222 port 443iPad to console cable, BluetoothDeliver bootstrapCustom WAN Configuration
PnP Deployment for Campus - Self-SignedCertificate MethodDHCP ServerDevice RunningPnP AgentDMZLANAPIC PnPServerDHCP RequestDHCP responsewith options 43and 60 forserver locationDCPnP Server usesself-signed SSLcertificate12PnP Agent initiates HTTP communication withthe server and sends the device UDIHTTP PnP work request with device serial number (UDI)3PnP Agent installs the local trust pointfor the server SSL certificate4PnP Server receives UDI andsends server SSL certificateover HTTP6PnP Server receives device UDIand sends the full configurationand Cisco IOS Software imageover the HTTPS channelHTTPS PnP work request with device serial number (UDI)PnP Agent initiates HTTPS communicationwith the server and sends the device UDI5
NG Plug-N-Play – Supported PlatformsPlatformAccessSwitchesPnP Agent Support on ProductsIOS-XERecommendedReleaseCisco Catalyst 4500E Switches (Sup8-E, 7-E/7L-E, 6-E/6L-E)Cisco Catalyst 3850, 3650 Series SwitchesCisco Catalyst 4500-X, 4900 Series SwitchesCisco Catalyst 3750-X, 3560-X Series SwitchesCisco Catalyst 2960-C, 3560-C Series Compact SwitchesCisco Catalyst 2960-S/SF, 2960-X/XR Series SwitchesIOS-XE 3.6.3EIOS 15.2.2E3Cisco Catalyst 3850XU/XS Series SwitchesCisco Catalyst 2960-CX, 3560-CX Series Compact SwitchesIOS-XE 3.7.2EIOS 15.2.3E2Core SwitchesCisco Catalyst 6500 Series Switches: Sup2T/Sup720Cisco Catalyst 6880-X, 6807-XL Series SwitchesAccess RoutersCisco 4300/4400 Integrated Services RouterCisco ASR 1000 Series Aggregation Services Routers, Cisco CSR 1000vCisco Cloud Services Router 1000V SeriesCisco 800, 1900, 2900, 3900 Series Integrated Services Routers (ISR G2)IOSIOS 15.2(2)SY1 (Mar2016)IOS-XE 3.16.S (ED)IOS 15.5.3M (ED)Industrial Ethernet SwitchesCisco Industrial Ethernet 2000, 3000 Series SwitchesIOS 15.2.2E3Indoor Access PointsGen2 802.11n AP 1600, 2600,, 3600, 702-W/I802.11ac Wave1 - 1700, 2700, 3700,Wave 2 802.11ac & Outdoor AP support (Roadmap)WLC Supported : AireOS and IOS-XENov2015
iWAN Application:Controller based Policy
Evolution to Policy AutomationPolicy-basedAutomation: Dynamic Business intent tonetwork intent Executed byAPIC-EM apps Prescriptive Business e-basedConfiguration: Static Focused onconfiguration Executed by Prime Infrastructure Customisable Expert-ledFeatureFeatureIncreasing Policy Coverage Through More Apps and ServicesSteady State: Cisco leadsmarket adoptionso that a largemajority ofenterprises adoptpolicy-basedautomation A small set oflarger enterprisesor MSPs willcontinue to usecustomisablefeatureconfiguration
Intelligent WAN (IWAN) Solution ComponentsAVCPrivateCloudMPLSVirtualPrivate Cloud3G/4G-LTEBranchIWAN APPWAASAkamaiPfRv3 OrchestrationManagement gentPath ControlApplicationOptimisationCisco Prime SecureConnectivity IPSec WAN overlay Optimal application routing Performance monitoring NG strong encryption Consistent operational model Efficient use of bandwidth Optimisation and caching Threat defenceDMVPN, PKIPerformance Routing(PfR) QoSAVC, WAAS, AkamaiSuite-B, CWS, ZBFW
Greenfield for Cisco 4000 ISRsIWAN TransportData Centre – Cisco ASR 1000BranchData Centre4000 ISRMPLSInternetDMZDMVPN HUBASR 1000HTTP/HTTPSProxy for PnPIWAN APPMasterControllerASR 1000
Possible Architectures – General AvailabilityData Centre121. For a lab orPOC, MC canrun in one of theDMVPN hubsSP links can be:Internet MPLSInternet InternetBranch1. Dual router dual links2. Single router dual links3. Single router single links2. Single datacentre with aseparate MC13. Dual data centrewith primaryand transit323
Categorise applicationsAdd custom applications
Drag and drop each application(one ore more) from onebusiness class to the other
Drag and Drop a businesscategory among: businesscritical scavenger default Application priority policysetting in IWAN app Path preference: Setprimary and action onthreshold crossing, whichcan be a second path ordrop traffic Drag and dropbusiness buckets
Connect Internet and MPLS cables Insert PnP bootstrap USB stick Power up the Cisco 4000 ISRIWAN Transport Network-wide settings havebeen defined Data centre has been configured Application policies have been setData CentreBranchDMZ4000 ISR12 InternetHTTP/HTTPSProxy for PnPPower On!Router PnP agentstarts “call-home”3Cisco IOS APIC-EM PnP pushesnew Cisco IOS imageif neededIWAN APP4PKI CertAPIC-EM PnP calls PKIservice to push a PKI509.X certificate
IWAN configuration is applied Hybrid WAN tunnel comes up Controller generates the IWAN config Controller pushes the config to deviceBranchData Centre4000 ISRMPLSDMZ6ASR 1000Site is inproduction withIWAN enabled IWAN service generatesdevice configurationbased on current policysettings and network-widesettingsConfig is pushed todevice line by line: 5InternetConfigpolicies .IWAN APP4Admin sees unclaimeddevice and startsdeployment DMVPNRoutingFront-door VRFAVC (NBAR2)8-class QoSMPLS QoS translationStart netflow collectionStart syslog exporting
PKI Service and Trust Manager Settings PKI lifecycle is automated and simplified - deploy, renew, revoke - aredriven using NB API callsAPIC-EM runs a “CA Server” internally. This CA comes with APIs, whichmakes it a Trust Manager. It is designed for the purpose of DMVPN duringISAKMP authenticationRoot certificate has a 10-year lifecycleDevice certificates have a 2-year lifecycleCertificates are renewed automatically when they pass 80% of their lifeRSA keys for devices generate with a 2048 key lengthPKI certificates are pushed to devices using PKCS12 encapsulation withan internal random password - PKCS12 includes private RSA keys and an X.509 certificatePKCS12 is encrypted with: SSLv3/TLSv1 - RSA Key Exchange; RSAAuthentication; 256-bit AES encryption; and SHA1 HMACPKCS12 files are pushed to devices using HTTPSPKI certificate reports are available through REST APIs into the PKI brokerservice. These include certificate management operations, as well as PKIbroker services. Choose “API” in the APIC-EM to get more information
IWAN Greenfield Deployment with Ethernet HandOffRemoteIWAN SiteAPIC EMInternetTrust ManagerServicePnP ServicePnP AgentDHCP Request1Plug andPlayDHCP option 43 and 60PnP server IP2PnP ServerIP AvailableDHCP ResponsePnP Agent on router sends the serial # 3PnP Server upgradesIOS image if neededRequest devicecertificate45 PnP to coordinate Trust Insertion67Provide PKCS12-URL,PKCS12 passwordGenerate RSA key-pairContact CA, send CSRGet device ID certificatePackage key-pair, device,and CA cert in an in-memoryPKCS12Make PKCS12 availablethrough HTTPS with auniquely formed URL8Import PKCS12910Verify Trustpoint1112PnP to SSH into the set up auto trust managementRemove in-memory PKCS12PKCS12 collectedNotify PnP Service
IWAN Greenfield Deployment withEthernet Hand-OffRemoteIWAN SiteAPIC EMInternetTrust ManagerServicePnP ServicePnP AgentDHCP Request1DHCP option 43 and 60PnP server IP2PnP ServerIP AvailableDHCP ResponsePnP Agent on router sends the serial number 3PnP Server upgradesIOS image if neededRequest devicecertificate45 PnP to coordinate Trust Insertion67Provide pkcs12-URL,pkcs12 passwordGenerate RSA key-pairContact CA, send CSRGet device ID certificatePackage key-pair, device,and CA cert in an in-memoryPKCS12Make PKCS12 availablethrough HTTPS using auniquely formed URL8import pkcs12910Verify Trustpoint1112PnP to SSH into the set up auto trust managementRemove in-memory pkcs12Pkcs12 collectedNotify PnP ServicePKI CertificateProvisioning
PKI LifecycleDeviceconnectsthroughPnP IOS update?Deletedevice?1) SSH into device2) Remove Trustpoint3) Revoke certRenewcert?1) Device asks forcert renewal2) APIC-EM PKI servicesauto-grants itPKI certpushedto deviceDeviceexists ininventoryalreadyNotes: With the IWAN app, branch sites connect using PnPData centre DMVPN hubs are discovered into the controllerBoth DMVPN hubs and branch sites get a PKI certificate
Easy QoS Application:Controller based Policy
Levels of QoS Policy AbstractionStrategic vs Tactical Strategic QoS Policy (The WHY / WHAT you want to do) reflects business intentis not constrained by any technical or administrative limitationis end-to-endTactical QoS Policy (The HOW is it to be done) adapts the strategic business intent to the maximum of platform’scapabilitiesis limited by various tactical constraints, including: PIN-specific constraintsPlatform constraintsInterface constraintsRole constraints
Converting Business Intent to Tactical Policies QoS design best practices will be used to generateplatform-specific configurations QoS features will be selectively enabled if theydirectly contribute to expressing the strategic policy ona given platform the principle goal of the tactical QoS policy isto express the strategic QoS policy withmaximum fidelityEMWireless APTrust BoundaryPEP4Q (WMM)Catalyst 4500Trust DSCP1P7Q1TCatalyst 3650Trust BoundaryPEP2P6Q3TASR/ISRsTrust DSCPHQoSMQCNexus 7700Trust DSCPF3: 1P7Q1TCatalyst 6500Trust DSCP1P3Q4T1P7Q4T2P6Q4T WLCPEPWireless APTrust BoundaryPEP4Q (WMM)Catalyst 2960-XTrust BoundaryPEP1P3Q3T
Determining Business RelevanceHow Important is a Given Application to Business ObjectivesBusinessRelevant These applications directlysupports business objectivesDefault /Maybe / Unknown These applications may/may notsupport business objectives E.g. HTTP/HTTPS Alternatively, administrator maynot know the application (or howits being used in the org) Applications should beclassified and markedaccording to RFC 4594based rules Applications in this class shouldbe marked DF and provisionedwith a default best-effort service(RFC 2474)BusinessIrrelevant These applications are knownand do not directly support anybusiness objectives; this classincludes all personal/consumerapplications Applications in this class shouldbe marked CS1 and provisionedwith a “less-than-best-effort”service (RFC 3662)
EasyQoS SolutionApplications can interact with APIC-EM viaNorthbound APIs, informing the network ofapplication-specific and dynamic QoSrequirementsNetwork Operators expresshigh-level business-intent toAPIC-EM EasyQoSWireless APTrust BoundaryPEP4Q (WMM)EMSouthbound APIs translatebusiness-intent to platformspecific configurationsASR/ISRsMQCCatalyst 45001P7Q1TCatalyst 3650Trust BoundaryPEP2P6Q3TNexus 7700F3: 1P7Q1TCatalyst 65001P3Q4T1P7Q4T2P6Q4T WLCPEPWireless APTrust BoundaryPEP4Q (WMM)Catalyst 2960-XTrust BoundaryPEP1P3Q3T
Deploy End-to-End DSCP-Based Queuing PoliciesEasyQoS seamlessly interconnect s all types ofhardware and software queuing models to achieveconsistent and compatible end-to-end treatmentsaligned with the expressed business-intentEM
EasyQoS GUIStep 1: Select a Scope for Policy ApplicationPreview
EasyQoS GUIStep 1: Select a Scope for Policy ApplicationPreview
EasyQoS GUIStep 2: (Optional) Change Application Business-RelevancePreview
EasyQoS GUIStep 3: (Optional) Add Custom ApplicationsPreview
What Do We Do Under-the-Hood?Apply RFC 4594-based Marking / Queuing / Dropping HopQueuing &ApplicationClassBehaviourDroppingExamplesVoIP TelephonyEFPriority Queue (PQ)Cisco IP Phones (G.711, G.729)Broadcast VideoCS5(Optional) PQCisco IP Video Surveillance / Cisco Enterprise TVReal-Time InteractiveCS4(Optional) PQCisco TelePresenceMultimedia ConferencingAF4BW Queue DSCP WREDCisco Jabber, Cisco WebExMultimedia StreamingAF3BW Queue DSCP WREDCisco Digital Media System (VoDs)Network ControlCS6BW QueueEIGRP, OSPF, BGP, HSRP, IKESignallingCS3BW QueueSCCP, SIP, H.323Ops / Admin / Mgmt (OAM)CS2BW QueueSNMP, SSH, SyslogTransactional DataAF2BW Queue DSCP WREDERP Apps, CRM Apps, Database AppsBulk DataAF1BW Queue DSCP WREDE-mail, FTP, Backup Apps, Content DistributionDefault ForwardingDFDefault Queue REDDefault ClassScavengerCS1Min BW Queue (Deferential)YouTube, Netflix, iTunes, BitTorrent, Xbox Live
Current Differences between IWAN and EQ PolicyIWANEasyQoSScopeGlobal (until May)Tag basedRelevanceCategorisationPer ApplicationCategoryPer ApplicationDevices SupportedRouters – IWANdeployedRouters/switches/WLANDynamic PolicyNAYes, Voice, Video64
Dynamic QoSDynamic QoSPoliciesDynamic QoS Enabled65
Summary
ChangesSimplificationNetwork-wide abstraction supporting both Greenfield and BrownfieldAutomationOPEX reduction through adoption of Cisco best practicesAbstraction - PolicyDynamic network that adapts to business intent policyOpen ProgrammabilityOpen NB REST API’s with agnostic SB interfacing
Q&A
Complete Your Online Session EvaluationGive us your feedback and receive aCisco 2016 T-Shirt by completing theOverall Event Survey and 5 SessionEvaluations.–Directly from your mobile device on the Cisco LiveMobile App– By visiting the Cisco Live Mobile bourne2016/–Visit any Cisco Live Internet Station locatedthroughout the venueT-Shirts can be collected Friday 11 Marchat RegistrationLearn online with Cisco Live!Visit us online after the conferencefor full access to session videos andpresentations.www.CiscoLiveAPAC.com
Thank you
Cisco Catalyst 6880-X, 6807-XL Series Switches IOS 15.2(2)SY1 (Mar2016) Access Routers Cisco 4300/4400 Integrated Services Router Cisco ASR 1000 Series Aggregation Services Routers, Cisco CSR 1000v Cisco Cloud Services Router 1000V Series Cisco 800, 1900, 2900, 3900 Series
1275 K Street, NW, Suite 1000 Washington, DC 20005-4006 Phone: 202/789-1890 Fax: 202/789-1899 apicinfo@apic.org www.apic.org APIC Position Paper: Extending the Use and/or Reusing
The Python API supports Python versions 2.7 and 3.4. 1.1.14Understanding the REST API The APIC REST API is a programmatic interface to the APIC that uses a Representational State Transfer (REST) architecture. The API accepts and returns HTTP or HTTPS messages that contain JavaScript Object Notation (JSON) or Extensible Markup Language (XML .
ISR 2911 ISR 2911-ISM ISR 2901 ISR 2901-ISM ISR 1941 ISR 1941-ISM ISR 1921 ISR 1921-ISM ISR 892FSP Licensing The IWAN Application is a component of the APIC-EM. APIC-EM can be purchased a-la-carte or with the Cisco ONE Software. With the a-la-carte option, Cisco provides a
Professional organizations (SHEA, APIC, AORN, SGNA, ASGE, IAHCSMM, AAMI) are starting to embrace conversion. Scheduled presentations on transition from HLD to sterilization with AAMI Sterilization/HLD Committees, APIC, SGNA, Canadian APIC, World Sterilization Congress Researchers/Opinion Leaders need to continue the science-based .
APIC Quotes in the Media Related to Ebola 2/6/2015 Page 2 Personnel issues are one of three top priorities identified by APIC: “We’re sounding the alarm,” Crist says. Another personnel trend noted in the
Education/training in Infection Control, documented Can be certified through CBIC, not required APIC/CHICA Standards APIC/CHICA-Canada infection prevention, control, and epidemiology: Prof
Facilities@ prepared by the Association for Professionals in Infection Control and Epidemiology (APIC). This document is available on the APIC Web site at URL: www.apic.org. b The Federal Emergency Management Agency (FEMA) recommends that terrorism-specific res
Implementation Guide on CLABSI. About the Implementation Guide Series APIC Implementation Guides help infection preventionists apply current scientific knowledge and best practices to achieve targeted outcomes and enhance patient safety. This series reflects APIC's commitment to implementation science and focus on the utilization of infection .
