dna architecturecisco confidential dna assurance from network data to business insights over 100+...

DNA architecture

© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential

Intent-based Networking with Cisco

Digital Business

Intent Context

Security

Learning

Network

Powered By Intent. Informed by Context.

SecurityMobile IoT MultiCloud

Business Goals

Insights


Intent-based Network Infrastructure

DNA-Center

AnalyticsPolicy Automation

I N T E N T C O N T E X T

S E C U R I T Y

L E A R N I N G

The Network. Intuitive.Powered by Intent. Informed by Context.


DNA Center ComponentsDNA Center consists of automation and assurance

Automation

Design

• Global settings

• Site profiles

• DDI, SWIM, PNP

• User access

Provision

• Fabric domains

• Device on-boarding

• Device inventory

• Host on-boarding

Policy

• Virtual networks

• ISE, AAA, Radius

• Access control

• Application control

Assurance

• Issues and trends

• Performance

• Proactive

troubleshooting

Planning, installation and migration

Proactive and predictive network, client and application assurance

DNA CenterAssurance


Where is IT Spending Their Time?

Finding the Source of an issue, is a complex, end-to-end problem

WAN

Office Site Network Services DC

Client Density

Client Firmware

AP Coverage

RF Noise/Interf.

WLC Capacity

WAN QoS,

Routing, ...

WAN Uplink Usage

Authentication

End-User Services Configuration

Addressing

Impacts Join/Roam

Impacts Join/Roam

Impacts Quality/

Throughput

Impacts Both*Impacts Both*

Impacts

Both*

Impacts

Both*Impacts

Both*

Impacts Quality/Throughput

Impacts Quality/Throughput

Impacts Join/Roam

APs

Local WLCs

ISE

DHCP

Mobile Clients

CUCM

Prime

43%Of IT time spent

troubleshooting;

#1 consumer of time

Source: Cisco DNA Customer Survey, June 2016

Challenge


DNA AssuranceFrom Network Data to Business Insights

Over 100+ Actionable Insights

Guided Remediation

Actions

Issues

Insights

Correlation

Complex Event Processing

Network Telemetry

Contextual Data

NetworkApplication

BaselineClients

INSI GHTS

DNA CenterSoftware Defined Access


‘Shadow’ Internet of Things Coming to Every Business

63M network

connections per

second by 2020

Challenge


Data

Availa

bili

tyEvolution of Security Threats

Challenge


Secure Segmentation and Onboarding:Software Defined Access

Completely Automated | Policy follows Identity | Minimize Lateral Threat Movement

Guest Virtual Network

Group 5 Group 6

IoT Virtual Network

Group 3 Group 4

Employee Virtual Network

Group 1 Group 2

Users

Devices

Apps

Drag policy

to apply

IT Simplicity

• No VLAN, ACLs or IP Address

management required

• Single network fabric

• Define one consistent policy

Security

• Simplified Micro-Segmentation

• Policy enforcement

Solution


Automate IoT Deployments at ScaleSoftware Defined Access

Before: Box by BoxManual | Error Prone

After: AutomationScalable | Simple

Mass Scalability | Users, Device & IoT Segmentation | Policy-based Automation

ProvisionPolicyDesign 5hours

5minutes

5hours

4minutes

15hours

2minutes

Solution


Comparison of Total Workflow Time

The Old Method The New Method

Total Workflow for One DeviceFifty Devices

25minutes50days11hours

DNA CenterPlatforms


DNA Center ApplianceAutomation Software Module

Assurance Software Module

DNA Center Components

DNA Center

Policy Design

ProvisionAssuranc

e

Router Wireless LAN

Controller

Access

Point

Switch

Cisco® Identity Services Engine

DNA-Ready Hardware

and

Non-DNA-Ready Hardware

DNA Ready Platforms

ASR-1000-X

ASR-1000-HX

ISR 4430

ISR 4450

WirelessRoutingSwitching

AIR-CT5520

AIR-CT8540

Wave 2 APs (1800, 2800,3800)

Wave 1 APs* (1700, 2700,3700)

Catalyst 9400

Catalyst 9300

Catalyst 9500

Catalyst 4500E Catalyst 6K Nexus 7700

Catalyst 3850 and 3650

AIR-CT3504

CSR 1000V

*with Caveats

Stealthwatch / Cat 9KEncrypted Threat Analytics


Seeing and Acting on ALL Threats

How Do You Provide Security While Maintaining Privacy?

Encrypted Traffic

Non-Encrypted

Traffic

of organizations are victims

of malicious activity*

80%

of attacks used encrypted

traffic to evade detection*

41%

Challenge

© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential

Machine Learning Identifies Malware Infrastructure view of the data

Google Search

Firefox self-repair

Bestafera Malware

Encrypted Traffic Analytics

Malware in Encrypted Traffic

Security AND Privacy

Detection: 99.99% Accuracy

Solution


Catalyst 9000 Encrypted Threat Analytics

StealthWatch®

pxGrid

Context and

mitigation

ISE

Machine learning

with enhanced

behavior analytics

Network

telemetry based

(No decryption)

Line-Rate

performance

Investment

optimization

Simplified

management

Globally correlated

threat intelligence

Mitigation

using ISE and

network

ERSPAN to send

traffic for deeper

analysis

Encrypted traffic

analytics

Analytics indicating malware in

encrypted traffic at 99+% efficacy

© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Content under Strict Embargo until June 20 th at 12pm PST.

Traditional VS Network Intuitive (LAN/Wifi)

DNA Center

Traditional network The Network. Intuitive.

DNA Assurance

Software Defined Access (SDA)

(not available for C2960X/XR)

Prime Infrastructure

APIC-EM

Stealthwatch

ISE

Encrypted Threat Analytics (only C9K)

dna architecturecisco confidential dna assurance from network data to business insights over 100+...

Documents