dna architecturecisco confidential dna assurance from network data to business insights over 100+...
TRANSCRIPT
DNA architecture
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Intent-based Networking with Cisco
Digital Business
Intent Context
Security
Learning
Network
Powered By Intent. Informed by Context.
SecurityMobile IoT MultiCloud
Business Goals
Insights
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Intent-based Network Infrastructure
DNA-Center
AnalyticsPolicy Automation
I N T E N T C O N T E X T
S E C U R I T Y
L E A R N I N G
The Network. Intuitive.Powered by Intent. Informed by Context.
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
DNA Center ComponentsDNA Center consists of automation and assurance
Automation
Design
• Global settings
• Site profiles
• DDI, SWIM, PNP
• User access
Provision
• Fabric domains
• Device on-boarding
• Device inventory
• Host on-boarding
Policy
• Virtual networks
• ISE, AAA, Radius
• Access control
• Application control
Assurance
• Issues and trends
• Performance
• Proactive
troubleshooting
Planning, installation and migration
Proactive and predictive network, client and application assurance
DNA CenterAssurance
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Where is IT Spending Their Time?
Finding the Source of an issue, is a complex, end-to-end problem
WAN
Office Site Network Services DC
Client Density
Client Firmware
AP Coverage
RF Noise/Interf.
WLC Capacity
WAN QoS,
Routing, ...
WAN Uplink Usage
Authentication
End-User Services Configuration
Addressing
Impacts Join/Roam
Impacts Join/Roam
Impacts Quality/
Throughput
Impacts Both*Impacts Both*
Impacts
Both*
Impacts
Both*Impacts
Both*
Impacts Quality/Throughput
Impacts Quality/Throughput
Impacts Join/Roam
APs
Local WLCs
ISE
DHCP
Mobile Clients
CUCM
Prime
43%Of IT time spent
troubleshooting;
#1 consumer of time
Source: Cisco DNA Customer Survey, June 2016
Challenge
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
DNA AssuranceFrom Network Data to Business Insights
Over 100+ Actionable Insights
Guided Remediation
Actions
Issues
Insights
Correlation
Complex Event Processing
Network Telemetry
Contextual Data
NetworkApplication
BaselineClients
INSI GHTS
DNA CenterSoftware Defined Access
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
‘Shadow’ Internet of Things Coming to Every Business
63M network
connections per
second by 2020
Challenge
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Data
Availa
bili
tyEvolution of Security Threats
Challenge
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Secure Segmentation and Onboarding:Software Defined Access
Completely Automated | Policy follows Identity | Minimize Lateral Threat Movement
Guest Virtual Network
Group 5 Group 6
IoT Virtual Network
Group 3 Group 4
Employee Virtual Network
Group 1 Group 2
Users
Devices
Apps
Drag policy
to apply
IT Simplicity
• No VLAN, ACLs or IP Address
management required
• Single network fabric
• Define one consistent policy
Security
• Simplified Micro-Segmentation
• Policy enforcement
Solution
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Automate IoT Deployments at ScaleSoftware Defined Access
Before: Box by BoxManual | Error Prone
After: AutomationScalable | Simple
Mass Scalability | Users, Device & IoT Segmentation | Policy-based Automation
ProvisionPolicyDesign 5hours
5minutes
5hours
4minutes
15hours
2minutes
Solution
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Comparison of Total Workflow Time
The Old Method The New Method
Total Workflow for One DeviceFifty Devices
25minutes50days11hours
DNA CenterPlatforms
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
DNA Center ApplianceAutomation Software Module
Assurance Software Module
DNA Center Components
DNA Center
Policy Design
ProvisionAssuranc
e
Router Wireless LAN
Controller
Access
Point
Switch
Cisco® Identity Services Engine
DNA-Ready Hardware
and
Non-DNA-Ready Hardware
DNA Ready Platforms
ASR-1000-X
ASR-1000-HX
ISR 4430
ISR 4450
WirelessRoutingSwitching
AIR-CT5520
AIR-CT8540
Wave 2 APs (1800, 2800,3800)
Wave 1 APs* (1700, 2700,3700)
Catalyst 9400
Catalyst 9300
Catalyst 9500
Catalyst 4500E Catalyst 6K Nexus 7700
Catalyst 3850 and 3650
AIR-CT3504
CSR 1000V
*with Caveats
Stealthwatch / Cat 9KEncrypted Threat Analytics
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Seeing and Acting on ALL Threats
How Do You Provide Security While Maintaining Privacy?
Encrypted Traffic
Non-Encrypted
Traffic
of organizations are victims
of malicious activity*
80%
of attacks used encrypted
traffic to evade detection*
41%
Challenge
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Machine Learning Identifies Malware Infrastructure view of the data
Google Search
Firefox self-repair
Bestafera Malware
Encrypted Traffic Analytics
Malware in Encrypted Traffic
Security AND Privacy
Detection: 99.99% Accuracy
Solution
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Catalyst 9000 Encrypted Threat Analytics
StealthWatch®
pxGrid
Context and
mitigation
ISE
Machine learning
with enhanced
behavior analytics
Network
telemetry based
(No decryption)
Line-Rate
performance
Investment
optimization
Simplified
management
Globally correlated
threat intelligence
Mitigation
using ISE and
network
ERSPAN to send
traffic for deeper
analysis
Encrypted traffic
analytics
Analytics indicating malware in
encrypted traffic at 99+% efficacy
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Content under Strict Embargo until June 20 th at 12pm PST.
Traditional VS Network Intuitive (LAN/Wifi)
DNA Center
Traditional network The Network. Intuitive.
DNA Assurance
Software Defined Access (SDA)
(not available for C2960X/XR)
Prime Infrastructure
APIC-EM
Stealthwatch
ISE
Encrypted Threat Analytics (only C9K)