Schedule a Consultation

Cisco DNA Center from 30,000 Feet

September 12, 2018 Jeff Kish

59a6f20805d08-460x230

Data centers are becoming consumed by the power of automation as organizations better understand the value it delivers. Technologies like Cisco ACI are enabling simplified management, plug-n-play network expansions, faster service delivery, and security at scale. However, not all of us IT folks live inside in the data center, so what is there for the rest of us?

Enter the Digital Network Architecture (DNA), a software-defined networking (SDN) solution for the enterprise network. DNA extends the Automation and Assurance features of the data center to the rest of the network, including the ability to configure via API and Postman scripts, plug-n-play, and an integrated security model.

Let's look at the basics, and those familiar with wireless LAN controllers will quickly grasp the architecture. A DNA Center appliance serves as a LAN controller, which turns every networking node within its domain into a remotely controlled box. That said, and to place minds at ease, the network device (switch, router, AP, etc.) retains all intelligence and is fully capable of handling the local control and data plane. This is simply outsourcing the management plane to the controller - a declarative SDN model.

New Call-to-action
Next, devices can be added to the network in plug-n-play fashion, meaning that a device can receive its configuration from the DNA controller just like an AP gets its configuration from its WLAN controller. The DNA controller handles all the complex configuration, such as Spanning-Tree, which ensures that the network is properly tuned. The critical Assurance piece, which is worthy of its own discussion, keeps our defined policies enforced at the ASIC-level.

Crucially, Cisco Identity Services Engine (ISE) is integrated into the solution at its foundation, which brings the security we so desperately need. ISE provides a streamlined interface for defining traffic policy, allowing for a simple checkbox grid that sets policy between any two groups of users. This works in concert with Cisco's industry-unique Encrypted Traffic Analytics (ETA), which is capable of detecting ransomware within encrypted traffic at 99.99% efficacy, and all without decrypting the traffic.

dna-ise

A simple way of defining and enforcing security policy

To bridge this all together, let's look at an example where a company is spinning up a new branch office that consists of five switches and a head-end router. Before the devices are even delivered, a network engineer creates the policy for the site, defining elements such as DHCP scopes, SSIDs, and that important security framework. When the tech connects these devices onsite, they automatically reach out to the DNA controller and download their configuration. The site comes online in minutes, and the controller ensures it conforms to corporate policy as time progresses.

DNA is a revolutionary new technology that is built on a lot of three-letter acronyms (TLAs), but also on robust hardware ASICs specifically designed for the programmatic functions that ease the burden of IT staff. If you find yourself wanting to explore what DNA means to your organization, be sure to check out the other resources on NSI's website. For deeper dives, however, I find that whiteboards are the way to go - and I look forward to sitting with you in front of one so we can drill in.

Share This: