Cisco's Digital Network Architecture (DNA) offers a new holistic approach to meet the requirements of the digitized enterprise. DNA Center provides automation, analytics, identity services and policy-based networking capabilities. The session introduces DNA Center and its ability to automate network operations through the use of templates, profiles and workflows. Examples of automation use cases included deploying standard network settings, custom configurations, wireless deployments, application policies and software lifecycle management.

1. © 2017 Cisco and/or its affiliates. All rights reserved. 1
Enterprise Networks - Cisco Digital
Network Architecture
Introducing the Network Intuitive
Don Orlik (don.orlik@cisco.com)
Enterprise Networking Team
May 27, 2018
Cisco
Connect

2. Session Abstract
Cisco's Digital Network Architecture - Introducing the Network Intuitive
More and more organizations are adopting customer-centric applications and “as-a-service” models
to keep up with the pace of digital business and improve the quality and flow of information. As a
result, the network has shifted to become the fundamental platform for digitization, empowering
business efficiency and innovation by simplifying and automating processes while protecting and
securing company data.
Cisco's Digital Network Architecture (DNA) offers a new holistic approach to meet the requirements
of the digitized enterprise. This session introduces the motivation for an architecture evolution of
enterprise networks, and provides details on each of the building blocks, including the new DNA
Center (DNA-C) GUI, Automation and Assurance capabilities it supports.
The concepts of virtualization, controllers, policy-based networking and cloud enablement are
explored as main architecture shifts. The session also provides insight into concrete examples on
how to automate and simplify application visibility and QoS deployments for network operators.
Come to this session to learn how Cisco is revolutionizing the network with DNA! This is the first of
two sessions – an optional deeper-dive “double-click” session focused on Cisco’s advanced
Assurance Capabilities.

3. It’s a Digital World!
Shifting from IP to Identity
Automating your network with DNA
Center
Gaining Deep Insights with Assurance
And Analytics
Summary
Agenda
Cisco DNA – Introducing the Network
Intuitive

4. 4© 2017 Cisco and/or its affiliates. All rights reserved.
It’s a digital world!

5. © 2016 Cisco and/or its affiliates. All rights reserved. 5
What is the Risk of Digital Disruption?
• According to the Global Center for Digital Transformation in a survey of
941 companies:
of today’s Top-10 incumbents
(in terms of market share)
will be digitally disrupted
within the next 5 years
https://www.imd.org/uupload/IMD.WebSite/DBT/Digital_Vortex_06182015.pdf
http://www.economist.com/news/business/21647317-messaging-services-are-rapidly-growing-beyond-online-chat-message-medium
40%
in 5

6. © 2016 Cisco and/or its affiliates. All rights reserved. 6
Why Transform Digitally?
• According to Harvard Business Review, companies that master
digital transformation generate:
more revenue than their industry peers, and
more profits than their industry peers
https://hbr.org/product/leading-digital-turning-technology-into-business-transformation/17039E-KND-ENG
9%
26%

7. © 2016 Cisco and/or its affiliates. All rights reserved. 7
Digital Disruption
Lack of Business
and IT Insights
63 million new devices
online every second
by 20201
Complexity
Slow and Error
Prone Operations
3X spend on
network operations
vs network2
Security
Unconstrained
Attack Surface
6 months to
detect breach3
Unprecedented Demands on the Network
1: Gartner Report - Gartner’s 2017 Strategic Roadmap for Networking
2. McKinsey Study of Network Operations for Cisco – 2016
3. Ponemon Research Institute Study on Malware Detection, Mar 2016

8. UPS My Choice
Delivery Control
Personalized Service
Workforce Efficiency
WIP Inventory and
Part Tracking
American Express
Personalized Service
Through Mobile
Starbucks Apps
Order Ahead
Skip the Line
8
Digital Transformation is Moving IT to the Boardroom
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public 8TECCRS-2700
Customer Experience
Physical and Virtual
RFID Content

9. © 2016 Cisco and/or its affiliates. All rights reserved. 9
Cisco Enterprise Networking Vision
Transform our customers’ businesses
through powerful yet simple networks.

10. Digital Business Demands Application Agility
“…While other components of the IT infrastructure have become more
programmable and allow for faster, automated provisioning, installing
network circuits is still a painstakingly manual process...”
— Andrew Lerner, Gartner Research

11. Agility Requires Faster Network Provisioning
Source: Forrester Source: Open Compute Project
Time IT spends on operations80% CEOs are worried about IT strategy
not supporting business growth57%
Network Expenses
Deployment Speed
0 10 100 1000
Computing Networking
Seconds
0
100%
CAPEX OPEX
33%
67%

12. © 2016 Cisco and/or its affiliates. All rights reserved. 14
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
What is Contextual
Intent?

13. © 2016 Cisco and/or its affiliates. All rights reserved. 15
Intent-based networking describes a network that has the
intelligence and automation necessary to set and modify
its configurations to meet the organization’s business
needs.

14. The Need for
a New Network Constantly Learning
Support 100X new devices, apps, users
Constantly Adapting
Respond Instantly to business demands with
limited staff and budget
Constantly Protecting
See and predict issues
and threats and respond fast
The more you use
it, the wiser it gets.

15. Intent-based
Network Infrastructure
DNA Center
AnalyticsPolicy Automation
I N T E N T C O N T E X T
S E C U R I T Y
L E A R N I N G
The Network. Intuitive.
Constantly learning, adapting and protecting.
Informed
by Context
Visibility into traffic
and threat patterns
Who, What, When,
Where, How
Powered
by Intent
Translate Business Intent
to Network Policy
Automate the management
and provisioning millions of
devices instantly

16. © 2016 Cisco and/or its affiliates. All rights reserved. 18
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Key Challenges for Traditional Networks
Slower Issue ResolutionComplex to ManageDifficult to Segment
Ever increasing number of
users and endpoint types
Ever increasing number of
VLANs and IP Subnets
Multiple steps,
user credentials, complex
interactions
Multiple touch-points
Separate user policies for
wired and wireless networks
Unable to find users
when troubleshooting
Traditional Networks Cannot Keep Up!
Key Challenges for Traditional Networks

17. © 2016 Cisco and/or its affiliates. All rights reserved. 19
Enterprise Network
PAYLOAD DATA IP SRC IP DSTPROT
DST
PORT
SRC
PORT
DSCP
• Only Transitive information
• Survives end to end
Policy is based on “5 Tuple”
• QoS
• Security
• Redirect/copy
• Traffic engineering
• etc.
Network Policy
Policy in Today’s Networks

18. © 2016 Cisco and/or its affiliates. All rights reserved. 20
Enterprise Network
PAYLOAD DATA IP SRC IP DSTPROT
DST
PORT
SRC
PORT
DSCP
User/device info?
Network Policy
IP
ADDRESSES
§ Locate you
§ Identify you
§ Drive “treatment”
§ Constrain you
IP Address
“meaning”
OVERLOAD
VLAN 10
SSID B
SSID A
VLAN 20
VLAN 40
SSID D
SSID C
VLAN 30
access-list 102 deny udp 167.160.188.162 0.0.0.255 gt 4230 248.11.187.246 0.255.255.255 eq 2165
access-list 102 deny udp 32.124.217.1 255.255.255.255 lt 907 11.38.130.82 0.0.31.255 gt 428
access-list 102 permit ip 64.98.77.248 0.0.0.127 eq 639 122.201.132.164 0.0.31.255 gt 1511
access-list 102 deny tcp 247.54.117.116 0.0.0.127 gt 4437 136.68.158.104 0.0.1.255 gt 1945
access-list 102 permit icmp 136.196.101.101 0.0.0.255 lt 2361 90.186.112.213 0.0.31.255 eq 116
access-list 102 deny udp 242.4.189.142 0.0.1.255 eq 1112 19.94.101.166 0.0.0.127 eq 959
access-list 102 deny tcp 82.1.221.1 255.255.255.255 eq 2587 174.222.14.125 0.0.31.255 lt 4993
access-list 102 deny tcp 103.10.93.140 255.255.255.255 eq 970 71.103.141.91 0.0.0.127 lt 848
access-list 102 deny ip 32.15.78.227 0.0.0.127 eq 1493 72.92.200.157 0.0.0.255 gt 4878
access-list 102 permit icmp 100.211.144.227 0.0.1.255 lt 4962 94.127.214.49 0.255.255.255 eq 1216
access-list 102 deny icmp 88.91.79.30 0.0.0.255 gt 26 207.4.250.132 0.0.1.255 gt 1111
access-list 102 deny ip 167.17.174.35 0.0.1.255 eq 3914 140.119.154.142 255.255.255.255 eq 4175
access-list 102 permit tcp 37.85.170.24 0.0.0.127 lt 3146 77.26.232.98 0.0.0.127 gt 1462
access-list 102 permit tcp 155.237.22.232 0.0.0.127 gt 1843 239.16.35.19 0.0.1.255 lt 4384
What is the Problem?

19. © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Secure onboarding of users and devices
Segmentation and Access Control
Before SD-Access After SD-Access
• VLAN and IP address
based
• Create IP
based ACLs for
access policy
• Deal with policy
violations and errors
manually
• No VLAN or subnet
dependency for
segmentation and
access control
• Define one consistent
policy
• Policy follows Identity
Group-Based Policy Policy follows IdentityCompletely Automated
Drag policy
to apply
Users
Devices
Apps
Staff/Admin Virtual Network
IoT Virtual Network
Guest Virtual Network
Group 5
Group 3
Group 1
Group 6
Group 4
Group 2

20. © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Consistent wired and wireless management
A single network fabric
Before SDA After SDA
• Repeated policy work
for wired-wireless
• Roaming issues
across L3 domains
• Chase down IP
addresses for
troubleshooting
• Consistent
management across
wired-wireless
• Optimal traffic flows
with seamless
roaming
• Seamless roaming in
Fabric and non-Fabric
domains
Campus-Wide Roaming
Wired and Wireless
Consistency
Simplified Provisioning
Roam
is L2
Seamless
Roam
Policy stays
with user

21. © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Automate IoT Deployments at Scale
SD-Access Extension
Connected
Lighting
Employee
Network A
Employee
Network B
Before SDA After SDA
• Complex
segmentation of IoT
and user traffic
• Chase down IP
addresses for
troubleshooting
• Static endpoint
management
• Intuitive identity-
based segmentation
with device profiling
• Built-in visibility and
granular policy control
• Dynamic endpoint
management
Users, Device and IoT
Segmentation
Policy based
Automation
Purpose Built Switches
for IoT
IP
Surveillance
Extension Node

22. Introducing DNA Center
Realizing vision of the intent-powered intuitive network
Decouple Policy from
Network Topology
Industry Best-Practices
Configuration and Policy
Compliance
Proactive Issue
Identification and
Resolution
Policy Automation
Assurance and
Analytics
Translate business intent
into network policy
Reduce manual operations
and cost associated with
human errors
Use context to turn data into
intelligence

23. DNA Solution
Cisco Enterprise Portfolio
Automation AnalyticsIdentity Services Engine
Routers Switches Wireless APs
DNA Center
DNA Center
Simple Workflows
Wireless Controllers
DESIGN PROVISION POLICY ASSURANCE

24. 26© 2017 Cisco and/or its affiliates. All rights reserved.
Automating your Network with
DNA Center

25. Impediments to Automation
• Organizational structures
Different groups
• Lack of internal standards
Snowflakes!
• History
e.g. ACL CLIs
• Standard vs.non-standard changes
Enterprise
Network
change
requests.
65%
Standard
changes
35%
New
initiatives
12%
New lab configurations
10% Hardware upgrades
21% ACL updates
7%
Fleet standardizations
7% Feature configs:
IP/Routing
4% Power shut-downs
8% Hardware upgrades
3% Feature configs:
Security
2% ACL updates
15% Other
12% Other

26. © 2016 Cisco and/or its affiliates. All rights reserved. 28
BRKNMS-1499
What are Standard Network Changes ??
AAA Configuration
DNS/DHCP Servers
NTP Servers
Syslog Servers
Netflow Collectors
SNMP/SSH/Telnet
Interfaces Configuration
ACL’s
Dial Plans
Vrf
Routing Protocols
Tunnels/DMVPN
Security/Crypto
QOS
AVC
AAA Configuration
DNS/DHCP Servers
NTP Servers
Syslog Servers
Netflow Collectors
SNMP/SSH/Telnet
Interfaces Configuration
Spanning Tree
VLAN
Security/Crypto
QOS
AVC
AAA Configuration
DNS/DHCP Servers
NTP Servers
Syslog Servers
Netflow Collectors
SNMP/SSH/Telnet
SSID’s
RF
Security/Crypto
QOS
AVC
Routers Switches WLC’s
Standard Changes :
o No Approval Required
o Minimal to Zero Disruption
Non-Standard Changes :
o Requires Approval
o May require service
disruption
o May need co-ordination
with other teams (App,DC
etc) during change window
28

27. © 2016 Cisco and/or its affiliates. All rights reserved. 29
Network
Design
Deployment
Standardization
Network
Compliance
Before
During
After
Profile Based
Deployment
§ Plan for the network deployment
§ Feature and Capabilities to be
enabled based on requirements
§ Topology for network
deployment
§ Automated Day 0 Deployment
§ Version management of Profile
for Day 2 Change Management
§ Configuration Compliance
Validation against Profile
§ Remediation of Configuration to
Golden Config
Network Deployment Consistency using Profile
Driven Automation
Configuration Consistency
Simplified Network
Deployment
Integrated IT
Process Flows
DESIGN

28. © 2016 Cisco and/or its affiliates. All rights reserved. 3030
DNA Automation Use Cases
SITE
Use Case #1-
Deploy Standard
Network Settings
Use Case #2- Deploy
Customized Templates
Use Case #4- Software
and Image Management
Automation
Use Case #3- Wireless
Deployment
Use Case #5-
Application Policy

29. © 2016 Cisco and/or its affiliates. All rights reserved. 31
Use Case:
• Adding a new Syslog (Ex:
Splunk) in the network
• SoX requirements to update
password every 6 months
AAA
Server
Site1
North
America
South
America
Site2
Africa
EMEAR
AAA
Server
DNS
Server
Syslog
Server
Syslog
Server
DHCP
Server
Benefits:
• Repeated manual error prone
tasks automated
• Eng get additional time to focus
on design and deployment
• Standard change automation
removes the lead time to make
changes
Network Settings Update (Standard) DESIGN

30. © 2016 Cisco and/or its affiliates. All rights reserved. 32
Use Case #2: Customized Configurations
Create the Template
32

31. © 2016 Cisco and/or its affiliates. All rights reserved. 33
Customized Network Settings Update
How to deploy the template to the devices
33
Template is
associated to
Network Profile
Network Profile
assigned to a site
PROFILE
DESIGN
PROVISION
SITE
DEVICE
TEMPLATE
DESIGN

32. © 2016 Cisco and/or its affiliates. All rights reserved. 35
Use Case:
• Ensure Consistency of Software
for all network devices (by
platform type)
• React to PSIRT and bugs fast
• Deploy software with confidence
35
Use Case #4: Managing Software Lifecycle
Benefits:
• Golden Image based workflows
drive software consistency
• Pre/Post check ensures that
software updates do not have
adverse effects on the network
• Patching provides small updates
to react quickly to security fixes

33. © 2016 Cisco and/or its affiliates. All rights reserved. 3636
But wait! Doesn’t PI have Image Management?
Select
Golden
Image
Identify
devices to
upgrade
Create a
Change
Request
Approval of
CR
Pre-Check
validations
Distribute
Image
Activate
Image
Post
Upgrade
Validation
Close CR
Plan a
Image
Upgrade
Steps to Update Software Image Update
Select
Golden
Image
Identify
devices to
upgrade
Create a
Change
Request
Approval of
CR
Pre-Check
validations
Distribute
Image
Activate
Image
Post
Upgrade
Validation
Close CR
Plan a
Image
Upgrade
Traditional NMS Software Image Update
Select
Golden
Image
Identify
devices to
upgrade
Create a
Change
Request
Approval of
CR
Pre-Check
validations
Distribute
Image
Activate
Image
Post
Upgrade
Validation
Close CR
Plan a
Image
Upgrade
DNA Center Software Image Update
Indicates ITSM Process Steps
How to interpret
the colors
Actions outside of NMS,
mostly manual
Steps covered in NMS Tool
Steps covered in DNA-C

34. © 2016 Cisco and/or its affiliates. All rights reserved. 37
Cisco ONE
Foundation
37
Application Policy
Simplifying Deployment of QoS Enterprise Wide
Implements QoS in Minutes
Enhance
Collaboration
Experience
300% 50%
Reduction in
voice jitter
Video quality
improves
Select from
Predefined
Policies
Optimized
for Any
Infrastructure
Select from Predefined
Policies
Automated Deployment
of QoS config
Optimized
for Any Infrastructure
Enhance Application
Experience

35. © 2016 Cisco and/or its affiliates. All rights reserved. 38
Application Policy
Wireless AP
Trust Boundary
PEP
4Q (WMM)
Catalyst 3650
Trust Boundary
PEP
2P6Q3T
Catalyst 4500
1P7Q1T
Catalyst 6500
1P3Q4T
1P7Q4T
2P6Q4T
…
Nexus 7700
F3: 1P7Q1T
WLC
PEP
ASR/ISRs
MQC
Catalyst 2960-X
Trust Boundary
PEP
1P3Q3T
Wireless AP
Trust Boundary
PEP
4Q (WMM)
Applications can interact with DNA Center via
Northbound APIs, informing the network of application-
specific and dynamic QoS requirements
Southbound APIs translate
business-intent to platform-
specific configurations
Network Operators express high-level
business-intent to DNA Center
Application Policy
DNA Center
AnalyticsPolicy Automation
38

36. © 2016 Cisco and/or its affiliates. All rights reserved. 39
Application Policy in DNAC will seamlessly
interconnect all types of hardware and software
queuing models to achieve consistent and
compatible end-to-end treatments aligned with the
expressed business-intent
Catalyst 9300
39
Application Policy: Deploy End-to-End DSCP Based
Queueing Policies DNA Center
AnalyticsPolicy Automation

37. 40© 2017 Cisco and/or its affiliates. All rights reserved.
Gaining Deep Insights with
Assurance and Analytics

38. Source: 2016 Cisco Study
Traditional Networking CANNOT Keep Pace with the Demands of Digital Business
OpEx spent on
Network Visibility and
Troubleshooting
75%
Policy Violations
Due to Human Error
70%
Network Changes
Performed Manually
95%
Main Operational Challenges

39. Make Data
Driven Decisions
Reveal
Hidden Patterns
Automation for Faster
Results
Focus on
Important Things
Business Value Propositions of Network Analytics

40. Collect relevant metrics
Architectural Requirement #1: Instrumentation
ASSURANCE

41. Categorize metrics by degrees of relevance
Architectural Requirement #2: On-Device Analytics
ASSURANCE

42. Upload critical metrics off the device to collector(s)
(optimally via model-based streaming-telemetry)
Architectural Requirement #3: Telemetry
EM
Collector
ASSURANCE

43. Provision long-term storage, retrieval and representation of network metrics and events
Architectural Requirement #4: Scalable Storage
ASSURANCE

44. Identify anomalies and trends
Architectural Requirement #5: Analytics Engine
ASSURANCE

45. Correlate all data points and permutations for cognitive and predictive analytics
Architectural Requirement #6: Machine Learning
ASSURANCE

46. Identify root cause of issues by contextually correlating data
Architectural Requirement #7: Guided Troubleshooting
EM
Analytics
Engine
ASSURANCE

47. Present actionable insights to the operator
Solicit input to remediate the root cause
Present a self-remediation option
Architectural Requirement #8: Self-Remediation
EM
DNAC
AssuranceEM
DNAC
Automation
Do you want to take the
recommended action?
Yes No
Do you want to take the
recommended action?
Yes NoAlwaysAlways
ASSURANCE

48. Transforming the Network with Big Data Analytics
Data
Insight
Information
Action
Create value at the right timeExtract meaningful insights from data
Businessbenefit
Volume
Data size
• TB per day
• Streaming telemetry,
NetFlow, Syslog, SNMP, logs
Velocity
Data speed
• Firehose
• Streaming, low-latency
push/pull
Variety
Data forms
• Structured, unstructured
• Switch, router, AP,
IoT sensor, firewall,
load balancer, DHCP, DNS
Veracity
Data trustworthiness
• Quality, validity
• Internal, partner, public
Analytics

49. EM
DNAC
Network
Telemetry
Contextual Data
Data Collection and Ingestion
FW LB WLC Sensor
AAA
DNS DHCP
LDAP TOPOLOGY
INVENTORY
LOCATION
POLICY
ITSM
ITFM
Streaming
TelemetrySNMP NetFlow Syslog
Data Visualization and Action
Network Assurance netWorth
Collector and Analytics Pipeline SDK
...
Data Models and Restful APIs
Time Series Analysis
System Management Portal
DNA Center Assurance
Data Correlation and Analysis
Machine Learning
in the Cloud
CEP (*) Correlation
CEP = Complex Event Processing
DNA Center Assurance (Internal) Architecture

50. NetFlow
AVC
DDI
ISE
Topology
Location
Device
Assurance
Stream
Processing
Contextual Correlation Example
Source IP: 1.1.1.2
Dest IP: 2.2.2.2
Dest Port: 80
Dest IP: 3.2.2.2
Dest Port: 80
?
?
?
NetFlow

51. AVC
NetFlow
DDI
ISE
Topology
Location
Device
Assurance
Stream
Processing
Source IP: 1.1.1.2
Dest IP: 2.2.2.2
Dest Port: 80
Dest IP: 3.2.2.2
Dest Port: 80
AVC
Contextual Correlation Example
?
?
?

52. AVC
NetFlow
DDI
ISE
Topology
Location
Device
Assurance
Stream
Processing
Source IP: 1.1.1.2
Dest IP: 2.2.2.2
Dest Port: 80
Dest IP: 3.2.2.2
Dest Port: 80
AVC
Contextual Correlation Example
DDI
?

53. AVC
NetFlow
DDI
ISE
Topology
Location
Device
Assurance
Stream
Processing
Source IP: 1.1.1.2
Dest IP: 2.2.2.2
Dest Port: 80
Dest IP: 3.2.2.2
Dest Port: 80
AVC
Contextual Correlation Example
DDI
User: George Baker
ISE
Group: Marketing

54. AVC
NetFlow
DDI
ISE
Topology
Location
Device
Assurance
Stream
Processing
Source IP: 1.1.1.2
Dest IP: 2.2.2.2
Dest Port: 80
Dest IP: 3.2.2.2
Dest Port: 80
AVC
Contextual Correlation Example
DDI
User: George Baker
ISE
Group: Marketing
Topology

55. AVC
NetFlow
DDI
ISE
Topology
Location
Device
Assurance
Stream
Processing
Source IP: 1.1.1.2
Dest IP: 2.2.2.2
Dest Port: 80
Dest IP: 3.2.2.2
Dest Port: 80
AVC
Contextual Correlation Example
DDI
User: George Baker
ISE
Group: Marketing
Topology
Location
Building 24 1st Floor

56. AVC
NetFlow
DDI
ISE
Topology
Location
Device
Assurance
Stream
Processing
Source IP: 1.1.1.2
Dest IP: 2.2.2.2
Dest Port: 80
Dest IP: 3.2.2.2
Dest Port: 80
AVC
Contextual Correlation Example
DDI
User: George Baker
ISE
Group: Marketing
Topology
Location
Building 24 1st Floor
Device
Client Density
Problem Here...

57. 60© 2017 Cisco and/or its affiliates. All rights reserved.
Machine Learning and Analytics

58. What is Machine Learning?
• Machine learning is an application of artificial intelligence (AI) that provides systems the ability to
automatically learn and improve from experience without being explicitly programmed to do so
• The process of learning begins with observations of data, and looking for patterns within the data so as to
make increasingly better correlations, inferences and predictions
• The primary aim is to allow these systems to learn automatically without human intervention or
assistance and adjust actions accordingly

59. Project Kairos
For Wireless, Wired and IOT
Cognitive Analytics
Anomaly detection
Identify and proactively adapt to a failure
before it happens
Machine Learning
Predictive Analytics

60. Machine Learning Algorithms
build their models using
hundreds of inputs
APs
WAN
Local WLCs
Network Services DCOffice Site
ISE
DHCP
Mobile Clients
CUCM
NCP
~
~
~
~
~
~
~
~
~
~
~
~
RF & EDCA
behavioral
metrics,..
Queuing, Dropping, WRED
behavioral metrics…
Device type, OS release,
behavioral metrics, ...
WAN & core
network metrics ..
Application metrics, user
feedback, failure rate, ...
... and more

61. © 2016 Cisco and/or its affiliates. All rights reserved. 65
End-to-end visibility – Overall Health
Overall health of the
Network Infra and the
Clients
Where in the world are
the most serious issues
happening
Top 10 Global Insights

62. © 2016 Cisco and/or its affiliates. All rights reserved. 66
End-to-end visibility – Network Infrastructure Health
Drill down of device
health history based on
Role/Type
Overall Network
Infrastructure health
summary
Listing of Network
devices with detailed
health information

63. © 2016 Cisco and/or its affiliates. All rights reserved. 67
3600 Visibility– Network Device
Detailed Device health
information
Network device Health
history, Proactively
identify any Issues
Physical Neighbor
Topology

64. © 2016 Cisco and/or its affiliates. All rights reserved. 68
End-to-end visibility – Client Health
Drill down of Client
Onboarding, RF and
Profile details
Overall Network Client
health summary – wired
and wireless
Listing of Network
Clients with detailed
health information

65. © 2016 Cisco and/or its affiliates. All rights reserved. 69
3600 Visibility– Network Client
Detailed Client health
information
Network Client Health
history, Proactively
identify any Issues
Client Onboarding Details

66. © 2016 Cisco and/or its affiliates. All rights reserved. 70
Relevant 360 view
provides all the details
and issues experienced
Advanced Search
capability based on IP
Address, User name etc.
Double Click on the Issue to
get Insights and Suggested
Remediation Actions
User Search and Troubleshooting
1 3
2

67. © 2016 Cisco and/or its affiliates. All rights reserved. 71
Path Trace – Troubleshoot the Network Path
Detailed information for
all Devices and Interface
along the Network path
Network Path for any
traffic flow from any
source to destination
Identify ACLs that may
be Blocking or Affecting
the traffic flow

68. © 2016 Cisco and/or its affiliates. All rights reserved. 72
Network Time Travel
Ability to go back in time
when an issue is
observed
History shows critical
events and Identifies
when issues occurred
All information in the
relevant 360 page changes
to that point of time
Go back in time to
understand the
network state when
an issue occurred !!

69. © 2016 Cisco and/or its affiliates. All rights reserved. 73
Insights with Guided Remediation Actions
Ability to execute
operational commands
from dashboard
Guided Actions to help
remediate issues quickly
Detailed drill downs to
help identify the impact
of any issue

70. © 2016 Cisco and/or its affiliates. All rights reserved. 74
Advanced Client Insights– Apple iOS Analytics
Insights into the clients view
of the network – Neighboring
Access Points
Detailed Client device profile
information – device model,
OS details
Provide clarity into the
reliability of connectivity –
client disassociation details
Capability unique to
Cisco Wireless
Networks only !!

71. © 2016 Cisco and/or its affiliates. All rights reserved. 75
Create sensor tests,
schedule and define the test
scenarios to execute
Proactive identification
of Wireless Network
issues using Sensors
Detailed test results
along with historical
information
Proactive Insights– Wireless Sensors
Test your network
anywhere at any time
!!

72. 76© 2017 Cisco and/or its affiliates. All rights reserved.
Encrypted Traffic Analytics

73. Providing Security While Maintaining Privacy!
Encrypted Traffic
Non-Encrypted
Traffic
Can we Actually Solve This?
How do you Analyze Metadata without decrypting traffic flows?
80%
of organizations are
victims of malicious activity
41%
Of attacks used encrypted
traffic to evade detection

74. © 2016 Cisco and/or its affiliates. All rights reserved. 78
Encrypted Traffic Analytics
Encrypted traffic analytics from
Cisco’s newest switches and routers
Security with Privacy
Analyze netflow metadata without
decrypting traffic flows
Global-to-local knowledge correlation -
99.99% threat detection accuracy

75. 79© 2017 Cisco and/or its affiliates. All rights reserved.
Summary

76. © 2016 Cisco and/or its affiliates. All rights reserved. 80
Key Takeaways
Profile Based Deployment simplifies Day 0 Deployment and
Day 2 Change Management
Assurance must be outcomes driven and not problem based
Intent Driven Networking Starts with Policy
Automation must be thought holistically, as some of the
simple tasks take the most amount of time

77. Automated Deployment
It’s a Journey!
Self-Driving Automation
Plug and Play,
Day 0 Deployment
Configure once and deploy
everywhere - SD-Access
Exists Today
ISE / AD NAE / PI
DNA Center
Campus
Fabric
SDA
Future
Closed Loop through Network
Analytics and Machine Learning
Network
Analytics
Platform
DNA Center
BB
Campus
Fabric
SDA
Network
Control
Platform
HTTP
Proxy
Internet
Admin
Installer
New
Step 1
Network admin
previsions devices in
Cisco Network Plug
and Play applications
Step 2
Onsite installer with
mobile app installs and
powers on devices,
triggers deployment,
checks status
Step 3
New devices contact
Cisco Network Plug and
Play application to get
provisioned
Network admin can
remotely monitor
install status
Basic Advanced
One Point of Management: All from Cisco DNA Center
Consistent Across Network Fabric

78. Thank you.