Más contenido relacionado La actualidad más candente (20) Similar a Cisco Connect Toronto 2017 - Introducing the Network Intuitive (20) Cisco Connect Toronto 2017 - Introducing the Network Intuitive1. © 2016 Cisco and/or its affiliates. All rights reserved. 1
Cisco
Connect
Enterprise Networks - Cisco Digital
Network Architecture - Introducing
the Network Intuitive
Matthias Falkner, DTME
Tim Szigeti, PTME
October 12, 2017
2. It’s a Digital World!
Automating your network with DNA
Center
Gaining Deep Insights with Assurance
And Analytics
Summary
Matt – 40 min
Tim– 30 min
Agenda
Cisco DNA – Introducing the Network
Intuitive
3. 4© 2016 Cisco and/or its affiliates. All rights reserved.
It’s a digital world!
Matt
Falkner,
DTME
4. © 2016 Cisco and/or its affiliates. All rights reserved. 6
Digital Disruption
Lack of Business
and IT Insights
63 million new devices
online every second
by 20201
Complexity
Slow and Error
Prone Operations
3X spend on
network operations
vs network2
Security
Unconstrained
Attack Surface
6 months to
detect breach3
Unprecedented Demands on the Network
1: Gartner Report - Gartner’s 2017 Strategic Roadmap for Networking
2. McKinsey Study of Network Operations for Cisco – 2016
3. Ponemon Research Institute Study on Malware Detection, Mar 2016
5. The Need for
a New Network Constantly Learning
Support 100X new devices, apps, users
Constantly Adapting
Respond Instantly to business demands with
limited staff and budget
Constantly Protecting
See and predict issues
and threats and respond fast
The more you use it,
the wiser it gets.
6. © 2016 Cisco and/or its affiliates. All rights reserved. 9
Intent-based
Network Infrastructure
DNA Center
AnalyticsPolicy Automation
I N T E N T C O N T E X T
S E C U R I T Y
L E A R N I N G
The Network. Intuitive.
Powered by Intent. Informed by Context.
7. © 2016 Cisco and/or its affiliates. All rights reserved. 10
Built on Cisco Digital Network Architecture
Security
Automation Analytics
Virtualization
Cloud Service Management
Programmable Physical and Virtual infrastructure
Principles
Insights and
Experiences
Automation
and Assurance
Security and
Compliance
Open
API Driven
Programmable
8. © 2016 Cisco and/or its affiliates. All rights reserved. 11
Underneath it all: the DNA Blueprint
9. 12© 2016 Cisco and/or its affiliates. All rights reserved.
Automating your Network with
DNA Center
Matt
Falkner,
DTME
10. © 2016 Cisco and/or its affiliates. All rights reserved. 13
Impediments to Automation
• Organizational structures
Different groups
• Lack of internal standards
Snowflakes!
• History
e.g. ACL CLIs
• Standard vs.non-standard changes
Enterprise
Network
change
requests.
65%
Standard
changes
35%
New
initiatives
12%
New lab configurations
10% Hardware upgrades
21% ACL updates
7%
Fleet standardizations
7% Feature configs:
IP/Routing
4% Power shut-downs
8% Hardware upgrades
3% Feature configs:
Security
2% ACL updates
15% Other
12% Other
11. © 2016 Cisco and/or its affiliates. All rights reserved. 15
BRKNMS-1499
What are Standard Network Changes ??
AAA Configuration
DNS/DHCP Servers
NTP Servers
Syslog Servers
Netflow Collectors
SNMP/SSH/Telnet
Interfaces Configuration
ACL’s
Dial Plans
Vrf
Routing Protocols
Tunnels/DMVPN
Security/Crypto
QOS
AVC
AAA Configuration
DNS/DHCP Servers
NTP Servers
Syslog Servers
Netflow Collectors
SNMP/SSH/Telnet
Interfaces Configuration
Spanning Tree
VLAN
Security/Crypto
QOS
AVC
AAA Configuration
DNS/DHCP Servers
NTP Servers
Syslog Servers
Netflow Collectors
SNMP/SSH/Telnet
SSID’s
RF
Security/Crypto
QOS
AVC
Routers Switches WLC’s
Standard Changes :
o No Approval Required
o Minimal to Zero Disruption
Non-Standard Changes :
o Requires Approval
o May require service
disruption
o May need co-ordination
with other teams (App,DC
etc) during change window
15
12. © 2016 Cisco and/or its affiliates. All rights reserved. 16
Introducing DNA Center
Realizing vision of the intent-powered intuitive network
Decouple Policy from
Network Topology
Industry Best-Practices
Configuration and Policy
Compliance
Proactive Issue
Identification and
Resolution
Policy Automation
Assurance and
Analytics
Translate business intent
into network policy
Reduce manual operations
and cost associated with
human errors
Use context to turn data into
intelligence
13. © 2016 Cisco and/or its affiliates. All rights reserved. 17
DNA Solution
Cisco Enterprise Portfolio
Automation AnalyticsIdentity Services Engine
Routers Switches Wireless APs
DNA Center
DNA Center
Simple Workflows
Wireless Controllers
DESIGN PROVISION POLICY ASSURANCE
14. © 2016 Cisco and/or its affiliates. All rights reserved. 18
Network
Design
Deployment
Standardization
Network
Compliance
Before
During
After
Profile Based
Deployment
Plan for the network deployment
Feature and Capabilities to be
enabled based on requirements
Topology for network
deployment
Automated Day 0 Deployment
Version management of Profile
for Day 2 Change Management
Configuration Compliance
Validation against Profile
Remediation of Configuration to
Golden Config
Network Deployment Consistency using Profile
Driven Automation
Configuration Consistency
Simplified Network
Deployment
Integrated IT
Process Flows
DESIGN
15. © 2016 Cisco and/or its affiliates. All rights reserved. 19
Workflows are foundational to Automation!
• Drive consistency into the architecture via design profiles for WAN and Campus
Both physical and virtual
Add Site
Properties under
Network Settings
Customize Network
Settings and
Credentials per Sub
Area or Site
Create sub
pools for
Services,
LAN,
Management
at sub area or
site
Select golden
image for
NFVIS, virtual
services
Open Design
> Network
Hierarchy
Add Areas and
Buildings
Add or
Import IP
Pools
Add SP
Profile
Add
appropriate
images into
repository
Add custom
CLI configs
Save and
associate Site
Select device, WAN and
LAN settings, add
required virtual Services
Create WAN
Profile
DESIGN
16. © 2016 Cisco and/or its affiliates. All rights reserved. 20
Use Case:
• Adding a new Syslog (Ex:
Splunk) in the network
• SoX requirements to update
password every 6 months
AAA
Server
Site1
North
America
South
America
Site2
Africa
EMEAR
AAA
Server
DNS
Server
Syslog
Server
Syslog
Server
DHCP
Server
Benefits:
• Repeated manual error prone
tasks automated
• Eng get additional time to focus
on design and deployment
• Standard change automation
removes the lead time to make
changes
Network Settings Update (Standard) DESIGN
17. © 2016 Cisco and/or its affiliates. All rights reserved. 22
Example: Designing Virtual Branch Profiles
18. 24© 2016 Cisco and/or its affiliates. All rights reserved.
I N T E N T CONTEXT
S E C U R I T Y
L E A R N I N G
Powered by intent,
informed by context.
THE NETWORK.
INTUITIVE.
19. © 2016 Cisco and/or its affiliates. All rights reserved. 25
ip access-list extended APIC_EM-MM_STREAM-ACL
remark citrix - Citrix
permit tcp any any eq 1494
permit udp any any eq 1494
permit tcp any any eq 2598
permit udp any any eq 2598
remark citrix-static - Citrix-Static
permit tcp any any eq 1604
permit udp any any eq 1604
permit tcp any any range 2512 2513
permit udp any any range 2512 2513
remark pcoip - PCoIP
permit tcp any any eq 4172
permit udp any any eq 4172
permit tcp any any eq 5172
permit udp any any eq 5172
remark timbuktu - Timbuktu
permit tcp any any eq 407
permit udp any any eq 407
remark xwindows - XWindows
permit tcp any any range 6000 6003
remark vnc - VNC
permit tcp any any eq 5800
permit udp any any eq 5800
permit tcp any any range 5900 5901
permit udp any any range 5900 5901
exit
ip access-list extended APIC_EM-SIGNALING-ACL
remark h323 - H.323
permit tcp any any eq 1300
permit udp any any eq 1300 25
Intent-Based
Application PolicyLegacy QoS Policy
20. © 2016 Cisco and/or its affiliates. All rights reserved. 26
• Express Business Intent
• Translate into device specific policy/configuration
• Leverage Abstraction (the controller knows about the device specifics)
• Automate the Deployment across the Network
• Insure Fidelity to the Expressed Intent (keep everything in sync)
User policy based on user identity
and user-to-group mapping
Employee
(managed asset)
Employee
(Registered BYOD)
Employee
(Unknown BYOD)
ENG VDI System
PERMIT
PERMIT
DENY
DENY
DENY
DENY
DENY
PERMIT
PERMIT
PERMIT
PERMIT
PERMIT
Production Servers Development Servers Internet Access
Protected Assets
Source
De-coupling of
User Identity and Topology
Much easier to translate business objectives to
network functionality—Lowers TCO
Configuration
Controller-based AutomationToday
Traditional Traditional
Policy
Traditional
Policy Policy
Policy based Configuration—
Dynamic, able to be automated by the Controller
Over time—Policy grows, static shrinks
Automation
Controller-Led
Networking Deployment
Evolution to a Policy Model
26
POLICY
21. © 2016 Cisco and/or its affiliates. All rights reserved. 27
Policy types
Access Policy
↓
Authentication/
Authorization
Group Assignment
Based on
Authentication methods
Access Control Policy
↓
Who can access what
Rules for x-group access
Permit group to app
Permit group to group
Application Policy
↓
Traffic treatment
QoS for Application
Path Optimization
Application compression
Application caching
DB
The image part with relationship ID rId2 was not found in the file.
The image part with relationship ID rId2 was not found in the file.
The image part with relationship ID rId2 was not found in the file.
✓
POLICY
22. © 2016 Cisco and/or its affiliates. All rights reserved. 28
1. Access Policies
• Access to the network is governed by ISE
users
things
Authenticate&
Authorize
(AAA)
Groups &
Policy
ISE
Network
Scalable
Groups
Credentials
Posture
Profiling
POLICY
23. © 2016 Cisco and/or its affiliates. All rights reserved. 29
2. Access Control Policies
• Access Control (who can talk to who) is governed by DNA Center
Leverages ISE for group assignments
users
things
Authenticate&
Authorize
(AAA) Groups &
Policy
ISE DNA Center
Policy Authoring
Workflows
Fabric Management
Network
POLICY
24. © 2016 Cisco and/or its affiliates. All rights reserved. 30
DNA Automation – Access Control Policy Authoring
25. © 2016 Cisco and/or its affiliates. All rights reserved. 31
DNA Automation – Access Control Policy Authoring
26. © 2016 Cisco and/or its affiliates. All rights reserved. 32
DNA Center automates the Deployment and Operations
• Plug-and-play
• Software / config / license management
• Ensuring that Hardware is not EoL
(Cisco Active Advisor)
• Software Image management (SWIM)
PnP Agent
Runs on Cisco® switches,
routers,
and wireless AP
Automates discovery and
provisioning
PnP Server
Centralized server
Auto-provision device w/ images
& configs.
Northbound REST APIs
PnP Protocol
HTTPS/XML based
Open schema
protocol
Network PnP
Application UI
IWAN
App
Topology
Discovery
REST API
PnP Service
DNA Center
Controller
PROVISION
27. © 2016 Cisco and/or its affiliates. All rights reserved. 33
Visualize Software Images
• For a given Device Family,
view :
All images
Image Version
Number of Devices using a
particular image
• Image Repository to
centrally store Software
Images, VNF Images and
Network Container Images
33
28. © 2016 Cisco and/or its affiliates. All rights reserved. 35
Platform extensibility for building
custom apps
API and Data Models across multiple
stages in DNA Stack
Integrations with complimentary
platforms *
Open Interfaces and Integrations
Firehose *
Connectors
Graph API
Contextual Search
Cisco Assets
Industry
Integrations
Flexibility Accessibility Expansibility
* : roadmap post FCS
29. 36© 2016 Cisco and/or its affiliates. All rights reserved.
Gaining Deep Insights with
Assurance and Analytics
Tim
Szigeti,
PTME
30. © 2016 Cisco and/or its affiliates. All rights reserved. 37
Source: 2016 Cisco Study
Traditional Networking CANNOT Keep Pace with the Demands of Digital Business
OpEx spent on
Network Visibility and
Troubleshooting
75%
Policy Violations
Due to Human Error
70%
Network Changes
Performed Manually
95%
Main Operational Challenges
31. © 2016 Cisco and/or its affiliates. All rights reserved. 38
Make Data
Driven Decisions
Reveal
Hidden Patterns
Automation for Faster
Results
Focus on
Important Things
Business Value Propositions of Network Analytics
32. © 2016 Cisco and/or its affiliates. All rights reserved. 39
Collect relevant metrics
Architectural Requirement #1: Instrumentation
ASSURANCE
33. © 2016 Cisco and/or its affiliates. All rights reserved. 40
Categorize metrics by degrees of relevance
Architectural Requirement #2: On-Device Analytics
ASSURANCE
34. © 2016 Cisco and/or its affiliates. All rights reserved. 41
Upload critical metrics off the device to collector(s)
(optimally via model-based streaming-telemetry)
Architectural Requirement #3: Telemetry
EM
Collector
ASSURANCE
35. © 2016 Cisco and/or its affiliates. All rights reserved. 42
Provision long-term storage, retrieval and representation of network metrics and events
Architectural Requirement #4: Scalable Storage
ASSURANCE
36. © 2016 Cisco and/or its affiliates. All rights reserved. 43
Identify anomalies and trends
Architectural Requirement #5: Analytics Engine
ASSURANCE
37. © 2016 Cisco and/or its affiliates. All rights reserved. 44
Correlate all data points and permutations for cognitive and predictive analytics
Architectural Requirement #6: Machine Learning
ASSURANCE
38. © 2016 Cisco and/or its affiliates. All rights reserved. 45
Identify root cause of issues by contextually correlating data
Architectural Requirement #7: Guided Troubleshooting
EM
Analytics
Engine
ASSURANCE
39. © 2016 Cisco and/or its affiliates. All rights reserved. 46
Present actionable insights to the operator
Solicit input to remediate the root cause
Present a self-remediation option
Architectural Requirement #8: Self-Remediation
EM
Analytics
EngineEM
Network
Controller
Do you want to take the
recommended action?
Yes No
Do you want to take the
recommended action?
Yes NoAlwaysAlways
ASSURANCE
40. 47© 2016 Cisco and/or its affiliates. All rights reserved.
I N T E N T CONTEXT
S E C U R I T Y
L E A R N I N G
Powered by intent,
informed by context.
THE NETWORK.
INTUITIVE.
41. © 2016 Cisco and/or its affiliates. All rights reserved. 48
DNA Software Capabilities
Cloud Service Management
Automation Analytics
Virtualization
DNA-Ready Physical and Virtual infrastructure
Security
Cisco DNA Architecture
42. © 2016 Cisco and/or its affiliates. All rights reserved. 49
Cloud Service Management
Automation Analytics
Virtualization
Cisco DNA Architecture—Automation and Analytics
EM
NDP
EM
NDP:
Network Data Platform
(Analytics Engine)
APIC-EM:
Application Policy
Infrastructure Controller—
Enterprise Module EM
NCP
NCP
Network Controller Platform
(Network Controller)
43. © 2016 Cisco and/or its affiliates. All rights reserved. 50
Cloud Service Management
Automation Analytics
Virtualization
Cisco DNA Architecture—Automation and Analytics
EM
NDP
NDP:
Network Data Platform
(Analytics Engine)
Abstraction layer
Intent OutcomeDelivering the Intent
Analyzing the Outcome
within the Context of the
expressed Intent
Assuring
the Intent
EM
NCP
NCP
Network Controller Platform
(Network Controller)
44. © 2016 Cisco and/or its affiliates. All rights reserved. 51
Cisco DNA Architecture—DNA Center
EM
NDP
DNA Center Appliance
EM
NCP
DNA Center User Interface
A single pane of glass for Design, Policy, Provisioning, and Assurance
45. © 2016 Cisco and/or its affiliates. All rights reserved. 52
Cisco DNA Architecture—DNA Center: Assurance
å
46. 53© 2016 Cisco and/or its affiliates. All rights reserved.
I N T E N T CONTEXT
S E C U R I T Y
L E A R N I N G
Powered by intent,
informed by context.
THE NETWORK.
INTUITIVE.
47. © 2016 Cisco and/or its affiliates. All rights reserved. 54
Transforming the Network with Big Data Analytics
Data
Insight
Information
Action
Create value at the right timeExtract meaningful insights from data
Volume
Data size
• TB per day
• Streaming telemetry,
NetFlow, Syslog, SNMP, logs
Velocity
Data speed
• Firehose
• Streaming, low-latency
push/pull
Variety
Data forms
• Structured, unstructured
• Switch, router, AP,
IoT sensor, firewall,
load balancer, DHCP, DNS
Veracity
Data trustworthiness
• Quality, validity
• Internal, partner, public
Analytics
48. © 2016 Cisco and/or its affiliates. All rights reserved. 55
EM
NDP
Network
Telemetry
Contextual Data
Data Collection and Ingestion
FW LB WLC Sensor
AAA
DNS DHCP
LDAP TOPOLOGY
INVENTORY
LOCATION
POLICY
ITSM
ITFM
Streaming
TelemetrySNMP NetFlow Syslog
Data Visualization and Action
Network Assurance netWorth
Collector and Analytics Pipeline SDK
...
Data Models and Restful APIs
Time Series Analysis
System Management Portal
Network Data Platform
Data Correlation and Analysis
Machine Learning
in the Cloud
CEP (*) Correlation
CEP = Complex Event Processing
Network Data Platform (Internal) Architecture
49. © 2016 Cisco and/or its affiliates. All rights reserved. 56
NetFlow
AVC
DDI
ISE
Topology
Location
Device
NDP
Stream
Processing
Contextual Correlation Example
Source IP: 1.1.1.2
Dest IP: 2.2.2.2
Dest Port: 80
Dest IP: 3.2.2.2
Dest Port: 80
?
?
?
NetFlow
50. © 2016 Cisco and/or its affiliates. All rights reserved. 57
AVC
NetFlow
DDI
ISE
Topology
Location
Device
NDP
Stream
Processing
Source IP: 1.1.1.2
Dest IP: 2.2.2.2
Dest Port: 80
Dest IP: 3.2.2.2
Dest Port: 80
AVC
Contextual Correlation Example
?
?
?
51. © 2016 Cisco and/or its affiliates. All rights reserved. 58
AVC
NetFlow
DDI
ISE
Topology
Location
Device
NDP
Stream
Processing
Source IP: 1.1.1.2
Dest IP: 2.2.2.2
Dest Port: 80
Dest IP: 3.2.2.2
Dest Port: 80
AVC
Contextual Correlation Example
DDI
?
52. © 2016 Cisco and/or its affiliates. All rights reserved. 59
AVC
NetFlow
DDI
ISE
Topology
Location
Device
NDP
Stream
Processing
Source IP: 1.1.1.2
Dest IP: 2.2.2.2
Dest Port: 80
Dest IP: 3.2.2.2
Dest Port: 80
AVC
Contextual Correlation Example
DDI
User: George Baker
ISE
Group: Marketing
53. © 2016 Cisco and/or its affiliates. All rights reserved. 60
AVC
NetFlow
DDI
ISE
Topology
Location
Device
NDP
Stream
Processing
Source IP: 1.1.1.2
Dest IP: 2.2.2.2
Dest Port: 80
Dest IP: 3.2.2.2
Dest Port: 80
AVC
Contextual Correlation Example
DDI
User: George Baker
ISE
Group: Marketing
Topology
54. © 2016 Cisco and/or its affiliates. All rights reserved. 61
AVC
NetFlow
DDI
ISE
Topology
Location
Device
NDP
Stream
Processing
Source IP: 1.1.1.2
Dest IP: 2.2.2.2
Dest Port: 80
Dest IP: 3.2.2.2
Dest Port: 80
AVC
Contextual Correlation Example
DDI
User: George Baker
ISE
Group: Marketing
Topology
Location
Building 24 1st Floor
55. © 2016 Cisco and/or its affiliates. All rights reserved. 62
AVC
NetFlow
DDI
ISE
Topology
Location
Device
NDP
Stream
Processing
Source IP: 1.1.1.2
Dest IP: 2.2.2.2
Dest Port: 80
Dest IP: 3.2.2.2
Dest Port: 80
AVC
Contextual Correlation Example
DDI
User: George Baker
ISE
Group: Marketing
Topology
Location
Building 24 1st Floor
Device
Client Density
Problem Here...
56. 63© 2016 Cisco and/or its affiliates. All rights reserved.
I N T E N T CONTEXT
S E C U R I T Y
L E A R N I N G
Powered by intent,
informed by context.
THE NETWORK.
INTUITIVE.
57. © 2016 Cisco and/or its affiliates. All rights reserved. 64
What is Machine Learning?
• Machine learning is an application of artificial intelligence (AI) that provides systems the ability to
automatically learn and improve from experience without being explicitly programmed to do so
• The process of learning begins with observations of data, and looking for patterns within the data so as to
make increasingly better correlations, inferences and predictions
• The primary aim is to allow these systems to learn automatically without human intervention or
assistance and adjust actions accordingly
58. © 2016 Cisco and/or its affiliates. All rights reserved. 65
Project Kairos
For Wireless, Wired and IOT
Cognitive Analytics
Netflix
AccessPoints
Device Type
Internet Video
Facebook
Instagram
YouTube
Anomaly detection across hundred of thousands of
devices, dozen of thousands of gears and hundreds
of heat maps
Machine Learning
59. © 2016 Cisco and/or its affiliates. All rights reserved. 66
Project Kairos
For Wireless, Wired and IOT
Cognitive Analytics
Anomaly detection
Identify and proactively adapt to a failure
before it happens
Machine Learning
Predictive Analytics
60. © 2016 Cisco and/or its affiliates. All rights reserved. 67
Machine Learning Algorithms
build their models using
hundreds of inputs
APs
WAN
Local WLCs
Network Services DCOffice Site
ISE
DHCP
Mobile Clients
CUCM
APIC-EM
RF & EDCA
behavioral
metrics,..
Queuing, Dropping, WRED
behavioral metrics…
Device type, OS release,
behavioral metrics, ...
WAN & core
network metrics ..
Application metrics, user
feedback, failure rate, ...
... and more
61. © 2016 Cisco and/or its affiliates. All rights reserved. 68
Customer Datacenter
Cloud-platform
ML App Stack
NCP
DNA Center Assurance UI
Network Services DC
WAN
Office Site
DHCP
CMX
Customer Network
Network Control Points
Kairos UI
(Proxy)
Machine Learning
Stack
Graphical Models
Deep Learning
Time Series
Models
NLP/NLG
Public Cloud
Google Cloud Engine
Orchestrator
Southbound API
Northbound API
Protocols & APIs (SNMP, JSON, NetFlow, pxGrid, CLI, ...)
Metrics, Events, Config, ...
Control, Notifications, ...
Trained Models
Multi-Customer
Database
Strong Anonymization
Prediction Pipelines
APIs
Batch Pipelines
Training Data
ModelsETL Pipelines
Collectors
Public Broker Feature Constructors
Cloud-based Machine Learning Architecture
62. © 2016 Cisco and/or its affiliates. All rights reserved. 69
63. © 2016 Cisco and/or its affiliates. All rights reserved. 70
64. © 2016 Cisco and/or its affiliates. All rights reserved. 71
65. © 2016 Cisco and/or its affiliates. All rights reserved. 72
66. © 2016 Cisco and/or its affiliates. All rights reserved. 73
67. © 2016 Cisco and/or its affiliates. All rights reserved. 74
68. 75© 2016 Cisco and/or its affiliates. All rights reserved.
I N T E N T CONTEXT
S E C U R I T Y
LEARNING
Powered by intent,
informed by context.
THE NETWORK.
INTUITIVE.
69. © 2016 Cisco and/or its affiliates. All rights reserved. 76
Providing Security While Maintaining Privacy!
Encrypted Traffic
Non-Encrypted
Traffic
Can we Actually Solve This?
How do you Analyze Metadata without decrypting traffic flows?
80%
of organizations are
victims of malicious activity
41%
Of attacks used encrypted
traffic to evade detection
70. © 2016 Cisco and/or its affiliates. All rights reserved. 77
Encrypted Traffic Analytics
Encrypted traffic analytics from
Cisco’s newest switches and routers
Security with Privacy
Analyze netflow metadata without
decrypting traffic flows
Global-to-local knowledge correlation -
99.99% threat detection accuracy
71. 78© 2016 Cisco and/or its affiliates. All rights reserved.
Summary
Matt
Falkner,
DTME
72. © 2016 Cisco and/or its affiliates. All rights reserved. 79
Key Takeaways
Profile Based Deployment simplifies Day 0 Deployment and
Day 2 Change Management
Assurance must be outcomes driven and not problem based
Intent Driven Networking Starts with Policy
Automation must be thought holistically, as some of the
simple tasks take the most amount of time
73. © 2016 Cisco and/or its affiliates. All rights reserved. 80
Automated Deployment
It’s a Journey!
Self-Driving Automation
Plug and Play,
Day 0 Deployment
Configure once and deploy
everywhere - SD-Access
Exists Today
ISE / AD NAE / PI
DNA Center
Campus
Fabric
SDA
Future
Closed Loop through Network
Analytics and Machine Learning
Network
Analytics
Platform
DNA Center
BB
Campus
Fabric
SDA
APIC-
EM
HTTP
Proxy
Internet
Admin
Installer
New
Step 1
Network admin
previsions devices in
Cisco Network Plug
and Play applications
Step 2
Onsite installer with
mobile app installs and
powers on devices,
triggers deployment,
checks status
Step 3
New devices contact
Cisco Network Plug and
Play application to get
provisioned
Network admin can
remotely monitor
install status
Basic Advanced
One Point of Management: All from Cisco DNA Center
Consistent Across Network Fabric