What is the Cisco® Digital Network Architecture (Cisco DNA™)?
The Cisco Digital Network Architecture (Cisco DNA) is Cisco’s architecture for enterprise networks – across the campus, branch, WAN, and extended enterprise. It provides an open, extensible, and software-driven approach that makes the network simpler to manage and more agile and responsive to business needs. Cisco DNA is an intelligent system that encompasses policy, automation, analytics, and open platform capabilities to deliver on all required aspects of an intent-based network.
How does Cisco DNA relate to intent-based networking?
Cisco DNA is how Cisco delivers intent-based networking across the campus, branch, WAN, and extended enterprise. Cisco defines intent-based networking as “a network that continuously aligns to business intent.” It does this by capturing and translating the intent your organization has for your network, then automating the intent, enforcing the intent, and assuring that your network is operating as intended. Cisco DNA realizes the promise of intent-based networking.
What is the difference between Software-Defined Networking (SDN) and Cisco DNA? How do they relate to each other?
Cisco DNA allows IT to move beyond SDN and transcend the automation-focused network technologies that make up SDN. Cisco DNA uses a holistic systems approach to align the network to business intent. This approach combines automation with translation, policy, and assurance capabilities. Through its intentbased networking principles, Cisco DNA provides a way to make network services effective and agile as well as easy to use in an enterprise architecture journey to digital transformation. It is an architecture that includes ready-to-use applications as well as easily consumable APIs.
What are the primary principles of Cisco DNA?
The following are the core principles of the architecture, which is designed to help businesses innovate more quickly, reduce cost and complexity, and lower risk:
• Policy: Cisco DNA enables you to create policies that reflect your organization’s business intent for a particular aspect of the network, such as network access. Cisco DNA Center™ takes the information collected in a policy and translates it into networkspecific and device-specific configurations required by the different network device types, makes, models, operating systems, roles, and resource constraints of your network devices.
• Automation: Using controllers and open APIs, Cisco DNA simplifies network management through abstraction and centralized policy enforcement that allows IT to focus on business intent and consistently apply configurations to improve service and keep operations consistently secure from the core to the edge.
• Analytics: Cisco DNA proactively predicts performance through correlation of user, device, and application data for contextual business and operational insights, identifies issues and provides actionable insight to deliver better, more personalized experiences. By storing network data, Cisco DNA is able to “go back in time” to re-create and analyze events that happened in the past.
• Open platform: Delivered through DNA Center, Cisco DNA provides open APIs that allow custom applications to build on its native capabilities, enable automation of IT workflows, further integrate with other technology domains (such as data center and security), and interwork with other vendors’ network equipment.
What benefits does Cisco DNA bring to its adopters?
The primary benefits of Cisco DNA are:
• IT agility and scale: Through policy-based automation, IT can roll out and manage services across hundreds of devices and sites that meet the business intent, consistently reaching 85 percent faster network service provisioning. Through virtualized services, IT delivers a more dynamic network that can easily provision, expand, and reallocate services quickly across different hardware platforms with no service calls.
• Reduced risk: By embedding security everywhere with the industry’s best threat protection, IT can detect and contain threats more quickly, even those hidden in encrypted traffic. Based on the 2017 Cisco Annual Cybersecurity industry report, the average time to detect a threat is 100 days, whereas Cisco has brought it down to 6 hours.
• Improved user experience: IT can deliver differentiated experiences through contextual insights that empower employees, better engage customers, and improve application experience. Through data analytics and contextual insights, IT and business can better understand network patterns related to users, applications, and things. IT can help the business make decisions about issues such as staffing, effectiveness of promotions, workplace efficiency, customer trends, and more.
• Investment protection: An open, 360-degree extensible platform approach, together with programmable network ApplicationSpecific Integrated Circuits (ASICs), helps ensure that your Cisco DNA network is always ready for the next innovation. All of the Cisco DNA innovations, such as Software-Defined Access (SD-Access), assurance, automation, and Encrypted Traffic Analytics (ETA), can be consumed with the software subscription tiers Cisco ONE™, Cisco DNA Advantage, and Cisco DNA Essentials across switching, routing, and wireless. In addition, subscription-based licensing, with license portability, allows Cisco DNA adopters to start their digital transformation on Cisco’s currently shipping portfolio.
What is the role of DNA Center within Cisco DNA?
DNA Center is the central dashboard for the management, automation, and assurance of your Cisco DNA network. It provides an intuitive and simple overview of network health and clear drilldown menus for quickly identifying and remediating issues. It is also the control point for all automation, orchestration, assurance, and analytics functions provided by Cisco DNA.
Can DNA Center integrate with other network domains or solutions outside of the Cisco DNA-ready solutions?
DNA Center is an open, extensible platform that Cisco partners can use to integrate with other IT systems and technology domains or create a value-added code that builds on the native capabilities of DNA Center. Such integrations can simplify IT workflows, integrate with other technologies such as WAN and data center, and even interact with other vendors’ network equipment.
What makes the Cisco DNA security approach different from traditional perimeter-based security?
In the past, security has typically been predicated upon a perimeter defense composed of technologies such as firewalls, intrusion detection, VPN, and access control. As threats become more prevalent in the increasing number and diversity of attached endpoints, this model becomes more difficult to defend unless you have advanced security on every network port to both see and control every activity on the network. The Cisco DNA approach enhances your ability to see every communication on the network and cloud using the NetFlow data created by network devices. This data is analyzed to detect and identify threats using solutions such as Cisco Stealthwatch®, Identity Services Engine (ISE), and Cisco Umbrella™ cloud-based security. Cisco DNA also allows IT to take instant action by directing Cisco TrustSec® to rapidly contain a threat right from the Stealthwatch management console. The result is an integrated solution with visibility and control for virtually every communication, which could be missed with a traditional perimeter security approach.
How does Cisco DNA enable easy adoption of Internet of Things (IoT)?
IoT adds new responsibility for network managers who, in addition to keeping people’s computers online and secure, are now also responsible for maintaining a broad set of devices. Cisco DNA helps IT manage the changing extent of networks and expand the benefits of intent-based networking to IoT in three ways:
• Security: Automatically recognize and classify devices as they connect to the network by using Cisco Identity Services Engine (ISE) that recognizes commonly used industrial and building devices.
• Scale: Cisco SD-Access fabric can be extended to Operations Technology (OT), connecting industrial-grade network equipment typically used in outdoor environments and simplifying their deployment at scale.
• Insights: Allows you to locate and track assets and act on notifications sent from sensors.